Data Privacy

1. Introduction
2.
Controller
3. Your rights as a data subject
4.
Processing procedures
5.
Integration of third party providers
6.
Social media networks
7.
The use of tracking tools
8.
Data transfer
9.
The protection of your data
10.
Possible consequences of missing data
11.
Amendment of this data protection notice

 

1. Introduction

Data protection is a matter of trust and with this notice we would like to transparently present to you how we process personal data when you visit our website.

We hereby also comply with our obligations under the General Data Protection Regulation (GDPR).

If you have any queries, we would be pleased, if you contact us.

2. Controller

Controller in the sense of data protection law for the processing(s) and processes described in this notice is:

Museum für Kunst und Gewerbe Hamburg
Steintorplatz
20099 Hamburg
service(at)mkg-hamburg.de

You can reach our data protection officer at:

Data Protection Officer
Museum für Kunst und Gewerbe Hamburg
c/o Goalgetter GmbH
Willhoop 3
22453 Hamburg
Germany
datenschutz(at)mkg-hamburg.de

 

3. Your rights as a data subject

As a data subject you have, subject to possible legal restrictions, the following rights:

The right of/to access, rectification, erasure, restriction of processing, data portability and objection.

At this point, we expressly point out that, as required by law, we reserve the right to make a corresponding identification and, if necessary, also take further measures to clearly verify the identity.

3.1 Right of information

If you wish to receive information about the personal data we process, please inform us in writing. For security reasons and due to regulations, it is possible that we pseudonymise certain data, such as credit card information.

3.2 Right to rectification

If you discover or believe that incorrect information has been processed from you, you can inform us of this in text form. We will check the facts and, if necessary, correct the data accordingly.

3.3 Right to erasure

If you wish your data to be deleted, please inform us respectively in text form. We will check your request in accordance with the legal requirements and delete it accordingly.

However, we would like to point out that we are obliged to store data for a longer period of time due to legal regulations, e.g. a retention period for accounting documents of currently 10 years (Abgabenordnung/Fiscal Code) or for warranty and limitation reasons of at least 3 years.

Furthermore, we would like to mention that although we block your data immediately, it may take a few days until we have finally deleted the data due to technical restrictions.

Furthermore, please note that once the deletion request has been confirmed, there is no longer any possibility of restoring your data.

3.4 Right to restriction of processing

You have the right to restrict the processing of your data. To do so, please inform us in text form of the categories of data you consider to be affected and the reasons for your request. We will examine the matter immediately and inform you of the result.

3.5 Right to data portability

Please tell us in text form which data you would like to transfer and to whom. We will check your request immediately and inform you about the result.

3.6 Right of objection and revocation

If you have given us your consent to certain data processing, e.g. the reception of a newsletter, you have the right to withdraw this consent - also in part - at any time. Please inform us of this withdrawal in text form.

Should the processing of data be based on necessity for the purposes of the legitimate interests pursuant to Art. 6 (1) lit. f DSGVO, you also have the right to object to the processing, as far as there are reasons that arise from your specific situation for doing so or it is a matter of direct marketing.

In the matter of direct marketing, you have a general right of objection without the need to provide information on the specific situation. Please inform us of your objection in text form.

3.7 Right of appeal

If you are dissatisfied with our work in connection with data protection, you have the right to complain to the data protection supervisory authority responsible for you in your federal state (Bundesland).

4. PROCESSING

We process various data when you visit our websites or use our offers and services. This data may be directly or indirectly - due to the influence by other data sources - personal.

We process data in the following cases, among others:

4.1 Visiting our websites

When you visit our websites, we store your IP address. In addition, further data (analysis data, log data, usage data) is transmitted by the browser and stored by our web server. This includes, among others, details of the end device, time of access, the origin of the request, browser and version, about the use of our site and, if applicable, whether you have already visited us.

