1. Personal data
Personal data is information about your identity. This includes, for example, your name, address or telephone number.
2. When and for what purpose does the Munich Philharmonic collect personal data?
Our portal is available to all users without personal data being collected. However, our portal asks for your personal data if you wish to register for one of our personalised services (e.g. newsletter). We use your personal data only to give you access to those of our services that require registration. Your personal data will therefore only be requested, processed and used to the extent required by the purpose of the contract. When you access our websites, information of a general nature is automatically collected. This information includes the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. None of this information allows you to be personally identified. This data is furthermore generated when accessing any other website on the Internet. This is therefore not a specific function of our website. The information we collect in this way and statistically evaluate is entirely anonymised.
a. Provision of the website and communication with us:
You can also contact us by phone or e-mail. In addition, contact forms are available for ordering subscriptions and tickets for the concerts for children and young people, and for the ticket exchange.
We use your personal data for the provision of this website and your communication with us on the basis of our legitimate interest. For the provision of this website, we must process certain personal data for technical reasons (e.g. the IP address). For your communication with us, it is necessary that we handle the personal data mentioned above.
Within the scope of the necessary balancing of interests, we have weighed your interest in the respective secrecy of your personal data and our interests in the provision of this website and the establishment of contact with each other. Your interest in confidentiality withdraws in both cases. Otherwise we would not be able to provide this website to you.
The legal basis for this data processing to safeguard legitimate interests is point (f), Art. 6(1) GDPR.
Mandatory information: When registering to use the personalised services of the Munich Philharmonic’s portal, personal data, such as name, customer/subscription number, and contact and communication data, such as telephone number and e-mail address are recorded. Depending on the respective service, additional data is requested, such as information about the company, business address, business communication data, industry, and contract and billing data. We use your personal data to give you access to those of our services that require registration. In this case, your personal data will be requested, processed and used to the extent required by the purpose of the contract. The legal basis for data processing for the purpose of contract implementation is point (b), Art. 6(1) GDPR. We also use your name, customer/subscriber number and postal address to send you information about events by post. This serves to protect legitimate interests, namely direct advertising. The legal basis for data processing for the purpose of contract implementation is point (b), Art. 6(1) GDPR. You can object to the processing of your data for direct marketing at any time (see Section 10). We will contact you by e-mail only if you have given us your prior consent to do so (see Section 5.).
c. Data processing with your consent:
General information about consent: If you have given us your consent to process personal data for certain other purposes (e.g. receiving the newsletter), this data will be processed on the basis of this consent. We make the details of the content of a consent available when we request your consent.
Your consent is always given voluntarily. If the processing of personal data is based on your consent, you have the right to revoke this consent at any time. This also applies to any consent you have given to us prior to the validity of the GDPR, i.e. before 25 May 2018. You can also withdraw your consent by sending an e-mail to firstname.lastname@example.org. The legality of data processing on the basis of your consent prior to its revocation remains unaffected by your revocation of the consent.
The legal basis for data processing based on a consent is point (a), Art. 6(1) GDPR.
3. Handling of your personal data
Your personal data is stored by the Munich Philharmonic on a specially protected server in Germany. The Munich Philharmonic will at no time pass on your personal data to third parties without your express consent unless the Munich Philharmonic’s portal is required to do so by law.
We take all necessary technical and organisational security measures to store your personal data in such a way that they are protected against unauthorised access and misuse. These security measures require that we occasionally ask you to provide proof of your identity before we disclose information to you.
When handling data, our employees are obliged to observe the provisions of the GDPR, the German Telemedia Act (TMG) and the Bavarian data protection act (BayDSG).
To protect the security of your data during transmission, we often use encryption methods (e.g. SSL). Our servers are protected by firewalls and virus protection. We also employ backup and recovery as well as role and authorisation concepts.
Cookies are small text files used to identify visitors that return regularly to specific websites. No personal user data is stored; only the Internet Protocol (IP) address is recorded. With the help of these cookies, the Munich Philharmonic’s portal can analyse how our website is used. They help us optimise the contents of individual pages and adapt them to our users’ needs. This automatically provides us with certain data about your computer and your connection to the Internet, such as the IP address, browser used and operating system. We also record your visit history, i.e. the pages on our websites that you visit, including order, date and time.
When you access this or other web pages, your web browser transmits data to our web server. During an ongoing connection for communication between your web browser and our web server, the following data is recorded:
Date and time of access Name of the requested file Page from which the file was requested Access status (file transferred, file not found, etc.) Web browser and operating system used Full IP address of the requesting computer Amount of data transferred
After the connection is terminated, the data is anonymised by truncating the IP address at domain level, so that it can no longer be associated with any individual user.
