Privacy Policy

for Website & Newsletter

I. Responsibility, data protection official and scope of this information

Responsible for the personal data collected from users when visiting our website is the

ZKM | Center for Art and Media Karlsruhe
Foundation under public law

Lorenzstraße 19
76135 Karlsruhe
Germany

Tel: +49 (0) 721/8100-0
Fax: +49 (0) 721/8100-1139
E-mail: info@zkm.de

Users (hereinafter also referred to as »you«) may also contact our Data Protection Officer with any questions regarding data protection at the ZKM (hereinafter also referred to as »we«). You can contact us by e-mail at datenschutz@zkm.de or at our postal address with the addition »Data Protection Officer«.

Subject of data protection are personal data. This is all information relating to an identified or identifiable natural person (the so-called data subject) who is the user of our website or the recipient of our newsletter. Such information is, for example, details such as name or e-mail address that the user can provide when registering for our newsletter. However, we also treat information that arises during a normal visit to our website (e.g. pages called up) as personal as long as it can be assigned to the user's Internet address (IP address) or in any other way to a natural person.

All personal data is processed by the ZKM in accordance with the relevant legal provisions, in particular the General Data Protection Regulation of the EU (also called GDPR for short) and the Baden-Württemberg Data Protection Act (LDSG).

This data protection notice applies only to the websites under the domain www.zkm.de and to other ZKM websites that refer to this notice. In particular, the references do not refer to external websites of other providers to which links are provided on the ZKM website.

This privacy policy also does not apply to ZKM profiles on third party platforms such as social networks (e.g. Facebook, Twitter, Google+ or Instagram). For the profiles on these platforms, the data protection information of the respective platform operator as well as any special data protection information provided by the ZKM apply there.

If users who are not subject to or supervised by the ZKM post personal data on our website via third parties (e.g. mentioning names in blog articles), the users themselves are also responsible for this content in terms of data protection law. However, at the request of the person concerned, we will immediately delete inadmissible content from our website.

The ZKM's privacy policy is subject to regular changes, due, among other things, to the possible changing use of web technologies such as social media plug-ins. The data protection information available, when you visit the website, is authoritative in each case.

The content of any consent already given remains unaffected by any changes to the data protection information. In this case, amended data protection notices merely inform you about changed technical, organizational or legal framework conditions (such as, for example, about security measures adapted to the state of the art, new contact information or the rights of affected persons, some of which have been extended by the GDPR).

 

II. Data collected automatically when visiting the website

When you visit our website, the following information is usually automatically transferred from your browser to our server:

  • internet address (IP address) of the requesting computer at the time of the request
  • date and time of request
  • accessed web pages or files
  • transferred data volume
  • notification as to whether the request was successful or why it may have failed (error code)
  • operating system and browser software of the accessing computer, each including version
  • screen resolution and color depth of the accessing computer
  • browser settings like the set language
  • browser plugins (JavaScript, Flash Player, Java, Silverlight, Adobe Acrobat Reader etc.)
  • the previously visited website (referrer URL)
  • keyword with which the website was found, for example via Google.

We process these data on the basis of our legitimate interests within the meaning of Article 6 paragraph 1 sentence 1 letter f GDPR, namely

  • to provide our website,
  • to maintain the technical stability and security of our website, including the detection and resolution of malfunctions (e.g. by blocking a denial of service attack originating from a particular IP address),
  • for statistical evaluation of the use of the website with the aim of its demand-oriented design and improvement, and
  • to check for concrete indications of illegal use (e.g. suspicion of slander in the context of a blog provided or fraud in the context of the online shop).

When you visit our website, this data is collected automatically. Without this survey, our website cannot be used. We do not use this data for the purpose of drawing conclusions about the identity of the user, unless there are concrete indications of illegal use.

Generally, the collected data will be deleted after 7 days or made completely anonymous by deleting at least parts of the IP address, unless we exceptionally need it longer for the above-mentioned purposes. In such a case, we will delete or make the data completely anonymous immediately after it has been used.

 

III. Cookies

Cookies are used on the website to assign an identification code to your computer. Cookies are small text files (with the identification code) that are stored on the user's computer when a website is accessed. As plain text files, cookies cannot contain viruses or other malware.

Cookies serve to make websites more comfortable, efficient and secure. We use both transient and persistent cookies:

  • Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser. A session cookie can be used, for example, to manage your shopping cart in our online shop.
  • Persistent cookies are stored after a browser session, but automatically deleted after a specified period, which may vary depending on the cookie. You can also delete cookies at any time in the security settings of your browser.

