Privacy Notice
This Privacy Notice serves to inform you about the processing of personal data which occurs when you use our website. Your privacy and the protection of your data are very important to us. On this page, we provide extensive information on data protection and your rights.
Personal data is information relating to an identified or identifiable person. This specifically includes information which allows conclusions to be drawn about your identity, such as your name, telephone number, address or email address. Statistical data which we collect, for example, when you visit our website and which cannot be linked to your person, does not fall under the concept of personal data.
1. Whom to contact
Your primary contact and responsible entity for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is the
Humboldt Forum Foundation in the Berlin Palace
Represented by board members Hartmut Dorgerloh, Christine Rieffel-Braune and Hans-Dieter Hegner
Schlossplatz
10178 Berlin
Telephone: +49 (0) 30 265 950 0
Email: [email protected]
You may also contact our Data Protection Officer at any time for any questions on the subject of data protection in connection with our exhibitions, events or the use of our website. Our Data Protection Officer can be reached at the above postal address and the above email address (subject line: ‘to the attention of the Data Protection Officer’). Please be advised that when using this email address, others besides our Data Protection Officer may access the contents. Therefore, if you wish to share confidential information, please first contact us directly at the above email address.
2. Data processing on our website
Each time you use our website, we collect access data your browser automatically transmits to enable you to visit the website. Access data includes:
- IP address of the accessing device;
- Date and time of access;
- Data volume transmitted;
- Access status;
- Information about the browser, operating system and Internet provider used;
- Website from which our site was accessed;
- Name and URL of the accessed website and the requesting website;
- Online identifiers (such as device identifiers, session IDs).
Processing this access data is essential in order to enable you to visit the website, to ensure the long-term functionality and security of our systems and, in general, to administratively maintain our website. In addition, the access data is temporarily stored in internal log files for the purposes described above; if, for example, repeated queries or access made with criminal intent compromise the stability and security of our website, this allows us to identify the cause and take action.
The legal basis is Art. 6 para. 1, S. 1 lit. b DSGVO, if the site is accessed in the course of initiating or performing a contract, and otherwise Art. 6 para. 1 s. 1 lit. f DSGVO based on our legitimate interest in enabling access to our website and in the long-term functionality and security of our systems.
The log files are generally stored for 7 days and then deleted following anonymisation.
Our website is hosted, and the associated processing of your personal data is conducted, by Netcup GmbH (Daimlerstraße 25, 76185 Karlsruhe), with which we have an order processing agreement
You have various options for contacting us. These include the contact form, contacting us by email, post or telephone. In this context, we process data exclusively for the purpose of communicating with you.
The legal basis is Art. 6 para. 1 s. 1 lit. b DSGVO, if your information is required to respond to your request or to initiate or execute a contract, and otherwise Art. 6 para. 1 s. 1 lit. f DSGVO based on our legitimate interest in enabling you to contact us and enabling us to respond to your request. Once your request has been fully processed, the data collected by us when you contact us will be deleted, unless we still need your request to fulfill contractual or legal obligations (see Section 7, ‘Data storage’).
You have the option to register with the ticket shop and create a customer account in order to be able to use the full range of functions of the ticket shop. All data you provide when registering is mandatory. Registration is not possible without this data. The legal basis for processing is Art. 6 para. 1 s. 1 lit. b DSGVO.
When you book tickets for exhibitions, public guided tours and/or events, we collect information required for purpose of performing the contract:
- Title,
- Name and surname,
- Address,
- Email address,
- Name of the booked event,
- Number of tickets,
- Preferred language (German/English)
The legal basis for processing is Art. 6 , Par. 1 S. 1 lit. b DSGVO.
For ticket bookings we use ‘go~mus’, a service provided by Giant Monkey GmbH, Brunnenstrasse 39, 10115 Berlin.
In addition, we work with external payment service providers (see section 5, ‘Third-party data sharing’). The payment service provider we use for ticket bookings is Adyen B.V., Simon Carmiggeltstraat 6–50, 5th floor, 1011 DJ Amsterdam.
