Berliner Philharmoniker

Data protection

Data protection information

The website presse.berliner-philharmoniker.de is a service of the Berliner Philharmoniker Foundation ("Berliner Philharmoniker" or "we"). This privacy policy informs you about the processing of personal data in connection with the use of this website. If you are redirected to other websites via a link, the data protection provisions of the respective website operator apply. We recommend that you inform yourself about the handling of personal data on the linked page. We know that the protection of this data is important to you and appreciate the trust you place in us. We strictly adhere to the legal provisions of the applicable data protection law when collecting, processing and using this data.

1. Who is responsible for data processing and who can I contact?

The responsible party for this website is:

Berliner Philharmoniker Foundation
Herbert-von-Karajan-Str. 1
10785 Berlin Germany
General manager: Andrea Zietzschmann
Email
Tel: +49 (0)30 254 88 - 0

You can reach our data protection officer at:

Dennis Störkel

- Data protection officer -
General-Pape-Straße 14
12101 Berlin

Email: Datenschutz@berliner-philharmoniker.de
Telephone: +49 172 3810754

2. What sources and data do we use?

When you visit the website, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion: IP address of the requesting computer, date and time of access, name and URL of the accessed file, website from which the access was made ("referrer URL"), the search engine you used, if applicable, the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • ensuring a comfortable use of our website,
  • billing, statistical analysis using a pseudonym in order to optimise the internet presence as well as the quality and range of services,
  • analysis of system security and stability as well as for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 p. 1 point b GDPR, insofar as the data processing is necessary for the provision of the website or for billing purposes. In all other respects, the data processing is based on Art. 6 para. 1 p. 1 point f GDPR. Our legitimate interest follows from the data collection purposes listed above. The log files are deleted after the end of the respective browser session, at the latest after 30 days, unless their further storage is necessary for the purposes listed above.

In addition, we use cookies and analysis services when you visit our website in accordance with section 4 below.

3. Technically necessary cookies

Most of the cookies we use are technically necessary to enable you to use our website and the services offered on it ("session cookies"). Our legitimate interest in data processing lies in this purpose; the legal basis is Art. 6 para. 1 p. 1 point f GDPR. The data will not be combined with other personal data and will not be used for advertising purposes. Unless otherwise stated, session cookies are deleted after the end of the respective browser session, or at the latest after seven days.

Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com (hereinafter "Usercentrics").

When you enter our website, the following data is transferred to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Your geographical location
  • Information about your browser
  • Information about your device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 point c GDPR)

Usercentrics acts as a processor for us within the context of Art. 28 GDPR.

You can find the data protection provisions of Usercentrics here: https://usercentrics.com/privacy-policy/.

Sentry

We use the analysis service “Sentry” of the provider Functional Software, Inc. dba Sentry, 45 Fremont St, San Francisco, California 94105, US.

Sentry uses cookies and similar technologies to log and monitor errors that can be detected in the source code and to improve the technical functionality and performance of our website. In order to respond to error messages and possible speed bumps, we transmit anonymised error log data about your use of our website to our Sentry installation, where it is analysed. This is meta data, such as information about the operating system you use and your browser, the programming language used as well as possible causes of errors and your server. We delete your stored data after 90 days at the latest.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO, i.e. our legitimate interest in enabling you to make the best possible use of our website and the services offered on it.

We use the self-hosted variant of Sentry (for more information, see: https://develop.sentry.dev/self-hosted/). This means that the software is stored and operated on our own servers in Germany and no data is transferred to third parties.

For more information on Sentry's terms of use and data protection, please visit https://sentry.io/terms/ and https://sentry.io/privacy/.

4. Integration of YouTube videos

This website uses plugins from the website www.youtube.com, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in the European Economic Area and Switzerland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (in other countries) ("YouTube"). With the help of the plugins, we can integrate videos stored on www.youtube.com into our online offer so that they can be played directly on our website. 

Only when you have given your consent (Art. 6 para. 1 p. 1 point a GDPR) on our website by clicking on "Accept all" in our cookie banner, by specifically allowing the service under the settings or by clicking a button and thereby activating it, will YouTube receive the information that you have accessed the corresponding sub-page of our website. In addition, further data is transmitted to YouTube's servers in the USA and other countries outside the EEA (e.g. browser information, device information, IP address). This occurs regardless of whether you have a user account with YouTube or are logged in to YouTube. If you are logged in to YouTube and play a video, your data will be directly assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before visiting our website. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, which you must assert vis-à-vis YouTube. We have no influence on this data transmission and processing by YouTube.

By consenting to the integration of videos, you also consent to the processing of your data in the USA and in other countries outside the EEA (so-called third countries) in accordance with Art. 49 para. 1 p. 1 point a GDPR. Some third countries are considered to have an insufficient level of data protection according to EU standards. This applies in particular to the USA. In the opinion of the data protection authorities, if the data is transferred to the USA, there is in particular the risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.

Before you have given your consent on our website, there is no data flow to YouTube. You will not be able to view the videos embedded on our website via our website if you do not give your consent.

You can revoke your consent at any time by clicking here.

For more information on the purpose and scope of data collection and processing by YouTube, please visit https://www.google.de/intl/en/policies/privacy.  There you will also receive further information on your rights and setting options to protect your privacy.

