Privacy Policy
Website of the Berlin-Hohenschönhausen Memorial
I. General Information
The website www.stiftung-hsh.de ("website") is an online offering provided by the Berlin-Hohenschönhausen Memorial Foundation (hereinafter also referred to as the "Berlin-Hohenschönhausen Memorial" or "we"/"us"). This policy contains information on how your personal data is handled. If you use our website and the services of the Berlin-Hohenschönhausen Memorial, personal data will be processed.
The protection of your privacy is important to us. Therefore, we would like to give you the opportunity to obtain comprehensive information on what personal data is processed by us and how.
You can access this Privacy Policy at any time via the "Data Protection" heading on our website using the link www.stiftung-hsh.de/en/privacy-policy
Please note: We naturally comply with the statutory provisions of the General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (BDSG-neu) and other data protection regulations.
II. Name and Address of the Data Controller
As operator of the website, the Berlin-Hohenschönhausen Memorial acts as a data controller for your personal data that is processed when you use this website.
Berlin-Hohenschönhausen Memorial Foundation
legally represented by its Director, Dr Helge Heidemeyer
The Chairman of the Board of Trustees for the Berlin-Hohenschönhausen Memorial Foundation is the Senator for Culture, Joe Chialo
Genslerstr. 66
13055 Berlin
Phone +49 30 98 60 82 401
Fax +49 30 98 60 82 464
Email info@stiftung-hsh.de
III. How to Contact the Data Protection Officer
If you have any questions or wish to exercise your rights as a data subject, please contact our Data Protection Officer:
Mr Michael Rudolf Kissler
c/o WINHELLER Rechtsanwaltsgesellschaft mbH
Tower 185
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main
Email datenschutz@stiftung-hsh.de
IV. Processing of Personal Data
1. Provision of the website and creation of log files
a) Description and scope of data processing
Our website is hosted on servers of X New Media Composition.
Each time you visit our website, the following data transmitted by your browser is automatically processed for technical reasons:
Information about your browser type and version
The operating system you are using
The website from which you are visiting us (referrer URL)
Host name of the accessing computer
Date and time of your visit
IP address
This data is not merged with other personal data relating to you.
b) Legal basis for data processing
The legal basis for temporarily processing data and log files is Art. 6(1)(1)(f) GDPR.
c) Purpose of processing the data
The temporary processing of your IP address by our system is necessary to enable the provision of the website on your end device. We also use your personal data to optimise our website and ensure the security of our IT systems. Your data will not be processed for marketing purposes.
This also constitutes our legitimate interest in data processing.
d) Duration of storage
The aforementioned personal data will be deleted as soon as it is no longer required to fulfil the processing purpose. Regarding the processing of data for the provision of the website, this applies once you end the respective session.
e) Right to object and right to rectification pursuant to Art. 21 GDPR
There is no possibility to object to the processing of data, as the processing of such data is absolutely necessary for the provision of the website.
2. Registrations forms
a) Description and scope of data processing
On our website, we give you the opportunity to register groups using your personal data. The personal data that is processed when you register online using the registration form is your first and last name, address, telephone number, email address, specific information on the group (assistance required), the required language and, where applicable, the information you enter in the free text field. Your data will not be passed on to third parties. When you register via our website, we will also save your IP address and the date and time of your registration.
b) Legal basis for the processing of data
The legal basis for the processing of your personal data is Art. 6(1)(1)(b) GDPR. The collection and storage of your IP address is based on Art. 6(1)(1)(f) GDPR.
c) Purpose of the processing of data
The personal data collected during registration is required to initiate, execute and terminate the contractual relationship with you.
We process your IP address for our security in the event that a third party registers on our website without your knowledge or misuses your personal data. This also constitutes a legitimate interest on our part. Data is not passed on to third parties or compared with data collected via other website services.
d) Duration of storage
As soon as we no longer need your personal data for the aforementioned purpose, it will be deleted immediately.
e) Right to object and right to remove pursuant to Art. 21 GDPR
There is no possibility to object to the processing of IP addresses, as it is absolutely necessary in order to track fraudulent use. In this respect, the processing serves the assertion, exercise or defence of legal claims.