In the context of ticket bookings we collect data for statistical purposes (specifically booking data, proceeds and cancellations, place of residence and country, exhibition capacity at certain times, utilisation of educational events, overview of types of sale, e.g. fee-based/free/press/children). The processing of this data serves to optimise our offers, workforce management, reporting as well as marketing efforts. The legal basis is our legitimate interest, Art. 6 para. 1 s. 1 lit. f DSGVO.
The analysed statistical data may also be shared with third parties who organise relevant events in the Humboldt Forum (such as Stiftung Stadtmuseum Berlin). The data does not allow any conclusions to be drawn about you, as they are shared only in anonymous form.
When using the web shop, data is shared with the provider of the Humboldt Forum Shops (Muson GmbH, Charlottenstrasse 95, 10969 Berlin), which is the responsible entity for any processing of your personal data through this shop. For additional information, please refer to the relevant Privacy Notices of the provider.
You have the option to support us with a donation. You may donate directly either by transferring a donation to the bank account on file on our website or by using the online donation tool. Different payment methods are available (including Paypal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L – 2449 Luxembourg; PayPal Privacy statement; VISA; SEPA; Stripe, see also Section 3.3) In this context, we process data exclusively for the purpose of collecting donations. Depending on the selected payment method, we specifically process names, address, e-mail address, payment method and payment data as well as the amount.
In this respect, the legal basis relating to the processing of donations and requests is Art. 6 para. 1 s. 1 lit. b DSGVO, and otherwise Art. 6 para. 1 s. 1 lit. f DSGVO based on our legitimate interest in enabling you to contact us and enabling us to process your donation request. If data is processed in the context of donor recognition, this data processing is based on your consent pursuant to Art 6, Par. 1 lit. a DSGVO.
For the processing of donations we work with the service provider Altruja GmbH, Augustenstrasse 62, 80331 Munich (see Section 5, ‘Third-party data sharing’).
Once your request has been fully processed, we are legally obligated to store the relevant data collected for ten years (see Section 7, ‘Data storage’), after which it is anonymised.
You have the option to sign up for our newsletter, which provides regular information about our products and special offers.
When you order our newsletters we use the so-called double opt-in procedure for registration. This means that we will not send you newsletters by email unless you confirm by clicking on a link in our notification email that you are the owner of the e-mail address provided. If you confirm your email address, we will store it and the time of registration until you unsubscribe from the newsletter. Your email address is stored for the sole purpose of being able to send you the newsletter and verify your registration. You may unsubscribe from the newsletter at any time. Each newsletter includes an unsubscribe link. Of course, a letter or email message to the contact address provided above and in the newsletter will also do. The legal basis for processing is your consent pursuant to Art. 6 para. 1 s. 1 lit. a DSGVO.
In our newsletters, we use commercially available technologies to measure interactions with the newsletters (i.e., opening of the email, links clicked). We use this data for general statistical analyses and to optimise and further develop our content and customer communication. The data will be linked to your other personal data (which has been collected from you or from publicly accessible sources). The legal basis for processing is your consent pursuant to Art. 6 para. 1 s. 1 lit. a DSGVO. Through our newsletter we want to share content that is as relevant as possible to our customers/visitors and better understand what readers are actually interested in. If you do not wish your usage behaviour to be analysed, you may unsubscribe from the newsletter at any time.
As a service provider we use curexus GmbH, Nordostpark 3, 90411 Nuremberg (see Section 5, ‘Third-party data sharing’).
You may apply for open positions with us via our Personio applicant management system (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Privacy pollicy). Data is collected for the purpose of selecting applicants for possibly establishing an employment relationship. To be able to accept and process your application, we specifically collect the following data: name and surname, email address, application documents (e.g. certificates, CVs) and the earliest possible job start date. The legal basis for processing your application documents is Art. 6 para. 1 s. 1 lit. b and Art. 88, Par. 1 DSGVO in conjunction with § 26 Abs. 1 S. 1 BDSG.
The job advertisement page (‘Jobs’) also links to job openings of the Humboldt Forum Service GmbH and the Stiftung Stadtmuseum Berlin. For additional information please refer to the respective Data privacy statements.
