Data Privacy Policy: www.jmberlin.de
Draft of 4 July 2022
1. General
a) Administrator and Subject
The company responsible for collecting, processing and using your personal data within the meaning of the German Federal Data Protection Act (Bundesdatenschutzgesetz) is
Stiftung Jüdisches Museum Berlin
Lindenstraße 9-14
10969 Berlin
The webpages of the Jewish Museum Berlin include all the pages of the website, the Online Collections area at objekte.jmberlin.de and the blog at http://www.jmberlin.de/blog-en/ (hereinafter referred to as the “Webpages”), as well as the Online Shop at shop.jmberlin.de (hereinafter referred to as the “Online Shop”).
b) Overview: Purposes of Data Collection
To the extent you use, merely by reading, our web offerings, we collect personal data for the following purposes, which are described in more detail under sections 2 through 5 below:
- 2. Transmission of online content,
- 3. Security of our technical systems,
- 4. Improvement of our online offerings,
- 5. Transmission of third-party offerings
Over and above the information we provide for you to read, our website makes certain service offerings available. From those who wish to use these additional services, we require additional personal data. These offerings, described in more detail below, include:
- 6. Comment functions on the Blog and in our Online Collections,
- 7. Newsletter,
- 8. Contact for other purposes,
- 9. Press release mailing list.
- 10. Orders in the Online-Shop of the Jewish Museum Berlin
- 11. Donate via Fundraise Up
c) Your Rights
dacuro GmbH
Thomas Stegemann
External Data Protection Officer
Otto-Hahn-Straße 3
69190 Walldorf
T +49 (0) 6227 78 93 930
F +49 (0) 6227 78 93 939
datenschutz.extern@jmberlin.de
We shall review your request on a case by case basis and provide you either with the information requested or with a written explanation for our not providing it.
d) Supervisory Authority
Of course, you also have the right to file a complaint with the competent supervisory authority .
2. Transmission of Online Content
a) Purpose and Data
For the purpose of transmitting the web pages you have selected, your browser must typically send, among other things, the following information (as content of an HTTP-Request):
- your IP-address, that is, a series of numbers which identifies your current computer connection to the internet,
- the web page you have selected,
- information about the browser and operating system you are using, as well as
- Cookies. We also use cookies on our Webpages to make our website overall more user-friendly, effective and secure. Cookies are small files that are saved on your data storage device and that store specific settings and data that are exchanged between your browser and our system. Furthermore, cookies allow us, for instance, to measure how often pages are accessed and how visitors navigate our website in general. Please be advised that our server transmits some of these cookies to your computer system; these are mostly “session cookies.” Session cookies are automatically deleted from your hard drive once the browser session ends. Other cookies remain on your computer system and allow us to recognize your computer system the next time you visit (so-called “persistent cookies”). You may of course disable cookies at any time, provided your browser supports this function. In the event cookies are disabled, however, the functionality of our website for you may be restricted.
b) Basis in Law
The aforementioned categories of data are required for transmission of the content you have selected and for optimization of our interface. Such use of your data is justified by our legitimate interest in transmitting information to you upon your request.
c) Data Transmission and Rights of Access
Rights of access are governed by our various internal access policies and by the relevant written agreements we have concluded with our service providers.
d) Term of Storage
Once the transmission of information has been completed, we no longer store the data we have collected from you for this purpose (in certain cases, however, we may store it for the purposes set forth below).
3. Security of Our Technical Systems
a) Purpose and Categories of Data
Moreover, we collect the categories of data already set forth above:
- your IP-address, that is, a series of numbers which identifies your current computer connection to the internet,
- the web page you have selected,
- information about the browser and operating system your are using, such as its name and version, as well as
- where relevant, the page from which you came to our Webpages (so-called “Referrer-Information”).
b) Basis in Law
Such storage of your data is justified by our legitimate interest in conducting an analysis of any errors in or attacks on our technical systems.
c) Data Transmission and Rights of Access
Rights of access are governed by our various internal access policies and by the relevant written agreements we have concluded with our service providers.
d) Term of Storage
The data so described are deleted – provided no breach of security has been detected – within seven days. In the event of a breach, they are deleted as soon as we no longer have a legitimate interest in continuing to store them.
e) Your Rights
In general, rights of information and correction exist with respect to the categories of data set forth above. In most cases, however, the connection to a person can be made only via his IP-address. We are nevertheless obligated to ensure that we provide information only to persons actually entitled to it. If you request information from us, therefore, you must adequately demonstrate that the information refers to you.
4. Improvement of Our Online Offerings (through website traffic statistics)
Our Webpages use Matomo, an open source web analytics application published under the GNU General Public License (available at matomo.org; on data privacy, see in particular: matomo.org/privacy (hereinafter referred to as “Matomo”). Matomo uses a cookie to analyze your user behavior when you visit our Webpages.
