1. Data protection
The operators of these pages take protection of your personal data very seriously. We handle your personal data in confidence and in compliance with applicable statutory data protection regulations and this privacy statement.
It is generally possible to use our website without providing personal data. To the extent that personal data are requested on our pages (name, address, or email addresses) this always takes place on a voluntary basis as far as possible.
We would like to point out that data transfer in the Internet (e.g. in email communication) can involve security risks. It is not possible to protect private data completely against access by third parties.
2. Details of responsible operator
Kulturprojekte Berlin GmbH
CEO: Moritz van Dülmen
Project Management: Julia Böhmler
3. Details of data privacy officer
Dr. Michael Funke
Jaschinski Biere Brexl Partnerschaft mbB
+49 (0)30 443 765-0
4. Data processing on this Website
Museumsportal Berlin automatically collects and stores on its server log files with information transmitted to it by your browser. These include:
- browser type and version
- operating system used
- referrer URL (the site previously visited)
- host name of the accessing computer (IP address)
- time of server request
These data cannot be traced back to individuals by Museumsportal Berlin. We do not combine this data with other data sources. We reserve the right to examine these data subsequently if we have grounds to suspect illegal use. Your IP address will be anonymised immediately once the connection is ended.
We give you the opportunity to subscribe to an e-mail newsletter, for this we collect your e-mail address. We also analyse our newsletter service by collecting certain usage data.
4.a Categories of personal data
- Registered users of the portal: e-mail address, user name
- Non-registered users of the portal: IP address, see 4.
- Participants in competitions: e-mail address, surname, first name, address
- Recipients of the newsletter: e-mail address
We, Kulturprojekte Berlin GmbH as operator of the website, take the protection of your personal data very seriously and comply strictly with data protection regulations under applicable laws. Personal data are collected on this website only to the extent necessary for technical reasons.
5. Purposes for which data are processed
- Operation of the web portal with voluntary user registration for the purpose of creating personal lists of favourites, data and information published on the Museumsportal
- Evaluation of user data (Google Analytics)
- Purpose of the newsletter: Highlighting individual entries of the portal
- Purpose of the competitions: Marketing and user loyalty
- Information about and marketing for museums in Berlin
6. Legal basis for the processing of data
The processing of the data of registered users is based on Art. 6 (1) b) GDPR.
The processing of data for the purpose of sending the newsletter is based on Art. 6 (1) a) GDPR.
The analysis of usage data is based on Art. 6 (1) f) GDPR.
Our legitimate interest lies in the optimisation of our newsletter and online services.
7. Duration of storage
We store our log files for 1 year.
We store your data as long as you have a user account with us. Afterwards your data will be deleted immediately. You can delete your user profile yourself at any time. If you are not able to do so, please contact our support.
Should the Museumsportal Berlin wish to process your data for other purposes, this will only be done with your prior consent. If storage is no longer necessary, for example if you terminate your user account, all your personal data will be deleted.
We store the data processed for the e-mail newsletter until you withdraw your consent. The analysed usage data is stored for a maximum of 1 year.
8. Right to lodge a complaint and responsible supervisory authority
You have the right to lodge a complaint at any time with the responsible supervisory authority. To do this, please contact:
Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information)
9. Security of data
The personal data you provide to us will be secured using all technical and organisational security means to ensure that they are not accessible to unauthorised third parties. If you wish to send us data or information that is very sensitive, you should send it by post, since complete data security by email cannot be guaranteed.
Most of the cookies we use are so-called “session cookies”. They are automatically erased when you finish your visit. Other cookies stay stored on your end device until you erase them. These cookies enable us to recognise your browser next time you visit us.
You may adjust your browser settings to let you know when cookies are being placed and only to allow cookies on a case-by-case basis, to block the acceptance of cookies in certain cases or generally or to activate deletion of cookies automatically when you close your browser. If you deactivate cookies you may restrict the availability of the functions of this website. Personal data are processed in this connection on the legal basis of Art. 6 (1) f) GDPR. Our legitimate interest is in offering you the best possible user experience.
You may block the storage of cookies in your browser settings. We would point out, however, that you may then not be able to use all the functions of this website. You may also block the transfer of the data generated by the cookie and relating to your use of our website (including your IP address) to Google and the processing of your data by Google by downloading and installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout
11. Transfer of user data to third parties (categories of recipients)
To implement and constantly improve the service we offer we work together with various service providers (processors) who support us in making this service possible. These include
- technical agencies, which are responsible for programming the site, hosting and operating the servers
- providers of e-mail delivery tools
- providers of online analysis tools
We would point out to our users that all data disclosed by you in the Internet can also be seen by third parties and will be available to them to use as they please. Although we have taken technical precautions to block mass export of data by third parties, we would draw the attention of our users to the slight remaining risk.
Data provided by users will not be used by the operators for target marketing or similar.
