Privacy Policy

Thank you for visiting our website. Protecting your privacy is important to us, particularly when it comes to your personal rights when processing and using personal information. In the following we would like to inform you of how your data is handled pursuant to Art. 13 of the General Data Protection Regulation (GDPR).

Responsible Party
The party responsible for collecting and processing the following data can be found under Impressum – Legal Notice.

In general, it is possible to visit our website without specifying personal data. Any personal data collected on our site (such as name, address, or e-mail address) can be given on a voluntary basis. This data will not be passed on to third parties without your express consent.

Please note that in regard to unsecured data transmission on the internet (e.g. via email), security cannot be guaranteed. Complete protection of your data from third-party access is not possible.

We hereby expressly prohibit the use by third parties of contact data published in the context of legal notice requirements on our website with regard to sending unsolicited promotional and informational material. The website operator hereby reserves the right to take legal action if unsolicited advertising material is sent, for example in the form of spam e-mails.

Storing IP addresses
We store the IP address received from your web browser for restricted purposes for seven days in order to recognize, limit, and eliminate attacks on our website. After this time, IP addresses will be deleted and/or anonymized. The legal basis is Art. 6 (1) (f) GDPR.

Usage Data
When you visit our website, our server temporarily logs so-called usage date for statistical purposes to improve the quality of our website. These data sets consist of
•    Referrer URL,
•    The name of the file,
•    The date and time of the request,
•    The amount of data transferred,
•    Access status (file transferred, file not found),
•    Description of the type of browser used,
•    The IP address of the computer making the request, shortened so that the IP address cannot be traced back to an individual user.
The above-mentioned server log files are stored anonymously.

Use of Cookies

Cookies are small data packets that are saved and read on your end device. There are two types of cookies: Session cookies, that are deleted as soon as you close your browser, and permanent cookies that are stored on your device’s memory until you delete them. Cookies can contain files that make it possible to recognize your device the next time you visit the site. To some extent, cookies only contain information regarding particular settings that cannot be linked to specific persons.
Our website uses cookies. The processing of personal data is regulated by Art. 6 (1) (f) GDPR in the interest of optimizing and allowing user guidance and to customize the design of our website.
You can configure your browser to inform you about the use of cookies. This makes the use of cookies transparent to you. Furthermore, you can delete cookies at any time in your browser settings and reject new cookies. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.
Information on our Tumblr blog and videos through YouTube can be found below.

Matomo
To tailor the design of our website we use the web analysis tool Matomo (without cookies). It generates user profiles based on anonymous usage data. Matomo does not save personal data or data that can be related to individual users.

Transfer of Data to Third Parties
Within the framework of data processing pursuant to Art. 28 GDPR, we transmit your data to third parties that support the operation of our website and the processes related to this. Our service providers are strictly bound to our instructions and accordingly bound by contract. The following service providers have been appointed by us: Hetzner Online GmbH, MailChimp, Tumblr.

Use of Tumblr for the Blog
For our blog, we have integrated content sharing components from Tumblr into the services on our website. These components are a service of Tumblr, Inc., 770 Broadway, New York, NY, 10003, USA. Every time you visit a page on our website equipped with these "Tumblr" components, your browser is prompted to download the corresponding display of the components from tumblr.com. During this process, Tumblr is made aware of which specific page on our website you have visited and from which IP address. We have no influence on the volume of data nor on the data itself that Tumblr collects through these components. According to our knowledge, the components are not used for any other purpose than displaying the page. You can find more information regarding this in Tumblr’s privacy policy at https://www.tumblr.com/policy/en/privacy. If you do not want Tumblr to associate your visit to our site with your Tumblr account, please log out of your Tumblr account before accessing our site.

YouTube
We use YouTube on our website. This is a video portal operated by YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube". YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, hereinafter referred to as "Google".
As soon as you access any of our webpages on which a YouTube video is embedded, a connection to the YouTube server in the USA will be established. This connection is required in order to be able to display the respective video on our website within your browser. YouTube will record and process at a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established. If you are logged in to YouTube when you access our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account.
For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
Further information about the collection and use of data as well as your rights and protection options in Google's privacy policy found at: https://policies.google.com/privacy

Newsletter
On our German website, we provide you with the opportunity to receive our newsletter. Once you have provided us with permission to send you information about museum offers via e-mail, we will process your data in accordance with Art. 6 (1) (a) GDPR. You may revoke your consent at any time without prejudice to the legality of any data processed prior to this. Once your consent is revoked, we will cancel any corresponding data processing.
You may cancel your subscription to the newsletter at any time by sending an e-mail to newsletter@kunsthalle-bremen.de or clicking on the link to unsubscribe found in every newsletter e-mail.

To send our newsletter, we use the services of MailChimp which is provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter “The Rocket Science Group”. Mailchimp is part of the Intuit group of companies and our parent entity is Intuit Inc. In this case, we transfer personal data to the service provider based in the USA, i.e. in a third country outside the EU that is insecure in terms of data protection law. As a guarantee for the data transfer to the USA, we have concluded a standard EU contract with MailChimp. Furthermore, we have concluded a data processing addendum with MailChimp in accordance with Art. 28 GDPR.  In addition, The Rocket Science Group provides further data protection information at http://mailchimp.com/legal/privacy/. When you subscribe to our newsletter, the data requested from you during the registration process such as your e-mail address and, optionally, your name will be processed by The Rocket Science Group. In addition, your IP address and the date and time of your registration will be saved. During the registration process, we will obtain your consent to receive this newsletter, describe its contents and refer you to this privacy policy. The newsletter subsequently sent via The Rocket Science Group will also contain so-called tracking bugs, also known as web beacons. The tracking bugs allow us to evaluate if and when you read our newsletter and if you clicked on any links embedded in the newsletter. In addition to other technical information, such as your EDP system data and your IP address, we process this data to optimize our newsletter and cater to the needs of our readers.

Contact Form
You have the possibility to contact us via a web form. In order to use our contact form, we need your name and e-mail address. You may impart other information, but this is not required. By submitting this e-mail form, you give us permission to electronically collect and save the data you specified. Legal basis for processing this data is Art. 6 (1) (a) GDPR. We only use your data to process your inquiry. You may revoke your consent at any time by sending an e-mail to info@kunsthalle-bremen.de

Ticketing
On our website, you have the possibility to order tickets. Our online ticketing process is operated by Visitate GmbH & Co. KG. This company acts on our instructions and specifications to process ticket orders. Personal information which is transferred while ordering tickets is used solely for transacting the corresponding contractual relationship pursuant to Art. 6 (1) (b) GDPR.

Online-Registration
We save and use the personal data that you transmit during a registration process pursuant to Art. 6 (1) (b) GDPR solely to carry out your registration of the event. We use your e-mail address to communicate to you the status of your registration.

Data Security
We take technical and organization measures to protect your data as completely as possible from undesirable access. For our part we employ an encryption process. Your information is transmitted from your computer to our server and back via the Internet using TLS encryption. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

Your Rights as a User
The GDPR grants you certain rights as a website user over the processing of your personal data:
1.) Right of access (Art. 15 GDPR): You have the right to demand confirmation about whether any personal data concerning you is being processed; where that is the case, you have the right to information about that personal data and other information listed in detail under Art. 15 GDPR.
2.) Right of rectification and erasure (Art. 16 and 17 GDPR): You have the right to demand correction of any inaccurate personal data without delay and also the right to have incomplete personal data completed where necessary. In addition, you have the right to have your personal data erased without delay for one of the reasons listed in detail in Art. 17 GDPR, e.g. if the data is no longer required for the original purpose.
3.) Right to restriction of processing (Art. 18 GDPR): You have the right to demand restriction of processing for one of the reasons listed in Art. 18 GDPR as a prerequisite for restriction, e.g. if you have lodged an objection to such processing for the time it takes to check the accuracy of the data.
4.) Right to data portability (Art. 20 GDPR): In certain cases, listed in detail in Art. 20 GDPR, you have the right to receive the relevant personal data in a structured, commonly used and machine-readable format and also have the right to transmit the data to a third party. 
5.) Right to object against processing (Art. 21 GDPR): Where data is processed on the basis of Art. 6 (1) (f) GDPR (data processing on the grounds of legitimate interests), you have the right to object at any time to processing of your data, if there are grounds for objection arising from your particular situation. If you lodge an objection, your personal data will no longer be processed unless we can show evidence of compelling, legitimate reasons for processing it which outweigh your interests, rights and freedoms, or if processing the information serves to assert, exercise or defend our rights or legal claims. Please send any objections to: Kunsthalle Bremen - Der Kunstverein in Bremen, Am Wall 207, 28195 Bremen, Germany, e-mail: info@kunsthalle-bremen.de
6.) Right to lodge a complaint with a supervising authority: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe processing of your data violates any data protection provisions. In particular, a complaint may be lodged with a supervisory authority in the member state of your place of residence, place of work, or in the place where the alleged infringement occurred.

Data Security Officer for the Kunsthalle Bremen - Der Kunstverein in Bremen:

Dr. Uwe Schläger, datenschutz nord GmbH, Konsul-Smidt-Str. 88, 28217 Bremen, Germany
www.datenschutz-nord-gruppe.de | e-mail: office@datenschutz-nord-gruppe.de | T +49(0)421 -  69 66 32 0

 

Sources: eRecht24Muster-Datenschutzerklärung der Anwaltskanzlei Weiß & Partner, datenschutz nord GmbH

 

Privacy Policy for Social Media

In the following, we would like to inform of how we deal with your data pursuant to Art. 13 of the General Data Protection Regulation (GDPR).

Party Responsible
We, the Kunsthalle Bremen, operate the following social media pages:
•    Twitter: https://twitter.com/Kunsthalle_HB
•    Facebook: https://www.facebook.com/KunsthalleBremen
•    YouTube: https://www.youtube.com/KunsthalleBremen
•    Instagram: https://www.instagram.com/Kunsthalle.Bremen/
•    Voice Republic: https://www.voicerepublic.com/users/kunsthalle-bremen

You can find our contact information under Impressum – Legal Notice.

In addition to us, there are the operators of social media platforms themselves. In this respect, they are also parties responsible for processing data, and our influence over them is limited. In those places where we can exert our influence and set the parameters of data processing, we work with the operators of social media platforms towards fair data protections using the means we have available. In many cases, we are not able to exert any influence over the way operators of social media platforms process the data, and we are not precisely aware of what data they process. However, these operators explain how user data is managed in their own privacy policies.

How We Use Your Data
Data such as comments, videos, images, likes, public messages, etc. that you enter on our social media sites are published by the social media platforms and are not used or processed for other purposes at any time. We reserve the sole right to delete content if necessary. Where appropriate we may share your content on our page if this is a function of the social media platform or communicate with you via the social media platform. The legal basis for this is Art. 6 (1) (f) GDPR. Processing the data in such a way is carried out in the interest of public relations and communication.

If you object to the use of specific data being processed over which we have influence, please contact the officer named in our Impressum – Legal Notice. We will verify your objection or direct you to the social media platform if necessary.

If you submit an inquiry on one of the social media platforms, we will refer you to another, more secure means of communication to guarantee confidentiality depending on the answer you require. You always have the option of sending confidential inquiries to the address stated in the Impressum – Legal Notice.

As stated above, we attempt to ensure that our social media pages conform as closely as possible to data privacy regulations as far as allowed by the operators of social media platforms. For this reason, we do not use demographic, interest-based, behaviour-based, or location-based target group definitions for advertising that the operators of social media platforms may make available to us. In general, we do not use social media platforms for advertising purposes. We have little influence over, nor can we switch off the statistics that operators of social media platforms make available to us. However, we make sure that no additional optional statistics are provided to us.

Data Processing by Operators of Social Media Platforms
Operators of social media platforms use web tracking methods. Such web tracking may also occur irrespective of whether you are logged on or registered with the social media platform. As already mentioned, we unfortunately have no control over the web tracking methods of social media platforms. We are, for instance, unable to switch this method off.

Please be aware that it is not out of the question for a social media platform to use your profile and user behaviour data in order to assess such things as your habits, personal relationships, preferences etc. We have no control whatsoever over the processing of your data by the operator of a social media platform.

For more information about data processing by social media platform operators and other ways to object to the use of your data, please refer to the Privacy Policy of the relevant operator:
•    Twitter: https://twitter.com/de/privacy
•    Facebook: https://www.facebook.com/privacy/explanation
•    YouTube: https://policies.google.com/privacy?hl=de&gl=de
•    Instagram: https://help.instagram.com/519522125107875
•    Voice Republic: https://blog.voicerepublic.com/privacy-statement/

In those cases where we are jointly responsible with the social media platform for the processing of data, you will find essential information regarding joint processing of your data here:
•    Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

Your Rights as a User
The GDPR gives you certain rights as a website user over the processing of your personal data:
1.) Right to access (Art. 15 GDPR):
You have the right to demand confirmation about whether any personal data concerning you is being processed; where that is the case, you have the right to information about that personal data and other information listed in detail under Art. 15 GDPR.
2.) Right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to demand correction of any inaccurate personal data without delay and also the right to have incomplete personal data completed where necessary.
In addition, you have the right to have your personal data erased without delay for one of the reasons listed in detail in Art. 17 GDPR, e.g. if the data is no longer required for the original purpose.
3.) Right to restriction of processing (Art. 18 GDPR):
You have the right to demand restriction of processing for one of the reasons listed in Art. 18 GDPR as a prerequisite for restriction, e.g. if you have lodged an objection to such processing for the time it takes to check the accuracy of the data.
4.) Right to data portability (Art. 20 GDPR):
In certain cases, listed in detail in Art. 20 GDPR, you have the right to receive the relevant personal data in a structured, commonly used and machine-readable format and also have the right to transmit the data to a third party.
5.) Right to object (Art. 21 GDPR):
Where data is processed on the basis of Art. 6 (1) (1 f) GDPR (data processing on the grounds of legitimate interests), you have the right to object at any time to processing of your data, if there are grounds for objection arising from your particular situation. If you lodge an objection, your personal data will no longer be processed unless we can show evidence of compelling, legitimate reasons for processing it which outweigh your interests, rights and freedoms, or if processing the information serves to assert, exercise or defend our rights or legal claims.

Right to Lodge a Complaint with a Supervisory Authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe processing of your data violates any data protection provisions. In particular, a complaint may be lodged with a supervisory authority in the member state of your place of residence, place of work, or in the place where the alleged infringement occurred.

Contact Details for our Data Security Officer
Our data security officer is available for information or suggestions regarding data security:
Dr. Uwe Schläger, datenschutz nord GmbH, Konsul-Smidt-Straße 88, 28217 Bremen, Germany
www.datenschutz-nord-gruppe.de | E-Mail: office@datenschutz-nord-gruppe.de | T +49(0)421 - 69 66 32 0