3. Use of cookies and similar technologies
This website uses cookies and similar technologies (collectively ‘tools’) provided by ourselves or by third parties.
Cookies are small text files which are stored in a computer’s browser directory. Cookies are not used to run programs or load viruses onto your computer. ‘Fingerprints’, web beacons, tags or pixels are similar technologies. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings to disable cookies and similar technologies or store them only with your prior consent. If you choose to disable cookies, some features of our website or services may not operate as intended.
The tools we use are listed below by category. In addition to providing information specifically about the tools’ providers, the tools’ storage period and third-party data sharing, we also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw your consent.
If, despite the greatest care, any information in the consent banner contradicts the information in this Privacy Notice, the information provided in this Privacy Notice takes precedence.
3.1.1 Legal basis
We use tools necessary for website operation based on our legitimate interest pursuant to Art. 6 para. 1 s. 1 lit. f DSGVO, to improve the functioning of our website and your individual experience. In certain cases, these tools may also be necessary for the performance of a contract or for pre-contractual arrangements, in which case the processing is carried out in accordance with Art. 6 para. 1 s. 1 lit. b DSGVO.
All other tools, specifically those for marketing purposes, are used based on your consent pursuant to Art. 6 para. 1 s. 1 lit. a DSGVO. No data will be processed by means of these tools, unless we have received your prior consent.
In the event that personal data is shared with third countries, we refer to section 6 (‘Third-country data transfer’), also with regard to the possible risks associated with this. We have standard contractual clauses or other guarantees in place with the providers of the tools we use. If you have given your consent to the use of certain tools, these providers may also transfer the data processed when using the tools to third countries based on this consent.
3.1.2 Obtaining your consent
By means of our Content Management System (CMS) we use consent management to obtain and manage your consent. The system creates a banner informing you about data processing on our website, giving you the option to consent to the processing of all, some or no data through optional tools. This banner appears when you first visit our website and when you access your settings again to make changes or withdraw your consent. The banner will reappear upon subsequent visits to our website if you have deactivated the storage of cookies or the cookies have been deleted or have expired.
Our consent tool stores necessary cookies (‘acceptCookie’, ‘acceptCookieStatistics’, ‘acceptCookieMarketing’) on your device to remember your consent and withdrawal of consent. If you delete your cookies, we will ask for your consent again upon subsequent visits to our website.
Data processing by our consent management system is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO, based on our interest in meeting the legal requirements for consent management.
3.1.3 Withdrawing your consent or changing your selections
You may withdraw your consent for certain tools at any time. To do so, click on the following
We use tools to enable the basic functions of our website (‘necessary tools’). Without those tools we would not be able to provide our service. Therefore, necessary tools are used without consent based on our legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f DSGVO, or for the performance of a contract or making pre-contractual arrangements pursuant to Art. 6 para. 1 s. 1 lit. b DSGVO.
3.2.1 Our own cookies
We use our own necessary cookies specifically
- for login authentication in the Ticket Shop,
- to save the selected cookie settings
3.2.2 Cloudflare
Our website uses Cloudflare, a service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107 USA, to make our website faster and more secure. Cloudflare provides a globally distributed Content Delivery Network (DNS) which allows it to create copies of our website and place them on its own servers, thereby ensuring that when you visit our website, it is delivered by the webserver able to show you our website the fastest. Cloudflare also blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources or seek to attack our systems in other ways.
To provide this service, the entire data transfer between your browser and our websites passes through Cloudflare’s infrastructure. In the process, Cloudflare delivers content from our website and analyses the traffic to prevent attacks.
For this purpose, Cloudflare receives information on IP addresses and DNS log data, with the IP addresses being pseudonymised and relatable to a natural person only in theory and with considerable effort and cost. For security reasons, Cloudflare also uses a cookie. This cookie is absolutely necessary for Cloudflare’s security functions and cannot be deactivated. Ensuring the security and retrievability of our website constitutes a legitimate interest on our part, with the legal basis being Art. 6 para. 1 p. 1 lit. f DSGVO.
