Data Protection Statement
1. Responsible persons and contact information
The persons responsible in respect of the GDPR, other data protection laws in the member states of the EU and all other provisions of a data protection nature are:
Rheinallee 25, 40549 Düsseldorf, Germany
2. General information
We use your data in accordance with the applicable data protection regulations. This data protection statement informs you which of your personal data is collected and stored. In addition, you will receive information on how your data is used and what rights are available to you in regard to the use of data.
3. Collection, processing and storage of personal data when visiting our Web site, contacting us, registration, ordering as a guest, subscribing to the newsletter, using the contact form
a) Visiting our Web site
Whenever you visit our website your browser automatically sends information to our website server and this is stored temporarily in a so called ‘log file’. The following data is automatically recorded and stored until its automated deletion:
• The IP address of the computer accessing the site
• The date and time of access
• The name and the URL of the file accessed
• The website from which the file is accessed
• The operating system of your computer and which browser you use
• The name of your internet access provider
The above data is processed by us for the following purpose:
• To ensure a smooth setup of your connection to our website
• To ensure convenient usage of our website
• Evaluation of its security of the system and stability
• Other administrative purposes
b) Legal basis
The legal basis for data processing is Art. 6 para. 1f of the GDPR, according to which processing is lawful, if ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child’. Our legitimate interest in data collection arises from the purposes listed above. In no case do we use the collected data to draw conclusions about your person.
When you contact us by telephone, fax or email, the data communicated by you is stored by us to answer your questions based on article 6 paragraph 1a of the GDPR. The contact is logged in order to prove that the contact was administered according to legal requirements. Personal data collected by us will be deleted following the completion of your enquiry.
On our website we offer you (Artist, Collector, Investor) the opportunity to register by entering your personal data. The data is entered by filling in an online form, which is transmitted to us and saved. The registration is used to complete a contract or implement pre-contractual measures. This procedure is based on Article 6 paragraph 1b of the GDPR.
In order to successfully conclude and manage contracts, we need contact details depending on each individual case, such as name, shipping and billing address and email address, as well as your preferred method of payment.
When using our registration and login functionality, or your user’s account, the IP address and login time is saved each time. This is done on the basis of our legitimate interests, as well as to protect the users from abuse and any other unauthorized use. A transfer of this data to third parties does not generally take place, unless it is necessary to pursue our claims or there is a legal obligation according to article 6 paragraph 1c of the GDPR.
e) Ordering as Guest
You also have the option to order as a guest. If you choose this type of order, you do not need to register before placing an order. Please bear in mind that you will need to enter your data again for any further order.
The information provided in the context of a guest order is collected, processed and used for the purposes of the execution of the contract as per article 6 paragraph 1b of the GDPR. We store the information you provide for the period of processing and completing your order. After that your data will be deleted, unless you choose to activate your account within 14 days of placing your order. Data that we need to store for legal, statutory or contractual obligations is blocked rather than deleted, to prevent its use for other purposes.
As long as you have expressly consented (Article 6, paragraph 1a GDPR), we use your email address to send you our newsletter regularly. A valid E-Mail address is sufficient to receive our newsletter. At the end of each newsletter you will find a link which you can use to unsubscribe from the newsletter at any time. Also, you can unsubscribe from the newsletter at any time by sending an email to us.
g) Using our contact form
You can contact us via a form provided on this website. A valid e-mail address is required so that we know who the request came from and are able to respond to the request. Further information may also be provided if desired.
The necessary processing of the data freely provided by you in order to contact us is based on your permission granted voluntarily (Article 6 (1) sentence 1a GDPR). The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request.
h) Other information
Based on article 6 par. 1 lit. c and f of GDPR we use and save your personal data and technical information, as long as this is necessary. This helps us to prevent or pursue misuse and/or other unlawful conduct on our website, e.g. to maintain data security in case of attacks on our IT systems. This is also done, to the extent that we are legally obliged to do so, for instance to fulfil official or court orders, and to exercise our rights and claims, as well as for any necessary legal defence.
4. Cookies and analysis tool
For example, the following functions are possible with these cookies:
• The storage of products which you placed in the shopping cart or on your wish list
• The storage of the entries you made during checkout or an order, so that this data does not have to be entered again
• The storage of preferences such as language, location, number of search results etc.
• The storage of settings for optimum video viewing, e.g. the desired buffer size and the resolution data of your screen
• The capture of your browser settings to optimize our web page on your screen
• The detection of misuse of our websites and services, e.g. by registering successive and failed Logon attempts
• Uniform loading of the Web page, so that the website remains accessible
• Saving your login information, so you don’t have to re-enter it every time.
The corresponding cookies are automatically deleted after a defined time. The data processed by cookies is required for the purposes mentioned in order to safeguard our legitimate interests and the interests of third parties (Article 6 (1) sentence 1 (f) GDPR. Most browsers accept cookies automatically. However, you can also configure your browser so that no cookies are stored on your computer or a note always appears before a new cookie is created. Disabling cookies altogether may mean that you cannot use all the features of our website. We also use the web analytics service 'Google Analytics'. This is software that optimizes the website and also anonymously evaluates the requests of visitors to our site via cookies. The information generated by the cookies about your use of this Web site is not used for personal analysis or profiling and also not disclosed to third parties. This analysis serves only to optimize our service. If you use a browser extension that blocks advertising content and tracking services, i.e. a so-called ad-blocker or tracking blocker such as Ad-Block Plus, uBlock Origino, or use a privacy setting on your browser that prevents the storage of our cookies, we respect this of course and make no attempts to disguise the use of 'Google Analytics' on our site or otherwise obstruct your programme's functionality. Cookies are not stored in this case and the use of this website is not tracked. However, you may not see any other hints for using cookies, or they may not be displayed correctly based on your preferences. If you do not use an advertising or tracking blocker or if you have not made any no-cookie preferences, and yet you are still not in agreement with the storage and anonymous evaluation of the data from your visit to us, you can reject its storage and use at any time. If, at a later point, you reject the use of your data with a mouse click, a so-called opt-out cookie is placed in your browser, so that "Google Analytics" does not access any of your data. If you delete your cookies in your Internet browser, this means that of course the opt-out cookie will also be deleted. It must be enabled again when revisiting our website.
5. Facebook-Pixel-Tracking, Website Custom Audiences, Conversion-Tracking
Due to our legitimate interests in analysis and optimization of our website, we use ‘Facebook-pixel' which is part of ‘ Facebook’, which is operated by:
Facebook Inc., 1 hacker way, Menlo Park, CA 94025, USA,
or, if resident in the EU:
Facebook Ireland Ltd., 4 Grand Canal square, Grand Canal Harbour, Dublin 2, Ireland.
By using Facebook pixels, Facebook can create a targeted audience for our ads on Facebook. This ensures that the ads we post on Facebook are only shown to Facebook users who have certain characteristics. A user, for example, has a feature if he has previously visited our website and shown interest. Using Facebook Pixel we transmit the data of these visitors to Facebook. Thus, we also pursue our aim of not confronting users with our advertising, who have no interest in our product. Using Facebook ads, we can also recognize whether a user was redirected to our website after clicking on our Facebook advertisement.
The legal basis for data processing is Art. 6 paragraph 1, sentence 1, lit. f, of the GDPR, according to which processing is lawful, if ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child’. Our legitimate interest in data collection is as listed above. We never use this data to draw conclusions about your person.
You can object to the acquisition of your data by Facebook-pixels and the use of your data to display Facebook ads in your Facebook account settings. The processing of data by Facebook is based on the data usage policy used by Facebook.
6. Legal basis
The processing of your personal data is based on the following principles:
• Art. 6, 1a of the GDPR serves as a legal basis for processing operations in which we obtain your consent for a particular processing purpose.
• Art. 6, 1b of the GDPR applies if the processing of personal data is required to fulfil a contract, e.g. when you purchase a product. The same applies to processing operations that are necessary to carry out pre-contractual measures, such as inquiries about our products or services.
• Art. 6, 1c of the GDPR applies if we are subject to a legal obligation which requires a processing of personal data, such as to comply with tax obligations.
• Art. 6, 1d of the GDPR applies if processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Art. 6, 1f of the GDPR is used on the basis of our legitimate interests, e.g. when using service providers in the context of order processing, such as shipping service providers or when carrying out statistical surveys and analyses as well as recording log-on procedures. Our interest focuses on the use of a user-friendly, appealing and secure display, and the optimization of our website which both serves our business interests whilst corresponding to your expectations.
