Thank you for your interest in our website. The protection of your privacy is very important to us. For this reason, we have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by our partners and external service providers. However, we would like to point out that data transmission on the Internet can have security gaps and that complete protection of data from access by third parties is not possible.
§ 1 INFORMATION ON THE COLLECTION OF PERSONAL DATA
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.
(2) The person responsible according to Art. 4 VII DSGVO is
Galerie Rother Winter GbR
Inhaber: Christine Rother-Ulrich & Christian Rother
65183 Wiesbaden Germany
Tel..: +49 (0)611-37 99 67
Fax: +49 (0)611-95 66 399
Further information: Imprint
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address and your name) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
(4) If we make use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
§ 2 YOUR RIGHTS
(1) You have the following rights towards us with regard to personal data concerning you:
- Right to information
- Right to correction or deletion
- Right to limitation of processing
- Right of opposition to the processing
- Right to data transferability.
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
§ 3 COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE
(1) When using the website for information purposes only, i.e. when you do not register or otherwise provide us with information (for example when contacting us via our contact form), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security
- IP address
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website from which the request comes
- operating system and its surface
- Language and version of the browser software
The legal basis for collecting this data is Art. 6 I 1 lif. f DSGVO.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to us. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
(3) Our website uses so-called transient cookies and persistent cookies. Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. In addition, you can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or all cookies. We would like to point out that you may not be able to use all the functions of our website.
§ 4 SSL-ENCRYPTION
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
§ 5 FURTHER FUNCTIONS AND OFFERS OF OUR WEBSITE
(1) In addition to the purely informational use of our website, we offer various services which you can use if you are interested. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, conclusion of contracts or similar services together with partners. For more information, please provide your personal data or see the description of the offer below.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
§ 6 OBJECTION OR REVOCATION AGAINST THE PROCESSING OF YOUR DATA
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction under the following contact data:
Phone: +49 (0)611 137 19170
Fax: +49 (0)611 94 93 90 43
§ 7 USE OF OUR WEBSHOP
(1) If you would like to order in our webshop, it is necessary for the conclusion of the contract that you enter your personal data, which we need for the completion of your order. Required information for the execution of the contracts are marked separately, further information is voluntary. We process the data provided by you to process your order. For this purpose we can pass on your payment data to our house bank. The legal basis for this is Art. 6 I 1 lit. b DSGVO.
If you rent a work of art, you must create a customer account through which we can store your data for future purchases. When you create an account under “Login/Register”, the data you have provided will be saved revocably. All other data, including your user account, can always be deleted in the customer/login area.
We may also process the information you provide to inform you of other interesting products in our portfolio or to send you e-mails containing technical information.
(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after[two years] we will limit processing, i.e. your data will only be used to comply with legal obligations.
(3) To prevent unauthorized access to your personal data, especially financial data, the order process is encrypted using TLS technology.
§ 8 USE OF OUR CUSTOMER PORTAL
(1) If you wish to use our customer portal, you must register by entering your e-mail address and a password of your choice.
(2) If you use our customer portal, we store your data necessary for contract fulfilment, including information on the method of payment, until you finally delete your access. Furthermore, we store the voluntary data provided by you for the duration of your use of the customer portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 I 1 lit. f DSGVO.
(3) In order to prevent unauthorized access to your personal data, especially financial data, the connection is encrypted using TLS technology.
§ 9 USE OF EXTERNAL PAYMENT SERVICE PROVIDERS
(1) We currently use the external payment service provider PayPal, through whose platform it is possible for you to make payment transactions. This is done within the framework of Art. 6 I lit. b and lit. f DSGVO.
§ 9 SENDING NEWSLETTERS VIA MAILCHIMP
(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) We use the double opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally]. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 I 1 lit. a DSGVO. Our newsletters are sent by means of the shipping service provider Mailchimp on the basis of our legitimate interests within the meaning of Art. 6 I 1 lit. f DSGVO and on the basis of an order processing contract in accordance with § 28 DSGVO. Mailchimp can use your data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its service. Mailchip does not use the data of our newsletter recipients to write them down or to pass the data on to third parties.
The Rocket Science Group LLC/MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level.
(4) You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details given in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons, i.e. tracking pixels, which represent single-pixel image files stored on our website. For the evaluations we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID. The data is collected exclusively pseudonymised, the IDs are therefore not linked to your other personal data, direct personal relationship is excluded.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above tracking takes place.
§ 10 EINSATZ VON GOOGLE ANALYTICS
(1) We use Google Analytics, a web analysis service of Google Inc. “(“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use.
(2) The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 I 1 lit. f DSGVO. Users’ personal data will be deleted or made anonymous after 14 months.
§ 11 SOCIAL-MEDIA
(1) We currently use social media buttons for the Facebook, Instagram, Twitter and LinkedIn networks on our website on the basis of our legitimate interests within the meaning of Art. 6 I 1 lit. f DSGVO. The buttons are static. This means that when you visit our site, no personal data is initially passed on to the providers. You can recognize the provider of the social network by the marking on the button and the logo. Only if you establish a connection with the network, the provider of the respective network receives the information that you have accessed the corresponding website of our online offer. In addition, the server log files already described above are transmitted. According to Facebook, the IP address in Germany is made anonymous immediately after it is collected. By connecting to the social network, personal data is transferred from you to the respective social network provider and stored there (for US providers in the USA). We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the provider of the social network.
(2) The provider of the respective social network stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective provider to exercise this right.
(3) The data transfer is independent of whether you have an account with the social network provider and are logged in there. If you are logged in with the provider, your data collected with us will be directly assigned to your existing account with the provider. If you click the button and, for example, link the page, the provider also stores this information in your user account and informs your contacts publicly. We recommend that you log out regularly after using a social network, especially before using the button, as this way you can avoid being assigned to your profile with the provider.
(4) Further information on the purpose and scope of data collection and its processing by the provider can be found in the data protection declarations of these providers. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
a) Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; https://help.instagram.com/155833707900388
c) Twitter, Inc. 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§12 USE OF GOOGLE ADWORDS CONVERSION
(1) We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
(2) These advertising media are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
(3) These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on their computer has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of AdWords conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
(5) You can prevent participation in this tracking process in various ways:
a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive ads from third-party providers;
b) ) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, this setting being deleted when you delete your cookies;
c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies;
d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this offer in full.
(6) The legal basis for the processing of your data is Art. 6 I 1 lit. f DSGVO. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 13 FACEBOOK CUSTOM AUDIENCES
(1) We also use the remarketing function “Custom Audiences” of Facebook Inc. “(“Facebook”). This allows users of the website to see interest-based advertisements (“Facebook ads”) when visiting the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website more interesting for you.
(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence, or that you have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying information.
(3) The function “Facebook Custom Audiences” can be deactivated[here and] for logged in users at https://www.facebook.com/settings/?tab=ads#_.
(4) The legal basis for the processing of your data is Art. 6 I 1 lit. f DSGVO. For more information about Facebook’s data processing, please visit https://www.facebook.com/about/privacy.