New Media Art Archiving

1) Subject Matter of Data Protection and Legal Bases

2) Server log files

3) Contact by email

4) Cookies

9) Recipients of personal data

10) Data processing in third countries

11) Storage period and erasure

12) Your rights

13) Our Data Protection Officer

14) Security

15) Changes

Concerning the aspects relevant for data protection when using the website portal.daten.zkm.de (hereinafter also referred to as »Website«), we

      ZKM | Zentrum für Kunst und Medien Karlsruhe
      Stiftung des öffentlichen Rechts
      Lorenzstraße 19
      76135 Karlsruhe, Germany
      Germany
      Telephone: +49 (0) 721/8100-0
      Fax: +49 (0) 721/8100-1139
      Email: info@zkm.de

(Legal Notice) (hereinafter also referred to as »we« »us« or »ZKM«) in our capacity as Data Controller would like to provide you the following information. The processing of your personal data takes place exclusively in compliance with the legal provisions of data protection legislation of the European Union, in particular the EU General Data Protection Regulation (»GDPR«) and additionally the State Data Protection Act of Baden-Wuerttemberg (»LDSG BW«) as well as the Telecommunications Telemedia Data Protection Act (hereinafter referred to as »TTDSG«) and further legal provisions on data protection (hereinafter jointly referred to as »data protection laws«). If you like to inspect the GDPR yourself, you can access it on the internet at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679. The BDSG can be found on the internet using the following link: https://www.gesetze-im-internet.de/bdsg_2018/; the TTDSG can be found here: https://www.gesetze-im-internet.de/ttdsg/. This Privacy Policy only applies to our website, accessible on the newmediaartarchiving.org, NOT including subdomains. Other online presences of ZKM are solely subject to the data protection information that are available there. This Privacy Policy also does not apply to presences of ZKM on platforms of third parties such as, in particular, social networks (e.g. Facebook, Twitter, or Instagram), even if the website of ZKM contains links to such presences. The presences on these platforms are subject to the data protection information of the respective platform operator and any special data protection information provided there by ZKM. Apart from that, our notices below do not refer to third-party websites of third parties to which our website contains links. As regards the terms used, e. g. »personal data« or the »processing« thereof, their definitions are in accordance with Art. 4 GDPR.

1 Subject Matter of Data Protection and Legal Bases

The subject matter of data protection is the protection of personal data. Personal data is any information relating to an identified or identifiable natural person (»data subject«). Consequently, all data allowing for your personal identification such as your name, your address, your telephone number or your email address pertain to your personal data. Moreover, information necessarily arising from the use of our website such as start, end and scope of use or your IP address is also part of personal data. We only process your data if this is permitted by an applicable legal provision. We rely upon, inter alia, the following legal bases when processing your data:

Consent (part (a) of Art. 6(1) GDPR): We will only process certain data based on your prior, express and voluntary consent. You have the right to withdraw your consent with future effect at any time.
Performance of a contract or performance of pre-contractual measures (part (b) of Art. 6(1) GDPR): In particular in case of initiation and/or performance of a contractual relationship with ZKM, we need certain data from you.
Compliance with a legal obligation (part (c) of Art. 6(1) GDPR): Moreover, we process your personal data to fulfil statutory obligations, e.g. regulatory requirements or record-keeping requirements under commercial and tax law.
Safeguarding of legitimate interests (part (f) of Art. 6(1) GDPR): ZKM will process certain information for the safeguarding of its own or third-party interests. However, this only applies if your interests do not prevail on an indiidual basis.

Please note that this is not a complete or conclusive list of the possible legal bases, but that these are only examples to make the legal bases regarding data protection more transparent. More information on the legal bases of the individual data processing operations in the course of using our website is set out in the explanations under the sections below.

2) Server log files

When visiting our website, the following information on access can be stored:

IP address of the accessing end device,
name of the accessed website and file,
the http response code,
the website from which you visit our website (referrer URL),
date and time of the server request,
browser type and version,
operating system of the accessing end device used,
search term with which the website was found, for example through Google.

When accessing our website, corresponding information can be stored on your end device or corresponding information that is already stored on your end device may be accessed. The storage of information on your end device or the access to information already stored on your end device takes place on the basis of Section 25 (2) TTDSG, as such information is mandatorily required so that we can provide the telemedia service expressly requested by you (in this case: our website). Furthermore, we process such data on the basis of part (f) of Art. 6(1) GDPR for providing our website, for securing the technical operations as well as the security of our information technology systems. In this context, we seek to enable and maintain the use of your website and its technical functionality on a permanent basis. When accessing our website, such data will be automatically processed. You may not use our website without providing such information. We will not use such data to make conclusions as to your identity. The data collected automatically will generally be erased after its purpose no longer applies, as long as no other legal basis applies on an exceptional basis. If the latter is the case, we shall erase the data immediately once the other legal basis no longer applies. We cannot comply with an objection on your part to the collection and storage of your server log data, as such data is mandatorily required for the smooth operation of our website.

3) Cookies

We do not use any cookies to provide this website.

9) Recipients of personal data

We will only forward your personal data to external recipients if this is necessary to settle or process your inquiry, you have provided us with your consent, or another form of legal permission applies. In particular, the following can be external recipients.

