Privacy policy
This privacy policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as „data“) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter collectively referred to as „online offer“). With regard to the terms used, such as „processing“ or „controller“, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Name and Contact Data
Organization: neue Gesellschaft für bildende Kunst e.V. (hereinafter referred to as „Controller“)
Address: Karl-Liebknecht-Str. 11/13, 10178 Berlin
Phone: 030 6165130
Managing director: Annette Maechtel
Email
Data Protection Officer
Organization: neue Gesellschaft für bildende Kunst e.V.
Address: Karl-Liebknecht-Str. 11/13, 10178 Berlin
Email: datenschutz@ngbk.de
Security and Protection of Your Personal Data
We are legally required to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. To ensure maximum protection of your personal data, we take the utmost care and apply the most advanced security standards.
As a German registered association, we are subject to the provisions of the EU General Data Protection Regulation (GDPR) as well as the revised regulations of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG-neu). We have taken technical and organizational precautions to ensure that those data protection regulations are adhered to by us and by our external service providers.
On the Collection of Personal Data
The following provides information on the collection of personal data when visiting our website. The terms used in this data privacy policy correspond to the terms as defined in Art. 4 GDPR: https://gdpr-info.eu/art-4-gdpr/
Personal Data Collection via Direct Communication
If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and postal address and your telephone number, if applicable) will be stored by us so that we can respond to your request. The data collected in this context will be deleted as soon as it is no longer needed or if you object to the storage. If statutory storage obligations apply, we limit processing to the extent prescribed by law.
Personal Data Collection When Visiting Our Website
When you access the website for purely informational purposes, that is, if you do not register or otherwise submit information, we only collect the personal data that your browser transmits to our server. We collect the following data, which are technically necessary for us to display our website and to guarantee stability and security (legal basis is Art. 6 paragraph 1 p. 1 item (f) GDPR):
• IP address
• date and time of request
• time zone difference to Greenwich Mean Time (GMT)
• content of the request (specific page)
• access status/HTTP status code
• volume of data transmitted each time
• website from which the request comes
• browser
• operating system and its interface
• language and version of the browser software.
Cookies
Aside from the aforementioned data, cookies are sent to your computer when you visit our website. Cookies are small text files that are stored by your browser’s file directory on your hard disk. They allow specific information to be sent back to the site from where the cookie was issued. Cookies cannot initiate programs or deliver viruses to your computer. They serve only to make the internet service more user-friendly and effective overall.
The following explains the function and extent to which these different types of cookies are used on our website:
Persistent Cookies
- Persistent cookies will be automatically deleted after a stipulated duration, which may vary depending on the cookie. You can always delete the cookies through the security settings of your browser.
- You can also configure your browser settings to reflect your wishes and, for example, to refuse all third-party cookies or all cookies. „Third-party cookies“ are those that have been set by a third party and therefore not by the actual website you are currently visiting. As we use only local services, it is impossible for a third party to set cookies. However, third-party cookies may be set if required for technical reasons in future by external services such as Google Maps.
Additional Website Functions
(1) We also offer various services in addition to the purely informational use of our website. Should you be interested, you will be required to provide additional personal data which we use to provide the corresponding service and to which the aforementioned general data protection regulations apply.
(2) We sometimes use external service providers to process your data. These service providers have been carefully selected by us, are obligated to comply with our guidelines and are monitored regularly.
(3) Furthermore, it is possible that personal data collected during events may be disclosed to third parties for documentation and/or publishing purposes. This fact will be clearly indicated in the invitation or at the event.
(4) Insofar as our service providers or partners have their registered office in a country outside the European Economic Area (EEA), any consequences of this circumstance will be explained in the description of the service.
Placing an Order for a Publication
(1) When you place an order for publications via our website, the personal data provided by you for this purpose will be used to process your order.
(2) Due to commercial and tax regulations, we are obliged to store your address and order data for a period of ten years.
Automatic identity and credit check when selecting the „PayPal“ payment method
What personal data is collected and to what extent is it processed?
If you have selected „PayPal“ as the payment method, we will forward your personal customer data collected during the order process to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter „PayPal“). If you give your consent, the following data will be affected by the data transfer: First and last name, street, house number, postal code, city, date of birth, telephone number as well as the data related to your order.
Legal basis for the processing of personal data
Art. 6 para. 1 lit. b GDPR (implementation of (pre-)contractual measures)
Purpose of the data processing
PayPal carries out a credit check when you select the „PayPal“ payment method. Mathematical-statistical procedures are used to calculate a rating with regard to the probability of a payment default (so-called calculation of a scoring value). PayPal bases its decision on the provision of the respective payment methods on the calculated scoring value. The calculation of a scoring value is based on recognized scientific procedures. Reference is also made to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Duration of storage
We will store the relevant data for processing the payment for as long as is necessary to complete the transaction. If the data is subject to statutory retention obligations, it will be deleted after the retention obligation has expired. The duration of data storage by PayPal can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Right of objection and deletion
You can object to the processing at any time in accordance with Art. 21 GDPR and request the deletion of the data in accordance with Art. 17 GDPR. You can find out which rights you are entitled to and how to assert them at the bottom of this privacy policy.
