Privacy Policy

1 Information regarding the collection of personal data

(1) The following provides information about the collection of personal data when using our website. Personal data includes individual details about personal or factual circumstances of a specific identifiable natural person (person concerned), e.g. name, address, email addresses, user behaviour.

(2) The party responsible in accordance with art. 4 para. 7 of the EU Data Protection Regulation (GDPR) is

Kunsthaus Lempertz KG
Neumarkt 3
50667 Cologne
Tel: +49 221 926729 0
Fax: +49 221 925729 6
Email: info@lempertz.com (see our imprint)

(3) The external data protection officer for Kunsthaus Lempertz KG is provided by

EU-CON BeraterForum GmbH
Waldfeuchter Straße 266
52525 Heinsberg
Germany
Tel.: +49 2452 993311
Fax: +49 2452 993322
Email: data@lempertz.com

(4) When you contact us by email or via our contact form, the data provided by you (your email address, if applicable your name and telephone number) will be stored by us to answer your enquiry. The data collected in this context will be deleted after storage is no longer required, or processing will be restricted if there are legal storage obligations.

(5) Should we use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective. We will also state the defined criteria for the period of storage.

2 Your rights

(1) You have the following rights in relation to your personal data:

  • Right to information
  • Right to correction or deletion
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to data portability

(2) You also have the right to complain to a data protection supervisory body about the processing of your personal data by us.

3 The collection of personal data when visiting our website

(1) Should you wish to use our website solely for information purposes, i.e. if you do not register with us or provide us otherwise with information, only the personal data that your browser sends to our server will be collected. If you wish to view our website, we will collect the subsequent data which is technically necessary for us to display our website to you and to ensure its stability and security (in accordance with art. 6 para. 1 p. 1 lit. f GDPR):

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (actual page)
  • Access status/HTTP status code
  • Respective amount of data transmitted
  • Website from which the request is received
  • Browser
  • Operating system and its interface
  • Language and version of browser software

(2) In addition to the aforementioned data, cookies are stored on your devise when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and through which certain information flows to the site that sets the cookie (here by us). Cookies cannot run programmes or transfer viruses to your computer. They serve to make the internet service generallv more user-friendly and effective.

(3) Use of cookies:

a) This website uses the following type of cookies, the scope and function of which are explained below:

Transient cookies (see b)

Persistent cookies (see c)

b) Transient cookies will be automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID with which various requests from your browser can be assigned to the shared session. This allows your device to be recognised when you return to our website. The session cookies are deleted if you log out or close the browser.

c) Persistent cookies are automatically deleted after a predetermined period which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that if you do so, you may not be able to use all the functions of this website.

4 Further functions and offers of our website

(1) In addition to the purely informative use of our website, we offer various services which you may use if interested. For this purpose, you will generally be required to provide additional personal data which we use to provide the respective service and to which the aforementioned data processing regulations apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound to our instructions and are regularly checked.

(3) We may also pass your personal data on to third parties in connection with competitions, events, contracts or similar services if the services are offered in cooperation with a partner. Detailed information will be given when you provide your personal data or can be found at the end of the description of the offer.

(4) If our service providers or partners are based in a country outside of the European Economic Area (EEA), we will inform you about the consequences of this situation in the description of the offer.

5 Objection to or revocation of the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such revocation will affect the permissibility of the processing of your personal data once you have informed us.

(2) You have the right to object to the processing, insofar as we base the processing of your personal data on a balance of interests. This is the case if the processing in particular is not necessary for the fulfilment of a contract with you, detailed in the description of the functions. Should you object, we ask you to explain the reasons why we should no longer process your personal data. Upon receiving your reasons for objection, we will examine the facts and will either cease or adjust the data processing or demonstrate to you our compelling reasons to continue the processing, should the processing not serve to enforce, exercise or defend legal rights.