Purpose:

- Technically error-free presentation and optimisation of the website

- Information security

- Evaluations

Legal basis:

Art. 6 para. 1 lit. f GDPR (legitimate interest in our internet presence and IT security)

Storage period:

According to the legal requirements

Third country transfer:

None

DATA NOT DIRECTLY COLLECTED:

Categories of personal data:

IP address

Source:

Network provider


4.2 Contact and correspondence

On our website, we provide you with the e-mail addresses and telephone numbers of the direct contact persons of various departments for direct contact. Alternatively, you can also contact us by post. If you contact us, the personal data you provide will be stored and used for further correspondence.

Purpose:

- Communication
- Public Relation
- Turnover generation
'- Documentation
- Evaluations

Legal basis:

- Art. 6 para. 1 lit. b DSGVO (contract initiation/fulfilment)

- Art. 6 para. 1 lit. f DSGVO (legitimate interest in communication)

Storage period:

According to the legal requirements

Third country transfer:

None


4.3 Newsletter

We offer you the opportunity to register on our website to receive our newsletter and thus subscribe to our newsletter. In order to be able to receive our newsletter, we check whether you are actually the owner of the e-mail address provided or whether the owner has authorised the receipt of the newsletter. When you register for our newsletter, we will save your first and last name, IP address and the date and time of your registration. You can withdraw your consent to receive the newsletter at any time (see No. 11). By doing so, we will immediately stop sending the newsletter to the specified e-mail address and thus the corresponding processing of your data.

Purpose:

- Communication
- Public Relation
- Turnover generation
- Provision of information
- Evaluations

Legal basis:

Art. 6 para. 1 lit. a GDPR (consent)

Storage period:

According to the legal requirements or until the revocation of consent

Third country transfer:

None


4.4 Use of apps and digital offerings

When using our digital offers and services, in particular via apps for mobile devices, we collect data at various points, which may also contain a personal reference. The collection depends on the product used and the associated task, such as conveying information about an exhibit.

Purpose:

- Communication
- Public Relation
- Turnover generation
- Provision of information
- Evaluations

Legal basis:

Art. 6 para. 1 lit. b GDPR (contract initiation / contract performance)

Storage period:

According to the legal requirements

Third country transfer:

None


4.5 "My Collection" at MK&G Collection Online

When you create an account on our website MKG Sammlung Online under "My Collection", we store your user name, e-mail address and information on the time of registration and last access. Your e-mail address will only be used to generate an account and to contact you in case of support.

Purpose:

- Provision of information / services
- Evaluations

Legal basis:

Art. 6 para. 1 lit. b GDPR (contract initiation / contract performance)

Storage period:

According to the legal requirements

Third country transfer:

None


4.6 Press area

We offer press representatives the opportunity to register for our press distribution list in order to be provided with relevant information.

Purpose:

- Marketing
- Public Relation
- Evaluations

Legal basis:

Art. 6 para. 1 lit. b GDPR (contract initiation/contract performance)

Storage period:

According to the legal requirements

Third country transfer:

None


5.
Third party integration

If you use third-party services, personal data will be transmitted to them. We are not the Controller for the further processing of the data.

5.1 Cookiebot

For the compliant use of cookies and third-party tools, we use the application of the company Cookiebot.

Provider:

Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark

Purpose:

- Operational procedure
- Compliance with legal requirements
- Controlling the use of cookies and tracking tools
- Evaluations

Storage period:

Up to one year

Third country transfer:

None


5.2 Google Maps

We use content from Google Maps on our Internet pages to display maps and to create route maps.

Provider:

Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose:

- Operational procedure
- Marketing
'- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA, possibly by Google

Privacy notice

https://policies.google.com/?hl=de&gl=de


5.3 Vimeo

We have integrated Vimeo into our online offer for the presentation of video material.

Provider:

Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA

Purpose:

- Operational procedure
- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA

Guarantees:

Standard contract clauses


5.4 SoundCloud

We use the Soundcloud service on our website.

Provider:

SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany

Purpose:

- Operational procedure
- Marketing
- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA, possibly by SoundCloud

Privacy notice:

Privacy Policy on SoundCloud


5.5 YouTube

We use the YouTube video platform on our website to present content to you.

Provider:

Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose:

- Operational procedure
- Marketing
- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA, possibly by Google

Privacy notice:

https://policies.google.com/?hl=de&gl=de


5.6 Zoom

We use the Zoom video conferencing system to conduct virtual tours and events.

Provider:

Zoom Video Communications, Inc. , 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA

Purpose:

- Operational procedure
- Marketing
- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA, possibly by Zoom

Privacy notice:

ZOOMS PRIVACY STATEMENT - Zoom


6.
Social media networks

We offer you a direct link to our appearances at the providers listed below. The plug-ins are marked with the logos of the corresponding provider. If you use one of the plug-ins, personal data (at least the IP address) will be transmitted to and possibly used by the corresponding services. There is also the possibility that the providers may try to save cookies on your computer. If you are logged in to the network, there is the possibility of further data being collected and possibly linked to your profile. We are not the Controller for this processing and cannot influence them. If you have any questions about this processing, please contact the providers of the relevant network directly.


6.1 Facebook and Instagram

Provider:

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland

Purpose:

- Marketing
- Public Relation
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA, possibly by Facebook

Privacy notice:

https://de-de.facebook.com/policy.php


6.2 linktree

Provider:

Linktree Pty Ltd, Collingwood, Australia

Purpose:

- Marketing
- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

Australia

Privacy notice:

https://linktr.ee/s/trust-centre


6.3 Twitter

Provider:

Twitter Inc, 1355 Market Street, Suite 900, San
Francisco, CA 94103, USA

Purpose:

- Marketing
- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA

Privacy notice:

https://twitter.com/de/privacy


6.4 YouTube

Tool:

YouTube

Provider:

Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose:

- Marketing
- Public Relation
- Customer service
- Evaluations

Storage period:

According to the legal requirements

Third country transfer:

USA, possibly by Google

Privacy notice:

https://policies.google.com/?hl=de&gl=de


7.
The use of tracking tools

In order to make our website available to you in the best possible way, we also use cookies. These are small pieces of text information that are loaded in your browser or stored on your device. Cookies can perform various tasks, including adapting the website to your screen, browser and language settings.

In addition, the term "cookie" is used as a synonym for tracking tools. Tracking tools help us to adapt our website even better to your needs.

7.1 Purpose and legal basis of the processing

In order to be able to use cookies, third-party providers and content in a data protection compliant manner, we use a so-called cookie tool to query your preferences.

This tool divides the providers used into three categories (Necessary, Statistics and Third Party Providers / Content). This classification is also the basis for the purposes and legal bases.

7.2 Definition of the categories

Necessary: Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Statistics: These cookies help website owners understand how visitors interact with the website by collecting and reporting information anonymously.

Third-party providers and content: These cookies are required by providers of third-party content, such as video portals, podcast or social media platforms, for the playout of your services on the one hand, and by third-party providers for the provision of services, e.g. Google Maps, on the other.

In addition, these cookies are used to follow visitors to the website. The intention is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and advertising third parties.

7.3 Purpose

We use cookies for the following purposes:

Necessary

- Session control
-
Analysis of website usage on the basis of session impressions
-
Control of the cookie settings

Statistics

- Improving user-friendliness
-
Analysis of the usage behaviour
-
Analysis of the technical parameters
-
Adaptation of the offer to the usage behaviour of the user

Third-party providers and content

- Optimisation of processes
-
Personalisation
-
Connection to selected social media channels

7.4 Legal basis

Necessary

We process the data on the basis of Art. 6 para. 1 lit. f GDPR, the legitimate interest. Our interest is to provide you with a technically functioning website that is adapted to your terminal device and written in an understandable language.

You have the right to object to this processing at any time on reasons relating to your specific situation. For more information, please see Data subjects' rights.

Statistics, third-party providers and content

We process this data on the basis of your consent pursuant to Art. 6 (1) lit. a DSGVO, which you can give us via our cookie tool.

This consent is voluntary and can be withdrawn by you at any time with effect for the future. You declare the withdrawal of your consent by calling up the cookie tool again (see below) and changing the settings according to your wishes.

For more information on your right of withdrawal, see Data subject rights.

7.5 Cookie tool

We have integrated the tool of Cybot A/S, Copenhagen, Denmark, on our websites to control the use of cookies. At regular intervals (currently once a month), our website is automatically scanned by Cybot and the results are processed accordingly.

How it works

After accessing our website for the first time, you can use the cookie tool to set your preferences regarding the use of cookies. This is done, with the exception of the "Necessary" category, by ticking the relevant boxes and thus giving us your consent.

The category "Necessary" is always activated, as we need these cookies for the proper functioning of our website.

We store your consent status for 12 months in the cookie "CookieConsent" in order to know your preferences for future visits to our website and to be able to take them into account accordingly. This information is also stored or checked on Cybot's servers for matching purposes.

Cybot also logs the following information:

- The IP number of the end user in anonymised form (the last three digits are set to "0").
-
Date and time of consent.
-
User agent of the end user's browser.
-
The URL from which the consent was sent.
-
An anonymous, random and encrypted key.
-
The consent status of the end user, which serves as proof of consent.

Please note that if you access our website via another browser or if you change the setting in the browser or delete the cookies, we will also lose the information about your cookie settings. This means that you will be shown our cookie tool again the next time you visit the website.

If you would like to receive further information on the individual cookies, you can obtain this directly in the tool. In addition, you can also find them further down in this chapter.

You can call up the cookie tool again at any time and change the settings.

7.6 Cookie overview and settings

8. Data sharing

Personal data will not be transferred to third parties for reasons other than those listed below.

The transfer only takes place if:

- you have expressly given us your consent for the underlying processing,

- this is legally permissible and necessary for the performance of our contractual relationships with you,

- the disclosure of the data is based on a legal obligation, or if

- the disclosure of the data is based on a legitimate interest and there is no reason to assume that you have a predominant interest worthy of protection in the non-disclosure of your data.


8.1 Shared responsibility

As part of our service, we cooperate with partners in selected areas in the form of shared responsibility (Art. 26 GDPR) in accordance with the GDPR. These companies take over part of the processing and receive the required data from us in return. This may also involve personal data. In terms of the GDPR, both companies are then Controller for this processing or the legally flawless handling of your data.

This applies for the following partners:

- Facebook

- Instagram


8.2 Possible recipients

We pass on data to the following recipients or categories of recipients to the extent permitted by law:

- Employees (internal and external)

- Analysis tool provider

- IT infrastructure service provider

- Software service provider

- Other service providers

- Social media provider

- Cooperation partner

- Museums

- Sponsoring societies

- Authorities


8.3 International data sharing

We use a global network of service providers and partners to deliver our services.

These partners are based in different countries, some of which are outside the European Union and the EEA. These countries do not always provide the same level of data protection as in the European Union. We have therefore taken a number of measures in accordance with the requirements of the GDPR to ensure the highest possible level of protection for your personal data. These are:

- Cooperations with companies in a country recognised by an adequacy decision of the European Commission

- Cooperation with companies on the basis of the EU standard contractual clauses

- Cooperation with companies on the basis of agreed guarantees

- In addition, in special cases there is the possibility of passing on the data on the basis of your express consent.

We have our partners guarantee the implementation of the measures within the scope of the legal requirements.


9. The protection of your data

To protect your personal data, we have taken measures that comply with data protection law and the state of technology in our business. These are continuously reviewed and adapted, if necessary. The aim is to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties.

For the transmission of data between our websites and our backend systems, communication is encrypted using the SSL (Secure Socket Layer) procedure.

We protect systems and processing operations through a range of technical and organisational measures. These include data encryption, pseudo- and anonymisation, logical and physical access restriction and control, firewalls and recovery systems and integrity testing.

Our employees are regularly trained on the corresponding sensitive handling of personal data and are obliged to observe data confidentiality in accordance with the legal requirements.


10. Possible consequences of missing data

There is a possibility that we may collect data from you due to legal requirements or in order to fulfil a contract. If you do not provide us with this data to the appropriate extent, this may lead to us not being able to meet our obligations to the full extent.


11. Amendment of this privacy notice

This privacy notice is revised at irregular intervals in order to adapt it to current developments in the company, our products and services, legal requirements and social developments.


Version:
2.0

Status: 23.04.2021