New Media Art Archiving
Table of Contents
1) Subject Matter of Data Protection and Legal Bases
2) Server log files
3) Contact by email
4) Cookies
9) Recipients of personal data
10) Data processing in third countries
11) Storage period and erasure
12) Your rights
13) Our Data Protection Officer
14) Security
15) Changes
Concerning the aspects relevant for data protection when using the website portal.daten.zkm.de (hereinafter also referred to as »Website«), we
ZKM | Zentrum für Kunst und Medien Karlsruhe Stiftung des öffentlichen Rechts Lorenzstraße 19 76135 Karlsruhe, Germany Germany Telephone: +49 (0) 721/8100-0 Fax: +49 (0) 721/8100-1139 Email: info@zkm.de(Legal Notice) (hereinafter also referred to as »we« »us« or »ZKM«) in our capacity as Data Controller would like to provide you the following information. The processing of your personal data takes place exclusively in compliance with the legal provisions of data protection legislation of the European Union, in particular the EU General Data Protection Regulation (»GDPR«) and additionally the State Data Protection Act of Baden-Wuerttemberg (»LDSG BW«) as well as the Telecommunications Telemedia Data Protection Act (hereinafter referred to as »TTDSG«) and further legal provisions on data protection (hereinafter jointly referred to as »data protection laws«). If you like to inspect the GDPR yourself, you can access it on the internet at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679. The BDSG can be found on the internet using the following link: https://www.gesetze-im-internet.de/bdsg_2018/; the TTDSG can be found here: https://www.gesetze-im-internet.de/ttdsg/. This Privacy Policy only applies to our website, accessible on the newmediaartarchiving.org, NOT including subdomains. Other online presences of ZKM are solely subject to the data protection information that are available there. This Privacy Policy also does not apply to presences of ZKM on platforms of third parties such as, in particular, social networks (e.g. Facebook, Twitter, or Instagram), even if the website of ZKM contains links to such presences. The presences on these platforms are subject to the data protection information of the respective platform operator and any special data protection information provided there by ZKM. Apart from that, our notices below do not refer to third-party websites of third parties to which our website contains links. As regards the terms used, e. g. »personal data« or the »processing« thereof, their definitions are in accordance with Art. 4 GDPR.
1 Subject Matter of Data Protection and Legal Bases
The subject matter of data protection is the protection of personal data. Personal data is any information relating to an identified or identifiable natural person (»data subject«). Consequently, all data allowing for your personal identification such as your name, your address, your telephone number or your email address pertain to your personal data. Moreover, information necessarily arising from the use of our website such as start, end and scope of use or your IP address is also part of personal data. We only process your data if this is permitted by an applicable legal provision. We rely upon, inter alia, the following legal bases when processing your data:- Consent (part (a) of Art. 6(1) GDPR): We will only process certain data based on your prior, express and voluntary consent. You have the right to withdraw your consent with future effect at any time.
- Performance of a contract or performance of pre-contractual measures (part (b) of Art. 6(1) GDPR): In particular in case of initiation and/or performance of a contractual relationship with ZKM, we need certain data from you.
- Compliance with a legal obligation (part (c) of Art. 6(1) GDPR): Moreover, we process your personal data to fulfil statutory obligations, e.g. regulatory requirements or record-keeping requirements under commercial and tax law.
- Safeguarding of legitimate interests (part (f) of Art. 6(1) GDPR): ZKM will process certain information for the safeguarding of its own or third-party interests. However, this only applies if your interests do not prevail on an indiidual basis.
2) Server log files
When visiting our website, the following information on access can be stored:- IP address of the accessing end device,
- name of the accessed website and file,
- the http response code,
- the website from which you visit our website (referrer URL),
- date and time of the server request,
- browser type and version,
- operating system of the accessing end device used,
- search term with which the website was found, for example through Google.
