Data protection information

The protection of your personal data is an important concern for Körber-Stiftung. We observe the legal regulations on data protection and data security.

Below you will find information about what personal data we collect when you use our website at music-education.hamburg (“website”) and utilise the services and functions it contains, and how we use this data and for what purposes. In addition, we will inform you of the legal basis for the processing of your data and, if processing is necessary to protect our legitimate interests, of our legitimate interests. If you have any further questions about the handling of your personal data, please contact our data protection officer.

1. Person responsible
2. Contact the responsible data protection officer
3. Legal basis for data processing
4. Data security
5. Data transmission
6. Calling up our website
7. Interaction with social networks and integration of third-party content
8. What are cookies?
9. Contact
10. Data deletion
11. Changes to this privacy policy
12. Your rights

1. Person responsible

Körber-Stiftung, Kehrwieder 12, 20457 Hamburg, Germany, telephone 040 / 80 81 92 0, info@koerber-stiftung.de (“Körber-Stiftung”, “we” or “us”) is responsible for processing your data through the website.

2. Contact the responsible data protection officer

You can contact our data protection officer at info@koerber-stiftung.de erreichen oder postalisch unter:

Justus Brandt
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de

3. Legal basis for data processing

According to Art. 13 para. 1 lit. c) GDPR, we must also inform you about the legal bases for data processing on our website and the purposes of the respective data processing. The data processing on our website is authorised by two different legal bases in addition to the provision of consent:

If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (or § 25 para. 1 TDDDG).

According to Art. 6 para. 1 sentence 1 lit. b GDPR, data processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Insofar as processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

According to Art. 6 para. 1 sentence 1 lit. f GDPR (or § 25 para. 2 no. 2 TDDDG), data processing is also lawful if it is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child.

In the following, we refer to these two legal bases for the relevant data processing.

4. Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.

5. Data transmission

Your personal data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary to fulfil the contractual relationship, or you have previously expressly consented to the transfer of your data.

External service providers and partner companies such as online payment provider or a shipping company commissioned with the delivery will only receive your data if this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure that they comply with the provisions of the data protection laws in the same way within the framework of order processing in accordance with Art. 28 GDPR. Please also note the data protection notices of the respective providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.

6. Calling up our website

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via a contact form), we collect the following technical information (log file data):

• Operating system of the device you use to visit our website
• Browser (type, version & language settings
• the amount of data retrieved
• the anonymised IP address of the device you use to visit our website
• Date and time of access
• the URL of the previously visited website (referrer)
• the URL of the (sub)page that you call up on the website

The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We and our service provider regularly do not know who is behind an IP address. We do not merge the data listed above with other data.

To ensure the error-free operation of our web server and to guarantee server security, your IP address is processed by our server service provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The IP address is anonymised after collection.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR or § 25 para. 2 no. 2 TDDDG. Since the collection of data for the provision of the website and storage in log files is absolutely necessary for the operation of the website and for protection against misuse, our legitimate interest in data processing prevails at this point.

7. Interaction with social networks and integration of third-party content

We have integrated third-party content in some places on our website. This includes videos, map services, images or fonts. A more detailed description of who we embed content from and how your data is processed can be found below in the respective description of the embedded content.

7.1 YouTube

We use the services of YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the controller responsible for your data.

If you have not given your consent as part of the Consent Manager, you have the option of giving it later as part of the so-called “2-click procedure”. If you access a page in which a YouTube video is embedded, a connection to the YouTube servers is only established when you click on the button to confirm. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

Further information on data protection from YouTube is provided by Google at the following link: https://policies.google.com/privacy?hl=en.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by accessing Cookie settings under “Privacy settings” in the menu in the sidebar and changing your selection there.

8. What are cookies?

Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the organisation that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognise preferences and target content according to areas of interest.

There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only this website is authorised to read information from these cookies. Third-party cookies are set by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR or Section 25 para. 2 no. 2 TDDDG. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionalities, to measure reach and – with your consent – to tailor our services to your preferred areas of interest.

You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do this via the settings in your Internet browser. You can find instructions for common browsers here: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge Browser, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

8.1 Matomo Analytics

We use Matomo Analytics in a cookieless mode to monitor and improve our website. This means:

• No cookies are stored on your device.
• No personal data (such as IP addresses in full) is collected.
• All data is anonymized and cannot be used to identify you.

Matomo collects basic information such as:

• Pages visited
• Time and duration of visit
• Browser and device type
• Anonymized IP address
• Referring site (if applicable)

This information is processed solely on our servers and is not shared with third parties. The legal basis for processing is our legitimate interest in improving website performance, in compliance with GDPR.

9. Contact

When you contact us by email or via a contact form, the data you provide (your email address, possibly your name and telephone number) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. If we request information via our contact form that is not required for contacting you, we have always labelled this as optional. We use this information to specify your enquiry and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. If this involves information on communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your enquiry. You can of course revoke this consent at any time for the future.

Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required for the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.

As the data controller, our company has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service.

10. Data deletion

In general, we delete or anonymise your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. Specific information on the retention and deletion of personal data in the previous sections remains unaffected.

Unless this privacy policy contains other, deviating provisions regarding the storage of data, the data collected by us will be stored by us for as long as it is required for the aforementioned purposes for which it was collected.

11. Changes to this privacy policy

The further development of the Internet and our website may also affect the handling of personal data. We therefore reserve the right to amend this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We therefore recommend that you visit our website from time to time to take note of any updates to our privacy policy.

12. Your rights

We will be happy to provide you with information as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements.

You have the right to object to the processing under the legal requirements (Art. 21 GDPR).

To exercise your above rights, please contact us by e-mail at info@koerber-stiftung.de or by post at Körber-Stiftung, Kehrwieder 12, 20457 Hamburg. The exercise of your above rights is free of charge for you.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).

The following data protection authority is responsible for Körber-Stiftung:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit,
Ludwig-Erhard-Str 22, 7th floor
20459 Hamburg
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
E-Mail: mailbox@datenschutz.hamburg.de

This privacy policy has been machine translated.

Status of this privacy policy: 18 May 2025