We appreciate your visit to our website. The following text informs you about which personal data we collect and what happens with the data when you visit our website. Personal data are all data by which you can be personally identified. You will also find information about your rights as a data subject arising from the EU General Data Protection Regulation (EU GDPR).
I. The Responsible Party Regarding the EU General Data Protection Regulation (EU GDPR) is
Kunstmuseum Stuttgart gGmbH
Represented by the managing director Dr. Ulrike Groos
Kleiner Schlossplatz 13
Phone +49 (0)711 / 216 196 00
II. Data Protection Officer is
Dr. Inge Rötlich
Phone: +49 (0)7031 / 418 090
III. General Information on Data Processing
1. Scope of personal data processing
We process the personal data of our users only to the extent necessary for the provision of a functional website along with our content and services.
This website uses an SSL encryption to protect the transmission of confidential content, such as requests that you send us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. When this encryption is activated, the data that you transmit to us cannot be read by a third party.
3. Website provision and creation of log files
Each time you visit our website, our system automatically collects data and information from the calling computer. The following data is collected:
• User IP address
• Information about the browser type
• Information about the browser type version used
• User operating system
• User Internet service provider
• Date and time of the access
• Website from which the user has reached our site
• Websites that the system user visits from our website
• Page views
This data is stored in our system’s log files. This data is not stored together with other personal user data. The legal basis for this data processing is, on the one hand, our legitimate interest pursuant to Art. 6 para. 1 lit. f EU GDPR in the analysis of our website and its use, and, if applicable, also the legal permission to store data as part of the initiation of a contractual relationship pursuant to Art. 6 lit. b EU GDPR. The stored date is used for the provision and functionality of the website and the analysis of user behavior. There is a permanent storage of anonymized IP addresses in log files.
4. Processing of special data in accordance with Art. 9 GDPR
We process data pursuant to Art. 9 para. 2 GDPR if the processing is necessary us or the data subject to exercise the rights and comply with his or her obligations under labor law and social security and social protection law, to the extent permitted by European Union law or Member State law or a collective agreement under Member State law that provides appropriate safeguards for the fundamental rights and interests of the data subject. No special personal data is processed in connection with this website.
We likewise use persistent cookies, that is, cookies that persist even after the browser is closed. Furthermore, we use analysis cookies to analyze users’ surfing behavior. For this purpose, we obtain consent from the user for the processing of personal data used in this context. For the analysis, the entered search terms, the frequency of the page views, and the use of website functions are transmitted.
V. Email Contact
If you send us an inquiry by e-mail, your data will only be used for processing your inquiry. This data will not be passed on to a third party. In this case, the user’s personal data transmitted with the e-mail will be stored. The processing of the data is based on your consent (Art. 6 para. 1 lit. a EU GDPR), which you have granted by sending the e-mail. You can revoke this consent at any time. For this purpose, sending us an informal communication by e-mail is sufficient. The legality of the data processing operations carried out up to the revocation remains unaffected by the revocation. The data you send us in the e-mail remains stored by us until you ask us to delete it, you revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your inquiry). Mandatory legal provisions—particularly the retention periods—remain unaffected.
We use plugins from the Google-operated YouTube webpage of YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. When you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with our personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR.
VII. Your Data Protection Rights
If we process your personal data, you are a data subject within the meaning of the EU Data Protection Regulation. You are therefore entitled to the following rights:
1. Right to information (Art. 15 EU GDPR)
You can request information from us at any time, free of charge, about the personal data we have stored about you. In order to prevent misuse, identification of your person is required.
2. Right to rectification (correction) (Art. 16 EU GDPR)
You have the right at any time to have your personal data processed by us corrected and/or completed if it is incorrect or incomplete.
3. Right to erasure—“Right to be forgotten” (Art. 17 EU GDPR)
You have the right to the erasure of your personal data that has been processed by us. This applies in particular when the purpose for processing it has expired, a required consent has been revoked and no other legal basis exists, or our data processing is unlawful. We will delete your personal data immediately within the legal framework.
4. Right to restriction of processing (Art. 18 EU GDPR)
You can request the restriction of the processing of your data. Where the processing of the personal data concerning you has been restricted, such data may be processed—with the exception of its storage—only with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest or the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller(s) before the restriction is lifted.
5. Right to notification (Art. 19 EU GDPR)
If you have asserted your right to rectification, erasure, or restriction of processing to the controller(s), the controller is obliged to notify each recipient to whom your personal data has been disclosed of any rectification, erasure, or restriction of process personal data, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.
6. Right to data portability (Art. 20 EU GDPR)
You have the right to receive from us the data we have stored about you in machine-readable format.
7. Right to object (Art. 21 EU GDPR)
You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you that is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object, at any time, to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. This also applies to profiling, insofar as it is linked with such direct marketing. If you object the processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
8. Right to lodge a complaint with a supervisory authority (Art. 77 EU GDPR)
Irrespective of any other administrative or legal redress, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes on the EU GDPR. You can assert this right to a supervisory authority in the Member State of your residence, workplace, or the location of the alleged infringement.
In Baden-Württemberg, the responsible supervisory authority is the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information:
Der Landesbeauftragte für den Datenschutz
und die Informationsfreiheit Baden-Württemberg
Phone +49 (0)711 / 615 541 0
The supervisory authority with which the complaint has been lodged shall inform the complainant(s) of the status and outcome of the complaint, including the possibility of a legal redress under Art. 78 EU GDPR.