Generally, Cloudflare stores your data for up to seven days, but if your IP address triggers a security warning at Cloudflare, exceptions may be made to the above storage period. Cloudflare stores and processes personal data on servers in the European Union. But since Cloudflare Inc. is a U.S. provider, we cannot rule out the possibility that personal data is transferred to the USA. We have an order processing agreement with Cloudflare. In the event that personal data is transferred to the USA or other third countries, we have standard contractual clauses with Cloudflare pursuant to Art. 46 para. 2 lit. c DSGVO. For additional information, please refer to Section 5, ‘Third-party data sharing’, and Section 6, ‘Third-country data sharing’.
3.2.3 Algolia
Our website uses Algolia, a service provided by Algolia Inc., 301 Howard Street, San Francisco, CA 94105 USA, to index the visible content or our website and thus provide optimised search functionality.
Algolia is used for the purpose of making the information contained on our website easier to find and thereby ensuring user-friendliness.
The legal basis is Art. 6 para. 1 lit.f DSGVO, based on our aforementioned legitimate interest. Because our website uses Algolia, your IP address and search query are transmitted to a server of Algolia and stored there for 90 days for statistical and optimisation purposes and then deleted.
In accordance with Art. 46 para. 2 lit. c DSGVO (Implementing Decision (EU) 2021/914, Module 2), we have an order processing agreement and standard contractual clauses with Algolia. For additional information, please refer to Algolia’s relevant privacy policies: https://www.algolia.com/de/policies/privacy/
In addition, we use tools to improve user experience on our website and provide more features (‘functional tools’). While these tools are not strictly necessary for the website’s basic functionality, they can bring significant benefits to users, specifically in terms of user experience and providing additional communication, presentation and payment channels. The legal basis for the functional tools is your consent pursuant to Art. 6 para. 1 lit. a DSGVO, which you give through the consent banner or at the respective tool itself by individually allowing its use through a banner (overlay) placed above it. Access to and storage of information in the terminal device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For withdrawing your consent, see 3.1.3: ‘Withdrawing your consent or changing your selections’.
In the event that personal data is shared with third countries (such as the USA), your consent explicitly extends to this sharing of data (Art. 49 (1) a DSGVO). Please refer to Section 6 (‘Third-country data sharing’) for the associated risks.
3.3.1 Google Tag Manager
Our website uses Google Tag Manager, a service provided for users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively ‘Google’).
Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to implement a tool, for example through scripts. If these are optional tools, Google Tag Manager will only integrate them with your consent.
Google Tag Manager does not use cookies.
The legal basis is your consent pursuant to Art. 6 para. 1 s. 1 lit. a DSGVO.
When Google Tag Manager is used, Google collects information about which tags are integrated by our website to ensure stability and functionality; however, it does not collect personal data, i.e., no data on usage behaviour, IP addresses or pages visited.
We have an order processing agreement with Google. In the event that personal data is transferred to the USA or other third countries, we have standard contractual clauses with Google pursuant to Art. 46 para. 2 lit. c DSGVO. For additional information, please refer to Section 6, ‘Third-country data sharing’.
For additional information, please refer to Google Tag Manager Overview.
In order to improve our website, we use tools for statistical collection and analysis of general usage behaviour based on access data (‘analytical tools’). We also use analytics services to evaluate the use of our various marketing channels.
The legal basis for the analytical tools is, unless otherwise indicated, your consent pursuant to Art. 6 para. 1 s. 1 lit. a DSGVO. For withdrawing your consent, see 3.1.3: ‘Withdrawing your consent or changing your selections’. In the event that personal data is transferred to the USA or other third countries, your consent explicitly extends to this sharing of data (Art. 49 (1) a DSGVO). Please refer to Section 6 (‘Third-country data sharing’) for the associated risks.
- Google Analytics
Our website uses Google Analytics, a service provided to users in Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively ‘Google’).
Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. Google will process the obtained information to analyse your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. The data generated in this context may be transferred by Google to a server in the USA for analysis and stored there.