The cookie, which is stored on your computer when you visit the Webpages, also saves and transmits your masked IP address. This means that when the data is transmitted to our server, the IP address is anonymized in such a way that we cannot identify you as a visitor of our website. The analysis serves only to help us optimize and enhance our website.
a) Purpose and Categories of Data
For the purpose of improving our online offerings, we evaluate how the Webpages are used. To this end, we refer to the following information, in particular from the HTTP-Request mentioned under (a) above:
- your IP-address, that is, a series of numbers which identifies your current computer connection to the internet,
- the Webpage you have selected,
- information about the browser and operating system your are using, as well as
- where relevant, the page from which you came to our Webpages (so-called “Referrer-Information”).
- Moreover, we track a pseudonymous marker which is stored on your computer when you visit our Webpages (HTTP-Cookie). This makes it possible for us to recognize our users.
b) Basis in Law
Such processing of your data in the categories named above is justified by our legitimate interest in improving our online presence.
c) Data Transmission and Rights of Access
Rights of access are governed by our various internal access policies and by the relevant written agreements we have concluded with our service providers.
d) Term of Storage
Personal data are rendered anonymous immediately upon collection.
e) Your Rights
You may configure your browser to prevent the cookie from being installed. Please be advised, however, that, if you do so, you may not be able to make full use of all the features available on our Webpages.
You may furthermore prevent the cookie-generated data based on your usage of these Webpages (including your IP address) from being collected and processed by using the Matomo-Opt-Out-Function. Your browser then creates an “opt-out cookie,” preventing Matomo from collecting usage data. Please note: Deleting your browser's cookies also deletes the opt-out cookie.
Click here and opt directly out of Matomo:
In general, you have no right to information about, correction of, or deletion of this data, because your data are collected pursuant to a process of anonymization, which usually renders it impossible for us to reproduce, at any reasonable expense, a connection to the person seeking information. You are, however, welcome to submit an application of this kind to us. We shall review your request on a case by case basis and evaluate whether it might not be possible to comply with it after all. If not, we shall provide a written explanation for why we cannot.
5. Transmission of Third-Party Offers
a) Share-Function
Further, our Webpages include links to our internet presence on the platforms
- Facebook (www.facebook.com/privacy/explanation),
- Google+ (https://policies.google.com/privacy?hl=en&gl=de),
- Instagram (https://help.instagram.com/155833707900388),
- Twitter (https://twitter.com/en/privacy) and
- YouTube (https://policies.google.com/privacy?hl=en&gl=de).
Clicking on these links does not result in any direct transmission of data to the servers of these service providers by us. You can visit the profiles of the Jewish Museum Berlin on these social networks to find out about the latest activities and topics related to the Jewish Museum Berlin, leave comments, and connect with us and other users. Your opinion is important to us, which is why we welcome constructive comments that promote spirited discussions. We kindly ask that you treat each other with respect and that you comply with our netiquette.
b) Linked Videos
Our Webpages include embedded videos from the video-sharing websites YouTube and Vimeo. To the extent you use these services, the collection and use of data will be governed by the applicable privacy protection guidelines of those firms.
For more information about the data privacy policies of YouTube and Vimeo, see:
- Youtube (https://policies.google.com/privacy?hl=en&gl=de) and
- Vimeo (vimeo.com/privacy).
The YouTube videos include cookies set by the provider YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. These cookies expire after a maximum of two years.
6. Comment Functions on the Blog and in Our Online Collections
You can leave comments on our Blog (Blogerim – From the corridors of the Jewish Museum Berlin ) and in our Online Collections. As with comments posted on social networks, we request that you comply, in making any comments, with the netiquette.
This page allows you to post
- your name,
- your e-mail address, and
- your comment.
We will publish your name and comment after your post is approved. Your e-mail address is not published and is collected only to prevent abuses. The processing of your data is in this case based upon your consent.
We will delete your Blog comment if you send a request to this effect to blog@jmberlin.de.
We will delete your Online Collection comment if you send a request to this effect to website@jmberlin.de.
7. Newsletter
If you would like to subscribe to the newsletter we offer over our website, we need an e-mail address from you as well as information allowing us to confirm that you are the owner of the address provided and that you consent to receiving our newsletter.
To ensure that our sending of the newsletter is conducted in accordance with your consent, we use the so-called double-opt-in-procedure. This procedure foresees that the potential subscriber initially registers for our distribution list. In a second step, the user receives a confirmation e-mail giving him the opportunity to confirm his registration in a legally reliable manner. The user’s address is actively incorporated into our distribution list only once this confirmation is received. We use these data exclusively for the purpose of sending the information and offers requested.
Our newsletter uses the software product Sendinblue. In this connection, your data are transmitted to the firm Sendinblue GmbH. Sendinblue is prohibited from selling your data or otherwise using it except in connection with the sending of newsletters.
Sendinblue ist a German, certified service-provider that operates in accordance with the requirements of the European General Data Protection Regulation and the German Federal Data Protection Act. You will find further information here: https://www.sendinblue.com/information-for-email-recipients.
You can revoke at any time the consent you provide to our storage of your data and e-mail address, as well as to our use of such data for the purpose of sending the newsletter. To do so, please use the “unsubscribe”-link found in the newsletter.
The measures taken for compliance with legal provisions on data privacy are subject to technical improvements on an ongoing basis. For this reason, we request that you inform yourself at regular intervals concerning our data protection measures by reviewing our online data protection policy statement.
