General Privacy Policy

l) Cookies

The website www.museen.koeln uses cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific Internet browser in which the cookie was stored.

Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functionality of this website may be restricted. For example, you cannot compile a personal watch list without cookies.

Back

The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions relating to data protection is:

City of Cologne
Mayor Torsten Burmester
Historic City Hall
50667 Cologne

Phone: +49 221 221-0
Fax: +49 221 221-22211

Secure contact form

Email to the city administration: stadtverwaltung@stadt-koeln.de

The data protection officer of the Cologne City Administration, which is responsible for processing, is:

City of Cologne
Data Protection Officer
Stadthaus Deutz – East Building
Willy-Brandt-Platz 2
50679 Cologne

Phone: +49 221 221-22457 or +49 221 221-24422

Email to the data protection officer: datenschutzbeauftragter@stadt-koeln.de

Any data subject can contact the official data protection officer directly at any time with any questions or suggestions regarding data protection.

Please address any complaints about the City of Cologne's handling of data protection matters to

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

P.O. Box 20 04 44
40102 Düsseldorf
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de

Due to legal requirements, the website www.museen.koeln contains information that enables quick electronic contact and direct communication with us, which also includes a general address for electronic mail (e-mail address).

If a data subject contacts us by email or via a contact form, the personal data transmitted by the data subject will be stored if necessary for the specific purpose. Such personal data transmitted to us on a voluntary basis by a data subject will be used for the purposes of processing or contacting the data subject.

The legal basis for this processing of your personal data is your consent in accordance with Article 6(1)(a) GDPR.

The website www.museen.koeln collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following may be collected:

• the browser types and versions used
• the operating system used by the accessing system
• the website from which an accessing system reaches our website (so-called referrer)
• the sub-websites that are accessed via an accessing system on our website
• the date and time of access to the website
• an Internet Protocol address (IP address)
• the Internet service provider of the accessing system
• other similar data and information that serves to avert danger in the event of attacks on our information technology systems

When using this general data and information, the City of Cologne does not draw any conclusions about the data subject. Rather, this information is needed in order to

• to deliver the content of our website correctly,
• to optimize the content of our website,
• to ensure the long-term functionality of our information technology systems and the technology of our website, and
• to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack.

This anonymously collected data and information is therefore evaluated by the City of Cologne for statistical purposes and with the aim of increasing data protection and data security in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

The legal basis for the temporary storage of the data is Article 6(1)(e) GDPR.

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation serves as the legal basis.

When processing personal data that is necessary for the performance of a contract, e.g. when booking an event to which the data subject is a party, Article 6(1)(b) of the EU General Data Protection Regulation serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which the City of Cologne is subject, Article 6(1)(c) of the EU General Data Protection Regulation serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the EU General Data Protection Regulation serves as the legal basis.

Where the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Article 6(1)(e) of the EU General Data Protection Regulation serves as the legal basis.

The service provider entrusted with the maintenance and operation of the website processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject. A data processing agreement (DPA) has been concluded with the service provider.

If the storage purpose no longer applies or if a storage period prescribed by the European Directive and Regulation Authority or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Application-specific deletion periods are described in the context of the respective specialist procedure.

We hereby inform you that the provision of personal data is in some cases required by law or may also arise from contractual provisions. If a contract is concluded between you and us (e.g., for ordering guided tours or registering for events), we collect and use the personal data required in the inquiry form only to the extent necessary for the establishment, execution, and amendment of the contract, as well as for follow-up questions (contract data). This contract data includes your name, address, contact details (telephone number/email address), age, type and scope of previous contact between you and us, and other data that you provide in order to use our services.

Your personal data processed in this context is used for a specific purpose, i.e., it is only used for the purpose for which it was collected. The personal data is anonymized after the ordered product has been invoiced and is only used for archiving or statistical purposes. It is deleted in the middle of the year following the date of transmission. This does not affect the statutory retention periods for invoicing, etc. A data processing agreement (DPA) has been concluded with the service provider responsible for maintaining and operating the booking system connected to the website.

Failure to provide personal data would mean that the contract with the data subject could not be concluded.

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

We expressly refer to your rights to information, correction, deletion, blocking, transferability, and objection with regard to the personal data collected. The legal basis for this is Articles 15 to 22 of the General Data Protection Regulation.