For Google Analytics, we have customised the following privacy settings:
- IP anonymisation (your IP address is abbreviated prior to analysis, so that no conclusions can be drawn about your identity)
- Automatic deletion of old logs / limitation of storage time
- Deactivated advertising function (including GA audience remarketing)
- Deactivated measurement protocol
- Deactivated cross-page tracking (Google signals)
The following data is processed by Google Analytics:
- Anonymised IP address;
- Referrer URL (previously visited page);
- Pages viewed (date, time, URL, title, length of stay);
- Downloaded files;
- Clicked links to other websites;
- Achievement of certain targets (conversions);
- Technical Information: operating system; browser type, version and language; device type, brand, model and resolution;
- Approximate location (country and city, if applicable, based on anonymised IP address).
Google Analytics stores the following cookies on your device for the purpose and storage period indicated:
- ‘_ga’ for 2 years, and ‘_gid’ for 24 hours (both used to recognise and distinguish website visitors by user ID);
- ‘_gat’ or ‘_gat_UA-160223786-1’ for 1 minute (to reduce requests to Google’s servers);
We have an order processing agreement with Google for the use of Google Analytics. In the event that personal data is transferred to the USA or other third countries, Google Ireland Limited and Google LLC have standard contractual clauses (Module 3) in place.
For additional information, please refer to Google’s Privacy Policy.
In addition, we use other external media, such as embedded videos.
The legal basis for this is, unless otherwise indicated, your consent pursuant to Art. 6 para. 1 s. 1 lit. a DSGVO, which you give through the consent banner or at the respective tool itself by individually allowing its use through a banner (overlay) placed above it. For withdrawing your consent, see 3.1.3, ‘Withdrawing your consent or changing your selections’. In the event that personal data is transferred to the USA or other third countries, your consent explicitly extends to this sharing of data (Art. 49 para 1 s. 1 lit. a DSGVO). Please refer to Section 6 (‘Third-country data sharing’) for the associated risks.
- YouTube videos
We have embedded videos in our website which are stored at YouTube and can be played directly on our website, provided you have given your consent. YouTube is a multimedia service of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (‘YouTube’), which is provided to users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other users by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (collectively ‘Google’).
We have activated YouTube’s extended data privacy mode, which means that Google receives less usage information and does not personalise video recommendations and ads. However, information is stored in your device’s local storage and session storage, specifically your device ID and other information regarding video playback, which is accessible to Google.
When you visit our website, YouTube and Google receive the information that you have accessed the corresponding sub-page of our website. This happens regardless of whether you are logged in to YouTube or Google or not. YouTube and Google use this data for the purposes of advertising, market research and needs-based design of their websites. When you view a YouTube video on our website while being logged into your YouTube or Google account, this activity may also be linked to your YouTube or Google account. If you do not wish this information to be linked, you must log out of Google prior to accessing our website.
In addition to withdrawing your consent, you also have the option to deactivate personalised ads in Google’s ad settings. In this case, Google will only display non-individualised advertising.
For additional information, please refer to Google’s Privacy Policies for YouTube.
- Vimeo videos
We have embedded videos in our website which are stored on the video platform Vimeo and can be played directly on our website, provided you have given your consent. Vimeo is a multimedia service of Vimeo Inc., 555 West 18th Street, New York 10011, USA (‘Vimeo’).
When you visit our website, Vimeo receives the information that you have accessed the corresponding sub-page of our website. This happens regardless of whether you are logged in to Vimeo or not.
Vimeo may use this data for the purposes of advertising, market research, and needs-based design of its websites. If you call up videos on our websites while you are logged into your Vimeo account, Vimeo may also link this event to your Vimeo account. If you do not want the association, it is necessary that you log out of Vimeo before accessing our websites. When you view Vimeo videos on our website while being logged into your Vimeo account, this activity may also be linked to your Vimeo account. If you do not If you do not wish this information to be linked, you must log out of Vimeo prior to accessing our website.
For additional information, please refer to Vimeo’s Privacy Policies.
- Spotify
We have embedded audio content in our website, which is stored at Spotify and can be played directly on our website. In this context, we only process your data if you have consented to it. Spotify is an audio streaming service provided by Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden (‘Spotify’).
When you visit our website, Spotify receives the information that you have accessed the corresponding sub-page of our website. This happens regardless of whether you are logged in to Spotify or not. Spotify is solely responsible for any further data processing.
For additonal information about Spotify’s use and processing of data, please refer to its Privacy Policy.
- Sketchfab
Our website uses plugins of sketchfab.com. This site is operated by Sketchfab, Inc., Sketchfab HQ, 1123 Broadway #501 (25th St), New York City, NY 10010 USA. When you visit one of our pages on which Sketchfab plugins are installed, a connection is established to Sketchfab’s servers, provided you have given us your consent to do so. The Sketchfab server then receives information about which of our pages you have visited. When you are logged into your Sketchfab account, you also enable Sketchfab to link your surfing behaviour directly to your personal account. You can prevent this by logging out of your Sketchfab account. For additonal information about Sketchfab’s use of data, please refer to its Privacy Policy at https://sketchfab.com/privacy.
4. Online presence in social networks
We maintain an online presence in social networks to communicate with existing and prospective customers and provide information about our exhibitions and events.
User data is generally processed by the respective social networks for market research and advertising purposes. This allows them to create usage profiles based on users’ interests. For this purpose, cookies and other identifiers are stored on users’ devices. Based on the usage profiles, ads are placed within the social networks as well as on third-party websites.
In the context of operating our online presences, we may access information provided by the social networks, such as statistics on the use of our online presences. These statistics are aggregated and may specifically include demographic information and data on the interaction with our online presences and the posts and content distributed through them. For details and links to the social networks’ data which we as operators of the online presences may access, please refer to the list below.
The legal basis for processing this data is Art. 6 para. 1 s. 1 lit. f DSGVO, based on our legitimate interest in providing effective information for, and communicating with, users, and Art. 6 para. 1 s. 1 lit. b DSGVO, to remain in contact with our customers and provide information for them, as well as to make pre-contractual arrangements with prospective customers.
For the legal basis for the processing of data by the social networks themselves, please refer to the Privacy Policies of the respective social networks. Under the following links, you will also find further information on the specific data processing and your options to object. Please refer to the links below for additional information about this processing of data as well as opt-out options.
Please be advised that data privacy requests are most efficiently made to the particular provider of the social network, as only these providers have access to the data and the ability to immediately take appropriate action. Listed below is information about the social networks on which we operate online presences:
- Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Operation of the Facebook Fan Page under joint responsibility based on an Agreement on joint processing of personal data (‘Page Insights supplement’ regarding the responsible party)
- Information on the processed Page Insights data and whom to contact in case of privacy requests
- Privacy policy
- Opt out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Operation of the LinkedIn Company Page under joint responsibility based on an Agreement on joint processing of personal data (‘Page Insights Joint Controller Addendum’)
- Information on the processed Page Insights data and whom to contact in case of privacy requests
- Privacy Policy
- Opt out
- Xing/Kununu (XING SE, Dammtorstraße 30, 20354 Hamburg)
- Spotify (Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden)
- BING (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland)
5. Sharing of data
Data collected by us is shared only if
- You have given your express consent in accordance with Art. 6 para. 1 s. 1 lit. a DSGVO;
- The sharing is necessary in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not having your data shared;
- We are legally obliged to share it in accordance with Art. 6 para. 1 s. 1 lit. c DSGVO, or
- It is legally permissible and necessary in accordance with Art. 6 para. 1 s. 1 lit. b DSGVO to manage contractual relationships with you or to make pre-contractual arrangements in response to your request.
Some of the data processing may be conducted by our service providers. In addition to the service providers mentioned in this Privacy Policy, these may specifically include data centers storing our website and databases, software providers, IT service providers maintaining our systems, agencies, market research companies, and consulting companies. In the event that we share data with our service providers, they may only use the data to perform their tasks. Our service providers have been carefully selected and commissioned by us and are contractually bound by our instructions. They can take suitable technical and organisational measures to protect the rights of the data subjects and are regularly monitored by us.
In addition, data may be shared in connection with official inquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.
6. Third-country data sharing
As explained in this Privacy Policy, we use services whose providers are in some cases headquartered, or process personal data, in so-called ‘third countries’, i.e., countries outside the European Union or the European Economic Area whose data protection level does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Article 45 of the GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, so-called EU standard contractual clauses or binding internal data protection regulations.
Where this is not possible, the data sharing is based on exceptions to Art. 49 DSGVO, specifically your express consent or the necessity of data sharing for the performance of the contract or for making pre-contractual arrangements.
If third-country sharing is planned and no adequacy decision or suitable guarantees exist, there is a possibility and a risk that authorities in the respective third countries (such as intelligence services) may gain access to the transmitted data for the purpose of recording and analysing it, and that the enforceability of your data subject rights cannot be guaranteed. When your consent is obtained through the Consent banner, you are informed of this as well.
7. Storage period
We store personal data only as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we immediately delete the data, unless the data is still needed for evidentiary purposes until the statutory limitation period for civil claims expires, or for statutory retention obligations.
For evidence purposes, we must retain contract data for a further three years from the end of the year in which our business relationship with you ends. In accordance with the statutory limitation period, any claims shall become statute-barred no earlier than this date.
Even after this, we still must retain some of your data for accounting reasons. We are obliged to do so because of statutory documentation requirements that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The period specified there for the retention of documents is two to ten years.
8. Your rights, specifically your right to withdraw consent and to object
As a data subject, you always have the following rights laid out in Art. 15 – 21, Art. 77 DSGVO:
- Right to withdraw your consent;
- Right to object to the processing of your personal data (Art. 21 DSGVO);
- Right to information about your personal data processed or stored by us (Art. 15 DSGVO);
- Right to have your personal data rectified if it is incorrectly stored by us (Art. 16 DSGVO);
- Right to have your personal data deleted (Art. 17 DSGVO);
- Right to restrict the processing of their personal data (Art. 18 DSGVO);
- Right to data portability of your personal data (Art. 20 DSGVO);
- Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO).
To exercise your rights described here, you may contact us at any time using the contact details above. The same applies if you wish to receive copies of guarantees as proof of adequate levels of data protection. If the respective legal requirements are met, we will comply with your data protection request.
Your requests to exercise your data protection rights and our responses to them will be retained for documentation purposes, in individual cases specifically to assert, exercise or defend legal claims. The legal basis is Art. 6 para. 1 s. 1 lit. f DSGVO, based on our interest in defending against any civil claims under Art. 82 DSGVO, avoiding fines under Art. 83 DSGVO and fulfilling our accountability obligations under Art. 5 para. 2 DSGVO.
————————
You have the right to withdraw your once-given consent at any time. This means that we will no longer continue the data processing based on this consent. The withdrawal of consent does not affect the lawfulness of processing based on the consent prior to its withdrawal.
If we process your data based on legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. In the case of an objection to data processing for direct marketing purposes, you have a general right to object, which we will implement irregardless of whether reasons are provided.
If you wish to exercise your right to withdraw consent or object, simply send an informal message using the contact details above.
———————–
Finally, you have the right to lodge a complaint with a supervisory authority. You may exercise this right, for example, before a supervisory authority in the Member State of your place of residence, your workplace or the place of the alleged infringement. In Berlin, where we are located, the responsible supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59 – 61, 10555 Berlin.
9. Changes to this Privacy Notice
We periodically update this Privacy Notice, for instance when we adapt our website or when there is a change in legal or regulatory requirements.
Version: 2.0 / Last updated: May 2023
10. Video Surveillance
Personal data
In the Humboldt Forum some areas are under video surveillance. The recordings are personal data.
Reasons for processing
Video surveillance is carried out for the exercise of a property right,
for the purposes of crime prevention, of clarification, and evidence
preservation where a criminal offence has been identified, and for the
protection and safety of all persons present at the Humboldt Forum.
The legal basis is Article 6(1) f GDPR.
Duration of data storage
As a general rule, the video recordings are automatically deleted after
72 hours. Only in the case of security-relevant events and incidents will
relevant sections of the video recording be processed separately and deleted
immediately following an internal security assessment.
Data disclosure
When a criminal offence is identified during the course of the security
assessment, the video recording data will be passed on to law enforcement
authorities.