We generally do not use cookies to draw conclusions about the identity of the user, but only to identify his computer for the purposes described above. Exceptionally, the user can also be identified if he has entered his contact data during his visit to our website during which our cookie was set (e.g. in the online shop or during the press download).

We process the data in connection with cookies on the basis of our legitimate interests within the meaning of Article 6 paragraph 1 sentence 1 letter f GDPR, namely

  • to provide certain functionalities of our website and
  • for the statistical evaluation of the use of the website with the aim of its demand-oriented design and improvement.

Most browsers offer the possibility to display a warning before storing a cookie, to completely refuse the acceptance of cookies and/or to delete existing cookies again. However, the usability of the website may be restricted by such settings.

If you wish to refuse the processing of your data in connection with cookies, please refuse the acceptance of cookies via your browser or proceed with Google Analytics as described in the following section.

In particular, cookies are used at the following places on zkm.de:

  • Forms: If you use one of our forms (registration for a workshop; group booking request for guided tours and workshops; request for an event at ZKM; registration for the ZKM press distribution list), a cookie is automatically set. The form may then inform you that you have already submitted a form.
  • Press Download: There is an additional form for press representatives to download press material. If you wish, you can optionally set a cookie there, which remembers your contact data for a next download, so that you do not have to enter this data repeatedly.
  • Google Analytics: The use of cookies for Google Analytics is described in the next section.

If you confirm the active cookie hint with »Ok, understood« when accessing our website, which is displayed to you independently of this data protection hint, we can also set a cookie, which means that this hint will no longer be displayed to you for a period of one year.

 

 IV. Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (»Google«). Google Analytics also uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States and stored there. However, due to the activation of IP anonymization on this website, Google will reduce your IP address within the Member States of the European Union or in other states party to the Agreement on the European Economic Area so that it can no longer be assigned to a connection or user. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

This website also uses Google Analytics for a device-independent analysis of visitor flows, which is carried out via a user ID.

Google will use the collected information on behalf of ZKM to evaluate your use of the website, to compile reports on website activities and to provide ZKM with further services related to website and Internet use. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also object to the collection of data by Google Analytics by installing a deactivation add-on (http://tools.google.com/dlpage/gaoptout?hl=de) for your browser.

We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is our legitimate interest in the aforementioned analysis pursuant to Article 6 paragraph 1 sentence 1 letter f GDPR.

For more information about Google Analytics and how we process the information we collect about you, please see the following documents from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001:

Terms and conditions of use: http://www.google.com/analytics/terms/de.html

Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html

Data protection declaration: http://www.google.de/intl/de/policies/privacy.

 

V. Google Maps

On our website, we may use Google Maps to display locations and to create directions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only called »Google«.

If you use the Google Maps component of our website, Google stores a cookie on your device via your Internet browser. In order to display the locations and create route descriptions, the automatically generated usage data (see Section II above) as well as any additional information you may have voluntarily entered, in particular regarding your location, will be transmitted to Google and processed there. The connection to Google established in this way enables Google to determine in particular from which (namely our) website your enquiry has been sent and to which (namely your) IP address the route description is to be transmitted. We cannot exclude that Google uses servers in the USA.

The legal basis for this data processing is our legitimate interest in accordance with Article 6 paragraph 1 sentence 1 letter f GDPR. The legitimate interest lies in the optimization of the functionality of our Internet presence. Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active, Google also ensures that data processing in the USA also complies with an appropriate level of data protection in accordance with the EU Commission.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. You will find details on this in the section »Cookies«.

In addition, Google Maps and the information obtained via Google Maps are used in accordance with the Goolge Terms of Use https://policies.google.com/terms?gl=EN&hl=de and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

Furthermore, Google offers at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
for further information.

 

VI. Voluntary declaration of personal data

If you voluntarily provide personal data when visiting our website, for example in the context of an online form or when ordering our newsletter, the ZKM may process this data to respond to the enquiry or to send the newsletter. The legal basis for these purposes is the (pre-)contractual relationship upon your request (Article 6 paragraph 1 sentence 1 letter b GDPR) or your consent to the dispatch of the newsletter (Article 6 paragraph 1 sentence 1 letter a GDPR).

In addition, your form entries, in particular booking requests for guided tours or workshops, can also be used in at least pseudonymized form to improve and design our offer to meet your needs (e.g. by increasing the offer for services frequently requested in a certain period of time). The legal basis for these purposes is the legitimate interests of the CCNM (Article 6(1), first sentence, point (f GDPR).

