Responsible Authority
We are happy about you visiting our website. We would like to introduce you to the responsible authority in terms of data protection law as applicable:
Internationale Gesellschaft der Bildenden Künste e.V.
represented by the Board
Marcel Noack (Sprecher)
Christine Düwel
Maria Linares
Markgrafendamm 24/ Haus 16
10245 Berlin
Phone: +49 (0)30 23 45 76 66
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
General Information
Pursuant to our statutory obligations, we would like to inform you about the collection and use of your personal data.
When you use our website, personal data about you will be collected. This may happen by you entering the data yourself, for example your e-mail address. But our system also collects your data automatically, for example whenever you visit our website. This happens irrespective of the device or the software that you use to visit our website.
All data that you enter in our app is provided voluntarily; there are no disadvantages to you if you do not provide data. But without certain data, we are unable to provide services or to conclude contracts. Whenever such information is necessary, we will point it out to you.
On this website, the user’s personal data is only collected within the framework of the existing data-protection law, in particular the General Data Protection Regulation (GDPR). The legal terms used in the text are defined in Art. 4 of the GDPR.
The GDPR allows data processing in three cases in particular:
- in accordance with Art. 6 para. 1 (a) and 7 GDPR, when you have consented to us processing your data; in this Privacy Policy and in the cases of consent pursuant to Art. 4 no. 11 GDPR, we will inform you in detail and each time for what purposes and under what circumstances your data will be processed by us;
- in accordance with Art. 6 para. 1 (b) GDPR, when processing your personal data is necessary for negotiating, concluding or performing a contract;
- in accordance with Art. 6 para. 1 (f) GDPR, if the balancing of interests leads to the conclusion that the processing is necessary to protect our legitimate interests; this means in particular our interests to analyse, optimise and secure the offers on our website – meaning primarily the analysis of user behaviour, setting up profiles for advertisement purposes and storage of access data as well as the use of third-party providers.
Inventory Data
We collect inventory data as far as it is necessary to establish, negotiate or amend a contract (including one without remuneration) between us and the user. This can be: customer data (for example name, address), contact data (for example e-mail address, phone number), service data (for example services ordered, duration, payment). Upon establishing the user relationship, we will ask you for this data (for example name, address and e-mail address) and will also tell you which of the information is required to establish the user relationship.
Usage Data
We also collect usage data to allow users to use the services on our website. These may consist of: usage information (for example visited websites or parts, duration of visit, interest in services), content data (for example data, text, images, sounds, videos entered or uploaded by you), meta data (for example identity of your device, location, IP address).
We will only combine usage data if and insofar as it is necessary for billing purposes. Otherwise, we will only put together usage data pseudonymously and only insofar as you have not objected. You may send this objection to the address indicated in the “About Us” section or the responsible authority indicated in this Privacy Policy at any time.
The legal basis for this data processing are our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR in analysing the website and your use, possibly also the statutory permission to store data as part of the negotiation of a contract pursuant to Art. 6 para. 1 (b) GDPR.
Hoster
DomainFactory
Based on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR, we have designed this website with the modular design system provided by DomainFactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany. In addition, our website is hosted on the servers of DomainFactory based on Art. 6 para. 1 (f) GDPR.
Like any other hoster, DomainFactory collects usage data. These are identifiable and non-identifiable data based on your visit of our website. Non-identifiable data are the so-called server log files, which are automatically transmitted by your browser. Among others, these are contractual data, content data, usage data, meta and communication data, like type and version of your browser, the page from which you have come to our website, time and duration of your visit to our website as well as the amount of data transmitted. The hosting services are provided for the purpose of operating this online presence. DomainFactory will not connect your data with other information to identify you. Your IP address will usually be deleted within 7 days. Longer storage as well as checking your log data later may be necessary to investigate possible cases of abuse.
As a modular design system for building websites, DomainFactory also collects personal data which you enter when using the website. This can be contact data (for example e-mail address or phone number), invoice data (name, mailing address, payment method and bank information), data on connected third-party accounts (for example e-mail address or user name for a connected account with PayPal, Google or Facebook), data about a browser or user session (IP address, geographic location and/or unique identification of the device and any other personal data.
You can find more information about the data-protection policy of DomainFactory at: https://www.df.eu/de/datenschutz/
The basis for passing on your data to DomainFactory is our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR.
