Background

Data Privacy Statement

Thank you for visiting our website. We are informing you below what personal data we gather and what happens to said data if you visit our website. Personal data is any data with which you can be personally identified. In addition, you are being given information on your rights as a data subject arising from the EU General Data Protection Regulation (EU GDPR).

I. The controller within the meaning of the EU General Data Protection Regulation (EU GDPR) is


Kunstmuseum Stuttgart gGmbH
Represented by the Executive Director Dr. Ulrike Groos
Kleiner Schlossplatz 13
D-70173 Stuttgart
T: +49 (0)711 / 216 196 00
info@kunstmuseum-stuttgart.de


II. The Data Privacy Officer is


Columbus Consulting
Dr. Inge Rötlich
Mahdentalstr. 82
D-71065 Sindelfingen
T: +49 (0)7031 / 418 090
F: +49 (0)7031 / 418 097 0
datenschutz@columbus-consulting.eu


III. General remarks concerning data processing

1. Scope of the processing of personal data

We essentially only process personal data of our users to the extent necessary to provide a functioning website, as well as provide our content and services.


2. Encryption

In order to protect the transmission of confidential content, such as the inquiries that you transmit to us in our capacity as website operators, this website uses SSL encryption. You can recognize an encrypted connection by the fact that your browser’s address bar changes from http:// to https:// and by the key symbol shown in your browser line. If such encryption is enabled, the data that you transmit to us cannot be read by any third parties.

3. Provision of the website and creation of log files

Every time you access our website our system automatically gathers data and information in regard to the accessing computer. The following data is gathered in the process:

• IP address
• Information on the browser type
• Information on the version of the browser type
• Operating system
• Internet Service Provider
• The date and time of access
• Web page from which the visitor reached our site
• Web pages that have been accessed by the user’s system via our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the users. The legal basis for this data processing is, firstly, our legitimate interests in analyzing and using our website pursuant to Art. 6(1)(f) EU GDPR, and possibly also the statutory permission to store data within the scope of initiating a contractual relationship pursuant to Art. 6(b) EU GDPR.


IV. Cookies

Within the context of our legitimate interest in a technically faultless website and the optimization of it pursuant to Art. 6(1)(f) EU GDPR, our website deploys cookies, so that our services can be used more appropriately, more effectively and in a safer manner.

Cookies are small text files that are stored on your computer. The latter may, on the one hand, be session cookies, which are automatically deleted on our website at the end of your visit. There are, however, also cookies that are stored on your computer permanently, unless you delete them. That enables us to recognize your browser again the next time you access it and make you suitable offers. You can, in the settings of your browser, prevent cookies from being stored altogether, or prevent them whenever you visit particular websites. It is, however, possible that not all the functions of our website will still be available for use if you do that.


V. Newsletter


The opportunity exists, on our website, to subscribe to our newsletter, free of charge. That involves the data entered by you into the input mask being transmitted to us. To subscribe to the newsletter, it is only necessary to specify your email address. Any further data is voluntary.

The following data is gathered when you subscribe to the newsletter:
• Email address
• First name
• Last name
• Street address, house number
• ZIP code/City/Town

Our system also automatically gathers the following data:
• IP address
• Date and time of the registration
• URL of the login page

In the course of subscribing to the newsletter, you will receive a confirmation email that contains a link that you have to click on in order to complete the process of subscribing to our newsletter (double opt-in). You may unsubscribe from the newsletter at any time by clicking on the “Unsubscribe” link in any newsletter or by email sent to newsletter@kunstmuseum-stuttgart.de, newsletterkunstvermittlung@kunstmuseum-stuttgart.de or using the contact details given in the legal notice. The data stored with us by you for the newsletter will be saved by us until such time as you unsubscribe from the newsletter. We do not pass this data on to third parties. Once you have unsubscribed from the newsletter, the data is deleted. Any data that has been saved by us for other purposes (e.g. your email address for the registration) will not be affected thereby.

CleverReach


This website uses CleverReach for sending out newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, D-26180 Rastede. CleverReach is a service waimed at organizing and analyzing the sending of the newsletter. The data entered by you for the purpose of receiving the newsletter (e.g. your email address) is stored on the servers of CleverReach in Germany or Ireland.


Our newsletter sent via CleverReach enables us to analyze the usage patterns of the recipients of the newsletter. It is possible, for example, in this context, to analyze how many recipients have opened the newsletter and how often which link in the newsletter has been clicked on. With the aid of the conversion tracking, it can additionally also be analyzed whether, upon clicking on the link in the newsletter, a predefined action has occurred (e.g. purchasing a product on our website). You can obtain further information on the data analysis performed by CleverReach newsletters at https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.


The data processing is undertaken based on your consent (Art. 6(1)(a) EU GDPR). You may revoke said consent at any time, by unsubscribing from the newsletter. The legitimacy of the data processing procedures that have already been carried out shall not be affected by the revocation.


If you do not wish your usage patterns to be analyzed by CleverReach, you need to unsubscribe from the newsletter. We make a corresponding link available to you in every newsletter for this purpose. You may, moreover, also unsubscribe from the newsletter directly on our website.


The data stored with us by you for the purpose of receiving the newsletter is saved by us until such time as you opt out of receiving the newsletter, and, once you have unsubscribed from the newsletter, is deleted from both our servers and the servers of CleverReach. Any data that has been saved by us for other purposes (e.g. email address for the members’ area) will not be affected thereby.
You can infer further details from the Data Privacy Provisions of CleverReach at: https://www.cleverreach.com/de/datenschutz/.


We have concluded a contract data processing contract with CleverReach.

MailChimp


We use the services of MailChimp for sending out newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.


MailChimp is a service aimed at, inter alia, organizing and analyzing the sending out of newsletters. If you enter data for the purpose of receiving the newsletter (e.g. your email address), it is stored on the servers of MailChimp in USA.


MailChimp holds a certification under the EU/US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the USA that is supposed to ensure compliance with European data privacy standards in the USA.


MailChimp helps us analyze our newsletter campaigns. If you open an email sent with MailChimp, a file contained in the e-mail (a “web beacon”) connects with the servers of MailChimp in the USA. In that way it can be determined whether a newsletter has been opened, and which links have been clicked on, if any. In addition, technical information is gathered (e.g. the point in time of access, the IP address, the browser type and the operating system). Such information cannot be allocated to the respective recipient of the newsletter. It exclusively serves the purpose of statistical analysis of newsletter campaigns. The results of such analyses may be used in order to more suitably adapt future newsletters to the interests of the recipients.


If you do not wish a MailChimp analysis, you need to unsubscribe from the newsletter. We make a corresponding link available to you in every newsletter for this purpose. You can, moreover, also unsubscribe from the newsletter directly on our website.


The data processing is carried out based on your consent (Art. 6(1)(a) EU GDPR). You may revoke said consent at any time, by unsubscribing from the newsletter. The legitimacy of the data processing procedures that have already been carried out shall not be affected by the revocation.


The data stored with us by you for the purpose of receiving the newsletter is saved by us until such time as you opt out of receiving the newsletter, and, once you have unsubscribed from the newsletter, is deleted from both our servers and the servers of MailChimp. Any data that has been saved by us for other purposes (e.g. email address for the members’ area) will not be affected thereby.
You can infer further details from the Data Privacy Provisions of MailChimp at: https://mailchimp.com/legal/terms/.


We have concluded a Data Processing Agreement with MailChimp, where we oblige MailChimp to protect our customers’ data and not pass it on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.


Registration

In addition, we offer the opportunity, on our website, to register, giving personal data. The data is entered into an input mask, transmitted to us and saved. The data is not passed on to third parties.

The following data is gathered in the course of the registration:
• IP address
• Date and time of the registration
• Medium
• Form of address
• First name
• Last name
• Address
• Email address
• Telephone number

For media representatives, user registration is performed for incorporating them into the press distribution list for postal invitations, as well as regular press releases by email.
You have the opportunity to arrange for yourself to be deleted from the press distribution list at any time.
For this purpose, please email info@kunstmuseum-stuttgart.de


VI. Web shop


1. Passing on of data to third parties


In connection with our web shop, we only transmit personal data to third parties if it is necessary within the context of executing the agreement, for example to the company entrusted with delivering the goods or the bank commissioned with processing the payment. No further transmission of data occurs, or only if you have expressly consented to such transmission. Your data is not passed on to third parties, for example for advertising purposes, without your express consent.
The basis for the data processing is Art. 6(1)(b) EU GDPR, which permits the processing of data in order to fulfill an agreement or pre-contractual measures.

2. Web shop payment options


It is only possible, at our web shop, to pay by means of advance payment.
For this purpose, in order to process your order the following data is gathered:

• Last name
• First name
• Organization or company
• Street address, house number
• ZIP code/City/Town
• Email
• Telephone number

 


VII. Email contact


If you contact us with your inquiries by email, your details will only be used for processing your inquiry. This data will not be passed on to third parties. In this case, the user’s personal data transmitted with the email will be stored.


The data processing is carried out based on your consent (Art. 6(1)(a) EU GDPR), which you grant by sending the email. You can revoke such consent at any time. An informal notification, sent to us by email, is sufficient for that purpose. The legitimacy of the data processing procedures carried out prior to the revocation shall not be affected by the revocation.


The data forwarded by you in the email remains with us until you request its deletion, revoke your consent to its being stored or the purpose for which the data is stored lapses (e.g. once your inquiry has been conclusively processed). Mandatory statutory regulations – in particular archival periods – shall not be affected thereby.


VIII. Plug-ins and tools

1. Facebook plug-ins (Like and Share button)


We use plug-ins of the social network Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plug-ins by the Facebook logo or the "Like" button on our website. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/.


When visiting our website, via the plug-in a direct connection is established between your web browser and the Facebook server. Facebook thus receives the information that you have visited our website with your IP address. Clicking on the Facebook "Like" button while you are logged into your Facebook account enables you to link the content of our pages to your Facebook profile. In this way, Facebook can allocate the visit to our site to your user account. We are pointing out that we are not aware of the content of the data transmitted or its use by Facebook. You can obtain further information on the latter in Facebook’s privacy policy at: https://de-de.facebook.com/policy.php.


