1. Cookies and other technologies
Our websites use so-called cookies and other technologies. They help to make our services more user-friendly, effective and secure. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on whatever device you are using until you delete them yourself. These cookies make it possible for us to recognise your browser upon your next visit to our website.
You can usually adjust your browser settings to inform you when cookies are stored, to only allow cookies in individual cases, to prohibit the acceptance of cookies in certain cases or overall, and to activate the automatic deletion of cookies when closing your browser. When you deactivate cookies, it might limit the functionality of these websites.
The legal basis for the processing of personal data in this context derives from Art. 6(1)(f) GDPR insofar as the cookies are used to provide the services you have requested. Our legitimate interest here is to provide you with the best possible user experience. To the extent that cookies are not required, they are used with your consent in accordance with Art. 6(1)(a) GDPR, which you can revoke at any time with effect from that moment on.
2. User access analysis (Google Analytics)
This website makes use of the functions offered by the web analysis service Google Analytics. The provider is Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).
We use Google Analytics to analyse the visits made to our website. For this purpose, Google Analytics uses cookies that have the names „_ga“ and „_ga_<container-id>“, whose storage period is 2 years. The information created by cookies in connection with your use of this website will usually be transmitted to a server belonging to Google in the US, where it will be stored. In this process, we use the function anonymizeIP, which anonymises your IP address by abbreviating it, which means that the IP address is not saved by Google in its complete form. For the purposes of data transmission to the US, we have concluded so-called standard data protection agreements with Google LLC. You may request a copy at [email protected]. More information on how Google Analytics handles user data can be found in Google’s own data protection statement: https://support.google.com/analytics/answer/6004245?hl=en&sjid=13276331846777168576-EU
The legal basis for this processing is your consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent to the use of web analysis at any time with effect from that moment on by clicking here (opt-out link). In this case, a so-called opt-out cookie will be stored in your browser to ensure that Google Analytics no longer collects any data from you. However, if you delete your cookies, the opt-out cookie will also be deleted and you will be asked again for your consent the next time you visit our websites.
In addition to revoking your consent, you can also generally prevent the collection of your data by Google Analytics by clicking on the following link https://tools.google.com/dlpage/gaoptout?hl=en. An opt-out cookie will be stored in your browser which will prevent the collection of your data upon future visits to this website.
3. Social networks
We have profiles on social networks. Our social media accounts complement our website and give you the opportunity to interact with us. As soon as you access our social media profiles on social networks, the terms and conditions and data processing policies of the respective operators apply.
Strictly speaking, we have no influence on the data processing carried out on social networks. When you use the services of these networks, the data collected about you is processed by the networks themselves and may be transmitted to countries outside the European Union. Information on which data are processed by social networks and for what purposes is found below in the privacy policies and data protection statements of the respective networks. We use the following social networks:
Facebook
Meta Platforms Ireland Limited ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Irland
Privacy policy: www.facebook.com/about/privacy/
Opt-out options: www.facebook.com/settings?tab=ads and www.youronlinechoices.com
About insights: www.facebook.com/legal/terms/information_about_page_insights_data
Instagram
Meta Platforms Ireland Limited ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Irland
Privacy policy / Opt-Out-Options: www.privacycenter.instagram.com/policy/
Tiktok
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland.
Privacy policy: www.tiktok.com/legal/page/eea/privacy-policy/en
Opt-out options: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/personalization-and-data
X (Former Twitter)
Twitter International Company, c/o: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
Privacy policy: www.x.com/de/privacy
Opt-out options: www.twitter.com/personalization
YouTube
YouTube LLC as a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Opt-out options: https://adssettings.google.com/authenticated
Threads
Meta Platforms Ireland Limited ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Irland
Privacy policy / Opt-Out-Options: https://help.instagram.com/515230437301944
When you send us enquiries via social media profiles, we process your personal data in our function as data controller. We process this data as a way of responding to your enquiries, which is also our legitimate interest in accordance with Art. 6 (1)(f) GDPR.
As joint controllers alongside the following networks, we are also jointly responsible for the following processing in accordance with Art. 26 GDPR.
When visiting our profiles on Facebook, Instagram and TikTok, each of these networks collects aggregated statistics (“Insights data”) that are created from certain events logged by their servers when you interact with our profiles and related content. We receive these aggregated and anonymous statistics from the networks with regard to the use of each profile. In general, we are not able to attribute data to specific users. We are able only to a certain extent to determine the criteria according to which each network creates these statistics for us. We use these statistics to make our profiles more interesting and informative for you. This also establishes our justified interest in accordance with Art. 6(1)(f) GDPR in the data collection carried out by the respective social network in order to provide us with statistics. Further information on this data processing can be found in each of the site’s Joint Controller Agreements:
Facebook / Instagram / Threads: www.facebook.com/legal/terms/page_controller_addendum?_rdr
TikTok: www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en
4. Open Street Map
We use the OpenStreetMap (OSM) map service. We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. Among other things, your IP address and other information about your behaviour on this website may be forwarded to the OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
5. Typeform
For the purpose of processing various queries and forms, we use a service called Typeform by TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform). This service makes it possible for us to provide you with a simple contact option and also to simplify queries.
