Privacy Protection

The legal responsibility of this notice rests with Bucerius Kunst Forum gGmbh, D-20457 Hamburg, Alter Wall 12.

The Bucerius Kunst Forum attach great importance to the protection of your personal data. The data collected when you visit our website are stored and used in accordance with the General Data Protection Regulation (GDPR). We regard your personal data as strictly confidential. This data protection notice provides information on how the Bucerius Kunst Forum deals with the data and information that are collected when you visit the webpages of our organization.


1. Data Collection and Processing

Personal data are, according to Art. 4 GDPR, all information relating to an identifiable person, e.g. Name, postal and e-mail address or telephone number. This includes usage data such as IP addresses. The Bucerius Kunst Forum ensures that only relevant data is collected and stored. Whenever personal data such as your name and e-mail-address are collected on our webpages, this is subject to your consent, for example if you order further information or our newsletter according to the GDPR, Art. 6 para. 1 lit. b) and f). Your personal data are used exclusively for the intended purpose and within the scope required. IP addresses are held by the hosting service for three days. The hosting operator itself works with other providers to protect the websites from fraudulent activity. In doing so, he ensures compliance with legal requirements through data processing contracts and appropriate guarantees for data transfers to third countries.


2. Newsletter

If you wish to order our newsletter, we require your name and email address for mailing. Signing up for this is done through the double opt-in process. You will only receive the newsletter once you have confirmed your registration via the email and link sent by us. The date and IP address of the order are kept. Subscribers to the newsletter can unsubscribe at any time on our newsletter page, address and user data are then deleted. For changes to your email address, please use the contact form provided. The legal basis of this data processing is Art. 6 para. 1 lit. a) and b) GDPR.


3. Events

You can register for events organised by the Bucerius Kunst Forum on the website, or you will be redirected to the event registration web page of the ZEIT-Stiftung. 
The Bucerius Kunst Forum uses the double opt-in procedure for electronic registration. You will not receive confirmation of participation in the event until you confirm your registration by clicking on the link in an email we send you. The date and IP address of your registration as well as your address and user data (first name, last name, email address and, if applicable, name of the accompanying person) will be stored until the event. After the event, we will delete the address and user data.

You can cancel your event registration at any time by email, in which case your address and user data will be deleted. If you choose to have us store your contact information, you can register more easily for subsequent events. Your data is processed in accordance with the provisions of Art. 6 (1)(b) of the GDPR.
Some events may require a higher level of security, for which additional personal data will then be collected. In providing such data, you indicate your consent for the purpose of Art. 6 (1)(f) and Art. 7 of the GDPR.

According to Hamburg’s SARS-CoV-2 containment ordinance, organisers are obliged to collect the contact details of all event participants in order to trace possible chains of infection. The contact details will be submitted to the competent authority on request and will then be destroyed after a four-week retention period. The Bucerius Kunst Forum will record your details immediately before an on-site event begins.

Online offers (ZOOM video conferencing platform)

We use the Zoom tool to offer online services such as digital tours, events and workshops. Zoom is a service of Zoom Video Communications, Inc., based in the USA. By participating in an event you tacitly accept the terms and conditions of the Zoom video conferencing platform. As soon as you access the Zoom website, the Zoom provider is responsible for data processing. You do not need to create a Zoom account. You can use Zoom by entering the meeting ID and any other access data directly in the Zoom app. All you have to do is dial in via the link and enter your name or an abbreviation. You can also use Zoom via your browser. 

Booking of guided tours and workshops via Museumsdienst Hamburg

The Bucerius Kunst Forum offers special guided tours and workshops in the current exhibitions, which the Museumsdienst Hamburg coordinates and books on our behalf.

When you book offers via the Museumsdienst Hamburg website, all information that you provide during registration (or that you store in your customer account at a later time) is collected and stored. All fields marked with * are mandatory. The information you provide is used to fulfill the booked tour.

