Privacy Policy

We provide the following information regarding the handling of personal data of users of the website museumsagentur.de:

1. Data controller

The entity responsible for data collection, data processing, and data usage is the
Agentur für Internationale Museumskooperation gGmbH
Kantstraße 127
10625 Berlin, Germany
office@museumsagentur.de

You can find additional details about the data controller on the Imprint page.

2. Processed data, purposes, and legal basis of data processing

2.1 General use of the website

When you visit our website, we process certain data to enable your use of the website. The data processed in the context of using the website regularly includes your IP address, which is necessary to deliver the online content to your device.

Recipient: STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany

The legal basis for this use is our legitimate interest in pursuing the aforementioned purposes (Art. 6 para. 1 lit. f) GDPR). No personal data is stored permanently for the aforementioned purposes.

2.2 Collection of access data, log files

Data regarding accesses to our web server is stored in so-called ‘log files’. These log files can be analysed to ensure the secure and stable operation of the server, e.g. to detect and prevent abusive access. The log files contain the following information: address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful retrieval, browser type and version, the user’s operating system, and referrer URL (the previously visited web page).

Recipient: STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany

The legal basis for the use is our legitimate interest in pursuing the purposes mentioned (Art. 6 para. 1 lit. f) GDPR). The data is stored in the log files for 30 days and then deleted.

2.3 Contacting us

If you contact us by email, the data you provide will be processed to the extent necessary to respond to your enquiry and provide any follow-up action. The following categories of data may be affected: master data (e.g. name, address), contact details (e.g. email address, telephone number), content data (e.g. the text of the message).

Recipient of the data: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland 18 D18 P521 (Outlook). Data may be transferred from Microsoft to subcontractors in third countries. Microsoft has concluded standard contractual clauses with the respective recipients for these purposes, unless an adequate level of protection exists on the basis of a Commission decision. Further information can be found at: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

We respond to enquiries in the context of contractual or pre-contractual relationships in order to fulfil our (pre-)contractual obligations (Art. 6 para. 1 lit. b) GDPR) and otherwise on the basis of our legitimate interest in responding to enquiries. Your emails and data from your enquiries will be stored for as long as it is necessary to process your enquiry and then for an additional period of 3 years if you contact the website operator again with reference to your original enquiry.

2.4 Newsletter

You have the option of subscribing to our newsletter. We will inform you regularly about developments, offers, and events. The newsletter is sent by email.

For subscribing to our newsletter, we use the so-called ‘double opt-in procedure’. In other words, we will send you our newsletter only if you confirm that you are the owner of the specified means of communication by clicking on a link in an email sent to you after your registration. If you confirm the email address, we will store your email address or phone number when provided, the time of registration, and, if applicable, the IP address used for registration for verification purposes until you unsubscribe from the newsletter.

We use technologies in our newsletters with which the use of emails (opening and click rates, click maps, etc.) is recorded and used for the purpose of optimising and, if necessary, personalising our mailings. The following categories of personal data may be affected: consent data (name, email address, institution, IP address) and usage data (opened message, clicked links).

Recipient of the data: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany

We process your data on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Your data will be stored until you unsubscribe from the newsletter. You can unsubscribe from the newsletter at any time via the link in the footer of every email.

2.5 Web analysis with Matomo

We use Matomo to analyse the use of our website. This service is cookie-free and hosted on our own web space. We have configured Matomo so that all data collected is processed and stored anonymously. It is therefore not possible to draw conclusions about individual users or identify you personally.

Processing is based on our legitimate interest in the optimisation and technical operation of our website (Art. 6 para. 1 lit. f GDPR).

3. Processing of user data and storage of information (‘cookies’)

1. Why we use cookies (and similar technologies)

For the purposes mentioned above, we store information on your end device and access information stored on the end device. This is done with the help of cookies. We only use cookies that are necessary to provide you with our services (Section 25 (2) No. 2 TDDDG).

For web analysis, we use Matomo, which is cookie-free and hosted on our own web space. No cookies are set in the process.

2. What types of cookies we use

We use permanent and temporary cookies (‘session cookies’). Session cookies remain on your device only until you end your browser session. Persistent cookies remain stored on your device until they expire or are deleted.

4. General information on recipients

When we process your data, it may be necessary to transfer or disclose your data to other recipients. In the sections on processing above, we name the specific recipients as far as we can. If the recipients are located in a country outside the EU, we will indicate this separately under the individual points listed above.

In addition to these recipients, data may also be transferred to other categories of recipients. These may be internal recipients, such as persons within our company, but also external recipients. Possible recipients may include:

Our employees who are responsible for processing and storing the data and whose employment with us is governed by a confidentiality obligation.
Service providers who work for us as processors bound by instructions. These are primarily technical service providers whose services we use if we are unable to provide certain services ourselves or are unable to do so effectively.

5. General information on the storage periods

We generally process your personal data for the storage periods described in the applicable points above. However, data is often processed not just for one but for several purposes so that we may continue to process your data for another purpose even after the storage period has expired. The storage period specified for this purpose will then apply. As soon as the last storage period expires, we will delete your data immediately.

6. Automated decision-making and obligation to provide data

We do not use automated decision-making that has a legal effect on you or significantly affects you in a similar way.

7. The rights you have in relation to the personal data you provide to us

You have the following rights, provided that the legal requirements are met. To assert these rights, please contact us using the details provided above.

Art. 15 GDPR – Right to information of the data subject:
You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed and, where that is the case, what personal data is being processed and the details of the data processing.
Art. 16 GDPR – Right to rectification:
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Art. 17 GDPR – Right to erasure:
You have the right to demand that we delete personal data concerning you immediately.
Art. 18 GDPR – Right to restriction of processing:
You have the right to demand that we restrict processing.
Art. 20 GDPR – Right to data portability:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another controller without hindrance from us or to have the data transmitted directly to another controller where technically feasible.
Art. 77 GDPR in conjunction with Section 19 BDSG – Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law.

8. Right of objection and withdrawal of consent

Art. 21 GDPR – Right to object:
You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you which is necessary for the purposes of the legitimate interests pursued by us, for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You can raise an objection at any time with effect for the future via one of the contact addresses known to you.

Withdrawal of consent:
You can revoke your consent at any time with effect for the future via one of the contact addresses known to you.

9. Obligation to provide data

You are not contractually or legally obliged to provide us with personal data. However, without the data you provide, we are unable to offer our services to you.

10. Comments or questions

We take every possible precaution to protect and secure your data. We welcome your questions and comments on data protection. If you have any questions about how we collect, process, or use your personal data, or if you wish to access, correct, block, or delete your data or revoke any consents you have given, please contact us using the email or postal address provided above.

Last updated: June 2025

Let’s stay in touch!

*Required field

Your newsletter subscription could not be saved. Please try again.

Almost done!
There’s just one more step to complete to receive the latest news from the museum agency. We’ve sent you an email with a confirmation link. Please click on the link to complete your subscription. If you don’t see our email, please check your spam folder.

Would you like to learn more about the museum agency’s work? Are you curious about our current and upcoming collaborative projects, services, and events? Then sign up for our newsletter – we’d love to keep you in the loop!

Name

Email*

By clicking this box, I confirm that I have read and agree to the privacy policy.