Data Privacy Policy

1. Introduction

The purpose of this data privacy policy is to inform you about the processing of personal data on the website of the MARKK (Museum am Rothenbaum Kulturen und Künste der Welt). We hereby comply with our obligations under the European General Data Protection Regulation (EU-GDPR, EU 2016/679), in particular Articles 13 and 14, as well as Art. 26 (2) and the German Telemedia Act (TMG).

Please read this policy carefully. If you have any further questions, please contact us.

The Museum am Rothenbaum always gives the highest priority to the protection of your privacy and thus of your personal data.

This policy describes our handling of certain information about you, your computer or your mobile device (“device”). This information may contain personal data.

In this document we also explain how we use cookies and analysis tools throughout our entire website.

At all times we comply with applicable privacy laws and this data privacy policy. We will only disclose information in those cases described in this policy.

2. Who is the controller and how can you contact us?

The controller responsible for the processing and processes described in this policy is:

Museum am Rothenbaum
Kulturen und Künste der Welt
Foundation under public law
Rothenbaumchaussee 64
20148 Hamburg
Germany
e-mail: info@markk-hamburg.de

You can contact our data protection officer at:
Datenschutzbeauftragter Museum am Rothenbaum
c/o Goalgetter GmbH
Willhoop 3
22453 Hamburg
Germany
e-mail: datenschutz@goalgetter.gmbh

3. What is the meaning of certain terms?

Anonymization

By changing the data it can no longer be assigned to a natural person.

Analysis Tools

Programs that allow the evaluation of user behavior.

Cloud

The use of IT infrastructures and services that are not hosted locally on local computers, but rented as a service and accessed via a network (e.g. the Internet).

Controller

A body, e.g. company, association, authority, who decides on the means and purposes of the processing of personal data.

Cookies

Cookies are small text files that are stored by your computer or your browser.

Data Subject

Natural person to whom the personal data is related.

Devices

(Movable) objects, such as smartphones, tablets, notebooks, PCs, which can be used for apps or programs and information services.

GDPR

General Data Protection Regulation, the new data protection regulation for the European Union.

IP address

An address on the computer network based on the Internet Protocol (IP). This address is assigned to devices and thus makes the device addressable and also accessible.

Mac address

The address of a single network adapter.

Personal data

This is information relating to an identified or identifiable natural, living person.

Processing

Any operation relating to personal data, such as collection, recording, storage, alteration, disclosure by transmission and erasure.

Pseudonymization

Processing of personal data in such a manner that they can no longer be attributed to a specific data subject without the use of additional information.

4. Which personal data is processed by us?

We process various data when you visit our website. These may be personal, either directly or indirectly, i.e. including other data sources.

This includes the following information:

1. Data categories:
log data
usage data

And if necessary for the newsletter:

name and surname
e-mail address

For the press section:

name-related information
address details
communication data
company details
content selection

2. Information when visiting our websites:

When you visit our website, we store your IP address for communication purposes. In addition, further data is transmitted by the browser and stored by our web server. This includes, among others, information about the terminal device, time of access, origin of the request, browser and browser version, about the use of our site and, if applicable, whether you have already visited us.

We use the content management system of WordPress to edit our website.

Purpose of processing: Representation of our website and the services associated with it, evaluation

Legal basis: Article 6(1)(b), performance of a contract

3. Newsletter:

We offer you to register on our website to receive our newsletter, thus to subscribe to our newsletter. In order to receive our newsletter, we check whether you are in fact the owner of the e-mail address provided or whether the actual owner has authorized you to receive the newsletter. When subscribing to our newsletter, we will store your IP address as well as the date and time of your subscription.
You can revoke your consent to receive the newsletter at any time. This will stop the newsletter being sent to the given e-mail address and your data being processed accordingly.
The processing is carried out on our behalf by Mailchimp, which is provided by The Rocket Science Group. For this reason, the data you enter when registering for the newsletter will be transferred to a Mailchimp server. These servers are currently located in the USA. In order to be able to provide you with an adequate level of data protection, Mailchimp is certified within the framework of the EU-US Privacy Shields. Further information can be found under Privacy Policy [link: https://mailchimp.com/legal/privacy/].

