1 INFORMATION ON THE COLLECTION OF PERSONAL DATA

(1) We hereby inform you about the collection of personal data when using our website momem.org. Personal data is all data that allows conclusions to be drawn about your person, e.g. name, address, email address, user behaviour.

(2) The controller within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (hereinafter: GDPR) is: Friends of MOMEM e.V., An der Hauptwache, 60313 Frankfurt am Main. You can contact our data protection officer at contact@momem.org or at our postal address with the addition "to the data protection officer".

(3) If you contact us by e-mail, via an online contact form or by telephone, the data you provide (e.g. your e-mail address, your name and telephone number if applicable) will be stored by us in order to process your request or answer your questions. We delete the data arising in this context as soon as further storage is no longer necessary, or restrict processing if there are statutory retention obligations. This also applies to written or telephone reservations for guided tours in our museum.

(4) If we work with external service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.

2 YOUR RIGHTS

You have the rights listed below with regard to your personal data. To exercise these rights, you can contact us using the contact details listed under 1 (2).

(1) Right to object (Art. 7 GDPR)

If we process your personal data for direct marketing purposes, you have the right to object at any time with future effect to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. You also have the right to object, on grounds relating to your particular situation, at any time with future effect to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. You can exercise your right to object free of charge.

(2) Right to information (Art. 15 GDPR)

You have the right to request confirmation from us at any time as to whether personal data concerning you is being processed and, if so, to request information about this personal data and the other information specified in Art. 15 GDPR.

(3) Right to rectification (Art. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

(4) Right to erasure (or "right to be forgotten") (Art. 17 GDPR)

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17 (1) GDPR applies and the processing is not necessary for one of the purposes specified in Art. 17 (3) GDPR.

(5) Right to restriction of processing (Art. 18 GDPR)

You can also request a restriction on the processing of your personal data if one of the conditions set out in Art. 18 para. 1 lit. a to d GDPR is met.

(6) Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, subject to the conditions set out in Art. 20 (1) GDPR. You also have the right to transmit this data to another controller without hindrance from us. When exercising the right to data portability, you have the right to have the personal data transmitted directly from us to the other controller, insofar as this is technically feasible.

(7) Right to withdraw consent (Art. 7 GDPR)

If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out between consent and its withdrawal.

(8) Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is

The Hessian Data Protection Commissioner, P.O. Box 3163, 65021 Wiesbaden
E-mail: Poststelle@datenschutz.hessen.de, www.datenschutz.hessen.de
Phone: +49 611 1408-0, Fax: +49 611 1408 - 900

3 COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we automatically collect only the personal data that your browser transmits to our server. This is the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

IP address
Date and time of the enquiry
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
WebsiteWebsite from which the request comes
Browser
Operating system and its interface
Language and version of the browser software

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. These are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the body that sets the respective cookie (here by us). Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.

(3) Use of cookies:

About the cookie settings:
Open configuration box

a) This website momem.org uses the following types of cookies, the scope and function of which are explained below:
Transient cookies (see b)
Persistent cookies (see c)

b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

d) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that in this case you may not be able to use all the functions of this website.

e) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

4 FURTHER FUNCTIONS AND OFFERS OF OUR WEBSITE

(1) In addition to the purely informational use of our website momem.org, we offer various services that you can use if you are interested. To do so, you must generally provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, contract conclusions or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

5 USE OF THE BLOG FUNCTIONS

(1) In our blog, where we publish various articles on topics relating to our activities, you can make public comments. Your comment will be published with your specified user name next to the post. We recommend that you use a pseudonym instead of your real name. Your username and e-mail address are required, all other information is voluntary. If you leave a comment, we will continue to store your IP address, which we will delete after one week. This storage is necessary for us to be able to defend ourselves against liability claims in the event of possible publication of illegal content. We need your e-mail address in order to contact you if a third party objects to your comment as unlawful. The legal basis is Art. 6 para. 1 sentence 1 lit. b and f GDPR. Comments are checked by us before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties.

6 USE OF OUR WEBSHOP

(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to fulfil your order. For this purpose, we may pass on your payment details to our bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. It is not necessary to create a customer account.

(2) Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data will only be used to comply with legal obligations.

(3) To prevent unauthorised access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

(4) As soon as your order is dispatched, we will forward your e-mail address to Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn or Hermes Europe GmbH, Essener Straße 89, 22419 Hamburg for the purpose of shipment tracking and parcel notification.

7 DOWNLOAD PRODUCTS AND ACTIVATION OF CONTENT REQUIRING REGISTRATION

(1) If you take advantage of offers for downloads or activate content that requires registration, we will store your email address and personal master data (address, etc.) for the duration of the contract for the purposes of identification, contacting you and checking your subscription authorisation. The legal basis for this is Art. 6 para. 1 b) GDPR.

