of the German Oceanographic Museum Foundation
represented by the Board of Directors: Dr Harald Benke, Andreas Tanschus
(As of: 6th April 2021)
The responsible entity for the processing of personal data is the German Oceanographic Museum Foundation
For your protection and rapid traceability of possible chains of infection with the novel Covid 19 virus ("Corona"), we are documenting your presence at our sites. For this purpose, you can use the luca app, which you can purchase free of charge for your mobile device. We would like to use this letter to inform you about how we handle your data and what rights you have in relation to data processing.
We collect your personal data for the purpose of contact tracing in the sense of infection protection (§ 28 a para. 1, 4 IfSG), among others by means of the luca app of the provider culture4life GmbH, Charlottenstraße 59, 10117 Berlin. Further information on the provider can be found at www.luca-app.de/app-privacy-policy
With the above-mentioned data processing, we contribute to the health protection of the population and base the contact tracing on the legal requirements according to the Corona State Ordinance Mecklenburg-Western Pomerania in the currently valid version, orders of the competent health authority and our legitimate interest according to Art. 6 para. 1 lit f. GDPR to protect our visitors and employees from the risk of infection.
The data processing includes the following categories of data:
Name, first name, full address, telephone number, date and time of visit, location.
This data is stored pseudonymously using the luca app. Decryption of the collected data is only possible by the competent health authority after release by the responsible person.
Your use of the luca app is voluntary. Alternatively, you have the option of leaving the data in writing.Therefore, if you do not provide us with your contact details using the luca app or by using another method, we may have to exclude you from visiting or using our premises.
Duration of data storage
The data is stored for four weeks by us or encrypted and pseudonymised in the app on your device and by the service provider and then deleted. Data is only stored beyond this period if it is required by law to be forwarded to the local health authority.
Recipients or categories of recipients of personal data
At the request of the health authority, the personal data collected will be decoded and forwarded in accordance with the Corona/COVID-19 infection control regulations.
As a data subject, you have various rights under the General Data Protection Regulation.
- Right to information about the data we hold about you (Art. 15 GDPR)
- Right to have inaccurate data corrected (Art. 16 GDPR)
- Right to have data deleted if there is no legal basis for further storage (Art. 17 GDPR)
- Right to restrict the processing of data to specific purposes (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR) and
- Right to object to the processing of your data (Art. 21 GDPR).
If the processing of your data is based on consent, then you have the right to revoke the consent you have given at any time. The lawfulness of the processing carried out on the basis of the consent given until the revocation is not affected by the revocation. The obligation to notify is not affected by this once the test result is available.
In addition, according to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations. The supervisory authority responsible for us is:The State Commissioner for Data Protection and Freedom of Information of Mecklenburg-Western Pomerania
Schwerin Castle, Lennéstraße 1, 19053 Schwerin, Germany
Finally, you have the right to contact our data protection officer at any time, if one has been appointed. The data protection officer is bound to secrecy with regard to your enquiry as far as the processing of your data is concerned. You can contact our data protection officer using the contact details provided.
Insofar as video surveillance systems are installed in the buildings of the locations, these serve to protect collection property and, in the cashier areas, to protect against robbery or to clarify differences in cash payment transactions due to our legitimate interest in protecting the property and health of our employees and customers. In individual cases, the video recording data may also be used to pursue the legal interests of third parties. The director decides on the use of the recording data in individual cases, if necessary in consultation with the works council and the data protection officer. Data that is not required will be deleted immediately.
In principle, you can purchase tickets anonymously by paying cash during our opening hours. If you are entitled to a discount, it may be necessary for you to present certificates or IDs to prove your eligibility. These are used by us solely to check eligibility when issuing tickets. The tickets issued contain an admission control barcode which does not contain any personal data.
If you purchase tickets as a member of a travel or student group, we collect personal data of the respective ticket purchasers only as part of the ordering and payment process.
Online ticket sales
The German Oceanographic Museum Foundation offers you the possibility to order tickets online, which will be sent to you by e-mail immediately after payment. This is done via the service deutsches-meeresmuseum.ticketfritz.de of our service provider Beckerbillett GmbH, Fangdieckstraße 61, 22547 Hamburg. The payment data will be transmitted directly and exclusively to your payment service provider. Neither we nor our commissioned service provider have access to your data during this process. This enables you to order and pay for tickets anonymously. The German Oceanographic Museum Foundation has access to your first and last name, e-mail address and payment method via the payment provider solely for the purpose of allocating the payment transactions for accounting purposes. Your e-mail address is required for the order process, to which the admission ticket is sent electronically. For the prevention and prosecution of fraudulent acts at your expense, we will store this e-mail address for a further three months after your account has been debited and the admission ticket has been used for admission to our premises. We will only combine the card identification and the e-mail address for this purpose and will only use this data in the event of suspected fraud to clarify and, if necessary, legally pursue our interests.