If you would like to subscribe to the newsletter offered on our website, we require an e-mail address from you as well as information that allows us to verify that the email address belongs to you and that you agree to receive the newsletter.
We use the double opt-in procedure to ensure that newsletters are only sent out where consent has been provided. As part of this process, the potential recipients can be included in a distribution list. Subsequently, the user is given the opportunity to confirm their registration in a legally secure manner by means of a confirmation e-mail. The address is only actively included in the distribution list if user confirmation is provided.
We use this data exclusively for sending the requested information and offers.
The newsletter software used is called Sendinblue. This means your data will be transmitted to Sendinblue. Sendinblue is prohibited from selling your data and using it for purposes other than sending the newsletter. Sendinblue is a certified German provider selected in accordance with the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act. You can find more information here.
You can withdraw your consent to your data and e-mail address being stored and used to send you the newsletter at any time, for example via the "Unsubscribe" link in the newsletter or by sending an unsubscribe request to presse.philharmoniker(at)muenchen.de.
6. Video integration
Videos from the Vimeo platform (operator: Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA) are integrated on this website to display video material in the desired position directly on the website (legal basis for this data processing to protect our legitimate interests is point (f), Art. 6(1) GDPR). If a page with an embedded video is called up, the browser connects to Vimeo, which results in a transfer of data to Vimeo. Vimeo collects, stores and processes this data. If you are logged in as a registered Vimeo member during this time, Vimeo may collect further data if other cookies have already been set. If you do not want this to happen, we recommend that you log out of Vimeo while using this website. Vimeo is entitled to collect and use data from users within the European Union and transfer this data to the United States (the platform complies with the EU-U.S. Privacy Shield Framework).
7. Integration of the Juicer Social Wall
A Juicer Social Wall has been integrated into this website. The Juicer system allows posts from different social media feeds to be combined into a single feed, which can then be displayed on a website. It allows posts from Instagram, Twitter and many other social media channels to be integrated based on hashtags or, alternatively, to display all posts of a particular account (Instagram, Twitter, etc.) on the Social Wall, in effect linking publicly accessible content from social networks with the website. This does not result in copies of the image data being stored. The Social Wall can be accessed by anyone, including people who are not registered with Instagram, Twitter, etc. The operating company of Juicer is Juicer.io, 1515 7th Street, #424, Santa Monica, CA 90403, USA.
Juicer and third-party providers that work with Juicer are EU-GDPR compliant. The GDPR was developed to give users more information and to better protect their user data. Juicer has not at any time and will not at any time: · store or collect personal data from users viewing the Juicer feed (Social Wall) on a web page. · disclose Juicer user data with the exception of cookies that enable the user to make better use of the system. Juicer collects a minimum of data and treats these discreetly. · provide data of any kind to the social networks
8. How long does the data remain stored?
We store and process your personal data only as long as necessary for the intended purpose (see section »When and for what purpose does the Munich Philharmonic collect personal data?«). In all other cases, we delete your personal data. The only exception is data that we must store in order to fulfil legal obligations (e.g. tax or commercial law storage obligations). The e-mail addresses for sending the newsletter are stored and used only for sending the newsletter. You can unsubscribe from the newsletter at any time. Your e-mail address will then be deleted automatically.
9. Your rights as a data subject
According to the General Data Protection Regulation (GDPR), you have the following rights: You can revoke any consent you have given at any time (Art. 7(3) GDPR). If your personal data is processed, you have the right to obtain information about the data stored on your person (Art. 15 GDPR). Should incorrect personal data be processed, you have a right to correction (Art. 16 GDPR). If the legal requirements are met, you have the right to request the deletion or restriction of processing of the data (Art. 17 and 18 GDPR). If you have consented to data processing or a contract for data processing exists and data processing is carried out using automated procedures, you may have a right to data transferability (Art. 20 GDPR).
To exercise your rights, contact the address below (Section 12.) or write to presse.philharmoniker(at)muenchen.de. If you make use of the above rights, the public authority will check whether the legal requirements for this have been met. You also have the right to appeal to the Bavarian Data Protection Commissioner.
10. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out for the purpose of protecting legitimate interests; you may object at any time to processing for the purpose of direct marketing (Art. 21 GDPR).
11. Changes to our Data Privacy Statement
We reserve the right to occasionally adapt this Data Privacy Statement so that it always complies with current legal requirements or to implement changes to our services in the Data Privacy Statement, e.g. when introducing new services. On your next visit, the new Data Privacy Statement will then apply.
12. Questions to the data protection officer
Contact and further information If you have any questions regarding data protection in connection with this website, please contact the data protection officer: