Data protection statement*

I. Scope

Kulturprojekte Berlin GmbH, Klosterstraße 68, 10179 Berlin-Mitte (hereinafter referred to as “Kulturprojekte Berlin” or “we/us”) operates the website accessible at www.kulturprojekte.berlin and its respective sub-directories (hereinafter also referred to as the “website”), which includes the respective project sites (hereinafter referred to together as the “websites”), the sub-pages for the web shop (https://shop.kulturprojekte.berlin), the sub-pages for the job and application portal (https://jobs.kulturprojekte.berlin), the “Datenhub” database (located at https://datenhub.kulturprojekte.berlin) and various social media profiles (hereinafter referred to as “social networks”).

This privacy notice is designed to provide you with information about the data we collect and process when you visit our websites – including all project pages and sub-pages – as well as when you visit our social media profiles and subscribe to our newsletter. In publishing this privacy notice, we are fulfilling our legal obligation to provide users with information in accordance with Art. 13 and Art. 14 of the European Union’s General Data Protection Regulation (GDPR).

II. Controller

Kulturprojekte Berlin GmbH
Klosterstraße 68
10179 Berlin-Mitte

Managing director: Moritz van Dülmen
Contact person: Antje Schröder
Contact details: website@kulturprojekte.berlin

III. Data protection officer

Mr. Michael Funke
JBB Data Consult GmbH
Friedrichstraße 95
10117 Berlin

datenschutz@kulturprojekte.berlin
Tel. +49 30 443 765 0

IV. Purposes and legal bases as well as duration of data processing

1. Data processing on the websites to which this privacy policy applies

a) Company website (https://kulturprojekte.berlin)

The Kulturprojekte Berlin website automatically collects and stores information in its server log files that your browser transmits to us. This information comprises the following:

  • browser type
  • operating system used
  • referrer URL (the previously visited page)
  • host name of the accessing computer (IP address)
  • time stamp of the request

This information does not permit Kulturprojekte Berlin to draw any conclusions about you as a specific person. Insofar as a connection IP address is processed, the legal basis for this processing is derived from Art. 6(1)(f) GDPR. Our legitimate interest here is to offer you access to our website and to enable you to use the site, as well as for us to be able to track unauthorised access attempts and unlawful use of the website or portal.

We store our log files for 24 hours.

b) Web shop (https://shop.kulturprojekte.berlin)

The sub-page for our web shop (https://shop.kulturprojekte.berlin) is provided by Jimdo, an external service provider. Invoicing is additionally carried out by the external service provider PamConsult Software und Beratungsgesellschaft mbH. For more information, please refer to section Section XI. Use of technologies and integration of external services: 8 a) Jimdo (web shop).

c) Job- and application portal (https://jobs.kulturprojekte.berlin)

The sub-page of our job and application portal (https://shop.kulturprojekte.berlin) is provided by rexx Systems GmbH, an external service provider. For more information, please refer to section Section XI. Use of technologies and integration of external services: 8 b) Rexx (job portal).

c) The „Datenhub“ database (https://www.datenhub.kulturprojekte.berlin)

When you register with our “Datenhub” database (https://www.datenhub.kulturprojekte.berlin), we will ask first and foremost for your name and e-mail address. After that, we will process the login data you provide during registration solely for the purpose of making it possible for you to access to your user account and then for the purpose of making that account available to you for use. In this case, the legal basis for the processing of your data is anchored in Art. 6 (1) (b) GDPR, because it is necessary that we process your data in order to be able to make your account available to you.

We store your data for as long as you are registered as having a user account with us. After that, your data will be deleted immediately. If you wish to delete your user profile, please contact the applicable contact persons on the respective project teams or send an e-mail to datenhub@kulturprojekte.berlin.

2. Newsletter (mailing list)

We offer interested parties the opportunity to subscribe to our e-mail newsletter. For this purpose we ask that you provide us with your e-mail address. We also analyse our newsletter service by collecting certain usage data.

The legal basis for the processing of your data for the purpose of sending you a newsletter is your consent in accordance with Art. 6 (1) (a) GDPR. The analysis of your usage data is based on the principle of legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest here is anchored in our desire to optimise our newsletter service.

If you would like to receive the newsletter we offer on our website, you will be asked to provide us with an e-mail address as well as with information that allows us to verify that you are the rightful owner of the given e-mail address and that you agree to receive the newsletter.

