Back to top

1 Introduction

When using our online content, personal data is collected and stored in databases, protocol files or other systems. We consistently abide by data protection regulations when processing the data collected.


2 Name and address of the controller responsible for data processing

Processing of personal data is the responsibility of:

Museum für Naturkunde Berlin
Invalidenstr. 43
10115 Berlin

Managing Director Herr Junker
Phone: +49(0)30/889140-8798
Email: stephan.junker@mfn.berlin

Data protection officer of the Museum für Naturkunde:

Phone: +49(0)30/889140-8440
Email: datenschutz@mfn.berlin


 3 Use and disclosure of personal data

The data collected by us are exclusively used for the purposes mentioned. Data is disclosed only in the cases listed (e.g. registration for a congress, named partners in collaborative projects, data administration in a consortium). There will be no unauthorised data disclosure to third parties. External service providers who process data on our behalf are not considered to be third parties as defined in the data protection regulations; they are bound by contract to abide by the data protection reguations and are subject to our control.
Data will only be passed on to state authorities within the framework of mandatory legal provisions or in cases of attacks on our systems for the purpose of criminal prosecution.
Data that are no longer needed will be deleted.
The data will not be used for automated decision-making (profiling).


4 Consent to further data use

The use of some of our services may require the storage and use of data beyond what has been described under point 5. Ir that is the case we will inform you and ask for your consent in advance.


5 The following data will be processed when using our online services:

5.1 Keeping a log of visits to websites and accessing data and web services

When the MfN’s internet services are accessed, data relevant for data protection and data security is stored in a log file. Depending on the access protocol, the log file contains the following details:

  • IP address of the computer requesting data
  • Host name of the IP address
  • Name of the requested website, file or action
  • Date and time of the request
  • Volume of data transmitted
  • Access status of the web server (file transmitted, file not found, command not executed, etc.)
  • Description of the web browser used
  • URL from which access was prompted.

The stored data is used exclusively for the purpose of identification and tracking of unauthorised access attempts or access to the web server as well as for general statistical evaluations. No profiles of individual users will be generated. Evaluation is carried out by authorised employees at the Museum für Naturkunde Berlin The logged data is stored for up to three months and all non-anonymised data is subsequently deleted. The data in the log file is stored separately from all personal data provided by individuals.

5.2 Cookies

The Internet pages of the Museum für Naturkunde Berlin use cookies Cookies are text files which are filed and stored on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identification of the cookie It consists of a sequence of characters that allow websites and servers to be associated with the actual browser on which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other browsers that contain different cookies A particular browser can be recognised and identified through the unique cookie ID.

The use of cookies allows the Museum für Naturkunde Berlin to provide users of its website with more user-friendly services, which would otherwise not be possible.

A cookie helps to optimise information and services on our website to help the user. As mentioned before, cookies allow us to recognise users of our website. The purpose of this recognition is to make the use of our website easier. For example, a user of a website using cookies need not enter their access data again each time they visit the page, as this is done by the website and the cookie stored on the user's computer system. Another example of a cookie is the basket in an online shop. The online shop remembers items that a customer put in the virtual basket by using a cookie.
When first visiting the website of the Museum für Naturkunde Berlin using a new device/browser, an individual user can adjust cookie preferences for this device/browser in a dialogue box (cookie banner). Within this functionality, we ask for consent for the use of cookies that are not technically necessary for the use of the Website (particularly for web analytics purposes, see 5.3). If the data subject does not give their consent or objects to the use of such cookies, only those cookies that are technically indispensable are used. The decision of the data subject is then stored as a cookie in the browser for 100 days. By deleting the “cookie agreed” cookie, the data subject can adjust the settings for the Museum für Naturkunde Berlin’s website at any time.

The data subject can block the use of cookies by our website by adapting the settings of the browser and thus permanently object to the use of cookies. In addition, cookies already in place can be deleted through the web browser or other software programs. This can be done in all the usual web browsers. If an individual inactivates the use of cookies in their web browser, they may not be able to fully use all functions of our website.

