This page is to inform you about data protection rules that apply when kulturpass.de is visited by non-registered users. There are additional provisions pertaining to the registration and use of kulturpass.de and the KulturPass app as a registered user as well as for cultural providers. These provisions can be found here:
Version: 16 October 23
The Beauftragte der Bundesregierung für Kultur und Medien [German Federal Government Commissioner for Culture and the Media] (“BKM”) takes the protection of your data very seriously. For this reason, we have taken measures to ensure that the applicable data protection laws are duly observed both by us and by our external service providers.
Personal data means all information which refers to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier.
1. Controller for the data processing
The responsible entity in respect of data collection, processing and use in connection with the use of our website is
Beauftragte der Bundesregierung für Kultur und Medien (BKM)
Köthener Straße 2
The realisation of the KulturPass project is carried out in cooperation with
Stiftung Digitale Chancen
Vorstandsvorsitzende Frau Jutta Croll
which processes personal data strictly according to instructions received and the purpose set out by the BKM.
2. Data Protection Officer
The Data Protection Officer is:
Beauftragte(r) der Bundesregierung für Kultur und Medien
Graurheindorfer Straße 198
Telefon 0228 99 681 13655
Fax: 0228 99 681 513655
3. Data processing when the website is visited
Every time someone visits our website, we automatically process the following information, that is stored temporarily in a logfile:
- Name of the web page visited/file retrieved
- Date and time the page is viewed
- Report of successful retrieval
- The IP address, anonymised through means of abbreviation, of the computer or other end device used to visit the page (e.g. tablet PC or smartphone)
- browser type, browser version, browser language and the operating system used.
Logfiles are deleted after 14 days. The legal basis for the processing is Article 6(1), first subparagraph, point (e) GDPR in conjunction with Section 3 BDSG [German Federal Data Protection Act].
If you use the website at kulturpass.de as a general visitor, we only use technically necessary cookies to collect the information as to whether you have consented to or rejected statistical analysis via Matomo (see Section 5 below). The legal basis for this is Article 6(1) first subparagraph, point (e) of the GDPR in conjunction with Section 3 BDSG. Information on cookies used in relation to the use of kulturpass.de as a registered user or as a provider can be found in additional privacy policies.
Cookies are used when people use the KulturPass website https://storefront.prod.kulturpass.de/. Cookies are small text files which are stored locally on the user’s end device (e.g. PC, smartphone, tablet). You can prevent cookies being stored by adjusting your browser settings accordingly. Moreover, you can delete stored cookies via your browser. Preventing or deleting cookies may, in some circumstances, render the use of certain functions of the website impossible or inconvenient.
5. Statistics via Matomo
Matomo is only used if you have given consent (Article 6(1) first subparagraph, point (a) GDPR). When you visit our website for the first time, a banner is displayed containing options regarding consent to the activation of Matomo. Any consent granted can be withdrawn via the link in the footer area of the website or here, with effect for the future: Consent settings. After clicking on the link, you can withdraw your consent by clicking on “Deny”.
The information as to whether you have consented to the use of Matomo or not is stored on your end device using a cookie. The legal basis for this is Article 6(1) first subparagraph, point (e) of the GDPR in conjunction with Section 3 BDSG.
6. Friendly Captcha in connection with contact forms
To prevent misuse of our contact forms by so-called bots, we use the data protection-friendly tool Friendly Captcha, which is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. To ensure that the form is used by a human instead of a bot, the tool sends a task (“puzzle”) to the end device, that is then solved automatically by the device in the background. The IP address is anonymised via a one-way hashing process and deleted afterwards. The following data is also processed:
- the request header data (browser, operating system, origin/referrer)
- the puzzle itself, which contains information about the account and the website key to which the puzzle relates, and the submitted solution
- the version of the embedded Friendly Captcha Widget
- a time stamp
- number of requests for a hash value (counter)
The retrieval of this data is necessary in order to provide a contact form and to eliminate abuse by bots as far as possible. The processing of personal data is carried out on the basis of Article 6(1), first subparagraph, point (e) GDPR, Section 3 BDSG.
7. Processing requests (helpdesk)
If you have any questions, suggestions, requests or problems, you can contact us via the contact form on the website or by email. When you use the contact form, we will ask for your name and email address. The personal data provided by you will be processed by us in order to deal with your enquiry. We use Friendly Captcha in connection with the online form (see “Friendly Captcha in connection with contact forms” above).
To this end, we use a ticket system, provided by Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany, on the basis of a third-party processing agreement, to record and process enquiries received via the contact form or email. Tickets are generated for each individual enquiry and the subsequent communication is stored under that ticket for the purposes of dealing with the enquiry. This allows us to respond to and deal with enquiries as quickly and efficiently as possible. The personal data collected in connection with the use of the contact form will be deleted when its storage is no longer necessary or, to the extent legal obligations to retain records exist, its processing is limited, unless further processing is required or allowed by law.
The processing of personal data when you contact us is undertaken primarily on the basis of Article 6(1), first subparagraph, point (e) GDPR, Section 3 BDSG. The processing of the provided data could, however, also, depending on the content of your message, be or become allowed or required on other legal bases, such as Article 6(1), first subparagraph, point (c) GDPR, Article 6(1), first subparagraph, point (b) GDPR (performance of a contract or taking steps prior to entering into a contract) or Section 24(1) no. 1 BDSG (assertion of/defence against civil law claims).
8. Registering for webinars
We offer webinars from time to time for which you can register. The webinars are held using the video conferencing system BigBlueButton, that is hosted for us on servers of werk21 GmbH, Krausnickstraße 3, 10115 Berlin on the basis of a third-party processing contract.
Participation in webinars requires prior registration, including the provision of an email address to which we will send a link to the webinar after registration is complete. This data processing as well as the further processing of your personal data to enable participation in the webinar is based on Article 6(1), first subparagraph, point (b) GDPR and additionally on Article 6(1), first subparagraph, point (e) GDPR, Section 3 BDSG. Your email address will be deleted immediately, on the day after the webinar for which you have registered has taken place.
9. Application to be a KulturPass Ambassador
You can submit an application to be a KulturPass Ambassador via the KulturPass website. Details about this program can also be found on the website. If you wish to apply, please complete the online form provided and click “Send”. We use Friendly Captcha in connection with the online form (see “Friendly Captcha in connection with contact forms” above).
10. Categories of recipients of personal data
10.1. Stiftung Digitale Chancen
The technical realisation of the KulturPass project of the BKM and the administrative implementation is carried out in cooperation with
Stiftung Digitale Chancen
Chairwoman of the Board, Ms Jutta Croll
The Stiftung Digitale Chancen collects and processes personal data strictly in accordance with the intended purpose and according to the instructions of the BKM.
10.2. Technical service providers
We use technical service providers for the technical realisation and maintenance of the KulturPass project who might have access to personal data within the scope of their work. This includes, in particular, web/server hosting providers, system administrators and other IT service providers. These service providers, with whom third-party data processing agreements are concluded, are chosen with great care and subject to obligations to meet all qualifications under data protection law. The service providers process the data exclusively according to our instructions and are contractually obliged to comply with all data protection law requirements.
11. Rights of the Data Subject
You have the right to request confirmation from us as to whether we are processing personal data relating to you, unless that right is excluded by law (in particular Section 34 BDSG). If you are entitled to this right, you also have a right to information regarding this personal data to the extent stipulated under the law (Article 15 GDPR in conjunction with Section 34 BDSG). You also have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate safeguards set out in Article 46 GDPR in connection with the transfer.
You also have the right to request that inaccurate personal data concerning you be rectified and where applicable – taking into account the purposes of the processing – incomplete personal data be completed, including by means of providing a supplementary statement (Article 16 GDPR).
Moreover, in the cases described in Article 17(1), points (a) to (f) GDPR, you have a right to request that personal data be erased, provided no exception under Article 17(3) GDPR applies, as well as a right to restriction of processing in the cases described in Article 18(1) GDPR.
There is also a right to have data portability ensured in the cases laid out in Article 20(1) GDPR.
You can contact our data protection officer (see Section 2) at any time and consult him/her on any data protection law issues relating to the use of our services.
You have the right to lodge a complaint with the competent supervisory authority, if you are of the opinion that the processing of personal data relating to you infringes the GDPR. The competent supervisory authority is the
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit [German Federal Commissioner for Data Protection and Freedom of Information] (BfDI)
Graurheindorfer Str. 153
Telephone: +49 (0)228 997799-0
11.7 Right to object
To the extent the processing of data is based on Article 6(1), first subparagraph, point (e) GDPR, you have the right to lodge an objection at any time, for reasons related to your particular situation, to the processing of personal data concerning you. We will then no longer process the respective personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise, or defence of legal claims.
12.1 Automated decision-making and profiling
No automated decision-making or profiling takes place.
12.2 No obligation to provide personal data
There is no statutory or contractual obligation to provide us with personal data for you to be able to visit our website.