In order to ensure that the newsletter is sent to you with your consent, we use the so-called double opt-in procedure. In the course of this procedure, the prospective recipient is added to the mailing list. After that, the user receives a confirmation e-mail with a request that they confirm their registration in a legally secure manner. Only after the user confirms their registration will their address be actively added to the mailing list.

We use this data exclusively for the purpose of sending information and offers that have been requested by the user.

We use the newsletter software of Sendinblue GmbH. As part of this software process, your data is transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data or using it for purposes other than the sending of the newsletters. Sendinblue GmbH is a certified German provider that we selected in accordance with the requirements set out in the EU’s General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (Bundesdatenschutzgesetz).

For further information, please visit: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go

You can withdraw your consent to the storage and processing of your data for the purpose of sending the newsletter at any time by visiting the following site: https://kulturprojekte.berlin/abmeldeformular.

V. Contact

We offer you the opportunity to contact us, for example via our e-mail address or by telephone. When you send us an e-mail, you provide us in most cases with your e-mail address, your name, a subject header and the content of your enquiry. We process this data in order to be able to answer your enquiry. This purpose also constitutes our legitimate interest in data processing (Art. 6(1)(f) GDPR). If necessary, this processing may also takes place for the performance of a contract with you. The legal basis in this case is Art. 6(1)(b) GDPR.

In general, we store your enquiry for as long as necessary to process your enquiry, unless any legal provisions prohibit such a deletion and/or, in particular, if further storage is required in accordance with Art. 6(1)(f) GDPR for the purpose of complying with obligatory storage periods in accordance with Art. 6(1)(c) GDPR. If the enquiry is made in the context of an existing or prospective contractual relationship with us, the storage period will depend on the underlying contractual relationship.

VI. Data processing period

Unless a data storage period is expressly mentioned elsewhere in this data protection statement, we will process your data only as long as required for the purpose of processing. In addition, we may store your data, if necessary, for the purpose of establishing, exercising and defending legal claims or to comply with statutory data retention periods. The legal basis for this is Art. 6(1)(c) GDPR in conjunction with §147 and §257 of Germany’s Fiscal Code (AO) as well as Art. 17(3) GDPR. We will delete your data as soon as we no longer need it for these purposes.

VII. Recipients of your data (categories of recipients)

Your data will be processed internally by those members of our staff who are responsible for the matter that concerns you. We also use external service providers insofar as we are not able – or cannot reasonably – perform the services ourselves. These external service providers are primarily providers of IT services, such as hosts, e-mail providers or telecommunications providers.

VIII. Data transfer to a third country

Unless expressly stated elsewhere in this data protection statement, we do not intend to transfer your personal data to a third country outside of the EU or EEA states.

IX. Rights of the data subject

The European Union’s General Data Protection Regulation (GDPR) guarantees to you certain rights which you can assert to the extent that a legal basis exists.

  • Art. 15 GDPR – The data subject’s right to information: You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, to be informed as to what these data are as well as more detailed information on the nature of the data processing.
  • Art. 16 GDPR – Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Art. 17 GDPR – Right to erasure (‘right to be forgotten’): You have the right to obtain from us the erasure of personal data concerning you without undue delay.
  • Art. 18 GDPR – Right to restriction of processing: You have the right to obtain from us the restriction of processing.
  • Art. 20 GDPR – Right to data portability: If the processing is based on consent or a contract, you have the right to receive the personal data concerning you and which you provided to us in a structured, commonly used and machine readable format, and to transmit this data to another controller without hindrance from us. You also have the right to have those data transmitted directly from us to another controller, insofar as this is technically feasible.
  • Art. 21 GDPR – Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is necessary due to a legitimate interest on our part or for the performance of a task carried out for reasons of public interest or in the exercise of official authority.

If you make use of your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

Where we process your personal data for direct marketing purposes, you have the right to object at any time to this processing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

  • Art. 77 GDPR in conjunction with § 19 of Germany’s Federal Data Protection Act (BDSG) – Right to lodge a complaint with a supervisory authority:

You have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal information relating to you violates applicable law.

  • Withdrawal of consent: If you have given us consent, you have the right to withdraw this consent at any time. All data processing that we have carried out up to the point of your withdrawal of consent will remain lawful in this case. For the purpose of withdrawing your consent, we ask that you send us a message at one of the abovementioned addresses.
X. Obligation to provide data

You have no contractual or legal obligation to provide us with personal data. However, without the data you provide, we may not be able to provide you with our services.

XI. Existence of automated decision making (including profiling)

We do not use automated decision making that has any legal impact on you or adversely affect you.