These rights may be restricted in accordance with Article 23 of the General Data Protection Regulation. In Sections 12-14 of the North Rhine-Westphalia Data Protection Act, the state legislature has made use of the option to restrict the rights of the data subject. If you exercise the above rights, the City of Cologne will check whether the legal requirements for this are met in each individual case.

a) Right to confirmation

Every data subject has the right granted by European directives and regulations to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact an employee of the controller at any time. 

b) Right to information

Every person affected by the processing of personal data has the right granted by the European legislator to obtain from the controller, free of charge, information about the personal data stored about them and a copy of this information at any time. Furthermore, the European legislator has granted the data subject the right to obtain the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data are not collected from the data subject: all available information on the source of the data
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the General Data Protection Regulation and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to obtain information about whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right to information, they may contact an employee of the controller at any time.

c) Right to rectification

Any person affected by the processing of personal data has the right, granted by European directives and regulations, to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary statement.

If a data subject wishes to exercise this right of rectification, they may contact an employee of the controller at any time.

d) Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right granted by European directives and regulations to request that the controller erase personal data concerning them without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

• The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
• The data subject withdraws their consent on which the processing was based in accordance with Article 6(1)(a) of the General Data Protection Regulation or Article 9(2)(a) of the General Data Protection Regulation, and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the General Data Protection Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the General Data Protection Regulation.
• The personal data has been processed unlawfully.
• The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the General Data Protection Regulation.

If one of the above reasons applies and a data subject wishes to request the erasure of personal data stored by the City of Cologne, they may contact an employee of the controller at any time. The City of Cologne employee will ensure that the erasure request is complied with immediately.

If the personal data has been made public by the City of Cologne and our company is obliged to delete the personal data as the controller in accordance with Article 17(1) of the General Data Protection Regulation, the City of Cologne shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform other controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to this personal data or copies or replications of this personal data, unless processing is necessary. The employee of the City of Cologne will take the necessary steps in each individual case.

e) Right to restriction of processing

Any person affected by the processing of personal data has the right granted by the European legislator to request the controller to restrict processing if one of the following conditions applies:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of use instead.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
• The data subject has objected to processing pursuant to Article 21(1) of the General Data Protection Regulation and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by the City of Cologne, they may contact an employee of the controller at any time. The City of Cologne employee will arrange for the restriction of processing. 

f) Right to data portability

Any person affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format.

She also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the General Data Protection Regulation or Article 9(2)(a) of the General Data Protection Regulation or on a contract pursuant to Article 6(1)(b) of the General Data Protection Regulation and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising their right to data portability pursuant to Article 20(1) of the General Data Protection Regulation, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

Pursuant to Art. 20 (3) sentence 2 of the General Data Protection Regulation, this right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

To assert their right to data portability, data subjects may contact an employee of the City of Cologne at any time.

g) Right to object

Any person affected by the processing of personal data has the right granted by the European legislator to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6(1)(e) or (f) of the General Data Protection Regulation. This also applies to profiling based on these provisions.

In the event of an objection, the City of Cologne will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

If the City of Cologne processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the City of Cologne processing their data for direct marketing purposes, the City of Cologne will no longer process the personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them carried out by the City of Cologne for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the General Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact any employee of the City of Cologne or another employee directly. The data subject is also free to exercise their right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

h) Automated individual decision-making, including profiling

Any person affected by the processing of personal data has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision

1. is not necessary for entering into, or performance of, a contract between the data subject and the controller, or
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
3. is based on the data subject's explicit consent.

If the decision

1. is necessary for entering into, or performance of, a contract between the data subject and the controller, or
2. is made with the explicit consent of the data subject,

the City of Cologne shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If the data subject wishes to assert rights in relation to automated decisions, they may contact an employee of the controller responsible for processing at any time.

i) Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right, granted by European directives and regulations, to withdraw their consent to the processing of personal data at any time.

If the person concerned wishes to exercise their right to withdraw consent, they can contact an employee of the controller at any time.

To book some public events from the calendar and our bookable offers, we use booking software that runs outside the system: as soon as you click on the “Book event” or “Book offer” button, you will be immediately redirected to a form in the booking system.

If a contract is concluded between you and us (e.g., for ordering guided tours or registering for events), we collect and use the personal data required in the inquiry form only to the extent necessary for the establishment, execution, and modification of the contract, as well as for follow-up questions (contract data).

This contract data includes your name, address, contact details (telephone number/email address), age, type and scope of previous contact between you and us, and other data that you provide in order to use our services.

Your personal data processed in this context is used for a specific purpose, i.e., it is only used for the purpose for which it was collected. The personal data will be anonymized after the ordered product has been invoiced and will only be used for archiving or statistical purposes. It will be deleted in the middle of the year following the date of transmission. This does not affect the statutory retention periods for invoicing, etc.

On the website www.museen.koeln, users are given the opportunity to subscribe to newsletters. All we need for this is the email address of those interested in the newsletter.

