Controller in terms of the General Data Protection Regulation, other data protection laws applying to the Member States of the European Union and other provisions of a data protection nature is: 
 
Museen der Hasso Plattner Foundation gGmbH
Museum Barberini  
Alter Markt 3
14467 Potsdam 
info@museum-barberini.de 
Fon +49 331 236014-399 
 

You can reach our operational data protection officer at 
 
Museen der Hasso Plattner Foundation gGmbH
Museum Barberini  
Alter Markt 3
14467 Potsdam 
datenschutz@museen-plattner.de​ 
 

Responsible data protection authorities 
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht 
(The State Representative for Data Protection and Inspection of Records) 
 

Stahnsdorfer Damm 77 
14532 Kleinmachnow 
Fon: +49 33203 356-0 
Fax: +49 33203 356-49 
E-mail: Poststelle@LDA.Brandenburg.de 
 
 

Each data subject may contact our data protection agent directly at any time with all questions and suggestions on the topic of data protection.

The data privacy notice of Museen der Hasso Plattner Foundation gGmbH, Museum Barberini is based on the terminology used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our data privacy notice should be easy to read and understand for the general public as well as for our customers and business partners. In order to ensure this is the case, we would like to explain the terminology used in advance. 
 
We use the following terms, inter alia, in this data privacy notice: 
 
a) Personal data 
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 
 
b) Data subject 
Data subject is every identified or identifiable natural person whose personal data are processed by the controller. 
 
c) Processing 
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 
 
d) Restriction of processing 
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future. 
 
e) Pseudonymisation 
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. 
 
f) Controller or person responsible for controlling 
Controller or person responsible for controlling means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 
 
g) Processor 
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 
 
h) Recipient 
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. 
 
i) Third party 
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. 
 
j) Consent 
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by another clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

We process any personal data received from our customers within the scope of the business relationship/services. 
Relevant personal data in the processing of interested parties when setting up the master data may be: 

• Personal master data (salutation, title, name, address and other contact data, date of birth, nationality) 

When concluding the contract and using products/services in the product categories listed in the following, other personal data in addition to the previously cited data may be collected, processed and stored. These essentially comprise:

• Account and payment transactions: Order data (e.g. payment order), data arising from the fulfilment of our contractual obligations (e.g. payment transaction data), 
• Customer contact information: Other personal data, e.g. information on contact channel, date, occasion and result, (electronic) copies of correspondence are created within the scope of the business initiation process and during the business relationship, in particular via personal, telephonic or written contacts, whether initiated by yourself or Museen der Hasso Plattner Foundation gGmbH, Museum Barberini. In the event of our vehicle parking service for people with parking permits for the disabled being used, we temporarily store the licence plate of the vehicle authorised entrance. 

We process personal data in line with the provisions of the EU General Data Protection Regulation (GDPR) and the German Data Protection Act (Bundesdatenschutzgesetz; BDSG) 
 
a) To fulfil contractual obligations (point (b) Article 6(1) GDPR)  
The data are processed to conduct business and render services (e.g. implementation of ordering processes) pursuant to our contracts with our customers, which ensue on request. The purposes of data processing are primarily aimed at the tangible product. Further details on the purpose of data processing may be found in the individual contract documents and terms and conditions of business. 
 
b) Within the scope of the balancing of interests (point (f) Article 6(1) GDPR)  
Where required, we process your data above and beyond the actual fulfilment of the contract to safeguard the legitimate interests of ourselves or third parties. This may, for example, include: 

• Guarantee of the museum’s IT security and IT operation, 
• Prevention/resolution of criminal offences, 
• Measures for building and installation safety, 
• Measures for ensuring domiciliary rights (e.g. video surveillance), 
• Measures for business management and further development of services and products 
• Marketing purposes (e.g. advertising or market and opinion research) or 
• Assertion of legal claims and defence in legal disputes 

 
c) Based on your consent (point (a) Article 6(1) GDPR) 
Should you have given us your consent to process personal data for specific purposes (e.g. data transmission, data analysis for marketing purposes, photo ID within the scope of events, newsletter dispatch), the legality of such processing is secured by your consent. You may revoke your consent at any time. This also applies to declarations of consent given to us prior to the GDPR coming into force, i.e. prior to 25 May 2018. The revocation of consent applies only to the future and does not affect the legality of the data processed prior to the revocation. 
 
