Privacy Policy
Preamble
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and specifically on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offerings").
The terms used are not gender-specific.
Date: October 1, 2024
Responsible Party
Marcel Glass - Visual Artist
Merkenicher Strasse 291
50735 Cologne
Email: hallo@marcelglass.de
Phone: +49 1575 4526495
Applicable Legal Bases
Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.
National Data Protection Regulations in Germany: In addition to the data protection provisions of the GDPR, national regulations on data protection in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. Additionally, state data protection laws of the individual federal states may also apply.
Security Measures
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities of occurrence and the severity of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, entry, transmission, and ensuring the availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, data deletion, and responses to data breaches. We also consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.
TLS/SSL Encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
Rights of Data Subjects under the GDPR: As data subjects, you have various rights under the GDPR, which are primarily derived from Articles 15 to 21 GDPR:
Right to Object:
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data that is carried out under Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to Withdraw Consent:
You have the right to withdraw any consent given at any time.
Right to Access:
You have the right to request confirmation as to whether your data is being processed, and to obtain information about that data as well as further information and a copy of the data in accordance with legal provisions.
Right to Rectification:
You have the right, in accordance with legal provisions, to request the completion of your personal data or the rectification of inaccurate personal data concerning you.
Right to Deletion and Restriction of Processing:
You have the right to request, in accordance with legal provisions, that your personal data be deleted immediately, or alternatively, to request a restriction on the processing of your data in accordance with legal provisions.
Right to Data Portability:
You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transmission of that data to another controller, in accordance with legal provisions.
Right to Lodge a Complaint with a Supervisory Authority:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, your workplace, or the location of the alleged infringement, if you believe that the processing of your personal data infringes the provisions of the GDPR.
Business Services:
We process data of our contractual and business partners, such as customers and prospective customers (collectively referred to as "contract partners") within the framework of contractual and comparable legal relationships, as well as associated measures and in the context of communication with contract partners (or pre-contractually), e.g., to respond to inquiries. We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any updating obligations, and remedies for warranty and other performance disruptions. Additionally, we process the data to protect our rights and for the administrative tasks associated with these obligations, as well as for business organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management and security measures to protect our contract partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., regarding the involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose contract partner data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contract partners will be informed about other forms of processing, e.g., for marketing purposes, within the framework of this privacy policy. We inform contract partners of the data required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally. We delete the data after the expiration of statutory warranty and comparable obligations, generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons for archiving purposes. The statutory retention period for tax-relevant documents and commercial books, inventories, opening balances, annual financial statements, the necessary working instructions to understand these documents, and other organizational documents and accounting records is ten years, while for received commercial and business letters and reproductions of sent commercial and business letters, it is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory was made, the opening balance, annual financial statement, or management report was prepared, the commercial or business letter was received or sent, or the accounting record was created, as well as when the recording was made or the other documents were created.
To provide our services, if we use third-party providers or platforms, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between users and providers.
Types of Processed Data: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, phone numbers); contract data (e.g., subject matter of the contract, duration, customer category).
Data Subjects: Prospective customers, business and contract partners.
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; contact inquiries and communication; office and organizational procedures. Administration and response to inquiries.
Legal Bases: Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR); legal obligation (Article 6(1)(c) GDPR); legitimate interests (Article 6(1)(f) GDPR).
Further Information on Processing Processes, Procedures, and Services:
Artistic and Literary Services: We process the data of our clients to enable them to select, acquire, or commission the chosen services or works, as well as related activities and their payment and delivery or execution. The required information is marked as such within the framework of the order, purchase, or comparable contract conclusion and includes the information necessary for delivery and invoicing as well as contact information for any necessary follow-up.
Legal Bases: Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR).
Provision of Online Offerings and Web Hosting:
We process users' data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Types of Processed Data: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
Data Subjects: Users (e.g., website visitors, online service users).
Purposes of Processing: Provision of our online offerings and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures. Provision of contractual services and fulfillment of contractual obligations.
Legal Bases: Legitimate interests (Article 6(1)(f) GDPR).
Further Information on Processing Processes, Procedures, and Services:
Provision of Online Offerings on Rented Storage Space: To provide our online offerings, we use storage space, computing capacity, and software that we rent or otherwise obtain from a relevant server provider (also referred to as "web host").
Legal Bases: Legitimate interests (Article 6(1)(f) GDPR).
Collection of Access Data and Log Files: Access to our online offerings is logged in the form of so-called "server log files." Server log files may include the address and name of the retrieved websites and files, date and time of access, transferred data volumes, messages about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in cases of abusive attacks, so-called DDoS attacks), and to ensure server load and stability.
Legal Bases: Legitimate interests (Article 6(1)(f) GDPR).
Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident is finally resolved.
1&1 IONOS:
Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacities).
Service Provider:
1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
Legal Bases:
Legitimate interests (Article 6(1)(f) GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy.
Data Processing Agreement:
https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.
Preamble
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and specifically on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offerings").
The terms used are not gender-specific.
