Jump directly to the page contents

1. Introduction

1.1 Controller and data protection officer

The provider of this website and the controller under data protection law for the processing of your personal data within the meaning of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG, Bundesdatenschutzgesetz) is the Deutsches Historisches Museum Foundation, represented by its President Prof. Dr. Raphael Gross, to be reached at:

Stiftung Deutsches Historisches Museum (DHM)
Unter den Linden 2
10117 Berlin, Germany
Tel. +49 30 203040
info@dhm.de

For contact details, please refer to the respective contact addresses in the Imprint.

You can reach our data protection officer by post at the above address with the addition of `data protection officer` or by e-mail at datenschutz@dhm.de.

1.2 Terminology

The term ‘users’ includes all customers and visitors to our online offer.

1.3 Basic information on data processing

We only process the personal data of our users in as far as this is necessary for the provision and optimisation of a functional website as well as our contents and services.

This DHM website is part of the DHM’s public relations work. The legal basis for the processing of personal data in the context of PR work is Art. 6 (1) sentence 1 lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act. In as far as we obtain consent to process personal data, Art. 6 (1) sentence 1 lit. a of the EU’s General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which you are a party (for instance, ordering publications or newsletters), Art. 6 (1) sentence 1 lit. b GDPR serves as the legal basis. The foregoing also applies to pre-contractual measures.

Unless a more specific retention period has been specified in this Privacy Policy, your personal data will be erased as soon as the storage purpose no longer applies, you have objected to processing or you have revoked your consent and erasure does not conflict with any statutory retention obligations.

We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection legislation are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

Please note that data transmission over the Internet (for instance, communication by e‑mail) can be susceptible to security vulnerabilities. It is not possible to fully protect data against access by third parties.

 1.4 Protection of minors

Persons under the age of 16 should not submit any personal data to us without the consent of their legal guardian. We do not knowingly process any personal data of such persons without the consent of their parents, nor do we disclose such data to third parties.

1.5  SSL/TSL encryption

This website uses SSL/TSL encryption for security reasons and in order to protect the transmission of confidential content, such as orders or requests that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL/TSL encryption is activated, the data you transmit to us cannot be read by third parties.

2. Data processing in conjunction with visits to this website

2.1 Creation of log files

Each time our website is accessed, our web servers temporarily record access in a log file. The following data is collected and stored until automated erasure after seven days:

  • information about the browser type and version used,
  • user operating system,
  • user IP address,
  • website accessed,
  • date and time of access,
  • website from which access was made (referrer URL).

This data is not merged with other data sources.

This data is processed to ensure a smooth connection and comfortable use of our website, to evaluate system security and stability as well as for further administrative purposes.

The website is provided as part of our PR work. The legal basis for processing the data results from the Art. 6 (1) sentence 1 lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act.

The company 3PC has access to some of this data for revision and programming tasks. The DHM has carefully selected this service provider and concluded a contract for commissioned data processing with them. 3PC is bound by the instructions of the DHM.

2.2 Cookies

So-called ‘cookies’ are used on this website. These are small text files that are stored on your computer system. Our website uses cookies to make our Internet presence more user-friendly, more effective and more secure, for instance, when it comes to speeding up navigation on our platform. We use technically necessary cookies that are transferred from our server to your computer system, most of which are so-called ‘session cookies’. ‘Session cookies’ are characterised by the fact that they are automatically deleted from your hard drive after 30 minutes or at the end of the browser session. To optimise the user experience, we also use permanent cookies. These remain on your computer system for 13 months and enable us to recognise your computer system the next time you visit.

This website uses a cookie to remember the setting when dark mode support is turned on or off. This cookie is needed for the setting to work and is only used when a user clicks the Dark Mode button. The ‘language’ cookie stores the last language version you used.

Cookies can only be stored if you have enabled this in your browser settings. This means that you the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be carried out automatically. Note: It is not guaranteed that you will be able to access all functions of this website without restrictions once you make certain settings.