Data processors: Those are service providers that we use for providing services, in the areas of technical infrastructure and maintenance of our website, for example. We carefully select and regularly audit such data processors to ensure that your privacy is maintained. Such service providers may use the data exclusively for the purposes stated by us and based on our instructions. We have the right, in observance of the legal requirements of Art. 28 GDPR, to use such data processors.
Public bodies: Those are authorities, public institutions and other bodies under public law, for example supervisory authorities, courts, state attorney offices or financial authorities. Personal data is only transferred to such public bodies for mandatory legally reasons. Point (c) of Art. 6(1) GDPR may be the legal basis of such a transfer.
Non-public bodies: Those are service providers and auxiliary agents to whom the data is transferred on the basis of a legal obligation or to safeguard legitimate interests, for example, tax consultants or auditors. The transfer then takes place on the basis of point (c) of point (f) of Art. 6(1) GDPR.

Data processing in third countries

To the extent we transfer your data to third countries outside the EU and/or the EEA pursuant to the above statements, we ensure before such transfer that apart from legally permissible exceptional cases, the recipient either has an adequate level of data protection or you consent to such a data transfer. An adequate level of data protection may be, for example, ensured by a certification of the recipient under the EU-U.S. Data Privacy Framework, by entering into EU Standard Contractual Clauses, or where so-called Binding Corporate Rules (BCR) apply. Please contact us via the communication channels stated under Section 13), in order to obtain a copy of the specific guarantees concerning the transfer of your data to third countries.

11) Storage period and erasure

We only store your personal data for the period required for fulfillment of the purposes or – in the event of a consent – as long as you do not withdraw your consent. In the event of an objection, we will no longer process your personal data, unless its further processing is permitted or mandatorily required in accordance with the relevant legal provisions (e.g. according to retention obligations under trade and tax legislation). We will also erase your personal data if we are obliged to do so for legal reasons. Apart from the above, please read the details about the retention period of your personal data in the respective statements in the above sections.

12) Your rights

As data subject affected by the data processing, you have the following numerous rights: In detail, these are:

Right of access (Art. 15 GDPR): You are entitled to request access to the data we store relating to you.
Right to rectification and erasure (Art. 16 and Art. 17 GDPR): You can request the rectification of incorrect data and - to the extent the statutory provisions are met - the erasure of your data.
Right to restriction of processing (Art. 18 GDPR): You can require us - to the extent the statutory provisions are met - to restrict the processing of your data.
Right to data portability (Art. 20 GDPR): If you have provided us with data based on a contract or a consent, you can demand, if all legal requirements are met, that you receive the data provided by you in a structured and commonly used format or that we transfer it to another controller.
Right to object to data processing based on legitimate interests (Art. 21 GDPR): You have the right to lodge an objection to our data processing at any time for reasons resulting from your specific situation to the extent such processing is based on legitimate interests within the meaning of point (f) of Art. 6(1) GDPR. If you make use of your right to object, we will cease processing your data, unless we can demonstrate compelling legitimate reasons for the further processing which override your interests.
Withdrawal of consent (Art. 7 GDPR): If you have given us your consent to the processing of your data, you can withdraw it at any time with effect for the future. A withdrawal shall not affect the lawfulness of the processing of your data up until the time of the withdrawal. If you wish to withdraw your consent to the use of specific cookies, please note the statements under Section 4) .
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You can additionally lodge a complaint with the competent supervisory authority if you are of the opinion that the processing of your data infringes applicable law. For this, you can contact the data protection authority competent for your place of residence, your workplace or place of the alleged infringement or the data protection authority competent for us. The supervisory authority for data protection competent for us is the State Officer for Data Protection of Baden-Wuerttemberg (www.baden-wuerttemberg.datenschutz.de).

In the case of questions on the processing of your personal data, on your rights as a data subject and any consent granted, our data protection officer is gladly at your disposal via the communication channels stated under Section 13). Please also contact our data protection officer directly if you wish to exercise your rights as a data subject. Of course, you can also contact the above data controllers for such purpose.

13) Our Data Protection Officer

We have appointed a corporate data protection officer. You can contact them as follows:

      Datenschutzbeauftragte des ZKM
      c/o V-Formation GmbH
      Stephanienstr. 18
      76133 Karlsruhe
      www.v-formation.de
      Telephone: +49 (0) 721/17029034
      Email: datenschutz@zkm.de

14) Security

We take technical and organizational measures to safeguard your personal data against accidental and deliberate manipulation, loss, destruction and access by unauthorized persons. These security measures are adjusted in accordance with the state of the art in each case. Your personal data transferred in the course of using our website is securely transferred by us using encryption technologies. In this context, we use the Transport Layer Security (TLS) encryption protocol, broadly known under its previous name Secure Socket Layer (SSL). We have imposed the obligation to maintain data secrecy upon our employees. 15) Changes From time to time, it may become necessary to adjust the contents of this Privacy Policy. Therefore, we reserve the right to change it at any time. To the extent that your consent is required for a change, we will obtain it from you. We will also post the changed version of the Privacy Policy here. If you visit our website again, you should therefore read the Privacy Policy again. Version: April 2024