Hamburger Kunsthalle, as operator of these Internet pages, takes the protection of your personal data very seriously. Therefore, we treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR) and this privacy policy.

The use of our website is usually possible without providing personal information. Insofar as personal data (such as name, address or e-mail addresses) are collected on our pages, this is always done as far as possible on a voluntary basis. This data will not be disclosed to third parties without your explicit consent.

However, we would like to point out that data transmission via the Internet (e.g., in the case of communication by e-mail) may have security gaps. A complete protection of data from access by third parties is not possible.


Information, Deletion, Blocking

You have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing as well as a right to correction, blocking or deletion of this data at any time. For further information on the subject personal data you may contact us at any time at the address given in the imprint.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These kinds of information are:

  • Browser type / browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request

This data cannot be allocated to specific persons. This data will not be merged with other data sources. We reserve the right to check this data retrospectively, if we become aware of specific indications of illegal use.


The Internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our service more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called session cookies. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit our website.

You may set your browser individually so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies in certain cases, or generally and enable the automatic deletion of cookies when closing the browser. However, we would like to point out that disabling cookies may limit the functionality of this website. 


Candidate Privacy

The protection of personal data of applicants and all third parties associated with us is particularly important to us.
When processing personal data, the Hamburger Kunsthalle observes the relevant legal provisions on data protection. In the application data protection  you see how the Hamburger Kunsthalle deals with personal data and explains the handling of your personal data in the course of the application process.

Web Forms

If you contact us by web form (contact form and library information form), your information from the inquiry form including the contact details you provided there will be stored for processing the request and in case of follow-up questions and, if necessary, stored anonymously for evaluation. We will not share this information without your consent. When included in the press distribution list and registering in the press portal, we will only record your data for the purpose you have agreed to.


The use of our website is usually possible without providing personal information. Insofar as personal data (such as name, address or e-mail addresses) are collected on our pages, this is always done as far as possible on a voluntary basis. This data will not be disclosed to third parties without your explicit consent.

If you contact us by web form (contact form and library information sheet, inclusion in the press distribution list, registration in the press portal), your information from the request form including the contact details you provided there will be stored by us for processing the request and in case of follow-up questions and, where applicable, anonymized for evaluation purposes. We will not share this information without your consent.

Collection of contact data 

Due to the Ordinance for Containing the Spread of the Coronavirus SARS-CoV-2 in the Free and Hanseatic City of Hamburg (Hamburg SARS-CoV-2 Containment Ordinance § 7; valid since July 1, 2020), the contact details of all persons present at events, guided tours and courses etc. must be documented, kept for four weeks and presented to the responsible authority on request. After the retention period has expired, the data will be deleted. Unauthorised third parties will not be informed of the data.


SSL Encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by noticing that the address line of the browser changes from "http://" to "https://" and the lock symbol in your browser line.

If SSL encryption is enabled, the data you submit to us cannot be read by third parties.

Online Ticket Shop

Hamburger Kunsthalle offers the customer the opportunity to order tickets online, which are sent to him/her immediately after payment via e-mail

When concluding, processing and/or rescinding from a purchase contract, Hamburger Kunsthalle collects, stores and processes customer data within the scope of the statutory provisions.

When visiting the website of Hamburger Kunsthalle, the IP address currently used by the customer's PC, date and time, the browser type and the operating system of the customer's PC, as well as the pages viewed by the customer are recorded. However, Hamburger Kunsthalle cannot and does not intend to draw conclusions about personal data. 

The personal data that the customer provides to Hamburger Kunsthalle, e.g., when placing an order or by e-mail (e.g., customer name and contact details) will only be processed for correspondence with the customer and only for the purpose for which the customer provided the data to Hamburger Kunsthalle. To process payments, Hamburger Kunsthalle passes on the customer's payment data to the bank responsible for the payment. To prevent and track fraud at your expense involving stolen credit card information, we will keep this e-mail address for another three months after your credit card account is debited and the card is used to enter our premises. We will merge the card identification and e-mail address for this purpose only and will only use this information in case of suspected fraud for criminal prosecution. The provisions of the GDPR are complied with. 