When visiting the DHM website for the first time with a new device or browser, a dialogue (‘cookie banner’) is displayed allowing the user to select cookie references for this device or browser. If you do not consent to the use of technically unnecessary cookies (in particular for the purposes of web analysis in accordance with section 2.3), only those cookies that are technically necessary for website use will be used.

Technically necessary cookies are processed in accordance with Art. 6 (1) lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act. All other cookies are processed exclusively with your consent in accordance with Art. 6 (1) lit. a GDPR.

 2.3 Use of Matomo

In order to be able to analyse and regularly improve the use of our website, we use ‘Matomo’, an open source software for statistical evaluation of visitor access on this website. The statistical information thereby generated helps us to improve our offering and to make it more interesting for you as a user. Cookies (see section 4. for more details) are stored on your computer for this evaluation.

Matomo is disabled when you visit our website. Your user behaviour will not be recorded in anonymous form until you have actively consented to this.  

We are committed to protecting your data. That is why we use Matomo with the ‘AnonymizeIP’ extension, so that IP addresses are then further processed in shortened form. This means that any direct reference to a person is ruled out. The anonymised IP address transmitted by your browser via Matomo is not merged with other data collected by us. The information collected is stored exclusively on our web servers and is not disclosed to third parties.

While using our website, you can at any time change your cookie settings for data collection by Matomo software. After clicking this link, the corresponding selection fields are available again.

For more information about privacy settings in Matomo, go to: https://matomo.org/docs/privacy/.

2.4. Social media plugins with Shariff

Social media plugins are used on our pages (Facebook, Twitter, Instagram, SoundCloud). You can usually recognise the plugins by the respective social media logos.

To ensure data protection on our website, we only use these plugins together with the so-called ‘Shariff’ solution. This application prevents the plug-ins on our website from transmitting data to the respective provider when you first enter the page. A direct connection to the provider’s server is only established after you have enabled the respective plugin by clicking the relevant button and thereby consenting to the data transfer. As soon as you enable the plugin, the respective service provider receives the information that you have visited our website with your IP address. It is also possible for service providers to use cookies. If you are logged into your respective social media user account (for instance, Facebook or SoundCloud profile) at the same time, the respective provider can assign the visit to our pages to your user account. If you do not wish to be associated with your user account, you must log out before clicking on one of the social media plugins.

The DHM itself does not collect any personal data by means of plug-ins or through their use. We have no influence on the content and scope of the data collected by the service provider.

2.5 YouTube and Vimeo video plugins

YouTube and Vimeo content is integrated into our online offering, which is available at www.YouTube.com and www.vimeo.com and can be played directly from our website.

This content is integrated in order to improve the user experience and to make our online offerings more appealing. Within the framework of our PR work, the legal basis for processing the data results from Art. 6 (1) sentence 1 lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act.

YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA.

In order to improve the protection of your data when visiting our website, the YouTube videos are integrated in ‘extended data protection mode’ as far as possible.

The Vimeo plugins are also integrated into the page in such a way that they can only be activated by an additional click.

This integration ensures that no data about you as a user is transmitted to YouTube or Vimeo if you do not play the videos.

It is only when you play the videos that your IP address, the date and time and the sub-page of our website that you visited will be transmitted as a minimum to YouTube or Vimeo (possibly to the US). We have no influence on this data transmission.

This is carried out irrespective of whether YouTube and Vimeo provide a user account to which you are logged in or whether no user account exists.

We would like to point out that we have no influence on the content, scope of use or data collected by YouTube and Vimeo. Further information regarding the purpose and scope of the collection and processing of data by the provider can be found in the provider’s privacy statement where you will also find further information about your rights as well as setting options in order to protect your privacy.

YouTube: https://www.google.de/intl/de/policies/privacy/

Vimeo: https://vimeo.com/privacy

3. Data processing in the context of contacting us via contact form, e-mail and letter

We offer a number of contact forms on our website which are designed to make it easier for you to contact us. The following personal data is collected in the contact forms:

e‑mail address,

first and last name, if applicable,

telephone, if applicable (optional),

address, if applicable,

company, if applicable.

