Privacy Policy

Hamburger Kunsthalle, as operator of these Internet pages, takes the protection of your personal data very seriously. Therefore, we treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR) and this privacy policy.

The use of our website is usually possible without providing personal information. Insofar as personal data (such as name, address or e-mail addresses) are collected on our pages, this is always done as far as possible on a voluntary basis. This data will not be disclosed to third parties without your explicit consent.

However, we would like to point out that data transmission via the Internet (e.g., in the case of communication by e-mail) may have security gaps. A complete protection of data from access by third parties is not possible.

Booking 

When booking guided tours, we collect the following data (last name, first name, mailing address, billing address if applicable, email address, and phone number). The legal basis for this processing is Article 6(1)(b) of the GDPR (pre-contractual measures/contractual relationship).
The data you send to us will remain with us until all organizational steps related to the guided tour have been completed. As a rule, data is deleted after 6 months. Mandatory legal provisions—in particular statutory retention periods—remain unaffected (invoice-related data for at least 8 years in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO)).

 

Guides

We work with freelance culture guides to organize events. They will guide you through the event and provide you with in-depth and unique cultural insights.
We only transfer personal data to the cultural mediators when necessary for the fulfillment of the contract.
We have entered into a contract with all cultural mediators that ensures they process our participants’ personal data only in accordance with our instructions and in compliance with the GDPR.
We only provide the following data to the respective cultural mediator:
Name of the group leader, group size, age group, institution (if applicable), name of the institution, phone number, email address, address, which event was booked, and for school classes, the grade level.

Candidate Privacy

The protection of personal data of applicants is particularly important to us.
When processing personal data, the Hamburger Kunsthalle observes the relevant legal provisions on data protection. In the application data protection  you see how the Hamburger Kunsthalle deals with personal data and explains the handling of your personal data in the course of the application process.

Speculative applications received without a specific job advertisement will not be processed. They will be deleted without further notice.

Digital Event via Zoom

 

Data Protection for Events with ZOOM

Hamburger Kunsthalle APP
General

Thank you for your interest in our museum. As the publisher of this multimedia guide, Hamburger Kunsthalle takes the protection of its personal data very seriously. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, always takes place in accordance with the General Data Protection Regulation (GDPR) and the applicable regional data protection regulation, the Hamburg Data Protection Act (HmbDSG).

We have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed via this app. Nevertheless, the transfer of data via the internet may not be fully secure, so absolute protection cannot be guaranteed.

Access rights of the app

In order to provide our services via the app, we require the access rights listed below, which allow us to access certain features of your device. This general data and information is stored in the log files of the server.

1. Localisation within the museum

The app uses GPS data accessible to you and compares the information to the museum’s address to obtain the required location information.

2. Access to the internet                                                   

The device needs access to the internet to keep the app content up to date, whereby the operating system used by the accessing system is saved. Other similar data and information used to help prevent attacks on our information technology systems.

3. Capturing the network status and Wi-Fi status

The data is required to control the supply of content from the internet without causing long loading times.

In addition to the app, we also process personal data within the scope of our business relationship. Information about this data processing and your claims and rights under data protection law, which also partly applies to the data processing in our app, is available in our PRIVACY POLICY.

Third-Party Providers

This website uses services provided by third parties to offer certain features (e.g. maps, videos, payment processing, or interactive content). In doing so, it may be necessary to transmit personal data (e.g. IP address, usage data) to the respective providers, where it is processed.
Such services are used either on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR or exclusively on the basis of your prior consent pursuant to Art. 6 (1) (a) GDPR, where such consent is obtained. Hamburger Kunsthalle has no influence on the nature and scope of data processing carried out by the respective third party providers.
Further information on data processing can be found in the privacy policies of the respective services mentioned.
 

Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. When you use the service, data is transmitted to Google’s servers. Hamburger Kunsthalle has no influence on the data processing carried out by Google.
Google Maps is used to assist visitors with directions. The legal basis for the use of Google Maps is your consent pursuant to Art. 6(1)(a) GDPR.
More information on how Google handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy 
 

Padlet
This website uses Padlet, an online platform for collaborative work. The provider is Wallwisher, Inc., 981 Mission Street, San Francisco, CA 94103, USA. 
Padlet is used only if you have explicitly consented to its use in advance. When using Padlet, personal data (e.g. IP address, submitted content, usage data) may be transferred to the provider’s servers and processed there. Data processing may also take place in the United States. Hamburger Kunsthalle has no influence on the data processing carried out by Padlet.
The legal basis for the use of Padlet is your consent pursuant to Art. 6 (1) (a) GDPR.
Further information on how user data is handled can be found in Padlet’s privacy policy: https://padlet.com/about/privacy
 

YouTube
This website embeds videos from the YouTube platform. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
YouTube is used only if you have explicitly consented to its use in advance. When a video is played, personal data (e.g. IP address, device information) is transmitted to Google’s servers and processed there. Hamburger Kunsthalle has no influence on the data processing carried out by Google. The legal basis for the integration of YouTube is your consent pursuant to Art. 6 (1) (a) GDPR.
Further information on how user data is handled can be found in Google’s privacy policy: https://policies.google.com/privacy
 

Invitation with Sweap

As a data controller, Hamburger Kunsthalle uses the German company SWEAP as its data processor for digital invitation management. The processing of personal data in digital invitation management with SWEAP has an absolute DSGVO compliance. The location of the data center for the Sweap application is Frankfurt/Main.

