Easy Read IS Contrast Simple Design
en
de
Documenta
Fifteen

Privacy Policy Accreditation

Information on data processing in the context of the accreditation procedure for documenta fifteen in accordance with Art. 13 and 14 GDPR / Section 31 and 32 HDSIG

In the following, we would like to inform you about the processing of personal data in the context of accreditation / registration for documenta fifteen and the processing of your data provided in the online accreditation form. The term “personal data” denotes all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour or IP address.

1. Who is responsible for processing the data, who is your contact person?

documenta und Museum Fridericianum gGmbH
Friedrichsplatz 18
34117 Kassel
office@documenta.de

You can reach our data protection officer using the following contact details:

Mr Blazy, LL.M. or his deputy Dr Marschall, LL.M. (https://gdpc.de/) by post at the above address with the addition – Data Protection Officer – or by e-mail to datenschutzbeauftragter@documenta.de and by telephone at: +49 561 83099165.

2. Where does your data come from and what data is processed?

We process personal data about you, e.g. as a media representative, trade visitor, guest, employee, board member, participating artist, external service provider, which we have received from you directly in the course of filling in the registration/accreditation form (online form), or which you have communicated to us or made available to us through other communication channels – including outside the actual accreditation procedure. The categories of data processed by us for the purpose of registration/accreditation and related services include the following, depending on the information you have provided/transferred to us:

  • Personal data, such as name, e-mail address, telephone number, address (voluntary), website, social media profiles (voluntary); details of profession (criteria taken into account in the accreditation application)
  • For trade visitors:
    • Type of activity (institutional/freelance, name of institution, if applicable)
    • Field of activity and professional position
    • Proof of project, other proof (voluntary, only for freelance work)
  • For media representatives:
    • Type of activity (fixed/free)
    • Uploaded media/documents and media category (optional)
    • Proof in the form of a valid international press card or an editorial letter (voluntary), as well as details of planned filming (voluntary), if applicable

Other information, e.g:

  • On barrier-free access / desired assistance during the visit (voluntary)
  • Consent to be included in the documenta fifteen press distribution list (voluntary)
  • Subscription to the documenta fifteen newsletter (voluntary)
  • Participation in events, if applicable

As the data subject, you only have to provide us with the personal data required for the decision on the granting of accreditation, and for the associated (services) and activities. Without the provision of the mandatory information, we will generally not be able to carry out and consider the accreditation.

3. What is your data used for, and on what legal basis?

We process personal data in compliance with the German Data Protection Regulation (GDPR) and the Hessian Data Protection and Freedom of Information Act (HDSIG). The primary purpose of data processing is to carry out the accreditation procedure for documenta fifteen and the coordinated handling of the event. We process your personal data with the aim of enabling a smooth handling of the accreditation procedure and the event for our customers/visitors and employees, including capacity planning, allocation, access control and its organisation.

Furthermore, we also use your (contact) data – if necessary – to contact you, e.g. to inform you of relevant changes to the status of the event, or to inform you about the result of the accreditation and related information (e.g. by e-mail).

Personal data is, therefore, processed – depending on the individual case – either on the basis of your consent (Art 6 para 1 lit a GDPR) when registering for the customer account, registering persons in the accreditation system and for the fulfilment of contractual (Art 6 para 1 lit b GDPR) and legal (Art 6 para 1 lit c GDPR) obligations, as well as in those cases in which express consent is required (e.g. Art 9 para 2 lit a GDPR regarding your health-related data – provided voluntarily – on requests for barrier-free access), or in such cases where data processing by us as a public body of the State of Hesse is necessary for the performance of a task in the public interest (Art. 6 para 1 lit. e GDPR). Furthermore, we may have a legitimate interest in processing the personal data under certain circumstances, for example, for measures to ensure building/IT security/protection of domiciliary rights (e.g. access controls/access security), for fraud detection/prevention and/or for the clarification of other (contractual) breaches of agreements between the customer/employees and us as organisers, as well as for the promotional notification of accredited persons regarding details and information in connection with accreditation (e.g. exhibition dates, etc.). If you have given us your consent to process your personal data, it will only be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given may be revoked at any time without stating reasons and with effect for the future.

Other purposes of data processing in the context of our accreditation procedure:

  1. Registration/accreditation of the above-mentioned data subjects for access to events, as well as the associated ancillary services (ticket scanning at the venue, check-in at the venue).
  2. Processing of your personal data in the accreditation portal for administrative purposes.
  3. Where applicable: To provide the documenta fifteen press mailing list and newsletter, including sending information to you, based on your consent. For more information on the processing of your personal data in the context of subscribing to the documenta fifteen newsletter and the documenta fifteen press mailing list, please see Privacy Policy – documenta fifteen (documenta-fifteen.de). You can freely revoke any voluntary consent you may have given to be included in the press distribution list and/or to receive our newsletter at any time with effect for the future.