3. Use of strictly necessary cookies
a) Description and scope of the processing of data
We use "cookies" on our website, which serve to recognise you as a user and make it easier for you to navigate and use our site. Cookies are small text files installed by your internet browser on your end device. These are often "session cookies", which are deleted at the end of your session.
Other cookies remain installed on your end device until you remove them. These installed cookies allow us to identify your web browser on your next visit.
You can also set up your web browser so that you are notified when cookies are installed. As part of your settings, you can choose whether cookies should only be permitted in individual cases, or only be installed in certain cases, or generally not be accepted or automatically deleted after closing your web browser. If you decide to deactivate the cookies, this may restrict your use of the website.
We use cookies on our website to make it more user-friendly for you. Some elements of our website require that the accessing browser can be identified even after a page change.
b) Legal basis for the processing of data
The legal basis for processing your personal data using cookies is Art. 6(1)(1)(f) GDPR.
c) Purpose of the processing of data
We use cookies that are strictly necessary to optimise the use of the website for you. Otherwise, we will not be able to offer you some of the functions on our website, as these require your web browser to be recognised following a page change. These purposes also constitute our legitimate interest in processing your personal data.
We do not use the personal data collected by strictly necessary cookies to create user profiles.
d) Duration of storage
The session cookies are stored on the user's computer and are automatically deleted at the end of the browser session. The duration of storage can be found in the table below. You may change your cookie selection at any time in our cookie settings (Cookie Policy further down on this page).
You may also deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. This can also be done automatically. If cookies for our website are deactivated, it may no longer be possible to use all functions of the website to their full extent.
4. Use of cookies for analysis purposes (Matomo)
a) Description and scope of the processing of data
The operator uses the open source software tool Matomo on this website to analyse user behaviour. The software uses cookies that are stored on your end device to statistically analyse visitor access.
The following data is collected to improve our online offering:
- Your anonymised IP address, i.e. we cannot identify you as a user of our website
- The website you accessed
- Information on the browser and operating system you are using
- The website from which you came to our website (referrer)
- The subpages that are accessed from the accessed website
- The time spent on the website
- The frequency of visits to the website
The information collected is stored exclusively on the servers of the Berlin-Hohenschönhausen Memorial Foundation. The data will not be passed on to third parties.
b) Legal basis for the processing of data
The legal basis for the processing of your personal data using cookies is Art. 6(1)(1)(a) GDPR.
c) Purpose of the processing of data
Matomo collects information, so as to determine how you used the website. The evaluation of the information collected serves exclusively to optimise and further develop our website.
d) Duration of storage
The cookies used by Matomo to analyse website usage have a preset storage period, which you can see in the table below. You can change your cookie selection at any time in our cookie settings (Cookie Policy further down on this page).
e) Possibility of revocation according to Art. 7 GDPR
You are free to revoke your consent at any time with future effect by deactivating the cookies and configuring your browser software accordingly. The legality of the processing carried out up to that point is not affected by the revocation.
5. Contact forms
a) Description and scope of the processing of data
On our website, we give you the opportunity to send us general enquiries using the contact form. You may choose between contacting Visitor Services, the Foundation Management and the project “Linker Extremismus” (left-wing extremism). The personal data that is processed when making an online enquiry to Visitor Services, the Foundation Management and the project “Linker Extremismus” using the contact forms is your name, your email address, your telephone number, where applicable, and the message you choose to type in. We will not pass on any of the data from your contact enquiry to third parties without your consent.
b) Legal basis for the processing of data
The legal basis for the processing of your personal data is Art. 6(1)(f) GDPR.
c) Purpose of the processing of data
The purpose of storing your data is to enable us to process your enquiry. Furthermore, the storage of the same enables us to contact you in the event of follow-up questions or queries. These purposes also constitute our legitimate interest in processing your personal data.
d) Duration of storage
The data you submit via the contact form will be retained by us until you object to the processing of such data, or the purpose for the processing of data no longer applies (e.g. after your enquiry has been processed), depending on which circumstance occurs first. The mandatory statutory provisions – in particular retention periods – remain unaffected by this.
e) Right to object and right to rectification pursuant to Art. 21 GDPR
You are free to object to the processing of data by sending an email to info@stiftung-hsh.de.
