We appreciate your visit to our website. Your privacy is an important concern for us. On the following pages, we would therefore like to inform you about how we handle your personal data and about your rights as a data subject under the General Data Protection Regulation (hereinafter abbreviated as “GDPR“). Your personal data is processed exclusively within the framework of the legal provisions of data protection law, in particular the GDPR.
A. Controller / Contact
The controller according to the GDPR is:
If you have any questions or suggestions regarding data protection, please feel free to contact us.
B. Our processing principles
First, in this section B, we explain to you the principles on which we base all processing operations on this website. These principles apply to all subsequent statements. If we provide more specific information on individual data processing operations, this information will apply in addition to our principles.
1. General information on the purposes
The processing of personal data that you provide to us or that we otherwise collect about you
serves the following purposes, among others:
- To deliver the website and to ensure the functionality of the website and the security of the information technology systems,
- To process orders and payments,
- To improve the website and our services,
- To answer your questions and provide appropriate customer services,
- To send you our newsletter,
- To carry out various internal business measures, e.g. controls, monitoring and
preventive measures to protect against fraud attempts,
- For the implementation of your rights by us and so that we can provide proof of this.
2. General information on the legal basis
Our data processing is only carried out for specific, previously defined and legitimate purposes and only takes place on the basis of a legal permission. We process personal data only with your consent (Article 6(1)(a) GDPR), for the performance of a contract to which you are a party, or at your request to carry out pre-contractual measures (Art. 6(1)(b) GDPR), to comply with a legal obligation (Art. 6(1)(c) GDPR) or if the processing is necessary to protect our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, override (Art. 6(1)(f) GDPR).
3. Duration of storage
As soon as we achieve the intended purpose of the data processing, we delete your personal data. Beyond that, we only store data if legal exceptions exist, for example according to Art. 17(3) GDPR. This becomes particularly important in connection with the fulfillment of statutory retention obligations and with the assertion, exercise or defense of legal claims. Such statutory retention obligations may arise in particular from commercial or tax law provisions (§ 257 HGB, § 147 AO). From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In other respects, we will retain personal data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose or withdraw your consent.
4. Categories of recipients of the data
A transfer of data only takes place if there is a legal basis according to Art. 6(1) GDPR and/or in the context of a so-called "data processing agreement" according to Art. 4 No. 8, 28 GDPR. This includes, in particular, service providers that we commission in the course of carrying out data processing, for example IT and software service providers that carry out data processing on the website for us (e.g. the web host of our website). In this context, a processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to postal and delivery services or logistics services, house bank, tax advisor or the financial administration. If required, we can provide you with a specific list of recipients.
5. Transfer and processing of data in third countries
We - or in the case of a data processing agreement, our service providers - generally only process personal data in countries within the EU or the European Economic Area that are subject to the scope of the GDPR. By way of exception, personal data will only be transferred to all other countries (so-called "third countries") if we can guarantee an adequate level of data protection in accordance with Art. 44 GDPR, for example, if a so-called "adequacy decision" of the European Commission exists, through the use of the "EU standard contractual clauses" or through other appropriate guarantees to ensure an adequate level of data protection in accordance with Art. 46 GDPR. Unless otherwise specified below, we use the EU standard contractual clauses for transfers of personal data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal- content/DE/TXT/?uri=CELEX%3A32010D0087. In addition, a transfer to a third country pursuant to Art. 49(1)(a) GDPR may take place if you have expressly consented to the data transfer after you have been informed about the potential risks to you of such data transfers without the existence of an adequacy decision and without appropriate safeguards.
C. Your rights as a data subject
As a data subject, you have the following rights:
Right of access to personal data: In accordance with Art. 15 GDPR, you can request information from us about whether and, if so, to what extent we process or do not process your personal data, including any recipients and the planned storage period.
Right to get notified: You can demand that we correct your data - insofar as the legal requirements are met - in accordance with Art. 16 GDPR.
Right to erasure: You can demand that we delete your data - insofar as the legal requirements are met - in accordance with Art. 17 GDPR.