8 NEWSLETTER

(1) With your consent, you can subscribe to our e-mail newsletter, which we use to inform you about our current offers.

(2) We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove that you have subscribed to the newsletter and, if necessary, to clarify any possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and thus unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter email, by sending an email to [INSERT EMAIL] or by sending a message to the contact details given in the legal notice.

(5) Our newsletters may contain so-called "tracking pixels", which are pixel-sized files that are retrieved from our server or the Inxmail server when the newsletter is opened. These tracking pixels do not contain any personal data and are only used to collect statistics on whether and which links contained in the newsletters are clicked. The data is collected exclusively in pseudonymised form and is not linked to your other personal data; direct personal identification is excluded.

(6) In some cases, newsletters are not sent directly by us, but by the [INSERT COMPANY ADDRESS IF NECESSARY] commissioned by us as part of order processing, but does not use your data to write to you itself. Data will not be passed on to third parties in connection with data processing for sending newsletters.

9 USE OF ANALYSIS TOOLS & REMARKETING

a) Matomo Analytics

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analysing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

The tracking opt-out feature requires cookies to be enabled.

Our website momem.org uses the open source web analysis tool Matomo to measure reach. We use Matomo without the use of cookies in an "on-premise" installation; only a tracking pixel is loaded. The information thus obtained about the use of our websites is stored on our servers or the servers of our hosting service provider within the EU. Your IP address is anonymised before it is stored. We do not pass on personal information about the use of our website to third parties.

This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in an anonymised analysis of visitor behaviour in order to optimise our website.

If you object to the processing for analysis purposes, a so-called opt-out cookie without usage data is stored in your browser, which means that Matomo does not collect any session data. If you delete your cookies, the opt-out cookie will also be deleted and you will have to reactivate the opt-out.

b) Facebook Custom Audiences

Our website momem.org uses the "Facebook Custom Audiences" function of Facebook Inc ("Facebook"). This is used to present visitors to this website with adverts tailored to their interests ("Facebook Ads") while they are using the Facebook social network as logged-in users. For this purpose, a special Facebook pixel is located in the non-visible part of this website. This establishes a direct connection to the Facebook servers when you visit the website. The information that you have visited this website is transmitted to the Facebook server. Facebook then assigns this information to your personal Facebook account.

For more information on the collection and use of data by Facebook as well as your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at https://www.facebook.com/about/privacy.

If you do not wish your data to be collected and used as described here, you can deactivate the "Facebook Custom Audiences" function at any time at https://www.facebook.com/settings/?tab=ads.

10 USE OF SOCIAL MEDIA PLUGINS AND OTHER TOOLS

This website momem.org contains small additional programmes (plugins) from the social networks and services named below, which are operated by third parties and via which files can be transmitted to the corresponding social network by pressing a button, e.g. to rate, recommend or share content with other users. In doing so, we pursue the purpose and legitimate interest of publicising our offers. We configure these plugins so that data is only transmitted when you click the button. The legal basis for data transmission in this case is Art. 6 I f) GDPR. The respective provider is responsible for the data protection-compliant processing of the transmitted data.

a) Facebook social plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer) within the meaning of Art. 6 para. 1 lit. f. GDPR), we use social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd. GDPR) social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognisable by one of the Facebook logos (white "f" on a blue tile, the terms "Like", "Gefällt mir" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offering. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for protecting the privacy of users, can be found in Facebook's data protection information: https://www.facebook.com/about/privacy.

If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

b) Twitter

Functions and content of the Twitter service, offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can express their favour regarding the content, subscribe to the authors of the content or our contributions. If the users are members of the Twitter platform, Twitter can assign the access to the above-mentioned content and functions to the user profiles there. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active. Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

c) Instagram

Functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking of the content, subscribe to the authors of the content or subscribe to our posts. If the users are members of the Instagram platform, Instagram can assign the access to the above-mentioned content and functions to the users' profiles there. Instagram privacy policy: http://instagram.com/about/legal/privacy/.

d) Pinterest

On our website, we use social plugins from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA ("Pinterest"). When you visit a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies. Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options for protecting your privacy can be found in Pinterest's privacy policy: https://about.pinterest.com/de/privacy-policy

e) Google Maps

This website momem.org uses Google Maps API to visualise geographical information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google data protection information. You can also change your personal data protection settings there in the data protection centre.

10 USE OF WEB FONTS

This site uses so-called web fonts, which are provided by external providers, for the standardised display of fonts. The web font provider of this site is Google. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the provider's servers. This gives the provider knowledge that our website has been accessed via your IP address. The use of web fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.