4. Will your data be passed on?

Within documenta und Museum Fridericianum gGmbH as the organiser of documenta fifteen, only those offices entrusted with the planning and organisation of accreditations and access authorisations for documenta fifteen will have access to your data.

For the implementation of the accreditation procedure (accreditation of visitors, provision of the accreditation platform “accredit” for the registration, administration and validation of accreditations – including their documentation – we have commissioned the company “GetSystems” (Global Event Technologies GmbH & Co. KG, Neualmerstraße 37, 5400 Halle in Austria) as our central processor in accordance with Art. 28 GDPR. This service provider also provides the online form for accreditation and carries out the corresponding data processing on our behalf.

Furthermore, we may also entrust other processors with the processing of your personal data in individual cases, and/or our service providers may receive personal data for the aforementioned processing purposes. In addition, in individual cases, we may also forward personal data for the above-mentioned purposes to other bodies/service providers on request, such as public institutions, authorities or other companies (e.g. postal service providers for ticket dispatch) or to cooperation partners, insofar as said forwarding is necessary within the scope of accreditation and/or we are statutorily/legally obligated to pass it on. For more information, please contact us using the contact details above.

In the course of correspondence with us by e-mail, your personal data may also be transferred to service providers outside the European Union and the European Economic Area (EEA) through the Microsoft Office 365-Europe service we use (recipient: “Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Dublin 18, Ireland”), including to the U.S. A transfer is only made on the basis of EU standard contractual clauses and subject to further appropriate guarantees (Transfer Impact Assessment), which ensure an adequate level of data protection in the processing of data. The same applies to the provision of the online form on the relevant website, for which we use Cloudfare’s content delivery network. The central server infrastructure is located in Europe. Cloudflare’s CDN (Content Delivery Network) is used to transmit the data (here: IP address of the user). This network enables us to process requests from all over the world quickly. There is an order processing agreement between Cloudflare and our order processor GetSystems. Access to your personal data is restricted to those employees and individuals for whom it is important to take note of this data, in order to be able to offer the relevant services.

5. How long will your data be stored?

As soon as your data is no longer required for the fulfilment of contractual, legal and process-internal processing purposes (after documenta fifteen has ended), it will be deleted. As a rule, however, we are obligated to store personal data (e.g. order and invoice data) beyond the end of the contractual relationship for reasons attributable to commercial and tax law. The period can be up to ten years. Reference is hereby made to the relevant laws, in particular Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO).

Unless you have given us your consent to further storage, or we have a legitimate interest in its (further) storage, the data you have provided will be deleted after the accreditation has been carried out and – if relevant – after the tickets have been sent, but at the latest after the documenta fifteen has expired and come to an end, unless there are legal grounds for deletion.

Insofar as we require data and documents relating to persons as evidence for the assertion, exercise or defence of legal claims, we will retain these depending on the respective limitation periods, whereby we restrict processing for other purposes. This also applies, for example, to the assertion and settlement of warranty and liability claims (max. 30 years). The legal basis for this processing is Art. 6 I. lit. f GDPR.

We would like to point out that the accreditation and documentation of documenta fifteen may also result in data worthy of archiving, which may become part of the documenta archive’s holdings. If archival records contain personal data about you, we process this data on the basis of Art. 6 para 1 lit. c GDPR in conjunction with Art. 7, 8 and 11 HArchivG. We process the special categories of personal data that may be processed in this context on the basis of Section 25 HDSIG.

6. What rights do you have vis-a-vis documenta und Museum Fridericianum gGmbH?

With regard to the processing of your personal data, you have a wide range of rights, in particular, the right to the disclosure of information about the personal data stored by us (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection to processing (Art. 21 GDPR), especially in the case of direct advertising. With regard to the right to the disclosure of information, the right to deletion and the right to lodge an objection thereto, the restrictions of Sections 25, 33 to 35 HDSIG and the Hessian Archives Act, among others, must be observed. You will be informed separately in this regard in each individual case.

Furthermore, you have a right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR), to which we expressly refer. The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
Postfach: 3163
65021 Wiesbaden

View full privacy policy here

This is a historical website. The imprint available here was valid on the date of the website’s publication and is only kept in the original for archival purposes. Here you can get the imprint currently valid for this site and further information.

Ok