99artfairs GmbH takes the protection of personal data very seriously. In the following, we show which data we collect, process and use when you visit our website or in the case of an order in our online shop, when and for what purposes.
1. Responsible Person and Contact for Data Protection Concerns
The person responsible in accordance with Article 4 sec. 7 of the European General Data Protection Regulation (GDPR) is 99artfairs GmbH, Ohmstr. 22, 80802 Munich. You can reach us at any time by post or by e-mail to firstname.lastname@example.org.
If you have any concerns about data protection, you can contact us at any time, e.g. by e-mail to email@example.com or at our postal address with the addition “Privacy”.
2. Your rights
You have the following rights to us with respect to the personal data concerning you:
- Right of access (Art. 15 GDPR),
- Right to rectification (Article 16 GDPR),
- Right to erasure (Art. 17 GDPR; “Right to be forgotten”),
- Right to restrict processing (Art. 18 GDPR),
- Right to object to the processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
You also have the right to complain to a data protection supervisory authority in the Member State of your place of residence, your place of work or the place of alleged breach of your personal data by us if you believe that your personal data has been processed by the processing of personal data concerning you is unlawful.
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The legality of the processing of your data until revocation remains unaffected by this.
For the assertion of your rights or other data protection concerns, you can contact us at any time via the contact channels mentioned in section 1 above and/or the contact routes listed in our imprint.
3. Supplementary Note to your Right to Object
In addition, we would like to point out that insofar as the processing of your personal data takes place on the basis of the legitimate interest in the context of the balance of interests in accordance with Art. 6 sec.1 sentence 1 f) GDPR and/or your personal data is processed for direct marketing purposes, you have the right at any time to object to the processing of your personal data.
4. Purposes and legal bases for the processing of your personal data
We only process your personal data if you place an order with us, use one of the services offered on our website, you have expressly consented to the processing of your personal data or if you have on our part, there is a legitimate interest in the processing of your personal data.
These are specifically the processing (s) described below:
We use a contact form to subscribe to our email newsletter. Through this medium we inform you at irregular intervals about events and offers of UNPAINTED.
Here we ask for your first and last name, your email address, your city, your language (German/English) and your institution.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time by clicking on the link “unsubscribe” at the end of the newsletter or with a personal info that you can read the newsletter no longer wish to receive reply. The legal basis for the processing described above is Art. a) GDPR (processing based on the consent of the data subject).
b. Registration for our online shop / member area
In order to place an order in our online shop, you need to register in the first place for our online shop. Registration requires the following information: first name, last name, e-mail address, address and a password chosen by yourself. With this data, a user account for our online shop is created for you.
The user account is also used to give you access to digital artworks you have purchased in your dedicated member area.
The legal basis for the processing described above is Art. b) GDPR (processing is required for the performance of a contract).
c. Order in our online shop
If you wish to place an order on our website, in addition to the data requested during registration, as well as (for physical works of art sent to you by post), the indication of your address and bank details (depending on the selected payment method).
We process this data in order to be able to carry out the order of the desired goods in accordance with the contract, to confirm your order by e-mail and to order complaints or to process your customer service requests. The legal basis for the processing described above is Art. b) GDPR (processing is required for the performance of a contract).
When you contact us by e-mail, post or telephone to the contact channels listed in the imprint, the data you provide (e.g. your e-mail address and your name as well as the content of your request) stored by us in order to answer your questions or To process and answer your request.
We delete the data in this context after storage is no longer necessary (usually after your request has been fully satiscated), or restrict processing if there are legal retention obligations. The legal basis for the aforementioned processing is, depending on the content of your request, Art. f GDPR (processing is necessary to safeguard the legitimate interests of the controller).
e. Obligation to provide personal data
If you wish to use the services offered, you must provide the personal data required for that service. If you do not provide us with this information, we will not be able to provide you with the requested service, in particular to process your registration or order.
f. Non-existence of automated decision-making
Please note that when you use our website and use our services, you will not be subject to a decision based solely on automated processing, including profiling, that is has legal effect on you or significantly affects you in a similar manner.
5. Data transfer to third parties/recipients, use of service providers
We will only pass on or transmit your personal data to third parties if this is necessary for the fulfilment of the contract with you, there is a legitimate interest on our part, you have given your consent to this and/or if we are obliged to do so by law or by means of official or judicial orders. Your personal data will be transmitted by us to third parties in the cases described below and for the purposes described below.
In order to be able to offer you a selection of different payment methods in our subscription shop, we use external payment service providers. Depending on the payment method you choose in the booking process, we pass on the data collected for processing payments, such as bank details or credit card details, to the credit institution commissioned with the payment or to the payment service provider commissioned by us. Insofar as the integrated payment service providers collect data themselves (e.g. PayPal), the respective payment service manager/payment provider is responsible for the data collected in the context of payment and additionally applies the data protection provisions of the respective payment service provider. The legal basis for the transfer is Article 6(1) of the 1 lit. (b) GDPR (processing is required for the performance of a contract).
In addition, we use service providers that provide services to us in connection with web hosting and also use cloud- or web-based third-party software solutions that enable us to provide personal data in the cloud with third-party service providers. manage and host to relieve the burden on our own servers and work effectively with new software solutions. We have concluded order processing agreements with the respective service providers, which ensure that the respective service providers do not process the data for their own purposes, but only within the scope of our instructions and on our behalf. The legal basis for the use of service providers is Art. f) GDPR (processing is necessary to safeguard the legitimate interests of the controller) in conjunction with Article 28 GDPR (order processing).