The personal data collected via a contact form and the date of the enquiry are sent as an e-mail from the web server to the DHM department responsible for your enquiry. This data is only stored on the web server while subsequent processing takes place for the purpose of transmission. The transmission as e-mail is not encrypted.

Alternatively, you can contact us via the e-mail address provided or by post. In this case, the user’s personal data transmitted by e-mail and post will be stored. This data will not be disclosed to any third party.

Your information will only be processed for the purpose for which your respective enquiry is made. The legal basis for the processing of your personal data, in as far as the data is required to perform pre-contractual measures carried out at your request, is Art. 6 (1) sentence 1 lit. b GDPR. Otherwise, the data is processed on the basis of Art. 6 (1) lit. e, (2) GDPR in conjunction with section 3 of the Federal Data Protection Act. We need to process the data you have provided in order to process your enquiry. The data will be erased as soon as it is no longer needed in order to achieve the purpose for which it was collected and as long as such erasure does not conflict with any statutory retention obligations.

Optional data is processed on the basis your consent according to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time. The lawfulness of the processing based on your consent remains unaffected until we receive your revocation.

4. Use of social networks

4.1 Facebook and Instagram

As part of its PR work, the DHM maintains online presences on the social networks Facebook and Instagram to inform users about the DHM. These are online presences within the Facebook platform offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter ‘Facebook’).

4.1.1 Data processed by the DHM

We post current information, pictures and videos on our Facebook and Instagram page. You can actively contact us on the pages, for instance, through comments, visitor posts and messages. The comments and posts you publish on the pages are publicly visible and show who posted them. The messages you send directly to us are not publicly visible.

We need to process your personal data to answer your questions or to deal with your requests. Data is processed on the basis of Art. 6 (1) lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act.

4.1.2 Use of Insight data

So-called Page Insights are used on our pages which enable us to retrieve certain statistical, anonymised data (e.g. ‘Likes’ , page activity, number of page views, reach). This Insight data is generated and provided by Facebook through cookies. We cannot turn off this Insight function. No users can be identified with the Insight data transferred to us by Facebook. We use this data exclusively to improve our offer on our pages as part of our PR work. The legal basis is Art. 6 (1) lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act. 

We are jointly responsible with Facebook for the processing of Insight data within the meaning of the GDPR. For this purpose, Facebook has concluded a supplementary agreement with page controllers in accordance with Art. 26 GDPR to clarify responsibilities. You can find this agreement at: https://www.facebook.com/legal/terms/page_controller_addendum

This agreement states that Facebook is primarily responsible for data processing and that the DHM has no access to the individual user data but can only retrieve anonymised statistics.

You can assert your data protection rights both against us and against Facebook. However, we ask users to contact Facebook directly in order to exercise their data subject rights with regard to the processing of their data by Facebook.

4.1.3 Data processed by Facebook

In the cookies referred to under 4.1.2 above, Facebook collects personal data of visitors and processes this data for its own purposes, such as for advertising and market research purposes, and to create user profiles. If visitors to the pages have a Facebook user account and are logged into this account during the page visit, the information provided by the cookies is also stored across different devices. Facebook passes on user data to third countries, such as the US, without us being able to influence this. The associated possible risks for user data cannot be excluded by us as the operator of the pages.

For more information about how Facebook uses data, got to: https://www.facebook.com/policy.php.  

4.2 DHM Twitter account

The DHM is active on the short message service Twitter. It uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for this purpose. The data controller for individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

Please note that you are responsible for your use of the Twitter short message service offered here and its functions. This applies in particular to the use of interactive functions (for instance, sharing, rating).

The DHM has no influence on the type and scope of the data processed by Twitter, the way such data is processed and used, or the transfer of such data to third parties. In this respect, it also has no effective means of control.