11a. Reason for transfer to a third country
Some of our external service providers process data in the USA. However, the service providers we use are EU-US Privacy Shield certified, so that an adequate level of data protection is ensured.
12. Rights of the data subject
The General Data Protection Regulation (GDPR) guarantees you certain rights which you can assert against us, provided that the statutory requirements are met.
● Art. 15 GDPR – Right of access by the data subject: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, what data and detailed information on the data processing.
● Art. 16 GDPR – Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
● Art. 17 GDPR – Right to erasure: You have the right to obtain from us the erasure of personal data concerning you without undue delay.
● Art. 18 GDPR – Right to restriction of processing: You have the right to obtain from us restriction of processing.
● Art. 20 GDPR – Right to data portability: You have the right, if data is being processed on the basis of consent or for the fulfilment of a contract, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us or to have the personal data transmitted directly to the other controller, where technically feasible.
● Art. 21 GDPR – Right to object: You have the right to object, on grounds relating to your particular situation, at any time to our processing of personal data concerning you which is based on a legitimate interest on our part or in performance of a task which is necessary for reasons of public interest or is carried out in exercise of public authority.
If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
● Art. 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act (BDSG –Bundesdatenschutzgesetz) – Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law.
13. Obligation to provide data
You are under no contractual or legal obligation to provide us with personal data. However, we will not be able to offer you our services without the data provided by you.
14. Existence of automated decision-making (including profiling)
We do not use automated decision-making processes which produce legal effects concerning you or similarly significantly affects you.
15. Search engine findability
In your privacy settings you can at any time state which of your data should be visible and which not and whether your profile should be displayed at all. The findability of your profile within the website and in the whole of the Internet depends on these settings.
17. Further information
Your trust is important to us. So we would like to answer any questions you may have about the processing of your personal data at any time. If you have any questions that have not been answered by this privacy statement or if you would like more information on any point, you are welcome to contact Kulturprojekte Berlin GmbH at any time.
18. Privacy Statement, Use of Google Analytics
This website uses functions of the web analysis service Google Analytics, provider address: Google Inc., 1600 Amphitheatre Parkway Mountain View, CA, 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and allow the analysis of your use of the website. The information generated by the cookie about your use of the website is generally transferred to a server of Google in the United States and stored there.
For more information on the use of Google Analytics, see Google’s privacy statement: http://support.google.com/analytics/answer/6004245
We process your data on the legal basis of Art. 6 (1) f) GDPR. Our legitimate interest is in the purpose set out above. You may prevent the collection of your data by Google Analytics by clicking on this link: http://tools.google.com/dlpage/gaoptout. An opt-out cookie will be placed that will block your data from being collected when you visit our website in future: deactivate Google Analytics.
19. Privacy statement, use of Facebook buttons (linkage)
When you are logged into your Facebook account, you can link the content of our pages with your Facebook profile by clicking the Facebook button. In this way, Facebook can co-ordinate the visit of our pages with your user account. We would like to point out that as operators of these pages we have no awareness of the content of the data transfer or its use by Facebook. For more information, read Facebook’s own privacy statement: http://de-de.facebook.com/policy.php and developers.facebook.com/docs/plugins/.
If you do not want Facebook to register a visit to our pages with your Facebook user account, log out of your Facebook user account.
20. Privacy Statement, Use of Twitter (linkage)
When you are logged into your Twitter account, you can link the content of our pages with your Twitter profile by clicking the Twitter button. In this way, Twitter can co-ordinate the visit of our pages with your user account. We would like to point out that as providers of these pages we have no knowledge of the content of the data transmitted or its use by Twitter. For more information you can read Twitter’s privacy statement: twitter.com/privacy. If you do not want Twitter to register a visit to our pages with your Twitter user account, log out of your Twitter user account.
To change privacy settings in your Twitter account, go to twitter.com/account/settings.
21. Privacy Statement, Use of Hotjar Analytics
This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Hotjar uses so-called „cookies“. Cookies are small text files that are placed on your computer. Their purpose is to analyse the use to make our website presentation more user friendly, more effective and more secure. The information generated by the cookie about your use of this website is usually transferred to a Hotjar server and stored there. For more detailed information about Hotjar and the data to be recorded, please see the privacy statement of Hotjar under the following link: https://help.hotjar.com/hc/en-us/categories/360003405813-Compliance-Data-Privacy-Legal-Security-.
The use of Hotjar and the storage of the Hotjar cookies are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s website. If you would like to deactivate the recording of data by Hotjar, please click on the link below https://www.hotjar.com/legal/compliance/opt-out/. An opt-out cookie is set to prevent the collection of your information on future visits on this website.
22. Privacy Statement, Use of JSDelivr CDN
Type and scope of processing
We use JSDelivr CDN to properly deliver the content of our website. JSDelivr CDN is a service provided by Prospect One, which acts as a content delivery network (CDN) on our website.
A CDN helps to deliver content from our online service, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of JSDelivr CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. DSGVO.