DATA PRIVACY POLICY

Last updated: May 24, 2018

Everybody today seems concerned about your privacy. And of course, we too!

But for us, that's not just lip service. We are here to make the world a bit more colorful, to spread knowledge about art, artists and cultures and we certainly do not want to do business with your personal information.

Since not everyone in the world was so honest, the European Union has adopted a new law on data protection and all countries in the EU have transposed it into local law.

You may wonder what that has to do with you, because you only visit our websites or use our apps - and you do not even have an account with us. But since your IP address also already constitutes a personal piece of information by law, it becomes a bit more complex from here on.

For this reason, we explain in detail here which data we collect from you, why we do it, who helps us and what your rights are.

It may sound very legal at one point or another, for which we already apologize. But if something is unclear to you or you have questions, just write us. Because we want you to spend your precious time with art rather than with these nasty texts.

Responsible according DSGVO / GDPR (Datenschutzgrundverordnung):

VIAVIG UG (Haftungsbeschränkt)
Drachenfelsstr. 32
50939 Köln
www.freshmuseum.com
This email address is being protected from spambots. You need JavaScript enabled to view it.
Fresh Museum is a registered trade mark of VIAVIG

WHAT DATA WE COLLECT AND HOW WE ARE USING THEM

We offer you several ways to use our services. And each of them will collect, process and store different personal information.

As a normal user (consumer) of our apps and the website, we will use much less personal information than we need from content producers and museums.

A. WEBSITE VISITORS AND APP USER (CONSUMER)

This is the data we process and store from you. We do this to fulfill our contractual obligations or to provide you, as a user, with the requested information about museums or exhibitions, artists or works of art.

A.1 Logfiles
When you use the app or our webservices, our servers temporarily record your device’s IP address and other technical features such as the requested content, your browser version and language settings. (Art. 6 (1) b GDPR). We store logs for maximum nine weeks.

A.2 Cookies
When You visit Our websites and use our services on the mobile apps we may use “Cookies” to optimize your user experience. Cookies are small text files which are stored on your computer. After closing your browser most of the cookies will be deleted from your computer. Some others, so called “permanent cookies” may stay and allow us to recognise you when you are returning to us. In case you don’t want to support cookies on your computer, go to the settings menu of you browser and change the permissions setting (Art. 6 (1) b GDPR).

A.3 Google Analytics
Our website may use Google Analytics. Google Analytics is a web analytics service provided by Google, Inc., of Mountain View, CA 94043, U.S.A. („Google“). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of our website (such as when you visited the website, the referrer URL, details on the configuration of your operating system, your browser and your access provider) are generally transmitted to, and stored on, a server of Google located in the U.S.A.

As we are using Google Analytics’ "_anonymizeIp()" function, your IP address will be shortened within members states of the European Union or in other states of the European Economic Area. It is only in exceptional circumstances that your IP address is transmitted to the U.S.A. and shortened there. Google will use the information on our behalf to analyze your use of the website, to compile reports on website activity, and to provide us with additional services related to the use of the website as well as Internet use. The IP address collected within the framework of Google Analytics will not be combined with other Google data. You will find further information on Google and Google Analytics and Google’s Privacy Policy here (Art. 6 (1) b GDPR).

A.4 Google Maps & Places API
We use Google Maps & Places for identifying your cultural organization on our website during the registration process. Google Maps is run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By embedding Google Maps your IP address is transferred to Google and cookies may stored on your computer. For further information about Google’s data privacy rules see here. Please note that you can opt-out from Google services and this might affect the functionality of our service (Art. 6 (1) b GDPR).

A.5 Google Firebase
Firebase is a real-time database that we use for real-time data exchange and storage (for example, in our apps). Here, the user data is sent to Firebase anonymously. Likewise, the push messages that you receive from us because you have agreed on your smartphone will be sent via firebase. If you do not want to receive push messages, you can disable this in the settings of your smartphone (Art. 6 (1) b GDPR).