Personal data communicated to Hamburger Kunsthalle via its website is only stored until the purpose for which they have been entrusted to Hamburger Kunsthalle is fulfilled. As far as commercial and tax retention periods are to be observed, the duration of the storage of certain data can be up to 10 years. 

For guest users, the email address is stored, but immediately anonymized (made invisible). If the customer no longer agrees to the storage of his/her personal data or if this data has become incorrect, Hamburger Kunsthalle will initiate the deletion, correction or blocking of the customer data within the scope of the legal provisions following appropriate instructions. To do so, please send an email to the following address info[at] with the subject Deletion User Account Online Ticket Shop. We will irrevocably delete the account and the data stored with it.

Integration of Third Party Services and Contents

It may be that content from third parties, such as videos from YouTube, maps from Google Maps, or RSS feeds or graphics from other websites are integrated within our websites. This always presupposes that the providers of this content (hereinafter referred to as Third Party Providers) are aware of the IP address of the users. Without the IP address, they could not send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We make every effort to use only content whose respective providers use the IP address solely for the delivery of content. However, we have no influence on this if the Third Party Providers store the IP address, e.g., for statistical purposes. As far as we are aware of this, we will inform users accordingly.

We have created this privacy policy with the help of eRecht24 [link to].

Newsletter Data

If you wish to subscribe to the newsletter offered on the website, we require your e-mail address, as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected. The use of the newsletter offer is permitted - if and so far technically possible and reasonable - without specification of any personal data or under specification of anonymized data or a pseudonym. We use this data exclusively for the delivery of the requested information. The addresses are managed by our service provider and Third Party Provider “kulturkurier” (, Friedrichstr.3, D-95444 Bayreuth Email: info[at] but not transmitted to third parties.

You may revoke your consent to the storage of data, e-mail addresses and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

Invitation management with SWEAP

As a data controller, Hamburger Kunsthalle uses the German company SWEAP as its data processor for digital invitation management. The processing of personal data in digital invitation management with SWEAP has an absolute DSGVO compliance. The location of the data center for the Sweap application is Frankfurt/Main.

Furthermore, Sweap maintains an up-to-date list of subcontractors in their privacy policy to allow full transparency regarding transfers and processing. This list explains what data is specifically involved. All other third-party providers are also DSGVO compliant.

Privacy and GDPR at Sweap - Sweap Help Center



We offer all visitors use of our Wi-Fi as a free service. Get more out of your museum visit with our digital services by connecting your mobile device to our “Kunsthalle Wi-Fi” service.  You will not be required to enter a password.

Availability of the services

As our services are provided free of charge, you will not be able to make any claims in connection with your use of the hotspot. However, we aim to minimise disruptions to the use of the hotspot whenever possible.


     Prohibited activities

As a user, you are not permitted to use the hotspot for any purpose which infringes applicable law, third-party rights or the principles of child protection law.

The following activities in particular are prohibited:

  1. posting, distributing, offering and promoting pornographic content, services and/or products that violate child protection laws, data protection laws and/or other laws and/or fraudulent content, services and/or products;
  2. the publication or disclosure of content that offends or defames other participants or third parties;
  3. the use, provision or distribution of content, services and/or products that are protected by law or encumbered with third-party rights (e.g. copyright) without express authorisation to do so;
  4. the public disclosure of copyrighted works or other actions contrary to copyright law, in particular when using internet file sharing services.

Furthermore, the following activities are also prohibited, irrespective of any possible violation of the law, when uploading one’s own content to the service provider’s website or when communicating with other users (e.g. when sending personal messages, participating in discussion forums, etc.):


  • the transfer of above-average data volumes and, in particular, the continued transfer of such data volumes
  • the media access control address hosting a web server or other server by using a hotspot of the service provider
  • changing the default DNS servers in the network settings of the service provider's hotspot
  • sending junk e-mails, spam e-mails or chain letters
  • distributing viruses, Trojans or other harmful files
  • distributing offensive, indecent, sexually explicit, obscene or defamatory content or communications as well as any content or communications intended to promote or support racism, fanaticism, hatred, physical violence or unlawful acts (in each case explicitly or implicitly)
  • asking other users or third parties to reveal passwords or personal data for commercial, unlawful or illegal purposes.
  • Any action that is likely to affect the smooth operation of our hotspot, in particular actions which put a disproportionate burden on our systems, is also prohibited.

