As of May 07 2020
1. Subject matter and scope of application
We take the protection of your personal data very seriously. With this data protection information, we inform you which personal data we collect and how and for what purposes it is processed. We always treat your personal data in accordance with the statutory data protection regulations and this data protection declaration.
The Art Echo
Contemporary Art Gallery
Anyone concerned can contact us directly at any time with any questions or suggestions regarding data protection.
4. Visit of the web pages
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device.
Ensuring the confidentiality and integrity of the personal data processed with our IT systems is of great importance to us. The data is also used to correct website errors.
For these purposes the following data will be logged:
IP address of the calling computer
Operating system of the calling computer
Browser version of the calling computer
Name of the retrieved file
Date and time of retrieval
Transferred amount of data
These data are regularly deleted after a few days.
Our websites are hosted by a service provider on the basis of order processing in accordance with Art. 28 GDPR.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
5. Establishing contact
If you contact us to request information or documents, the information you provide will be stored for the purpose of processing your request.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our predominant legitimate interest is the communication with our interested parties, visitors and customers.
If the purpose of establishing contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b) GDPR.
6. Our products and services
We process the data of our interested parties, customers, service providers and suppliers within the framework of the provision of our contractual services. We may process inventory data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. photos, videos), contract data (e.g. subject matter of contract, duration), payment data and data collected in the course of the provision of services and/or processed for the provision of services.
The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR.
7. Video surveillance
Some of our production sites are monitored by video. This monitoring is clearly indicated by signs. The legal basis for this storage and processing is Art. 6 (1) lit. b) GDPR. The purpose of video surveillance and our legitimate interest is to safeguard the rights of the home, to protect our employees from dangerous situations, to protect our property, in particular our business premises including equipment, and to preserve evidence after criminal offences. Only the management has access to the records. In individual cases, the records may be passed on to criminal prosecution authorities in accordance with their purpose. The deletion of the data is carried out by the system after 7 working days, provided that there are no incidents in the sense of our legitimate interest, which make a longer storage necessary.
On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. Session cookies are automatically deleted after leaving our website.
In addition, we use temporary cookies which we store on your terminal for a certain period of time (so-called first party cookies). If you visit our site again, it is automatically recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.
You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the operation, analysis and optimisation of our website and our customer interactions.
9. Google Analytics
We use web analytics services on our website or parts of our website to understand how our website is used by its visitors and to improve the overall look and feel of the website.
We use Google Analytics web analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics sets cookies. In addition, data is transmitted to the USA. As part of IP anonymisation, the IP address collected by Google from users of our website within the European Economic Area is shortened before it is transmitted to the USA. Only in exceptional cases is the unabridged IP address transmitted to Google in the USA and abbreviated there. The IP addresses transmitted are not combined with other data from Google.
When Google Analytics is used, personal data is transferred to a third country outside the EU. Google has a Privacy Shield certification. Accordingly, there are suitable guarantees for data transfer in accordance with Art. 46 GDPR.
The legal basis for this data processing when using web analytics is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the analysis, optimisation and economic operation of our website and our customer interactions.
Accordingly, there are suitable guarantees for data transmission in accordance with Art. 46 GDPR.
10. Social media buttons
On our website social media buttons of the social media network LinkedIn are integrated.
If you click on one of these social media buttons, you will be redirected to our pages at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective data protection information of the providers of the social media networks.
The data protection information of the social media networks can be found here:
The legal basis for the integration and use of social media buttons is Art. 6 (1) lit. f) GDPR. Our predominant legitimate interest is the marketing of our offers and our website.
11. Social media pages ("fan pages")
We maintain a publicly accessible profile on the social media network LinkedIn ("Social Media Pages" or "Fan Pages").
If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyse your usage behaviour and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account at the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of the social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network websites and on other websites.
If you visit one of our social media pages, we are jointly responsible with the social media network provider for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information in this respect.
