Data protection

Important: this translation was created by machine. The German version is authoritative.

The contact details of the company:

Management: Gilles Meyer
Telephone number: +41 61 205 00 40
Email address: info@museumspass.com
Company name: Association Museums-PASS-Musées

Contact details of the data protection officer:

E-mail address: datenschutz@museumspass.com
Company name: Association Museums-PASS-Musées

Privacy policy

Valid from 01.09.2023

The Museums-PASS-Musées (hereinafter referred to as "MPM", "we" or "us") undertakes to process all personal data (hereinafter referred to as "personal data") collected via the online portal www.museumspass.com (hereinafter referred to as "portal" or "website") in accordance with applicable data protection law and to take appropriate security measures to protect it from unauthorized access. In this privacy policy, we inform you in particular about which personal data is collected and processed in connection with the use of the portal, for what purposes it is used, to whom it may be passed on and what your rights are in connection with the use of your personal data by MPM. Personal data is all information that relates to an identified or identifiable natural person, e.g. surname, first name, address, email address, date of birth or telephone number.

This Privacy Policy is an integral part of the Terms of Use of the MPM.

By accessing the website and using the services and products we offer, you declare that you have read this privacy policy carefully and agree to the data processing described. Any questions in connection with this privacy policy can be sent at any time by email to datenschutz@museumspass.com. If you do not agree with this declaration, you must refrain from accessing the website and using our services and products.

Content

1. who is responsible for your personal data

The controller for the processing of personal data within the meaning of data protection legislation is Museums-PASS-Musées, Birsigstrasse 2, 4054 Basel, Switzerland, +41 61 205 00 40, e-mail: datenschutz@museumspass.com.

The MPM determines the purposes and means of the processing of your personal data and is therefore responsible for the processing and use of your personal data in accordance with this Privacy Policy. If you have any questions or concerns about this Privacy Policy or the processing of your personal data, please contact us at any time by sending an email to datenschutz@museumspass.com.

2. How we process personal data

All personal data collected via the website is processed in accordance with the applicable data protection legislation. We collect and process Personal Data carefully and for the purposes described in this Privacy Policy. In accordance with applicable law, we may also use your personal data in ways other than those described in this Privacy Policy. In this case, we will provide you with specific privacy statements or notices at the time of collection and obtain your consent where necessary. We always endeavour to collect information in anonymized or pseudonymized form within reasonable limits so that we cannot recognize your identity.

3. What personal data we collect and for what processing purposes

3.1 Personal data automatically transmitted via the use of the portal

The MPM collects and stores information that your browser automatically transmits to us in "server log files" when you visit our website. The data collection is based on your will and interest in visiting our website and our legitimate interests in operating the website. This may include the following data:

Browser type and browser version
Operating systems used
Referrer URL (the previously visited website)
Host name of the accessing computer
Date and time of the server request
Internet protocol address (IP address)
Location (based on your IP address)
Amount of data transferred
other similar data and information used for security purposes in the event of attacks on our IT systems

This personal data is not merged with other personal data and is stored separately from any other personal data transmitted by the user. It will be deleted by us after three to six months at the latest

The MPM uses the automatically collected personal data to fulfill the following purposes:

to enable the display, operation and functionality of the website
to ensure the stability and security of the system
to improve and protect our services
to get to know you and to better tailor our products, services and offers to you
for statistical purposes in the event of attacks on the network infrastructure on which the website is provided

3.2 Personal data that the user transmits to us

The MPM collects and processes personal data that the user voluntarily transmits to the MPM by means of an online form directly on the portal, via our contact email address, via any other applications connected to the portal, by telephone or in any other way. This information includes, for example, the following personal data:

Names, first names, postal addresses, email address, telephone number, date of birth, gender
Your message or request
The number of your Museum PASS Museum

The provision of this personal data is expressly on a voluntary basis. Without this personal data, however, we will not be able to provide the services requested by the user in the desired quality or at all.

The MPM uses the personal data that the user transmits to us to fulfill the following purposes:

to provide, maintain, protect and optimize the services and information offered
to communicate with you and provide you with the best possible and personalized information you need from us (e.g. about our products and services)
to offer you new services and information and, based on your profile, to suggest customized services and information that may be of interest to you
to comply with legal or other regulatory requirements and internal rules
for the establishment, exercise and/or defense of actual or potential legal claims, investigations or similar proceedings
for other lawful purposes where such processing is apparent from the circumstances or was indicated at the time of collection

4. on what legal basis do we process personal data about you

The processing of the above-mentioned personal data is based on the following legal bases:

Your consent, only if it can be withdrawn at any time (e.g. when you sign up for our newsletter and other marketing communications), for the performance of a contract with you or for the intention to enter into a contract with you (e.g. when you purchase a Museum Pass Musée), to comply with a legal obligation (e.g. for tax reasons or for the purpose of legal investigations or proceedings) or for the purposes of our legitimate interests (e.g. protection and security of our services, the protection of your privacy, the protection of your personal data and the protection of your personal data).e.g. protection and security of our services, systems, assets; compliance with legal, regulatory and contractual obligations; establishment, exercise or defence of legal claims; maintenance and efficient organization of business operations; improvement and development of our services; and sale and marketing of our services).

If the processing is based on your consent or our legitimate interests, you can withdraw your consent or object to this processing at any time by contacting us directly at datenschutz@museumspass.com. Please note, however, that the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. To whom we disclose your personal data

The MPM takes the necessary measures to ensure that only our authorized personnel and our auxiliary persons who have the necessary knowledge have access to your personal data in order to fulfill the purposes for which your personal data was collected

We may disclose your personal data to the following possible categories of recipients in accordance with the purposes and legal bases of processing described above, insofar as this is necessary for the intended data processing:

Service providers who process the personal data on behalf of and on the instructions of MPM (so-called contract processors such as in the areas of IT, hosting and support, accounting)
Partners, suppliers, insurance companies and other business partners
Courts, arbitration bodies, law enforcement authorities, supervisory authorities, lawyers and other parties in potential or actual legal proceedings if this is necessary to comply with the law or to establish, exercise or defend rights or legal claims

We select our service providers carefully and only if we have sufficient guarantees that they have appropriate technical and organizational measures in place in accordance with legal requirements. Our processors can only process personal data on our documented instructions. They are all subject to confidentiality requirements and may only use your personal data to the extent necessary to fulfill the purpose for which your personal data was collected, unless otherwise required by law.

6. Transfer of personal data to countries outside the EEA

The personal data collected via our website is stored in the EU. In addition, we may transfer, store and process your personal data at data locations around the world, e.g. where our third-party providers or partners are located. Therefore, we may transfer your personal data outside the European Economic Area (EEA) if this is necessary for the data processing described in this Privacy Policy in accordance with applicable law.

Where data is transferred to countries that do not ensure an adequate level of protection, we ensure an adequate level of data protection by putting in place appropriate safeguards, such as contractual safeguards (e.g. based on EU standard clauses), based on binding corporate rules, transferring data in accordance with your explicit consent, for the conclusion or performance of a contract with you or in connection with the establishment, exercise or enforcement of legal claims. For more information about our appropriate safeguards, please contact us by email at datenschutz@museumspass.com.

7. How long we keep information about you

In principle, personal data is deleted or anonymized as soon as it is no longer required to achieve the purpose for which it was collected, unless longer retention is necessary to comply with legal obligations (e.g. retention and documentation obligations), contractual or pre-contractual obligations or our legitimate business interests (e.g. to assert, exercise or defend legal claims).

On this basis, we generally process personal data in compliance with the following rules and obligations:

The personal data automatically transmitted by you through the use of our portal (see point 3.1) for the purpose of displaying, operating and ensuring the functionality of the portal will be deleted within three to six months.
The personal data you transmit to us in connection with the use of our services and products that are offered on our portal or that you otherwise transmit to us via the email contact address (see section 3.2) will generally be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed).
For contract-related personal data (including business documents and communications), we store personal data for as long as the contractual relationship exists and thereafter for a further ten years after termination of the contractual relationship, unless (i) a shorter or longer statutory retention obligation applies in individual cases, (ii) retention is required for reasons of proof or for another valid reason under applicable law, or (iii) deletion of the data is required earlier (e.g. because the data is no longer required or we have to delete the corresponding data).

8. Cookies and services from Google

When you access or use the website, we may place so-called cookies - small text files - or similar tools on your computer. We use these cookies to recognize you as a user of the website, to customize content, to improve the performance of the website and to improve its usability.

a) Categories of cookies we use

Depending on their function and purpose, the cookies we use can be divided into the following categories: functional cookies, performance cookies and advertising cookies.

Functional cookies: These cookies serve a variety of purposes for the presentation, functionality and performance of a website and in particular to improve the experience and enjoyment of visitors to the website. They allow a website to remember information already provided (e.g. user name, location or language selection) and offer visitors improved, more personalized features. Functional cookies are used, for example, to remember things like your login details. These cookies cannot track your movement on other websites.
Performance cookies: These cookies are used to collect information about how a website is used - for example, how visitors arrived at our website, which pages a visitor opens most often, how you navigated our website during your visit and whether you receive error messages from a page. We may also use these cookies to provide us with certain statistical and analytical information, such as how many visitors have come to our website. These cookies are used to monitor the level of activity of the website and to improve the performance of the website.
Advertising cookies allow us or a third party provider to serve ads on our website or on third party websites with products that the user likes, so that the ads the user sees may be more relevant to the user's preferences or interests (sometimes referred to as "targeting cookies"). They can also be used to evaluate the effectiveness of advertising and promotions.

These cookies may be placed by us or by a third party on our behalf. For more information about cookies and how we use them, please visit: www.allaboutcookies.org/.

The legal basis for data processing results from your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest arises from the existing contract with MPM; for more details, please refer to the General Terms and Conditions on the website (LINK).

You can configure your browser settings so that no cookies are stored on your computer. The complete deactivation of cookies may mean that you cannot use all the functions of our website.

By continuing to use our website and/or agreeing to this privacy policy, you consent to cookies being set by us and thus to personal usage data being collected, stored and used, even beyond the end of the browser session. You can revoke this consent at any time by activating the browser setting to refuse third-party cookies.

b) Matomo Analytics

This website uses the open source web analytics service Matomo.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. F GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. A GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

c) YouTube with enhanced data protection

This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de. The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

d) Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages featuring a Vimeo video, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors. The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". You can find details here: https://vimeo.com/privacy. Further information on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy.

e) OpenStreetMap

We use the OpenStreetMap (OSM) map service.

We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John's Innovation Center, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a safe third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. Among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

f) List of cookies

The following is a complete list of the cookies that we use or will use on this website, including information about their use and expiry.

Provider	Name of the cookie	Category	Purpose and procedure
museumspass.com	tarteaucitron	Necessary	Used to manage user's cookies preferences.
museumspass.com	_pk_id	Necessary	Used to store a few details about the user such as the unique visitor ID
museumspass.com	_ga	Statistics	Used to store and count pageviews.
hcaptcha.com	hmt_id	Necessary	Used for strictly necessary anonymous service-related statistics and other technical purposes such as accessibility assistance
recaptcha.net	GRECAPTCHA	Necessary	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
gstatic.com	rc::a	Necessary	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their web site.
gstatic.com	rc::b	Necessary	This cookie is used to distinguish between humans and bots.
gstatic.com	rc::c	Necessary	This cookie is used to distinguish between humans and bots.
gstatic.com	rc::f	Necessary	This cookie is used to distinguish between humans and bots.
yumpu.com	ypsession	Preferences	Stores a unique ID string for each chat-box session . This allows the website-support to see previous issues and reconnect with the previous supporter.
yumpu.com	yumpu_slc	Preferences	The cookie determines the preferred language and country-setting of the visitor - This allows the website to show content most relevant to that region and language.
yumpu.com	ypsitetrack	Statistics	Used to implement blog or article content onto the website from other web sites. This implemen tation also allows the origin-website to track on the website.
imagazine.advertserve.com	AVP_UUID	Marketing	Collects data on user behavior and interaction in order to optimize the website and make advertisement on the website more relevant.
imagazine.advertserve.com	AVPUID	Marketing	Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third party advertisement hubs, which facilitate real-time bidding for advertisers.
google.com	SOCS	Preferences	Used to keep track of user's cookies preferences.
google.com	CONSENT	Preferences	Used to keep track of user's cookies preferences.
google.com	NID	Marketing	Used to show Google Ads in Google services to offline users.
google.com	AEC	Security	Ensures that requests made during a browsing session originate from the user and not from other sites. These cookies prevent malicious sites from usurping the user's identity and acting without his or her knowledge.
livestorm.co	ps_mode
livestorm.co	didomi_token
livestorm.co	mutiny.defaultOptOut
vimeo.com	Vuid	Statistics	Used to store the user's usage history.
vimeo.com	player	Preferences	Used to save the user's preferences when playing embedded videos from Vimeo
vimeo.com	__cf_bm	Necessary	is part of Cloudflare's Bot Management service and helps mitigate risk associated with spam and bot traffic.
airtable.com	AWSALBCORS	Necessary	Amazon Web Services set this cookie for load balancing.
airtable.com	__Host-airtable-session	Necessary	This cookie is used to enable us to integrate the services of Airtable.
airtable.com	__Host-airtable-session.sig	Necessary	This cookie is used to enable us to integrate the services of Airtable.
airtable.com	AWSALB	Necessary	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
airtable.com	brw	Necessary	Used for session ID for debugging.
youtube.com	CONSENT	Statistics	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
youtube.com	VISITOR_INFO1_LIVE	Necessary	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
youtube.com	VISITOR_PRIVACY_METADATA
api2.hcaptcha.com	__cflb	Necessary	This cookie is used by Cloudflare for load balancing.
wideo.co	langID

9. social media plug-ins

We use the social plug-ins below on our website to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. Data processing in connection with these plug-ins takes place when you use these plug-ins with your consent.

If you use the services of these social networks independently of or in connection with our website, the social networks will evaluate your use of the plug-in. In this case, information about the plug-in is forwarded to the social networks.

a) Facebook

Our website uses plug-ins from the social network Facebook, which is offered by Meta Platforms, Inc, 1601 Willow Road Menlo Park, CA 94025, USA. The Facebook plug-ins are marked with a Facebook logo or the addition "Like" or "Share". An overview of the Facebook plug-ins and their appearance can be found at: https://developers.facebook.com/docs/plugins.

When you visit a page on our website that contains such a plug-in, your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page.

Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook profile. If you interact with the plug-ins, e.g. by clicking the "Like" button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information: www.facebook.com/policy.php.

b) Twitter

Plug-ins from the short message network Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA, are integrated on our website. You can recognize the Twitter plug-ins ("Tweet" button) by the Twitter logo and the addition "Tweet". When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter button while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to associate your visit to our website with your user account.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. You can find more information on this here: http://twitter.com/privacy.

c) LinkedIn

Plug-ins from the social network LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, California 94085, USA, are installed on our website. You can recognize the LinkedIn plug-in ("LinkedIn Recommended" button) by the LinkedIn logo. When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our site with your IP address. If you click on the LinkedIn button while you are logged into your LinkedIn account, you can link the content of our pages to your LinkedIn profile. This allows LinkedIn to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. You can find further information at: www.linkedin.com/legal/privacy-policy.

10. e-mail communication and newsletters for advertising purposes

If you sign up for our newsletter, we will use your email address to send you information about our services as well as other commercial communications (e.g. announcements of events, competitions, promotions and surveys) that may be of interest to you. You can unsubscribe from such newsletter emails at any time by clicking on the highlighted "Unsubscribe from this list" link at the bottom of each email or by contacting us directly by email at info@museumspass.com.

11. No automated decision-making, including profiling, with legal effect

We will not make any decision about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you

12. security

The MPM has implemented organizational and technical measures to safeguard the security of personal data and to protect it against unauthorized or unlawful processing, accidental loss, alteration, disclosure or access.

The MPM may use third parties as data processors to collect and process your personal data. The data processors we engage will only process your personal data in accordance with our instructions and are required by law to take strict security precautions when handling personal data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. For this reason, you are always free to transmit your personal data to us by other means, e.g. by telephone. Once we have received your data, we apply strict procedures and stringent security measures to prevent unauthorized access.

13. privacy policy of third-party providers

Please note that if you click on the link to a third-party website (e.g. Livestorm or social media or other websites), you will be redirected to a website that we do not control and our Privacy Policy will no longer apply. Your browsing and interaction on another website is subject to the terms of use and privacy policies and notices of those third party websites. In addition, we cannot guarantee the accuracy and timeliness of these links.

We encourage you to carefully read the terms of use and privacy policies and notices of other websites before submitting any personal data through this website. We are not responsible or liable for the information content and data processing of such third-party websites.

14. children

Our website is not intended for children and we do not knowingly collect personal data from children under the age of 16 unless we have the express consent of their parents. If we are notified or otherwise become aware that personal data relating to a child under the age of 16 has been improperly collected, we will take all reasonable steps to delete that personal data

15. what are your rights

You can request information from MPM as to whether personal data concerning you is being processed. In addition, you have the right to request the rectification, erasure or restriction of personal data concerning you and to object to the processing of your personal data.

If the processing is based on your consent or our legitimate interests, you can withdraw your consent or object to this processing at any time by contacting us directly by email at datenschutz@museumspass.com. In certain cases, you have the right to receive personal data generated when using online services in a structured, common and machine-readable format, so that further use and transmission to any third-party provider is possible.

Requests in this regard should be sent to the MPM via the following email address: datenschutz@museumspass.com. The MPM reserves the right to restrict your rights within the framework of applicable law and, for example, not to disclose comprehensive information or delete personal data.

If we reject your request or you are not satisfied with our processing, you are also entitled to lodge a complaint with the competent supervisory authority and to seek a judicial remedy with the competent authority. For users based in Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC) (www.edoeb.admin.ch). For users based in EU countries, you can find a list of supervisory authorities at
https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

16. changes to the privacy policy

The MPM reserves the right to amend, supplement or otherwise change this privacy policy at any time and without giving reasons. The current personal data protection declaration as published on the portal shall apply.