1. Controller and contact for data protection concerns
The controller pursuant to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is 99artfairs GmbH (UNPAINTED), Ohmstrasse 22, 80802 Munich, Germany. You can reach us at any time by post or e-mail at email@example.com.
If you have any concerns about data protection, you can contact us at any time, e.g. by e-mail at firstname.lastname@example.org or at our postal address with the addition “Data Protection”.
2. Your rights
You have the following rights regarding personal data concerning you:
– Right to access (Art. 15 GDPR),
– Right to rectification (Art. 16 GDPR),
– Right to erasure (Art. 17 GDPR; “Right to be forgotten”),
– Right to limitation of processing (Art. 18 GDPR),
– Right to object to the processing (Art. 21 GDPR),
– Right to data transferability (Art. 20 GDPR).
You also have the right to complain about our processing of your personal data to a data protection supervisory authority in the Member State where you are located, at your place of work or at the location of the alleged infringement if you believe that the processing of your personal data is unlawful.
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The legality of processing your data until revocation remains unaffected by this.
You can contact us at any time via the contact channels listed in Section 1 above and/or the contact routes listed in our legal notice for the assertion of your rights or for other data protection concerns.
3. Supplementary note about your right of objection
We would also like to point out that if your personal data is processed on the basis of a legitimate interest within the scope of the balancing of interests pursuant to Art. 6 para.1 sentence 1 f) GDPR and/or your personal data is processed for the purposes of direct marketing, you have the right at any time to object to the processing of your personal data.
4. Purposes and legal bases of the processing of your personal data
We process your personal data once you register with us, use one of the premium services offered in our App, you have expressly consented to the processing of your personal data, or if we have a legitimate interest in processing your personal data.
These are specifically the processing operations described below:
d. Contact us
When contacting us via e-mail, post or telephone via the contact channels listed in the imprint, the data you provide (e.g. your e-mail address and your name as well as the content of your inquiry) will be stored by us in order to process and answer your questions or concerns.
We delete the data arising in this context after storage is no longer necessary (usually after your request has been completely dealt with) or restrict processing if there are legal storage obligations. Depending on the content of your request, the legal basis for the processing described above is Art. 6 para. 1 sentence 1 letter f GDPR (processing is required to safeguard legitimate interests of the person responsible).
e. Obligation to provide personal data
If you would like to take advantage of the services offered, you must provide personal data required for the respective service. If you do not provide us with this data, it will not be possible for us to provide you with the desired service, in particular to process your registration or order.
f. Non-existence of automated decision-making process
Please note that when using our website and the services offered on it, you will not be subject to a decision based exclusively on automated processing – including profiling – which will have legal effect on you or similarly significantly affect you.
4. Storage duration and deletion of data
Even without a special request, we of course comply with our obligations to delete personal data (e.g. according to Art. 17 GDPR) and therefore only store data for as long as is necessary for the provision of the desired service or the respective purpose.
Please note, however, that deletion of data will be replaced by a blocking or restriction of processing, insofar a deletion would be contrary to statutory storage obligations which we must fulfill. For example, in accordance with the statutory provisions in § 257 HGB (Handelsgesetzbuch) [German Code of Commercial Law], we must store contract-related communications with you in connection with orders for a period of up to ten years.
5. Data transfer to third parties/recipients, use of service providers
Your personal data resides on the UNPAINTED servers. They will only be passed on or transmitted by us to third parties if this is necessary to fulfill the contract with you, if there is a legitimate interest on our part, if you have granted your consent to this and/or if we are obligated to do so by law or by official or court orders. In the cases and for the purposes described below, we will transfer your personal data to third parties.
The UNPAINTED App runs on the Apple Appstore. Apple my process some of your data for the operation of the app.
In order to be able to offer you a selection of different payment methods in our App, we use external payment providers. Depending on which payment method you choose in the booking process, we will pass on the data collected for processing payments, such as bank details or credit card data, to the credit institution commissioned with the payment or to the payment service providers commissioned by us. Insofar as the integrated payment service providers partly collect data themselves (e.g. PayPal), the respective payment service provider/payment provider itself is responsible for the data collected within the scope of the payment and the data protection provisions of the respective payment service provider apply additionally. The legal basis for the transfer is Art. 6 Para. 1 Sentence 1 letter b) GDPR (processing is required to fulfill a contract).
In addition, we use service providers who provide services in connection with web hosting and also use cloud and web-based third-party software solutions that allows us to manage and host personal data in the cloud with external service providers in order to relieve our own servers and work effectively with new software solutions. We have concluded data processing agreements with the respective service providers to ensure that the respective service providers do not process the data for their own purposes, but only within the framework of our instructions and on our behalf. The legal basis for the use of the service providers is Art. 6 Para. 1 Sentence 1 letter f) GDPR (processing is required to safeguard legitimate interests of the responsible party) in conjunction with Art. 28 GDPR (Order Processing).
Some of the service providers who process personal data for us on our behalf and within the framework of our instructions as so-called contract processors pursuant to Art. 28 GDPR are located outside the EU/EEA. Before transferring data to processors outside the EU/EEA, we ensure that the processor has an adequate level of data protection. For contract processors in countries such as Canada and Israel, for example, this results from an adequacy decision of the EU Commission (so-called safe third countries), for contract processors in the USA from self-certification according to the EU-US Privacy Shield and for other contract processors from the conclusion of the EU standard contract clauses before the start of processing by the respective contract processor.
a. Facebook Connect / Google Connect
For registration, you can voluntarily use the respective service by Facebook or Google. These services exist for your convenience of not having to enter your personal data again in order to create an account with our App. By using Facebook Connect and Google Connect, you give Facebook Inc. and Google Inc., both USA, the permission to use the personal data from your existing accounts with those services. 99artfairs declines any responsibility for the protection of your personal data with third-party providers.
b. Use of Google Analytics
This App uses Google Analytics, a web analysis service of Google Inc., USA (“Google”). Google Analytics uses so-called “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies about your use of this website will generally be transmitted to and stored by Google on servers in the United States. We have activated IP anonymization on this website (through the extension “_anonymiZeip()), so that Google will shorten your IP address beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area, in order to exclude the possibility of personal references. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
We use Google Analytics for the purposes of web analysis to analyze your use of our website. The statistics and knowledge gained will enable us to improve our services and make them more interesting for you as a user.
We use Vimeo for the integration of videos among other things. Vimeo is operated by Vimeo, LLC headquartered at 555 West 18th Street, New York, New York 10011. If you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established and the plugin is displayed. By doing so, the Vimeo server will be informed which of our Internet pages you have visited. If you are logged in as a member at Vimeo, Vimeo will assign this information to your personal user account. When using the plug-in, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
For more information on data processing and information on data protection by Vimeo, see https://vimeo.com/privacy.
d. Facebook links
On each of our pages, we have integrated a link to the profile and to the UNPAINTED page on the platform of the social network Facebook, Provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook links by the Facebook logo or by the fact that there is explicitly “Facebook” in the link. We do not use Facebook plugins ourselves, only these links. You can find an overview of the Facebook plugins here if you are interested: .
When you go from our sites on Facebook, Facebook recognizes that you are coming from our site, i.e. Facebook receives the information that you have visited our page with your IP address. If you are logged in to Facebook at the same time, Facebook can assign the visit with our websites to your user account.