8. Contact for Other Purposes
You may contact us by e-mail, online contact-form, fax, telephone, or in person, e.g., for the purpose of
- giving us feedback,
- making a request,
- or registering for events, archive and library visits.
In this context, we store the content of your contact request and your contact details in our data files, in most cases on the basis of your consent or for the purpose of preparing and carrying out a legal transaction with you, but in some cases on the basis of our legitimate interest in processing such data.
We pass on your data when your request requires that we do so, based either on the context or in consequence of an exchange with you.
Your personal data will be deleted upon completion of the procedure in question, provided we have no duty to retain it and no longer have a legitimate interest in retaining it.
9. Press Release Mailing List
We maintain a mailing list for the purpose of providing information to interested members of the press. In this mailing list, the following information is stored:
- name,
- address,
- contact data, in particular telephone number and e-mail address,
- press medium(s), membership in the editorial team,
- subjects of interest.
We generally store this data pursuant to your registration and on the basis of your consent, but in some cases on the basis of our legitimate interest in informing the public about our activities. We pass on your data only to service providers within the framework of service agreements. We do not pass on data to third parties for any other reason.
Your data will be deleted at any time upon your request.
10. Orders in the Online-Shop of the Jewish Museum Berlin
a) Purpose and Data
Our Online-Shop enables you to acquire certain products, such as entrance tickets and gift certificates, or to sign up for events at the Museum. Moreover, you have the option – if you plan to use the Online-Shop regularly – of setting up a customer account.
For this purpose, we process – besides the general data which are in any event collected when you visit the Online-Shop (see above) – the following additional data:
- Name and E-Mail address, as well as preferred language (German or English)
- In the event of registration for a customer account: also your mailing address and a password defined by you, provided that the password itself is not saved on a permanent basis – instead, we save only a checksum (hash value)
- The products you have chosen to order, including their cost
- Any commentary that you may add to your order
- The method of payment you select for your order and later information concerning settlement of the payment
These data may be used to an appropriate extent for marketing purposes, as well.
b) Basis in law
The aforementioned categories of data are collected and processed by us for the purpose of preparing and performing a contract with you.
Moreover – to the extent a purchase contract is concluded – the resulting booking records are saved as required by law pursuant to § 147 Para. 1 No. 4 of the German Tax Code (Abgabenordnung).
The use of your data for marketing purposes is justified by our legitimate interest in making our offerings as attractive as possible and in advertizing them.
c) Data transmission and rights of access
Rights of access are governed by our various internal access policies and by the corresponding written service agreements we have concluded with our service providers.
The Foundation for the Jewish Museum Berlin is moreover entitled to transmit the data it has collected to any third parties it may have engaged for the purpose of selling tickets or handling your participation in an event, provided it shall transmit only such data and these data only to such exent as shall be necessary for the purpose. We assure you that both the Foundation for the Jewish Museum itself and any third parties it may engage shall use customer data on a strictly confidential basis.
It is sometimes necessary, in the context of events produced in cooperation with other institutions and organizations, to transmit data on reservations to these partners. To the extent this may be the case, we shall inform you separately of this fact in the course of your registration for the event.
d) Storage period
To the extent you conclude a purchase contract in our Online-Shop, we are required by law to save the corresponding booking records for a period of ten years. Thereafter, these records are deleted.
To the extent that you register for the regular use of our Online-Shop, your customer account shall be deleted when it is closed or when we for our part cease to offer that service.
In all other cases, your data shall be deleted pursuant to an appropriate cycle of deletion, not later than at the end of the second full year commencing after your data were collected.
11. Donate via Fundraise Up
Our website uses the online giving platform Fundraise Up (Fundraise Up Inc., 219 36th Street, Unit 4, Suite A100, Brooklyn, New York 11232 USA, hereinafter referred to as “Fundraise Up”) to generate donations.
We use data collected in this context (e.g. your name, email address, IP address, shortened payment card number and CVC code) for the purpose of your donation in accordance with Article 6(1)(ii)(b) of the GDPR in conjunction with Article 9(2)(d) of GDPR. We also process your data (name and email address) on the basis of our legitimate interests pursuant to Article 6(1)(f) of the GDPR, in order to contact you about other marketing campaigns.
Fundraise Up uses third-party payment services to transfer donations. When you donate via Fundraise Up, your details (e.g. name, amount of payment, account details, credit card number) are processed by the payment services provider for the purposes of that transaction. Such transactions are governed by the contractual provisions and privacy policy of the provider in question. The use of payment services providers is based on Article 6(1)(b) of the GDPR (performance of a contract) and in the interest of ensuring payments proceed as smoothly, easily and securely as possible (GDPR Article 6(1)(f)).
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available here:
https://fundraiseup.com/terms/
Further information on data processing is available at:
https://fundraiseup.com/privacy/
Order processing agreement
We have concluded an order processing agreement (abbreviated to AVV in German) with regard to the use of the above-named service. This is a contract required by data protection law, which ensures that the personal data of our website users is only processed in accordance with our instructions and in compliance with the GDPR.