(3) You have the right to object to the processing or your personal data for direct marketing and data analysis at any time. Objections regarding marketing can be sent to the following: data@lempertz.com

6 Automated decisions including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you, or which affects you significantly in a similar way. There will be no automated decision making based on the collected personal data.

Special forms of use by the website

7 Contact

When you contact us (e.g. via the contact form or email), we use the data provided by you for the processing of the enquiry and in the event that follow-up questions arise. If the data processing takes place within the framework of contractual or pre-contractual relations, the legal base for this data processing is art. 6 para. 1 p. 1 b GDPR. Further personal data will be accessed only with your agreement (art. 6 para. 1 p. 1 a GDPR) or if we have a legal interest in the processing of your data (art. 6 para. 1 p. 1 f  GDPR).

8 Collection of access data and log files

We create server log files on the basis of our legitimate interests in line with art. 6 para. 1 lit. f GDPR. The following data is collected: Name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

For security reasons, the log file information is saved for a maximum of 7 days and then deleted. Data for which further storage is required for evidentiary purposes (e.g. in cases of misusage) is excluded from deletion until the respective incident has been clarified.

9 Incorporation of YouTube videos

We have included YouTube videos on our website which are stored at http://www.YouTube.com and can be played directly from our website. These are all embedded in “enhanced privacy modus”, i.e. that no data about you as user is transferred to YouTube if you do not play the videos. Only when you play the videos are the provider’s cookies set and the data mentioned in art. 3 is transferred. We have no influence on this data transfer. An example of such a persistent cookie: VISI-TOR_INFO_1_LIVE

_gid 
dkv 
_ga 
CONSENT 
YSC 
PREF 
SID 
APISID 
LOGIN_INFO 
SSID 
HSID 
SAPISID

This cookie has a maximum validity of two years.

(2) When you visit our website, the information that you have visited the relevant page is transmitted to YouTube. In addition, the data mentioned in art. 3 of this declaration will be transferred. It is irrelevant whether you are logged in to a user account. If you are logged in to Google, this data will be directly assigned to your account. If you wish to prevent this assignment, you must log out before clicking the button. YouTube creates a user profile with your data and uses it for advertising purposes, market research and/or demand-oriented design of its website. You can object to the creation of this user profile in which case you must contact YouTube directly.

Further information on the purpose and scope of data collection and its processing through YouTube can be found in the Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

10 Incorporation of Google Maps

(1) We have incorporated Google Maps into our website. You are therefore able to use the interactive maps directly on our website.

(2) When you visit our website, the information that you have visited the relevant page is transmitted to Google. In addition, the data mentioned in art. 3 of this declaration will be transferred. It is irrelevant whether you are logged in to a Google user account. If you are logged in to Google, this data will be directly assigned to your account. If you wish to prevent this assignment, you must log out before clicking the button. Google creates a user profile with your data and uses it for advertising purposes, market research and/or demand-oriented design of its website. You can object to the creation of this user profile in which case you must contact Google directly.

(3) Further information on the purpose and scope of data collection and its processing through the plug-in provider can be found in the provider’s Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

11 Google Tag Manager

We use the Google Tag Manager to manage the so-called website tags via an interface. The Tag Manager itself (which implements the tags) does not process any of the user’s personal data. Regarding the processing of personal data, refer to the subsequent information on Google services. Terms of use: https://www.google.com/intl/de/tagmanager/use-policy.html.

12 Newsletter

(1) We send newsletters, emails and further electronic notifications with advertising information only with the consent of the recipient. The consent form lists the advertised wares and services.

(2) We use the so-called double opt-in procedure for the registration to our newsletter. This means that after your registration, we will send you an email to the provided email address in which we ask you to confirm that you wish to receive the newsletter. This is to ensure that you are the actual owner of the given email address. In addition, possible misuse of your personal data can be clarified. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after a month. In addition, we store your set IP address and the time of your registration and confirmation.