d) Based on legal requirements (point (c) Article 6(1) GDPR) or in the public interest (point (e) Article 6(1) GDPR) 
As a service provider, we are subject to various legal obligations, i.e. statutory requirements (e.g. commercial or fiscal law). 

The people in Museen der Hasso Plattner Foundation gGmbH, Museum Barberini who receive access to your data are those requiring access to the latter to fulfil our contractual and statutory obligations. Our commissioned service providers and vicarious agents may also receive data for such purposes, should this in particular safeguard data protection. The latter are companies in the categories of payment performances, IT services, logistics, print services, telecommunications, collection agencies, consultancy as well as distribution and marketing. 

With respect to data transmission to recipients outside Museen der Hasso Plattner Foundation gGmbH, Museum Barberini, it should initially be noted that we ourselves maintain secrecy regarding all customer-related facts and evaluations of which we become aware. In principle, we may only ever transmit information on our customers when required by statutory provisions, when the customer has given consent or we are authorised to disseminate. Subject to such prerequisites, recipients of personal data may be, e.g.: 

• Public bodies and institutions (e.g. financial authorities or law enforcement agencies) in the event of a statutory or official obligation, 

• Credit and finance service providing institutes or comparable institutions to which we transfer personal data for the implementation of our business relationship with you 

• Creditors or insolvency administrators who request such personal data within the scope of a judicial execution, 

• Third parties involved in the payment process (e.g. valuation-implementing service providers), 

• Service providers contacted by us within the scope of order processing circumstances. 

Further data recipients may be those bodies for which you have granted us your consent to data transmission. 

Data is transmitted to bodies in countries outside the European Union (so-called non-member state), provided 

• it is necessary to execute your contracts (e.g. newsletter dispatch), 
• it is legally prescribed (e.g. fiscal reporting obligations) or 
• you have given us your consent. 

If service providers in the non-member state are utilised, in addition to written instructions they are also obligated to comply with the European data protection standard by the standard contractual clauses adopted by the EU. 
Please refer to our data privacy notice for information on the data which is sent to other countries outside the EU.

We process and store your personal data as long as it is needed to fulfil our contractual and statutory duties. 
 
Should the data no longer be required to fulfil contractual or statutory duties, the latter will be regularly erased, unless the – limited – further processing thereof is required for the following purposes: 
 
Fulfilment of commercial and fiscal retention periods that may, for example, arise from the German Commercial Code (Handelsgesetzbuch; HGB) or German Fiscal Code (Abgabenordnung; AO). The time period stipulated therein for retention or documentation is usually two to ten years. 
 
Maintenance of evidence within the scope of the statutory limitation periods. According to Sections 195 et sq. of the German Civil Code (Bürgerliches Gesetzbuch; BGB) such limitation periods may be up to 30 years, although the usual limitation period is 3 years.

1. Right of confirmation 
Each data subject shall have the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Should a data subject wish to assert such right of confirmation, he or she may contact a person in the controller’s department at any time. 
 
2. Right of access 
Each data subject shall have the right granted by the European legislator to obtain from the controller access at any time and free of charge to information concerning the personal data stored on himself or herself and to receive a copy of such information. The European legislator has also allowed the data subject access to the following information: 

• the purposes of the processing; 
• the categories of personal data concerned; 
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; 
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; 
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; 
• the right to lodge a complaint with a supervisory authority; 
• where the personal data are not collected from the data subject, any available information as to their source; 
• the existence of automated decision-making referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. 
• The data subject shall also have the right to access whether personal data have been transmitted to a third country or to an international organisation. Moreover, should that be the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. 

