Start of main content,

Data Protection Statement

I.   Data protection*

The operators of these pages take protection of your personal data very seriously. We handle your personal data in confidence and in compliance with applicable statutory data protection regulations and this privacy statement.
It is generally possible to use our website without providing personal data. To the extent that personal data are requested on our pages (name, address, or email addresses) this always takes place on a voluntary basis as far as possible.
We would like to point out that data transfer in the Internet (e.g. in email communication) can involve security risks. It is not possible to protect private data completely against access by third parties.

II.    Details of responsible operator

Kulturprojekte Berlin GmbH
Klosterstraße 68
10179 Berlin-Mitte

CEO: Moritz van Dülmen
Project Coordinator: Corinna Scheller

III.    Details of data privacy officer:

Dr. Michael Funke
JBB Data Consult GmbH
Friedrichstraße 95
10117 Berlin
030 443 765 0

IV.    Purposes and legal bases as well as duration of data processing

1. Data processing on this Website

Draussenstadt automatically collects and stores on its server log files with information transmitted to it by your browser. These include:

- browser type and version
- operating system used
- referrer URL (the site previously visited)
- host name of the accessing computer (IP address)
- time of server request

These data cannot be traced back to individuals by Draussenstadt. Insofar as connection IP address is recorded, this is based on Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is to offer you our website for retrieval and to enable you to use the site, as well as to be able to track unauthorized access attempts and illegal use of the website or portal. We store our log files for 1 year.

2. Registering an event on the event calendar

On the DRAUSSENSTADT patform, you can register an event to be publicised in the event calendar using a form.

a) Filling out the registration form for events to be publicised in the event calendar
On this website, we provide you with the opportunity to publicise your event in the DRAUSSENSTADT platform’s event calendar.
For this we require the following data from you, which you can enter into our online form:
-    First and second name
-    E-mail address
-    Telephone number
-    Details on prior support as part of the DRAUSSENSTADT initiative
-    IP address

Your entries in the form for registering your event will initially be saved in a local file on your end device.
We will not register this data at this time.

b) Sending the form
Our collection of your data begins the moment you click on “Send” at the end of the form. In doing so, you provide us with the previously entered data. You will receive a confirmation e-mail from us to the e-mail address provided, as well as a pdf summary of your event listing.

c) Checking your event listing and publication
Finally, we check your event listing to ensure whether it meets the form and content requirements for publication on the DRAUSSENSTADT platform. If necessary, our editorial team will contact you to check and/or fine tune details on your event. Provided that the event entry meets the criteria of the editorial review, all event organisers will be informed by e-mail about the publication.

d) Legal framework and storage period
Processing of this data is carried out in line with Art. 6.1.e of the GDPR law, as all processing is required to enable the creation and publication of the event entry.

e) Other recipients
The aforementioned steps, inclusive of the publication of the event entry, are carried out by our processor, Kulturprojekte Berlin GmbH Klosterstraße 68, 10179 Berlin-Mitte. Additionally, we use other service providers bound by instructions where necessary if we cannot provide services in whole or adequately ourselves. Examples include website hosting and sending of e-mails.

3.  Newsletter

We provide you with the chance to subscribe to an e-mail newsletter. For this we store your e-mail address. In addition, we analyse our newsletter service by collecting certain usage data. The processing of data for sending newsletters is based on Art. 6.1.a. of the GDPR law. The analysis of usage data is based on Art. 6.1.f. of the GDPR law. Our legitimate interest is in the optimisation of our newsletter provision. We will store the data processed for the e-mail newsletter until you withdraw your consent. The usage data analysed will be saved for a year at most.

4. Contact

We offer you the possibility to contact us, for example via our e-mail address as well as by telephone. In the case of an e-mail, you inform us in any case of your e-mail address and, if applicable, your name, a subject and the content of your request. We process this data in order to be able to answer your inquiry. This purpose is also our legitimate interest in data processing (Art. 6 (1) (f) DSGVO). The processing may also take place in order to fulfill a contract with you. In this case, the legal basis is Art. 6 para. 1 lit. b DSGVO. We generally store your inquiry as long as it is necessary for the purpose of your inquiry, unless legal provisions prevent deletion, in particular if further storage is required for the purpose of evidence or to comply with legal retention periods pursuant to Art. 6 para. 1 lit. c DSGVO. If the request is made in the context of an existing or prospective contractual relationship with us, the storage period depends on the underlying contractual relationship.

