Privacy Policy

Privacy Policy

Privacy Policy

Person responsible and data protection officer


Responsible for this app is:
Dr. Doreen Mölders
Historisches Museum Frankfurt
Saalhof 1
60311 Frankfurt am Main
E-Mail: frankfurthistory@stadt-frankfurt.de


You can reach the data protection officer by e-mail at datenschutz@stadt-frankfurt.de.
or at the address: Data Protection and IT Security Department of the City of Frankfurt am Main, Sandgasse 6, 60311 Frankfurt am Main.


Legal basis & purposes

The data is processed on the basis of Art. 6 (1) lit. f DS-GVO.
The stored data is used exclusively for data security purposes.


Local storage

The app accesses the local memory of the cell phone to save presets. By using the local memory, the Frankfurt History App can provide users* with more user-friendly services.


Collection of general data and information

The Frankfurt History App collects a series of general data and information each time a data subject or automated system calls up the App. This general data and information is stored in the log files of the server. The (1) geodata, (2) the operating system used by the accessing system, (3) other similar data and information that serve to avert danger in the event of attacks on our information technology systems may be collected.
When using these general data and information, the Historisches Museum Frankfurt does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the content of our app correctly, (2) to optimize the content of our app and the advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our app, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Collection of personal data and information

Users who wish to compile their own tours require an account for the content management system of the Frankfurt History App. An e-mail address is stored in the system for registration. IP addresses can be transmitted when sending diagnostic data for troubleshooting. 


Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of the storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.


Rights of the data subjects

Right to information

You can request information in accordance with Art. 15 DS-GVO about your personal data that we process.


Right to rectification

If the information concerning you is not (or no longer) accurate, you can request a correction in accordance with Art. 16 DS-GVO. If your data is incomplete, you may request that it be completed.


Right to deletion

In accordance with Art. 17 DS-GVO, you can demand the deletion of your personal data if the conditions for this are met.


Right to restriction of processing

According to Art. 18 DS-GVO, you have the right to request restriction of the processing of your personal data if the conditions for this are met.


Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77(1) DS-GVO. This includes the data protection supervisory authority responsible for the controller:
The Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, 0611/1408-0, poststelle@datenschutz.hessen.de.


Privacy policy on the use and application of Mapbox

This app uses Mapbox, a mapping service provided by Mapbox Inc, 740 15th St NW, Washington, DC 20005, USA, after consent. By using Mapbox's features, information about your use of this App, including your IP address and location data, may be transmitted to Mapbox. When you access a page in the app that contains Mapbox maps, your browser establishes a direct connection with Mapbox's servers. The map content is transmitted by Mapbox directly to your terminal device and integrated by it into the app. Mapbox maps are used for the purpose of an appealing presentation of our online offers and to make it easy to find the places we indicate in the app. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. More information on the handling of user data at Mapbox can be found in Mapbox's privacy policy: https://www.mapbox.com/legal/privacy/


Privacy policy on the use and application of YouTube

The controller has integrated components of YouTube on this app. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By each call of one of the individual pages of this app, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive knowledge of which specific subpage of our app is visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our app the data subject is visiting by calling up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our app if the data subject is simultaneously logged into YouTube at the time of calling up our app; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before calling up our app.
The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.


Privacy policy on the use and application of Firebase

We use Firebase, an analysis and monitoring tool, on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. The following services are used:

  • Dynamic firebase links

  • Firebase Cloud Messaging

Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can learn more about the data processed through the use of Firebase in the Privacy Policy on https://policies.google.com/privacy?hl=en.

https://firebase.google.com/support/privacy/


Storage period

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.

 

Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data.


We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.



Person responsible and data protection officer


Responsible for this app is:
Dr. Doreen Mölders
Historisches Museum Frankfurt
Saalhof 1
60311 Frankfurt am Main
E-Mail: frankfurthistory@stadt-frankfurt.de


You can reach the data protection officer by e-mail at datenschutz@stadt-frankfurt.de.
or at the address: Data Protection and IT Security Department of the City of Frankfurt am Main, Sandgasse 6, 60311 Frankfurt am Main.


Legal basis & purposes

The data is processed on the basis of Art. 6 (1) lit. f DS-GVO.
The stored data is used exclusively for data security purposes.


Local storage

The app accesses the local memory of the cell phone to save presets. By using the local memory, the Frankfurt History App can provide users* with more user-friendly services.


Collection of general data and information

The Frankfurt History App collects a series of general data and information each time a data subject or automated system calls up the App. This general data and information is stored in the log files of the server. The (1) geodata, (2) the operating system used by the accessing system, (3) other similar data and information that serve to avert danger in the event of attacks on our information technology systems may be collected.
When using these general data and information, the Historisches Museum Frankfurt does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the content of our app correctly, (2) to optimize the content of our app and the advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our app, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Collection of personal data and information

Users who wish to compile their own tours require an account for the content management system of the Frankfurt History App. An e-mail address is stored in the system for registration. IP addresses can be transmitted when sending diagnostic data for troubleshooting. 


Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of the storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.


Rights of the data subjects

Right to information

You can request information in accordance with Art. 15 DS-GVO about your personal data that we process.


Right to rectification

If the information concerning you is not (or no longer) accurate, you can request a correction in accordance with Art. 16 DS-GVO. If your data is incomplete, you may request that it be completed.


Right to deletion

In accordance with Art. 17 DS-GVO, you can demand the deletion of your personal data if the conditions for this are met.


Right to restriction of processing

According to Art. 18 DS-GVO, you have the right to request restriction of the processing of your personal data if the conditions for this are met.


Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77(1) DS-GVO. This includes the data protection supervisory authority responsible for the controller:
The Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, 0611/1408-0, poststelle@datenschutz.hessen.de.


Privacy policy on the use and application of Mapbox

This app uses Mapbox, a mapping service provided by Mapbox Inc, 740 15th St NW, Washington, DC 20005, USA, after consent. By using Mapbox's features, information about your use of this App, including your IP address and location data, may be transmitted to Mapbox. When you access a page in the app that contains Mapbox maps, your browser establishes a direct connection with Mapbox's servers. The map content is transmitted by Mapbox directly to your terminal device and integrated by it into the app. Mapbox maps are used for the purpose of an appealing presentation of our online offers and to make it easy to find the places we indicate in the app. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. More information on the handling of user data at Mapbox can be found in Mapbox's privacy policy: https://www.mapbox.com/legal/privacy/


Privacy policy on the use and application of YouTube

The controller has integrated components of YouTube on this app. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By each call of one of the individual pages of this app, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive knowledge of which specific subpage of our app is visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our app the data subject is visiting by calling up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our app if the data subject is simultaneously logged into YouTube at the time of calling up our app; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before calling up our app.
The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.


Privacy policy on the use and application of Firebase

We use Firebase, an analysis and monitoring tool, on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. The following services are used:

  • Dynamic firebase links

  • Firebase Cloud Messaging

Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can learn more about the data processed through the use of Firebase in the Privacy Policy on https://policies.google.com/privacy?hl=en.

https://firebase.google.com/support/privacy/


Storage period

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.

 

Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data.


We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.