 
Should a data subject wish to assert this right to access, he or she may contact an employee in the controller’s department at any time. 
 
3. Right to rectification 
Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. 
 
Should a data subject wish to assert this right to rectification, he or she may contact an employee in the controller’s department at any time. 
 
4. Right to erasure (right to be forgotten) 
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and unless processing is required: 

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
• the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) or Article 9(2) GDPR, and where there is no other legal ground for the processing; 
• the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR; 
• the personal data have been unlawfully processed; 
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; 
• the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.  

Should one of the above-cited reasons apply and a data subject would like to instigate the erasure of personal data stored with us, he or she may contact an employee in the controller’s department at any time. Our employee will ensure that the request for erasure is fulfilled without undue delay. 
 
Where we have made the personal data public and our company is obliged as controller to erase the personal data pursuant to Article 17(1) GDPR, we will take reasonable steps, taking account of available technology and cost of implementation, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such other controllers of all links to, or copies or replications of, such personal data, unless processing is required. Our employee will take the necessary steps in individual cases. 
 
5. Right to restriction of processing 
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: 

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; 
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; 
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; 
• the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.
   

Should one of the above reasons apply and a data subject would like to obtain the restriction of personal data stored with us, he or she may contact an employee in the controller’s department at any time. Our employee will instigate the restriction of processing. 
 
6. Right to data portability 
Each data subject shall have the right granted by the European legislator to receive the data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 
 
In exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where the rights and freedoms of other persons are not adversely affected as a result. 
The data subject may contact an employee to assert the right to data portability at any time. 
 
7. Right to object 
Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. 
 
We will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 
 
Where we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. Where the data subject lodges an objection with us to processing for direct marketing purposes, we will no longer process the personal data for such purposes. 
 
Where personal data are processed by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, shall also have the right to object to processing of personal data concerning him or her, unless such processing is necessary for the performance of a task carried out for reasons of public interest. 
 
The data subject may contact any employee in order to exercise the right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject shall also be at liberty to exercise his or her right to object by automated means using technical specifications. 
 
8. Automated individual decision-making 
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, which produces legal effects concerning him or her or similarly significantly affects him or her, where the decision 

• is not necessary for entering into, or performance of, a contract between the data subject and a data controller; 
• is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or 
• is based on the data subject's explicit consent. 

Where the decision 

• is not necessary for entering into, or performance of, a contract between the data subject and a data controller; or 
• is based on the data subject's explicit consent, we will implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. 

Should the data subject wish to assert any rights with regard to automated decisions, he or she may contact an employee in the controller’s department at any time. 
 
9. Right to revoke consent under data protection law 
Each data subject shall have the right granted by the European legislator to revoke his or her consent to the processing of personal data at any time. 
 
Should the data subject wish to assert his or her right to revocation of consent, he or she may contact an employee in the controller’s department at any time. 
 
You may revoke any consent you have given us to the processing of personal data at any time. This also applies to declarations of consent given to us prior to the GDPR coming into force, i.e. prior to 25 May 2018. Please note that the revocation applies only to the future and does not affect data processed prior to the revocation. 
 
10. Right to lodge a complaint with a supervisory authority  
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful. 

Within the scope of our business relationship, you are obliged to provide those personal data required for the establishment, implementation and termination of a business relationship and to fulfil the associated contractual duties or to the collection of which we are legally bound. Without such data, we will usually not be in the position to conclude, execute and terminate a contract with you.

In principle, we do not use a fully automated decision-making system pursuant to Article 22 GDPR in order to establish and implement the business relationship. Should we use this process in individual cases, you will be separately informed of that fact and of your relevant rights, where prescribed by law.

Detailed information on cookies used, tracking, scripts can be found in our Cookie Consent Tool.

Should you desire information, which is not available in this data privacy notice, or if you would like further information on a specific point, please contact the data protection officer of Museen der Hasso Plattner Foundation gGmbH, Museum Barberini.