5.3 Web Analytics

The Museum für Naturkunde Berlin will only use a web analytic solution on the basis of your consent in accordance with GDPR Art. 6 Section 1 letter a, Art. 7. The consent is obtained by a pop-up cookie banner (see 5.2 cookies, 5th paragraph) and can be revoked by deleting the generated “cookie agreed” cookie.

The person responsible for cookie processing (controller) has integrated in this web page the Google Analytics component (with anonymisation function). Google Analytics is a service for web analytics. Web analytics is the collection, storage and evaluation of data on the behaviour of visitors of websites. A web analytics service collects, among other things, data on the website from which the individual accessed a particular (referrer) website, which sub-pages of the website have been accessed and how long the page was viewed. Web analytics are mainly used to optimise a website and for cost-benefit analysis of web advertising.

The Google Analytics component is run by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

When carrying out web analytics using Google Analytics, the data processing controller adds the suffix "_gat._anonymizeIp”. This suffix causes Google to abridge and anonymise the IP address of the data subject if access to our web pages came from a European Union memher state or another European Economic Area signatory state.

The purpose of the Google Analytics component is to analyse traffic on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website so that online reports can be compiled that show activity on our websites and further services associated with the use of our website can be generated.

Google Analytics places a cookie on the information technology system of the data subject. What cookies are has been explained above. By placing the cookie, Google is enabled to analyse the use of our website. Any time any of the pages of this website are accessed that is run by the controller and into which a Google Analytics component was integrated, the web browser in the information technology system of the data subject will be automatically prompted by the Google Analytics component to transfer data to Google for online analytics purposes. In the context of this technical procedure, Google will obtain knowledge of personal data such as the IP address of the data subject, which is used by Google, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.

The cookie is used to store personal data, such as time and place of access and the frequency of visits to our website by the data subject. During each visit of our web pages, such personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass this personal data obtained through technical processes to third parties.

The data subject can block the use of cookies by our website at any time by adapting the settings of the browser and thus permanently object to the use of cookies, as explained above. Such a setting would also prevent Google from placing a cookie on the information technology system of the data subject. In addition, a cookie already placed by Google Analytics can be deleted at any time through the web browser or other software programs.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics that refer to the use of this website and their processing by Google. This requires the data subject to download a browser add-on which can be downloaded from this link and installed. This browser add-on tells Google Analytics via JavaScript that no data and information on the visit of websites must be transferred to Google Analytics. The installation of this browser add-on is perceived by Google as an objection. If the information technology system of the data subject is deleted, reformatted or newly installed at a later date, the data subject must re-install the browser add-on in order to inactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is part of their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and the current privacy regulations of Google can be accessed here and here. Google Analytics is explained in more detail under this link.

5.4 Social Plug-Ins

Our website uses plug-ins from social networks such as Twitter, Facebook of Flickr. Some of these are run by countries outside the EU. Further details on these services can be found on their websites. The plug-ins carry the logo of the network or service in question.

If you access a page on our website that contains such plug-ins, your browser establishes a direct connection with the servers of the service providers concerned. The content of the plug-in is transmitted to your browser by the service provider, who integrates it into the website. By integrating the plug-in, the provider receives the information that you have accessed the relevant page on our website. If you are logged in with the provider, they can attribute the visit to your account. If you interact with the plug-ins by, for instance, pressing the “like” button or leaving a comment, the relevant information is transmitted to the service directly through your browser and stored. The scope and purpose of this data collection and the further processing and use of the data by integrated services as well as your relevant rights and options can be found in the privacy policy statements of the providers concerned.

If you do not want social networks to collect data about you, you must log out of the relevant networks before visiting our website.

5.5 Registration

For registration with various services that we offer we need a few details from you. These are used exclusively for the purpose stated. In some cases this may mean targeted transmission of data, e.g. hotel reservations for events. The data is not transmitted beyond the specific, stated purpose. The data will only be stored until the final processing of the instance and observing the statutory retention period. The form you fill in is transmitted over the Internet in encrypted form only, which means that unauthorised individuals may become aware of the content. Registration is voluntary and can be revoked at any time.