6. Enquiry book orders
a) Description and scope of the processing of data
On our website, we give you the opportunity to submit an enquiry to order publications from the memorial by providing your personal data. The personal data processed in the online enquiry form are your e-mail address, first and last name, address and, if applicable, the information you enter in the ‘Your message’ field. Your data will not be passed on to third parties. When you register via our website, we will also save your IP address and the date and time of your enquiry.
b) Legal basis for the processing of data
The legal basis for the processing of your personal data is Art. 6(1)(1)(b) GDPR. The collection and storage of your IP address is based on Art. 6(1)(1)(f) GDPR.
c) Purpose of the processing of data
The personal data collected when sou enquire about ordering publications is required to initiate, execute and terminate the contractual relationship with you for the purchase of publications.
We process your IP address for our security in the event that a third party registers on our website without your knowledge or misuses your personal data. This also constitutes a legitimate interest on our part. Data is not passed on to third parties or compared with data collected via other website services.
d) Duration of storage
As soon as we no longer need your personal data for the aforementioned purpose, it will be deleted immediately.
e) Right to object and right to remove pursuant to Art. 21 GDPR
There is no possibility to object to the processing of IP addresses, as it is absolutely necessary in order to track fraudulent use. In this respect, the processing serves the assertion, exercise or defence of legal claims.
7. Use of YouTube components in extended data protection mode
a) Description and scope of the processing of data
Our website uses video components from the company YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube", which is a company that is part of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA.
We use the option "- extended data protection mode -" provided by YouTube. According to YouTube, in this mode no information about you is stored simply by visiting the subpage where the YouTube video is embedded. Only when you play the embedded YouTube video will cookies be installed on your device and personal data transmitted to YouTube. If you are logged into your YouTube account at the time of playing the YouTube video, your internet usage behaviour will be assigned to your personal YouTube profile.
The scope of the data collected by YouTube is not known to us in detail. According to information published by YouTube themselves, they collect location-based data, such as IP addresses, and set cookies to uniquely identify your browser or your Google account. The data collected may be shared with the services on the Google network. Further information about the scope of data processing by YouTube and Google can be found at policies.google.com/privacy
b) Legal basis for the processing of data
The legal basis for using YouTube components is Art. 6(1)(f) GDPR.
c) Purpose of the processing of data
Your personal data will be processed in order to make the respective video uploaded to YouTube accessible to you. This also constitutes our legitimate interest in processing your personal data.
d) Duration of storage
The duration of storage of the personal data collected by YouTube can be found in the table below. You may change your cookie selection at any time in our cookie settings.
e) Right of objection and removal in accordance with Art. 21 GDPR
If you do not want YouTube to assign the data collected via our website directly to your YouTube member account, you can log out of your account beforehand.
Cookie policy
Privacy Policy
Website of the Berlin-Hohenschönhausen Memorial
8. Use of the registration form for participation in events organised by the “Left-Wing Extremism” project team
a) Description and scope of the processing of data
We would like to offer you the opportunity to register directly and easily as a participant in events organised by the "Left-Wing Extremism in the Past and Present" project team by completing the online registration form provided by us. To provide the registration form, we use LamaPoll, a service provided by Lamano GmbH & Co. KG ("Lamano"). The personal data collected via the registration form is stored on Lamano's servers, which are located exclusively in Germany. We have concluded a data processing agreement with Lamano and have ensured that the provider meets high data protection requirements, for example that the data centres used have independent TÜV certification in accordance with DIN ISO 27001.
You will be asked to provide the following personal data via the respective registration form:
- First and last name,
- date of birth,
- gender,
- address (street name, house number, postcode, town/city),
- institution/project,
- email address,
- telephone or mobile number,
- your information regarding experience in youth work, field of activity, motivation to participate and expectations of the event,
- information on accommodation,
- information on catering and possible allergies/intolerances, and
- information on assistance requirements.
In addition, a CSRF token is placed to protect your data from cross-site enquiry falsification.
b) Legal basis for the processing of data
The processing of your personal data provided in the registration form is based on Art. 6(1)(1)(b) GDPR.