Controller:
Museen der Hasso Plattner Foundation gGmbH
Museum Barberini
Alter Markt 3
14467 Potsdam 
info@museum-barberini.de 
Tel.:+49 331 236014-399 

Contact for data protection officer:
Museen der Hasso Plattner Foundation gGmbH
Museum Barberini
Alter Markt 3
14467 Potsdam
datenschutz@museum-barberini.de 
 
Responsible data protection authority 
The officer of the federal state of Brandenburg for data protection and for the right to inspect files
Stahnsdorfer Damm 77
14532 Kleinmachnow
Tel.:+49 33203/356-0
Fax: +49 33203/356-49
Poststelle@LDA.Brandenburg.de 

2.1. General
Like many other providers, we use both our own services and those of third parties in our App to collect data on visits and user interactions in connection with our App or the installation of our App on an end device. We do this to ensure that our App functions smoothly and to improve your experience as a user.

The data are collected either anonymously or using pseudonymised user profiles. While you can as a rule be identified by us or by the third party provider as a user, you cannot be personally identified.

2.2. Technologies in detail
2.2.1. Server access​
The App draws its data from a server located in Frankfurt am Main; access is solely per HTTPS. Just like with websites, the public IP address of the user is shown. The server stores these logs in anonymised form for a maximum of 30 days for the purpose of searching for errors. In addition, the following information is transmitted for each request: platform (iOS or Android), App version and where applicable language (App locale).

2.2.2. External links
In some places in the App we refer to external links; these are currently solely part of our own web offering. These links are not opened in the App but in your standard browser on the respective device (e.g. Safari or Chrome).

2.2.3. Crash reports
If there is an unexpected hard crash of the App, the App transmits an anonymous data set record to analyse the error. For this, we use a tool called Sentry(https://sentry.io, orhttps://develop.sentry.dev/self-hosted/), which we host on one of our own servers located in Frankfurt am Main.

2.2.4. Ticketing (ticket sales)
An API (Application Programming Interface) is connected for the Gomus ticketing system by the company Giant Monkey (https://gomus.de/de/startseite-gomus/). During the purchase process, personal data, including payment data, are transmitted. They are not, however, stored in the App’s system but transmitted directly to the service provider’s and payment service provider’s interface (currently this is Concardis GmbH).  

2.3. Access rights for the App 
In order to provide our services via the App we require the following access rights to enable us to access certain functions of your device.

2.3.1. Access to the Internet 
The device’s Internet access is needed so that we can keep the content of the App up to date. 
Internet access is also needed for accessing certain offerings of the Museum Barberini on our website via a link from the App (https://www.museum-barberini.de/).
These include:  

• Tickets 
• Offers 
• Barberini live – the online programme 
• Programme 
• Barberini Prologue 
• ArtHistories 

2.3.2. Access to the local area network/WiFi
To improve stability, the App recognises whether the device has logged into the Museum’s guest WiFi. If so, then data are loaded into the local area network from a mirror server. The data are necessary to enable us to control the provision of content from the Internet without causing long load times.

2.3.3. Location
Activation for Google and Apple is independent of the technology. The location is determined solely when the App is used and not in the background (except for the offering ‘Discover Italy in Potsdam’ – see below). No location information is transmitted in any way (e.g. to servers or third parties). The information is processed purely locally on the device. The collection of location data is necessary to enable navigation by guides.The location data are processed in anonymised form. Navigation is done using e.g. WiFi, GPS or Beacons. A Beacon is a server or receiver based on Bluetooth technology and is used to collect location data inside buildings.

Purpose “in-house use”
Beacons or alternatively GPS are used to recognise that the guest is in the building, whereupon the App offers specific content and functions. Beacons allow the App to identify the room in which the device is located so that it can offer content at that location (e.g. artworks in that room). This use can be selected as an option.

Purpose “use in the outdoor area” in the module “Discover Italy in Potsdam”
Map-base applications showing the present location (Blue Dot).In addition, information can be accessed about distance to POIs or recommendations for nearby POIs (function: Allow tips). The map module is based on the Google Maps SDK, via which data can be exchanged with Google – relevant terms apply (https://cloud.google.com/maps-platform/terms).

