Data privacy

Below we inform you about the processing of personal data when using our website themuseumslab.org, in accordance with the requirements of the General Data Protection Regulation (GDPR).

1. Responsible

Museum für Naturkunde Berlin

Invalidenstr. 43
10115 Berlin

Represented by:
Prof. Johannes Vogel, PhD, Director General
Tel.: +49 30 889140 – 8544
E-mail: johannes.vogel@mfn.berlin

and

Stephan Junker, Managing Director
Tel.: +49 30 889140 – 8330
E-mail: stephan.junker@mfn.berlin

2. Data Protection Office

Data Protection Officer of the Museum für Naturkunde Berlin

Tel.: +49 30 889140 – 8440
E-mail: datenschutz@mfn.berlin

3. Hosting and Infrastructure

Our website is provided by the service provider Vercel Inc. (440 N Barranca Avenue #4133, Covina, CA 91723, USA).

Data processed:

  • IP address
  • Date and time of the request
  • Accessed URL/route
  • Referrer
  • Browser and operating system information (user agent)
  • Technical request/response metadata
  • Error and server logs

Purpose of processing:

  • Secure, stable, and efficient provision of the website
  • Protection against attacks (DDoS protection)
  • Error analysis

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure and efficient provision of the website).

Recipients: Vercel Inc. as a processor (DPA including Standard Contractual Clauses, EU-US Data Privacy Framework certification). Information on sub-processors can be found at https://vercel.com/security.

Storage period: Logs within the scope of Observability Plus for up to 30 days.

Regions: CDN/edge worldwide, including server locations in the EU (Frankfurt).

4. Analytics and Performance Services

a) Vercel Web Analytics (cookie-free, anonymous)

Data collected: accessed URL/route, referrer, country/region (ISO code), browser/OS/device type, timestamp, visitor count via hash

Storage: sessions are discarded after 24 hours

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in anonymous reach measurement).

b) Vercel Speed Insights

Data collected: loading times, network speed, browser/OS/device type, country (ISO code), timestamp

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in optimising stability and performance).

c) Matomo (cookieless tracking)

We use Matomo for reach analysis without cookies.

Data collected: pages accessed, pseudonymised IP address (shortened), referrer, browser and device characteristics, time of access

Storage: exclusively on our servers, no disclosure to third parties

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in optimising our website).

5. Newsletter

We offer the option to subscribe to our newsletter.

Service provider: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany

Data processed:

  • E-mail address
  • Name (if provided)
  • IP address and time of registration (proof of double opt-in)
  • Statistical data on openings, clicks, technical information (browser, time)

Purpose:

  • Sending and managing newsletters
  • Proof of lawful registration
  • Statistical evaluation for optimisation

Legal basis: Art. 6 (1) (a) GDPR (consent).

Withdrawal: possible at any time via the unsubscribe link in the newsletter.

Recipient: CleverReach GmbH & Co. KG, Germany (data processing agreement concluded pursuant to Art. 28 GDPR).

Storage period: until unsubscription; afterwards deletion or anonymisation, unless statutory retention obligations apply.


6. Embedded Third-Party Content

a) YouTube

We embed videos from the YouTube platform (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Privacy-friendly integration (“two-click solution”):

By default, no YouTube content is loaded and no data is transmitted. Only once you have expressly consented to the display of YouTube content will the videos be loaded, and data (e.g. IP address, referrer, browser information) will be transmitted to YouTube/Google.

Legal basis: Art. 6 (1) (a) GDPR (consent).

Withdrawal: You may withdraw your consent at any time with effect for the future via the consent banner or the settings on our website.

Further information on data protection at YouTube can be found here: https://policies.google.com/privacy


7. Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Access to your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (“right to be forgotten”, Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of consent with effect for the future (Art. 7 (3) GDPR)

To exercise your rights, please contact the controller named above or the Data Protection Officer.

8. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is unlawful. The competent authority in particular is the Berlin Commissioner for Data Protection and Freedom of Information.

9. Security

We implement technical and organisational measures to protect your data against loss, misuse, or unauthorised access.

Our website uses TLS encryption (https), ensuring that transmitted data cannot be read by third parties.

10. Currency and Amendments to this Privacy Policy

This Privacy Policy is currently valid (as of September 2025).

We reserve the right to amend this Privacy Policy in order to adapt it to technical developments or changes in legal requirements.

11. Scope and External Links

This Privacy Policy applies to the online offerings of the Museum für Naturkunde Berlin.

Where our pages refer or link to third-party websites, we assume no responsibility or liability for the accuracy or completeness of the linked content or for the data security of the linked websites.

The linked content was checked for possible legal violations at the time of linking. However, continuous monitoring of the content of linked pages is not reasonable without specific indications of a legal infringement. Should linked content violate applicable law or contain inappropriate material, we kindly ask you to notify us.

We have no influence on the compliance of third parties with data protection regulations. Please therefore consult the respective Privacy Policies of the external providers.