DomainFactory places cookies to offer you an optimal online presence, tailored to your needs. If you do not want your data to be sent to the services of DomainFactory, you can prevent DomainFactory from placing cookies. For more details, we refer you to the chapter about cookies in this privacy policy.
First Contact through Electronic Request
If you contact us in electronic form (for example by mail, fax, phone, messenger, etc.), we store and process the data which you have given us (for example name, contact information, content of the request). This is based on our legitimate interest in an effective communication with customers in accordance with Article 6 para. 1 (a) GDPR and, as far as it concerns a request to enter into or to perform a contract, also with Article 6 para. 1 (b) GDPR.
We will only pass on this data to third parties as far as required for the performance of the contract (in accordance with Article 6 para. 1 (b) GDPR), by the overwhelming interest in effective services (in accordance with Article 6 para. 1 (f) GDPR) or based on your consent (in accordance with Article 6 para. 1 (a) GDPR) or if there is another legal permission or obligation.
You may ask us at any time and without any cost to provide information about the purpose of the processing, the origin and the recipient, if any, of your data. You may also request that we correct, delete or limit the processing of your personal data. You may object against the (further) processing of your data at any time and you have a right for the data to be made transferable as well as the right to file a complaint with the competent supervisory agency.
In general, your data will only remain stored as long as required by the purpose of the respective data processing. A longer storage is an option, in particular when required in order to pursue our rights, for other legitimate interests of ours or when there is a statutory duty to keep the data longer (for example record-keeping under tax law, statute of limitations).
Consent
Whenever we ask you for your consent for the processing of your data, we will inform you in clear language and in an easily accessible way about the cases for which you will be granting your consent. Any consent that we ask you for is voluntary. Any advantage that you wish to gain by granting consent is also available without consent; simply ask us.
Regarding any consent, you have the right to revoke any consent given to us for the processing of your personal data at any time. You just need to contact us without any particular formal requirement, for example through our contact form, an e-mail to the e-mail address indicated in the “About Us” section or a link to unsubscribe (if offered by us). Your withdrawal has no effect on the legality of the data processing carried out up to that point.
Storage Period
Generally, your data will only remain stored as long as required by the purpose of the respective data processing. Storage beyond that is possible in particular if it is still required for pursuing our rights or for other legitimate interests of ours.
For your inventory data which were necessary to perform a contract (including one without remuneration), this means that we store this data until the complete performance or termination of the contractual relationship plus the limitation period (which is generally 2 or 3 years) plus an adequate extra time for potential interruptions of the limitation period.
For your usage data which was collected in the course of your use of the website, this means that we will store it only for the time still required for the proper functionality of our website and as long as we still have a legitimate interest. Statistical information will be primarily stored by us in pseudonymous form.
Beyond that, we still store your data for as long as we are required to do so by law. This concerns in particular the tax-law requirements to keep records, usually for 6 or even 10 years.
Transfer of data
Transfer to Third Parties
We dislike spam as much as you do. We will therefore not transfer your data to third parties, unless permitted by law.
Transfer of customer data may either
- be required for the performance of a contract and in that case be permitted according to Art. 6 para. 1 (b) GDPR, or
- be permitted based on our legitimate interest in an effective service structure pursuant to Art. 6 para. 1 (f) GDPR, or
- covered by your consent pursuant to Art. 6 para. 1 (a) GDPR, or
- become necessary if we will be legitimately asked by a government or an agency to hand over your data pursuant to Art. 6 para. 1 (c) GDPR.
If your data are transferred to third parties, this is mentioned in this privacy policy.
Transfer to other countries, particularly USA
Our website uses external providers located outside of the EU for different features. In particular, the use of cookies, active Java scripts and other technology can lead to processing and storage of your data outside of the EU. But we will not transfer your data to a third country, unless the EU Commission has determined that there is a similar level of data protection as in the EU or unless you have provided us with your informed consent or we have agreed on the standard contractual clauses for the protection of your data with the provider.
Users‘ Rights
You may request us anytime to provide information about the personal data stored about you free of charge. To avoid misuse, this will require personal identification.
Deletion, Correction, Limitation
You may at any time demand from us that we correct (or complete) incorrect data as well as a limitation of the processing of data or deletion of your data. This applies in particular if the reason for processing the data is no longer valid, if a required consent has been revoked and there is no other legal basis or if our data processing is unlawful. We will then correct, block or even delete your personal data without delay as far as permitted by law.
Objection
The right to object to advertisement is governed by our text regarding consent:
Regarding any consent, you have the right to revoke any consent given to us for the processing of your personal data at any time. You just need to contact us without any particular formal requirement, for example through our contact form, an e-mail to the e-mail address indicated in the “About Us” section or a link to unsubscribe (if offered by us). Your withdrawal has no effect on the legality of the data processing carried out up to that point.
Data Transfer
You may request us to transfer the data stored about you in machine-readable form.
Complaint
If you feel that our data processing has violated any of your rights, you may file a complaint with the competent regulatory agency (here you find a list of the agencies).
Changes to the Privacy Policy
If and when factual or legal reasons will compel us to amend the Privacy Policy, we will update this page accordingly. This will not change the consent provided by the user.
Data Entry
Encryption of Data Entry
When you enter data on our website, whether in a contact form, during the registration process, when you log in or for payment purposes, the website, where you enter the data, is encrypted. Thus, third parties can not read what you enter. You will recognise the encryption by the lock symbol in your browser and by the URL beginning with “https“ instead of “http“.
Contact Forms
General contact form
When you fill out a contact form or when you send us an e-mail or another electronic message, your information will be stored for the processing of the request, for possible follow-up questions or for other related questions and will only be used to follow up with the request.
Your data will be transferred in an encrypted manner, preventing third parties from reading your data while it is being entered.
Basis for this storage is the safeguarding of our legitimate interests in regard to communication with interested users pursuant to Art. 6 para. 1 (f) GDPR and in the case of inquiries prior to entering into a contract also the performance of a contract pursuant to Art. 6 para (b) GDPR.
Your data remains stored for as long as the processing of the request requires, in particular as long as the storage is still necessary to perform the contract, to pursue our rights or for our other legitimate interests or we are compelled by law to keep your data stored (for example based on tax-law requirements to maintain files).
Offer
On our website, you find a contact form, through which you may request a specific offer for our goods and services. We will ask for for the necessary data as in the form, so we can prepare the offer.
Your data will be entered in an encrypted manner, so that third parties cannot read your data while being entered.
The legal basis for this storage is our legitimate interest in communication with interested users in accordance with Art. 6 para. 1 (f) GDPR and in case of contractual requests also the storage of contractual data in accordance with Art. 6 para. 1 (b) GDPR.
These data remain saved until you will terminate your access by sending an e-mail to the e-mail address listed in the "About Us" section. After that, they will remain stored in connection with the necessary performance of the contract (see the section on user/contract data).
Registration
If you register on our website, we will ask for compulsory and potentially also non-compulsory data in accordance with our registration form for the purposes listed hereinafter.
Your data will be entered in an encrypted manner, so that third parties cannot read your data while being entered.
The legal basis for this storage is our legitimate interest in communication with interested users in accordance with Art. 6 para. 1 (f) GDPR and also the storage of contractual data in accordance with Art. 6 para. 1 (b) GDPR in case of contracts, including non-remunerated ones.
Your data will remain stored for as long as you remain registered, particularly as long as the storage is still required to perform the contract, to pursue our rights or for our other legitimate interests or for as long as we are required by law to store your data (for example pursuant to tax-law requirements to store documents).
Webinar
If you register for a webinar, we will ask for your e-mail address and your first name, because we like to address you personally. We will only use your data to inform you about the implementation of the webinar as well as possibly about information which is necessary for the webinar to be carried out (for example change of date, participation requirements, technical details) and materials (like slides, content information). Your data will be deleted after the completion of the webinar.
Membership Area
If you register for our membership area, we will ask for data in accordance with our registration form, because we do not permit the anonymous use of our services. We will only use your data to provide you with the information necessary for using the membership area (news, news in the membership area and technical information).
Membership Area Exchange
You can register in our Member's Area to engage in conversation with our other customers. We will ask for your data according to our registration form to allow us to present you to our other customers.
Once you have logged out from the membership area, your entries there will remain, even if you deregister. If you do not want this to happen, you can contact the e-mail address listed in the “About Us” section below and request that these entries will be deleted. We will then also delete the entries.
Course Registration
If you register for a course, we will ask for your data according to the registration form, because we like to address you personally. We will only use your data to inform you about the implementation of the course as well as possibly about information which is necessary for the course to be carried out (for example change of date, participation requirements, technical details) and materials (like slides, content information).
Backup
BackupMonkey
Based on our legitimate interest in a technologically perfect online offering and its design and optimization in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR, we use the backup service BackupMonkey, an offer by BackupMonkey UG (limited liability), Alte Wallgasse 6, 50672 Köln, Germany, to backup our data.
As part of that process, the data of our website and thus possibly also data collected from you will be stored in a backup at our place. To be on the safe side, the data will also be transmitted to BackupMonkey. But BackupMonkey only carries out a system check with the data to find out if the backup is complete and functional. No individual data will be read, and the data will be deleted after the short-term functionality check.
You can find more information about the privacy policy of BackupMonkey in the privacy policy of BackupMonkey: https://backupmonkey.io/de/datenschutz
We have also entered into a contract on data processing with BackupMonkey, according to which BackupMonkey will only process your data according to our instructions.
Google Workspace
In the context of our legitimate interest in a technically flawless online offer and its economically efficient design and optimization in accordance with. Article 6 (1) (f) GDPR we use Google Cloud Services(Google Workspace) from Google Cloud EMEA Ltd., 70 Sir John Rogerson's Quay, D02 R296, Dublin 2, Irland
(„Google“).
Google Cloud and associated software services in the GDPR-compliant GSuite relate to the storage and management of data in the cloud, calendar functions, e-mail software, document creation, spreadsheets and presentations, the exchange of documents with specific recipients, the publication of forms or other content and information, as well as chats and participation in video and audio conferences.
All data you enter in the Google cloud solutions will be entered or displayed (in particular inventory data such as name and email, usage data such as the browser used, websites visited, length of stay, previously visited website and your IP address, content data such as documents, files, contracts, audio and video communication and / or recording, chat history, shared screen content) to Google and saved by Google. We ourselves use settings that are as privacy-friendly as possible, you can also take such precautions. When communicating, you can use aliases or unique email addresses to log in or deactivate your audio and video transmission (in part).
Your data may be transferred to the USA here. However, we have ensured that your data is only transferred to the USA on the basis of a contract in accordance with the standard contractual clauses. According to the GDPR and the EuGH, this is a legal basis for the transfer of data to the USA. Furthermore this provider is certified according to the EU-US Data Privacy Framework. This means that the transfer of data to the USA is possible in a legally secure manner on the basis of the adequacy decision concluded on 10.07.2023.
We have concluded an data processing agreement with this provider, according to which this provider will only process your data on our behalf within the scope of the GDPR and according to our instructions.
Your data will remain stored insofar as it is still necessary for the purposes of your consent, for contract fulfillment / processing, for legal prosecution by us or for our other legitimate interests or if we are legally required to keep your data.
For more information on the use of your data by Google, please refer to Google's privacy policy
[https://policies.google.com/privacy?hl=de&gl=de] as well as the further security information on Google's cloud services [https://cloud.google.com/privacy?hl=de].
Map services
OpenStreetMap
Based on your consent pursuant to Art.6 para. 1 (a) GDPR, we use the HTMP geo-location API provided by the open-source OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, UK, to use your location for location-specific offers.
If you use the location detection function via HTML5 geolocation API, the OpenStreetMap API transmits the location data you entered to the OpenStreetMap search engine, which determines the coordinates of your current location and converts it into an address. However, your IP address will not be transmitted.
Further information about the use of your data by OpenStreetMap can be found in the privacy policy of OpenStreetMap https://wiki.osmfoundation.org/wiki/Privacy_Policy. Your data will only be used there in anonymous form.
If you don't want your data to be transmitted, you don't need to activate the location data.
Videoconferences, Webinare and Onlinemeetings
Zoom
We use external communication providers (external providers or platforms for our video conferences, audio conferences, webinars or other online meetings and online communication), in this case the provider ZOOM Video Communications Inc., San Jose Office, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. This is based either
- on our contractual or pre-contractual legal relationship in accordance with Art. 6 para. 1 (b) GDPR,
- on your consent if we have obtained that before (for example for a recording) in accordance with Art. 6 para. 1 (a) GDPR or
- on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR.
