Data protection of Berliner Philharmoniker

Data protection information

The website www.berliner-philharmoniker.de is a service of the Berliner Philharmoniker Foundation ("Berliner Philharmoniker" or "we"). This privacy policy informs you about the processing of personal data in connection with the use of this website. If you are redirected to other websites via a link, the data protection provisions of the respective website operator apply. We recommend that you inform yourself about the handling of personal data on the linked page. We know that the protection of this data is important to you and appreciate the trust you place in us. We strictly adhere to the legal provisions of the applicable data protection law when collecting, processing and using this data.

Overview

1. Who is responsible for data processing and who can I contact?

The responsible party for this website is:

Berliner Philharmoniker Foundation
Herbert-von-Karajan-Str. 1
10785 Berlin Germany
General manager: Andrea Zietzschmann
Email
Tel: +49 (0)30 254 88 - 0

You can reach our data protection officer at:

Dennis Störkel

- Data protection officer -
General-Pape-Straße 14
12101 Berlin

Email: Datenschutz@berliner-philharmoniker.de
Telephone: +49 172 3810754

2. What sources and data do we use?

2.1 Visiting the website

When you visit the website, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion: IP address of the requesting computer, date and time of access, name and URL of the accessed file, website from which the access was made ("referrer URL"), the search engine you used, if applicable, the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • ensuring a comfortable use of our website,
  • billing, statistical analysis using a pseudonym in order to optimise the internet presence as well as the quality and range of services,
  • analysis of system security and stability as well as for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 p. 1 point b GDPR, insofar as the data processing is necessary for the provision of the website or for billing purposes. In all other respects, the data processing is based on Art. 6 para. 1 p. 1 point f GDPR. Our legitimate interest follows from the data collection purposes listed above. The log files are deleted after the end of the respective browser session, at the latest after 30 days, unless their further storage is necessary for the purposes listed above.

In addition, we use cookies and analysis services when you visit our website in accordance with section 4 below.

2.2 Online ticket orders

In addition, we process personal data that we receive from you in the course of our business relationship. For example, we process personal data that you provide to us in the context of ticket orders (in writing, by fax, by email, via our website or by other means), other enquiries (in particular by email or via the contact form on our website) or when registering for our newsletter (see section 5 below). The legal basis is Art. 6 para. 1 p. 1 point b GDPR, for the newsletter Art. 6 para. 1 p. 1 point a GDPR.

We require the following data for the processing and handling of (online) ticket orders: title, full name, email address, address (billing address and, if applicable, different shipping address), bank details or credit card details. When registering for an online order, you must also choose a password to enable you to access the customer area in the future without having to enter your personal data again.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

3.1 To fulfil contractual and pre-contractual obligations (Art. 6 para. 1 p. 1 point b GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) is carried out to provide the services offered on our website, to process the purchase contracts for concert tickets, for billing purposes, to carry out pre-contractual measures and to respond to your enquiries (e.g. by email or via our contact form) in connection with our business relationship.

Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.

3.2 In the context of the balancing of interests (Art. 6 para. 1 p. 1 point f GDPR)

Insofar as necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties, such as in the following cases:

  • Answering your enquiries (e.g. by email or via our contact form) outside of a contract or pre-contractual measures;
  • Advertising or market and opinion research, unless you have objected to the use of your data;
  • Taking photographs and video recordings of our concerts, including people in the auditorium, and publishing them for advertising purposes;
  • Operation and optimisation of the website;
  • Use of cookies in accordance with section 4 below;
  • Assertion of legal claims and defence in legal disputes;
  • Ensuring our IT security and operation;
  • Prevention and investigation of criminal offences.

3.3 Based on your consent (Art. 6 para. 1 p. 1 point a GDPR)

Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent.  Consent given can be revoked at any time. Please note that the revocation only takes effect with regard to the future. Processing that took place before the revocation is not affected.

3.4 Due to legal requirements (Art. 6 para. 1 p. 1 point c GDPR)

We are also subject to various legal obligations, i.e. legal requirements. The purposes of the processing include, among others, the fulfilment of retention periods under commercial and tax law.

4. Cookies

We use cookies or pixel tags on our website that collect your data using pseudonym techniques. Cookies are small text files that a website generates and that your internet browser stores on your hard drive when you visit the website. Pixel tags are small graphic files that are often used together with cookies. Cookies and pixel tags are hereafter jointly referred to as "cookies".