A.6 Mailchimp
We use MailChimp, a US-based email service, to store your e-mail address and send you our newsletter. And only if you have registered for our newsletter or have a user account with us. In the process of working with Mailchimp your data may be transferred outside the EEA, to the US. Mailchimp is self-certified under Privacy Shield and lawfully transfers EU/EEA personal data to the US according to its Privacy Shield Certification. You can find out more about MailChimp’s privacy policy and the steps the company has taken to comply with the GDPR here (Art. 6 (1) b GDPR).

A.7 Hosting
Your data contained in our logfiles and your data in our databases are stored with our hosting provider (1 & 1 Telecommunication SE) and processed there on our behalf. You can find the privacy policy here (Art. 6 (1) b GDPR)

A.8 Permissions on your Smartphone
When you are installing our apps on your mobile phone, the operating system will ask you for several permissions. We will ensure that you understand why we are asking you for these permissions and how we are using them.

Bluetooth
Some of our museums have installed so-called "beacons". These little things send bluetooth signals to your mobile phone. our app recognizes when you are directly in front of a particular piece of art or in a particular room of the museum. Then you automatically get an information that is just something exciting to see, read or hear around you. You can not be worried, your phone will never send any signals back. The app itself sends an information of the beacons to our server: The battery level of the beacon. So we always know when we have to miss the little guys new batteries. Again, no further data will be transmitted by you.
Mobile data or WiFi
In order for you to get content for your favorite museum, the app needs access to your W-Lan or mobile Internet. If you use mobile internet, you will automatically be notified by the app before downloading. In addition, the app uses Internet to submit the anonymized reports.
Location
To see relevant content first, we need information about your location. This will show you local museums and exhibitions first.
Push notification
We and, of course, the museums that want to make the content available to you on our websites and our apps, like to inform you about news, new exhibitions and special events. For this purpose we use push notifications, which you can switch off at any time.

B. CONTENT PRODUCER AND PUBLISHER (MUSEUM USER)

In addition to “A. Website visitors and app users”

B.1 Your Account Details are stored
To create a new account, we need your full name, your email-address, your role inside your organization and the name of your cultural organization. Other information is optional and can be added – or deleted - to your profile at any time. All data are stored until the contract is ended (+ 12 months) and / or until all of your contents are unpublished (+12 months). All payed account data are stored according local laws for 10 years. (Art. 6 (1) b GDPR)

B.2 Payment details
We use external payment service providers who can settle and pay on our behalf. (eg, Paypal data privacy, Klarna data privacy, Visa data privacy, Mastercard data privacy (Art. 6 (1) b DSGVO)

The type and extent of data processed varies by service provider, but includes only the data required for secure payment processing. processed data includes inventory data, bank account numbers or credit card numbers, passwords, TANs and checksums, as well as contract data. The data entered by the user are only collected, processed and stored by the service provider. We do not receive bank details, credit card details or similar information, but only the information to confirm or reject the transaction.

For the payment transactions, the terms and conditions and the privacy policy of the service provider apply. These are available on the respective websites.

A.1 Your Visits are stored in our Logfiles
If you log in to our website with your user account, we will also save your username, pages visited and activities together with your device’s IP address and other technical features such as the requested content, your browser version and language settings. In addition, we also store information about visited sites and your activity. We do this to ensure a better user experience and to optimize the security on our system (Art. 6 (1) b GDPR). We store logs for maximum nine weeks.

YOUR RIGHTS

It is very important to us that you know your rights and can also apply these rights.

You have the right to information, which data of you we store and process and of course for what purpose. Also, who may see this data and how long we save this data

.

You have the right to change or delete incorrect or incomplete data (Article 16 GDPR);

You have the right to withdraw your consent to the processing of data for the future. (Art. 7 (3) GDPR);

According to Art. 21 (1) GDPR, you have the right to object at any time and also subsequently to the processing of your data.

Under certain circumstances, you may request the deletion of your information, for example if it is no longer required or has not been legally processed (Art 17 GDPR);

In cases where the deletion of data is not possible or the erasure obligation is disputed you may demand the restriction of data (Art 18 GDPR); At your request, we will make your stored data digitally available in a common format.

If you are not happy about how we handle your personal data, then you have the right to file a complaint to official authorities. In our case the responsible state commissioner for Data Protection and Freedom of Information North Rhine-Westphalia.