(1)As a user, you are personally responsible for all of your activities in connection with the use of the internet via our hotspot.

    (2)You hereby agree to indemnify us against all claims that may be asserted against us by a third party as a result of a breach by the user of the law, third party rights (in particular personality rights, copyrights and trademark rights) or contractual obligations, representations or warranties, including costs associated with any necessary legal defence (lawyer and court costs at the legal rate) at first request.

    (3)In the event of any assertion of claims, you will be required to cooperate promptly and fully for the purpose of clarifying the facts and provide us with the necessary information in a suitable manner.

Data protection

We collect data about all access to the server on which this service is located (server log files) on the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR. The access data includes the name of the retrieved app, file, date and time of retrieval, amount of data transferred, the notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. In this context, the MAC (media access control) addresses of terminals may also be temporarily stored.

Log file information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and is then erased. Data which needs to be retained for longer periods for evidential purposes will not be erased until final clarification of the incident.

Final provisions
  1. The law of the Federal Republic of Germany applies.
  2. If individual provisions of these Terms of Use are or become ineffective, this will not affect the validity of the remaining provisions.

Data Protection Hamburger Kunsthalle App


Thank you for your interest in our museum. As the publisher of this multimedia guide, Hamburger Kunsthalle takes the protection of its personal data very seriously. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, always takes place in accordance with the General Data Protection Regulation (GDPR) and the applicable regional data protection regulation, the Hamburg Data Protection Act (HmbDSG).

We have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed via this app. Nevertheless, the transfer of data via the internet may not be fully secure, so absolute protection cannot be guaranteed.

Access rights of the app

In order to provide our services via the app, we require the access rights listed below, which allow us to access certain features of your device. This general data and information is stored in the log files of the server.

1. Localisation within the museum

The app uses GPS data accessible to you and compares the information to the museum’s address to obtain the required location information.

2. Access to the internet                                                   

The device needs access to the internet to keep the app content up to date, whereby the operating system used by the accessing system is saved. Other similar data and information used to help prevent attacks on our information technology systems.

3. Capturing the network status and Wi-Fi status

The data is required to control the supply of content from the internet without causing long loading times.

In addition to the app, we also process personal data within the scope of our business relationship. Information about this data processing and your claims and rights under data protection law, which also partly applies to the data processing in our app, is available in our PRIVACY POLICY.[Link]


Privacy Policy Social Media Channels

Privacy Policy for the Use of Facebook Plugins (Facebook Button)

You will find plugins of the social network Facebook on our pages (provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). The Facebook plugins can be recognized on our site by the Facebook logo. An overview of the Facebook plugins can be found here [LINK]

When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives information that you have visited our website with your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate the visit of our pages with your Facebook account. We would like to point out that we as the provider of the pages are not aware of the content of the data transmitted and its use by Facebook. For more information, please see the Facebook privacy policy [link:]

If you do not wish Facebook to be able to associate your visit to our website to your Facebook account, please log out of your Facebook user account first.

Privacy Policy for the Use of Instagram

Functions of the Instagram service are integrated on our pages. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that we as the provider of the pages are not aware of the content of the data transmitted and its use by Instagram.

For more information, please see the Instagram privacy policy. [link:]

Privacy Policy for the Use of Twitter

Functions of the Twitter service are integrated on our Internet pages. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "re-tweet" function, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We would like to point out that we as the provider of the pages are not aware of the content of the transmitted data and its use by Twitter. For more information, please see the Twitter privacy policy. [link:]

Your privacy settings on Twitter can be changed in the account settings [link:].

Data Protection Officer

If you have further questions regarding the collection, processing or use of personal customer data and regarding information, correction, blocking or deletion of data, please contact the data protection officer of Hamburger Kunsthalle Martina Gschwilm directly. Contact: martina.gschwilm[at]

In General: Changes to our privacy policy
We reserve the right to amend this data protection declaration from time to time so that it always complies with current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your new visit will then be subject to the new Privacy Policy