of the Berliner Unterwelten e.V. (updated February 22, 2019)
1. Contact details of the party responsible for data processing and of the data protection officer
The party responsible for the processing of personal data on our website is:
Berliner Unterwelten e.V.
Office telephone: (030) 49 91 05-17
Info telephone: (030) 49 91 05-18
Fax: (030) 49 91 05-19
Authorized representatives (board of directors):
The board of directors is composed of the chairman, Dietmar Arnold, and two deputies, Melita Ersek and Jürgen Wedemeyer.
Register of associations:
The BU e.V. was registered with the Berlin-Charlottenburg Local Court in the register of associations on December 5, 1997, under the registration number VR 17912 B. Place of jurisdiction is Berlin.
The data protection officer of the Berliner Unterwelten e.V. is: Mr. Stephan Wolf
He can be contacted at the above address of the Berliner Unterwelten e.V. or at: firstname.lastname@example.org.
2. Explanation of the collection and storage of personal data and the means and purpose of data use
a) Definition of personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifying element, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of such natural person.
b) Collection of data when you visit our website
When you visit our website www.berliner-unterwelten.de (i.e., without registration, use of the contact form, and so on), the browser of your device (e.g., personal computer, notebook, mobile device) automatically sends certain information to our server. This information is stored for a limited time period. These files are so-called “log files” of the server. The log files are deleted from our server automatically.
d) Data collection when contact forms, emails, or other letters are sent
You can contact us any time using the contact forms provided on our website. In order to contact us, you have to provide a valid email address so that we can see who sent the message and to enable us to reply to you. You are free to give us further information.
If you use the contact forms, the browser of your device (e.g., personal computer, notebook, mobile device) will automatically send certain information to our server. This information will be stored for a limited period of time in so-called “log files”. The log files will be deleted automatically on our server.
Such information includes:
• name and URL of the stored file,
• the IP address used,
• date and time of the visit,
• referrer URL (the website you visited before our website),
• type and version of the browser used and, if appropriate, the operating system of your device,
• name of your access provider.
Further information is only required in the contact forms for guided tours and seminars for the purpose of providing an offer (see the respective contact forms). With respect to inquiries for guided tours, the following data is necessary: tour, language, number of participants, discounts, preferred date, payment method, title, first name, last name, street, number, zip code, city, country, telephone, email. With respect to inquiries for seminars, the following data is required: seminar, date, membership/employment, relevant German state, title, first name, last name, birthdate, birthplace, street, number, zip code, city, country, telephone, email.
This information is needed to process your inquiry (e.g., in order to register certain programs with federal agencies). It will be only used for such purpose, if necessary.
Furthermore, you can send us an email or a letter via fax or regular mail. Legal basis for the processing of the data is Article 6, section 1, sentence 1 b) (in order to conduct pre-contractual activities) and Article 6, section 1, sentence 1 f) GDPR. Our legitimate interest follows from the purpose of the data collection mentioned above.
e) Collection of data when orders are made in our shop
Orders in our shop may only be made as so-called “guest orders”. This means that you do not need to register for a customer account in order to buy something in our shop. If you place a “guest order”, certain personal data will be collected, such as name, address for the invoice and shipping, and communication data, such as telephone number and email address. This information is required to fulfill the contract with you or to conduct pre-contractual activities [with respect to the duration of the storage see the following section 2 f)]. The legal basis for the processing of the data is Article 6, section 1, sentence 1 b) and f) GDPR.
f) Duration of storage
Unless stated otherwise, we will store personal data only as long as necessary to fulfill our purposes. The personal data collected with your inquiries (e.g., via a contact form, emails, telephone calls, letter, faxes) will be deleted automatically after the settlement of your inquiry, unless it is necessary for technical administration or the conclusion or execution of a contract made with you or in the case that contractual or legal storage requirements or documentation requirements exist (e.g., according to commercial law or tax law).
g) Providing personal data
The providing of personal data is not required by law or by contract. You are not obligated to provide personal data. If you do not provide personal data, you may be partially or entirely unable to use our website. If you do not provide personal data that must be processed in order to reply to a contact inquiry or fulfill a contract with you, we may be unable to answer your contact request or enter into a contract with you.
h) Video surveillance
There is video surveillance in some of our buildings or facilities. Signs will indicate this.