You can change your cookie settings for our website at any time here.

If your device supports it, you can also prevent the use of cookies at any time by setting your internet browser so that it does not accept any new cookies (in particular third-party cookies) or informs you of new cookies. You can also delete any cookies that have already been saved in the settings of your internet browser. You can find help on how to change your cookie settings, for example, in the help function of your internet browser. Further information on this and on cookies in general can be found, for example, at http://www.allaboutcookies.org and http://www.youronlinechoices.com.

Please note that you will not be able to use some functions of our website if you do not accept cookies.

On our website, we use technically necessary cookies and cookies that we use for statistical and marketing purposes:

4.1 Technically necessary cookies

Most of the cookies we use are technically necessary to enable you to use our website and the services offered on it ("session cookies"). Our legitimate interest in data processing lies in this purpose; the legal basis is Art. 6 para. 1 p. 1 point f GDPR. The data will not be combined with other personal data and will not be used for advertising purposes. Unless otherwise stated, session cookies are deleted after the end of the respective browser session, or at the latest after seven days.

Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com (hereinafter "Usercentrics").

When you enter our website, the following data is transferred to Usercentrics:

• Your consent(s) or the revocation of your consent(s)

• Your IP address

• Your geographical location

• Information about your browser

• Information about your device

• Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 point c GDPR)

Usercentrics acts as a processor for us within the context of Art. 28 GDPR.

You can find the data protection provisions of Usercentrics here: https://usercentrics.com/privacy-policy/.

4.2 Statistics and Marketing

If you have given your consent on our website, we also use cookies to create a pseudonymous usage profile for the purpose of web analysis ("web analysis cookies"). These cookies enable us to recognise returning users (device owners), analyse their behaviour on our website, optimise our website and measure its reach. The legal basis for the data processing is Art. 6 para. 1 p. 1 point a GDPR. You give your consent to this tracking on our website by clicking on "Accept all" in our cookie banner or by specifically allowing the service under the settings; no web analytics cookies will be set before this happens. We do not combine the data with other personal data and we do not use it to target individual users for advertising purposes. The web analytics cookies are deleted after 14 months at the latest or if you revoke your consent before then.

Google Analytics

For this web analysis, we use the web analysis service Google Analytics, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and - if you are a resident of the European Economic Area (EEA) or Switzerland - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses cookies which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of the website (including pages viewed, user interactions, browser type/version, operating system used, referrer URL, host name of the accessing computer (IP address), approximate location (region), date and time of server request) will be transmitted to and stored by Google on servers in the United States, Singapore, Taiwan and Chile. These countries are considered to have an insufficient level of data protection according to EU standards. We have therefore extended Google Analytics on our website with the code "anonymizeIp()" to ensure anonymised collection of IP addresses (so-called IP masking). Your IP address will therefore be truncated by Google beforehand by the last octet within Member States of the European Union or in other contracting states of the European Economic Area ( EEA ) Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server outside the EEA and shortened there. In addition, by concluding so-called standard data protection clauses within the meaning of Art. 46 para. 2 point c GDPR guarantees the protection of your data. If the data is transferred to the USA, in the opinion of the data protection authorities, there is nevertheless a risk that your data will be processed by authorities, for control and for monitoring purposes, possibly also without the possibility of legal redress. With your consent to the use of cookies, you simultaneously declare your consent in accordance with Art. 49 para. 1 p. 1 point a GDPR, that your data may be processed in the USA and in other countries outside the EEA despite this risk. On our behalf, Google uses the information generated by the cookies to analyse your use of the website for us, to compile reports on website activity and to provide us with other services related to website and internet use. You can revoke your consent at any time here.

You may also refuse the use of cookies by selecting the appropriate settings on your browser (see above); however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google for all websites by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=.

For more information on the terms of use and data protection of Google Analytics, please visit https://www.google.com/analytics/terms/gb.html and https://support.google.com/analytics/answer/6004245?hl=.

Hotjar

We use the analytics service provided by Hotjar Ltd Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta ("Hotjar").

Hotjar works with cookies and other technologies to collect data about your behaviour and about your end devices, in particular the IP address of your device, screen size, device type (unique device identifiers), information about the browser used, location (country only) and the language preferred to view our website.

