Berliner Philharmonie gGmbH
Data Protection for Online Tours
The online tours are offered by Berliner Philharmonie gGmbH ("organiser" or "we"). This data protection policy informs you about the processing of personal data in connection with participation in online tours ("online tour"). We know that the protection of your data is important to you and appreciate the trust placed in us. The organiser strictly adheres to the legal provisions of the applicable data protection law when collecting, processing and using data.
Who is responsible for data processing and who can I contact?
The responsible body for the processing of personal data in the context of participation in the online tours is:
Berliner Philharmonie gGmbH
Managing director: Frank Kersten
Tel.: +49 (0)30 254 88 – 0
You can reach our company data protection officer at:
Berliner Philharmonie gGmbH
– Data protection officer –
Berliner Philharmonie gGmbH
2. What sources and data do we use?
2.1 Purchase of tickets
We require the following data for the execution and processing of online ticket orders: title, full name, email address, address (billing address and, if applicable, different shipping address), bank details or credit card details. When registering for an online order, you must also choose a password to enable you to access the customer area in the future without having to re-enter your personal data.
2.2 Accessing the Zoom website
The online guided tours are conducted live by a guide commissioned by us using a video conferencing programme provided by Zoom Video Communications, Inc. ("Zoom"). If you access the Zoom website, Zoom is responsible for data processing.
2.3 Participation in online tours
We process personal data that is collected in the course of your participation in the online tours of the Philharmonie Berlin or that we receive from you on the occasion of your participation in the online tours. The following data is subject to processing. Insofar as the provision of data is not required for participation in the online tour, the data is marked as "optional":
- Participant details: displayed name, email address (for registered Zoom users), profile picture (optional).
- Information about participation: subject and description of the online tour, traffic data such as times of dial-in, use of camera, microphone and chat, end of participation.
- When dialling in by telephone: telephone number
- Text, audio and video data: You have the option of using the chat, question or survey functions during the online tour. We process the text entries you make in order to display and, if necessary, log them during the video conference. If you use the audio and/or video function during the online tour, we process the data collected by the microphone of your end device and/or the video camera of the end device. You can switch off the microphone and/or the camera yourself at any time via the "Zoom" applications.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
3.1 For the fulfilment of contractual and pre-contractual obligations (Art. 6 para. 1 p. 1 point b GDPR)
The processing of personal data (Art. 4 No. 2 GDPR) is carried out for the execution of the online tours. The organiser does not make any recordings, recordings or screenshots of the online tours. Details on the purpose of data processing can be found in our General Terms and Conditions for Online Tours, which can be accessed here berliner-philharmoniker.de/en/agb/.
3.2 Within the framework of the balancing of interests (Art. 6 para. 1 p. 1 point f GDPR)
Where necessary, we process your data beyond the actual execution of the contract to protect the legitimate interests of us or third parties, such as in the following cases:
- Responding to your enquiries other than in the context of a contract or pre-contractual measures;
- Assertion of legal claims and defence in legal disputes;
- Ensuring our IT security and operations; and
- preventing and investigating criminal offences.
3.3 Based on your consent (Art. 6 para. 1 p. 1 point a GDPR)
Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
3.4 Due to legal requirements (Art. 6 para. 1 p. 1 point c GDPR)
In addition, we are subject to various legal obligations, i.e. statutory requirements. The purposes of the processing include, among others, the fulfilment of retention periods under commercial and tax law.
4. Who receives my data?
Within our organisation, your data will be accessed by those who need it to fulfil our contractual and legal obligations.
We also share your data with the provider Zoom, which we use as a processor (Art. 28 GDPR) to conduct the online tours via video conferencing program. Zoom will only have access to the data that Zoom needs to fulfil the task assigned to it. Zoom undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.
We only pass on your personal data to third parties if this is necessary for the fulfilment of a contractual relationship existing between you and us or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 point b GDPR) or to protect legitimate interests (Art. 6 para. 1 p. 1 point f GDPR).
In addition, your personal data will be disclosed or transferred if required by law (Art. 6 para. 1 p. 1 point c GDPR) or if you have consented (Art. 6 para. 1 p. 1 point a GDPR).
Under these conditions, recipients of personal data may be, for example, public bodies and institutions in the event of a legal obligation or official order.
5. How long will my data be stored?
Insofar as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations resulting from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO), among others. The periods specified there for storage or documentation are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents (§§ 238, 257 paras. 1 and 4 HGB, § 147 paras. 1 and 3 AO). Such storage and documentation obligations exist in particular if you conclude a contract with us for participation in the online tour.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), are usually three years, but in certain cases can be up to thirty years.
After expiry of the retention and documentation obligations as well as the relevant limitation periods, we delete the data.
6. Is data transferred to a third country or to an international organisation?
The provider Zoom is based in the USA, i.e. a so-called third country (states outside the European Economic Area – EEA). Insofar as this is necessary for the execution of the online tours, Zoom will have access to your personal data. This involves a transfer of your personal data to the USA. The US is assessed by the European Court of Justice as a country that does not provide an adequate level of data protection according to EU standards. We have therefore provided guarantees for the protection of your data by concluding so-called standard data clauses within the meaning of Art. 46 para. 2 point c GDPR. Further information on data processing by Zoom, including details of how long your data will be stored, can be found at zoom.us/trust/. Apart from that, no data is transferred to third countries.
7. What data protection rights do I have?
You have the right to information (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR) and the right to data portability (Article 20 of the GDPR). The restrictions according to §§ 34 and 35 of the German Data Protection Act (BDSG) apply to the right to information and the right to delete data. You also have the right to object to data processing by us (Art. 21 of the GDPR). Insofar as our processing of your personal data is based on consent (Art. 6 para. 1 p. 1 point a GDPR), you may revoke this consent at any time; the lawfulness of the data processing carried out on the basis of the consent up to the revocation remains unaffected by this.
To assert all of these rights and for further questions on the subject of personal data, you can contact our data protection officer (firstname.lastname@example.org) or our postal address (see 1.1 above) at any time.
Irrespective of this, you have the right to lodge a complaint with a supervisory authority - in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement - if you are of the opinion that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, § 19 BDSG).
8. Is there an obligation to provide data?
Within the scope of our contractual relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or carry out the order, or we will no longer be able to carry out an existing contract and may have to terminate it. Mandatory information is marked as such.
9. To what extent is there automated decision-making in individual cases?
As a matter of principle, we do not use fully automated decision-making pursuant to Art. 22 of the GDPR for the establishment and implementation of our contractual relationship. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.
10. Availability of data protection provisions
This data protection policy can be viewed, saved and printed out as a PDF at berliner-philharmoniker.de/en/privacy/.
As of 20.04.2021