The German Resistance Memorial Center Foundation welcomes you to its website www.gedenkstaette-stille-helden.de.

Protecting your personal data is very important to us. We therefore operate this website in compliance with the applicable laws on data protection and data security. We are subject in particular to the EU General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG).

In this document, we will inform you about the type, scope and purpose of personal data that we collect and process. This information can be called up from our website at any time.

I. Name and address of the controller

The controller in accordance with the General Data Protection Regulation, other national data protection laws of the EU member states, and other data protection regulations is:

German Resistance Memorial Center
Prof. Dr. Johannes Tuchel
Stauffenberg Straße 13 – 14
10785 Berlin-Mitte
Germany

Tel.: +49 (0)30-26 99 50 00
E-Mail: tuchel@gdw-berlin.de
Website: www.gdw-berlin.de

II. Name and address of the data protection officer

Terence Jonathan Freibier
Behördlicher Datenschutzbeauftragter
Senatsverwaltung für Kultur und Gesellschaftlichen Zusammenhalt
Brunnenstraße 188-190
10119 Berlin
Germany

Tel.: +49 (0)30-90228 257
Fax: +49 (0)30-90228 789
terence.freibier@kultur.berlin.de

III. General information on data processing

1. Personal data

Personal data means information relating to personal or factual details of an identified or identifiable natural person. This includes, in particular, your name, address, telephone number, e-mail address, and date of birth. In connection with the services we offer, we request only the required personal data and, if necessary, further information such as interests, age, or language.
 

2. Scope of personal data processing

We only process our users’ personal data as far as necessary to provide a functioning website along with our content and services. Your personal data are processed regularly, only with your express consent. An exception applies in cases in which it is impossible to obtain prior consent for practical reasons and the processing of your data is permitted by law.
 

3. Legal basis for processing personal data

According to the current data protection laws (GDPR and BDSG), it is necessary to place the processing of your personal data on a legal basis. This document states the legal regulation applicable in each case.
 

4. Data deletion and storage period

Your personal data are deleted or blocked as soon as the purpose for their storage has lapsed. They may be stored for a longer period if this is provided for by the European Union or national legislators in EU legal regulations, laws, or other provisions to which the controller is subject. The data are also blocked or deleted when a storage period in line with the above regulations expires, unless it is necessary to further store the data for the purpose of concluding or fulfilling a contract.

IV. Collection, processing, and usage of personal data

1. Provision of the website and creation of logfiles

a) Description and scope of the data processing

You can visit our website without providing us with personal data, with the exception of the data conveyed by your browser to enable you to view our website. Every time you access the pages of our website, our web server stores the following information temporarily in a log file:

• IP address of the computer requesting access

• Date and time of access

• Name, URL, and amount of data transferred

• Access status (requested file transferred, not found, etc.)

• Identification data of the browser and operating system used (if not provided by the requesting web browser)

• Website from which access occurred (if not provided by the requesting web browser)
   

The data are processed in this log file as follows:

• The log entries are continually automatically analyzed to recognize attacks on our web server and react accordingly.

• In individual cases, i.e. in the event of reported malfunctions, faults, and security breaches, manual analysis takes place.
   

We do not combine the IP addresses contained in the log entries with other stored data, meaning we cannot identify individuals.

b) Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Article 6 paragraph 1 subparagraph 1 point (f) GDPR.

c) Purpose of the data processing

The system’s temporary storage of the IP address is necessary to enable the website to be provided to the user’s computer. To do so, the user’s IP address must remain stored for the length of their visit. Data are stored in log files to ensure the website functions correctly. The data also serve to optimize our website and ensure the security of our IT systems, to recognize attacks on the web server, and to react to such attacks. We do not analyze the data for marketing purposes in this context.

This purpose defines our entitled interest in data processing in accordance with 6.1.1.(f) GDPR.

d) Storage period

The data are deleted as soon as they are no longer required for the purpose for which they were collected. These log entries are stored for 6 months for the reasons detailed above, and then deleted.

2. Processing personal data from online forms for our educational services

a) Description and scope of the data processing

On our website, we offer possibilities to book guided tours, seminars, and workshops. To do so, we require your name, address, e-mail address, telephone number, and in some cases further information for preparing the educational session. We only accept this personal data you send to us via our online forms or by e-mail with your express consent.

b) Legal basis for the processing

This processing of your personal data is based on article 6.1.1.(a) GDPR. We are also obliged in this context to keep proof of your express consent. You can revoke your consent at any time. Revoking your consent does not affect the legality of the processing prior to revoking. To revoke processing consent, please contact the persons detailed below.

c) Purpose of the data processing

We store and use the personal data we obtain in this way only for the purpose for which you provide it.

Where the data concerns communications channels (for example address, e-mail address, telephone number), you also permit us to contact you via these communication channels, in order to provide our services or respond to your request.

