When someone calls up a website managed/operated by Kulturserver, the following data is automatically collected and transmitted from the browser to the server. They are used in the sense of the page visitor for the delivery of the website. The following data is collected (logged):

• browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. We reserve the right to check this data retrospectively if we have concrete indications of illegal use.

Duration of storage

All log files (server logs, domain logs and maillogs) are stored for 14 days.

A cookie is a small text file that is stored by the browser on the hard drive of the user accessing a website. On pages that are managed/operated by Kulturserver, for example, so-called session cookies are used. They serve to establish a unique connection between the page visitor and the respective website and to remember, for example, the language setting. Only a random number is stored for this purpose. The session cookie is automatically removed when the browser is closed.

Every internet user can deactivate the use of cookies in their browser. Even then, the websites are largely functional.

Cookie banner

It is generally advisable to display a so-called cookie banner when a website is launched, informing the site visitor about the use of cookies and his or her right to object. The banner should also contain a link to the website's data protection information.

Kulturserver usually uses Matomo (formerly Piwik), an open source web analytics application, on websites.

Type of data stored by Matomo

Anonymised IP address, browser type, browser engine, browser version, plugins, operating system, device type, screen resolution, location, call history, call origin (e.g. Google), date/time, time spent on homepage and subpages, recurring visit yes/no.

>> This means that, in principle, high-resolution statistical visitor profiles are recorded and stored. However, in no case can these be assigned to a specific person, but serve general analysis and administration processes.

Storage period / deletion of data

The IP address is stored anonymously in the database of the statistics server stat.culturebase.org in the statistics tool Matomo (formerly Piwik). The data with the anonymised IP addresses are deleted after 180 days.

More general statistical information on the use of the website such as browser version or calls to individual subpages, on the other hand, is generally still available on the website when the statistics implementation begins.

>> In principle, it is not possible to specifically delete individual statistical visitor data, as they cannot be assigned to a specific person in any case due to anonymisation!

Access to the data

Staff members of Kulturserver and individuals authorised by them to access the statistics of a specific website, mostly the online editorial staff of the project. They are given password-protected access to the data of the respective project.
 

>> An up-to-date list of your contact persons and supervisors of Kulturserver can be found on the staff page of the kulturserver.de gGmbH foundation.

Forms integrated on a website for newsletter registration must always be made via a secure connection (SSL encryption). In addition, they must use the so-called double opt-in procedure. This means that after registering on the website, the person interested in the newsletter receives an email with a link that he or she must confirm before receiving the newsletter. This is provided for accordingly with cb-news from Kulturserver.

In addition, newsletter subscribers must consent to the collection and storage of data when ordering a newsletter. This can be added to newsletter subscription forms on a website by adding a mandatory box to click. The text for this should read something like this:

I have read the data protection declaration and agree that the data I have provided may be collected and stored electronically. My data will only be used for sending the newsletter. 

If you use a different newsletter system, please contact the respective provider if necessary.

Data from contact forms must always be transmitted via a secure connection (SSL encryption) (see next paragraph).

In addition, those seeking contact must consent to the collection and storage of their data. This can be supplemented on contact forms on a website by a mandatory box to click on. The text for this should read something like this:

I have read the data protection declaration and agree that the data I have provided may be collected and stored electronically. My data will only be used for processing and answering my enquiry. 

Anyone who operates a website on which personal data is collected (newsletter registration, contact form, registration function) must have a security certificate via which this data is transmitted between the browser and the server in encrypted form for security reasons. Whether a page has such a certificate can be recognised by the fact that the URL contains the word "https" or a green lock symbol. As soon as data is transferred in an unencrypted way, the browser displays a corresponding warning message.

If you do not yet have a security certificate for your site, we can set it up within a very short time.

If plugins of a social media platform are integrated on a website, this must be indicated by corresponding passages in the data protection declaration.

You can find which plugins are available for Facebook here: > Facebook plugins. A mere link to your Facebook page is not included. No personal data is transferred to Facebook via this.

In the > Sample data protection declaration of the German Association for Data Protection you will find formulations for plugins of the social networks:

• Facebook
• Google+
• Instagram
• LinkedIn
• Myspace
• Pinterest
• SlideShare
• Tumblr
• Twitter
• Xing
• YouTube

Please make sure to cite the source when using this privacy statement template.