Privacy Policy

Privacy Policy

Introduction and overview

We have drafted this privacy policy (version 15.03.2024-312746810) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Scope of application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy covers:

  • all online presences (websites, online shops) that we operate
  • social media presence and email communication
  • mobile Apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
  2. Legal obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally obliged to retain invoices for accounting purposes. These usually contain personal data.
  3. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically. This processing is therefore a legitimate interest.

Other conditions, such as the perception of recordings in the public interest and the exercise of public authority, as well as the protection of vital interests, do not generally apply in our case. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
  • In Germany, the Federal Data Protection Act (BDSG) applies.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible person

If you have any questions about data protection or the processing of personal data, please find the contact details of the responsible person or department below:

Christiane Rhein
Potsdamer Strasse 93
10785 Berlin
Authorized representative: NN
E-Mail: info@gallery-weekend-berlin.de
Phone: +49 30 70038771
Imprint: https://www.gallery-weekend-berlin.de

Storage period

It is our general policy to store personal data only for as long as is necessary to provide our services and absolutely necessary. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Berlin Data Protection Authority

State Data Protection Officer: Meike Kamp
Address: Alt-Moabit 59-61, 10969 Berlin
Phone.: 030/138 89-0
E-Mail: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/

Data processing security

We have implemented both technical and organizational measures to protect personal data. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible for third parties to derive personal information from our data.

Article 25 GDPR refers to “data protection through technology design and data protection-friendly default settings,” meaning that security must always be considered and appropriate measures taken for both software (e.g., forms) and hardware (e.g., access to the server room). In the following, we will discuss specific measures where necessary.

When you contact us and communicate by telephone, email, or online form, personal data may be processed.

The data will be processed for the purpose of handling and processing your inquiry and the associated business transaction. The data will be stored for as long as necessary or as required by law.

Affected individuals

The aforementioned processes affect everyone who contacts us via the communication channels we provide.

Telephone

When you call us, the call data is stored in pseudonymized form on the respective end device and by the telecommunications provider used. In addition, data such as your name and telephone number may be sent by email and stored for the purpose of responding to your inquiry. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Email

When you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Online Forms

When you communicate with us using the online form, data is stored on our web server and, if necessary, forwarded to one of our email addresses. The data is deleted as soon as the business transaction has been completed and legal requirements allow.

Legal basis

The processing of data is based on the following legal grounds:

  • Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and use it for purposes related to the business transaction;
  • Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the performance of a contract with you or a processor, such as a telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
  • Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer inquiries and business communications in a professional manner. This requires certain technical equipment, such as email programs, exchange servers, and mobile phone operators, in order to communicate efficiently.

Here is a list of possible data that we receive from you and process:

  • Name
  • Contact address
  • Email address
  • Phone number
  • Meta data (IP address, device information)

How long will the data be stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes, and the data is also not necessary for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given your consent.

Legal basis

The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests) and, in specific cases (e.g., medical services), Art. 9 (2) (a) GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 (2) (h) GDPR. If you voluntarily provide special categories of data, processing is carried out on the basis of Art. 9 (2) (a) GDPR.

Duration of data processing

If you unsubscribe from our email/newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against any claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently revoke your consent, we reserve the right to store your email address in a block list. As long as you have voluntarily subscribed to our newsletter, we will of course retain your email address.

Right to Object

You can unsubscribe from our newsletter at any time. All you need to do is revoke your consent to receive the newsletter. This usually takes just a few seconds or one or two clicks. In most cases, you will find a link at the end of each email to unsubscribe from the newsletter. If you really cannot find the link in the newsletter, please contact us by email and we will unsubscribe you from the newsletter immediately.

Legal basis

Our newsletter is sent on the basis of your consent (Article 6(1)(a) GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. We may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct marketing purposes.

Information about specific email marketing services and how they process personal data can be found in the following sections, if available.