Right to restriciton of processing: You can demand that we restrict the processing of your data - insofar as the legal requirements are met - in accordance with Art. 18 GDPR.
Right to data portability: If you have provided us with data on the basis of a contract or consent, you may, if the legal requirements under Art. 20 GDPR are met, request that you receive the data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.
Withdrawal of consent: If you have given us your consent to the processing of your data pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, you may withdraw this consent at any time pursuant to Art. 7(3) GDPR with effect for the future. The lawfulness of the processing of your data until the withdrawal remains unaffected.
The right to lodge a complaint with a supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the data protection authority responsible for your place of residence or your country or the data protection authority responsible for us. You can find the supervisory authority responsible for you under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
D. Right to object
In accordance with Art. 21 GDPR, you have the right to object at any time to data processing by us on the basis of Art. 6(1)(e) or (f) GDPR for reasons arising from your particular situation. If you exercise your right to object, we will stop processing your data unless we can prove - in accordance with the legal requirements - compelling legitimate grounds for further processing which override your rights or the processing serves to assert, exercise or defend legal claims. If we process data for the purpose of direct marketing, including any profiling, you may object to this processing at any time. We will then refrain from any further processing for these purposes. If we process data for scientific, historical research or statistical purposes pursuant to Art. 89(1) GDPR, you have the right to object on grounds relating to your particular situation to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out in the public interest.
Your contact with us an the exercise of your rights: You can contact us free of charge if you have any questions about the processing of your personal data, your data subject rights and any consent you may have given. To do so, please contact us using the contact details provided above.
E. Data processing in the log file
During the purely informative use of our website, the browser you use automatically transmits the following information to the server of our website, which is temporarily stored in a so-called "log file":
- the abbreviated and thus anonymised IP address of the requesting computer,
- information about the browser type and version used and, if applicable, the operating system of your computer,
- the user's internet service provider,
- date and time of access to our website,
- the website from which the user accessed our website (so-called "referrer URL"), and
- Pages on our website that the user accesses.
You are not contractually or legally obliged to provide the data. However, the provision of the data may be necessary for a possible future conclusion of a contract. In the event that the data is not provided, you will not be able to use our website to its full extent.
1. Purpose and legal basis
By processing this data, we pursue the purpose of optimising and adapting our offers and contents on the website to meet the needs of you and other visitors. This is legitimised in accordance with the legal basis pursuant to Art. 6 (1)(b) GDPR and Art. 6 (1)(f) GDPR, as we have a legitimate interest in demand-oriented and adapted (in particular visual) optimisation. In addition, we aim to administratively maintain the website in terms of connection establishment and system security and stability. We also have a legitimate interest in this according to Art. 6(1)(f) GDPR.
2. Other recipients of this data
The above data is received by our website service provider (so-called web hoster) for the purpose of providing the website as a processor.
3. Duration of storage
The data is deleted when the purpose is achieved. This is generally the case after a few days. Beyond this period, storage or other processing only takes place in such a way that the IP addresses of the users are deleted after the expiry of the aforementioned storage period or are changed in such a way (e.g. by anonymisation or pseudonymisation) that an allocation of the log data to an IP address and thus to the user is no longer possible.
4. Possibility of objection and removal
Please note that you may have the right to object. As a rule, however, we will be able to prove compelling reasons for the processing (system security and stability), so that a right of objection is generally excluded.
F. Contact form and e-mail contact
We offer you the possibility to contact us via our contact form on our website. In any case, the IP address of the user and the date and time of sending your message will be stored as part of the contact. We collect and store the following personal data as mandatory data (marked with a " * " as a mandatory field): name, e-mail address and your message. If you decide to contact us via the e-mail address provided on our website, we will store your e-mail address as well as any other data (voluntarily) provided by you. Data will only be passed on to third parties if this is necessary to process your request. You are neither contractually nor legally obliged to provide the data. All data fields marked as mandatory are required to process your request. If you do not provide the data, we will not be able to process your request.