3) Cookies
We do not use any cookies to provide this website.9) Recipients of personal data
We will only forward your personal data to external recipients if this is necessary to settle or process your inquiry, you have provided us with your consent, or another form of legal permission applies. In particular, the following can be external recipients.- Data processors: Those are service providers that we use for providing services, in the areas of technical infrastructure and maintenance of our website, for example. We carefully select and regularly audit such data processors to ensure that your privacy is maintained. Such service providers may use the data exclusively for the purposes stated by us and based on our instructions. We have the right, in observance of the legal requirements of Art. 28 GDPR, to use such data processors.
- Public bodies: Those are authorities, public institutions and other bodies under public law, for example supervisory authorities, courts, state attorney offices or financial authorities. Personal data is only transferred to such public bodies for mandatory legally reasons. Point (c) of Art. 6(1) GDPR may be the legal basis of such a transfer.
- Non-public bodies: Those are service providers and auxiliary agents to whom the data is transferred on the basis of a legal obligation or to safeguard legitimate interests, for example, tax consultants or auditors. The transfer then takes place on the basis of point (c) of point (f) of Art. 6(1) GDPR.
Data processing in third countries
To the extent we transfer your data to third countries outside the EU and/or the EEA pursuant to the above statements, we ensure before such transfer that apart from legally permissible exceptional cases, the recipient either has an adequate level of data protection or you consent to such a data transfer. An adequate level of data protection may be, for example, ensured by a certification of the recipient under the EU-U.S. Data Privacy Framework, by entering into EU Standard Contractual Clauses, or where so-called Binding Corporate Rules (BCR) apply. Please contact us via the communication channels stated under Section 13), in order to obtain a copy of the specific guarantees concerning the transfer of your data to third countries.11) Storage period and erasure
We only store your personal data for the period required for fulfillment of the purposes or – in the event of a consent – as long as you do not withdraw your consent. In the event of an objection, we will no longer process your personal data, unless its further processing is permitted or mandatorily required in accordance with the relevant legal provisions (e.g. according to retention obligations under trade and tax legislation). We will also erase your personal data if we are obliged to do so for legal reasons. Apart from the above, please read the details about the retention period of your personal data in the respective statements in the above sections.12) Your rights
As data subject affected by the data processing, you have the following numerous rights: In detail, these are:- Right of access (Art. 15 GDPR): You are entitled to request access to the data we store relating to you.
- Right to rectification and erasure (Art. 16 and Art. 17 GDPR): You can request the rectification of incorrect data and - to the extent the statutory provisions are met - the erasure of your data.
- Right to restriction of processing (Art. 18 GDPR): You can require us - to the extent the statutory provisions are met - to restrict the processing of your data.
- Right to data portability (Art. 20 GDPR): If you have provided us with data based on a contract or a consent, you can demand, if all legal requirements are met, that you receive the data provided by you in a structured and commonly used format or that we transfer it to another controller.
- Right to object to data processing based on legitimate interests (Art. 21 GDPR): You have the right to lodge an objection to our data processing at any time for reasons resulting from your specific situation to the extent such processing is based on legitimate interests within the meaning of point (f) of Art. 6(1) GDPR. If you make use of your right to object, we will cease processing your data, unless we can demonstrate compelling legitimate reasons for the further processing which override your interests.
- Withdrawal of consent (Art. 7 GDPR): If you have given us your consent to the processing of your data, you can withdraw it at any time with effect for the future. A withdrawal shall not affect the lawfulness of the processing of your data up until the time of the withdrawal. If you wish to withdraw your consent to the use of specific cookies, please note the statements under Section 4) .
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You can additionally lodge a complaint with the competent supervisory authority if you are of the opinion that the processing of your data infringes applicable law. For this, you can contact the data protection authority competent for your place of residence, your workplace or place of the alleged infringement or the data protection authority competent for us. The supervisory authority for data protection competent for us is the State Officer for Data Protection of Baden-Wuerttemberg (www.baden-wuerttemberg.datenschutz.de).
13) Our Data Protection Officer
We have appointed a corporate data protection officer. You can contact them as follows:Datenschutzbeauftragte des ZKM c/o V-Formation GmbH Stephanienstr. 18 76133 Karlsruhe www.v-formation.de Telephone: +49 (0) 721/17029034 Email: datenschutz@zkm.de