THE ENGLISH TRANSLATIONS IS FOR INFORMATION PURPOSES AND IS NOT LEGALLY BINDING.
IN THE CASE OD DICREPANCIES BETWEEN THE GERMAN UND ENGLISH VERSIONS, THE GERMAN VERSION SHALL PREVAIL.

Privacy notice

Introduction

The exploratorium berlin (hereinafter also referred to as “we” or “exploratorium”) is very pleased that you have shown interest in our company. Data protection is of a particularly high priority for the management of the exploratorium.

The exploratorium berlin, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, e.g. by telephone.

In the following, we would like to inform the public about the type, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled by means of this data protection information.

Content

1. Name and address of the controller

2. Collection and processing of general data and information
Categories

• Routine deletion and blocking of personal data
• Data security and security measures
• Rights of the data subject
• Legal basis for data processing

3. Data collection on our website

• Log files
• Use of cookies
• Integration of third-party applications, services and content
• Contacting us & electronic notifications
• Newsletter
• Embedded videos
• Embedded calendars
• Yoast

4. Social media presence

• Social networks – data collection in general
• Our presence in social networks

5. Changes and updates to the data protection information

6. Definitions | Glossary

1. Name and address of the person responsible for processing

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

Lilli-Friedemann-Stiftung
Wilskistr. 56
14163 Berlin
Germany
Tel.: 0049-(0)30-84 72 10 11
E-mail: datenschutz@exploratorium-berlin.de
Website: www.lilli-friedemann-stiftung.de and www.exploratorium-berlin.de

2. Collection and processing of general data and information

It is generally possible to use the exploratorium berlin website without providing any personal data.

Categories of processed data

The exploratorium berlin website collects a series of general data and information each time the website is accessed by a data subject or an automated system. In principle, this only happens to the extent that this is necessary to provide a functional website and our content and services. This general data and information is stored in the server’s log files:

• browser types and versions used,
• IP address and operating system of the requesting device,
• Websites from which the user accesses our website,
• Websites that the user accesses via our website,
• the date and time of access to the website,
• an Internet protocol address (IP address),
• the Internet service provider of the accessing system and
• other similar data and information that serves to avert danger in the event of attacks on our information technology systems.

In addition, we process the following personal data if there is a contractual relationship between you and us or you have otherwise transmitted the data to us (see also legal basis for data processing):

• Personal master data (name, address)
• Communication data (telephone number, email address)
• Contract master data (e.g. contractual relationships such as rental agreements)
• Billing and payment data (e.g. from ticket reservations, event registrations and/or through media purchases: CDs, books, magazines)

Routine deletion and blocking of personal data

The person responsible for processing processes and stores the personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if this is required by the European legislator or another legislator in laws or regulations which are applicable to the data controller is subject to. If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another responsible legislator expires, the personal data will be blocked or deleted routinely and in accordance with legal regulations. Further information on the deletion of personal data can also be found in the individual data protection information in this data protection information.

Data security and security measures

We are committed to protecting your privacy and keeping your personal information confidential. However, we would like to point out that due to the structure of the Internet it is possible that the data protection rules and the above. Security measures are not observed by other people or institutions that are not within our area of ​​responsibility. In particular, data disclosed unencrypted – e.g. B. if this is done by email – can be read by third parties. We have no technical influence on this.
We link to websites of other providers or have integrated elements from you into ours. This data protection information does not apply to this – we have no influence on these sites and cannot control whether others comply with the applicable data protection regulations.

SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator.

You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Use of service providers
Service providers in countries such as the United States or other countries outside the EU or the countries of the European Economic Area are subject to data protection laws that generally do not protect personal data to the same extent as is the case in member states of the European Union.

Note on data transfer to the USA
Our website includes, among other things, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Shortening of the IP address
If it is possible for us or if it is not necessary to store the IP address, we will shorten your IP address or have it shortened. In the case of shortening the IP address, also known as “IP masking”, the last octet, i.e. the last two numbers of an IP address, is deleted (the IP address in this context is an Internet connection through the online -Access provider individually assigned identifier). Shortening the IP address is intended to prevent or make it significantly more difficult to identify a person based on their IP address. If so, then rephrase the text!

Rights of the data subject

• According to Art.15 GDPR, you have the right to request information about your personal data processed by us. According to Art.15 GDPR, you have the right to request information about your personal data processed by us. In this context, in accordance with Article 15 Para. 3-4 GDPR, you also have the right to receive a copy of your personal data processed by us.
• According to Art. 16 GDPR, you can immediately request the correction of incorrect personal data or the completion of your personal data stored by us.
• According to Art. 17 GDPR, you can request the deletion of your personal data stored by us.
• According to Art. 18 GDPR, you can request the restriction of the processing of your personal data.
• According to Art. 20 GDPR, you can request to receive the personal data you have provided to us in a structured, common and machine-readable format and you can request that it be transmitted to another person responsible.
• According to Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer allowed to continue data processing based on this consent in the future.
• According to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence, your place of work or our company headquarters.