Date: October 1, 2024
Responsible Party
Marcel Glass - Visual Artist
Merkenicher Strasse 291
50735 Cologne
Email: hallo@marcelglass.de
Phone: +49 1575 4526495
Applicable Legal Bases
Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.
- Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Contract Fulfillment and Pre-Contractual Inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party, or for carrying out pre-contractual measures at the request of the data subject.
- Legal Obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - The processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, prevail.
National Data Protection Regulations in Germany: In addition to the data protection provisions of the GDPR, national regulations on data protection in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. Additionally, state data protection laws of the individual federal states may also apply.
Security Measures
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities of occurrence and the severity of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, entry, transmission, and ensuring the availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, data deletion, and responses to data breaches. We also consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.
TLS/SSL Encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
Rights of Data Subjects under the GDPR: As data subjects, you have various rights under the GDPR, which are primarily derived from Articles 15 to 21 GDPR:
Right to Object:
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data that is carried out under Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to Withdraw Consent:
You have the right to withdraw any consent given at any time.
Right to Access:
You have the right to request confirmation as to whether your data is being processed, and to obtain information about that data as well as further information and a copy of the data in accordance with legal provisions.
Right to Rectification:
You have the right, in accordance with legal provisions, to request the completion of your personal data or the rectification of inaccurate personal data concerning you.
Right to Deletion and Restriction of Processing:
You have the right to request, in accordance with legal provisions, that your personal data be deleted immediately, or alternatively, to request a restriction on the processing of your data in accordance with legal provisions.
Right to Data Portability:
You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transmission of that data to another controller, in accordance with legal provisions.
Right to Lodge a Complaint with a Supervisory Authority:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, your workplace, or the location of the alleged infringement, if you believe that the processing of your personal data infringes the provisions of the GDPR.
Business Services:
We process data of our contractual and business partners, such as customers and prospective customers (collectively referred to as "contract partners") within the framework of contractual and comparable legal relationships, as well as associated measures and in the context of communication with contract partners (or pre-contractually), e.g., to respond to inquiries. We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any updating obligations, and remedies for warranty and other performance disruptions. Additionally, we process the data to protect our rights and for the administrative tasks associated with these obligations, as well as for business organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management and security measures to protect our contract partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., regarding the involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose contract partner data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contract partners will be informed about other forms of processing, e.g., for marketing purposes, within the framework of this privacy policy. We inform contract partners of the data required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally. We delete the data after the expiration of statutory warranty and comparable obligations, generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons for archiving purposes. The statutory retention period for tax-relevant documents and commercial books, inventories, opening balances, annual financial statements, the necessary working instructions to understand these documents, and other organizational documents and accounting records is ten years, while for received commercial and business letters and reproductions of sent commercial and business letters, it is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory was made, the opening balance, annual financial statement, or management report was prepared, the commercial or business letter was received or sent, or the accounting record was created, as well as when the recording was made or the other documents were created.
To provide our services, if we use third-party providers or platforms, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between users and providers.
Types of Processed Data: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, phone numbers); contract data (e.g., subject matter of the contract, duration, customer category).
Data Subjects: Prospective customers, business and contract partners.
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; contact inquiries and communication; office and organizational procedures. Administration and response to inquiries.
Legal Bases: Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR); legal obligation (Article 6(1)(c) GDPR); legitimate interests (Article 6(1)(f) GDPR).
Further Information on Processing Processes, Procedures, and Services:
Artistic and Literary Services: We process the data of our clients to enable them to select, acquire, or commission the chosen services or works, as well as related activities and their payment and delivery or execution. The required information is marked as such within the framework of the order, purchase, or comparable contract conclusion and includes the information necessary for delivery and invoicing as well as contact information for any necessary follow-up.
Legal Bases: Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR).
Provision of Online Offerings and Web Hosting:
We process users' data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Types of Processed Data: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
Data Subjects: Users (e.g., website visitors, online service users).
Purposes of Processing: Provision of our online offerings and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures. Provision of contractual services and fulfillment of contractual obligations.
Legal Bases: Legitimate interests (Article 6(1)(f) GDPR).
Further Information on Processing Processes, Procedures, and Services:
Provision of Online Offerings on Rented Storage Space: To provide our online offerings, we use storage space, computing capacity, and software that we rent or otherwise obtain from a relevant server provider (also referred to as "web host").
Legal Bases: Legitimate interests (Article 6(1)(f) GDPR).
Collection of Access Data and Log Files: Access to our online offerings is logged in the form of so-called "server log files." Server log files may include the address and name of the retrieved websites and files, date and time of access, transferred data volumes, messages about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in cases of abusive attacks, so-called DDoS attacks), and to ensure server load and stability.
Legal Bases: Legitimate interests (Article 6(1)(f) GDPR).
Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident is finally resolved.
1&1 IONOS:
Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacities).
Service Provider:
1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
Legal Bases:
Legitimate interests (Article 6(1)(f) GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy.
Data Processing Agreement:
https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.