Privacy Protection in the App

Privacy Protection in the Bucerius Kunst Forum App

General information

We are delighted that you are interested in our exhibitions. The Bucerius Kunst Forum gGmbH management attaches great importance to the protection of your personal data. If it is necessary to process personal data and there is no automatic legal basis for such processing, we in general first obtain the consent of the data subject.

The processing of personal data, such as a person’s name, address, email address or telephone number, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the data protection regulations that apply in the country in question.

We have implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed via this app. Nevertheless, internet-based data transmissions are always vulnerable to security gaps, so that absolute protection cannot be guaranteed.

Beyond the app, we also process personal data within the scope of our business relationship with you. Information about such data processing and your rights to data privacy, some of which also concern data processing in our app, can be found in our Privacy Protection Policy.

General information: Name and address of the data controller

Responsible for the purpose of the General Data Protection Regulation, other data protection regulations that apply in the member states of the European Union and any other provisions for data protection is:

Bucerius Kunst Forum gGmbH
Alter Wall 12
20457 Hamburg
+49 (0)40 36 09 96 0

You can reach our in-house Data Protection Officer at:

Ebelin und Gerd Bucerius
Feldbrunnenstraße 56
20148 Hamburg

Data Protection Officer for the ZEIT-Stiftung:
Axel Schuster

Responsible data protection authority

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg

General information: Collection of general data and information

Our app collects a range of general data and information every time a data subject or automated system accesses the app. This general data and information is saved in the server’s log files. The following may be collected:

  • The operating system used by the device accessing the app,
  • An Internet Protocol (IP) address (anonymised).

General information: Security and SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

We use technical and organisational security measures to ensure that your personal data is protected at all times against loss, falsification and unauthorised access by third parties. All security measures are continually updated to keep pace with the latest technical advances.

General information: Changes to our Privacy Protection Policy

We reserve the right to revise our Privacy Protection Policy from time to time to ensure that it complies at all times with current legal requirements, or to amend the Privacy Protection Policy to reflect changes in our services, for example when introducing new services. The new Privacy Protection Policy will then apply for your next visit.

Hosting: Introduction
The hosting provider we use supplies us with the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services, all of which we use for the purpose of operating these online offerings. To do so, our hosting provider (1&1 IONOS SE) processes on our behalf only the log files mentioned above.

Hosting: Login data and log files

On the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. of the GDPR, we collect data via our hosting provider every time someone logs into the server on which this service is located (so-called server log files). This login data includes the name and version of the app, the name of the file accessed, the date and time of access, the amount of data transferred, a log of the successful login, and the user’s operating system and IP address.

For security reasons (e.g. for the investigation of abuse or fraud) log file information is stored for a maximum of 7 days and then deleted. Data that must be stored longer for evidential purposes are excluded from deletion until the respective incident has been fully resolved.

Access rights for the app

In order to provide our services via the app, we require the access rights listed below, which enable us to access certain functions of your device:

1. Internet access
Access to the device’s internet connection is necessary to keep the content of the app up to date.

2. Recording of network and WiFi status
This data is necessary to control the provision of content from the internet without causing extended upload times.

Rights of the data subject

You have the right to decide for yourself to what extent your personal data will be processed or to contradict in particular. For details please refer to the GDPR Arts. 15–21.

Further information

If you wish to receive information that is not included in this Privacy Protection Policy, or if you would like further information on a specific point, please contact the Data Protection Officer of the ZEIT-Stiftung.