Data Privacy Statement
Thank you for visiting our website. We are informing you below what personal data we gather and what happens to said data if you visit our website. Personal data is any data with which you can be personally identified. In addition, you are being given information on your rights as a data subject arising from the EU General Data Protection Regulation (EU GDPR).
I. The controller within the meaning of the EU General Data Protection Regulation (EU GDPR) is
Kunstmuseum Stuttgart gGmbH
Represented by the Executive Director Dr. Ulrike Groos
Kleiner Schlossplatz 13
T: +49 (0)711 / 216 196 00
II. The Data Privacy Officer is
Dr. Inge Rötlich
T: +49 (0)7031 / 418 090
F: +49 (0)7031 / 418 097 0
III. General remarks concerning data processing
1. Scope of the processing of personal data
We essentially only process personal data of our users to the extent necessary to provide a functioning website, as well as provide our content and services.
In order to protect the transmission of confidential content, such as the inquiries that you transmit to us in our capacity as website operators, this website uses SSL encryption. You can recognize an encrypted connection by the fact that your browser’s address bar changes from http:// to https:// and by the key symbol shown in your browser line. If such encryption is enabled, the data that you transmit to us cannot be read by any third parties.
3. Provision of the website and creation of log files
Every time you access our website our system automatically gathers data and information in regard to the accessing computer. The following data is gathered in the process:
• IP address
• Information on the browser type
• Information on the version of the browser type
• Operating system
• Internet Service Provider
• The date and time of access
• Web page from which the visitor reached our site
• Web pages that have been accessed by the user’s system via our website
This data is stored in the log files of our system. This data is not stored together with other personal data of the users. The legal basis for this data processing is, firstly, our legitimate interests in analyzing and using our website pursuant to Art. 6(1)(f) EU GDPR, and possibly also the statutory permission to store data within the scope of initiating a contractual relationship pursuant to Art. 6(b) EU GDPR.
Within the context of our legitimate interest in a technically faultless website and the optimization of it pursuant to Art. 6(1)(f) EU GDPR, our website deploys cookies, so that our services can be used more appropriately, more effectively and in a safer manner.
Cookies are small text files that are stored on your computer. The latter may, on the one hand, be session cookies, which are automatically deleted on our website at the end of your visit. There are, however, also cookies that are stored on your computer permanently, unless you delete them. That enables us to recognize your browser again the next time you access it and make you suitable offers. You can, in the settings of your browser, prevent cookies from being stored altogether, or prevent them whenever you visit particular websites. It is, however, possible that not all the functions of our website will still be available for use if you do that.
V. Email Contact
If you contact us with your inquiries by email, your details will only be used for processing your inquiry. This data will not be passed on to third parties. In this case, the user’s personal data transmitted with the email will be stored.
The data processing is carried out based on your consent (Art. 6(1)(a) EU GDPR), which you grant by sending the email. You can revoke such consent at any time. An informal notification, sent to us by email, is sufficient for that purpose. The legitimacy of the data processing procedures carried out prior to the revocation shall not be affected by the revocation.
The data forwarded by you in the email remains with us until you request its deletion, revoke your consent to its being stored or the purpose for which the data is stored lapses (e.g. once your inquiry has been conclusively processed). Mandatory statutory regulations – in particular archival periods – shall not be affected thereby.
VI. Analysis Tools and Advertising
Web Analysis via Piwik
The storage of Piwik cookies takes place based on Art. 6 Paragraph 1 lit. f EU GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior to optimize both its web content and advertising.
The information the cookies generate about the use of this website is not transferred to third parties. You can prevent cookies from being stored on your device by using the corresponding settings in your browser software; we would like to point out that, as a result, you may not be able to use all of the functions of this website.
If you do not consent to the storage and use of your data, you can deactivate the storage and use. In this case an opt-out cookie will be deposited in your browser that prevents Piwik from storing user data. If you delete your cookies, the Piwik opt-out cookie will also be deleted. Hence the opt-out will need to be reactivated once you revisit our website.