Generally we use so-called “transient cookies”. This especially includes session cookies. These cookies store a so-called session ID that can be attributed to different inquiries of your browser. The function of these cookies is to recognize you and to store your session information. By doing so, we can recognize your device if you return to our website. The session cookies will be deleted automatically if you log out or close the browser.
In addition to this, we use so-called “persistent cookies”. Persistent cookies are stored on your device (personal computer, notebook, mobile device) and are deleted automatically after a defined time period that can differ according to the type of cookie. If you visit our site again, these cookies recognize that you have already visited our site and also recognize the inputs and settings you applied. You therefore do not need to enter them again. These cookies are also needed to evaluate and optimize our website. You can delete these cookies in the safety settings of your browser at any time.
Furthermore, cookies can be used in accordance with the uses described in section 4 and 5 of this data protection policy. These are so-called “third-party cookies” and are cookies created by third parties. You can find further information in sections 4 and 5. You can also delete these cookies in the safety settings of your browsers at any time.
You can also configure your browser so that your device does not store any cookies or you are notified before a new cookie is created. However, if cookies are fully deactivated, you may not be able to use all the functions of our website.
The data processed by cookies is necessary for the aforementioned purposes of pursuing our own legitimate interests and those of third parties according to Article 6, section 1, sentence 1 f) GDPR.
4. Analysis tools
Our webhosting provider is Host Europe GmbH, Hansestraße 111, 51149 Köln. Within the configuration of our webhosting package, this provider uses certain analysis tools that enable us to evaluate the activities of users. Part of this is the tool Webalizer2 for visitor statistics. This tool stores the number of visitors, the actions of visitors, page analysis, websites visited beforehand, browser, and systems. The analysis measures used are based on Article 6, section 1, sentence 1 f) GDPR. The purpose of these measures is to ensure a user-friendly design and to guarantee an optimized website. These actions also have the purpose of creating statistics about the use of our website. These are legitimate interests according to Article 6, section 1, sentence 1 f) GDPR.
5. Social media and other plugins, links and more
a) Social media plugins
We use no social media plugins on our website. Whenever we set links to social media (Facebook, Twitter), we do not use plugins (e.g., like or share buttons); we only set a link to our respective accounts with these social media suppliers. As soon as you visit these websites, these third-party suppliers may process your data. You can find further information in the data protection policies of these suppliers under: https://de-de.facebook.com/policy.php and under: https://twitter.com/de/privacy. It is possible that these third-party suppliers store data (log files) if you visit our websites containing offers of these third-party suppliers. Log files may contain your IP address, browser type, operating system, information about the website and the sites visited before, location, your mobile company, information about the device (including the ID of the device and application ID), search entries, and cookie information. If you are logged in with the third-party suppliers, they may be able to attribute your visit to our website directly to your account. If you do not want these third-party suppliers to collect data via our website, you have to log out from the third-party suppliers before you visit our website.
b) Google Maps
Our website uses Google Maps, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”), in order to present geographic information visually. If you use Google Maps, Google will store, process, and use data about the use of the map functions by the visitor. If you visit sub-pages of the Google Maps map, information about such use may be sent to Google. If you are logged in with Google, such data may be attributed to your account. If you do not want this, you have to log out from the service Google Maps before using Google Maps on our website. Further information about data processing by Google can be found in the Google data protection policies (https://www.google.com/policies/privacy/. You can change your personal data protection settings in the data protection center there.
c) Use of Google Web Fonts
We use web fonts (script or font libraries) such as Google Web Fonts (https://fonts.google.com/about) provided by Google. Google Web Fonts are transmitted into the cache of your browser so that no repeated loading is necessary. If your browser does not support Google Web Fonts or prevents access to Google Web Fonts, the content will be shown in a standard font.
