Data Protection and Privacy Policy

Data Protection and Privacy Policy

Provider
Provider and responsible body in the sense of the data protection laws is:
ZOTT Artspace, a Trademark of
mSE-GmbH Management Solutions und System-Engineering
Elsenheimerstrasse 65
80687 Munich

Scope
This privacy notice informs users of the type, scope and purpose of the collection and use of their data by the responsible provider.
The legal framework is formed by General Data Protection Regulation (EU-GDPR), the new Federal Data Protection Act (BDSG-new) and the Telemedia Act (TMG).

Collection of General Information
Every time this site is visited, information is automatically recorded by us or the service provider in so-called server log files.

The following is recorded:

  • Browser type and version used
  • Operating system used
  • Domain name of your Internet provider
  • Referrer URL (previously visited website)
  • IP address
  • Date and time of the server inquiry

This information is technically necessary in order to correctly deliver and display the contents of our websites requested by you. These data are strictly necessary when using the Internet. These data exclusively comprise technical information which does not allow any direct conclusions to be drawn about your person. In addition, we use this anonymous information for statistical purposes and to optimise our websites and the technology which supports them. Under no circumstances will this anonymous data be passed on to third parties or linked to personal data without your express consent.

These automatically recorded data remain stored in the server log files for 14 days and are then automatically deleted. We and the service provider expressly reserve the right to subsequently check and evaluate the server log files in the event of suspicion of illegal use of our service.

Handling of personal data
We handle personal data only to the extent that this is possible to do so in accordance with data protection regulations. We also take all necessary technical and organisational security measures at all times to adequately protect your personal data from unauthorised access and misuse.

Insofar as we store or process personal data, this takes place inside a data processing centre. To protect the security of your data during transmission, we use encryption methods (e. g. SSL) via HTTPS. Our servers are protected by firewall and anti-virus protection. Back-up and recovery procedures as well as role and authorisation concepts are a matter of course for us.

Our employees are obliged to observe the regulations of the German Telemedia Act (TMG), the German Data Protection Act-new and the EU-GDPR when handling data.

The use of cookies
Similarly, to many other websites, we also use so-called “cookies”. Cookies are small text files that are transferred to your hard drive from a website server. When this happens, we automatically receive certain data, such as your IP address, the browser used, the operating system on your computer and your Internet connection.

Cookies cannot be used to run programmes or transfer viruses to your computer. Based on the information contained in the cookies, we can simplify navigation for you and ensure that our website displays correctly.
This automatically collected data will not be passed on to third parties or linked to personal data by us or our service provider without your express consent.

Our website can, of course, be viewed without the use of cookies. Internet browsers are usually set to accept cookies. You can disable the use of cookies in your browser settings at any time. Please refer to your Internet browser’s help feature to learn how you can change these settings. Please note that some of our website features may not work if you have disabled the use of cookies.

Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter Google) Google Analytics uses “cookies”, which are text files stored on the user’s computer to analyse how the website is used. The information generated by the cookie on your use of this website is generally transmitted to and stored on a Google server in the USA. Since IP anonymisation has been activated on these websites, before transferring data to the USA, Google will shorten the user’s IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional circumstances. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to create reports on website activities and to provide other services to the website operator related to website and internet use. The IP address transmitted by the user’s browser within the framework of Google Analytics will not be combined with any other data held by Google.

You may prevent cookies from being stored by selecting the appropriate setting on your browser; please note, however, that doing so may prevent you from being able to use all the functions of this website in full. In addition, you can prevent Google from acquiring and processing the data generated by the cookie and related to your use of this website (including your IP address) by downloading and installing the browser plug-in available at the following: browser add-on to deactivate Google Analytics.

As an alternative to this browser add-on or if you are accessing this website on a mobile device, please click on this link to prevent Google Analytics from collecting data when you are using this website in the future:
Disallow Google Analytics tracking
Doing so will result in an opt-out cookie being stored on your device. If you delete your cookies, you must click on this link again.

Use of Google Maps
This website uses Google Maps API to display geographical information. When Google Maps is used, Google also collects, processes, and utilises data about the visitor’s use of map functions. For more information about how Google processes your information, please refer to the Google Privacy Policies. There, you can also go to the Data Protection Centre to change the protection settings for your personal data.

Detailed instructions for managing your own data in connection with Google products can be found here.

Use of Google Web Fonts

This site uses so-called web fonts provided by Google to uniformly display fonts. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR

If your browser does not support web fonts, a default font is used by your computer.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

Social plug-ins
Social plug-ins from the providers listed below are used on our websites. You can recognise the plug-ins by the fact that they are marked with the corresponding logo.

In certain circumstances these plug-ins may be used to send information that may also include personal data to the service provider and the latter may use this data. We use a two-click solution to prevent the unintentional and unwanted collection and transmission of your data to these service providers. To activate a social plug-in, users must first click on the corresponding button. Only by activating the plug-in will the collection of information and its transmission to the service provider also be triggered. We do not collect any personal data ourselves by means of social plug-ins or by their use.

We have no influence on which data an activated plug-in collects or how it is used by the provider. It must be assumed at this time that direct connections are established to the services of the respective provider and that at least your IP address and specific usage information will be recorded and used. Service providers may also try to save cookies on your computer. Please refer to the data protection information of the respective service providers to find out which specific data is collected and how it is used. Note: If you are logged in to Facebook when you visit our site, Facebook can track your visit to a specific site.