XII. Use of technologies and integration/involvement of external services

1.Cookies and other technologies 

Our websites use so-called cookies and other technologies. They help to make our services more user-friendly, effective and secure. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on whatever device you are using until you delete them yourself. These cookies make it possible for us to recognise your browser upon your next visit to our website.

You can usually adjust your browser settings to inform you when cookies are stored, to only allow cookies in individual cases, to prohibit the acceptance of cookies in certain cases or overall, and to activate the automatic deletion of cookies when closing your browser. When you deactivate cookies, it might limit the functionality of these websites.

The legal basis for the processing of personal data in this context derives from Art. 6(1)(f) GDPR insofar as the cookies are used to provide the services you have requested. Our legitimate interest here is to provide you with the best possible user experience. To the extent that cookies are not required, they are used with your consent in accordance with Art. 6(1)(a) GDPR, which you can revoke at any time with effect from that moment on.

2. User access analysis 

a) Google Analytics 

This website makes use of the functions offered by the web analysis service Google Analytics. The provider is Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).

We use Google Analytics to analyse the visits made to our website. For this purpose, Google Analytics uses cookies that have the names [names of the cookies] and whose storage period is […] days. The information created by cookies in connection with your use of this website will usually be transmitted to a server belonging to Google in the US, where it will be stored. In this process, we use the function anonymizeIP, which anonymises your IP address by abbreviating it, which means that the IP address is not saved by Google in its complete form. For the purposes of data transmission to the US, we have concluded so-called standard data protection agreements with Google LLC. You may request a copy at datenschutz@kulturprojekte.berlin. More information on how Google Analytics handles user data can be found in Google’s own data protection statement: https://support.google.com/analytics/answer/6004245  

The legal basis for this processing is your consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent to the use of web analysis at any time with effect from that moment on by clicking here (opt-out link). In this case, a so-called opt-out cookie will be stored in your browser to ensure that Google Analytics no longer collects any data from you. However, if you delete your cookies, the opt-out cookie will also be deleted and you will be asked again for your consent the next time you visit our websites.

In addition to revoking your consent, you can also generally prevent the collection of your data by Google Analytics by clicking on the following link https://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be stored in your browser which will prevent the collection of your data upon future visits to this website.

3. Social networks 

We have profiles on social networks. Our social media accounts complement our website and give you the opportunity to interact with us. As soon as you access our social media profiles on social networks, the terms and conditions and data processing policies of the respective operators apply.

Strictly speaking, we have no influence on the data processing carried out on social networks. When you use the services of these networks, the data collected about you is processed by the networks themselves and may be transmitted to countries outside the European Union. Information on which data are processed by social networks and for what purposes is found below in the privacy policies and data protection statements of the respective networks. We use the following social networks:

a) Facebook 

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland-Ireland.
Privacy policy: www.facebook.com/about/privacy
Opt-out options: www.facebook.com/settings?tab=ads und www.youronlinechoices.com 
About Insights: www.facebook.com/legal/terms/information_about_page_insights_data 

b) Instagram and Threads

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA as a subsidiary of Facebook.
Data protection statement / Opt-out options: https://help.instagram.com/519522125107875 

c) LinkedIn 

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Privacy policy: www.linkedin.com/legal/privacy-policy 
Opt-out options: www.linkedin.com/psettings/?trk=nav_account_sub_nav_settings 

d) TikTok

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland.
Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de
Opt-out options: https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data/personalization-and-data

e) X (Former Twitter)

Twitter International Unlimited Company, c/o: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
Privacy policy: https://twitter.com/de/privacy 
Opt-out options: www.twitter.com/personalization 

f) Xing 

New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Data protection statement: https://privacy.xing.com/de/datenschutzerklaerung 

g) YouTube 

YouTube LLC as a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de 
Opt-out options: https://adssettings.google.com/authenticated 

 

When you send us enquiries via social media profiles, we process your personal data in our function as data controller. We process this data as a way of responding to your enquiries, which is also our legitimate interest in accordance with Art. 6 (1)(f) GDPR.

As joint controllers alongside the following networks, we are also jointly responsible for the following processing in accordance with Art. 26 GDPR.

When visiting our profiles on Facebook, Instagram and LinkedIn, each of these networks collects aggregated statistics (“Insights data”) that are created from certain events logged by their servers when you interact with our profiles and related content. We receive these aggregated and anonymous statistics from the networks with regard to the use of each profile. In general, we are not able to attribute data to specific users. We are able only to a certain extent to determine the criteria according to which each network creates these statistics for us. We use these statistics to make our profiles more interesting and informative for you. This also establishes our justified interest in accordance with Art. 6(1)(f) GDPR in the data collection carried out by the respective social network in order to provide us with statistics.