The use of script or font libraries automatically creates a connection to the supplier of the library (e.g., Google). It is therefore theoretically possible – although unclear if and, if any, for what purpose – that the supplier of this library may collect data. You can find the data protection policy of the library supplier Google here: https://www.google.com/policies/privacy/
d) Embedding of YouTube videos
On some of our website pages we embed YouTube videos. Supplier of the plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a site of ours with the YouTube plugin, a connection to the servers of YouTube is created. YouTube will be informed about the sites you visited. If you are logged in with your YouTube account, YouTube may attribute your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.
If you start a YouTube video, the supplier creates cookies that collect information about the user behavior.
If you deactivate the storage of cookies for the Google Ad program, no cookies should be created if you watch YouTube videos. However, YouTube also creates other cookies with non-personal user information. If you want to prevent this, you have to block the creation of cookies in your browser. Further information about data protection on YouTube may be found in the data declaration of the supplier under: https://www.google.de/intl/de/policies/privacy/
We set links to Tripadvisor. Supplier is TripAdvisor LLC, 400 1st Avenue, Needham MA, 02494 USA. You can review us on Tripadvisor.
If you visit these sites, third-party suppliers may process your data. Please read the data protection policies of these suppliers. It is possible that Tripadvisor will receive information from us if you are registered with us. Tripadvisor states the following in its data declaration:
You can find more information under: https://tripadvisor.mediaroom.com/DE-privacy-policy
We sell entry tickets via Reservix and Adticket (supplier is in both cases Reservix GmbH, Humboldtstraße 2, 79098 Freiburg im Breisgau) and possible further third-party suppliers. Information about data protection can be found in the data declaration of the suppliers under: https://www.reservix.de/ and www.adticket.de/datenschutz.html.
6. Transfer of data
We will not transfer your personal data to third parties for purposes other than these listed here.
Your personal data will only be transferred to third parties if:
• you gave your express consent to the processing of your personal data for one or more specific purposes according to Article 6, section 1, sentence 1 a) GDPR;
• the processing of the data is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract, Article 6, section 1, sentence 1 b) GDPR;
• the processing is necessary for compliance with the legal obligation to which we are subject, Article 6, section 1, sentence 1 c) GDPR;
• the processing is necessary in order to protect your vital interests or the vital interests of another natural person, Article 6, section 1, sentence 1 d) GDPR;
• the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, Article 6, section 1, sentence 1 e) GDPR;
• the processing is necessary for the purpose of pursuing our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
Generally, data shall not be transmitted outside the European Union. If data is transmitted outside the European Union to other countries, such countries may not have the same high European data protection standards. If data is transferred to countries outside the European Union (e.g., via plugins, maps, web fonts, videos of third-party suppliers), it is possible that no adequacy decision of the European Commission according to Article 45, sections 1, 3 GDPR exists. However, Google is subject to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework with respect to the processing of personal data from EU member states and Switzerland, https://www.privacyshield.gov/EU-US-Framework.
7. Your rights as a data subject
a) Right of access according to Article 15 GDPR
According to Article 15 GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and the following information:
• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data is not collected from the data subject, any available information as to its source;
• the existence of automated decision-making, including profiling, referred to in Article 22, section 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
• which guarantees according to Art. 46 GDPR in the case of a transfer of data to third-party countries exist.
b) Right to rectification according to Article 16 GDPR
According to Article 16, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c) Right to erasure according to Article 17 GDPR
According to Article 17, you have the right to obtain from us the erasure of personal data concerning you without undue delay (right to be forgotten) and we shall have the obligation to erase personal data without undue delay if the requirements of Article 17, section 1 are met. However, this does not apply if the processing is necessary:
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
• for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9, section 2 as well as Article 9, section 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89, section 1 insofar as the right referred to in section 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise, or defense of legal claims.
d) Right to restriction of processing according to Article 18 GDPR
According to Article 18, you shall have the right to obtain from us restriction of processing where one of the following applies:
• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;
• we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise, or defense of legal claims;
• you have objected to processing pursuant to Article 21, section 1 GDPR pending the verification whether our legitimate grounds override yours.