The legal basis for the data processing is Art. 6 para. 1 p. 1 point a GDPR, i.e. your consent.

Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

If you want to prevent the use of Hotjar, you can revoke your consent at any time here.

You can also delete existing cookies in your browser and prevent the storage of (third-party) cookies in your browser settings (see above). However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent.

You can find more information on Hotjar's terms of use and data protection at www.hotjar.com/legal/policies/terms-of-service/ and www.hotjar.com/legal/policies/privacy/.

5. Google Tag Manager

We use the Google Tag Manager from Google ( for information on the provider, see point 5 above).

Google Tag Manager allows us to integrate cookies, conversion pixels or tracking codes from programmes such as Google Analytics into the website and manage them centrally. For this purpose, small code sections (so-called website tags) are used, which are stored in a container. When loading the Google Tag Manager, cookies can be transferred and personal data (e.g. IP address, browser information, language) can be transmitted to Google. Google may ask you for permission to share some product data (e.g. your account information) with other Google products in order to enable certain features, e.g. to facilitate the addition of new conversion tracking tags for ads. Google also receives data from us about our use and usage of Google Tag Manager in order to further develop the product. The legal basis for the data processing is Art. 6 para. 1 p. 1 point a GDPR. You give your consent on our website by clicking on "Accept all" in our cookie banner or by specifically allowing the service under the settings; until this happens, the Google Tag Manager will not be loaded.

The web analysis tools integrated by the tags, such as Google Analytics, also collect and process personal data. Information on data processing can be found in the texts of our data protection notices for the respective providers. Google Tag Manager respects your cookie preferences, i.e. if you have prevented the use of cookies, the Google Tag Manager does not change this setting.

By integrating the Google Tag Manager into our website, data may be transmitted to Google's servers in the USA, Singapore, Taiwan and Chile. These countries are considered to have an insufficient level of data protection according to EU standards. We have therefore provided guarantees for the protection of your data by concluding so-called standard data clauses within the meaning of Art. 46 para. 2 point c GDPR. If the data is transferred to the USA, in the opinion of the data protection authorities, there is nevertheless a risk that your data will be processed by US authorities, for control and for monitoring purposes, possibly also without the possibility of legal redress. By consenting to the use of Google Tag Manager, you also consent to the processing of your data in the USA and other countries outside the EEA in accordance with Art. 49 para. 1 p. 1 point a GDPR, despite this risk.

You can revoke your consent at any time. The legal validity of the processing carried out on the basis of your consent until revocation remains unaffected by this. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

For more information, see the Tag Manager Help at support.google.com/tagmanager/answer/9323295, Google's Terms of Use at www.google.com/intl/en/policies/terms/, Google's Privacy Policy at www.google.com/intl/en/policies/privacy/) and Google Tag Manager's Terms of Use Policy at www.google.com/analytics/tag-manager/use-policy/.

6. Email Marketing

6.1 Newsletter

If you have expressly consented in accordance with Art. 6 para. 1 p. 1 point a GDPR, we will use your email address to inform you about us, in particular the current programme and highlights from the world of the Philharmoniker, in our newsletter by email. Your consent will be logged.

To receive the newsletter, it is sufficient to provide an email address.

You can unsubscribe at any time, for example via the link at the end of each email. Alternatively, you are welcome to send your unsubscribe request at any time to the email of the data protection officer(s). In this case, your email address will be deleted from our email distribution list and added to our blacklist. The revocation of your consent will only take effect for the future. Processing that took place before the revocation is not affected.

Newsletter Tracking

Please note that we analyse the behaviour of the recipients of our emails using pseudonymous usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, each of which is linked to an individual ID. In this way, we record the time of opening and forwarding the email as well as the time of clicking on the links contained therein, the IP address (to determine the country of access) and the email programme used.

This data is not linked to your email address or other personal data, so that we cannot directly relate it to a person. The analysis is based on aggregated usage statistics (delivery rate, opening rate, click rate, number of forwardings, number of clicks on the links contained in the email, email programs used, openings and clicks by time of day and date, country of access). Only in the case of unsubscriptions or failed deliveries do we additionally receive the information about the name and email address. This is (also) in your interest so that we can immediately delete you from our email distribution list or correct the delivery problem. The pseudonymous evaluation of usage behaviour is used to check the success of our email marketing and to constantly improve it. The legal basis for the evaluation is your consent to receive the newsletter in accordance with Art. 6 para. 1 p. 1 point a GDPR. You can revoke your consent to the evaluation at any time by unsubscribing from the newsletter (e.g. via the link at the end of each email); an isolated revocation only with regard to the evaluation is (currently) technically not possible. We store your pseudonymous usage data until you have revoked your consent to the evaluation.