Information about which data is processed by Twitter and for what purposes can be found in Twitter’s Privacy Policy: https://twitter.com/de/privacy 

We do not collect any data ourselves via the DHM Twitter account. The IP addresses of visitors to the website are also not transmitted to Twitter Inc. via the integration of the DHM’s tweets on its homepage. However, the data you enter on Twitter, especially your username and the content published under your account, will be processed by us in as far as we retweet or reply to your tweets, or we write tweets that refer to your account. The data you freely publish and disseminate on Twitter is therefore included by the DHM in its offer and made accessible to its followers.

The legal basis for data processing for the purpose of PR work is Art. 6 (1) lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act.

4.3 YouTube, Vimeo and SoundCloud profile of the DHM

The DHM makes video and audio content available via the technical platforms and offerings of YouTube, Vimeo and SoundCloud.

YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (www.youtube.com).

Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA (www.vimeo.com).

SoundCloud is a service of SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany.

The DHM has no influence on data collection and the further use of the data by the respective platform providers. The DHM is not responsible for the data processing by these service providers.

Further information on the purposes and scope of data collection by the respective service providers as well as your rights and setting options for protecting your privacy can be found in their privacy policies.

YouTube: https://www.google.de/intl/de/policies/privacy/

Vimeo: https://vimeo.com/privacy

SoundCloud: https://soundcloud.com/pages/privacy

5. Data processing in the context of the provision of information

5.1 Newsletter dispatch

You can consent to receive our newsletter which provides information about our current offers. The advertised goods and services are named in the declaration of consent.

We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send an e-mail to the e-mail address you provided asking you to confirm that you wish to receive the newsletter. We also store the time of registration and confirmation in each case. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After receiving your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent to receive the newsletter and unsubscribe at any time. You can cancel by clicking the link provided in each newsletter e-mail, via this website form: https://www.dhm.de/newsletter, by e-mail to newsletter@dhm.de or by sending a message to the contact details provided in the Imprint.

We would like to point out that we evaluate your user behaviour when sending the newsletter. This means that the e‑mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. The data is only collected in pseudonymised form, i.e., the IDs are not linked to your other personal data, so that direct personal reference is ruled out.

This data is received by our employees who are responsible for education and outreach as well as press and PR. We work together with commissioned data processor Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. We have contractually obliged Sendinblue GmbH to handle your personal data in accordance with the requirements of the GDPR.

5.2 Use of the DHM blog

You can leave comments in our DHM blog regarding specific blog posts and to receive information about new blog articles.

If you leave a comment on a blog post, your comment text, the time you entered the comment and your chosen username (pseudonym possible) will be saved and published. Your e-mail address will also be stored, but only to prevent misuse and will not be published. The data processing is based on your consent (Art. 6 (1) sentence 1 lit. a GDPR). The data collected in conjunction with the comment function will not be passed on to third parties and will be used exclusively for the purpose of commenting.  

You can withdraw your consent at any time. The blog comment and related information will be deleted if you send an e-mail requesting this to: blog@dhm.de.

You can subscribe to the DHM blog after registering using your e‑mail address. You will receive a confirmation e‑mail to verify that you are the owner of the e‑mail address provided. You can unsubscribe from this function at any time via a link in the info mails. The data entered as part of the subscription will be deleted in this case. The legal basis for the data processing is your consent (Art. 6 (1) sentence 1 lit. a GDPR).

5.3 Press mailing list

Journalists can register on our website to receive press information from the DHM. In this press mailing list, personal data (name, e-mail address, telephone number, name of the medium/company, editorial office/department, position) is collected and stored on the basis of Art. 6 (I) lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act or on the basis of your consent granted in accordance with Art. 6 (1) lit. a GDPR. The data will be used for the purpose of press and media relations, in particular for sending press releases and invitations. The data will not be transferred to third parties outside the DHM’s business area or to third countries. The data will be stored until consent is revoked. If inclusion in the press mailing list is revoked, all personal data will be removed from our database immediately. If you wish to be removed from the press mailing list, please send an e-mail informing us to: presse@dhm.de.