e) Notification obligation regarding rectification or erasure of personal data or restriction of processing according to Article 19 GDPR
According to Article 19 GDPR, you have the right to be informed about the recipients to whom we communicated any rectification or erasure of personal data or restriction of processing.
f) Right to data portability according to Article 20 GDPR
According to Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another responsible party without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6, section 1 or point (a) of Article 9, section 2 or on a contract pursuant to point (b) of Article 6, section 1; and the processing is carried out by automated means.
g) Right to withdrawal of consent according to Article 7, section 3 GDPR
According to Article 7, section 3 GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
h) Right to lodge a complaint with a supervisory authority according to Article 77 GDPR
According to Article 77 GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the GDPR.
8. Right to object according to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on point (e) or (f) of Article 6, section 1 (including profiling based on those provisions).
We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
In the case of a withdrawal or objection, please send us an email to: email@example.com.
9. Data security and SSL protocol
Personal data is transmitted via the SSL technology (Secure Socket Layer). You can recognize this by the lock symbol in the browser and the status bar. Your data cannot be read by third parties. Generally, we use a 256 Bit encryption or – if your browser does not support this – a 128 Bit encryption.
We furthermore use suitable technical and organizational security measures to protect your data from manipulation, loss, destruction, or unauthorized access by third parties. Our security measures are continually improved in accordance with technological developments.
10. Validity and changes to this data protection policy
This data protection policy is currently valid and was updated on February 22, 2019.
In the course of the continuing development of our website and our offers or due to legal or official changes or requirements it may be necessary to update this data protection policy. You can access and print the current data protection policy at any time via our website under https://www.berliner-unterwelten.de/en/data-protection.
des Berliner Unterwelten e.V. (Stand 25. Januar 2019)
1. Kontaktdaten des Verantwortlichen für die Verarbeitung von Daten und des betrieblichen Datenschutzbeauftragten
Der Verantwortliche für die Datenverarbeitung auf unserer Internetpräsenz (nachfolgend „Website“) ist:
Berliner Unterwelten e.V.
Büro-Telefon: (030) 499 105-17
Info-Telefon: (030) 499 105-18
Telefax: (030) 499 105-19
Vorsitzender Dietmar Arnold, Stellvertreter Andreas Körner und Jürgen Wedemeyer.
Vereinsregister des Amtsgerichtes Berlin Charlottenburg, Registernummer 17912Nz.
Der betriebliche Datenschutzbeauftragte des Berliner Unterwelten e.V. ist: Herr Stephan Wolf
Er ist unter der o.g. Anschrift des Vereins beziehungsweise unter firstname.lastname@example.org erreichbar.
2. Erläuterung, welche personenbezogene Daten wir erheben und speichern sowie Art und Zweck der Verwendung der Daten
a) Definition der personenbezogenen Daten
„Personenbezogene Daten“ sind alle Informationen, die sich auf eine identifizierte oder identifizierbare natürliche Person (im Folgenden „betroffene Person“) beziehen. Als identifizierbar wird eine natürliche Person angesehen, die direkt oder indirekt, insbesondere mittels Zuordnung zu einer Kennung wie einem Namen, zu einer Kennnummer, zu Standortdaten, zu einer Online-Kennung oder zu einem oder mehreren besonderen Merkmalen identifiziert werden kann, die Ausdruck der physischen, physiologischen, genetischen, psychischen, wirtschaftlichen, kulturellen oder sozialen Identität dieser natürlichen Person sind.
b) Datenerfassung beim Aufrufen unserer Website
Bei dem bloßen Besuch unserer Website www.berliner-unterwelten.de (d.h., ohne Registrierung, Nutzung des Kontaktformulars etc.) übermittelt der Browser Ihres benutzen Gerätes (z.B. PC, Notebook, Mobilgerät) automatisch bestimmte Informationen an unseren Server. Die Speicherung dieser Informationen erfolgt nur für einen begrenzten Zeitraum. Hierbei handelt es sich um sogenannte „Logfiles“ des Servers. Die Löschung der Logfiles erfolgt bei unserem Server automatisch.