Privacy Policy „MOM“

In this Privacy Policy, we inform you about the processing of your personal data.

1. Controller

Responsible for the processing of your personal data is:

GMR – Global Media Registry gUG (haftungsbeschränkt)

Klingholzstrasse 7
65189 Wiesbaden

Germany

Managing Director: Olaf Steenfadt

E-mail: mom[at]mediaregistry.org

2. Data Protection Officer

You can reach our company data protection officer at:

GMR – Global Media Registry gUG (haftungsbeschränkt)

Klingholzstrasse 7
65189 Wiesbaden

Germany

E-mail: privacy[at]mediaregistry.org

3. Scope of data processing

We process personal data (Art. 4 no. 2 GDPR) in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and observe the provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) when you visit our Website www.mom-gmr.org and our country sub-pages (together "Website").

This is data that we collect using Cookies or similar technologies, that you transmit to us yourself or that we receive from third parties (e.g. Social Media providers). This includes the following information in particular:

We collect (technical) data about the device you use and your use of our Website. This includes the following information in particular:

• Information about the device you are using (e.g. model or type of device, operating system and version), your browser (type and settings of the browser), language setting; 
• Location data if you share it with us by activating your device's location services; otherwise information we can derive from your IP address, e.g. details of the region you are in when you access the Website or information about the internet provider you use;
• Identification data ("IDs"), such as device ID and data relating to Cookies (e.g. Cookie ID and session IDs), to retrieve recently viewed content;
• Access information (e.g. error codes, which pages you access, at what time, how often and how long you stay on a page and links you click on) from which we can deduce possible interests.

We receive this information when you access our services and from external third parties whose services you use as part of our online services.

We collect your identification and contact details when you contact us via E-mail or contact form on our GMR corporate page (www.mediaregistry.org). This data can include for example your surname, first name, E-mail address and telephone number.

We process the information you provide to us in the course of communications (e.g. via the contact form, by E-mail) and conversations.

4. Purpose of the data processing and legal basis

We process personal data for the following purposes:

We process your personal data in order to provide you our Website.

When you visit our Website, the browser used on your end device sends information automatically to our website server. This information is temporarily stored in a so-called logfile. The following information is collected without your intervention and stored until automatic deletion: IP address of the requesting computer, date and time of access, name and URL of the accessed file, Website from which the access was made ("Referrer URL"), the search engine you used, if applicable, the browser used and, if applicable, the operating system of your computer as well as the name of your access provider. Logfiles serve as a source of information for error analysis in the event of a system crash, allowing lost data to be reconstructed. They can also be used to analyse user behaviour.

The legal basis for this type of data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interests follow in particular from the following purposes:

• Ensuring a smooth connection of the Website,
• Ensuring a comfortable use of the Website,
• statistical analysis using a pseudonym in order to optimise our Website,
• Evaluation of system security and stability, and
• other administrative purposes.

We use Matomo On-Premise without Cookies for the purpose of web analysis. We host Matomo on servers of our host provider to ensure no data is being transferred to Matomo. Matomo uses config_id a randomly set, time-limited hash of a limited amount of settings and attributes of the visitor. This hash is a string of characters calculated for a visitor based on their operating system, browser, browser plugins, anonymised IP address and browser language. The config_id is only valid for a maximum of 24 hours and then changes, which means that the same visitor receives a different config_id every day. This enables us to analyse anonymised user behaviour on our Website, to optimise our Website and at the same time to protect your privacy. More information about the cookie-less usage of Matomo you can find here: https://matomo.org/faq/new-to-piwik/how-do-i-use-matomo-analytics-without-consent-or-cookie-banner/

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, our legitimate interest to provide you a user-friendly and Website. If you do not wish anonymised tracking to enhance user-experience, you can Opt-Out here.

Our Website also contains simple links to websites of Cooperating Partners or other resources published on the web. If you click on these links or buttons, you will leave our Website. The data processing on the Websites of Cooperating Partners or other external sites is governed by the Privacy Policies available there.

We further process personal data for the conclusion and implementation of contracts with Cooperating Partners, including the implementation of pre-contractual measures and the answering of enquiries in connection with our business relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

If you have given us your consent to process personal data for certain purposes (e.g. passing on data), this processing is lawful based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.

In addition, we process your data to protect the legitimate interests of us or third parties such as, in particular, in the following cases:

• responding to your enquiries outside of a contract or a pre-contractual measure (in particular if provided via the Website´s contact form),
• assertion of legal claims and defence in legal disputes,
• ensuring IT security and IT operations,
• prevention and investigation of criminal offences, and
• measures for business management and further development of our services.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to further develop our services or to protect ourselves against impairments and dangers and to enforce our claims.

In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. tax laws), which require the processing of data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR.

5. No obligation to provide personal data

If we ask you to provide personal data, you can of course refuse to do so. However, we may then not be able to provide certain functions of the Website or to answer your enquiries. This applies in particular if data is necessary for the establishment, implementation and termination of an agreement or if we are legally obliged to collect data.

6. Categories of recipients

Within our company those departments or individuals get access to your data that need it to fulfil our contractual and legal obligations.

We pass on your data to the recipients expressly named in this Privacy Policy and thus also to service providers of third-party Cookies. In doing so, we observe the legal requirements and, if necessary, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Furthermore, we share your data with the following categories of recipients if it is necessary for the fulfilment of a contractual relationship existing between you and us or for the implementation of pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR) or for the protection of legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) or due to a legal regulation:

• IT service providers, e.g. cloud, hosting, software as a service providers;
• Marketing and advertising service provider, especially in the field of E-mail marketing and for the placement of personalised advertisements;
• third parties involved in legal proceedings, provided that they submit a legal order, court order or equivalent legal disposition to us.

Where processing is necessary to protect legitimate interests, for example when using IT services, our legitimate interest is to outsource functions. In addition, we will only share your personal data with third parties, if required by law (Art. 6 para. 1 sentence 1 lit. c GDPR) or if you have given your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

7. International data transfer

For the processing of your personal data, we also use service providers located in third countries outside the European Union (EU) or the European Economic Area (EEA). These countries may have a lower level of data protection than within the European Union. In case of a data transfer to these countries, we will obtain the necessary safeguards to ensure that your data is processed as securely as within the EEA, e.g. by concluding EU Commission standard contractual clauses (SCC) within the meaning of Art. 46 para. 2 sentence 1 lit. c GDPR or by other measures provided for by law. You can request a copy of the measures taken by contacting us at the contact details provided above.

The service providers we use have been certified under the EU - U.S. Data Privacy Framework to ensure an adequate level of data protection for data transfers to the USA. You can view the certificates here https://www.dataprivacyframework.gov/list.

8. Storage duration and erasure

We and our service providers will process and store your personal data in accordance with applicable data protection law to the extent and for the duration necessary for the processing purposes set out in this Privacy Policy.

For the duration of a contractual relationship, this may also include, for example, the initiation and processing of a contract. It should be noted that, depending on the individual case, our contractual relationship may be a continuing obligation that lasts for years.

Logfiles are generally deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful. The storage period of Cookies depends on the individual case and is usually between twelve and 24 months. For more information, please visit our Cookie Preference Center. If we process your personal data based on your consent, we store your data for the period required to process your personal data in accordance with your consent.

In the case of contractual relationships, but also in the case of other claims under civil law, the storage period is also based on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code ("BGB"), are generally three years, but in certain cases can be up to thirty years. In addition, we are subject to various retention and documentation obligations, which result from the German Commercial Code ("HGB") and the German Fiscal Code ("AO"), among other things. The retention and documentation periods specified there are six years for correspondence in connection with the conclusion of a contract and ten years for accounting vouchers and business letters (Sections 238, 257 para. 1 and 4 HGB, Section 147 para. 1 and 3 AO).

9. Rights of the data subject

Insofar as you are affected by the data processing, you have the right of access (Art. 15 GDPR), the right of rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 BDSG apply. You also have the right to object to data processing (Art. 21 GDPR).

Your rights in detail:

• Right of access: You can request the confirmation as to whether and how we process your personal data. In particular, you have a right of access to your personal data and the information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, if possible the envisaged storage period, or, if this is not possible, the criteria for determining this period; the existence of a right to rectification or erasure of your personal data, to restriction of the processing or to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; the source of the data if the personal data has not been collected from you, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing. If we transfer personal data to a third country or an international organisation, you may also request information about the safeguards we have in place to protect your data. Your right to information may be limited in individual cases by national law (Sections 29 para. 1 sentence 2, 34 BDSG) and the rights and freedoms of others.
• Right to rectification: You may request the rectification of inaccurate personal data with undue delay or, taking into account the purposes of the processing, the completion of incomplete personal data – also by means of providing a supplementary declaration.
• Right to erasure: You have a right to immediate erasure of your personal data under certain circumstances, e.g. if your personal data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent and there is no other legal basis for the processing, or if you have objected to the processing of your data for direct marketing purposes. The right does not exist to the extent the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the exercise of a public power vested in us, or for the establishment, exercise or defence of legal claims. Your right to erasure may be limited in individual cases by national law (Section 35 BDSG).
• Right to restriction of processing: You may request the restriction of processing if you contest the accuracy of the personal data for the duration of the verification of the accuracy by us, if the processing is unlawful but you object to the erasure of your personal data, if we no longer need your personal data but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing.
• Right to data portability: You have the right to data portability, i.e. the right to receive and transmit the personal data you have provided to us in a structured, commonly used and machine-readable format, if we process your personal data on the basis of your consent or a contract and the processing is carried out by automated means.

If our processing of your personal data is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you may withdraw this consent at any time; the lawfulness of the data processing carried out on the basis of the consent until withdrawal remains unaffected by this.

To assert your rights and for further questions on the subject of personal data, you can contact us at any time using our contact details above (see Section 1).

Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Section 19 BDSG).

10. Data security

We transmit your personal data securely by using encryption. We use the SSL (Standard Security Layer) coding system for this purpose. Furthermore, we secure the Website and other systems through technical and organisational measures against loss as well as destruction, access, modification, or distribution of your data by unauthorised persons.

11. No automated decision-making in individual cases

For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use this procedure in individual cases, we will inform you of this separately if this is required by law.

Status: 16.01.2025