Privacy Notice

This Privacy Notice serves to inform you about the processing of personal data which occurs when you use our website. Your privacy and the protection of your data are very important to us. On this page, we provide extensive information on data protection and your rights.

Personal data is information relating to an identified or identifiable person. This specifically includes information which allows conclusions to be drawn about your identity, such as your name, telephone number, address or email address. Statistical data which we collect, for example, when you visit our website and which cannot be linked to your person, does not fall under the concept of personal data.

1. Whom to contact

Your primary contact and responsible entity for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is the

Humboldt Forum Foundation in the Berlin Palace
Represented by board members Hartmut Dorgerloh, Christine Rieffel-Braune and Hans-Dieter Hegner
Schlossplatz
10178 Berlin

Telephone: +49 (0) 30 265 950 0

Email: [email protected]

You may also contact our Data Protection Officer at any time for any questions on the subject of data protection in connection with our exhibitions, events or the use of our website. Our Data Protection Officer can be reached at the above postal address and the above email address (subject line: ‘to the attention of the Data Protection Officer’). Please be advised that when using this email address, others besides our Data Protection Officer may access the contents. Therefore, if you wish to share confidential information, please first contact us directly at the above email address.

2. Data processing on our website

3. Use of cookies and similar technologies

This website uses cookies and similar technologies (collectively ‘tools’) provided by ourselves or by third parties.

Cookies are small text files which are stored in a computer’s browser directory. Cookies are not used to run programs or load viruses onto your computer. ‘Fingerprints’, web beacons, tags or pixels are similar technologies. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings to disable cookies and similar technologies or store them only with your prior consent. If you choose to disable cookies, some features of our website or services may not operate as intended.

The tools we use are listed below by category. In addition to providing information specifically about the tools’ providers, the tools’ storage period and third-party data sharing, we also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw your consent.

If, despite the greatest care, any information in the consent banner contradicts the information in this Privacy Notice, the information provided in this Privacy Notice takes precedence.

4. Online presence in social networks

We maintain an online presence in social networks to communicate with existing and prospective customers and provide information about our exhibitions and events.

User data is generally processed by the respective social networks for market research and advertising purposes. This allows them to create usage profiles based on users’ interests. For this purpose, cookies and other identifiers are stored on users’ devices. Based on the usage profiles, ads are placed within the social networks as well as on third-party websites.

In the context of operating our online presences, we may access information provided by the social networks, such as statistics on the use of our online presences. These statistics are aggregated and may specifically include demographic information and data on the interaction with our online presences and the posts and content distributed through them. For details and links to the social networks’ data which we as operators of the online presences may access, please refer to the list below.

The legal basis for processing this data is Art. 6 para. 1 s. 1 lit. f DSGVO, based on our legitimate interest in providing effective information for, and communicating with, users, and Art. 6 para. 1 s. 1 lit. b DSGVO, to remain in contact with our customers and provide information for them, as well as to make pre-contractual arrangements with prospective customers.

For the legal basis for the processing of data by the social networks themselves, please refer to the Privacy Policies of the respective social networks. Under the following links, you will also find further information on the specific data processing and your options to object. Please refer to the links below for additional information about this processing of data as well as opt-out options.

Please be advised that data privacy requests are most efficiently made to the particular provider of the social network, as only these providers have access to the data and the ability to immediately take appropriate action. Listed below is information about the social networks on which we operate online presences:

5. Sharing of data

Data collected by us is shared only if

  • You have given your express consent in accordance with Art. 6 para. 1 s. 1 lit. a DSGVO;
  • The sharing is necessary in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not having your data shared;
  • We are legally obliged to share it in accordance with Art. 6 para. 1 s. 1 lit. c DSGVO, or
  • It is legally permissible and necessary in accordance with Art. 6 para. 1 s. 1 lit. b DSGVO to manage contractual relationships with you or to make pre-contractual arrangements in response to your request.

Some of the data processing may be conducted by our service providers. In addition to the service providers mentioned in this Privacy Policy, these may specifically include data centers storing our website and databases, software providers, IT service providers maintaining our systems, agencies, market research companies, and consulting companies. In the event that we share data with our service providers, they may only use the data to perform their tasks. Our service providers have been carefully selected and commissioned by us and are contractually bound by our instructions. They can take suitable technical and organisational measures to protect the rights of the data subjects and are regularly monitored by us.

In addition, data may be shared in connection with official inquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.

6. Third-country data sharing

As explained in this Privacy Policy, we use services whose providers are in some cases headquartered, or process personal data, in so-called ‘third countries’, i.e., countries outside the European Union or the European Economic Area whose data protection level does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Article 45 of the GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, so-called EU standard contractual clauses or binding internal data protection regulations.

Where this is not possible, the data sharing is based on exceptions to Art. 49 DSGVO, specifically your express consent or the necessity of data sharing for the performance of the contract or for making pre-contractual arrangements.

If third-country sharing is planned and no adequacy decision or suitable guarantees exist, there is a possibility and a risk that authorities in the respective third countries (such as intelligence services) may gain access to the transmitted data for the purpose of recording and analysing it, and that the enforceability of your data subject rights cannot be guaranteed. When your consent is obtained through the Consent banner, you are informed of this as well.

7. Storage period

We store personal data only as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we immediately delete the data, unless the data is still needed for evidentiary purposes until the statutory limitation period for civil claims expires, or for statutory retention obligations.

For evidence purposes, we must retain contract data for a further three years from the end of the year in which our business relationship with you ends. In accordance with the statutory limitation period, any claims shall become statute-barred no earlier than this date.

Even after this, we still must retain some of your data for accounting reasons. We are obliged to do so because of statutory documentation requirements that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The period specified there for the retention of documents is two to ten years.

As a data subject, you always have the following rights laid out in Art. 15 – 21, Art. 77 DSGVO:

  • Right to withdraw your consent;
  • Right to object to the processing of your personal data (Art. 21 DSGVO);
  • Right to information about your personal data processed or stored by us (Art. 15 DSGVO);
  • Right to have your personal data rectified if it is incorrectly stored by us (Art. 16 DSGVO);
  • Right to have your personal data deleted (Art. 17 DSGVO);
  • Right to restrict the processing of their personal data (Art. 18 DSGVO);
  • Right to data portability of your personal data (Art. 20 DSGVO);
  • Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO).

To exercise your rights described here, you may contact us at any time using the contact details above. The same applies if you wish to receive copies of guarantees as proof of adequate levels of data protection. If the respective legal requirements are met, we will comply with your data protection request.

Your requests to exercise your data protection rights and our responses to them will be retained for documentation purposes, in individual cases specifically to assert, exercise or defend legal claims. The legal basis is Art. 6 para. 1 s. 1 lit. f DSGVO, based on our interest in defending against any civil claims under Art. 82 DSGVO, avoiding fines under Art. 83 DSGVO and fulfilling our accountability obligations under Art. 5 para. 2 DSGVO.

————————

You have the right to withdraw your once-given consent at any time. This means that we will no longer continue the data processing based on this consent. The withdrawal of consent does not affect the lawfulness of processing based on the consent prior to its withdrawal.

If we process your data based on legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. In the case of an objection to data processing for direct marketing purposes, you have a general right to object, which we will implement irregardless of whether reasons are provided.

If you wish to exercise your right to withdraw consent or object, simply send an informal message using the contact details above.

———————–

Finally, you have the right to lodge a complaint with a supervisory authority. You may exercise this right, for example, before a supervisory authority in the Member State of your place of residence, your workplace or the place of the alleged infringement. In Berlin, where we are located, the responsible supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59 – 61, 10555 Berlin.

9. Changes to this Privacy Notice

We periodically update this Privacy Notice, for instance when we adapt our website or when there is a change in legal or regulatory requirements.

 

Version: 2.0 / Last updated: May 2023

10. Video Surveillance

Personal data

In the Humboldt Forum some areas are under video surveillance. The recordings are personal data.

Reasons for processing

Video surveillance is carried out for the exercise of a property right,
for the purposes of crime prevention, of clarification, and evidence
preservation where a criminal offence has been identified, and for the
protection and safety of all persons present at the Humboldt Forum.
The legal basis is Article 6(1) f GDPR.

Duration of data storage

As a general rule, the video recordings are automatically deleted after
72 hours. Only in the case of security-relevant events and incidents will
relevant sections of the video recording be processed separately and deleted
immediately following an internal security assessment.

Data disclosure

When a criminal offence is identified during the course of the security
assessment, the video recording data will be passed on to law enforcement
authorities.

More Info