We do not use your personal data for any other purposes, pass them on to third parties for other purposes, or make them public.

d) Storage period

We store the data until the end of the year in which the educational service is provided, as we are obliged to document and retain the data and our services, and then the data is deleted.

3. Processing personal data in connection with our events mailing list

a) Description and scope of the data processing

On our website, we offer you the possibility to sign up for our events mailing list so as to receive invitations to upcoming events. To sign you up to the list, we request your personal data such as name, address, e-mail address, and telephone number via an online form. We store and process these data only with your voluntary and express consent, which you can revoke at any time. This also applies to sign-ups via e-mail.

b) Legal basis of the data processing

Your personal data is processed in this context on the basis of article 6.1.1.(a) GDPR.

c) Purpose of the data processing

The purpose of this data processing is to send you invitations to our current events program at your request. We do not use your personal data for any other purpose.

d) Storage period

We store your data only as long as you are interested in our events program and do not revoke your consent.

4. Processing of personal data in connection with requests for publications

a) Description and scope of the data processing

On our website, we offer you the possibility to order German Resistance Memorial Center Foundation publications for a small charge. To do so, we require some of your personal data, such as your name, address, and in some cases telephone number (if the order is to be sent outside of Germany). For this form of data processing we need your express consent, which you can revoke at any time. This also applies to requests for our publications via e-mail.

b) Legal basis of the data processing

Your personal data is processed in this context on the basis of article 6.1.1.(a) GDPR.

c) Purpose of the data processing

We need the personal data you enter in the online form to send you the publications you request. We use the data only for this purpose.

d) Storage period

We store the data until the end of the year in which you make the order, as we are obliged to document and retain the data and our services, and then the data is deleted.

5. Processing personal data in connection with pseudonymized use analysis through the web service Matomo (Piwik)

a) Description and scope of the data processing

Our website uses the web analysis service Matomo (Piwik). Matomo (Piwik) uses cookies. Cookies are text-information files that your web browser stores on your computer when you open a website. As these files cannot be executed as program code, they cause no harm and cannot contain viruses. We do not use any tracking or identifying cookies. The cookies used by our website are what is known as session cookies. They automatically lapse at the end of the session and are not stored permanently.

b) Legal basis of the data processing

The legal basis for this data processing is article 6.1.1.(f) GDPR. Our entitled interest results from the purpose of this data processing as detailed below.

c) Purpose of the data processing

The cookies employed by the web analysis service Matomo (Piwik) are used for the purpose of improving our website and enable us to analyze its use. The usage information created by the cookie (including your abbreviated IP address) is transferred to our server and stored for usage analysis purposes. Your IP address is immediately pseudonymized in the process, meaning you remain anonymous for us. We do not pass on the information created by the cookie on your use of this website to third parties. You can prevent the use of cookies through the settings in your browser software, but it is possible that you will then not have full use of all functions of this website.

If you do not agree to the storage and analysis of the anonymous data on your visit we collect via Matomo (Piwik), you can prevent the storage and use by using the Matomo (Piwik) opt-out function. In this case, an opt-out cookie will be installed on your browser, resulting in Matomo (Piwik) not collecting any session data. Please note: If you delete your cookies, this results in the opt-out cookie also being deleted and you will have to activate it again to achieve the same result.

V. Rights of the data subject

If we process your personal data you are a data subject in accordance with GDPR, and you have the following rights from the controller:
 

1. Right to information

You can obtain confirmation of whether we are processing your personal data.

If we are processing your personal data, you can also obtain the following information from us:

• the purposes for which your personal data are processed;

• the categories of personal data processed;

• the recipients or categories of recipients to whom your personal data has been or will be revealed;

• the planned storage period of your personal data; or, if specific details are not possible, criteria for determining the storage period;

• the existence of a right to correct or delete your personal data;

• the existence of a right to correct or delete your personal data, a right to restrict their processing by the controller, or a right to object to this processing;

• the existence of a right to complain to a regulatory authority;

• all available information on the origin of the data, if your personal data were not collected from you, the data subject.

2. Right to correction

If your processed personal data are incorrect or incomplete, you have a right to correction and/or completion. We must undertake the correction without delay.


3. Right to restrict processing

You can obtain the restriction of processing of your personal data under the following conditions:

• if you dispute the correctness of your personal data for a period that allows us to check the data’s correctness;

• if the processing is unlawful and you reject the deletion of your personal data and instead demand the restriction of the use of your personal data;

• if we no longer require your personal data for the processing purpose, but you require the data to be stored for the assertion, exercise, or defense of legal claims, or

• if you have lodged an objection to the processing in accordance with article 21.1. GDPR and it has not yet been established whether the controller has reasonable grounds for the processing to outweigh your objection.