VII. Plug-ins and tools
We use plug-ins of the YouTube website operated by Google of YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you have your habitual residence in the European Economic Area or Switzerland, this service is provided to you by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you do not have your usual residence in the European Economic Area or Switzerland, this service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For those instances where personal information is transferred to the United States, Google has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view a current certificate under this link: https://www.privacyshield.gov/list.
If you visit one of our pages equipped with a YouTube plug-in, a connection to the servers of YouTube is established. In the process, the YouTube server is notified which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to allocate your surfing patterns directly to your personal user profile. You can prevent this by logging out of your YouTube account. YouTube is deployed in the interests of an appealing display of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) EU GDPR. You will find further information on how user data is handled by YouTube at: https://www.google.de/intl/de/policies/privacy.
2. Google Maps
Via an API (application programming interface) we use the map service Google Maps by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For the use of the Google Maps functions, it is necessary to store your IP address. This information is normally transferred to a Google server in the USA and stored there. We do not have any influence over this data transfer.
VIII. Your rights as a data subject
To the extent that we process personal data of yours, you are a data subject within the meaning of the EU GDPR. That means that you are entitled to assert the following rights vis-à-vis us:
1. The right to information (Art. EU 15 GDPR)
You may request information about the personal data stored by us about you, free of charge, at any time. In this respect, we need to see a form of identification, in order to prevent abuse.
2. The right to correction (Art. 16 EU GDPR)
You have a right to correction and/or completion of your personal data processed by us at any time, should it be incorrect or incomplete.
3. The right to erasure – the right to be forgotten (Art. 17 EU GDPR)
You have the right to have your personal data processed by us deleted. This in particular applies if the purpose of the processing has lapsed, any consent required has been revoked and no other legal basis exists, or our data processing is illegitimate. We shall then delete your personal data without delay within the statutory scope.
4. The right to restrict the processing (Art. 18 EU GDPR)
You may request restriction of the processing of your data.
Should the processing of the personal data concerning you have been restricted, such data may – apart from being stored – only be processed with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons involving a significant public interest on the part of the EU or a Member State.
Should the restriction of the processing have been limited in accordance with the above-mentioned prerequisites, you will be notified by the controller before the restriction is lifted.
5. The right to be notified (Art. 19 EU GDPR)
Should you have asserted the right to correction, deletion or restriction of the processing vis-à-vis the controller, the latter is obliged to notify all recipients to which it has disclosed the personal data concerned about the correction or deletion of the data or restriction of the processing, unless this proves impossible or involves disproportionate effort.
You are entitled to be notified about such recipients by the controller.
6. The right to data portability (Art. 20 EU GDPR)
You may request us to transmit the data stored about you in machine-readable form.
7. The right of opposition (Art. 21 EU GDPR)
You are entitled, for reasons which arise from your particular situation, to file an objection against the processing of the personal data concerning you, which is being undertaken based on Art. 6(1)(e) or (f) GDPR. This also applies to any profiling based on such provisions.
The controller will no longer process the personal data concerning you unless it can provide evidence of reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
Should the personal data concerning you be processed in order to engage in direct advertising, you are entitled to file an objection to the processing of the personal data concerning you for the purpose of such advertising at any time. This also applies to profiling, in so far as it is connected with such direct advertising.
Should you object to the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for such purposes.
8. The right to appeal to a supervisory authority (Art. 77 EU GDPR)
Notwithstanding any other administrative or judicial remedy, you are entitled to file a complaint with a supervisory authority if you are of the opinion that the processing of the personal data concerning you violates the EU GDPR. You may assert such a right vis-à-vis a supervisory authority in the Member State of your place of residence, your place of work or the place where the violation is presumed to have taken place.
In Baden-Württemberg, the supervisory authority responsible is:
The State Commissioner for Data Privacy and Freedom of Information for Baden-Württemberg
T: +49 (0)711 / 615 541 0
The supervisory authority with which the appeal has been filed will notify the party filing the appeal about the status and the results of the appeal, including the option of a judicial legal remedy pursuant to Art. 78 EU GDPR.
IX. Amendment of the data privacy statement
Should an amendment to the data privacy statement become necessary on legal or factual grounds, we shall update this page accordingly. No changes to the consent granted by the user will be made in the process.