Dispatch and evaluation by Campaign Monitor

We use the external service provider Campaign Monitor Pty Ltd, 201 Elizabeth St, Sydney, NSW, Australia 2000 ("Campaign Monitor") as a processor within the meaning of Art. 28 of the GDPR for sending and analysing the emails. A corresponding processing contract is in place. The transmission of your information to Australia, a third country outside the EU, is covered by appropriate safeguards within the meaning of Art. 46 of the GDPR (conclusion of EU standard data protection clauses). The service provider processes your data exclusively on our instructions and for the purposes stated in this data protection information. Data will only be passed on to other third parties with your consent (Art. 6 para. 1 p. 1 point a GDPR) or if we are legally obliged to do so in individual cases (Art. 6 para. 1 p. 1 point c GDPR). Within the Berliner Philharmoniker, only those parties that need your data to carry out email marketing receive access to it.

6.2 Marketing to existing customers

If you have already purchased goods from us against payment or used services from us against payment, we will inform you from time to time by email or letter about similar goods and services of the Berliner Philharmoniker, unless you have objected to this.

The legal basis for the data processing is Art. 6 para. 1 p. 1 point f GDPR. Our legitimate interest lies in direct advertising (recital 47 GDPR).

You can object to the use of your email address and postal address for advertising purposes at any time without incurring additional costs, for example via the link at the end of each email or by email to datenschutz@berliner-philharmoniker.de.

7. Social media plugins (Facebook, Twitter, Instagram, Spotify)

We use social media plugins from the following providers on our website:

  • Meta Platforms Ireland Limited (formerly Facebook Ireland Limited), 4 Grand Canal Square, Dublin 2, Ireland or Meta Platforms Inc. (formerly Facebook Inc.), 1 Hacker Way, Menlo Park, California, USA ("Meta"), responsible for the social media services Facebook and Instagram.
  • Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland (if you live within the EU, EFTA countries or the United Kingdom) or Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA (if you live in other countries) ("Twitter")
  • Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden ("Spotify")

You can recognise the provider of the plugin by the name of the respective plugin and the logo. We offer you the possibility to communicate directly with the provider of the plugin via the button.

Only if you have given your consent (Art. 6 para. 1 p. 1 point a GDPR) on our website by clicking on "Accept all" in our cookie banner, by specifically allowing the service under the settings or by clicking a button and thereby activating it, will the plugin provider receive the information that you have accessed the corresponding webpage of our online offer as well as further data (e.g. IP address, browser information, device information including device ID and application ID, operating system, location, mobile phone provider). By activating the plugin, personal data is therefore transmitted from you to the respective plugin provider and stored there (also in the USA and other countries outside the EEA). By giving your consent, you also consent to the processing of your data in the USA and other countries outside the EEA (so-called third countries) in accordance with Art. 49 para 1 p. 1 point a GDPR. Some third countries are considered to have an insufficient level of data protection according to EU standards. This applies in particular to the USA. In the opinion of the data protection authorities, if the data is transferred to the USA, there is in particular the risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy. Until you have given your consent on our website, there is no data flow to the plugin providers. You cannot use the plugins if you do not give your consent.

You can withdraw your consent at any time by clicking here (Facebook), here (Twitter), here (Instagram) or here (Spotify).

When you click on a button, the plugin provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plugin provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you avoid being assigned to your profile with the plugin provider. 

Further information on the purpose and scope of data collection and processing by the plug-in provider and on your rights in this regard and setting options for protecting your privacy can be found at

Joint responsibility with Meta Platforms Ireland Limited

Joint responsibility with Meta Platforms Ireland Limited For the Meta social plugins integrated on our website, there is joint responsibility between us and Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) within the meaning of Art. 26 GDPR. Meta Platforms Ireland Limited is a joint controller of the joint processing. The information required pursuant to Art. 13 para. 1 p. 1 points a and b GDPR can be found in the Meta Platforms Ireland data policy at https://www.facebook.com/about/privacy

The purposes for which the collection and transfer of the personal data constituting joint processing in the context of our use of the social plugins is carried out is set out in the terms of use for Meta's covered products (https://www.facebook.com/legal/terms/businesstools).