V.    Duration of storage

Unless a storage period is explicitly mentioned elsewhere in this privacy policy, we will process your data until it is no longer required for the processing purpose. In addition, we may store your data for the assertion, exercise or defense of legal claims or to comply with statutory retention periods. The legal basis for this is Art. 6 para. 1 lit. c) DSGVO in conjunction with. §§ 147 and 257 AO as well as Art. 17 para. 3 DSGVO. We delete your data as soon as we no longer need your data for this purpose.

VI. Recipients of your data (categories of recipients)

Internally, your data will be processed by the employees who are responsible for the respective matter concerning you. We also use external service providers to the extent that we cannot or cannot reasonably perform services ourselves. These external service providers are primarily providers of IT services, such as our hoster, e-mail provider or telecommunications provider.

VII. Data transfer to a third country

Unless expressly stated elsewhere in this privacy policy, we do not intend to transfer your personal data to a third country outside the EU or EEA states.

VIII.    Data subject rights

The General Data Protection Regulation guarantees you certain rights that you can assert against us - insofar as the legal requirements are met.

- Art. 15 DSGVO - Data subject's right to information: you have the right to request confirmation from us as to whether personal data relating to you are being processed and, if so, what these are and the more detailed circumstances of the data processing.

- Art. 16 DSGVO - Right to rectification: You have the right to demand that we rectify any inaccurate personal data relating to you without undue delay. In this context, taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

- Art. 17 DSGVO - Right to erasure: You have the right to demand that we delete personal data concerning you without delay.

- Art. 18 DSGVO - Right to restriction of processing: You have the right to demand that we restrict processing.

- Art. 20 DSGVO - Right to data portability: you have the right, in the event of processing based on consent or for the performance of a contract, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and to transfer this data to another controller without hindrance from us, or to have the data transferred directly to the other controller, insofar as this is technically feasible.

- Art. 21 DSGVO - Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for legitimate interests on our part or for the performance of a task carried out in the public interest, or which is carried out in the exercise of official authority. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. Insofar as we process your personal data for the purpose of direct marketing, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

- Art. 77 DSGVO in conjunction with Section 19 BDSG - Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you violates applicable law.

- Withdrawal of consent: If you have given us consent, you have the right to withdraw your consent at any time. All data processing that we have carried out until your revocation will remain lawful in this case. For this purpose, you can send us a message to one of the above addresses.

IX.    Obligation to provide data

You have no contractual or legal obligation to provide us with personal data. However, without the data you provide, we may not be able to offer you our services.

X.    Existence of automated decision-making (including profiling).

1. cookies and other technologies

Our websites use so-called cookies and other technologies. They serve to make our offer more user-friendly, effective and secure. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit. You can usually set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser.

If cookies are deactivated, the functionality of these websites may be limited. The legal basis for processing of personal data in connection with this is Art. 6 (1) lit. f DSGVO, insofar as the cookies are used to provide the services you have requested. Our legitimate interest is to provide you with the best possible user experience. If the cookies are not required, they are used with your consent pursuant to Art. 6 (1) a DSGVO, which you can revoke at any time with effect for the future.

2.    Reach measurement

a)  Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). We use Google Analytics to analyze visits to our website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We use the anonymizeIP function, which anonymizes your IP address by shortening it so that the IP address is never stored in full by Google. We have agreed so-called standard data protection clauses with Google LLC for the transfer of data to the USA. You can obtain a copy on request at More information on the handling of user data at Google Analytics can be found in Google's privacy policy: Legal basis is your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time with effect for the future [here] (opt-out link). In this case, a so-called opt-out cookie will be stored in your browser so that Google Analytics no longer collects any data from you. If you delete your cookies, however, this will result in the opt-out cookie also being deleted and you will be asked for your consent again on our websites. In addition to revoking your consent, you can generally prevent the collection of your data by Google Analytics by clicking on the following link An opt-out cookie will be set that prevents the collection of your data during future visits to this website: Disable Google Analytics.

b) Hotjar

This website uses Hotjar, a web analytics service provided by Hotjar Limited, Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”).