1. Purpose and legal basis
We process the aforementioned data for the purpose of processing your request. Other data is only processed for technical or security reasons (for example, prevention of misuse and ensuring our system security). The legal basis is Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (fulfilment of a contract or pre-contractual measures) and with regard to the latter purpose Art. 6(1)(f) GDPR, as we have a legitimate interest in the integrity of our website.
2. Other recipients of this data
The above-mentioned data, which is transmitted by the browser you use when you call up the page, is received by our website service provider (so-called web hoster) for the purpose of providing the website as a processor.
3. Duration of storage
All aforementioned data will be deleted as soon as we have processed your request and further clarification is no longer necessary. The deletion is subject to any obligations and rights.
4. Possibility of objection and removal
Once you have contacted us, you can withdraw your request and object to further processing of the data at any time.
1. Purpose and legal basis
We distinguish between technically necessary cookies, which are mandatory for the use of the website, and optional cookies for tracking and analysis purposes as well as for marketing purposes.
a) Technically necessary cookies
The use of technically necessary cookies is necessary to ensure the proper and secure operation of our website and its functionalities. Essential cookies are used for the following purposes:
- To enable functions of the website,
- To store the setting of your privacy preferences,
- To enable the completion of forms,
- To save your choices in the shopping basket,
- To secure the registration process.
The processing of personal data through technically required cookies is based on Art. 6(1)(b) GDPR, insofar as a corresponding contractual relationship is the basis. In addition, Art. 6(1)(c) GDPR serves as the legal basis, insofar as the processing is necessary for the fulfilment of a legal obligation, and otherwise on Art. 6(1)(f) GDPR. In this context, our legitimate interest results from the described purposes of use of our cookies as well as ensuring the technical operation of our website. These cookies are automatically set when you call up our site or a specific function, unless you have deactivated the setting of cookies in your terminal device and/or internet browser.
b) Tracking and analysis cookies
Cookies for analysis purposes are used to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. They are partly set by third-party providers. These cookies enable us to automatically recognise that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time. We also use the session cookies, among other things, to analyse the surfing behaviour of users on our website. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer. Analysis cookies are used, for example, to:
- Adapt content to the needs of users,
- To be able to understand which content is of particular relevance to users and to improve the content on the website based on this,
- To be able to measure the reach.
The processing of personal data by means of analysis cookies takes place exclusively with your consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.
c) Marketing cookies
Marketing cookies are used to provide you with interest-based content and advertisements. These cookies are sometimes set by third-party providers. Accordingly, they receive information about your use of our website and may combine this information with further data. In this context, the display of advertisements on the websites of our marketing and social media partners is based on an analysis of your previous usage behaviour on our website. We use marketing cookies, for example, to:
- Play advertising content that may be of interest to you,
- Target users with information that may be relevant and thus optimise marketing communications with our website visitors.
The processing of personal data through marketing cookies takes place exclusively with your consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.
Please note that the functionality and scope of functions of our website may be limited if you block cookies or do not give your consent to the setting of cookies.
2. Duration of storage and deletion periods
Session cookies are only stored by your browser for the duration of your browser session and are deleted when you close the browser. Persistent cookies remain stored for a longer period of time (14 months) on the terminal device you are using.
3. Possibility of objection and removal
You can also prevent the use or storage of certain cookies on your terminal device by making the appropriate settings on your terminal device and/or your internet browser. You can select "do not accept cookies" in your internet browser settings. In addition, you can also block cookies using free internet browser add-ons. You can delete stored cookies at any time in the system settings of your end device and/or internet browser.
4. Services used and third party providers
However, in the event that IP anonymisation is activated on this website, your IP address will be shortened and anonymised by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area prior to transmission (so-called "IP masking"). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. However, under no circumstances will your IP address be merged with other Google data. The processing of personal data is carried out exclusively with your consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.