For some registrations, e.g. circular letters/newsletters, an email address must be provided. It is possible that registration becomes valid only upon confirmation of the address, e.g. if you click on a link in an email that we sent to you. Further details are optional and may, for instance, be used to address you more personally. Circular letters/newsletters can be cancelled at any time. Upon cancellation, your data will be deleted from our system.

In some cases (e.g. electronic journals, wikis or blogs), the purpose of data collection is publication or permanent storage of generated content. Insofar as these contents are subject to copyright, we are under obligation to clarify issues of copyright and uphold the personal rights of an author and must therefore retain and store a minimal dataset (name and contact such as postal or email address) even after unsubscription. If those data were not publicly visible from the outset they will remain protected. They will, however, continue to be viewed by editors of the publication platform (electronic journals, wikis, and blogs).

5.6 Bookings

When making a booking through our website you have the choice whether the address data will be used solely for making the booking and deleted after the statutory detention period or whether the booking is combined with registration.

5.7 Email

If you want to communicate with us via email, please use our email address info@mfn.berlin or, if you already have a contact, <NAME>@mfn.berlin. Your email address will be used exclusively for our communications with you and not passed on to third parties, except if passing on your email address is absolutely necessary to comply with your request. In such cases, your e-mail address will only be passed on with your express consent. There is currently no encrypted email system in place. To retain confidentiality, you can also contact us by post.

5.8 Newsletter

The following notes are about our newsletter, its content and procedures regarding registration, distribution and statistical evaluation. They also explain your right to appeal. By subscribing to our newsletter, you agree to receive it and to the procedures described.

5.8.1 Content of the newsletter

We send out newsletters, emails and other electronic notifications containing advertising material (called newsletter hereafter) only upon express consent of the recipient or a legally valid permission. If registration for the newsletter involves a concrete description of its content, then this description is the basis on which the user agrees to receive the newsletter. In addition, the newsletter contains information about the public events schedule of the Museum für Naturkunde, publications from scientific research and public relations at the Museum für Naturkunde, as well as quizzes, raffles and links to content on our website, and, occasionally, on websites of partner organisations.

5.8.2 Double-opt-in and registration recording

Registration for our newsletter follows a double opt-in procedure. This means that upon registration, you will receive an email requesting confirmation of your subscription. The confirmation is required to ensure that no one else can subscribe using your email address.

A record of subscriptions to the newsletter is kept to fulfil the legal requirements for recording the subscription process. The record contains the time of subscription and confirmation as well as the relevant IP address. Any changes of data registered with MailChimp will also be recorded.

5.8.3 Use of the MailChimp service provider

The newsletter is sent via „MailChimp“, a newsletter distribution platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients as well as further data that will be described in these notes will be stored on MailChimp servers in the USA. MailChimp uses this information for distributing and evaluating the newsletter on our behalf. According to information published by MailChimp, the data will be used for optimising their own services, such as technical optimisation of the distribution process or the layout of the newsletter, as well as for commercial use by determining the recipients‘ countries of residence. However, MailChimp does not use the data of our newsletter subscribers to contact them directly and does not pass them on to third parties.

We trust the reliability and the IT and data security of MailChimp. MailChimp has been certified in line with the Privacy Shield agreement between the US and EU and is thus unter obligation to comply with the EU data protection specifications. Furthermore, we entered into a Data Processing Addendum with MailChimp – an agreement by which MailChimp is obliged to protect the data of our users and process their data on our behalf according to its own data protection regulations laid out in the agreement, which means in particular, not to pass on data to third parties. MailChimp’s data regulations can be viewed here.

5.8.4 Registration data

In order to subscribe to the newsletter, it is sufficient to enter your email address. Please enter also your first name and surname.
 
These are only needed to personalise your newsletter. We only need your postal address if you have opted for receiving additional information from us by post. Details about your membership in the Förderverein, sponsorship of a collection specimen or seasonal ticket subscription are for internal information only to avoid double-posting.

5.8.5 Statistical data collection and analysis

Our newsletters contain what is known as a web beacon or open tracker, a tiny invisible graphic in the bottom of your HTML email. It is downloaded from Mailchimp’s server when the newsletter is opened. During the download, technical information about your browser and operating system as well as your IP address and the time of the download/opening of the newsletter are collected. These are used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses) or download times.

Statistical data collection also includes an analysis of when the newsletters are opened, and which links are clicked upon. For technical reasons, this information can be linked to individual newsletter users. However, neither we nor MailChimp have an interest in tracking individual users. We use the evaluation of data to recognise patterns in the reading behaviour of users and adapt contents accordingly or vary the content sent out according to the interests of individual users.

5.8.6 Online access and data management

In some cases, newsletter recipients will be directed to MailChimp websites. For instance, our newsletters contain a link so that users can download the newsletter directly from the website, in case they are not properly displayed in the email program. In addition, newsletter recipients have the option of editing their data, such as email addresses online. By the same token, MailChimp‘s Privacy Policy is only available on the MailChimp website.

In this context, we would like to point out that the MailChimp webpages use cookies to process personal data that MailChimp, their partners and service providers (e.g.. Google Analytics) are interested in. We have no influence on their data collection. For further information, look at the MailChimp‘s Privacy Policy. In addition, we would like to make you aware of the option of objecting to data collection for advertising purposes on the websites aboutads.info und youronlinechoices.com (for the European Economic Area).

5.8.7 Unsubscribe

You can unsubscribe from our newsletter, i.e. withdraw your consent, at any time. This means that you cancel your consent to receiving the newsletter via MailChimp, and to statistical analytics at the same time. Separate cancellation of the newsletter sent out by MailChimp or of statistical evaluation is not possible.

The unsubscribe link is found at the bottom of each newsletter.

5.8.8 Legal basis – General Data Protection Regulation

In line with the General Data Protection Regulation (GDPR), which came into force on May 25th 2018, we notify you that your consent to our passing on your email addresses is based on GDPR Art. 6 section 1 letter a, 7 and the Act Against Unfair Competition (UWG) § 7 section. 2 No. 3, and/or section 3. The use of the MailChimp service provider for sending out our newsletter, including data collection and analysis and subscription recording, is based on our legitimate interest, as defined in GDPR Art. 6 section 1 letter f. It is in our interest to have a user-friendly, secure newsletter distribution system that will promote our business interests as well as fulfil user expectations.

We would also like to point out that you now have the right to object to the future processing of your person-related data within the legal requirements of  GDPR Art.21 at any time. This applies in particular to data processing for direct advertising.

This newsletter notification was based on a template by Rechtsanwalt Dr. Thomas Schwenke.

5.9 Applications and application procedures

Interested users can access jobs and careers to apply for a job at the Museum für Naturkunde Berlin. Within the context of the application process, additional personal data is processed. Further information on the extent and type of processing can be viewed here.

5.10 Information on Google services

On our website, we use various services probide by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Further information on individual services by Google that are used on this website are found in another data protection note.

Through the integration of Google services, Google may collect and process data (including personal data). It cannot be ruled out that Google may transmit information to a server in a third country.

According to Google’s Privacy Shield Certification (read at privacyshield.gov and search for Google), Google is committed to complying with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework regarding the collection, use and storage of personal data from EU Member States and Switzerland. Google, including Google LLC and its wholly owned subsidiaries in the United States, has declared by certification that it complies with the Privacy Shield Principles. Further information on this can be found here under Google.

We have no influence on what data Google will actually collect and process. However, Google says that in principle, the following information (including personal data) may be processed:

  • Log data (in particular the IP address)
  • Location-related information
  • Unique application numbers
  • Cookies and similar technologies

If you are logged into your Google account, Google can add processed information, dependant on your account setting and treat those as personal data, cf in particular these explanations by Google.

Google includes the following statements:

“We may combine personal information from one service with information and personal information from other Google services. We thereby simplify sharing of contents with friends and acquaintances. Depending on your account settings, your activities on other websites and in apps may be connected to your personal data in order to improve Google services or pop-up advertising supported by Google.” (source at Google)

To prevent the addition of these data, you can log out of your Google account or change the relevant settings in your Google account.

5.10.1 Using YouTube

We use YouTube videos and YouTube plug-ins on our website. YouTube is a service of YouTube LLC („YouTube“), 901 Cherry Ave., San Bruno, CA 94066, USA and is provided by this company. Youtube LLC is a subsidiary of Google Ireland Limited (“Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube videos are integrated by embedding the service on our website using iframe tags. Introducing the iframe may allow Youtube or Google to collect and process data (including personal data). It cannot be ruled out that Youtube or Google may transmit information to a server in a third country.

Information on existing Privacy Shield Certification by Google and other relevant data on data processing by Google while using Google services can be found in this privacy policy note in section 5.10 Information on Google services.

Through the integration of YouTube, we are able to present various videos on our website that can be viewed directly on the website.

The legal basis for the processing of personal data described above is GDPR Art. 6 section 1 letter f). Our legitimate interest that is relevant here lies in the great benefit that YouTube offers. By embedding external videos we lighten the burden on our servers and can use our resources for other purposes. This may add to the stability of our servers. Beyond that, YouTube and Google have a legitimate interest in the collected (personal) data to improve their own services.

Making personal data available is neither a legal nor a contractual obligation and not required for concluding a contract. Furthermore, you are under no obligation to make your personal data available. However, not making the data available might mean that you cannot use our website or use its full functionality.

For further information go to privacy policy of YouTube bzw. Google. Guidance on privacy settings in Google can be found here.

5.10.2 Using Google Maps

On our website, we occasionally use maps by the Google Maps service offered by Google. Google Maps is a service provided by Google Ireland Limited (“Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Maps are integrated by embedding the service on our website using iframe tags. Introducing the iframe may allow Google to collect and process data (including personal data). It cannot be ruled out that Google may transmit information to a server in a third country.

Information on existing Privacy Shield Certification by Google and other relevant data on data processing by Google while using Google services can be found in this privacy policy note in section 5.10 Information on Google services.

5.11 Using Webfonts by Monotype

To achieve a uniform font layout, Web Fonts licencsed by Monotype GmbH (fonts.com or fast.fonts.net). When accessing a page, your browser loads the required Web Fonts to reproduce texts in the correct font.

The Web Fonts are retrieved by the web server of the Museum für Naturkunde Berlin. Due to the license agreement with Monotype GmbH, however, each time the website is accessed, a counting pixel of the provider is collected.

For this purpose, the counting pixel establishes a connection between your browser and the servers of fonts.com. Thus, fonts.com is alerted to the fact that your IP address accessed our website. The use of Web Fonts is based on our legitimate interest, as defined in GDPR Art. 6 Section 1 letter f.
 
According to its privacy policy, the service provider Monotype renounces the use of cookies and only collects the IP address in connection with the font use and the website accessed.

 

6. Links to other service providers

This privacy policy note is applicable to the Internet services of the Museum für Naturkunde Berlin As far as these point or link to web services of third parties, the MfN is neither responsible nor liable regarding the accuracy and completeness of contents as well as the data security of linked websites. The linked contents are checked for obvious violations of the law at the time of linking. However, continuous checking of linked pages cannot be reasonably expected without some concrete evidence of a breach of the law. If a linked website breaches existing law or contains other inappropriate content, we would be grateful for being notified. The MfN has no influence on third parties’ compliance with privacy policy legislation. In order to check compliance, you must look at the privacy policy note of the service provider concerned.

 

7. Data security

Your personal data is stored on protected computers. In order to protect the data collected by us from loss, manipulation or access by unauthorised individuals, the Museum für Naturkunde Berlin has put technical and organisational state-of-the-art technology measures in place. Access to data is subject to an authorisation procedure so that only the individuals in charge of data processing have access to it. All employees who collect, process or use personal data are bound by data secrecy according to §8 of the Berlin Privacy Act.

Within the context of various activities, personal data of individuals concerned is processed within the scope of contract processing in accordance with GDPR Art. 28.

  • Google Ireland Limited (“Google“): 5.3 Web Analytics, 5.10.1 YouTube, 5.10.2 Google Maps
  • Rocket Science Group, LLC (“Mailchimp”): 5.8 Newsletter

 

8 Rights of data subjects

a) Right to confirmation

Every data subject has the right granted by the European legislator of Directives and Regulations to receive confirmation from the controller whether their personal data has beem processed. If a data subject wants to exercise their right to confirmation, they can contact a controller employee at any time.

b) Right to information

Every person whose data is being processed has the right granted by the European legislator of Directives and Regulations to receive free information on personal data relating to the data subject and a copy of this information. In addition, the European legislator of Directives and Regulations has granted the data subject access to the following information:

  • the purpose of data processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom access to personal data is given or will be given, in particular regarding recipients in third countries or international organisations
  • if possible, the planned duration of storage for personal data, or, if that is not possible, the criteria according to which the storage period is established.
  • the existence of a right to correction or deletion of personal data of the data subject or to restriction of processing by the controller or the right to objection against data processing.
  • the existence of a right to complain to a control body
  • if personal data is not collected from the data subject: All available information about the origin of the data
  • the existence of automated decision making, including profiling, in accordance with Article 22 (1) and (4) of the DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject

Furthermore, the data subject has a right to information on whether personal data has been transmitted to a third country or an international organisation. If this is the case the data subject has the right to receive information about guarantees in the context of the transmission.

c) Right to correction

Every person whose data is being processed has the right granted by the European legislator of Directives and Regulations to demand immediate correction of their personal data. Furthermore, taking into account the purpose of data processing, the data subject has the right to demand the completion of incomplete personal data - which may take the shape of a complementary declaration.

If a data subject wants to exercise their right to correction, they can contact an employee of the data processing controller at any time.

d) Right to deletion (right to be forgotten)

Every person whose data is being processed has the right granted by the European legislator of Directives and Regulations to demand immediate deletion of their personal data if one of the following reasons applies and processing is not required.

  • The personal data were collected for purposes no longer required or in a way that is no longer necessary.
  • The data subject revokes their consent on which the processing is based according to GDPR Art.6 Section 1 letter a or GDPR Art. 9 Section 2 letter a, and there is no other legal base for processing the data.
  • The data subject objects to data processing on the grounds of GDPR Art. 21 Section 1 and their are no overruling legitimate reasons for data processing, or the data subject formally objects to data processing based on GDPR Art. 21 Section 2.
  • The processing of personal data was illegitimate.
  • The deletion of personal data is required to fulfil statutory obligations based on (European) Union legislation or legislation in a Member State that applies to the controller.
  • The personal data were collected in relation to the offer of information society services according GDPR Art. 8 Section 1.

If one of the reasons above applies and a data subject wants to have the personal data deleted that are stored at the Museum für Naturkunde Berlin, they can contact controller at any time (see 2). The controller will then ensure that the demand for deletion is complied with without delay.

If the personal data has been made public by the Museum für Naturkunde Berlin and if the organisation is responsible as defined in GDPR Art. 17 Section 1 and is therefore under obligation to delete the personal data, the Museum für Naturkunde Berlin will take appropriate steps, including technical measures, taking into account the available technology and implementation costs, to inform other controllers that the data subject has demanded the deletion of all links to personal data or to copies and replicas of such data, as far as processing is not required.

e) Right to restricting processing

Every person whose data is being processed has the right granted by the European legislator of Directives and Regulations to demand restrictions on processing their personal data if one of the following prerequisites is met:

  • The accuracy of personal data is disputed by the data subject who leaves enough time to enable the controller to check the accuracy of the personal data.
  • The data processing is illegitimate, the data subject objects to the deletion of personal data and demands instead the restriction of the use of personal data.
  • The controller no longer requires the personal data for processing, whereas the data subject still requires them to make, exercise and defend legal claims.
  • The data subject has objected to data processing, pursuant to GDPR Art. 21 Section 1 and it is not yet certain if the legitimate reasons of the controller outweigh those of the data subject.