Further information on this data processing can be found in each of the site’s Joint Controller Agreements:

* Please note: This is an English translation of the original German Datenschutzerklärung (data protection statement). It provides an overview of your data protection rights and the manner in which we process your personal data. This English translation is intended solely as a convenience to the non-German-reading public. If there is any divergence between the German original and the English translation, the German version shall be the prevailing one.

4. Typeform

For the purpose of processing various queries and forms, we use a service called Typeform by TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform). This service makes it possible for us to provide you with a simple contact option and also to simplify queries.

For this purpose, we regularly pass the following personal information to Typeform: Your e-mail address; your first name; your last name

In addition, depending on the requirements associated with the query, it is possible that further personal data (for example, information pertaining to a person’s profession in the case of press accreditation forms) may be transmitted to Typeform. Mandatory information is marked with an “*”.

Typeform is the recipient of your personal data and carries out the processing of the data on our behalf. The processing of the data specified in this section is neither legally nor contractually prescribed. Without your consent and the transmission of your personal data, we will not be able to make a contact form available to you. However, you also have the option of contacting us using the e-mail address given above. Your data will be stored exclusively for the purpose of sending and responding to enquiries. In this case, the mandatory information is necessary to be able to properly allocate and respond to your enquiry.

In addition, Typeform uses cookies to collect the following personal data: information about your device, including IP address, device details, operating system, browser settings, etc. In addition, user data such as the time and date you used the contact form will also be collected. Typeform requires this data to ensure that the contact form is displayed correctly and to guarantee that it functions properly. This is in keeping with the legitimate interest of Typeform in accordance with Art. 6 (1) (f) GDPR and serves the purpose of carrying out the contract in accordance with Art. 6 (1) (b) GDPR. For more information, please visit: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data

For more information on your options for redress and the removal of your information in relation to Typeform, please visit: https://admin.typeform.com/to/dwk6gt

The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your personal data at any time by using the contact options provided. Your data will be processed for as long as you have given consent. When you withdraw your consent, it shall not affect the legality of the processing that has taken place thus far.

Your data will be deleted no later than 12 months after processing has been completed.

5. Issuu

On some sub-pages we use the external service Issuu to make print publications available in digital form. As part of this process, additional personal data is processed. The data categories processed in this case are the following: technical connection data for server access, including IP address, date, time, page accessed, browser information, as well as data used for creating usage statistics. The purpose of this processing is to deliver content made available by third parties as well as to transmit and display brochures and other information material.

The legal basis for the processing of your data in this case is your consent in accordance with Art. 6 (1) (a) GDPR.

Data transfer takes place: in joint responsibility to Issuu Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA, represented by Issuu ApS, Gasvaerksvej 16, DK 1656 Copenhagen, Denmark. This might also involve the transfer of personal data to a country outside the European Union. The transfer of data is carried out on the basis of your consent in accordance with Art. 6 (1) (a) in conjunction with Art. 49 (1) (a) GDPR. You will have been informed prior to giving your consent that the United States does not have a level of data protection on par with EU standards. In particular, US intelligence services will be able to access your data without you knowing it and without you being able to take any legal action against it.

6. Cloudflare

On our website we use a so-called Content Delivery Network (“CDN”) of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA (“Cloudflare”). The use of Cloudflare’s Content Delivery Network helps us to optimise the performance of our website.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient operation and improvement of the stability and functionality of our website.

We have concluded a data processing addendum with Cloudflare (available at www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf), which obliges Cloudflare to protect the data of our website visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Cloudflare relies on so-called standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information can be found in Cloudflare’s privacy policy at: www.cloudflare.com/privacypolicy/

7. Google Maps

When accessing some sub-services of our website, additional personal data is processed.

Processed data categories: technical connection data of server access (IP address, date, time, requested page, browser information) and data for the creation of usage statistics.

Purpose of processing: Delivery of content provided by third parties and display of interactive maps

The legal basis for the processing is a legitimate interest which overrides the rights and freedoms of the data subjects (Art. 6 (1) f GDPR). Legitimate interests in this context: Interest in a user-friendly presentation of content.

Data is transferred to the processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF).

8. External platforms

a) Jimdo (Web-Shop)

The sub-page for our web shop (https://shop.kulturprojekte.berlin) is provided by the external service provider Jimdo GmbH.