Each time you use our external communication provider, any data that you enter, indicate or show during the communication (in particular contractual data like name and e-mail, usage data like the browse used, visited websites, duration of the visit, referrer URL and your IP address, content data like audio and video communication and/or recordings, chat protocols, shared screen content) will be transmitted to the external communication provider and stored by them. We use settings that guarantee as much privacy as possible, and you can be careful about your privacy as well. For example, you can register with alias names or with one-time e-mail addresses or (partially) deactivate your transfer of audio and video.
When using this provider, it may happen that your data is transferred to the USA. However, we have ensured that your data is only transferred to the USA on the basis of a contract in accordance with the standard contractual clauses. According to the GDPR and the EuGH, this is a legal basis for the transfer of data to the USA. This applies in particular since the US Presidential Decree of 07.10.2022.
We have concluded an data processing agreement with this provider, according to which this provider will only process your data on our behalf within the scope of the GDPR and according to our instructions.
Your data will remain stored as long as necessary for the purposes of your consent, for performing the contract, to pursue our legal rights or for other legitimate interests of ours or as long as we are required by law to keep your information.
Neither we nor the external communication provider will pass on your data to third parties. Exceptions may be made for analysing the user date for service and security purposes as well as for marketing purposes of the external communication provider. For the further use of your data by the external communication provider, we refer you to their terms and conditions https://zoom.us/terms and the associated privacy policy https://zoom.us/privacy
Insofar as external communication providers store cookies or other trackers on your device, we refer you to our general information about dealing with cookies and deactivating them in this privacy policy.
Cloud Storagesolutions
Microsoft 365
For data processing, we use the cloud solution Microsoft 365, provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter „Microsoft“).
The legal basis for this data processing is
- our contractual or pre-contractual legal relationship in accordance with Art. 6 para. 1 lit. b GDPR, as well as
- our legitimate interest in a technologically flawless online presence and its economically efficient design and optimization according to Art. 6 para. 1 lit. f GDPR.
As we use Microsoft 365 as a cloud solution, it is possible for Microsoft to learn of our data. This includes data that can identify a person with a manageable amount of effort ("personal data"). In principle, this personal data is all data that you share with us on the occasion of the use of the website and in connection with our general communication and which we then process, or enter, using Microsoft 365.
This may include contact information (such as email address or phone number), billing information (name, billing address, payment method, and bank account information), information about related third-party accounts (such as the email address or username for a related PayPal, Google, or Facebook account), scanned identification documents provided to us (such as an ID card, driver's license, passport, or official company registration documents), and any other personal information (if you have provided it to us). However, Microsoft will not evaluate or use this data under the terms of the contract for data processing.
This may result in data being transferred to the USA. However, we have ensured that your data is only transferred to the USA on the basis of a contract in accordance with the standard contractual clauses. According to the GDPR and the EuGH, this is a legal basis for the transfer of data to the USA. Furthermore this provider is certified according to the EU-US Data Privacy Framework. This means that the transfer of data to the USA is possible in a legally secure manner on the basis of the adequacy decision concluded on 10.07.2023.
We have concluded an data processing agreement with this provider, according to which this provider will only process your data on our behalf within the scope of the GDPR and according to our instructions.
We have also set Microsoft 365 to store your data exclusively on servers in Germany or the EU. More information about the location of the stored data can be seen here: https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all
If you would like to learn more about Microsoft's privacy precautions, please use the following link: https://privacy.microsoft.com/de-de/privacystatement.
CRM and Marketing
SendinBlue CRM
Based on the permission for processing of contractual data in accordance with Art. 6 para. 1 (b) as well as our legitimate interest in efficient customer management in accordance with Art. 6 para. 1 (f) GDPR, we use the CRM system Brevo provided by SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
We have concluded a data-processing agreement with our CRM provider, according to which they will only process your information in accordance with our instructions. You will find more information about the data protection of our CRM provider at https://www.brevo.com/de/legal/privacypolicy/.
Here, we store all information that you have sent us while negotiating or concluding a contract, in particular your name, your contact information, payment information as well as provided products or services, if applicable. Our CRM provider also allows us to analyse this date statistically and historically.
We will store this information as long as we use it for the performance of the contract (in particular the warranty period) or for the duration of a statutory requirement to store the data (in particular for tax-relevant data).
This is our current valid privacy policy from 15.10.2024