Purpose of processing: mailing our newsletter, analysis of data

Legal basis: Article 6(1)(a), consent

4. Press Section:

We offer media representatives to register in our press distribution list and to receive relevant press information.

Purpose of processing: registration of media representatives and providing information, invitations to relevant events, evaluations.

Legal basis: Article 6(1)(b), performance of contract

5. Why and on what legal basis do we store personal data?

1. Purpose of processing:

We process your data for the following purposes, regardless of whether or not they can be attributed to a person:

to fulfill our contractual obligations towards you.
to ensure the smooth operation of our products and services.
for comfortable and simple use of our products and services.
to improve and optimize the functions, security and stability of our products and services.
to perform administrative duties.

2. Contract initiation and fulfillment

Principally, we only store data that we need in order to fulfill our contractual obligations towards you.

3. Consent

At some points it is possible that we offer data processing on the basis of your consent. In such cases, we will draw your attention to this fact separately and offer you to allow us to do so.

In these cases we will specify the purpose of the data processing to you and inform you about your right of withdrawal.

4. Legitimate interest

It is also possible to process data on the basis of our legitimate interest. We are obliged to disclose our interest to you and to weigh your interest against ours. This is the case in the following processes:

the use of cookies compliant with data protection regulations
analysis of user behavior
embedding a map service into our website

5. Storage limitation and deletion periods

We store personal data only to the extent necessary to fulfill the purpose. The storage limitation complies with the legal requirements and the duration of the contractual relationship.

For example, our web host currently stores log files for seven days, then the IP address is anonymized and finally deleted after six weeks.

If the data is no longer used, it will be anonymized and / or deleted in accordance with applicable statutory provisions (including deadlines).

If you ask for your data to be deleted, please note that although we block your data immediately, due to technical restrictions it may take several days until we have finally deleted the data.

Please also note that after confirmation of the deletion request, there is no longer any possibility of restoring your data.

6. How do we use cookies, analysis and tracking tools, as well as social plugins and sign-up forms?

When you visit our website, cookies are downloaded to your browser. Cookies may be used to identify your browser so that our website is displayed correctly. We also use cookies at various points on our website to analyze how our website is used.

In addition to our own systems, we use the following third-party tools for marketing purposes and to make your visit to our website more user-friendly:

1. Analysis Tools

1. Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies which enable us to analyze your use of our website.

The data generated by cookies about your use of our website is anonymized because we have activated the IP anonymization feature by Google. Here, Google sets the last octet for IPv4 type IP addresses and the last 80 bits for IPv6 type IP addresses to zeros in memory. This means that no complete IP address is stored on Google’s servers. This processing is usually carried out on servers within the European Union.

On behalf of MARKK, Google uses the data collected to evaluate your use of the website to compile reports on website activity.

You also have the option of preventing Google Analytics from recording your use of the website. Please download the browser plug-in provided by Google and install it [Link: https://tools.google.com/dlpage/gaoptout?hl=de].

Further information on Google Analytics can be found here [Link:] https://support.google.com/analytics/answer/6004245?hl=de.

In this context, Google Tag Manager is also installed.

Purpose of processing: Analysis of website usage and thus improving or optimizing our website.

Legal basis: Art. 6(1)(f), our special interest is to optimize our website presence

2. Social plugins

We use social plugins from the following providers on our website:

Instagram Inc.,

The plugin ensures that we can present you pictures from our Instagram presentation directly on our homepage.

Furthermore, we provide a direct link to our presence on

Facebook Inc.
Instagram Inc.
Twitter Inc.,

These links are identified by the logos of the respective providers. If you use this link, data (at least the IP address) will be transmitted to the respective services. This is necessary in order to be able to advertise the respective pages.

It is also possible that the providers try to place cookies on your computer.

3. Road map

In order to facilitate your visit to our museum, we employ a map display on our website by using Google Maps. This service is provided by Google Inc.

In order to use this function, it is necessary that our or your data, when viewing the map, is transferred to Google Inc. and processed there.

You can find further information under the “Google Maps Terms of Service”. [Link: https://www.google.com/intl/de_de/help/terms_maps.html]

7. To whom do we transfer personal data?

Your personal data will not be transferred to third parties for reasons other than those listed below.