Newsletter
(1) You will be asked to consent to the use of your personal data when you subscribe to our newsletter for information on our activities and publications.
(2) We use what is known as the double opt-in procedure. This means that after submitting your e-mail address we will send an e-mail to the address you provided asking you to confirm your request to receive the newsletter. If you do not confirm your registration within 24 hours your information is blocked and automatically deleted in 30 days. In addition, we store your IP addresses and the times of your registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if need be, to clarify a possible misuse of your personal data.
(3) The only mandatory information you need to provide to subscribe to the newsletter is your e-mail address. The input of any other separately indicated information is voluntary and will only be used for personalizing the newsletter if necessary. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. Legal basis is Art. 6 GDPR paragraph 1 p.1 item (a).
(4) You may at any time revoke your consent to receive the newsletter and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail (https://ngbk.de/en/institution/kontakt/newsletter), or by sending an unsubscribe request to the address given in the Legal Notice.
(5) Our newsletter software (see „Processors“) allows us to recognize how many e-mails have been successfully delivered and how many have been opened. Beyond that, we do not use any other tools in our newsletters to evaluate user behavior.
Privacy policy for the use of Facebook plugins (button)
Plugins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the „Like-Button“ („Like“) on our site. You can find an overview of the Facebook plugins here. When you visit our website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook „Like“ button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account.
We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s privacy policy here.
If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
Privacy policy for the use of Instagram
Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
Further information on this can be found in Instagram’s privacy policy.
Privacy policy for the use of vimeo
On this website, we integrate videos from Vimeo, which are hosted on www.vimeo.com and can be played from our website.
The integration of this video content is done to improve the user experience and in the interest of an appealing presentation on our website. The legal basis for this data processing is based on the user’s consent in the cookie banner.
Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA. The USA is a third country within the meaning of the GDPR. Your data will be transferred to this third country.
Use of Script Libraries (Web Fonts)
To display our content correctly, cross-browser and graphically pleasing, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Web fonts are placed in your browser’s cache to avoid multiple refreshes. In the event that your browser does not support or prevents a connection to Google Web Fonts, content will be shown in a standard font.
The request for script or font libraries automatically initiates a connection to the operator of the library. It is theoretically possible that the operators of such libraries collect data, although at present it is not clear whether and, if so, for what purpose. The web fonts used by this website are hosted locally and loaded from our server in Germany, which prevents a direct connection to the service provider.
Further information can be found in Google’s privacy policy at: https://www.google.com/policies/privacy/
SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line. If SSL encryption is activated, the data you send to us cannot be read by third parties.
Minors
The audience we generally target is „adult.“ Persons under the age of 16 should not submit personal data without the consent of a parent or legal guardian.
Rights of the Data Subject
(1) Revocation of Consent
Inasmuch as the processing of your personal data is based on your consent, you have the right to revoke this consent at any time. The revocation of consent shall not affect the legality of the processed data that resulted from the consent until revocation.
Please feel free to contact us at any time to exercise your revocation right.
(2) Confirmation Right
You have the right to request confirmation from the Controller as to whether we are processing personal data relating to you. Please send your request for confirmation at any time via the contact data shown above.
(3) Right to Information
Insofar as personal data are processed, you may always request information on these personal data and on the following information:
a. the purposes for processing your data;
b. the special categories of personal data that are being processed;
c. the recipients or categories of recipients to whom the personal data have been or will be disclosed, including in third countries and/or international organizations;
d. if possible the planned duration for which personal data will be stored or, if this is not possible, the criteria for determining this duration;
e. your right of rectification or erasure of your personal data, or of restriction of the processing of personal data by the Controller and/or your right to object to the processing of your personal data;
f. your right to take legal action and lodge a complaint with a supervisory authority;
g. all available information on the origin of the data if the personal data are not collected from the data subject;
h. the existence of automated individual decision-making, including profiling in accordance with Art. 22 GDPR (1) and (4) as well as, at least in these cases, relevant information on the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to be informed of the appropriate safeguards provided for in Article 46 GDPR when personal data are transferred to a third country or an international organization. We will supply a copy of the personal data undergoing processing. We may charge an appropriate fee based on administrative costs for any additional copies you request as a natural person. Should you submit the application electronically, unless otherwise stated the information shall be provided in a standard electronic format. The right to obtain a copy in accordance with paragraph 3 shall not adversely affect the rights and freedoms of others.