Right to object

When processing your personal data on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR or Article 6 Paragraph 1 Clause 1 Letter e) GDPR, you have the right in accordance with Art. 21 GDPR to object to the processing of your personal data. In the event of such an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims . In the case of direct advertising, you have the right to object at any time to the processing of your personal data. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Legal basis for data processing

The GDPR adheres to the principle of a ban subject to permission for the processing of personal data. To be lawful, any data processing must therefore be based on a specific legal basis. The most important legal bases are standardized in Article 6 Para. 1 GDPR. Thereafter, data processing can either be legitimized by the consent of the person concerned or based on a legal authorization ground:

a. Consent (Art. 6 Para. 1 lit. a) GDPR).
The data subject has given their consent voluntarily, informedly, for specific processing and a specific purpose (e.g. email, newsletter).

b. Contractual relationship (Art. 6 Para. 1 lit. b) GDPR).
Data processing is lawful to the extent that it is necessary for the fulfillment of a contract to which the data subject is a party or to carry out pre-contractual measures (e.g. rental agreement).

c. Other statutory processing authorizations (Art. 6 Para. 1 lit. c+d) GDPR).
In particular, data processing continues to be permitted to the extent that it is necessary to fulfill a legal obligation to which the person responsible is subject in order to protect the vital interests of the data subject or another natural person (e.g. Corona contact list).

d. Legitimate interest (Art. 6 para. 1 lit. f) GDPR).
Data processing is permitted if it is necessary to protect the legitimate interests of the person responsible or a third party and provided that the interests or fundamental rights and freedoms of the data subject do not outweigh them (e.g. forms, newsletters, emails, log files).

3. Data collection on our website

Log files

When you access our website, we collect data about every access to the server on which this service is located (log files).
Since this data is technically necessary for us to display our websites to you and to ensure stability and security and, in particular, we can offer protection against misuse, we process your data on the basis of our legitimate interest in accordance with Art. 6 Para. 1 Sentence 1 lit. f) GDPR in data processing, the security of which we guarantee with state-of-the-art protective measures.
The data is also stored in the log files of our system. This data will not be stored together with your other personal data.
The data is deleted after 30 days, the IP addresses are usually deleted after ten days.
Since the collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website, you have no option to object here and you cannot use our services in this case.
Your data will be passed on to our hosting service providers.

Use of cookies

Our websites use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain third-party services.
Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. displaying videos). Other cookies are used to evaluate user behavior (e.g. websites visited, interest in content).

Legal basis for the use of cookies
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are used stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing cookies in order to provide its services in a technically error-free and optimized manner. If consent to the storage of cookies has been requested, the relevant cookies will be stored exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Integration of third party applications, services and content

Contributions on this website may contain embeds, i.e. embedded content, in order to optimize our offers (e.g. calendar subscriptions) and to offer you further interesting recommendations (e.g. links to videos or to other organizers).

Embedded content from other websites behaves exactly as if the visitor had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Some such content comes from US companies. By integrating their content, cookies and similar technologies can be used by them and data can be transmitted to them in the USA (e.g. your IP address, browser information, cookie ID, pixel ID, page accessed, date and time of access). Details about the integrated content of the individual networks or these companies and the data processing that takes place within them as well as your data protection rights, which can also include advertising purposes, can be found here?

Contact and electronic notifications

If you contact us, we will only collect personal data (e.g. name, email address, telephone number) if you provide it to us yourself. You can send this to us, for example, using a form, email or letter. Your personal data will only be used for contact or for the purpose for which you provided us with this data, e.g. to process your inquiries.

Providing this information (including information about communication channels such as email address and telephone number) is expressly done on a voluntary basis. The data will only be used to process your request (Art. 6 Para. 1 S. 1 lit. b) and f) GDPR).

Our reservation and registration forms are created with the open source plugin “Contact Form 7”. When using the forms, your name, contact and address details, which are necessary for the purpose of holding the events, will be requested.

The legal basis for this is Article 6 Paragraph 1 Sentence 1 b + c) GDPR. Without processing the personal data we would not be able to carry out the registrations. The data will not be used for advertising purposes and will only be passed on to third parties if a co-organizer or event service provider is allowed to receive this data (e.g. for events in off-site venues or currently: release to a health authority due to the corona pandemic).

As soon as the purpose for collecting the data and legal retention requirements have been fulfilled, the data will be deleted.

Newsletter

The exploratorium berlin regularly sends newsletters using the MailPoet plugin.