For details on data processing, please refer to the data protection statement of the Museumsdienst Hamburg: https://museumsdienst-hamburg.de/datenschutzhinweise/

The legal basis for data processing is Art. 6 para. 1 lit. b) GDPR.  The Bucerius Kunst Forum uses the service provider Giant Monkey for the software of the bookings and the service provider Museumsdienst Hamburg for the administration and application of the registrations and bookings. A contract has been concluded with each of the service providers as a processor in accordance with Art. 28 GDPR, which obliges the service providers to protect the data of our customers and not to pass it on to third parties.

The Bucerius Kunst Forum stores the data of participants in guided tours for the duration of the legal retention period.


4. Cookies

Whenever you visit our web pages, data is automatically collected in the form of cookies. A cookie is a small data file that is saved by the web browser on your computer. It interacts with your web browser to enable the full functionality of the web pages. To do so, the cookie reads data regarding the device used, the operating system, the location, and the time spent browsing the pages in question.

Cookies are in general divided into the following types:

Temporary cookies, known as “session” or “transient” cookies, are deleted after the user exits a website and closes the browser. Such a cookie may be used for example to temporarily save the contents of a shopping cart in an online shop or a login status.

Cookies are described as “permanent” or “persistent” if they are stored even after the browser is closed. For example, the login status may be saved in case the user visits the website again after a few days. This type of cookie may also be used to store a user’s preferences in order to assess the reach of the website content or for marketing purposes.

Third-party cookies are cookies from providers other than the one responsible for the website in question (the cookies from the website provider are in turn called “first-party cookies”).

We only use cookies on our website that do not allow the user to be personally identified.

The following cookies are used on our web pages:

  • CookieConsent
    This first-party cookie is set by our website to indicate that the user has agreed to the use of cookies during their visit to the website. The cookie banner then no longer has to be displayed each time you visit the website. No personal user data is collected via this cookie. The cookie is stored for 3 months.
     
  • PHPESSID
    This first-party cookie optimises user guidance functions and is deleted after your visit. It refers to a unique session ID that is assigned for the current browser session. No personal data is stored. As soon as the user’s browser is closed, the session is terminated and the cookie deleted.

The legal basis for this data processing lies in Section 25 (1) TTDSG.

If you have agreed to the use of statistics cookies, the following cookies will also be set:  

  • _pk_*:
    This cookie is used for Matomo tracking, a web analytics service. For more information, see point 10 of this Privacy Protection notice.


5. Links to Websites of Other Providers

The web pages of the Bucerius Kunst Forum may contain links to other websites. No data are transmitted to "social media" companies. Unless the user follows a clearly marked link, there is no data transmission to the link in question. On our website, we embed videos on the YouTube platform. When you visit a page with the YouTube videos, it will connect to YouTube's servers. If a YouTube video is started, the provider uses cookies that collect information about user behavior. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally.

Our website uses Google Maps and Snazzy Maps as well as Google Fonts to illustrate our address. We cannot exclude that the data is transferred to Google Inc. or Snazzy Maps.

This data protection notice applies only to the website of the Bucerius Kunst Forum. We cannot influence or monitor whether other providers comply with data protection laws.


6. Online presence on social media platforms

We have an online presence on social networks and platforms such as Facebook and others. The "fan page" you visit gives you an opportunity to respond to our offerings and to comment on our content. During your interaction you may be transmitting some personal data that we will process on the basis of our legitimate interests for optimizing the information we provide and the way in which we communicate with our users in accordance with Art. 6 Abs. 1 lit. f) GDPR (General Data Protection Regulation). Please be advised that in doing so, we may also process the data of users from outside the European Union. This user data will generally be used for the purposes of market research and advertising. Any information requests or claims pertaining to user rights legislation are best directed to the providers. Solely the providers are able to access user data and are therefore able to provide information and take appropriate measures. In connection with any requests related to Facebook, we would like to point out that the primary responsibility for providing information in accordance with GDPR (General Data Protection Regulation) lies with Facebook. Facebook provides information on its data policy here. For further information about page insights data provided by Facebook, click here. In the event that you require further help, please don't hesitate to contact us.