The data protection information of the social media networks can be found here:
We will be happy to provide you with information on suitable guarantees for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.
You can assert your rights of data subjects in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 (1) lit. f) GDPR. Our predominant legitimate interest is the presence and marketing of our products and services on the Internet.
We use font libraries on this website in order to present the contents of our website in a correct and graphically appealing manner across all browsers. Calling up font libraries automatically triggers a connection to the library operator. The operator receives the information that the font required for our website has been called up from your IP address.
You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).
The information transmitted to Adobe may be processed by Adobe, Inc., the parental company of Adobe Systems Software Ireland Limited, outside of the European Economic Area. Adobe, Inc. is certified under the EU – US Privacy Shield, please see here: https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active. Accordingly, there are suitable guarantees for data transmission in accordance with Art. 46 GDPR.
Legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the optimisation and economic operation of our website, including the efficient and error-free display of fonts across devices and the legally compliant use of these fonts.
13. Job applications
We collect and process personal data of applicants for the purpose of processing the application process. If an applicant submits his or her application documents to us electronically, they are processed electronically.
If we conclude an employment contract with an applicant, the data transmitted will be processed in order to carry out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, provided that deletion does not conflict with any overriding legitimate interest, such as the defence of claims or a preservation of evidence function according to the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
The legal basis for this storage and processing is the performance of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR.
14. Age restriction
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.
15. Recipients of data
Within our company, those internal departments or organisational units receive your data which they need to fulfil their tasks, to fulfil contracts with you if necessary, for data processing with your consent or to safeguard our overriding legitimate interests.
Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1) lit. b) GDPR or to safeguard our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in the effective conduct of our business operations.
Insofar as we use service providers or third-party providers within the framework of the provision of the website and/or the provision of our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of your personal data.
If we use content or tools from service providers or third-party providers in the course of providing the website and/or our services and their registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data will only be transferred to third countries if there is either an adequate level of data protection, consent or other legal permission, in particular a suitable guarantee pursuant to Art. 46 GDPR.
16. Your rights
You have the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to limit the processing and to object to the processing.
You also have the right to have your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.
To assert your rights, please contact us using the contact details given above.
You also have the right to lodge a complaint with the relevant data protection supervisory authority.
17. Revocation of consent
Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal notification by e-mail to us at the contact details given above is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
18. Right of objection
AS FAR AS YOUR DATA ARE PROCESSED, AS EXPLAINED IN THIS DATA PROTECTION INFORMATION, TO PROTECT OUR OVERRIDING LEGITIMATE INTERESTS, YOU CAN OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE. PLEASE CONTACT US USING THE CONTACT DETAILS GIVEN ABOVE.
YOU ARE ONLY ENTITLED TO THIS RIGHT OF OBJECTION IF THERE ARE REASONS ARISING FROM YOUR PARTICULAR SITUATION (ART. 21 (1) GDPR). AFTER EXERCISING YOUR RIGHT OF OBJECTION, YOUR PERSONAL DATA WILL NOT BE FURTHER PROCESSED FOR THESE PURPOSES, UNLESS WE CAN PROVE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF THE PROCESSING IS FOR THE PURPOSE OF DIRECT ADVERTISING, YOU MAY EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 (2) GDPR) AND YOUR PERSONAL DATA WILL THEN NO LONGER BE PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, REGARDLESS OF THE REASONS FOR THE OBJECTION.
19. Compulsory data
The provision of personal data is neither required by law nor by contract, and you are not obliged to provide personal data, although the provision of personal information is required for the conclusion of a contract to the extent that certain details are required in order to conclude (and perform) a contract.
20. Automated decision making
We do not perform automated decision making, including profiling.
21. Storage and deletion
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as necessary to achieve the purposes stated here or as required by the storage periods provided for by law.
If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
22. Technical and organisational measures for data security
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data, which you send to us.
24. Modification of this data protection information
We reserve the right to amend this data protection declaration from time to time so that it always complies with current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.