(4) Right to Rectification
You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
(5) Right to Erasure („Right to be forgotten“)
You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay. We are obliged to erase personal data immediately where one of the following applies:
a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b. the data subject withdraws consent on which the processing is based according to Art. 6 GDPR paragraph 1 item (a), or Art. 9 paragraph 2 item (a), and where there is no other legal basis for the processing;
c. the data subject objects to the processing pursuant to Art. 21 GDPR paragraph 1 and there are no overriding legitimate grounds for the processing, or the data subject lodges an objection to the processing pursuant to Art. 21 paragraph 2;
d. the personal data have been unlawfully processed;
e. erasure of personal data is necessary to comply with a legal obligation under Union or Member State law to which the Controller is subject;
f. the personal data have been collected with regard to information society services provided in accordance with Art. 8 GDPR paragraph 1.
Where the Controller has made the personal data public and is obliged pursuant to paragraph 1 to erase them, the Controller, taking account of available technology and the cost of implementation, shall take appropriate measures, including technical means, to inform controllers processing the personal data that the data subject has requested them to erase all and any links to, or copy or replication of, those personal data.
The right of erasure („right to be forgotten“) shall not apply insofar as the processing is necessary:
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation required for processing under the Union or Member State law to which the Controller is subject, or if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
• for reasons of public interest in the area of public health in accordance with Art. 9 GDPR paragraph 2 items (h) and (i) as well as paragraph 3;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 GDPR paragraph 1 insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the assertion, exercise or defense of legal claims.
(6) Right to Restriction of Processing
You have the right to request a restriction regarding the processing of your personal data where one of the following conditions apply:
a. the accuracy of the personal data is contested by the data subject for a period which enables the Controller to verify the accuracy of the personal data;
b. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c. the Controller no longer needs the personal data for the purposes of the processing but they are required by the data subject for the assertion, exercise or defense of legal claims;
d. the data subject has objected to processing pursuant to Art. 21 GDPR paragraph 1 pending the verification whether the legitimate grounds of the Controller override those of the data subject.
Where processing has been restricted under the conditions set out above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the enforcement, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of relevant public interest of the Union or of a Member State.
The data subject may contact us at any time at the above contact details to exercise their right to restrict processing.
(7) Right to Data Portability
You have the right to receive the personal data concerning you that you have submitted to us, in a structured, conventional and machine-readable format. You have the right to transmit those data to another controller without hindrance from the Controller to whom the personal data was submitted, provided that:
a. processing is based on consent as defined in Art. 6 GDPR paragraph 1 item (a) or Art. 9 paragraph 2 item (a) or on a contract as defined in Art. 6 paragraph 1 item (b); and
b. the processing is carried out by automated means.
You have the right, when exercising the right to data portability under paragraph 1, to have the personal data transferred directly from one data controller to another, as far as this is technically possible. Exercising the right to data portability has no effect on the right of erasure („right to be forgotten“). That right shall not apply to processing necessary for the performance of a task in the public interest or by virtue of official authority vested in the Controller.
(8) Right to Object
You always have the right to object to the processing of personal data concerning you under Art. 6 GDPR paragraph 1 item (e) or (f), for reasons relating to your particular situation; this also applies for profiling on the basis of these provisions. The Controller shall no longer process the personal data unless the Controller can provide compelling and legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
Where personal data are processed for direct marketing purposes, you always have the right to object to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is associated with such direct marketing. Should you object to the processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to object to the processing of personal data concerning you, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 paragraph 1, for reasons arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.
You can always exercise your right of objection by contacting the respective controller.
(9) Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects against you or significantly affects you in a similar manner. This does not apply if the decision:
a. is necessary for entering into, or performance of, a contract between the data subject and the Controller;
b. is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
c. is based on the data subject’s explicit consent.
The Controller shall take appropriate measures to safeguard the data subject’s rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the Controller, to state their own position and to challenge the decision.
The data subject may exercise this right at any time by contacting the respective controller.
(10) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes this regulation.
(11) Right to an Effective Judicial Remedy
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, you have the right to an effective judicial remedy if you believe that your rights under the GDPR have been infringed as a result of processing your personal data in non-compliance with the GDPR.
Processors (Service providers)
We work in cooperation with the following external service providers (processors):
- www.ngbk.de website hosting:
1 und 1 Internet
- Hosting of the archive website – accessible via the main menu or at https://archiv.ngbk.de/:
Erik Stein, Information Architect – Programming & Graphics, Dresdener Str. 26, 10999 Berlin
- Administration of the e-mail distribution list for the nGbK newsletter:
Brevo; https://www.brevo.com/de/legal/privacypolicy/
- Maintenance of the www.ngbk.de website:
in cooperation with Liebermann Kiepe Reddemann;
Holstenstraße 1, 22767 Hamburg
Changes to Our Privacy Policy
We reserve the right to occasionally modify this data privacy policy so that it always complies with current legal requirements or to reflect changes to our services in the data privacy policy, e.g. when introducing new services. The new data privacy policy will then apply for your next visit.
Questions about Data Privacy
Please feel free to contact us by e-mail if you have any questions or comments relating to data privacy:
nGbK
Karl-Liebknecht-Straße 11/13
10178 Berlin
datenschutz@ngbk.de
Data Privacy Policy as of: 24 May 2018 / updated April 19, 2024