Some of the service providers we use who process personal data for us on our behalf and under our instructions as a so-called processor in accordance with Article 28 GDPR are located outside the EU/EEA. Before transmitting data to processors outside the EU/EEA, we ensure that the processor has an adequate level of data protection. This results, for example, for processors in countries such as Canada and Israel from an adequacy decision of the EU Commission (so-called safe third countries), for processors in the USA from self-certification in accordance with the EU-US Privacy Shield and for other processors by concluding the EU standard contractual clauses before the processing by the respective processor begins.
6. Storage Period and Deletion of Data
Even without a special request, we naturally fulfil our obligations to delete personal data (e.g. in accordance with Article 17 GDPR) and therefore only store data for as long as it is required for the provision of the requested service or the respective purpose is required.
Please note, however, that the deletion is replaced by a blocking or restriction of processing, insofar as a deletion is precluded by legal retention obligations, which we must fulfil. For example, in accordance with the legal provisions of Section 257 of the German Commercial Code (HGB), we must retain contractual communications with you in connection with subscription orders for a period of up to ten years.
7. Log files/ Information Provided by your Browser
Every time you use the Internet, your internet browser automatically transmits certain information, which we store in so-called log files. This is the following data required to show you our website and to ensure stability and security: IP address (Internet protocol address), date and time of the request, content of the request (concrete page), access status/HTTP status code, amount of data transferred, website from which the request originates, browser, operating system and its interface, language and version of the browser software. We cannot draw conclusions about individual persons on the basis of this data. For reasons of technical security, e.g. to prevent attacks on our web server, this data is stored by us for a short period of seven days and then deleted. The legal basis for the processing described above is Article 6(1) of the lit. f) GDPR (processing is necessary to safeguard the legitimate interests of the controller).
a. What are cookies?
When you use our website, cookies are stored on your computer or device (e.g. smartphone, tablet). Cookies are small text files that contain information about the use of our website (e.g. websites visited, number of visits, visit times, length of stay on individual pages, browser used, operating system used, etc.) on your computer or save to your device if you allow this via the setting of your browser. Cookies cannot run programs or transmit viruses to your computer.
In addition to cookies, so-called pixels (also called tracking pixels, tracking pixels or web beacons) are also used on our website. Pixels are small, invisible graphics that are embedded on the website and which can also be used to evaluate information about the use of our website by website visitors.
Cookies and similar technologies are used for the following purposes:
– For the user-friendly design of the navigation and use of our website, in particular by storing user preferences (such as search or language settings, shopping cart). These cookies are mandatory in order to be able to provide you with our offer.
-For statistical evaluation and analysis of the usage behavior (e.g. visited (sub)pages, length of stay, etc.) of our users (so-called web analysis cookies). With the knowledge gained, we can continuously optimize and improve our website.
-For integrating video content and map functionalities.
The cookies, pixels and similar technologies we use do not store any personal data about you, but, depending on the cookie or pixel used, purely pseudonymous or anonymous usage data that cannot be assigned to you.
c. What cookies are set when you visit our website?
Aa. Types of cookies
Session Cookies: Session cookies are only stored on your computer or terminal device during your visit to our website and are automatically deleted after leaving our website. Session cookies are used, among other things, for the purpose of recognizing the user during the visit. Session cookies are also used to maintain security when visiting our website.
Permanent cookies: Permanent cookies remain stored on your computer or terminal device until their default “lifetime” expires or you delete them from your browser on your own. Permanent cookies are primarily used for the purpose of web analysis, for displaying interest-based advertising and for analysing and evaluating the effectiveness of advertising. The permanent first-party cookies we use (see below) have a lifespan of one or more days up to months or years, whereby the cookies we set usually have a maximum lifespan of approximately two years and then automatically deleted from your computer or terminal device.
First-Party Cookies and Third-Party Cookies: Whether a cookie is a first- or third-party cookie depends on which domain a cookie is set on your computer or device. First-party cookies are cookies that are set by the website that you see in your web browser in the address line. Third-party cookies, on the other hand, are cookies that are set by a domain other than the one the visitor is currently visiting.
Bb. Cookies used, pixels and similar technologies
a. Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc., USA (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We have activated IP anonymization (by extension “_anonymizeIp()) on this website, so that your IP address of Google can be used within Member States of the European Union or in other contracting states of the Agreement on the European Union. economic area in order to exclude personal redress. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage compared to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.
We use Google Analytics for the purpose of web analysis to analyze the use of our website by you. Through the statistics and insights gained, we can improve our offer and make it more interesting for you as a user.
You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
b. Google Maps
This website may have a link to Google Maps. Google Maps is a service provided by Google, Inc. (USA). The maps are integrated through a server call to Google in the USA, whereby requests are expected to be stored by Google. We have no influence on how Google uses this data.
We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011. When you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established and the plugin is displayed. This transmits to the Vimeo server which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account and deleting the corresponding cookies from Vimeo before using our website.
For more information about data processing and information on data protection by Vimeo, see https://vimeo.com/privacy.
d. Facebook links
On our pages we have integrated a link to the profile and page of UNPAINTED on the platform of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook links by the Facebook logo, or by the fact that there is explicitly “Facebook” in the link. We ourselves do not use Facebook plugins, but only these links. However, an overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
When you go from our pages on Facebook, Facebook recognizes that you are coming from our site, i.e. Facebook receives the information that you have visited our site with your IP address. If you are logged in to Facebook at the same time, Facebook can assign the visit to our pages to your user account.