If one of the prerequisites above applies and a data subject wants to have the processing of personal data at the Museum für Naturkunde Berlin restricted, they can contact the controller at any time (see 2).

f) Right to data transfer

Every person whose data is being processed has the right granted by the European legislator of Directives and Regulations to receive their personal data, which have been made available to a controller by the data subject, in a structured, common and machine-readable format. They have also the right to pass on the data to a different controller without interference by the current controller to whom the personal data had been made available if the processing was based on consent according to GDPR Art. 6 Section 1 letter a or Art. 9 Section 2 letter a of on a contract pursuant to Art. 6 Section 1 letter b and the processing is done automatically, if the processing is not required for taking on a task in the public interest or exerting public executive power that was handed over to the controller.

Furthermore, the data subject, who exercises their right to data transfer pursuant to GDPR Art. 20 Section 1, must ensure that the personal data is sent directly from one controller to the other if that is technically feasible and the rights and freedoms of other individuals are not infringed upon.

To exercise their right to data transfer, the data subject can contact the controller at any time (see 2.).

g) Right to object

Every person whose personal data is being processed has the right granted by the European legislator of Directives and Regulations to object at any time to the processing personal data pursuant to GDPR Art. 6 Section 1 letter e or f, for reasons relating to their particular situation. This also applies to profiling based on these regulations.

In the case of an objection, the Museum für Naturkunde Berlin no longer processes personal data unless we can argue convincingly that there are compelling reasons worth protecting that outweigh the rights and freedoms of the data subject or that the processed data are needed to make, exercise and defend legal claims.

If the Museum für Naturkunde Berlin processes personal data for direct advertising, the data subject has the right to object at any time to the processing of personal data for such advertising. This applies also to profiling if associated with such direct advertising. If the data subject objects to the Museum für Naturkunde Berlin using the processed data for direct advertising, the Museum für Naturkunde Berlin will no longer process personal data for such purposes.

In addition, the data subject has the right to object to the processing of personal data for reasons arising from their particular situation if the data is processed by the Museum für Naturkunde Berlin for scientific or historic research purposes or for statistics pursuant to GDPR Art. 89 Section 1 unless the processing is required to fulfil a task in the public interest.

To exercise their right to data transfer, the data subject can directly contact the controller at any time (see 2.). Furthermore, the data subject is free to exercise their right to objection in connection with the use of services of the information society with the help of automated procedures according to technical specifications, notwithstanding Regulation 2002/58/EC.

h) Automated decisions in individual cases including profiling

Every person affected by the processing of personal data has the right granted by the European legislator of Directives and Regulations not to be subject to decisions based on entirely automated processing - including profiling if that decision has legal consequences or may infringe their life in a similar way, as long as the decision (1) is not required to finalise a contract between the data subject and the controller or (2) due to legal provisions in the Union or its Member States to which the controller is subject, this is permissible and these provisions contain adequate measures to protect the rights and freedoms as well as legitimate interests of the data subject or (3) is taken with the express consent of the data subject.

If the decision (1) is required for finalising or fulfilling a contract between the data subject and the controller or (2) is taken with the express consent of the data subject, the Museum für Naturkunde Berlin takes suitable measures to protect the rights and freedoms as well as legitimate interests of the data subject, which includes at least the right to obtain manual intervention by the controller’s party, to clarify their own position and to challenge the decision.

To exercise their right relating to automated decision, the data subject can contact the controller at any time (see 2.).

i) Right to withdraw consent under data protection law

Every person whose data is being processed has the right granted by the European legislator of Directives and Regulations to withdraw their consent to the processing of their personal data at any time.

To exercise their right relating to withdraw their consent, the data subject can contact the controller at any time (see 2.).

 

9 Scope and update of the privacy policy note

The privacy policy note was updated on 14/08/2020 and is currently valid. With further developments in technology and changes of legal requirements, the privacy policy note may need to be adapted at any time and take effect for the future. We therefore recommend that you check the privacy note for updates at regular intervals.

 

This privacy policy note has been written using templates by the privacy note generator (Datenschutzerklärungs-Generator) of DGD Deutsche Gesellschaft für Datenschutz GmbH,which carries out the privacy audit , in collaboration with the media law firm WILDE BEUGER SOLMECKE.