For this purpose, we regularly pass the following personal information to Typeform:
• your e-mail address
• your first name
• your last name
In addition, depending on the requirements associated with the query, it is possible that further personal data (for example, information pertaining to a person’s profession in the case of press accreditation forms) may be transmitted to Typeform. Mandatory information is marked with an “*”.
Typeform is the recipient of your personal data and carries out the processing of the data on our behalf. The processing of the data specified in this section is neither legally nor contractually prescribed. Without your consent and the transmission of your personal data, we will not be able to make a contact form available to you. However, you also have the option of contacting us using the e-mail address given above. Your data will be stored exclusively for the purpose of sending and responding to enquiries. In this case, the mandatory information is necessary to be able to properly allocate and respond to your enquiry. In addition, Typeform uses cookies to collect the following personal data: information about your device, including IP address, device details, operating system, browser settings, etc.
In addition, user data such as the time and date you used the contact form will also be collected. Typeform requires this data to ensure that the contact form is displayed correctly and to guarantee that it functions properly. This is in keeping with the legitimate interest of Typeform in accordance with Art. 6 (1) (f) GDPR and serves the purpose of carrying out the contract in accordance with Art. 6 (1) (b) GDPR. For more information, please visit: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data
For more information on your options for redress and the removal of your information in relation to Typeform, please visit: https://admin.typeform.com/to/dwk6gt
The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your personal data at any time by using the contact options provided. Your data will be processed for as long as you have given consent. When you withdraw your consent, it shall not affect the legality of the processing that has taken place thus far.
Your data will be deleted no later than 12 months after processing has been completed.
6. Cloudflare
On our website we use a so-called Content Delivery Network (“CDN”) of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA (“Cloudflare”). The use of Cloudflare’s Content Delivery Network helps us to optimise the performance of our website.
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient operation and improvement of the stability and functionality of our website.
We have concluded a data processing addendum with Cloudflare (available at www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf), which obliges Cloudflare to protect the data of our website visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Cloudflare relies on so-called standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information can be found in Cloudflare’s privacy policy at: www.cloudflare.com/privacypolicy/
7. External platform go-mus (web shop)
The sub-page for our web shop (https://shop.langenachtdermuseen.berlin) is provided via the go-mus shop platform by the external service provider Giant Monkey.
7.1 Provision of the shop and web hosting
Description: The website is hosted with a website hosting provider that utilises cloud-based servers within the EU to provide a stable and secure hosting platform. Our website is distributed via a content delivery network with servers around the world to ensure fast and secure delivery of our website to our website visitors.
Types of data processed:
• Usage data: e.g. web pages visited, access times, all entries within our online offering or from websites
• Communication data: e.g. browser type, operating system or IP addresses
Data protection subjects: Users (website visitors). Purpose of processing: Fast provision of a stable and secure online service Legal basis: Technically necessary (§ 25 para. 2 no. 2 TTDSG) and legitimate interest (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Recipients or categories of recipients: Website hosting provider, SSL certificate provider, content delivery network provider
The data is stored for 90 to 180 days.
7.2 Order process
Description: The online shop enables the purchase of tickets for the Long Night of Museums in Berlin. Personal data is collected for the purpose of the purchase and the obligations arising from the resulting purchase contract.
Types of data processed:
• Usage data (mandatory fields are marked with an asterisk *): First name*, last name*, company, street and house number*, address suffix, postcode*, city*, federal state/canton, telephone, e-mail*, VAT ID no., country*
Data protection subjects: Users (shop customers)
Purpose of processing: Fulfilment of the purchase contract
Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR)
Recipients or categories of recipients: Website hosting provider, transactional email provider, invoice provider, Kulturprojekte Berlin
Personal data will be processed for the purposes mentioned until the end of the existing contract. In addition, we store personal data in accordance with Art. 6 para. 1 lit c) GDPR to fulfil our statutory retention obligations in accordance with § 257 para. 4 HGB, § 147 para. 3 AO.
7.3 Payment service providers
Description: We use external payment providers for the online shop on this website in order to offer our customers various payment options. The processed data will only be passed on for the purpose of payment processing with the payment service provider and only to the extent necessary for this purpose. We do not store any credit card data ourselves.
Types of data processed:
• Usage data: Name, address, account number, sort code, credit card number (if applicable), invoice amount, currency and transaction number
• Communication data: e.g. IP addresses, browser type, operating system. Data protection subjects: Users (website visitors)
Purpose of processing: Offering external payment providers for the online shop on this website in order to offer customers various payment options. Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR).
Recipients or categories of recipients:
• Usage data: Adyen N.V. German Branch, Jägerstraße 27 10117 Berlin, https://www.adyen.com/de_DE/privacy-policy/transaction
• Communication data: Website hosting provider, transactional email provider
Personal data will be processed for the purposes mentioned until the end of the processing of the existing contract. In addition, we store personal data in accordance with Art. 6 para. 1 lit c) GDPR to fulfil our statutory retention obligations.