2.3.4. Bluetooth access
The Bluetooth interface is used to collect location data inside the Museum. The collection of location data is necessary to enable navigation by guides. Location data are processed in anonymised form.

For the location to be determined using Beacons in the building, Bluetooth must be activated on the device. However, the App never accesses the Bluetooth interface directly but uses solely the location interfaces provided by the system (see the Location section above). For this reason no explicit activation is needed or requested for this function.

2.4. Legal basis
The data processing connected with the provision of the App is based on our legitimate interest as a provider of services (Article 6 (1) first sentence (f) of the GDPR) in being able to offer our services (as error-free as possible) and user-optimised.
If we have your consent for the processing of your personal data for certain defined purposes (e.g. access to location data), then this processing is lawful on the basis of your consent (Article 6 (1) (a) of the GDPR). This consent may be revoked in whole or in part at any time with effect for the future. Revocation will not affect the lawfulness of processing carried out up to the time of revocation on the basis of your consent.

You, as a data subject, fundamentally have the following rights when your personal data are collected by us.

3.1. Right to information
You may demand information under Article 15 of the GDPR about the personal data concerning you that we are processing.

3.2. Right to object
You have a right to object on the particular grounds set out in Article 21 (1) of the GDPR. We provide you with information about this in Section 6 below.

3.3. Right to Rectification
Should the information affecting you not (or no longer) be true, you may demand rectification under Article 16 of the GDPR. If your data are incomplete, you may demand to have them completed.

3.4. Right to erasure
Under the conditions set out in Article 17 of the GDPR, you may have your personal data erased.

3.5. Right to restriction of processing
In the instances set out in Article 18 of the GDPR you may have the processing of your personal data restricted (‘blocking’).

3.6. Right of complaint
If you believe that the processing of your personal data breaches data protection law, you have the right under Article 77 (1) of the GDPR to lodge a complaint with a data protection supervisory authority of your own choice.

3.7. Right to data portability
In the event that you have provided us with personal data in accordance with Article 20 (1) of the GDPR, you have the right to have data which we are processing by automated means on the basis of your consent or for the performance of a contract sent to you yourself or to third parties in a structured, commonly used and machine-readable format.

3.8. Automated individual decision making and profiling
We do not use any process for automated decision making, including profiling, pursuant to Article 4 No. 4 and Article 22 of the GDPR.

Within the museums of the Hasso Plattner Foundation gGmbH, Museum Barberini, those who obtain access to your data are those who need them to fulfil their contractual and statutory duties. Service providers and agents commissioned by us may also obtain data for these purposes, if they in particular comply with data privacy. They include undertakings in the categories IT services, hosting, logistics, telecommunications, payment services and collection.

There is fundamentally no intention to transmit personal data to any third country (a country outside the European Union or the European Economic Area).
Personal data on or by means of our App are processed on servers located in Germany.

Article 21 of the GDPR obliges us to draw explicit attention to a particular right of the data subject. We explicitly bring your attention to the following passages, which are printed in italics for this reason.

6.1. Right to object on a case-by-case basis with balance of interests
6.1.1. Data subjects​ have the right to object, on grounds relating to their particular situations, to the processing of personal data concerning them. This is subject to the condition that the data are processed on the basis of our balance of interests under Article 6 (1) (f) of the GDPR.

6.1.2. The instances to which 6.1 relates have been described in this data privacy information.

6.1.3. In the event of an objection, we shall no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing of the data, which override the interests, rights and freedoms of the data subject. This is also the case if the personal data serve the establishment, exercise or defence of legal claims.

6.2. Form, addressee
The objection may be declared informally and should be made with the subject line ‘Objection’ stating your name and address, and should be sent to: Museen der Hasso Plattner Foundation gGmbH, Museum Barberini, Alter Markt 3, 14467 Potsdam 

The collection of data for the provision of the App and the storing of the log files is mandatory for the running of the App. This means that there are no interests of a data subject which override our interests.