(3) For the transmission of the newsletter, only your email address is required. All further information is optional and is used to personalise the newsletter. Following your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is art. 6 para. 1 p. 1 lit. a GDPR.

(4) You can revoke your consent to the receipt of newsletters at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter email or by sending a message to the contact data given in the imprint.

(5) We would like to point out that we evaluate your user behaviour when the newsletter is sent. For this evaluation, the emails contain so-called web beacons or tracking pixels which represent one-pixel image files which are stored on our website. For the evaluations, we link the data mentioned in art. 3 and the web beacons with your email address and an individual ID. We record if you read our newsletter and which links you click on in them. It is in neither our, nor in the interest of our delivery service provider (if used) to monitor individual users. The data obtained is used, for example, to adjust content and determine optimal delivery times.

You can object to this tracking at any time by clicking on the separate link provided in each email or by contacting us via an alternative contact method. So long as you subscribe to the newsletter, the information will be stored. After you unsubscribe, we store the data purely for statistical reasons and anonymously. Such tracking is also not possible if you have deactivated by default the image display in your email programme. In this case the newsletter will not be displayed completely, and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

13 Newsletter – Mailchimp

The newsletter is sent via the mailing service provider “MailChimp”, a newsletter mailing service platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the mailing service provider can be viewed at: mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The mailing service provider is operated on the basis of our legitimate interest according to art. 6 para. 1 lit. f GDPR and order processing contract according to art. 28 para. 3 p. 1 GDPR.

The mailing service provider may use the recipient’s data in pseudonym form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of mailing and the presentation of the newsletter or for statistical purposes. The mailing service provider does not use however the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

14 Registration on this website

We offer you the use of our member service where you can register by entering your email address and a password of your choice. The provision of this data as well as your address, name and the nature of your relationship to us is mandatory, all further data is provided voluntarily. We use the so-called double opt-in for registration, i.e. your registration is complete only when you have confirmed your registration by clicking on the link included in a confirmation email sent to you for this purpose.

Use of analysis tools

15 Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called “cookies”, text data files which are saved on your computer and allow this service to analyse your website usage. As a rule, the information generated from the cookie about your website usage is transferred to one of Google's servers in the USA and stored there. The activation of IP anonymisation on this website means that if you are inside the European Union or any of the other contracting states of the European Economic Area, your IP address will be shortened by Google before being sent. Only in exceptional cases will a full IP address be sent to one of Google's servers in the US and shortened there. At the website operator's request, Google uses this information to analyse your website usage, create reports about website activity, and provide other services for the website provider relating to website and internet usage.  

(2) The IP browser transmitted by your browser for Google Analytics is not merged with other data from Google.

(3) You can prevent cookies being saved by changing your browser settings; however, we would like to point out that, should you do this, you will not be able to use all the features of this website to their full potential. You can also prevent Google from receiving or analysing the data from the cookie created when you visit this website (including your IP address) by clicking on the following link and downloading and installing the browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de

(4) This website uses Google Analytics with the extension “_anonymizelp()”. This allows IP addresses to be processed in a shortened form, so that a personal reference can be excluded. If the data collected about you contains a personal reference, this is immediately excluded, and the personal data is therefore immediately deleted.

(5) Google Analytics uses the following cookies for analysis:

(a) _ga: This cookie is used to analyse your user behaviour. With the help of randomly generated values, you can be distinguished from other users. This cookie is therefore not used to identify individuals and expires after two years.

(b) _gid: This cookie is used to analyse your user behaviour. With the help of randomly generated values, you can be distinguished from other users. This cookie is therefore not used to identify individuals and expires after 24 hours.

(c) _gat: This cookie is used to analyse the enquiry rate/quantity. It contains the ID of the linked “Google Analytics” accounts but is not used to identify individuals and expires after one minute.

(6) We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. In exceptional cases where personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is art. 6 para. 1 p. 1 lit. f GDPR.

(7) Information about the third party: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/de.html, summary of data protection: www.google.com/intl/de/analytics/learn/privacy.html, as well as data privacy statement: http://www.google.de/intl/de/policies/privacy.

2 Use of Hotjar

This website uses the web analysis services of Hotjar to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. Legal basis for Hotjar is art. 6 para 1 p. 1 lit. f GDPR.

It is possible with Hotjar to measure and evaluate the usage behaviour (clicks, mouse movements, scroll distance, etc.) on our website. The information generated by the tracking code and cookies from your visit to our website is transmitted to the Hotjar servers in Ireland and stored there.

The following information can be recorded from your device and your browser:

  • The IP address of your device (gathered and stored in an anonymous format)
  • Your email address including your first and surname, if you provided these on our website
  • Screen size of your device
  • Type of device and browser information
  • Geographical viewpoint (country only)
  • Preferred language for the display of our website
  • Log data

The following data is automatically generated by our server if Hotjar is used:

  • Referring domain
  • Visited sites
  • Geographical viewpoint (country only)
  • Preferred language for the display of our website
  • Date and time the website was accessed

Hotjar uses this information to evaluate your visit of our website, to generate reports of the usage, as well as the evaluation of other services that relate to the use of the website and the internet evaluation of the website.

Hotjar also uses the services of third-party companies such as Google Analytics and Optimizely to provide services. These third parties may store information which your browser sends during the website visit, such as cookies or IP requests. For further information on how Google Analytics and Optimizely store and use data, please see their respective privacy policy statements.

The cookies that Hotjar uses have a varied “lifespan”. Some last for up to 365 days, others are only valid during the actual visit.

You can prevent Hotjar collecting the data by clicking on the following link and following the instructions: https://www.hotjar.com/opt-out.

Use of Social Media Plug-ins

(1) We use the following social media plug-ins on our site: Facebook, Google+, Twitter, Xing, Linkedln, Pinterest. With this we use the two-click solution. When you visit our site, no personal data is initially passed on to the plug-in provider. Only if you click on the corresponding provider’s button will the information that you have called up the corresponding website of our online offer be transferred to the provider. In addition, the data mentioned in art. 3 will be transferred to the provider. In the case of Facebook and Xing, your IP address will be anonymised immediately after the collection, according to the respective providers in Germany. By clicking on the respective provider’s button, personal data is therefore transmitted to the provider and stored there. Before clicking on the button, we advise you to delete all your cookies, as the plug-in provider collects the data mainly via cookies.

(2) We have no influence over the data processing procedure and the data collected. We are not aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the collected data of the plug-in provider.

(3) The data collected about you is stored by the plug-in provider as user profile. These are used for the purposes of advertising, market research and/or demand-oriented design of the website. You have the right to object to the creation of these user profiles, in which case you must contact the respective plug-in provider. The plug-ins serve to improve our offer and enhance your user experience, as you can interact with social networks and so with other users via the plug-ins. Legal basis for the use of plug-ins is art. 6 para. 1 p. 1 lit. f GDPR.

(4) It is not relevant if you have an account with the plug-in provider and are logged in there. If you are logged in, the data collected by us will be immediately assigned to your account with the plug-in provider. We therefore recommend that you regularly log out after using social networks, especially before activating the buttons, to prevent your profile from being directly assigned to the plug-in provider.  

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection statements of the providers listed below. There you will also find information on your rights in this matter and settings options for the protection of your privacy.

(6) Addresses of the respective plug-in providers and URL with their data protection advice:

a) Facebook Inc., 1601 California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; agreement on joint processing of personal data: www.facebook.com/legal/terms/page_controller_addendum; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other; as well as: www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.

b) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; www.twitter.com/privacy. Twitter has submitted to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.

c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; www.xing.com/privacy.

d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.

e) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; www.google.com/policies/privacy/partners/. Google has submitted to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework. f) Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA, https://policy.pinterest.com/de/privacy-policy

Use of our Mobile App

1 Information on the collection of personal data

(1) In addition to our online offer, we offer a mobile app that can be downloaded to your iPhone. In the following, we provide information about the collection of personal data by using your mobile app. Personal data refers to particulars about personal or factual circumstances of a specific or identifiable natural person (the person in question). This includes, for example, name, email address, residential address, etc.