Further information on how Meta Platforms Ireland Limited processes personal data, including the legal basis on which Meta Platforms Ireland Limited relies and how data subjects can exercise their rights against Meta Platforms Ireland Limited, can be found in Meta Platforms Ireland Limited's data policy at https://www.facebook.com/about/privacy.

We have entered into the Controller Addendum for the purposes of Article 26 para. 1 p. 2 of the GDPR with Meta Platforms Ireland Limited, available at https://www.facebook.com/legal/controller_addendum, in order to define the respective responsibilities for fulfilling the obligations under the GDPR with respect to joint processing (as set out in the Terms of Use for Covered Products at https://www.facebook. com/legal/terms/businesstools); agreed that we are responsible for providing data subjects with at least the above information; agreed that, between the parties, Meta Platforms Ireland Limited is responsible for enabling data subjects' rights under Art. 15 to 20 of the GDPR with respect to personal data stored by Meta Platforms Ireland Limited following joint processing.

Simple links to further social media services

Our website also contains simple links to our profiles on Facebook, Twitter, YouTube (for the provider, see section 8 below), Instagram, Spotify and Apple Music (for the provider, see https://www.apple.com/de/legal/internet-services/itunes/de/terms.html under L.). If you click on these links, you will leave our website. The data processing on the websites of the social media providers is governed by the data protection provisions available there.

8. Integration of YouTube videos

This website uses plugins from the website www.youtube.com, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in the European Economic Area and Switzerland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (in other countries) ("YouTube"). With the help of the plugins, we can integrate videos stored on www.youtube.com into our online offer so that they can be played directly on our website. 

Only when you have given your consent (Art. 6 para. 1 p. 1 point a GDPR) on our website by clicking on "Accept all" in our cookie banner, by specifically allowing the service under the settings or by clicking a button and thereby activating it, will YouTube receive the information that you have accessed the corresponding sub-page of our website. In addition, further data is transmitted to YouTube's servers in the USA and other countries outside the EEA (e.g. browser information, device information, IP address). This occurs regardless of whether you have a user account with YouTube or are logged in to YouTube. If you are logged in to YouTube and play a video, your data will be directly assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before visiting our website. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, which you must assert vis-à-vis YouTube. We have no influence on this data transmission and processing by YouTube.

By consenting to the integration of videos, you also consent to the processing of your data in the USA and in other countries outside the EEA (so-called third countries) in accordance with Art. 49 para. 1 p. 1 point a GDPR. Some third countries are considered to have an insufficient level of data protection according to EU standards. This applies in particular to the USA. In the opinion of the data protection authorities, if the data is transferred to the USA, there is in particular the risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.

Before you have given your consent on our website, there is no data flow to YouTube. You will not be able to view the videos embedded on our website via our website if you do not give your consent.

You can revoke your consent at any time by clicking here.

For more information on the purpose and scope of data collection and processing by YouTube, please visit https://www.google.de/intl/en/policies/privacy.  There you will also receive further information on your rights and setting options to protect your privacy.

9. Integration of Vimeo videos

This website uses plugins from the provider Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA ("Vimeo").

With the help of the plugins, we can integrate videos stored in the video portal into our online offer so that they can be played directly on our website. 

Only when you have given your consent (Art. 6 para. 1 p. 1 point a GDPR) on our website by clicking on "Accept all" in our cookie banner, by specifically allowing the service under the settings or by clicking a button and thereby activating it, will Vimeo receive the information that you have accessed the corresponding sub-page of our website. In addition, further data is transmitted to Vimeo's servers in the USA (e.g. browser information, device information, IP address). This occurs regardless of whether you have a user account with Vimeo or are logged in to Vimeo. If you are logged in to Vimeo and play a video, your data will be directly assigned to your account. If you do not wish to have your data associated with your Vimeo profile, you must log out before visiting our website. Vimeo stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, which you must assert vis-à-vis Vimeo. We have no influence on this data transmission and processing by Vimeo.

By giving your consent, you also consent in accordance with Art. 49 para. 1 p. 1 point a GDPR to your data being processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedy.

Before you have given your consent, there will be no data flow to Vimeo. You will not be able to view the videos embedded on our website via our website if you do not give your consent.

You can revoke your consent at any time by clicking here.

Further information on the purpose and scope of data collection and processing by Vimeo can be found at vimeo.com/privacy . There you will also receive further information on your rights and setting options to protect your privacy.

10. Integration of our publications as ePaper with Issuu

This website uses plugins from the provider Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA ("Issuu").

With the help of the plugins, we can integrate our publications stored on www.issuu.com as ePaper into our online offer, so that you can view them directly on our website. Only when you have given your consent (Art. 6 para. 1 p. 1 point a GDPR) on our website by clicking on "Accept all" in our cookie banner, by specifically allowing the service under the settings or by clicking a button and thereby activating it, will Issuu receive the information that you have accessed the corresponding sub-page of our website. In addition, further data is transmitted to Vimeo's servers in the USA (e.g. browser information, device information, IP address). This occurs regardless of whether you have a user account with Issuu or are logged in to Issuu. If you are logged in to Issuu and view a publication, your data will be assigned directly to your account. If you do not wish to have your data associated with your Issuu profile, you must log out before visiting our website. Issuu stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, which you must assert vis-à-vis Issuu. We have no influence on this data transmission and processing by Issuu.

By giving your consent, you also consent to the processing of your data in the USA in accordance with Art. 49 para 1 p. 1 point a GDPR. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedy.

Until you have given your consent on our website, there is no data flow to Issuu. You will not be able to view the publications embedded on our website via our website if you do not give your consent.

You can revoke your consent at any time by clicking here.

Further information on the purpose and scope of data collection and processing by Issuu can be found at https://issuu.com/legal/privacy. There you will also receive further information on your rights and setting options to protect your privacy.

11. Who receives my data?

Within our organisation, your data will be accessed by those who need it to fulfil our contractual and legal obligations.

Contractors appointed by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, logistics, printing and shipping services, ticketing, payment services and credit transactions, telecommunications, debt collection, newsletter dispatch, sales and marketing.

In particular, we use a contractor with headquarters and servers in Germany for the hosting and design of the website.

We disclose your personal data to third parties if this is necessary for the fulfilment of a contractual relationship existing between you and the Berliner Philharmoniker or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 point b GDPR) or for the protection of legitimate interests (Art. 6 para. 1 p. 1 point f GDPR) We only pass on information that the respective service provider requires to fulfil the task assigned to it. The service provider undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.

In addition, your personal data will be forwarded or transmitted if required by law (Art.  6 para. 1 p. 1 point c GDPR) or if you have consented (Art. 6 para. 1 p. 1 point a GDPR).

Under these conditions, recipients of personal data may be, for example:

  • Subcontractors used by us to provide the services offered via the website (e.g. shipping companies for ticket sales).
  • Financial institutions for the collection of payment.
  • Public bodies and institutions in the event of a legal obligation or official order.

12. How long will my data be stored?

Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.

In addition, we are subject to various retention and documentation obligations, which result from the German Commercial Code (Handelsgesetzbuch) (HGB) and the German Fiscal Code (Abgabenordnung) (AO), among others. The retention and documentation periods specified there are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting vouchers (§§ 238, 257 para. 1 and 4 HGB, § 147 para. 1 and 3 AO). Such retention and documentation obligations exist in particular if you conclude a contract with us (e.g. purchase of a concert ticket, registration in the customer portal as part of an online ticket purchase).

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch) (BGB), are usually three years, but in certain cases can be up to thirty years.

After expiry of the retention and documentation obligations as well as the relevant limitation periods, we delete the data.

Log files and cookies are deleted within the above-mentioned periods.

13. Is data transferred to a third country or to an international organisation?

Data is transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the execution of contracts or is required by law or if you have given us your consent. We will inform you separately about the details, if required by law. In addition, the processors in third countries named in these data protection provisions (e.g. Campaign Monitor) receive access to your data.

14. What data protection rights do I have?

You have the right to information (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR) and the right to data portability (Article 20 of the GDPR). With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 of the German Data Protection Act (BDSG) apply. You also have the right to object to data processing by us (Art. 21 of the GDPR). Insofar as our processing of your personal data is based on consent (Art. 6 para. 1 p. 1 point a GDPR), you may revoke this consent at any time; the lawfulness of the data processing carried out on the basis of the consent up to the revocation remains unaffected by this.

To assert all these rights and for further questions on the subject of personal data, you can contact our data protection officer at datenschutz@berliner-philharmoniker.de or our postal address (see above point 1) at any time.

Irrespective of this, you have the right to lodge a complaint with a supervisory authority - in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement - if you are of the opinion that the processing of personal data relating to you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Section 19 German Federal Data Protection Act [BDSG]).

15. Is there an obligation to provide data?

Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it.

Mandatory fields are marked as such on our website.

16. To what extent is there automated decision-making in individual cases?

In principle, we do not use any fully automated decision-making in accordance with Art. 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

17. Data security

We take a variety of security measures to adequately protect personal data to the appropriate extent.

All customer information is stored on security servers that are protected from access from other networks by a software firewall. Only those employees who need information to process a particular enquiry or order have access to the data. Employees are trained in the secure handling of data.

Where we collect personal data on our sites, the transmission is encrypted using industry standard Secure Socket Layer ("SSL") technology. This applies to all particularly sensitive data such as credit card numbers and account information.

18. Availability of data protection provisions

This Privacy Policy can be viewed, saved and printed as a PDF.

Stand: 16.08.2022


Datenschutzbestimmungen für Online-Führungen

Berliner Philharmonie gGmbH

Berliner Philharmonie gGmbH

Data Protection for Online Tours

The online tours are offered by Berliner Philharmonie gGmbH ("organiser" or "we"). This data protection policy informs you about the processing of personal data in connection with participation in online tours ("online tour"). We know that the protection of your data is important to you and appreciate the trust placed in us. The organiser strictly adheres to the legal provisions of the applicable data protection law when collecting, processing and using data.

Who is responsible for data processing and who can I contact?

The responsible body for the processing of personal data in the context of participation in the online tours is:

Berliner Philharmonie gGmbH
Herbert-von-Karajan-Straße 1
10785 Berlin

Managing director: Frank Kersten

Email: info@berliner-philharmoniker.de
Tel.: +49 (0)30 254 88 – 0

 

You can reach our company data protection officer at:

Berliner Philharmonie gGmbH

– Data protection officer –

Berliner Philharmonie gGmbH
Herbert-von-Karajan-Straße 1
10785 Berlin

Email: datenschutz@berliner-philharmoniker.de

2. What sources and data do we use?

2.1 Purchase of tickets

We require the following data for the execution and processing of online ticket orders: title, full name, email address, address (billing address and, if applicable, different shipping address), bank details or credit card details. When registering for an online order, you must also choose a password to enable you to access the customer area in the future without having to re-enter your personal data.

2.2 Accessing the Zoom website

The online guided tours are conducted live by a guide commissioned by us using a video conferencing programme provided by Zoom Video Communications, Inc.  ("Zoom"). If you access the Zoom website, Zoom is responsible for data processing.

2.3 Participation in online tours

We process personal data that is collected in the course of your participation in the online tours of the Philharmonie Berlin or that we receive from you on the occasion of your participation in the online tours. The following data is subject to processing. Insofar as the provision of data is not required for participation in the online tour, the data is marked as "optional":

  • Participant details: displayed name, email address (for registered Zoom users), profile picture (optional).
  • Information about participation: subject and description of the online tour, traffic data such as times of dial-in, use of camera, microphone and chat, end of participation.
  • When dialling in by telephone: telephone number
  • Text, audio and video data: You have the option of using the chat, question or survey functions during the online tour. We process the text entries you make in order to display and, if necessary, log them during the video conference. If you use the audio and/or video function during the online tour, we process the data collected by the microphone of your end device and/or the video camera of the end device. You can switch off the microphone and/or the camera yourself at any time via the "Zoom" applications.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

3.1 For the fulfilment of contractual and pre-contractual obligations (Art.  6 para. 1 p. 1 point b GDPR)

The processing of personal data (Art.  4 No. 2 GDPR) is carried out for the execution of the online tours. The organiser does not make any recordings, recordings or screenshots of the online tours. Details on the purpose of data processing can be found in our General Terms and Conditions for Online Tours, which can be accessed here berliner-philharmoniker.de/en/agb/.

3.2 Within the framework of the balancing of interests (Art. 6 para. 1 p. 1 point f GDPR)

Where necessary, we process your data beyond the actual execution of the contract to protect the legitimate interests of us or third parties, such as in the following cases:

  • Responding to your enquiries other than in the context of a contract or pre-contractual measures;
  • Assertion of legal claims and defence in legal disputes;
  • Ensuring our IT security and operations; and
  • preventing and investigating criminal offences.

3.3 Based on your consent (Art. 6 para. 1 p. 1 point a GDPR)

Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

3.4 Due to legal requirements (Art. 6 para. 1 p. 1 point c GDPR)

In addition, we are subject to various legal obligations, i.e. statutory requirements. The purposes of the processing include, among others, the fulfilment of retention periods under commercial and tax law.

4. Who receives my data?

Within our organisation, your data will be accessed by those who need it to fulfil our contractual and legal obligations.

We also share your data with the provider Zoom, which we use as a processor (Art. 28 GDPR) to conduct the online tours via video conferencing program. Zoom will only have access to the data that Zoom needs to fulfil the task assigned to it. Zoom undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.

We only pass on your personal data to third parties if this is necessary for the fulfilment of a contractual relationship existing between you and us or for the implementation of pre-contractual measures (Art.  6 para. 1 p. 1 point b GDPR) or to protect legitimate interests (Art. 6 para. 1 p. 1 point f GDPR).

In addition, your personal data will be disclosed or transferred if required by law (Art. 6 para. 1 p. 1 point c GDPR) or if you have consented (Art. 6 para. 1 p. 1 point a GDPR).

Under these conditions, recipients of personal data may be, for example, public bodies and institutions in the event of a legal obligation or official order.

5. How long will my data be stored?

Insofar as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations resulting from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO), among others. The periods specified there for storage or documentation are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents (§§ 238, 257 paras. 1 and 4 HGB, § 147 paras. 1 and 3 AO). Such storage and documentation obligations exist in particular if you conclude a contract with us for participation in the online tour.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), are usually three years, but in certain cases can be up to thirty years.

After expiry of the retention and documentation obligations as well as the relevant limitation periods, we delete the data.

6. Is data transferred to a third country or to an international organisation?

The provider Zoom is based in the USA, i.e. a so-called third country (states outside the European Economic Area – EEA). Insofar as this is necessary for the execution of the online tours, Zoom will have access to your personal data. This involves a transfer of your personal data to the USA. The US is assessed by the European Court of Justice as a country that does not provide an adequate level of data protection according to EU standards. We have therefore provided guarantees for the protection of your data by concluding so-called standard data clauses within the meaning of Art. 46 para. 2 point c GDPR. Further information on data processing by Zoom, including details of how long your data will be stored, can be found at zoom.us/trust/. Apart from that, no data is transferred to third countries.

7. What data protection rights do I have?

You have the right to information (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR) and the right to data portability (Article 20 of the GDPR). The restrictions according to §§ 34 and 35 of the German Data Protection Act (BDSG) apply to the right to information and the right to delete data. You also have the right to object to data processing by us (Art. 21 of the GDPR).  Insofar as our processing of your personal data is based on consent (Art. 6 para. 1 p. 1 point a GDPR), you may revoke this consent at any time; the lawfulness of the data processing carried out on the basis of the consent up to the revocation remains unaffected by this.

To assert all of these rights and for further questions on the subject of personal data, you can contact our data protection officer (datenschutz@berliner-philharmoniker.de) or our postal address (see 1.1 above) at any time.

Irrespective of this, you have the right to lodge a complaint with a supervisory authority - in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement - if you are of the opinion that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art.  77 GDPR, § 19 BDSG).

8. Is there an obligation to provide data?

Within the scope of our contractual relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or carry out the order, or we will no longer be able to carry out an existing contract and may have to terminate it. Mandatory information is marked as such.

9. To what extent is there automated decision-making in individual cases?

As a matter of principle, we do not use fully automated decision-making pursuant to Art. 22 of the GDPR for the establishment and implementation of our contractual relationship.  Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.

10. Availability of data protection provisions

This data protection policy can be viewed, saved and printed out as a PDF at berliner-philharmoniker.de/en/privacy/.

As of 20.04.2021