Data protection statement*
I. Scope
Kulturprojekte Berlin GmbH, Klosterstraße 68, 10179 Berlin-Mitte (hereinafter referred to as “Kulturprojekte Berlin” or [project name] or “we/us”) operates the website accessible at www.kulturprojekte.berlin and its respective subdirectories (hereinafter also referred to as the “website”), including all of the associated project web pages (together “websites”) as well as social media profiles (hereinafter also referred to as “social networks”).
This data protection statement is designed to provide you with information on the personal data we collect when you use our websites and the manner in which it is processed. This includes the data that is processed when you visit our project websites and social media profiles as well as when you subscribe to our newsletter. By issuing this statement, we are also fulfilling our legal obligation to provide users with information in accordance with Art. 13 and Art. 14 of the European Union’s General Data Protection Regulation (GDPR).
II. Controller
Kulturprojekte Berlin GmbH
Klosterstraße 68
10179 Berlin-Mitte
Managing director: Moritz van Dülmen
Head of the Departments for Cultural Funding, Museum and Consultation Services: Corinna Scheller
Contact: c.scheller@kulturprojekte.berlin
III. Data protection officer
Herr Dr. Michael Funke
JBB Data Consult GmbH
Friedrichstraße 95
10117 Berlin
datenschutz@kulturprojekte.berlin
030 443 765 0
IV. Purposes and legal bases as well as duration of data processing
1. Data processing on this website
The Kulturprojekte Berlin website automatically collects and stores information in its server log files that your browser transmits to us. This information comprises the following:
- browser type
- operating system used
- referrer URL (the previously visited page)
- host name of the accessing computer (IP address)
- time stamp of the request
This information does not permit Kulturprojekte Berlin to draw any conclusions about you as a specific person. Insofar as a connection IP address is processed, the legal basis for this processing is derived from Art. 6(1)(f) GDPR. Our legitimate interest here is to offer you access to our website and to enable you to use the site, as well as for us to be able to track unauthorised access attempts and unlawful use of the website or portal.
We don't store our log files.
2. Contact
We offer you the opportunity to contact us, for example via our e-mail address or by telephone. When you send us an e-mail, you provide us in most cases with your e-mail address, your name, a subject header and the content of your enquiry. We process this data in order to be able to answer your enquiry. This purpose also constitutes our legitimate interest in data processing (Art. 6(1)(f) GDPR). If necessary, this processing may also takes place for the performance of a contract with you. The legal basis in this case is Art. 6(1)(b) GDPR.
In general, we store your enquiry for as long as necessary to process your enquiry, unless any legal provisions prohibit such a deletion and/or, in particular, if further storage is required in accordance with Art. 6(1)(f) GDPR for the purpose of complying with obligatory storage periods in accordance with Art. 6(1)(c) GDPR. If the enquiry is made in the context of an existing or prospective contractual relationship with us, the storage period will depend on the underlying contractual relationship.
V. Data processing period
Unless a data storage period is expressly mentioned elsewhere in this data protection statement, we will process your data only as long as required for the purpose of processing. In addition, we may store your data, if necessary, for the purpose of establishing, exercising and defending legal claims or to comply with statutory data retention periods. The legal basis for this is Art. 6(1)(c) GDPR in conjunction with §147 and §257 of Germany’s Fiscal Code (AO) as well as Art. 17(3) GDPR. We will delete your data as soon as we no longer need it for these purposes.
VI. Recipients of your data (categories of recipients)
Your data will be processed internally by those members of our staff who are responsible for the matter that concerns you. We also use external service providers insofar as we are not able – or cannot reasonably – perform the services ourselves. These external service providers are primarily providers of IT services, such as hosts, e-mail providers or telecommunications providers.
VII. Data transfer to a third country
Unless expressly stated elsewhere in this data protection statement, we do not intend to transfer your personal data to a third country outside of the EU or EEA states.
VIII. Rights of the data subject
The European Union’s General Data Protection Regulation (GDPR) guarantees to you certain rights which you can assert to the extent that a legal basis exists.
- Art. 15 GDPR – The data subject’s right to information: You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, to be informed as to what these data are as well as more detailed information on the nature of the data processing.
- Art. 16 GDPR – Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Art. 17 GDPR – Right to erasure (‘right to be forgotten’): You have the right to obtain from us the erasure of personal data concerning you without undue delay.
- Art. 18 GDPR – Right to restriction of processing: You have the right to obtain from us the restriction of processing.
- Art. 20 GDPR – Right to data portability: If the processing is based on consent or a contract, you have the right to receive the personal data concerning you and which you provided to us in a structured, commonly used and machine readable format, and to transmit this data to another controller without hindrance from us. You also have the right to have those data transmitted directly from us to another controller, insofar as this is technically feasible.
- Art. 21 GDPR – Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is necessary due to a legitimate interest on our part or for the performance of a task carried out for reasons of public interest or in the exercise of official authority.
If you make use of your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.
Where we process your personal data for direct marketing purposes, you have the right to object at any time to this processing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
- Art. 77 GDPR in conjunction with § 19 of Germany’s Federal Data Protection Act (BDSG) – Right to lodge a complaint with a supervisory authority: You have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal information relating to you violates applicable law.
- Withdrawal of consent: If you have given us consent, you have the right to withdraw this consent at any time. All data processing that we have carried out up to the point of your withdrawal of consent will remain lawful in this case. For the purpose of withdrawing your consent, we ask that you send us a message at one of the abovementioned addresses.
IX. Obligation to provide data
You have no contractual or legal obligation to provide us with personal data. However, without the data you provide, we may not be able to provide you with our services.
X. Existence of automated decision making (including profiling)
We do not use automated decision making that has any legal impact on you or adversely affect you.
XI. Use of technologies and integration/involvement of external services
1. Cookies and other technologies
Our websites use so-called cookies and other technologies. They help to make our services more user-friendly, effective and secure. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on whatever device you are using until you delete them yourself. These cookies make it possible for us to recognise your browser upon your next visit to our website.
You can usually adjust your browser settings to inform you when cookies are stored, to only allow cookies in individual cases, to prohibit the acceptance of cookies in certain cases or overall, and to activate the automatic deletion of cookies when closing your browser. When you deactivate cookies, it might limit the functionality of these websites.
The legal basis for the processing of personal data in this context derives from Art. 6(1)(f) GDPR insofar as the cookies are used to provide the services you have requested. Our legitimate interest here is to provide you with the best possible user experience. To the extent that cookies are not required, they are used with your consent in accordance with Art. 6(1)(a) GDPR, which you can revoke at any time with effect from that moment on.
2. User access analysis
a) Matomo
We use the web analytics application known as Matomo (formerly PIWIK). Matomo helps us analyse the usage of our website. For this purpose, Matomo uses the following cookies: _pk_id (storage time: 13 months), _pk_ref (storage time: 6 months) und _pk_ses, _pk_cvar (storage time: 30 minutes). In this process, the usage information (including your (abbreviated) IP address) is stored for the purpose of usage analysis, which serves to optimise our website. Your IP address is anonymised in this process so that you remain anonymous to us as a specific person. The legal basis for this processing is your consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by clicking [here] (opt-out link). In this case, a so-called opt-out cookie will be stored in your browser to ensure that Matomo no longer collects any data from you. However, if you delete your cookies, the opt-out cookie will also be deleted and you will be asked again for your consent the next time you visit our websites.
b) Google Analytics
Diese Webseite nutzt Funktionen des Webanalysedienstes Google Analytics. Anbieter ist die Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).
This website makes use of the functions offered by the web analysis service Google Analytics. The provider is Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).
We use Google Analytics to analyse the visits made to our website. For this purpose, Google Analytics uses cookies that have the names [names of the cookies] and whose storage period is […] days. The information created by cookies in connection with your use of this website will usually be transmitted to a server belonging to Google in the US, where it will be stored. In this process, we use the function anonymizeIP, which anonymises your IP address by abbreviating it, which means that the IP address is not saved by Google in its complete form. For the purposes of data transmission to the US, we have concluded so-called standard data protection agreements with Google LLC. You may request a copy at datenschutz@kulturprojekte.berlin. More information on how Google Analytics handles user data can be found in Google’s own data protection statement: https://support.google.com/analytics/answer/6004245
The legal basis for this processing is your consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent to the use of web analysis at any time with effect from that moment on by clicking [here] (opt-out link). In this case, a so-called opt-out cookie will be stored in your browser to ensure that Google Analytics no longer collects any data from you. However, if you delete your cookies, the opt-out cookie will also be deleted and you will be asked again for your consent the next time you visit our websites.
In addition to revoking your consent, you can also generally prevent the collection of your data by Google Analytics by clicking on the following link: https://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be stored in your browser which will prevent the collection of your data upon future visits to this website: Deactivate Google Analytics.
c) Hotjar
This website uses Hotjar, a web analytics service provided by Hotjar Limited, Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”).
We use Hotjar to analyse your use of the website and to compile reports on website activities. In this process, Hotjar uses cookies with the names [names of the cookies], which are stored for a duration of […] days. The information generated by the cookies about your use of the website is usually transmitted to a Hotjar server and stored there. The following information, in particular, is stored: IP address in anonymised form; websites visited and movements on those sites; number and position of clicks on links; browser type and version; screen size of the end device used.
The legal basis for this processing is your consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect from that moment on by clicking [here] (opt-out link). In this case, a so-called opt-out cookie will be stored in your browser ensuring that Hotjar no longer collects any data from you. However, if you delete your cookies, the opt-out cookie will also be deleted and you will be asked again for your consent when you next visit our websites.
For more information on data protection at Hotjar, please see their data protection statement: https://www.hotjar.com/privacy. Hotjar also offers the possibility to generally object to data processing by Hotjar cookies in the future by adhering to the “Do Not Track” function of browsers. To find out how to activate this function, visit: https://www.hotjar.com/opt-out.
d) JSDelivr CDN
Type and scope of processing
We use JSDelivr CDN to properly deliver the content of our website. JSDelivr CDN is a service provided by Prospect One, which acts as a content delivery network (CDN) on our website.
A CDN helps to deliver content from our online service, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of JSDelivr CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. DSGVO.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Prospect One. Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net
3. Social networks
We have profiles on social networks. Our social media accounts complement our website and give you the opportunity to interact with us. As soon as you access our social media profiles on social networks, the terms and conditions and data processing policies of the respective operators apply.
Strictly speaking, we have no influence on the data processing carried out on social networks. When you use the services of these networks, the data collected about you is processed by the networks themselves and may be transmitted to countries outside the European Union. Information on which data are processed by social networks and for what purposes is found below in the privacy policies and data protection statements of the respective networks. We use the following social networks:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland-Irland.
Privacy policy: www.facebook.com/about/privacy/
Opt-out options: www.facebook.com/settings?tab=ads und www.youronlinechoices.com
About Insights: www.facebook.com/legal/terms/information_about_page_insights_data
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA as a subsidiary of Facebook.
Data protection statement / Opt-Out-Options: https://privacycenter.instagram.com/policy
Twitter International Company, z. Hd.: Datenschutzbeauftragter, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland.
Privacy policy: https://twitter.com/de/privacy
Opt-Out options: www.twitter.com/personalization
YouTube
YouTube LLC as a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Opt-out options: https://adssettings.google.com/authenticated
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland.
Privacy policy: www.linkedin.com/legal/privacy-policy
Opt-out options: www.linkedin.com/psettings/?trk=nav_account_sub_nav_settings
New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland.
Data protection statement: https://privacy.xing.com/de/datenschutzerklaerung
When you send us enquiries via social media profiles, we process your personal data in our function as data controller. We process this data as a way of responding to your enquiries, which is also our legitimate interest in accordance with Art. 6 (1)(f) GDPR.
As joint controllers alongside the following networks, we are also jointly responsible for the following processing in accordance with Art. 26 GDPR.
When visiting our profiles on Facebook, Instagram and LinkedIn, each of these networks collects aggregated statistics (“Insights data”) that are created from certain events logged by their servers when you interact with our profiles and related content. We receive these aggregated and anonymous statistics from the networks with regard to the use of each profile. In general, we are not able to attribute data to specific users. We are able only to a certain extent to determine the criteria according to which each network creates these statistics for us. We use these statistics to make our profiles more interesting and informative for you. This also establishes our justified interest in accordance with Art. 6(1)(f) GDPR in the data collection carried out by the respective social network in order to provide us with statistics.
Further information on this data processing can be found in each of the site’s Joint Controller Agreements:
Facebook / Instagram: https://www.facebook.com/legal/terms/page_controller_addendum
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
4. Social Plugins
We have integrated so-called social plug-ins of the abovementioned social networks on our websites.
When you visit our websites, a direct connection between your browser and the social network servers is created via the plug-in. The social network thereby receives the information that you visited our site with your IP address. If you click on the social plug-in button while you are logged into your account, you can link the content of our websites to your respective profile. This enables the respective social network to attribute your visit to our website to your user account. We would like to point out that we have no knowledge of the nature of the processing carried out by the respective social networks, because this processing falls under the sole responsibility of the respective social network. For further information on this, please refer to the data protection statements of each of the social networks listed above.
* Please note: This is an English translation of the original German Datenschutzerklärung (data protection statement). It provides an overview of your data protection rights and the manner in which we process your personal data. This English translation is intended solely as a convenience to the non-German-reading public. If there is any divergence between the German original and the English translation, the German version shall be the prevailing one.