Last updated: Sept 17, 2021
Everybody today seems concerned about your privacy. And of course, we too!
But for us, that's not just lip service. We are here to make the world a bit more colorful, to spread knowledge about art, artists and cultures and we certainly do not want to do business with your personal information.
Since not everyone in the world was so honest, the European Union has adopted a new law on data protection and all countries in the EU have transposed it into local law.
You may wonder what that has to do with you, because you only visit our websites or use our apps - and you do not even have an account with us. But since your IP address also already constitutes a personal piece of information by law, it becomes a bit more complex from here on.
For this reason, we explain in detail here which data we collect from you, why we do it, who helps us and what your rights are.
It may sound very legal at one point or another, for which we already apologize. But if something is unclear to you or you have questions, just write us. Because we want you to spend your precious time with art rather than with these nasty texts.
Responsible according DSGVO / GDPR (Datenschutzgrundverordnung):
Fresh Museum is a registered trade mark of VIAVIG
WHAT DATA WE COLLECT AND HOW WE ARE USING THEM
We offer you several ways to use our services. And each of them will collect, process and store different personal information.
As a normal user (consumer) of our apps and the website, we will use much less personal information than we need from content producers and museums.
A. WEBSITE VISITORS AND APP USER (CONSUMER)
This is the data we process and store from you. We do this to fulfill our contractual obligations or to provide you, as a user, with the requested information about museums or exhibitions, artists or works of art.
A.1 Logfiles When you use the app or our webservices, our servers temporarily record your device’s IP address and other technical features such as the requested content, your browser version and language settings. (Art. 6 (1) b GDPR). We store logs for maximum nine weeks.
A.2 Cookies When You visit Our websites and use our services on the mobile apps we may use “Cookies” to optimize your user experience. Cookies are small text files which are stored on your computer. After closing your browser most of the cookies will be deleted from your computer. Some others, so called “permanent cookies” may stay and allow us to recognise you when you are returning to us. In case you don’t want to support cookies on your computer, go to the settings menu of you browser and change the permissions setting (Art. 6 (1) b GDPR).
A.4 Google Maps & Places API We use Google Maps & Places for identifying your cultural organization on our website during the registration process. Google Maps is run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By embedding Google Maps your IP address is transferred to Google and cookies may stored on your computer. For further information about Google’s data privacy rules see here. Please note that you can opt-out from Google services and this might affect the functionality of our service (Art. 6 (1) b GDPR).
A.5 Google Firebase Google Firebase is a support tool family for app development and provides various functions for the secure and stable development of applications and their operation. We are using several components like Push Messaging, Crashlytics and Firebase Analytics. Here, the user data is sent to Firebase anonymously. Likewise, the push messages that you receive from us because you have agreed on your smartphone will be sent via firebase. If you do not want to receive push messages, you can disable this feature in the settings of your smartphone. You can prevent sending anonymous crash reports by disabling it in your operating system. Detailed information about Google's Firebase Privacy here. (Art. 6 (1) b GDPR).
A.8 Permissions on your Smartphone When you are installing our apps on your mobile phone, the operating system will ask you for several permissions. We will ensure that you understand why we are asking you for these permissions and how we are using them.
- Some of our museums have installed so-called "beacons". These little things send bluetooth signals to your mobile phone. our app recognizes when you are directly in front of a particular piece of art or in a particular room of the museum. Then you automatically get an information that is just something exciting to see, read or hear around you. You can not be worried, your phone will never send any signals back. The app itself sends an information of the beacons to our server: The battery level of the beacon. So we always know when we have to miss the little guys new batteries. Again, no further data will be transmitted by you.
- Mobile data or WiFi
- In order for you to get content for your favorite museum, the app needs access to your W-Lan or mobile Internet. If you use mobile internet, you will automatically be notified by the app before downloading. In addition, the app uses Internet to submit the anonymized reports.
- To see relevant content first, we need information about your location. This will show you local museums and exhibitions first.
- Push notification
- We and, of course, the museums that want to make the content available to you on our websites and our apps, like to inform you about news, new exhibitions and special events. For this purpose we use push notifications, which you can switch off at any time.
B. CONTENT PRODUCER AND PUBLISHER (MUSEUM USER)
In addition to “A. Website visitors and app users”
B.1 Your Account Details are stored To create a new account, we need your full name, your email-address, your role inside your organization and the name of your cultural organization. Other information is optional and can be added – or deleted - to your profile at any time. All data are stored until the contract is ended (+ 12 months) and / or until all of your contents are unpublished (+12 months). All payed account data are stored according local laws for 10 years. (Art. 6 (1) b GDPR)
B.2 Payment details We use external payment service providers who can settle and pay on our behalf. (eg, Paypal data privacy, Klarna data privacy, Visa data privacy, Mastercard data privacy (Art. 6 (1) b DSGVO)
The type and extent of data processed varies by service provider, but includes only the data required for secure payment processing. processed data includes inventory data, bank account numbers or credit card numbers, passwords, TANs and checksums, as well as contract data. The data entered by the user are only collected, processed and stored by the service provider. We do not receive bank details, credit card details or similar information, but only the information to confirm or reject the transaction.
A.1 Your Visits are stored in our Logfiles If you log in to our website with your user account, we will also save your username, pages visited and activities together with your device’s IP address and other technical features such as the requested content, your browser version and language settings. In addition, we also store information about visited sites and your activity. We do this to ensure a better user experience and to optimize the security on our system (Art. 6 (1) b GDPR). We store logs for maximum nine weeks.
It is very important to us that you know your rights and can also apply these rights.
You have the right to information, which data of you we store and process and of course for what purpose. Also, who may see this data and how long we save this data
You have the right to change or delete incorrect or incomplete data (Article 16 GDPR);
You have the right to withdraw your consent to the processing of data for the future. (Art. 7 (3) GDPR);
According to Art. 21 (1) GDPR, you have the right to object at any time and also subsequently to the processing of your data.
Under certain circumstances, you may request the deletion of your information, for example if it is no longer required or has not been legally processed (Art 17 GDPR);
In cases where the deletion of data is not possible or the erasure obligation is disputed you may demand the restriction of data (Art 18 GDPR); At your request, we will make your stored data digitally available in a common format.
If you are not happy about how we handle your personal data, then you have the right to file a complaint to official authorities. In our case the responsible state commissioner for Data Protection and Freedom of Information North Rhine-Westphalia.