We have included social media buttons from the following companies on our site:

Facebook, Inc.: 1601 Willow Road, Menlo Park, CA 94025, United States
Vimeo, Inc.: 555 West 18th Street, New York, New York 10011
Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland – Facebook Ireland Limited is a company registered under the laws of the Republic of Ireland.

Contact form
If you contact us via email or the contact form, the information you provide will be saved for the purpose of processing your request and for possible follow-up questions.

Deleting and blocking data
We adhere to the principles of data avoidance and data economy. Therefore, we store your personal data only as long as is necessary to achieve the purposes mentioned here or as required according to the various storage periods determined by the competent legal authorities. Once the purpose in question no longer exists or the storage period expires, the corresponding data will be routinely blocked or deleted as required by law.

Your Rights with regard to Information, Correction, Blocking, Deletion, and Objection
You have the right to be provided with information about any personal data stored on our servers that is related to you, at any time. You also have the right to rectification, blocking or deletion of your personal data, other than the aforementioned data storage for business processes. Please contact our data protection officer. The contact details can be found below.

In order to enable the blocking of data at any time, the data in question must be available on a black list for control purposes. You can also request the deletion of the data, unless this is excluded by a legal archiving obligation. Should such a requirement exist, we will, on request, block your data.

You can make changes or revoke your consent by sending us written notification thereof.

Information on our newsletter and consents
With the following information we are informing you about the contents of our newsletter, about the registration, distribution and statistical evaluation procedure as well as about your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

Newsletter Content
We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletters”) with the consent of the recipients or with a legal authorisation. If the contents of a newsletter are specifically described within the scope of a registration, they are decisive for user consent. In addition, our newsletter contains information about current news from the world of ZOTT Artspace and ZOTT Media, especially from the field of contemporary art and about our company (this includes in particular references on Facebook and Instagram contributions, events, our projects, products or online appearances).

Double opt-in and logging
Registration for our newsletter takes place in a so-called double opt-in procedure: After registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with a different e-mail address.
Subscriptions to the newsletter are logged in order to be able to verify the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Changes to your data stored with MailChimp are also logged.

Use of the “MailChimp” distribution service
The newsletter is sent via “MailChimp”, a newsletter distribution platform belonging to the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The e-mail addresses of our newsletter recipients, as well as their further data described within this legal notice, are stored on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for economic purposes, in order to determine which countries, the recipients come from. However, MailChimp does not use our newsletter recipients’ data in order to write to the newsletter recipients itself or to pass this data on to third parties.

We trust in the reliability and security of MailChimp IT and data. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and therefore undertakes to comply with EU data protection regulations. Furthermore, we have concluded a “Data Processing Agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect our users’ data, to process them on our behalf in accordance with the data protection regulations and, in particular, not to pass them on to third parties. You can view the MailChimp privacy policy here.

Log-in information
To subscribe to the newsletter, simply enter your e-mail address, first and last name. This information is only used to personalise the newsletter. Furthermore, we request that you optionally indicate your desired form of address and the name of your company. We only use this information to adapt the contents of the newsletter to the interests of our readers.

Statistical surveys and analyses
The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. During the retrieval process, initially technical information is collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on its retrieval locations (which can be determined using the IP address) or access times.
Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked on. This information can be assigned to the individual newsletter recipients for technical reasons, but it is neither our endeavour nor that of MailChimp to observe individual users. The evaluations serve us to a much greater extent to recognise the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

Online access and data management
In some cases, we direct the newsletter recipients to the MailChimp websites. For example, our newsletters contain a link which newsletter recipients can use to access the newsletters online (e.g. in case of display problems in the e-mail programme). Furthermore, newsletter recipients can subsequently correct their data, e.g. the e-mail address. Likewise, the MailChimp data privacy policy is only accessible via the MailChimp website

In this context we would like to point out that cookies are used on the MailChimp websites and thus personal data are processed by MailChimp, its partners and service providers (e.g. Google Analytics). We have no control over this. For further information, please refer to the MailChimp  privacy policy . In addition, we would like to draw your attention to the following websites, which detail how you can object to the collection of data for advertising purposes http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European region).

Cancellation/Revocation
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. This simultaneously cancels your consent for it to be sent via MailChimp and statistical analyses. Unfortunately, the sending via MailChimp and statistical evaluation cannot be revoked separately.
You will find a link to cancel the newsletter at the end of each newsletter.

Legal bases in the General Data Protection Regulation
In accordance with the provisions of the General Data Protection Regulation (GDPR), which is valid from May 25, 2018, we hereby inform you that consent to the sending of e-mail addresses is based on Art. 6 Para. 1 (a), 7 GDPR and § 7 Para. 2 No. 3, or Para. 3 of the German Act against Unfair Competition (UWG). The use of the distribution service provider MailChimp, carrying out statistical surveys and analyses as well as logging of the registration procedure are carried out on the basis of our  legitimate interests pursuant to Art. 6Para 1 (f) GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.

We would also like to draw your attention to the fact that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21GDPR at any time. Objection may be made against processing for direct marketing purposes.

Changes to our Privacy Policy
We reserve the right to occasionally adapt this privacy notice to ensure its compliance with the current legal requirements or to reflect changes in our services, e.g. upon the introduction of new services. Any renewed visit to our site will then be subject to the new privacy notice.

Questions to the data protection officer
If you have any questions about data protection, please write us an email or contact our data protection officer directly:
dsb(at)mse-solutions.com