5. Integration of Vimeo videos

This website uses plugins from the provider Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA ("Vimeo").

With the help of the plugins, we can integrate videos stored in the video portal into our online offer so that they can be played directly on our website. 

Only when you have given your consent (Art. 6 para. 1 p. 1 point a GDPR) on our website by clicking on "Accept all" in our cookie banner, by specifically allowing the service under the settings or by clicking a button and thereby activating it, will Vimeo receive the information that you have accessed the corresponding sub-page of our website. In addition, further data is transmitted to Vimeo's servers in the USA (e.g. browser information, device information, IP address). This occurs regardless of whether you have a user account with Vimeo or are logged in to Vimeo. If you are logged in to Vimeo and play a video, your data will be directly assigned to your account. If you do not wish to have your data associated with your Vimeo profile, you must log out before visiting our website. Vimeo stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, which you must assert vis-à-vis Vimeo. We have no influence on this data transmission and processing by Vimeo.

By giving your consent, you also consent in accordance with Art. 49 para. 1 p. 1 point a GDPR to your data being processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedy.

Before you have given your consent, there will be no data flow to Vimeo. You will not be able to view the videos embedded on our website via our website if you do not give your consent.

You can revoke your consent at any time by clicking here.

Further information on the purpose and scope of data collection and processing by Vimeo can be found at vimeo.com/privacy . There you will also receive further information on your rights and setting options to protect your privacy.

6. Who receives my data?

Within our organisation, your data will be accessed by those who need it to fulfil our contractual and legal obligations.

Contractors appointed by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, logistics, printing and shipping services, ticketing, payment services and credit transactions, telecommunications, debt collection, newsletter dispatch, sales and marketing.

In particular, we use a contractor with headquarters and servers in Germany for the hosting and design of the website.

We disclose your personal data to third parties if this is necessary for the fulfilment of a contractual relationship existing between you and the Berliner Philharmoniker or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 point b GDPR) or for the protection of legitimate interests (Art. 6 para. 1 p. 1 point f GDPR) We only pass on information that the respective service provider requires to fulfil the task assigned to it. The service provider undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.

In addition, your personal data will be forwarded or transmitted if required by law (Art.  6 para. 1 p. 1 point c GDPR) or if you have consented (Art. 6 para. 1 p. 1 point a GDPR).

Under these conditions, recipients of personal data may be, for example:

  • Subcontractors used by us to provide the services offered via the website (e.g. shipping companies for ticket sales).
  • Financial institutions for the collection of payment.
  • Public bodies and institutions in the event of a legal obligation or official order.

7. How long will my data be stored?

Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.

In addition, we are subject to various retention and documentation obligations, which result from the German Commercial Code (Handelsgesetzbuch) (HGB) and the German Fiscal Code (Abgabenordnung) (AO), among others. The retention and documentation periods specified there are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting vouchers (§§ 238, 257 para. 1 and 4 HGB, § 147 para. 1 and 3 AO). Such retention and documentation obligations exist in particular if you conclude a contract with us (e.g. purchase of a concert ticket, registration in the customer portal as part of an online ticket purchase).

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch) (BGB), are usually three years, but in certain cases can be up to thirty years.

After expiry of the retention and documentation obligations as well as the relevant limitation periods, we delete the data.

Log files and cookies are deleted within the above-mentioned periods.

8. Is data transferred to a third country or to an international organisation?

Data is transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the execution of contracts or is required by law or if you have given us your consent. We will inform you separately about the details, if required by law. In addition, the processors in third countries named in these data protection provisions (e.g. Campaign Monitor) receive access to your data.

9. What data protection rights do I have?

You have the right to information (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR) and the right to data portability (Article 20 of the GDPR). With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 of the German Data Protection Act (BDSG) apply. You also have the right to object to data processing by us (Art. 21 of the GDPR). Insofar as our processing of your personal data is based on consent (Art. 6 para. 1 p. 1 point a GDPR), you may revoke this consent at any time; the lawfulness of the data processing carried out on the basis of the consent up to the revocation remains unaffected by this.

To assert all these rights and for further questions on the subject of personal data, you can contact our data protection officer at datenschutz@berliner-philharmoniker.de or our postal address (see above point 1) at any time.

Irrespective of this, you have the right to lodge a complaint with a supervisory authority - in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement - if you are of the opinion that the processing of personal data relating to you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Section 19 German Federal Data Protection Act [BDSG]).

10. Is there an obligation to provide data?

Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it.

Mandatory fields are marked as such on our website.

11. To what extent is there automated decision-making in individual cases?

In principle, we do not use any fully automated decision-making in accordance with Art. 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

12. Data security

We take a variety of security measures to adequately protect personal data to the appropriate extent.

All customer information is stored on security servers that are protected from access from other networks by a software firewall. Only those employees who need information to process a particular enquiry or order have access to the data. Employees are trained in the secure handling of data.

Where we collect personal data on our sites, the transmission is encrypted using industry standard Secure Socket Layer ("SSL") technology. This applies to all particularly sensitive data such as credit card numbers and account information.

13. Availability of data protection provisions

This Privacy Policy can be viewed, saved and printed as a PDF.

As of: 9 January 2024