If you do not wish Facebook to be able to allocate your visit to our pages to your Facebook user account, please make sure to log out of your Facebook user account.

2. Twitter plug-in

We use plug-ins of the service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “re-tweet” function, the websites visited by you are linked with your Twitter account and made known to other users. In the process, data is also transmitted to Twitter. We are pointing out that we are not aware of the content of the data transmitted or its use by Twitter. You can obtain further information on the latter in Twitter’s privacy policy at: https://twitter.com/privacy.


You can change your data privacy settings at Twitter in the account settings at https://twitter.com/account/settings.


3. YouTube


We use plug-ins of the YouTube website operated by Google of YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

 

If you have your habitual residence in the European Economic Area or Switzerland, this service is provided to you by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you do not have your usual residence in the European Economic Area or Switzerland, this service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

Google`s privacy policy can be found here: https://policies.google.com/privacy?hl=en

For those instances where personal information is transferred to the United States, Google has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view a current certificate under this link: https://www.privacyshield.gov/list.

 

If you visit one of our pages equipped with a YouTube plug-in, a connection to the servers of YouTube is established. In the process, the YouTube server is notified which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to allocate your surfing patterns directly to your personal user profile. You can prevent this by logging out of your YouTube account.
YouTube is deployed in the interests of an appealing display of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) EU GDPR.


You will find further information on how user data is handled by YouTube at: https://www.google.de/intl/de/policies/privacy.

 

4. Instagram

Our website may contain functions and content of the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If the users are members of the platform Instagram, Instagram can assign the call-up of the abovementioned content and functions to the profiles of the users there. Data protection policy of Instagram: http://instagram.com/about/legal/privacy/.

IX. Your rights as a data subject

To the extent that we process personal data of yours, you are a data subject within the meaning of the EU GDPR. That means that you are entitled to assert the following rights vis-à-vis us:

1. The right to information (Art. EU 15 GDPR)

 

You may request information about the personal data stored by us about you, free of charge, at any time. In this respect, we need to see a form of identification, in order to prevent abuse.

 

2. The right to correction (Art. 16 EU GDPR)

You have a right to correction and/or completion of your personal data processed by us at any time, should it be incorrect or incomplete.

3. The right to erasure – the right to be forgotten (Art. 17 EU GDPR)


You have the right to have your personal data processed by us deleted. This in particular applies if the purpose of the processing has lapsed, any consent required has been revoked and no other legal basis exists, or our data processing is illegitimate. We shall then delete your personal data without delay within the statutory scope.

4. The right to restrict the processing (Art. 18 EU GDPR)


You may request restriction of the processing of your data.


Should the processing of the personal data concerning you have been restricted, such data may – apart from being stored – only be processed with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons involving a significant public interest on the part of the EU or a Member State.


Should the restriction of the processing have been limited in accordance with the above-mentioned prerequisites, you will be notified by the controller before the restriction is lifted.

5. The right to be notified (Art. 19 EU GDPR)

Should you have asserted the right to correction, deletion or restriction of the processing vis-à-vis the controller, the latter is obliged to notify all recipients to which it has disclosed the personal data concerned about the correction or deletion of the data or restriction of the processing, unless this proves impossible or involves disproportionate effort.
You are entitled to be notified about such recipients by the controller.

6. The right to data portability (Art. 20 EU GDPR)


You may request us to transmit the data stored about you in machine-readable form.

7. The right of opposition (Art. 21 EU GDPR)

You are entitled, for reasons which arise from your particular situation, to file an objection against the processing of the personal data concerning you, which is being undertaken based on Art. 6(1)(e) or (f) GDPR. This also applies to any profiling based on such provisions.

The controller will no longer process the personal data concerning you unless it can provide evidence of reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Should the personal data concerning you be processed in order to engage in direct advertising, you are entitled to file an objection to the processing of the personal data concerning you for the purpose of such advertising at any time. This also applies to profiling, in so far as it is connected with such direct advertising.

Should you object to the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for such purposes.

8. The right to appeal to a supervisory authority (Art. 77 EU GDPR)

Notwithstanding any other administrative or judicial remedy, you are entitled to file a complaint with a supervisory authority if you are of the opinion that the processing of the personal data concerning you violates the EU GDPR. You may assert such a right vis-à-vis a supervisory authority in the Member State of your place of residence, your place of work or the place where the violation is presumed to have taken place.

In Baden-Württemberg, the supervisory authority responsible is:

The State Commissioner for Data Privacy and Freedom of Information for Baden-Württemberg
Königstraße 10a
D-70173 Stuttgart

T: +49 (0)711 / 615 541 0
poststelle@lfdi.bwl.de

The supervisory authority with which the appeal has been filed will notify the party filing the appeal about the status and the results of the appeal, including the option of a judicial legal remedy pursuant to Art. 78 EU GDPR.


X. Amendment of the data privacy statement


Should an amendment to the data privacy statement become necessary on legal or factual grounds, we shall update this page accordingly. No changes to the consent granted by the user will be made in the process.