7. Membership in the Bucerius Kunst Club

In order to be able to ensure the administration and support, we collect, process and use the following data of the members on the basis of Art. 6 (1) lit. b) and f) GDPR: name, first name, address, e-mail address, date of birth and in case of a debit mandate the bank details.


8. Data Subject Access Requests

Under the General Data Protection Regulation (GDPR) Art. 15 para. 1 you may ask to see the information about yourself that is held on computer, and may exercise the right for the data in question to be corrected, blocked or deleted. If you have any questions, please contact the data protection officer at datenschutz@remove-this.buceriuskunstforum.de. You have the right to object to data processing and a right to data portability according to Art. 20, GDPR. We refer to a supervisory authority: Hamburg Commissioner for Data Protection and Freedom of Information, D-20459 Hamburg, Ludwig-Erhard-Straße 22.


9. Web Analysis Services

Our websites use Matomo. This is a tracking service that provides analysis of the use of our web pages. To this end, the information generated by the cookie _pk_* (including your abbreviated IP-address) is sent to our server and saved for analytical purposes, for example the duration and sequence of your search on our pages. This information enables us to measure user frequency and helps us improve the attractiveness and functionality of our web pages. Your IP-address is immediately anonymized as part of the process, which means that you as a user remain anonymous to us. The information on your use of our website that is generated by the cookie is not shared with any third party. You can disable the cookies through the appropriate setting of your browser software, but this may result in your being blocked from using some of the functions of our website. If you wish to prevent collection and analysis of these data during your visit to our website, you may opt out of the collection and use at any time simply by mouse click. In this case, a so-called opt-out cookie is created in your browser with the result that Matomo collects no session data. Please note that whenever you delete your cookies, the opt-out cookie is automatically also deleted and will have to be reactivated on your next visit.


10. Online Shop

Data collection and processing

When an order is placed in the online shop, personal data is collected for processing the payment transaction. This data processing is carried out in accordance with Art. 6 (1)(b) of the GDPR for the performance of our contract-like relationship with you.

When you order from us, you can register in our online shop and create a customer account. All information that you provide when registering, or which you enter into your customer account at a later time, will be collected and stored. All fields marked * are mandatory: title, first and last name, address (street, house number, postal code, town and country), email address, a chosen password as well as the payment method and, if applicable, shipping and billing information you provide for the purchase and shipment of an item.
Fields such as title or date of birth and telephone number are information that you can provide voluntarily. (Please note that when you purchase a Young Member membership, you must also enter your date of birth).
If you register in our online shop, you will be assigned a customer number, and the date on which you registered will be stored.

If you instead choose to place an order as a guest without opening a customer account, you must also fill in the mandatory fields marked *: title, first and last name, address (street, house number, postal code, town and country), email address. We will store this data for the statutory retention period.

Personal data will be collected as described above for each order or payment transaction. We will process this data in accordance with Art. 6 (1)(b) and (f) of the GDPR solely as required for this purpose. We use the information you provide when placing an order to process your order, to notify you of the status of your order, and to send you the products you have ordered (in particular online tickets). In addition, we use the data to contact you if problems arise during the ordering process or to answer your queries.

Your data will only be passed on to third parties, i.e., to financial service providers and institutions we work with, for the purpose of contract processing, invoicing or collection of payment. 

Data security

In order to ensure the integrity and confidentiality of personal data, the Bucerius Kunst Forum takes all necessary technical and organisational precautions to protect against loss or misuse of and unauthorised access to such data. The data is stored in a secure operating environment. We would like to point out there may be security gaps when data is transmitted over the internet by email. Seamless protection of data from unauthorised access by third parties cannot be guaranteed.

Every visit to our online shop is stored in a log file and analysed. We process this data for purposes of ensuring adequate data security. The processing is carried out to protect our legitimate interest in being able to guarantee data security, in accordance with Art. 6 (1)(f) of the GDPR.