The CSRF token is used on the basis of Art. 6(1)(1)(f) GDPR.
c) Purpose of the processing of data
We process the personal data provided by you upon registration, so that you may register for our events and so that we may organise and run them.
The CSRF token is used to determine whether or not a request was actually triggered by the user stored in the session in order to restrict unauthorised access. This also constitutes a legitimate interest on our part.
d) Retention period
We delete your personal data when it is no longer required to fulfil the purpose for which it was processed. The data provided in the registration form will be deleted after three years, starting at the end of the year in which the data was collected.
e) Revocation pursuant to Art. 7 GDPR and objection pursuant to Art. 21 GDPR
If personal data was collected on the basis of your consent, you may revoke your consent to the processing of your data at any time in accordance with Art. 7 GDPR. To do so, please send an email to info@stiftung-hsh.de. This shall not affect the lawfulness of the processing carried out up to that point on the basis of consent. In the event of cancellation, your personal data will no longer be processed and will be deleted or blocked.
It is not possible to object to the processing of the IP address or cookies used, as this is absolutely necessary in order to track abusive applications and provide the registration form.
9. Ticket shop orders
a) Description of data processing
You can register for public tours and events via our ticket shop. We use the Go~mus booking management system for this purpose, which is operated by Giant Monkey GmbH on Hetzner servers in Germany.
When booking via the ticket shop, the following data is processed in addition to the data that is already collected when you visit the website (see above):
Salutation
First name and surname
Postal address
Email address
Preferred language
Chosen payment method
Information on the execution of the payment
b) Legal basis
The aforementioned data categories are collected and processed in the context of contract initiation and processing in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
When a purchase contract is concluded, the accounting documents are stored due to a legal obligation in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with § 147 para. 1 no. 4 of the German Fiscal Code.
c) Purpose of the data processing
The data collected when using the ticket shop is used to initiate, execute and terminate the contractual relationship with you. This is also our legitimate interest.
d) Duration of storage
If a purchase contract is concluded in our ticket shop, we are legally obliged to store the booking documents for a period of ten years. The receipts are then deleted.
The user account will be deleted if the corresponding account is cancelled or if we discontinue the corresponding offer.
Otherwise, the data will be deleted after the expiry of statutory warranty and comparable obligations or as soon as the data is no longer required for the above-mentioned purposes
e) Payment
We do not store any credit card information or bank details ourselves, but work together with the payment service provider Payyo TrekkSoft AG and Pay Pal (Europe) S.à r.l. et Cie, S.C.A. to process the payment, to whom we pass on your information provided during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing and only to the extent that it is necessary for this purpose.
Further information on payment processing via Payyo can be found here: : Home - Payyo
Further information on data protection at TrekkSoft AG can be found here: Datenschutzerklärung TrekkSoft
Further information on payment processing via Pay Pal can be found here: PayPal Konto | Digitale Mobile Wallet | PayPal DE
Further information on data protection at Pay Pal (Europe) S.à r.l. et Cie, S.C.A. can be found here: PayPal-Datenschutzerklärung
V. Your Rights as a Data Subject
If your personal data is processed by us, you are a data subject within the meaning of the GDPR, meaning that you have the following rights vis-à-vis:
1. Right to information
You have the right to request information from us at any time about your personal data processed by us. This also includes information on the origin, recipients or categories of recipients to whom we transfer your data and the purposes for which we process your personal data.
2. Right to rectification
You have the right to demand that we rectify and/or complete your personal data without undue delay if your personal data is incorrect or incomplete.
3. Right to deletion or restriction of processing
You may demand that we delete your personal data without undue delay. We are obliged to carry out such a deletion without undue delay. Another arrangement shall only apply in case of us being obliged to continue processing your personal data due to contractual and/or legal regulations. This is the case, for example, if we are prohibited from deleting data due to retention obligations under tax law. In such a case, we restrict the processing and delete the personal data in question immediately after the retention period has expired.
4. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, where technically feasible. You also have the right to transmit this data to another controller without hindrance from us, if you so wish.
5. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or similarly significantly affects you.
6. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The competent supervisory authority is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Tel.: +49 30 138890
Fax: +49 302155050
Email: mailbox@datenschutz-berlin.de