You may revoke your consent to the processing of personal data, in particular your e-mail address for sending the newsletter, at any time by simple notification (by e-mail, fax or letter), or cancel the newsletter at any time by activating a link in each newsletter sent. In this case, your personal data will be deleted immediately by the ZKM. Further information on the newsletter can be found in the following section VI.

Personal data will not be passed on by us to third parties, unless you have given us your express prior consent or there is a legal permission to pass on data. If you have given your consent to the disclosure of your data, you can revoke this at any time by simple notification (by e-mail, fax or letter).

 

VII. Newsletter

With your consent you can subscribe to our newsletter, with which we inform you about the program currently offered by or in the ZKM.

After entering your e-mail address and first and last name, you will receive a confirmation link by e-mail. This leads you to a »Confirmation Site«, where you can select your individual interests (from exhibitions to art education to publications) as well as topics of interest to you (from fine arts to music to natural sciences and literature). With a further click on »Save interests« you will receive our newsletter from the next issue, filtered according to your interests. You can change these settings yourself at any time.

In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

After your confirmation, we will save the data you provide for the purpose of sending you the corresponding newsletter. The legal basis is your consent in accordance with Article 6 paragraph 1 sentence 1 letter a GDPR.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. The easiest way to cancel your subscription is to click on the link provided in each newsletter e-mail.

 

VIII. Recipients of personal data

We will only pass on your personal data to external third parties if this is necessary for the processing or handling of your request, if we have another legal permission or if we have your consent to do so. External recipients may in particular be service providers that we use for the provision of services, for example in the areas of technical infrastructure and maintenance of our website. Such contractors are carefully selected and regularly checked by us. You may only use the data for the purposes specified by us and in accordance with our instructions.

If data is transferred to entities whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we will ensure that the recipient either has an adequate level of data protection or your consent to the transfer of data prior to the transfer, except in exceptional cases permitted by law.

 

IX. Storing time

We store your personal data only as long as this is necessary for the fulfillment of the purposes or – in the case of a consent – as long as you do not revoke the consent. In the event of an objection, we will delete your personal data unless further processing is permitted by the relevant statutory provisions or is even mandatory (e.g. within the framework of commercial and tax storage obligations). We delete your personal data even if we are obliged to do so for legal reasons.

 

X. Rights as data subject

As a person affected by the data processing, you have numerous rights at your disposal. In particular, these are:

  • Right of information (Article 15 GDPR): You have the right to obtain information about your personal data stored by us.
  • Right of rectification (Article 16 GDPR): You can ask us to rectify incorrect data.
  • Right of deletion (Article 17 GDPR): You may request us to delete data that has been processed illegally in particular.
  • Restriction of processing (Article 18 GDPR): You may require us to restrict the processing of your data, in particular to »block« data whose processing is controversial.
  • Data transferability (Article 20 GDPR): If you have provided us with data on the basis of a contract or consent, you may request that you receive the data you have provided in a structured, current and machine-readable format or that we transmit it to another person responsible.
  • Objection to data processing on the legal basis of »legitimate interest« (Article 21 GDPR): You have the right to refuse data processing by us at any time for reasons arising from your particular situation, insofar as this is based on the legal basis of »legitimate interest«. If you exercise your right of objection, we will stop processing your data unless we can prove compelling reasons worthy of protection for further processing, which outweigh your rights. In the case of direct advertising or the use of cookies due to justified interests, we will generally observe your objection and stop the corresponding processing of your data. If you object to cookies, please note that you must take certain precautions in your browser as described above.
  • Revocation of consent (Article 7(3) GDPR): If you have given us consent to the processing of your data, you can revoke this at any time with effect for the future. The legality of the processing of your data until revocation remains unaffected by this.
  • Right of appeal to the supervisory authority (Article 77 GDPR): You may also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for us.

You are only entitled to the rights described above on condition that the legal requirements applicable in this respect are fulfilled, even if this is not expressly mentioned in the above description.

If you have any questions regarding the processing of your personal data, your rights as a person concerned or any consent you may contact us free of charge. To exercise all your aforementioned rights, please contact community@zkm.de or write to the address indicated in Section I above. Please ensure that we can uniquely identify you. You can also contact our data protection officer, also under the contact details mentioned in Section I.

 

Last updated: 25.05.2018