If the processing of your personal data has been restricted, these data – aside from their storage – may only be processed with your consent, or for the assertion, exercise, or defense of legal claims, or for the protection of another natural or legal person’s rights, or on grounds of an important public interest on the part of the EU or a member state.

If the restriction of processing has been carried out according to the above conditions, we will inform you before the restriction is removed.
 

4. Right to deletion

a) Obligation to delete personal data

You can demand that we delete your personal data without delay, and we are obliged to delete the data immediately, provided one of the following reasons applies:

• if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

• if you revoke your consent, on which the processing was based in accordance with article 6.1.1.(a) GDPR or article 9.2.(a) GDPR, and there is no other legal basis for the processing;

• if you lodge an objection to the processing in accordance with article 21.1. GDPR and there are no overriding reasonable grounds for the processing, or if you lodge an objection to the processing in accordance with article 21.2. GDPR;

• if your personal data are processed unlawfully;

• if the deletion of your personal data is required to fulfill a legal obligation according to EU law or the law of the member states to which we are subject;

• if your personal data was collected in relation to the offer of information society services in accordance with article 8.1. GDPR.

b) Information provided to third parties

If the controller has made your personal data public and is obliged to delete the data in accordance with article 17.1. GDPR, the controller shall take appropriate measures, taking into account the available technology and the cost of implementation, including technical measures, to inform the processors working with the personal data that you as a data subject have demanded they delete all links to your personal data or copies or replicates of your personal data.

c) Exceptions

The right to deletion does not exist if the processing is necessary:

• to exercise the right to free speech and information;

• to fulfill a legal obligation requiring the processing according to EU law or the law of the member states to which we are subject, or to carry out a task assigned to us and performed in the public interest or for the exercise of public authority;

• on grounds of public interest in the area of public health, in accordance with articles 9.2.(h) and (i) and 9.3. GDPR;

• for archiving purposes in the public interest, scientific or historical research purposes, in accordance with article 89.1. GDPR, provided the right detailed in section a) above would presumably make it impossible to achieve the aims of this processing or would seriously affect it; or

• for the assertion, exercise, or defense of legal claims.

5. Right to information

If you have exercised your right to correction, deletion, or processing restriction of your personal data, we are obliged to inform all recipients to whom your personal data has been revealed of this correction or deletion of the data, or the restriction of their processing, unless this proves impossible or would involve a disproportionate effort.

You have a right to be informed of these recipients.
 

6. Right to data portability

You have the right to receive your personal data provided to us in a structured, common, and machine-readable format. You also have the right to send these data to another controller without hindrance by us, to whom the personal data was provided, if:

• the processing is based on consent in accordance with article 6.1.1.(a) GDPR or article 9.2.(a) GDPR or on an agreement in accordance with article 6.1.1. (b) GDPR, and

• the processing takes place with the aid of an automated procedure.

In exercising this right, you also have the right to obtain that your personal data is sent directly by us to another controller, provided this is technically possible. This may not affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary to carry out a task assigned to us and performed in the public interest or in the exercise of public authority.
 

7. Right of objection

You have the right to lodge an objection to the processing of your personal data taking place on the basis of articles 6.1.(e) or (f) GDPR at any time, on grounds arising from your specific situation.

The controller will no longer process your personal data, unless we can prove compelling and legitimate grounds that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
 

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out up to the date of revoking consent.
 

9. Right to complain to a supervising authority

Irrespective of any other administrative or judicial legal remedy, you have the right to complain to a supervising authority, particularly in the member state of your current residence or workplace, or the place of the alleged infringement, if you consider the processing of your personal data violates GDPR.

The supervisory authority to which the complaint is submitted will inform you, the complainant, of the current status and the outcome of the complaint, including the possibility of judicial legal remedy in accordance with article 78 GDPR.
 

If you would like to exercise these rights, please contact us:

German Resistance Memorial Center
Prof. Dr. Johannes Tuchel
Stauffenbergstraße 13-14
10785 Berlin

Germany
Telephone: +49 (0)30-26 99 50 00
E-mail: tuchel@gdw-berlin.de

VI. Security

The server for this website is located in Germany. We have taken wide-ranging technical and operative measures to protect your data from accidental or deliberate manipulation, loss, destruction, or access by unentitled persons. Our security measures are regularly checked and updated in line with technical progress.

The e-mail addresses provided on the website are not yet equipped for e-mails with digital signatures. We would like to point out that when sending e-mails, data transmission is unsecured, and the data may therefore theoretically be viewed by unauthorized persons or falsified.

VII. Changes to this privacy policy

For legal and/or organizational reasons, changes or amendments to our privacy policy will be necessary from time to time. We therefore recommend you read this privacy policy again on occasion. Please note the current version of our privacy policy. This policy was last updated in September 2022.