We use Hotjar to analyse your use of the website and to compile reports on website activities. In this process, Hotjar uses cookies with the names [names of the cookies], which are stored for a duration of […] days. The information generated by the cookies about your use of the website is usually transmitted to a Hotjar server and stored there. The following information, in particular, is stored: IP address in anonymised form; websites visited and movements on those sites; number and position of clicks on links; browser type and version; screen size of the end device used.

The legal basis for this processing is your consent in accordance with Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect from that moment on by clicking [here] (opt-out link). In this case, a so-called opt-out cookie will be stored in your browser ensuring that Hotjar no longer collects any data from you. However, if you delete your cookies, the opt-out cookie will also be deleted and you will be asked again for your consent when you next visit our websites.

For more information on data protection at Hotjar, please see their data protection statement: Hotjar also offers the possibility to generally object to data processing by Hotjar cookies in the future by adhering to the “Do Not Track” function of browsers. To find out how to activate this function, visit:

 3.    Social Media

We have profiles on social networks. Our social media accounts complement our website and offer you the opportunity to interact with us. Once you access our social media profiles on the social networks, the terms and conditions and data processing policies of the respective operators apply. In principle, we have no influence on the data processing in the social networks. The data collected about you when using the services is processed by the networks and may be transferred to countries outside the European Union. Information about which data is processed by the social networks and for what purposes the data is used can be found in the privacy policy of the respective network listed below.

We use the following Social Media:


Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland-Irland.

Data Protect Statement:
Opt-Out-Options: und
About Insights:


Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA as affiliated company of Facebook.
Data Protect Statement: / Opt-Out-Options:


Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA integrated. The plugin Elfsight Instagram Feed CC loads the images directly from Instagram. All other data is collected and cached on the server side. When you, as a visitor to our website, load the content, it is loaded from Elfsight's cache for the Instagram feed. No personal data is collected for this data request.
For more information on Elfsight's privacy policy, please visit:
For more information, please see Instagram's privacy policy:


Twitter International Company, z. Hd.: Data security officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland.
Data Protect Statement: Opt-Out-Optionen:


YouTube LLC as a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy policy: Opt-out options:

We process personal data as a data controller when you send us requests via the social media profiles. We process this data to respond to your inquiries, which is also our legitimate interest (Art. 6(1)(f) DSGVO). In addition, we are jointly responsible with the following networks and for the following processing operations (Art. 26 DSGVO).

In the course of visiting our profiles on the networks Facebook, Instagram and Twitter, the respective network collects aggregated statistics ("Insights Data") created from certain events logged by their servers when you interact with our profiles and related content. We receive these aggregated and anonymous statistics from the networks about the use of our respective profile. We are generally not able to attribute the data to specific users. To a certain extent, we can determine the criteria according to which the respective network creates these statistics for us.  We use these statistics to make our profiles more interesting and informative for you. This also justifies our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in the data collection carried out by the respective social network to provide us with statistics. For more information on this data processing, please refer to the respective Joint Controller Agreement at: Facebook / Instagram:

4. Cloudflare

On our website we use a so-called Content Delivery Network ("CDN") of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). The use of Cloudflare's Content Delivery Network helps us to optimize the performance of our website.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient operation and improvement of the stability and functionality of our website.

We have concluded a data processing addendum with Cloudflare (available at, which obliges Cloudflare to protect the data of our website visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Cloudflare relies on so-called standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information can be found in Cloudflare's privacy policy at:

* Please note: This is an English translation of the original German Datenschutzerklärung (data protection statement). It provides an overview of your data protection rights and the manner in which we process your personal data. This English translation is intended solely as a convenience to the non-German-reading public. If there is any divergence between the German original and the English translation, the German version shall be the prevailing one.