We only transfer your personal data to third parties if:

you have expressly given us your consent to the underlying processing,
this is legally permissible and necessary for the execution of our contractual relationships with you,
the data transfer is based on a legal obligation, or if
the disclosure of the data is based on a special interest and there is no reason to assume that you have a predominant legitimate interest in not disclosing your data.

We transfer data to the following recipients or categories of recipients according to the aforementioned reasons:

Employees (internal and external)
IT infrastructure service providers
Software service providers
Providers of analysis tools
Social media providers
Other service providers

8. What privacy settings can you make?

Regarding our products you have a number of choices and input options. As a rule, these will be explained to you when you use them for the first time or register for them anew. It is quite possible that, as a result of changes to settings, certain services may no longer function properly or only to a limited extent.

9. How can you revoke your consent?

If you have given us your consent to certain data processing, such as receiving our newsletter, you have the right to revoke this consent at any time – even in part. Please inform us of this revocation in text form.

If the data is processed on the basis of a weighing of interests, in accordance with Art. 6(1)(f) GDPR, also you here have the right to object to the processing, in case there are reasons arising from your particular situation or in case of direct advertising.

In the case of direct advertising, you have a general right of objection, without your stating a particular situation. Please inform us of your objection in text form.

10. What are your rights?

Subject to possible legal restrictions, you have the following rights, which you may exercise:

The right to information, rectification, erasure, restriction of processing, data portability and to object.

At this point, we would like to expressly point out that we reserve the right to carry out appropriate checks on your identity as required by law and, if necessary, take further measures to unambiguously verify your identity.

1. 10.1. Right to information:

If you wish to obtain information about the personal data stored by us, we ask you to communicate this to us in text form. For security reasons and due to regulations it is possible that we pseudonymize specific data.

2. 10.2. Right to rectification:

If you notice or are of the opinion that incorrect information about you is stored, you can inform us about it in text form. We will examine the facts and rectify the data accordingly if necessary.

3. 10.3. Right to erasure:

If you wish to ask for your data to be deleted, please let us know in text form. We will delete your data in accordance with the legal regulations.

However, we would like to point out already at this point that we are obliged to store data for a longer period of time in accordance with statutory provisions, e.g. there is a retention period for accounting documents of currently 10 years (Fiscal Code) or, for reasons of warranty and limitation, of up to 3 years.

Furthermore, we would like to point out that although we block your data immediately, due to technical restrictions it may take several days until we have deleted the data completely.

Please also note that after confirmation of your deletion request, there is no longer any possibility of restoring your data.

4. 10.4. Right to restriction of processing:

You have the right to restrict the processing of data. To this end, please inform us in text form about the data categories you consider relevant and the reasons for your request. We will examine the facts immediately and inform you of the result.

5. 10.5. Right to data portability:

Please inform us in text form which data you would like to transfer to whom. We will examine your request immediately and inform you of the result.

6. 10.6. Right to lodge a complaint:

If you are dissatisfied with our work relating to data protection, you have the right to complain, for example, to the data protection supervisory authority responsible for you in your federal state. Responsible for the Museum am Rothenbaum is

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Kurt-Schumacher-Allee 4
20097 Hamburg
Germany
e-mail: mailbox@datenschutz.hamburg.de
phone +49 / 40 / 428 54 – 4040

11. How do we protect personal data?

In order to protect your personal data, the Museum am Rothenbaum has taken measures that comply with data protection laws and that employ the latest technology of the industry. These are continuously examined and updated if necessary. It is our aim to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties.

To transfer data between our website and our backend systems, communication is encrypted using the SSL (Secure Socket Layer) method.

We protect the systems and processing through a range of technical and organizational measures. These include data encryption, pseudonymization and anonymization, logical and physical access restriction and control, firewalls and recovery procedures, data integrity testing.

Our employees are regularly trained in developing a special sensitivity in handling of personal data and are obliged to observe data secrecy in accordance with legal requirements.

12. What are the options for minors to use our services?

Persons under the age of 16 may use our services only with the written consent of the holder(s) of parental responsibility (in the case of shared parental responsibility, all holders must consent).

13. What other information is important?

13.1. Amendments of this data protection policy

This data protection policy is revised at irregular intervals in order to adapt it to current developments within the institution, our products and services, legal requirements and social developments.

Last updated: September 10, 2018