The Cologne Museum Service regularly informs its subscribers about museum events and educational programs via newsletters. Our newsletters can only be received by the persons concerned if

1.    they have a valid email address and

2.    they register to receive the newsletter.

For legal reasons, a confirmation email is sent to the email address entered by a data subject for the first time for the newsletter distribution using the double opt-in procedure. This confirmation email serves to verify that the owner of the email address has authorized the receipt of the newsletter as the data subject.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace any (possible) misuse of a data subject's email address at a later date and therefore serves to provide legal protection for the controller.

The email address collected when registering for the newsletter will be used exclusively for sending our newsletters. The email address collected as part of the newsletter service will not be passed on to third parties. The data subject can unsubscribe from our newsletter at any time. The consent to the storage of personal data that the data subject has given us for the purpose of sending the newsletter can be revoked at any time. For the purpose of revoking consent, a corresponding link is provided in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter at any time directly on our website or to inform us of this in another way.

The legal basis for this processing of your personal data is your consent in accordance with Article 6(1)(a) GDPR.

Newsletter tracking

Our newsletters contain tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails sent in HTML format to enable log file recording and analysis. This allows us to statistically evaluate the success or failure of our newsletter distribution. The embedded tracking pixel allows the City of Cologne to see if and when an email has been opened.

We store the data collected via the tracking pixels contained in the newsletters. We evaluate how many newsletters were opened and how often the links were clicked. Your IP address is not stored during this evaluation. It is also not possible to link your email address to the newsletter you opened and the links you clicked on.

The City of Cologne has no influence on the terms of use of individual social networks. We expressly point out that the operators of the social networks we use for communication store data outside Germany permanently and use it for business purposes. The extent to which and for how long the data is stored is not apparent to us. We therefore recommend that you carefully consider what personal data you make available to social networks. We treat your data with the utmost care, but accept no liability for the behavior of social network operators or third parties.

Social media offerings of the Museum Service Cologne

https://www.facebook.com/museenkoeln/

https://www.instagram.de/museen.koeln/

We use the YouTube player to play our videos. The player is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Before the videos can be started, you must give your consent to be redirected to the YouTube platform in the upstream redirect modal. This is a prerequisite for playing a video. This is a redirect to the video platform. No cookies are stored on the website.

The City of Cologne has no influence on YouTube's terms of use. We expressly point out that YouTube permanently stores data outside Germany and uses it for business purposes. The extent to which and for how long the data is stored is not apparent to us.

On this website, we use OpenStreetMap to locate museums in the city. The map material used does not provide a navigation function. For this purpose, we offer you the Google Maps service. Before you can use Google Maps, you must give your consent to be redirected to Google in the upstream redirect modal. This is a prerequisite for using the navigation function. This is a redirect to Google. No cookies are stored on the website.

Further information about Google Maps can be found in the provider's privacy policy. There you will also find further information about your rights in this regard and settings options for protecting your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

The City of Cologne has no influence on the terms of use of Google Maps. We expressly point out that Google stores data outside Germany permanently and uses it for business purposes. The extent to which and for how long the data is stored is not apparent to us.

Our websites use cookies to provide you with certain functions for easier use. We do not use cookies to collect, process, distribute, or store personal data under any circumstances.

If you do not want cookies to be stored on your device, you can change the privacy settings in your browser.

Please note, however, that although you can still use our website without cookies, some features may be less convenient.

The museen.koeln website uses the following cookies:

• When the page is first accessed: none
• After acceptance in the cookie banner: Cookie manager cookie: omCookieConsent
• If “Analytics” is accepted: Matomo: _pk_ref, _pk_cvar, _pk_id, _pk_ses

Our website uses Matomo, a web analytics service. Matomo uses “cookies,” which are text files stored on your computer that enable us to analyze how the website is used. For this purpose, the usage information generated by the cookie (including your abbreviated IP address) is transmitted to our server and stored for usage analysis purposes, which serves to optimize our website. Your IP address is immediately anonymized during this process, so that you remain anonymous to us as a user. The information generated by the cookie about your use of this website will not be disclosed to third parties.

You can prevent the use of cookies by adjusting your browser software settings accordingly, but in this case you may not be able to use all the functions of this website to their full extent. If you do not agree to the storage and evaluation of this data from your visit, you can object to the storage and use at any time by clicking below. In this case, a so-called opt-out cookie will be stored in your browser, which means that Matomo will not collect any session data.

Please note: If you delete your cookies, this will also delete the opt-out cookie and you may have to reactivate it.

Source: https://www.datenschutzbeauftragter-info.de/

We hereby object to the use of contact data published within the scope of the legal notice obligation for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.

The City of Cologne does not use automated decision-making or profiling.