5.4 Online ticket

Online tickets to the exhibitions of the Deutsches Historisches Museum are offered in cooperation with visitBerlin (Berlin Tourismus & Kongress GmbH, Am Karlsbad 11, 10785 Berlin). When purchasing online tickets, personal data is sent to visitBerlin. The further processing of this information is the responsibility of visitberlin, please refer to the Privacy Policy of visitBerlin for the corresponding conditions and setting options: https://www.visitberlin.de/de/datenschutzerklaerung

5.5 Databases and OPAC

No personal data is stored with queries in the object database and in the ‘NS-Archivalien’ databases. The use of the OPAC of the library of the Deutsches Historisches Museum is subject to the provisions laid down in the library’s user rules. No personal data is stored with queries in the OPAC.

 6. Photo and video recordings  

Photos and videos of visitors taken/made during museum operations and in the context of events is carried out exclusively for the purpose of the DHM’s PR work and will be used to report on the event on the DHM’S website, in its publications and press releases. You will be requested to give your consent for photographs that do not show persons of contemporary history or persons as accessories next to landscapes or other localities and are not photographs of meetings, processions or similar events. The legal bases are Art. 6 (1) lit. e GDPR in conjunction with section 3 of the Federal Data Protection Act and Art. 6 (1) lit. a GDPR. Where appropriate, photographs and/or film footage may be passed on to service providers for publication in conjunction with the production of print products. This includes, for instance, agencies and printers involved in the production.

The recordings for which consent was obtained because it was required will be deleted immediately when consent has been revoked. Otherwise, recordings are stored until the purpose no longer applies.

7. Contract awarding

Information, including personal data, is needed to carry out a contract awarding procedure. The data you provide will be collected, organised, stored, used and deleted on the basis of Art. 6 (1) lit. b GDPR. The data will only be used for the purposes of examination and decision-making within the scope of the contract awarding procedure as well as the possible conclusion of a contract. Any use beyond this and any transmission to third parties will not take place. Exceptions to this are disclosure to national or European review authorities and the supervisory authority when required by law. Personal data will be stored for as long as it is necessary to fulfil the aforementioned purposes and will be deleted after the statutory retention periods have expired.

8. Applications and application procedure

Interested users can send their applications to the Deutsches Historisches Museum via Job advertisements. Additional personal data is processed as part of the application process. Further information regarding the scope and nature of such data processing can be found here.

 9. Your rights  

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the right to obtain information free of charge from the controller regarding the personal data we have stored about you (Art. 15 GDPR). In addition, users have the right to rectification (Art. 16 GDPR), erasure or restriction of processing of their personal data (Art. 17 and 18 GDPR) and the right to object to processing (Art. 21 GDPR). You can exercise your right to data portability (Art. 20 GDPR) and, in the event of unlawful data processing, lodge a complaint with the competent supervisory authority:

The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn, Germany
Phone: +49(0)228-997799-0
E-mail: poststelle@bfdi.bund.de

Users can revoke their consent under data protection law at any time without giving reasons and without suffering any disadvantages, in principle with effect for the future (Art. 7 (3) GDPR). You can send your objection by e-mail or letter to the following address:

Stiftung Deutsches Historisches Museum (DHM)
Unter den Linden 2
10117 Berlin, Germany
Tel. +49 30 203040
info@dhm.de

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10. Amendments to this Privacy Policy

We reserve the right to change our Privacy Policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations regarding data processing. In as far as user consent is required or parts of the Privacy Policy contain provisions of the contractual relationship with users, such changes will only be made with the consent of the users.

Users are requested to inform themselves regularly about the content of this Privacy Policy, as adjustments can be expected in the course of implementing the GDPR, the Federal Data Protection Act, regulations specific to sectors and federal states as well as the case law of the European Court of Justice.