As an alternative to the options listed under 3., you can specifically deactivate the use of Google Analytics cookies by means of an internet browser add-on. You can download this here: http://tools.google.com/dlpage/gaoptout?hl=de. This will save a so-called "opt-out" information on your end device, which serves to assign your deactivation of Google Analytics. Alternatively, you can also set an opt-out cookie. Setting an opt-out cookie has the effect of preventing the future collection of your data by Google Analytics when you visit this website. However, if you delete your cookies in the future, this will result in the opt-out cookie also being deleted and you may have to activate it again.
The data on user actions are stored for a period of 14 months and then automatically deleted.
When using Google Analytics, a transfer of the processed data by Google Ireland Limited to the USA or other third countries cannot be excluded. The transfer takes place on the basis of appropriate safeguards in the form of the EU standard contractual clauses for the transfer of personal data to processors in third countries. Google has made a commitment to us to ensure that Google LLC complies with its obligations under the said standard contractual clauses with respect to such transfers.
For more information on Google's data use, settings and opt-out options, please click here:
H. Integration of third-party content and videos
Videos are embedded on our website via vimeo.com. This is a service of Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA ("Vimeo") for which Vimeo processes your data for its own purposes and not on our behalf. For this purpose, a connection to Vimeo's servers in the USA is established. This transmits certain information (e.g. your IP address) to Vimeo. It is also possible that Vimeo places cookies on your end device. We are not aware of the type and scope of the data collected by Vimeo and have no influence on the use of your personal data by Vimeo. Through the integration, Vimeo can also receive the information that your browser has accessed the corresponding page of this website, even if you do not have a user account with Vimeo or are not logged in to Vimeo.
For more information on the collection and use of your personal data by Vimeo and your rights in this regard, please refer to Vimeo's privacy statement at https://vimeo.com/privacy.
The USA is a third country and data may be stored on a server in the USA. There are currently no suitable guarantees in accordance with Art. 46 GDPR, so that a data protection-compliant transfer and processing of your data in accordance with the GDPR in the USA is not ensured. Please note that, among other things, investigating authorities in the USA may have access to this data under certain circumstances.
1. Use of our webshop
In order to use the order function of our webshop, we need data to carry out the order process. Mandatory data is marked as such (name, address, e-mail address, telephone number), other information is voluntary. We process the data you provide to process your order. In addition, you can use the payment method of your choice, for which data input is also required. The legal basis for this is Art. 6(1)(b) GDPR. You are neither contractually nor legally obliged to provide the data. The processing of the data marked mandatory is required to process your order. In the event that the data is not provided, we will not be able to process your order.
2. Entering data for payment and production and logistics service providers
In order to process the order, we use service providers for payment, production and shipping transactions within the framework of our webshop.
The production and delivery of the art prints is carried out by Whitewall Media GmbH, Europaallee 59, 50226 Frechen. For this purpose, we transmit your name, delivery address, email address and telephone number. This is done on the legal basis of Art. 6(1)(b) GDPR (fulfilment of contract) and Art. 6(1)(a) GDPR (consent).
For more information, you can also access WhiteWall's privacy statement at: https://www.whitewall.com/de/datenschutzerklaerung.
We have integrated a plugin from PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg) for the processing of payments. Payments are processed via your personal PayPal account.
If you decide to use the payment service provider PayPal, we transmit your order data to PayPal, usually i.e. first name, surname, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing and that you have provided to us. This is covered by Art. 6(1)(b) GDPR, as our purpose is to be able to process the order completely.
Please note that PayPal is its own data controller in the sense of the GDPR and that data may be passed on by PayPal to its own partners. PayPal is also responsible for obtaining consent for certain data transfers (such as for credit checks). For more information, please visit PayPal's privacy statement at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
c. Wix Payments
You can also use the payment provider Wix Payments from Wix.com, headquartered in Tel Aviv, Israel, as part of the payment process. If you decide to use this payment provider, we will transmit your order data to, usually i.e. first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for the payment processing and that you have provided to us. This is covered by Art. 6(1)(b) GDPR, as our purpose is to be able to process the order completely.
As already communicated above, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after approximately three years, i.e. after expiry of any warranty and other rights. Your data will then only be used to comply with legal obligations.
To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted.