Privacy Policy

What personal data do we collect from you?

We process only personal data that you have yourself provided to us, or that is obtainable from publicly accessible sources such as the internet. Insofar as we process personal data from you, this usually comprises your email address and, if applicable, other personal data such as first name, last name, address, telephone number, gender.

For what purposes will my personal data be processed?

We process your personal data for the purposes of publicity and communication.

On what legal basis do we process your data?

We process your data on the basis of the European General Data Protection Regulations (GDPR). Depending on the individual case, data processing is carried out on the basis of your consent (Art. 6 para. 1 a) GDPR), on the basis of a contract or a contract initiation with you (Art. 6 para. 1 b) GDPR), to fulfil a legal obligation (Art. 6 para. 1 c) GDPR) or on the basis of legitimate interests in the individual case (Art. 6 para. 1 f) GDPR).

To whom will my data be disclosed?

The recipients of your data are the relevant employees in each individual instance. Insofar as we work with external service providers who have access to your personal data, we place them under a contractual obligation to handle your personal data in accordance with the requirements of the GDPR.

How long will my data be stored?

If no legally prescribed retention periods apply in your case, we will process your data until you object to data processing or revoke your consent to data processing. In the event that you do not wish your data to continue to be processed, please contact [email protected].

What are my rights?

You have the fundamental right to obtain information about your personal data, to correct or delete your data, to restrict data processing, to object to data processing, and you also have the right to data transmission (Art. 13 para. 2 in conjunction with Art. 15 to 21 GDPR). You also have the right to raise a complaint with the regulatory authority: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.

Who is responsible for processing my data?

Responsibility lies with the Stiftung Humboldt Forum im Berliner Schloss, represented by its board members Hartmut Dorgerloh (General Director and Chairman of the Board), Christine Rieffel-Braune (Chief Administrative Officer) and Hans-Dieter Hegner (Chief Building Officer), Unter den Linden 3, 10117 Berlin.

Who can I contact in case of data privacy questions?

If you have any questions about the protection of your data, or would like to exercise your rights in matters of data protection, please contact [email protected]

Which tracking services does this website use?

This website uses Google Analytics, a service offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to analyse our users’ visits to the website. The service uses cookies: text files which are stored on your device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

Are my data anonymised?

This website uses IP anonymisation. The user’s IP address is shortened within EU member states and the European Economic Area. This removes the personal reference from your IP address. Under the terms of the contract data processing agreement between the website operator and Google Inc., Google Inc. uses the information collected to evaluate website usage and website activity and to provide services related to internet usage.

How do I turn off website tracking?

You can disable cookie storage at any time in your cookie settings. You also have the option of preventing cookie storage on your device by using the appropriate settings in your browser. We cannot guarantee unrestricted access to all features of this website if your browser does not enable cookies. You can also use a browser plugin to prevent the information collected by cookies (including your IP address) being sent to and used by Google Inc. You can find the appropriate plugin here. Alternatively, you can prevent Google Analytics from collecting data about you within this website by clicking on this link. Clicking on the link above will download an ‘opt-out’ cookie. To enable this, your browser must therefore generally allow cookie storage. If you regularly delete cookies, you will need to click on the link again each time you visit this website. You can find further information on data use by Google Inc. here.

What security cookies does this website use?

On this website we use Cloudflare features provided by Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA). Cloudflare provides a globally distributed Content Delivery Network (CDN), ie a worldwide network of connected servers. The information transfer between your browser and our website is routed through Cloudflare’s network. This puts Cloudflare in a position to analyse the data traffic between you the user and our website, and enables us to identify and intercept attacks on our services.

Why do we use Cloudflare on our website?

Cloudflare helps make our website faster and more secure. Cloudflare provides us with web optimisation and security services such as DDoS protection and web firewall. This also includes a reverse proxy and the Content Distribution Network (CDN). Cloudflare blocks threats and limits malicious bots and crawlers which would waste our bandwidth and server resources.

What data are stored by Cloudflare?

For reasons of security, Cloudflare uses a cookie. This cookie (__cfduid) is set in order to identify individual users behind a common IP address, and to apply security settings for each individual user. This cookie is essential for Cloudflare security features and cannot be disabled:

• Name: __cfduid
• Value: d798bf7df9c1ad5b7583eda5cc5e78139886372-3
• Purpose: Security settings for each individual visitor
• Expiry date: after one year
• Cloudflare also works with third party providers. These are only permitted to process personal data under instruction from Cloudflare, and in accordance with the privacy policy and other confidentiality and security measures. Cloudflare does not share any personal data without explicit consent from us.

On what legal basis is the data collected?

Cloudflare is used in the interest of secure use of our website and to defend against malicious attacks. This constitutes a legitimate interest in accordance with Art. 6 para. 1 f) GDPR.

Where is the data stored, and for how long?

Cloudflare stores your information primarily in the USA and in the European Economic Area. Cloudflare can access and transmit the information described above from anywhere in the world. In general, Cloudflare stores data at a user level for domains in its Free, Pro and Business versions for less than 24 hours. For Enterprise domains with Cloudflare Logs activated (previously Enterprise LogShare or ELS), the data may be stored for up to 7 days. However, if IP addresses trigger security warnings at Cloudflare, there may be exceptions to the above-mentioned storage periods.

How can I delete, or prevent storage of my data?

Cloudflare only saves data records for as long as necessary, and in most cases these records are deleted within 24 hours. Nor does Cloudflare store any personal data such as your IP address. However, certain information is stored for an indefinite period by Cloudflare as part of its permanent records in order to improve the overall performance of Cloudflare Resolver, and to identify potential security risks. You can find out exactly which permanent records are stored via this link https://www.cloudflare.com/application/privacypolicy/ . All data collected by Cloudflare (temporary or permanent) are purged of any personal data. In addition, all permanent records are anonymised by Cloudflare.

EU-U.S. Privacy Shield Framework

In accordance with GDPR, we have entered into an agreement with Cloudflare for contract data processing. Cloudflare is a certified member of the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. More information is available at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0. More information on Cloudflare’s privacy policy is available at https://www.cloudflare.com/de-de/privacypolicy/

Maps from the Google Maps service are integrated into our website. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google’s privacy policy can be found here.

Videos from the YouTube platform are integrated into our website. YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google’s privacy policy can be found here.

What personal data is processed?

When you fill out the information fields to register for the Humboldt Forum Newsletter , we process the personal data you provide. This comprises a minimum of your email address and, where applicable, any further data you provide – such as forename, surname and address. As evidence of your consent, a record of your consent is kept, i.e. the date and time are stored, together with the sender’s IP address.

For what purposes will my personal data be processed?

Your personal data will be processed for press and publicity purposes, in order to provide you with information on the Humboldt Forum via email or postal newsletter. The legal basis for this is your consent in accordance with the European General Data Protection Regulations, which you can withdraw at any time (Art. 6, para. 1a) GDPR).

How can I unsubscribe from the newsletter?

You can unsubscribe from the Humboldt Forum newsletter at any time. An unsubscribe link will be included at the end of each newsletter for you to withdraw your consent.

How long will my data be stored?

Provided that no statutory retention periods apply in your case, we will continue to process your data until such time as you object to data processing or withdraw your consent to data processing. In the event that you no longer wish your data to be processed, please contact [email protected].

To whom will my data be disclosed?

The recipients of the data are our employees responsible for education and outreach as well as press and public relations. We work with the data processing company Sendinblue GmbH (formerly Newsletter2Go GmbH), Köpenicker Str. 126, 10179 Berlin. We have contractually obligated Sendinblue GmbH to handle your personal data in accordance with the requirements of the GDPR. If we work with other external service providers who have access to your data, we contractually obligate them to handle your data in accordance with the provisions of the GDPR.

When you purchase tickets for an exhibition, a public tour or an event in our web shop, we process the personal data provided by you. These comprise your e-mail address, your first and last names, your title and your preferred language (German/ English) as well as your postal address. If you register for a customer account, it will be necessary to award a password, but this will not be saved, however.

In the case of products subject to a fee, the chosen payment method will be stored additionally.

Your personal data will be collected and processed for the purpose of initiating and implementing contracts. The legal basis for this is Art. 6 Para. 1 lit. b) GDPR.

In the context of a purchasing contract the receipts, in accordance with the statutory regulations, will be stored for a period of ten years. After that, they will be deleted.

Should you have registered for a customer account in our web shop, the account will be deleted upon cancellation.

The data will be disclosed to the responsible employees of the Stiftung Humboldt Forum im Berliner Schloss and of its subsidiary, Humboldt Forum Service GmbH. We also cooperate with an external payment services provider with whom we have concluded an order data processing contract.

In the Humboldt Forum some areas are under video surveillance. The recordings are personal data.

Video surveillance is carried out for the exercise of a property right,
for the purposes of crime prevention, of clarification, and evidence
preservation where a criminal offence has been identified, and for the
protection and safety of all persons present at the Humboldt Forum.
The legal basis is Article 6(1) f GDPR.

As a general rule, the video recordings are automatically deleted after
72 hours. Only in the case of security-relevant events and incidents will
relevant sections of the video recording be processed separately and deleted
immediately following an internal security assessment.

When a criminal offence is identified during the course of the security
assessment, the video recording data will be passed on to law enforcement
authorities.

What personal data is processed?

By filling out the information fields in our Online-Donation-Tool, you give your consent to the processing of the personal data you have provided. As evidence of your consent, a record of your consent is kept, i.e. the date and time are stored, together with the sender’s IP address.

For what purposes will my personal data be processed?

We process your personal data for the purposes of donor management and, where applicable, donor recognition. The legal basis for this is your consent in accordance with the European General Data Protection Regulations, which you can withdraw at any time (Art. 6, para. 1a) GDPR).

How long will my data be stored?

Your data will continue to be processed until you withdraw your consent.

To whom will my data be disclosed?

The recipients of the data are our employees responsible for fundraising. We work with the processing company Altruja GmbH, Augustenstraße 62, 80331 München. Altruja GmbH is contractually obliged in accordance with GDPR requirements to handle your data in a privacy-compliant manner.