Registration and confirmation email
For an effective newsletter registration we need a valid email address. In order to check that registration was actually made by you and your email address, we use the “double opt-in” procedure. For this purpose, we record the ordering of the newsletter, the sending of a confirmation email and the receipt of the requested response. This is necessary in order to be able to provide evidence of the registration process in accordance with legal requirements.
Only after receiving the confirmation email will your email address be added to the newsletter mailing list and only then can we send you our newsletter (automatically). This ensures that your email address has not been entered by third parties without your knowledge.
If you do not confirm your email address, you will not receive further communications from us. Your email address will then be deleted.

Unsubscribe
If you no longer wish to receive our newsletter, write either:
1. An email to newsletter@exploratorium-berlin.de requesting that we no longer send newsletters to you. To do this, however, we need the exact email address from you to which we sent our newsletter. And the information as to whether you would like to unsubscribe from a) the exploratorium newsletter, b) the boy explo newsletter or c) both newsletters.
Or:
2. You unsubscribe using the so-called single opt-out procedure we use. To do this, open one of our newsletters sent (by email) that you would like to unsubscribe from and click on the “unsubscribe link” which is located at the end of each newsletter. You will then be redirected to our website, where you will be confirmed (automatically) by unsubscribing from all newsletters with: “You are now unsubscribed”. The cancellation will take effect immediately and you will no longer receive any newsletters from us. If you did not intend to do this, at this point you have the option of using the “Manage your subscription” link to select which newsletter you would like to receive, namely a) the exploratorium newsletter, b) the Junge explo newsletter or c ) both newsletters.

Data collection
When you register to receive our newsletter, you will need an email address.
In order to make our newsletter interesting for you, we statistically record which links users have clicked in the newsletter. By registering, you agree to this statistical recording.
No further data is collected.
Your email address will only be used to send the newsletter and will not be passed on to third parties. Subscribers can also be informed by email about circumstances that are relevant to the service or registration (e.g. changes to the newsletter offer or technical circumstances).

Legal basis
Based on your express consent (Art. 6 Para. 1 lit. a GDPR), we will regularly send you our newsletter or comparable information by email to the email address you provided. You can revoke your consent to the storage of your personal data and its use for sending newsletters at any time with effect for the future. There is a corresponding link in every newsletter or you can inform us of your revocation using the contact option provided at the beginning of this data protection notice (person responsible).

Storage period
The data will only be processed in this context as long as the relevant consent is given. They will then be deleted. After 12 months of “inactive use of the newsletter”, the email address will be automatically deleted.

Provision mandatory or required
The provision of your personal data is voluntary, solely based on your consent. Unfortunately, we cannot send you our newsletter without your consent.

Service used and service provider
MailPoet: Newsletter plugin with which emails can be sent directly from WordPress (by adding the email address to a mailing list) without going through a server; Service provider: MailPoet: 6 rue Dieudé, 13006, Marseille, FRANCE; Website: https://www.mailpoet.com/; Data protection declaration: https://www.mailpoet.com/privacy-notice/

Embedded videos

a) Vimeo – Type and purpose of processing:
Some of our websites contain plugins from the video portal Vimeo from Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.

Every time you visit a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there. Through interactions with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there. The data protection declaration for Vimeo with further information on the collection and use of your data by Vimeo can be found in the Vimeo data protection declaration. If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website. Vimeo also calls up the Google Analytics tracker via an iFrame in which the video is viewed. This is Vimeo’s own tracking, which we do not have access to. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. You can also prevent Google from collecting the data generated by Google Analytics and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de

The legal basis for the integration of Vimeo and the associated data transfer to Vimeo is your consent (Art. 6 Para. 1 lit. a GDPR).

Recipient: Accessing YouTube automatically triggers a connection to Google.

Third country transfer: Vimeo processes your data in the USA and has submitted to the EU_US Privacy Shieldhttps://www.privacyshield.gov/ EU-US framework.

Provision required or required:
The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

b) YouTube – Type and purpose of processing:
YouTube videos are embedded on some of our websites. YouTube is a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 (USA). YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells YouTube which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.
If a YouTube video is started, the provider uses cookies that collect information about user behavior.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the provider’s data protection declarations. There you will also find further information on your relevant rights and setting options to protect your privacy (https://policies.google.com/privacy). Google processes your data in the USA and is subject to the EU-US Privacy Shield www.privacyshield.gov/EU-US-Framework

The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 Para. 1 lit. a GDPR).

Recipient: Accessing YouTube automatically triggers a connection to Google.

Storage period and revocation of consent:
Anyone who has deactivated the storage of cookies for the Google Ad program will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.
Further information on data protection at “YouTube” can be found in the provider’s data protection declaration at: https://www.google. de/intl/de/policies/privacy/

Third country transfer:
Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US -Framework.

Calendar

We embed the following iCal solutions on our website:

1. Apple iCal calendar: The operator of this calendar is Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014 (hereinafter “Apple”).
2. Google calendar: The operator of the corresponding plugin is Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google”).
3. Microsoft Outlook calendar: The operator of this calendar is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “Microsoft”).

When you visit our site, a connection is made to the servers of Apple, Google & Microsoft  manufactured. All three providers are informed which pages you visit.

Purpose of integration: On our website we offer you buttons (iCal) or links so that you can add the interactive version of our calendar (or individual appointments) to your own calendar (calendar subscription).

The calendar operators’ privacy policy can be found here:

1. Apple: https://www.apple.com/de/legal/privacy/de- ww/
2. Google: https://www.google.com/policies/privacy/. Google processes your data in the USA and is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU -US Framework
3. Microsoft: https://privacy.microsoft.com/de-de/privacystatement

Legal basis:
The legal basis for the integration of Apple iCal Calendar, Google Calendar and   and the associated data transfer to Google is your consent (Art. 6 Para. 1 lit. a GDPR).

Recipient:
Calling up Apple iCal Calendar automatically triggers a connection to Apple.
Opening Google Calendar automatically triggers a connection to Google.
Calling up Microsoft Outlook Calendar automatically triggers a connection to Microsoft.

Third country transfer:
Apple, Google and Microsoft process your data in the USA and have submitted to the EU_US Privacy Shield https://www.privacyshield.gov /EU-US framework.

Provision mandatory or required:
The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions when using this calendar on the website.

Yoast SEO

We use plugins from Yoast SEO on our website. This is an offer from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands, Tel: +31 (0)24 82 00 337 (Chamber of Commerce / KvK: 55404367, VAT Number: NL851692540B01).

This plugin takes care of the complete technical optimization of our websites for search engines. It also helps in content development. For further information, please see Yoast BV’s privacy policy, which you can view at https://yoast.com/privacy-policy/ can.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

4. Social media appearances

Social networks – data collection in general

We maintain publicly accessible social media profiles. You can find the social networks we use in detail below.
Social networks such as Facebook, Twitter, etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. share buttons or advertising banners). To limit this, we use the “Shariff Wrapper” solution when implementing it on our website. As a result, the share buttons are only integrated on the website as a graphic that contains a link to the corresponding website of the button provider. Unless you click on the graphic, there will be no exchange between you and the providers of the social media buttons.

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot understand all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection regulations of the respective social media portals.

Legal basis
Our social media presence is intended to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered by this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint). us as well as against the operator of the respective social media portal (e.g. Facebook).
Please note that despite our shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.

Storage period

The data we collect directly via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).

Our presence in social networks

Facebook
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data will also be transferred to the USA and other third countries. You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www. facebook.com/settings?tab=ads.
Details can be found in Facebook’s privacy policy: https://www.facebook.com/about /privacy/.

Instagram
We have a profile on Instagram. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data will also be transferred to the USA and other third countries. Details about how they handle your personal data https://de-de. facebook.com/help/instagram/519522125107875

YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de

Vimeo
We have an account on Vimeo. The provider is Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Details on how they handle your personal data can be found in Vimeo’s privacy policy at: https://vimeo.com/ privacy

5. Changes and updates to the data protection information

We regularly make adjustments to our data protection information. We therefore ask you to regularly inform yourself about the content of our data protection information.

If you have any questions about data protection at the exploratorium berlin, please write us an email: info@exploratorium-berlin .de

6. Definitions | Glossary

The data protection information of the exploratorium berlin is based on the terms used by the European legislator for directives and regulations when issuing the General Data Protection Regulation (GDPR). Our data protection information should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used.

We use the following terms, among others, in this data protection information:

a) personal data
Personal data is any information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b) data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing
Processing is any operation or series of operations carried out on personal data, whether or not by automated means, such as collecting, recording, organizing, classifying, storing, adapting or modifying, reading out, querying, using, disclosure by transmission, distribution or other form of provision, alignment or association, restriction, deletion or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling
Profiling is any type of automated processing of personal data which consists in using these personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict the preferences, interests, reliability, behavior, location or movements of that natural person.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data not be assigned to an identified or identifiable natural person.

g) Controller or person responsible for processing
The person responsible or responsible for processing is the natural or legal person, public authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.

i) Recipient
The recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

j) Third party
Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

k) Consent
Consent is any voluntary, informed and unambiguous expression of wishes given by the data subject for a specific case, in the form of a statement or other unequivocal affirmative action, by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her is.

l) Gender neutrality
The terms used are to be understood as gender-neutral (m/f/diverse). They are not always used additively for the sake of better readability.