GetYourGuide and Tiqets
Insofar as you have purchased your ticket via other providers (intermediaries), a contractual relationship concerning the procurement of the ticket is established between you and the intermediary, who is responsible for the processing of your data. This also applies in the case of support requests. Please inform yourself about the data processing there.
We work with the following intermediaries:
Tiqets/Tiqets International B.V., James Wattstraat 100, 1097 DM Amsterdam, The Netherlands
GetYourGuide/GetYourGuide Deutschland GmbH, Sonnenburger Strasse 73, 10437 Berlin, Germany
To the extent necessary to clarify access authorisation, we collect your data from the intermediaries on the basis of Art. 6 (1) b GDPR for the purpose of fulfilling the contract between you and us concerning access to the museum.
Vouchers and Annual Passes
You can order vouchers and annual tickets from us using an online form. In this case, your personal data will be processed by the German Oceanographic Museum Foundation to create, invoice and send the ordered vouchers/annual tickets on the basis of a contract in accordance with Art. 6 (1) b GDPR. For this purpose, we require the number and desired locations for the tickets, your name and address for invoicing and sending the tickets, e-mail address for sending the order confirmation and for clarifying questions in the ordering process. If you have any further questions or comments, you can use the comments field or leave a telephone number. After placing your order, you will receive an electronic payment request with a voucher number. The voucher will be sent within 10 days after receipt of the invoice amount plus a service fee.
In the context of the implementation of programmes, guided tours or other events, personal data of the contact persons at the customer's premises and, if applicable, of the legal guardians of participating children are collected exclusively for the fulfilment of the contractual agreements with the customer in accordance with Art. 6 (1) f GDPR and used for agreements and organisational issues and, if applicable, forwarded to contractual partners (e.g. honorary staff, harbour tour provider).
Every time an information offer is used on the Internet, data is collected by the requested computer, which serves the technical processing of the request, but also allows conclusions to be drawn about the requesting computer. We store this data exclusively for the technically necessary duration of the connection. As our information offer is free of charge, no user or connection data is stored beyond this, unless we expressly point this out. This data protection declaration applies to the websites:
For the protection of our underage interested parties, the website www.kindermeer.de is free of any forwarding of personal data to third parties and cookies. Data is only processed for the purpose of technical operation and security of the internet presentation.
Insofar as we integrate services of providers from the USA, we request your consent pursuant to Art. 49 GDPR to the transfer of your data outside the European Union to companies that do not offer an adequate level of data protection. This creates the risk that your data will be transferred to third parties without granting you the rights mentioned below. If you do not give this consent – which you can revoke at any time – we can no longer offer you the use of these services.
The German Oceanographic Museum Foundation uses the social login ("Facebook Plugins") of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), which connects this website to the Facebook social network. By activating the Facebook plugins, your browser establishes a direct connection with the Facebook servers. The content of the Facebook plugin is transmitted by Facebook directly to your browser. At the same time, certain data is transmitted from your browser to Facebook. This happens regardless of whether you click on the Facebook plugin or not. We have no influence on the scope of the data that Facebook collects in this way. According to our current knowledge, this is the following data:
- the page visited on our website that contains the Facebook plugin,
- the general data transmitted by your browser (IP address, browser type and version, operating system, time),
- for registered and logged-in Facebook users, the respective Facebook identification number.
Insofar as we integrate services of providers from the USA, we request your consent pursuant to Art. 49 GDPR to the transfer of your data outside the European Union to companies that do not offer an adequate level of data protection. This creates the risk that your data will be transferred to third parties without granting you the rights mentioned below. If you do not give this consent – which you can revoke at any time – we will no longer be able to offer you the use of these services.
We use the Instagram service, a Facebook product provided by Facebook Ireland Limited.
As the operator of this Instagram page, we are, together with the provider of the social network Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland), the controller within the meaning of Art. 4 No. 7 GDPR.
Insofar as you interact within the framework of Instagram or Facebook, Facebook naturally also has access to your data. In particular, it is possible that Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA, has access to your data. Due to national laws, Facebook may be forced to hand over communication data to national security authorities, without this handover being able to be examined for its legality in an independent judicial procedure at the request of the data subject. We ourselves do not hand over any personal data.
From the agreements with Facebook on joint responsibility, it follows that requests for information and the assertion of further data subject rights are asserted directly with Facebook. As the provider of the social network Instagram, Facebook alone has direct access and the necessary information to process your questions and requests. Facebook can also immediately take any necessary measures and provide information. Should our support nevertheless be required, you can contact us at any time.
Insofar as we integrate services from providers in the USA, we ask you for your consent in accordance with Art. 49 GDPR to the transfer of your data outside the European Union to companies that do not offer an adequate level of data protection. If you do not give this consent – which you can revoke at any time – we will no longer be able to offer you the use of these services.
