2. Mandatory information
The operator of this website is
Kunstverein Freiburg e.V.
3. Scope of processing personal data
In principle, we only process personal data of our website users to the extent necessary for providing a functional website as well as our content and services. Regular processing of a user’s personal data only occurs with the user’s consent. An exception applies in cases where prior consent is not attainable for factual reasons and the processing of the data is permitted by legal regulations.
4. Legal basis for the processing of personal data
Insofar as we obtain the data subject’s consent for processing personal data, Art. 6 sec. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. Art. 6 sec. 1 lit. b covers the processing of personal data necessary for the performance of a contract to which the data subject is a party and applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 sec. 1 lit. c of the GDPR serves as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 sec. 1 lit. d of the GDPR becomes the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the concerned person do not outweigh the first mentioned interests, Art. 6 sec. 1 lit. f of the GDPR shall serve as as the legal basis for processing.
5. Rights of the data subject
If your personal data is processed, you are the data subject according to the GDPR, and granted the following rights towards the website operator:
Right to information, deletion and blocking
At any time you have the right, free of charge, to information about your stored personal data, its origin and recipients and the purpose of the data processing. This includes the right to request rectification, restrictions or deletion of your data. If you have further questions about this or other matters relating to personal data, feel free to contact us at any time, through the contact information given in the imprint.
5.1. Right of access
You may request confirmation from the website operator, whether your personal data is processed by us. If so, you can request information about the following:
(1) the purposes for which personal data is being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom personal data has been or will be disclosed;
(4) the planned storage duration of personal data, or if this specific information is unavailable, criteria for determining storage retention periods;
(5) the existence of a right to rectification or erasure of personal data, a right to restriction of processing or a right to object to such processing;
(6) the existence of a right of appeal with a supervisory authority;
(7) any available information on the origin of the data, in case the personal data was not collected directly from you, the data subject;
(8) the existence of automated decision-making, including profiling, in accordance with Art. 22 sect. 1 and 4 of the GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. You have the right to request information on whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed of the given guarantees in connection with the transmission under Art. 46 of the GDPR.
5.2. Right to rectification
You have a right to rectification and/or completion if your personal data is incorrect or incomplete. The website operator shall make the correction without delay.
5.3. Right to restrict processing
You may request a restriction of the processing of your personal data under the following conditions:
(1) if you dispute the accuracy of your personal data, given a period of time that enables the operator to verify the accuracy your personal data;
(2) the processing is unlawful and you refuse a deletion of your personal data and instead request a restriction of use of your personal data;
(3) the operator no longer needs your personal data for processing purposes, yet you need it to assert, exercise or defend legal claims, or
(4) if you have objected to the processing in accordance with Art. 21 sec. 1 of the GDPR and it has not yet been determined whether the operator’s legitimate reasons outweigh your reasons. If the processing of your personal data has been restricted, such data may only be used with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of an other natural or legal person or for reasons of an important public interest of the Union or of a Member State. If the restriction of processing was done in accordance with the above conditions, the website operator will inform you before the restriction is lifted.
5.4. Right to erasure
You have a right to erasure concerning your personal data, obliging the website operator to delete this data immediately, if one of the following reasons applies:
(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent, which is the basis for processing in accordance with Art. 6 sec.1 lit.a or Art. 9 sec. 2 lit a of the GDPR and there is no other legal basis for processing.
(3) You object to the processing in accordance with Art. 21 sec. 1 of the GDPR and there are no primary legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 sec. 2 of the GDPR.
(4) Your personal data has been unlawfully processed.
(5) The erasure of your personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the website operator is subject.
(6) Your personal data has been collected in relation to information society services offered in accordance with Art. 8 sec. 1 of the GDPR. If the website operator has made your personal data public to third parties and is obliged to delete it in accordance with Art. 17 sec. 1 of the GDPR, he shall take into account the available technology and the implementation costs and take appropriate measures, including technical measures, to inform whomever processes your personal data that you, as a data subject, have requested the deletion of all links to such personal data or requested copies of the data concerning you.
Exceptions: The right to erasure does not exist, if the processing is necessary:
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation, which requires the processing, under the law of the Union or of the Member States to which the website operator is subject, or for the performance of a task which is in the public interest or in the exercise of public authority delegated to the operator;
(3) for reasons of public interest in the field of public health, in accordance with Art. 9 sec. 2 lit. h and i and Art.9 sec. 3 of the GDPR;
(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 sec. 1 of the GDPR, insofar as the law referred to in section (a) is likely to make achieving the objective impossibly or seriously impair it.
(5) for the assertion, exercise or defense of legal claims.
5.5. Right to information
If you have asserted the right to rectification, deletion or restriction of processing against the website operator, the operator is obliged to inform all recipients, to whom your personal data has been disclosed, of this correction, deletion of the data or restriction of the processing, unless this proves impossible or entails a disproportionate effort. You have the right to be informed about any recipients.
5.6. Right of objection
At any time you have the right, for reasons arising from your particular situation, to oppose the processing of your personal data, based on Art. 6 sec. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions. The website operator will no longer process your personal data, unless he can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising; this also applies to profiling insofar as related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. You are able, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of opposition by means of automated procedures using technical specifications.
5.7. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or similarly significantly affects you. This shall not apply where the decision
(1) is necessary for the conclusion or performance of a contract between you and the website operator,
(2) is permitted under Union or Member State legislation to which the operator is subject and this legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is done with your express consent. However, such decisions may not be based on specific categories of personal data under Art. 9 sec.1of the GDPR, unless Art. 9 sec. 2 lit. a or g of the GDPR is in effect and appropriate measures have been taken to protect your rights and freedoms, as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the operator shall take appropriate measures to safeguard your rights, freedoms and legitimate interests, including at least the right to the intervention of a person on the part of the operator, to a statement of one’s own position and to challenge a decision.
5.8. Revocation of your consent to data processing
Some data processing processes are only possible with your express consent. A revocation of your already given consent is possible at any time. An informal notification by email is sufficient for the revocation. The legality of the data processing carried out before the revocation remains unaffected by the revocation.
5.9. Right to complain to the responsible supervisory authority
As the data subject, you have the right to complain to the responsible supervisory authority in the event of a data protection violation. The supervisory authority in charge of data protection issues is the state data protection officer of the federal state in which the registered office of our company is located. The following link provides a list of data protection officers and their contact details:
5.10. Right of data portability
You have the right to have data, which we process automatically on the basis of your consent or in the performance of a contract, transferred to yourself or third parties. The data will be provided is in a machine-readable format. If you request the direct transfer of the data to another entity, it can only be done as far as is technically feasible.
At any time you have the right, free of charge, to information about your stored personal data, its origin and recipients and the purpose of the data processing. If applicable the right to rectification, restrictions or deletion of your data within legal provisions. If you have further questions about this or other matters relating to personal data, feel free to contact us at any time, through the contact information given in the imprint.
6. Functions and services used
Parts of our website use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our site more user-friendly, effective and secure. They are small text files, which are stored on your computer by your browser.
Most of the cookies we use are so-called “session cookies”. They will be deleted automatically after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser during your next visit.
You can set your browser’ settings to be informed about cookie placement, enable cookies only in certain cases, disable cookies for certain cases or in general, and to enable automatic deletion of cookies when closing the browser. With cookies disabled, the functionality of this website may be limited.
Server Log Files
The provider / web host of the pages automatically collects and stores information in so-called server log files, automatically transmitted to us by your browser. These are:
Browser type and browser version
operating system used
Host name of the accessing device
Time of server request
This data cannot be connected to specific users. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.
SSL and/or TLS encryption
For security reasons and for the protection of confidential content transmitted to us as a site operator, our website uses SSL or TLS encryption. Therefor your data, transmitted via this website, is not readable by third parties. You can recognize an encrypted connection by the “https://” in your browser’s address line and by the padlock icon.
If you contact us via the contact form, your input from the form, including the contact details you provide, will be stored by us for the purpose of processing your request and for possible follow-up questions. This data will not be shared without your consent.
Objection to advertising emails
We herby object to the use of our contact data, published within the imprint, for sending unsolicited advertising and information materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, e.g. spam emails.
Data collection outside the EU
The following list are services provided by Google, Facebook, Instagram (see below). Google has committed to the EU-US Privacy Shield Agreement. More detailed information here:
Facebook plugins (like button)
Our website integrates plugins of the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook plugins are recognizable within our website by the Facebook logo or the “Like”. An overview of the Facebook plugins can be found here:
If you do not want Facebook to be able to connect your visit with your Facebook user account, please log out of your Facebook account.
Our website use functions of Google+. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Collection and sharing of information: You can use the Google+ button to publish information worldwide. The Google+ button provides you and other users with personalized content from Google and our partners. Google stores both the information which content you gave +1 and information about the page you viewed while clicking +1. Your +1 may appear alongside your profile name and photo in Google services, such as search results or your Google profile, or elsewhere on websites and online ads.
Google records information about your +1 activities to improve Google services for you and others. In order to use the Google+ button, you need a globally visible public Google profile, which must contain at least the name chosen for the profile. This name is used for all Google services. In some cases, this name may also replace another name you used when sharing content through your Google account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.
Google recaptcha and Google maps
If the website uses google recaptcha and you use it, Google learns that your IP address has visited our website. The same applies to google maps. With Google maps, GPS tracking could possibly occur as well, especially in connection with Google+
Newsletter program Mailchimp
Our website integrates functions of the service Instagram. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link contents of our website to your Instagram profile by clicking on the Instagram button. This allows Instagram to connect your visit to our website with your user account. We would like to point out that we, as the provider of the website, do not receive any knowledge of the content of the data transmitted or Instagram’s use of this data.
7. Purpose and duration of data processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the IP address of each user has to be stored for the duration of the session.
By accessing the website, the IP addresses of visitors are stored by the web host for a maximum of seven days to detect and prevent attacks.
Further storage in log files happens anonymized to ensure the website’s functionality and to obtain data for optimizing the website and ensuring security. In this case, the IP addresses of all users are encrypted, so that an identification of the calling client is no longer possible.
The basis for data processing is Art. 6 sec. 1 lit. b of the GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.