Furthermore, Sweap maintains an up-to-date list of subcontractors in their privacy policy to allow full transparency regarding transfers and processing. This list explains what data is specifically involved. All other third-party providers are also DSGVO compliant.

Privacy and GDPR at Sweap - Sweap Help Center

Newsletter Data

If you wish to subscribe to the newsletter offered on the website, we require your e-mail address, as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected. The use of the newsletter offer is permitted - if and so far technically possible and reasonable - without specification of any personal data or under specification of anonymized data or a pseudonym. We use this data exclusively for the delivery of the requested information. The addresses are managed by our service provider and Third Party Provider “kulturkurier” (data.kulturlink.ag, Friedrichstr.3, D-95444 Bayreuth Email: info[at]kulturkurier.de) but not transmitted to third parties.
 

You may revoke your consent to the storage of data, e-mail addresses and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

Online Ticket Shop

Hamburger Kunsthalle offers the customer the opportunity to order tickets online, which are sent to him/her immediately after payment via e-mail

When concluding, processing and/or rescinding from a purchase contract, Hamburger Kunsthalle collects, stores and processes customer data within the scope of the statutory provisions.

When visiting the website of Hamburger Kunsthalle, the IP address currently used by the customer's PC, date and time, the browser type and the operating system of the customer's PC, as well as the pages viewed by the customer are recorded. However, Hamburger Kunsthalle cannot and does not intend to draw conclusions about personal data. 

The personal data that the customer provides to Hamburger Kunsthalle, e.g., when placing an order or by e-mail (e.g., customer name and contact details) will only be processed for correspondence with the customer and only for the purpose for which the customer provided the data to Hamburger Kunsthalle. To process payments, Hamburger Kunsthalle passes on the customer's payment data to the bank responsible for the payment. To prevent and track fraud at your expense involving stolen credit card information, we will keep this e-mail address for another three months after your credit card account is debited and the card is used to enter our premises. We will merge the card identification and e-mail address for this purpose only and will only use this information in case of suspected fraud for criminal prosecution. The provisions of the GDPR are complied with. 

Personal data communicated to Hamburger Kunsthalle via its website is only stored until the purpose for which they have been entrusted to Hamburger Kunsthalle is fulfilled. As far as commercial and tax retention periods are to be observed, the duration of the storage of certain data can be up to 10 years. 

For guest users, the email address is stored, but immediately anonymized (made invisible). If the customer no longer agrees to the storage of his/her personal data or if this data has become incorrect, Hamburger Kunsthalle will initiate the deletion, correction or blocking of the customer data within the scope of the legal provisions following appropriate instructions. To do so, please send an email to the following address info[at]hamburger-kunsthalle.de with the subject Deletion User Account Online Ticket Shop. We will irrevocably delete the account and the data stored with it.

Payment Processing – Donations

To process donations, we use external payment service providers. Depending on the selected payment method, your payment data is transmitted directly to the respective payment service provider. Your data is processed exclusively for the purpose of processing the donation.
The following payment methods are available:

  • PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg)
  • Credit Card (processed via the respective payment service provider)
  • Google Pay (Google Ireland Limited, Dublin, Ireland)

The processed data includes, in particular, your name, donation amount, payment information, as well as technical data such as your IP address. We do not receive any complete payment data ourselves (e.g. credit card numbers).
The legal basis for the processing is Art. 6 (1) (b) GDPR (performance of a contract / processing of the donation).
Further information on data processing can be found in the privacy policies of the respective payment service providers:

Social Media Channels
Privacy Policy for the Use of Facebook Plugins 

You will find plugins of the social network Facebook on our pages (provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). The Facebook plugins can be recognized on our site by the Facebook logo. An overview of the Facebook plugins can be found here [LINK https://developers.facebook.com/docs/plugins/]

When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives information that you have visited our website with your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate the visit of our pages with your Facebook account. We would like to point out that we as the provider of the pages are not aware of the content of the data transmitted and its use by Facebook. For more information, please see the Facebook privacy policy [link: https://www.facebook.com/policy.php]

If you do not wish Facebook to be able to associate your visit to our website to your Facebook account, please log out of your Facebook user account first.

Privacy Policy for the Use of Instagram

Functions of the Instagram service are integrated on our pages. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that we as the provider of the pages are not aware of the content of the data transmitted and its use by Instagram.

For more information, please see the Instagram privacy policy. [link: https://help.instagram.com/155833707900388]

SSL Encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by noticing that the address line of the browser changes from "http://" to "https://" and the lock symbol in your browser line.

If SSL encryption is enabled, the data you submit to us cannot be read by third parties.

Web Forms

Accordion content.

WI FI

Accordion content.

 

Data privacy officer
Thomas Cedzich

Thomas Cedzich
c/o Vater Solution GmbH
Boschstraße 5
24118 Kiel 
 

E-mail: datenschutz@hamburger-kunsthalle.de
datenschutz@hamburger-kunsthalle.de
Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Zuständige Datenschutzbehörde

Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Telefax (040) 428 54 - 4000

Phone: +4940428544040
E-mail: mailbox@datenschutz.hamburg.de
mailbox@datenschutz.hamburg.de
+4940428544040

Candidate Privacy

Größe: 127.68 KB Format: pdf
Download

Data protection sheet for ZOOM (digital events)

Größe: 216.38 KB Format: pdf
Download