To connect to Twitter, the German Oceanographic Museum Foundation uses the Tweet button of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter").
By activating the Tweet button, your browser establishes a direct connection with Twitter's servers. The content of the plugin is transmitted by Twitter directly to your browser. At the same time, certain data is transmitted from your browser to Twitter. This happens regardless of whether you click on the Tweet button or not. We have no influence on the scope of the data that Twitter collects in this way. According to our current knowledge, this involves the following data, in particular for the display of the Tweet button:
- page visited on our website that contains the button,
- the general data transmitted by your browser (IP address, browser type and version, operating system, time).
The Tweet button can also be hidden by browser add-ons so that no data collection by Twitter takes place.
Insofar as we integrate services from providers in the USA, we ask you for your consent in accordance with Art. 49 GDPR to the transfer of your data outside the European Union to companies that do not offer an adequate level of data protection. If you do not give this consent – which you can revoke at any time – we can no longer offer you the use of these services.
This website contains plugins from YouTube LLC, part of Google Inc, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube"). As soon as you visit a page of our website that is equipped with a YouTube plugin, a connection to the YouTube servers is established. In the process, the YouTube server is informed which particular page of our website you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this possibility of association by logging out of your account beforehand. Further information on the collection and use of your data by YouTube can be found here: https://policies.google.com/privacy?hl=de&gl=de.
To display social media content on our website, we use the service Flockler, Flockler Oy Rautatienkatu 26B 32, 33100, Tampere Finland, which aggregates relevant social media channels and displays them on our website.
By interacting with the respective content, the connection to Flockler's servers is established. In addition, Flockler obtains your IP address. This also applies if you are not logged in to the respective social media provider or do not have an account with them.
The websites you visit are linked to your social media account and made known to other users. In the process, data is also transferred to the social media provider.
You have the possibility to register for the newsletter of the German Oceanographic Museum Foundation via our website. To send it to you, we need your surname, first name and e-mail address. You will only receive our newsletter after successfully completing a double opt-in procedure. You can view your declaration of consent or unsubscribe from the newsletter at any time. Corresponding links are implemented in every e-mail accompanying our newsletter. In the event of unsubscription, we will immediately delete your contact details from our newsletter recipient list. The legislator imposes certain requirements on the effectiveness of electronic consent as it is used for newsletter registration. This also includes logging your declaration of consent. We therefore log the date and time of consent, the text of the declaration of consent, whether the checkbox was selected, your e-mail address, your surname and first name. We also log the date and time of the click on the confirmation link as well as the link in the confirmation email. We collect and store this information solely to comply with the legal requirements for electronic consent.
We use the podcast hosting service www.podcaster.de of the provider Fabio Bacigalupo, Ramlerstraße 5A, 13355 Berlin, Germany.
The podcasts are loaded by Podcaster or transmitted via Podcaster. Podcast directory www.podcast.de.
You have the opportunity to support the scientific work of the German Oceanographic Museum Foundation and to report sightings of marine mammals in the Baltic Sea as well as dead finds on the coast of Mecklenburg-Western Pomerania.
We use the personal data collected in the online survey form on the basis of your consent to the extent explained there for the provision of sighting information on the internet and for contacting our scientists in case of enquiries about the reports.
An app is also available for download for this purpose. With the OstSeeTiere app, you can easily and conveniently report sightings and deaths of marine mammals in the Baltic Sea, such as harbour porpoises, grey seals, harbour seals and ringed seals, using your smartphone or tablet PC.
Please note the data protection information of the platforms.
Within the framework of our website Schweinswalsichtung.de, interactive maps of the map service "Google Maps API" of Google LLC are used.
The operating company is Google LLC; 1600 Amphitheatre Parkway; Mountain View, CA 94043; USA. When using this service, information about the use of the source website, as well as your IP address, is transmitted to servers of Google LLC. in the USA and stored. In its ruling of 16.07.2020, the European Court of Justice declared the international transfer of personal data to the USA based on the EU-US Privacy Shield and the standard contractual clauses to be invalid. This means that data transfers to the USA are no longer permitted. Currently, the providers are revising their data protection regulations and the European supervisory authorities are examining the implementation of new contractual standards. Until then, the transfer of data is based on the exceptions according to Art 49 GDPR. Furthermore, we are examining the change to components of EU-based providers, the use of standard contractual clauses with the inclusion of corresponding supplements. For the time being, however, we would like to point out that the US security laws, which conflict with EU data protection law, are applicable to all data transfers from the EU to the US and thus the level of protection in the US as a whole cannot be considered equivalent to the level of protection prevailing in the EU.
If you do not wish the data to be transmitted, the map service can be deactivated and thus the transmission of data to Google LLC can be avoided. To do this, you must deactivate the Java Script in the browser.