(2) The party responsible in accordance with art. 4 para. 7 of the EU Data Protection Regulation (GDPR) is

Kunsthaus Lempertz KG
Neumarkt 3
50667 Köln
Tel.: +49 221 925729 0
Fax: +49 221 925729 6
E-Mail: info@lempertz.com (see our imprint)

The data protection officer of Kunsthaus Lempertz KG is Mr. Dr. Takuro Ito. Our data protection officer can be reached under data@lempertz.com

(3) When contacting us (e.g. via contact form, email, telephone or via social media), the user’s data will be processed for the purpose of handling the contact enquiry and its processing in accordance with art. 6 para. 1 lit b GDPR. We will delete the enquiry if it is no longer necessary. The statutory archiving obligations apply.

(4) If we require the use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective procedures. We will also state the defined criteria for the storage period.

2 Your Rights

(1) You have the following rights in relation to your personal data:

  • Right to information
  • Right to correction or deletion
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability

(1) In addition, you have the right to complain to a data protection supervisory authority about the processing of your personal data in our company.

3 Collection of personal data when using our mobile app

(1) When downloading the mobile app, the required information is transferred to the App Store, in particular the username, email address and customer number of your account, the time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data when necessary for downloading the mobile app to your mobile device.

(2) When using the mobile app, we collect the personal data listed below to enable convenient use of functions. If you wish to use our mobile app, we collect the following data which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security (legal basis is art. 6 para. 1 p. 1 lit. f GDRP):

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (actual page)
  • Access status/HTTP status code
  • Respective amount of data transmitted
  • Website from which the request is received
  • Browser
  • Operating system and its interface
  • Language and version of browser software

(3) In addition, we require your device identification, the unique number of the end device (IMEI = International Mobile Equipment Identity), the unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile device, email address.

(4) The mobile app does not use cookies.

Definitions

Anonymisation

Anonymisation is the alteration of personal data in such a way that the individual details of personal or factual circumstances can no longer be attributed to, or can only be attributed to a disproportionate expenditure of time, cost and labour of a specific or identifiable natural person.

Contract processor

According to art. 4 no. 8 GDPR, a contract processor is “a natural or legal person, public authority, agency or any other body which processes personal data on behalf of those responsible”.

The party/person concerned

A party/person, whose personal data is collected, processed or used.

Natural person

Natural persons are individuals, families and other groups of persons with a personal space. Sole traders – whether or not entered in the commercial register – are also included here.

Legal entities

Legal entities are corporations and registered associations as well as partnerships.

Personal data

Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person (party/person concerned).

This includes all information that says something about the person. This information does not necessarily have to relate to a specific person (such as the name or a photograph of the person concerned); it is sufficient that a reference can be made to the respective person. “We recognise the caller from the telephone number on the display. An email address often tells us the name and employer of the sender, without us having had personal contact with him or her”.

Pseudonymisation

Pseudonymisation means “the replacement of the name and other identifying features by a mark for the purpose of excluding or substantially complicating the identification of the person concerned”. This is done for example through the use of nicknames.

Material circumstances

“Material circumstances” are information about facts that relate to the person concerned and make him or her identifiable, for example. This includes information about income, assets, contractual relationships and the extent of internet use.

Sensitive categories of personal data

Art. 9 of the EU GDRP states: “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited”.

Processing

Processing means the storage, modification, transmission, blocking and deletion of personal data.

Collection

Collection means the procurement of data on persons concerned.

Use

Use means any application of personal data not covered by “Processing”.

Deletion

Deletion means everything from making personal data unrecognisable to the “destruction” of personal data