Skip to main content

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as ‘data’) that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘online offer’).

The terms used are not gender-specific.

Status: 5 November 2024

Table of contents

  • Preamble
  • Person responsible
  • Contact data protection officer
  • Overview of the processing operations
  • Relevant legal bases
  • Security measures
  • General information on data storage and erasure
  • Rights of the data subjects
  • Performance of tasks in accordance with the articles of association or rules of procedure
  • Payment procedures
  • Use of cookies
  • Contact and enquiry management
  • Newsletter and electronic notifications
  • Web analysis, monitoring and optimisation
  • Presence in social networks (social media)
  • Plug-ins and embedded functions and content
  • Modification and updating
  • Donation form

Responsible party

DOMiD gGmbh

Venloer Strasse 419

50825 Cologne / Germany

Persons authorised to represent the company: Managing Director Dr Robert Fuchs

E-mail address: hallo@museum-selma.de

Telephone: 0049 221 8002830

Legal Note: museum-selma.de

Contact data protection officer

datenschutz@domid.org

Overview of the processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment data.
  • Location data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and process data.
  • Member data.

Categories of data subjects

  • Service recipients and clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Members.
  • Business and contractual partners.
  • Donors.
  • Third parties.

Purposes of the processing

  •  Provision of contractual services and fulfilment of contractual obligations.
  • Communication.
  • Direct marketing.
  • Reach measurement.
  • Organisational and administrative procedures.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online services and user-friendliness.
  • Collection of donations/fundraising.
  • Public relations and information purposes.
  • Public relations.
  • Business processes and business management procedures.

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

    - Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.

    - Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

    - Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

    - Membership contract (articles of association) (Art. 6 para. 1 sentence 1 lit. b) GDPR).

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection

Payment procedures

As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively referred to as ‘payment service providers’).

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the payment service providers' terms and conditions and data protection information.

Payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information and other data subject rights.

    - Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).

    - Data subjects: Service recipients and clients; business and contractual partners. Interested parties.

    - Purposes of processing: Provision of contractual services and fulfilment of contractual obligations. Business processes and business management procedures.

    - Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

    - Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

    - PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de. Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of cookies

The term ‘cookies’ refers to functions that store information on users' end devices and read it from them. Cookies can also be used for various purposes, such as the functionality, security and convenience of online offers and the creation of analyses of visitor flows. We use cookies in accordance with the statutory provisions. If necessary, we obtain the user's consent in advance. If consent is not required, we rely on our legitimate interests. This applies if the storage and reading of information is essential in order to be able to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope and which cookies are used.

Information on the legal basis under data protection law: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: With regard to the storage duration, a distinction is made between the following types of cookies

    - Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).

- Permanent

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The latter may in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. Cookies are therefore generally stored on users' computers, in which the user behaviour and interests of the users are stored. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.

    - Types of data processed: Contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).

    - Data subjects: Users (e.g. website visitors, users of online services).

    - Purposes of Processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations work.

    - Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

    - Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

    - Instagram: Social network, allows you to share photos and videos, comment on and favourite posts, send messages, subscribe to profiles and pages; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third country transfers: Data Privacy Framework (DPF).

    - YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Option to object (opt-out): https://myadcenter.google.com/personalizationoff.

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as ‘third-party providers’). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as ‘content’).

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymised information can also be stored in cookies on the user's device and, among other things, provide technical information.

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The latter may in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. Cookies are therefore generally stored on users' computers, in which the user behaviour and interests of the users are stored. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.

    - Types of data processed: Contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).

    - Data subjects: Users (e.g. website visitors, users of online services).

    - Purposes of Processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations work.

    - Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.

    - Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

    - Instagram: Social network, allows you to share photos and videos, comment on and favourite posts, send messages, subscribe to profiles and pages; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third country transfers: Data Privacy Framework (DPF).

    - YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Option to object (opt-out): https://myadcenter.google.com/personalizationoff.

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as ‘third-party providers’). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as ‘content’).

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymised information can also be stored in cookies on the user's device and used, among other things, to provide technical information.

Cloudflare Turnstile

Cloudflare Turnstile (a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA) is an automated detection service that we use to check whether the request was sent by a human or a bot. This recognition is necessary to prevent spam messages.

We use Turnstile to ensure the secure use of the contact form. The legal basis for this type of data processing is our legitimate interest in the secure operation of the contact form, Art. 6 para. 1 lit. f) GDPR.

Cloudflare processes your IP to the Cloudflare servers in this query for verification. Cloudflare processes the data on our behalf on the basis of an order processing contract between us and Cloudflare. It may happen that the IP address is transmitted to Cloudflare's American servers. In this case, the standard contractual clauses agreed between us and Cloudflare also apply to protect your rights.

Further information from the third-party provider on data protection can be found on the following website: https://www.cloudflare.com/de-de/privacypolicy/.

 

 

Changes and updates

We ask you to inform yourself regularly about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your co-operation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

Supervisory authority responsible for us:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

P.O. Box 20 04 44

40102 Düsseldorf

Telephone switchboard: +49 (0)211-3842-0

poststelle@ldi.nrw.de

Created with free Datenschutz-Generator.deDatenschutz-Generator.de by Dr Thomas Schwenke

And own customisations