Via our contact form, we collect your name, e-mail address and, if applicable, your telephone number. Your information is provided on a voluntary basis. The transmission of the contact form is encrypted.
If the German Oceanographic Museum Foundation has vacancies for external applicants, they will be advertised on our website. Application documents can be submitted to us by e-mail or post.
We collect your personal data as listed below in principle in direct contact with you. In addition, and to the extent necessary for the assessment of your application, we may process data permissibly received from other offices or from other third parties or publicly accessible sources for the following purposes:
We process your data if this is necessary for the implementation of a pre-contractual measure pursuant to Art. 6 (1) b GDPR, Art. 88 GDPR in conjunction with. § 10 of the M-V Data Protection Act.
This concerns the following pre-contractual purposes:
- Review and assessment of your suitability for the vacancy,
- performance and behavioural assessment to the extent permitted by law,
- if necessary, drawing up the employment contract,
- cost recording and controlling,
- contract-related communication (including appointments) with you.
In this context, we process the data that you yourself provide to us in your letter of application. In order to assess suitability for the vacant position, we regularly process: title / gender, address data, personal data, home address, professional activities, current job, nationality, professional qualification, professional experience, start/end of employment, professional development, parental status, date of birth.
The data is necessary for the proper conduct of the selection procedure. If you do not provide us with the information, we may not be able to consider your application. There is no legal obligation to provide the data.
We process your data if you have given us consent pursuant to Art. 6 (1) a GDPR or pursuant to Art. 9 (2) a GDPR.
You can give consent for:
- Obtaining references from previous employers, trainers, academics.
- Consent to the longer storage of your application in an applicant pool for subsequent vacancies if the application process was unsuccessful
- Use of online tools for videoconferencing, even if the service providers are located outside the European Union or the EEA.
We may obtain your consent to data processing separately. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If applicable, the data processing is carried out in our legitimate interest according to Art. 6 Para. 1 lit. f GDPR.
Our legitimate interest for processing data is:
- Fraud prevention;
- Measures to ensure and improve the security of IT systems;
- Measures to protect our business from unlawful acts;
- Enforcement of claims for damages;
- Assertion of legal claims and defence in the event of legal disputes - if necessary, forwarding to legal representatives working for us
Duration of data storage
The personal data collected by us will be stored in accordance with our deletion concept until the expiry of the legal obligation to retain the data and then deleted, in particular if there is an obligation to store the data for a longer period of time in accordance with Article 6 para. 1 sentence 1 lit. c GDPR due to obligations to retain and document data under tax and commercial law (from the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO)) or professional regulations or if you have consented to storage beyond this in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.
Subject to such retention obligations, data will be deleted when the purpose for which it was collected has ceased to exist. In the case of applications that we have not considered, this usually happens six months after the end of the selection process.
To the extent permitted by law, data will also be stored for longer if this is necessary for the assertion of or defence against legal claims.
Recipients or categories of recipients of the personal data
The data collected by us will also be forwarded to third parties, if necessary for a specific purpose, in compliance with the statutory provisions. Possible recipients are:
- Management Board
- Head of Department
- Works/staff council
- Insurance company
- Own legal representatives
- External order processors (for example IT service providers)
A transfer of your personal data to a third country does not take place and is not intended, unless you have given us your express consent to do so.
You have the following rights based on the processing of your personal data:
- the right to information according to Art. 15 GDPR
- the right to rectification according to Art. 16 GDPR
- the right to erasure according to Art. 17 GDPR
- the right to restriction of the processing of personal data according to Art. 18 GDPR
- the right to data portability according to Art. 20 GDPR and
- the right to object to the processing of personal data pursuant to Art. 21 GDPR.
In addition, there is a right of appeal to a data protection authority in accordance with Article 77 of the GDPR. The complaint can be lodged with the data protection authority of the country in which you reside or work or in which the alleged infringement occurred. If the data protection authority of another member state is competent for the body you are complaining about, the national data protection authority will coordinate with the other data protection authority. You can find an overview here:
The supervisory authority responsible for us is
The State Commissioner for Data Protection and Freedom of Information Mecklenburg-Western Pomerania
Telephone: +49 385 59494 0
Fax: +49 385 59494 58
You can find detailed information here:
Rights for citizens | European Commission (europa.eu)
and the text of the law in all official languages of the EU:
EUR-Lex - 32016R0679 - EN - EUR-Lex (europa.eu)
You can reach our data protection commissioner as follows:
ECOVIS Keller Rechtsanwälte PartG mbB
Attorney Axel Keller/Senior Associate Karsten Neumann
Am Campus 1 – 11, 18182 Rostock-Bentwisch
Telephone.: +49 381 649210
You have the right to contact our data protection commissioner at any time, free of charge and confidentially if you wish, to support you in enforcing your data protection rights.