Provision of the online offer and web hosting
Our website is hosted by a dedicated website hosting provider that uses cloud-based servers located within the EU to provide a stable and secure hosting platform. Our website is distributed using a content delivery network provider with servers located all over the world to ensure a fast and safe delivery of our website.

Types of data processed: Usage data: e.g. web pages visited, access times, all entries made within our online offer or from websites; Communication data: e.g. browser type, operating system or IP addresses

Data subjects: Users (website visitors)

Purpose of processing: Provision of a stable and secure online offer that is easy to use

Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR)

Recipients or Categories of Recipients: Website hosting providers, SSL certificate providers, Content Delivery Network Providers

Data Transfer in Third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section “Transfer to third countries (Jimdo)” below.

Retention periods or criteria used to determine retention periods: 12 months.

Order process
The webshop (https://shop.kulturprojekte.berlin) enables you to purchase our publications. Personal data is collected for the purpose of the purchase and the obligations arising from the resulting purchase contract.

Types of data processed: Usage data (mandatory fields are marked with an asterisk *): First name*, last name*, company, street and house number*, address suffix, postal code*, city*, state/canton, telephone, e-mail*, VAT ID no., country*

Data protection subjects: Users (web shop customers)

Purpose of processing: Fulfillment of the purchase contract

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR)

Recipients or categories of recipients: Website hosting provider, transactional email provider, invoice provider, Kulturprojekte Berlin

Data transfer to third countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in the section “Transfer to third countries (Jimdo)” below.

Retention periods or criteria used to determine retention periods: 12 months.

Order Confirmations
When you order products in our shop on our website you will receive an order confirmation. To deliver these order confirmations we use a transactional email provider to ensure a quick and secure delivery.

Types of data processed: Usage data: name, address, email-address, shopping cart, invoice amount, currency and transaction number; Communication data: e.g. browser type, operating system or IP addresses

Data subjects: Users (web shop customers)

Purpose of processing: Sending of order confirmations to webshop users (customers)

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR)

Recipients or Categories of Recipients: Website hosting provider, transactional email provider

Data Transfer in third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section “Transfer to third countries (Jimdo)” below.

Retention periods or criteria used to determine retention periods: 12 months.

Payment Service Provider
We use external payment providers for the webshop on this website to offer our customers various payment options. The data processed will be disclosed solely for the purpose of processing the payment with the payment service provider and only to the extent necessary for this purpose. We do not store any credit card details ourselves.

Types of data processed: Usage data: name, address, account number, bank routing number, credit card number (if applicable), invoice amount, currency and transaction number; Communication data: e.g. IP addresses, browser type, operating system.

Data subjects: Users (web shop customers)

Purpose of processing: Offering of external payment providers for the webshop on this website to offer customers various payment options

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR)

Recipients or Categories of Recipients: Paypal, PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://stripe.com/de/privacy; website hosting provider, transactional email provider

Data Transfer in third Countries: Your personal data is processed within the EU.

Retention periods or criteria used to determine retention periods: 12 months.

Transfer to third Countries (Jimdo)
We ensure that your data is processed in the EU or in the European Economic Area. Should this no longer be possible and data needs to be transferred to a third country, Jimdo will ensure, after prior review, that an adequate level of data protection that meets the requirements of the Court of Justice of the European Union and the EU Commission is adhered to in the country the data is transferred to.

In these cases, the data is transferred on the basis of an Adequacy Decision of the European Commission or the Standard Contractual Clauses for the transmission of personal data to third countries in its currently valid version. These can be accessed here.

Data transmission to a third country may also take place on the basis of your consent. You will be provided with details of this separately, if applicable.

b) PamBill

Invoicing for the online shop (https://shop.kulturprojekte.berlin) is carried out using the PamBill tool provided by the external service provider PamConsult Software und Beratungsgesellschaft mbH. For this purpose, the personal data required for invoice generation are transferred to PamBill after a purchase in the online shop.

Types of data processed: Order data: e.g., billing name, billing address, shipping address, delivery terms, contact details; Payment data: e.g., payment method

Data subjects: Users (online shop customers)

Purpose of processing: Fulfillment of the purchase contract

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR)

Recipients or categories of recipients: PamConsult Software und Beratungsgesellschaft mbH

Data transfer to third countries: No data is transferred to a third country.

Retention periods or criteria for determining retention periods: 12 months.

* Please note: This is an English translation of the original German Datenschutzerklärung (data protection statement). It provides an overview of your data protection rights and the manner in which we process your personal data. This English translation is intended solely as a convenience to the non-German-reading public. If there is any divergence between the German original and the English translation, the German version shall be the prevailing one.