7. Disclosure of Data
Your personal data will only be disclosed to a third party if:
• You have given consent to the processing of your personal data for one or more specific purposes (Art. 6, 1a of the GDPR)
• When you purchase a work of art, the data of the buyer is passed on to the artist and to his/her chosen shipping service provider.
• The disclosure is permitted by law and required for the handling of contractual relations with you (Art. 6b of the GDPR)
• There is a legal obligation to pass it on (Art. 6c of the GDPR)
• Disclosure is necessary to pursue a claim, to exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data (Art. 6f of the GDPR)
8. Social Media
We take the current discussion on privacy in social networks very seriously. It is currently legally not conclusively established whether and to what extent all the networks offer their services in accordance with European data protection regulations.
We would thus expressly point out that the services we use, Facebook, Twitter, Instagram, store the data of their users (e.g. personal information, IP address) according to their own data usage policies and use them for business purposes. We have no influence on their collection of data and its further use by the social networks. We have no knowledge of the extent, location and how long the data is stored, to what extent their obligations to delete data are met, how the data is evaluated and linked and to whom the data is passed.
9. Hosting and Emailing
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, disk storage and database services, emailing, security and technical maintenance services which we employ for the purposes of the operation of this website.
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our online services according to Art. 6 para. 1f and Art. 28 of the GDPR (completion of contract processing).
10. External payment service providers
For the fulfilment of contracts, we use external payment service providers (on the basis of Art. 6 para. 1b.GDPR) whose platforms facilitate payment transactions for us, and our customers.
In addition we use external payment service providers on the basis of our legitimate interests pursuant Article 6 par.1f.GDPR to provide our users with effective and secure payment options.
The following data is processed by the payment service providers:
11. Rights of the data subject
You have the right:
• To revoke your agreement with us at any time (Article 7 paragraph 3 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The only consequence of the withdrawal is that we may no longer continue processing the data based on this agreement.
• To request information about your personal data which has been processed by us, pursuant to Article 15 GDPR. In particular you can ask for information about the purposes of the processing, the categories of personal data which are being processed or have been processed, the recipients or categories of recipients to whom your data is being or has been made available, the planned storage period, the existence of a right to rectification, deletion or restriction of the processing or a right of objection, the existence of a right of appeal to a supervisory authority, the origin of your data if they were not collected from us, the existence of an automated decision making process, including profiling, and in certain circumstances any significant information about the involved logic, as well as the scope and the intended consequences of such processing for you;
• to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her, or to have incomplete personal data completed pursuant to article 16 GDPR
• to obtain from the controller the erasure of personal data concerning him or her without undue delay pursuant to article 17 GDPR. This does not apply if the processing of your data is necessary:
a) For exercising the right of freedom of expression and information
b) For compliance with a legal obligation
c) For reasons of public interest in the area of public health
d) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
e) For the establishment, exercise or defence of legal claims
• to obtain from the controller restriction of processing where one of the following applies pursuant to article 18 GDPR:
a) The accuracy of the personal data is contested by the data subject
b) The processing is unlawful and the data subject opposes the erasure of the personal data, and requests the restriction of their use instead
c) The controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims
d) Pursuant to article 21 GDPR you have objected to the processing of your personal data:
• Pursuant to article 20 GDPR the data subject shall have the right to receive personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
• Pursuant to article 77 GDPR every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement
12. Right to object
Insofar as your personal data has been processed on the basis of legitimate interests (Article 6 1f GDPR), you have the right to object to the processing (Article 21 GDPR), provided there are reasons for this, which arise from your individual situation or an objection to direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you want to exercise your right of objection, please send an email to: email@example.com.
13. Data Security
We use the widespread SSL (Secure Socket Layer) method when you are using our site, in conjunction with the highest level of encryption supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. You can tell whether a page on our website is encrypted, by looking at the bottom status bar of your browser, where a closed symbol of a key or lock will be displayed. Furthermore, we use appropriate technical and organizational security measures, to protect your data against inadvertent or deliberate manipulation, partial or complete loss, against destruction or unauthorized access from third parties. Our security measures are improved constantly to keep pace with technological development.
14. Links to Other Websites
15. Protection of Minors
Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians. We do not request personal information from children and adolescents. We do not knowingly collect such data and do not share it with third parties.
16. How to reach us if you have a Question
If you have questions about data protection on our websites, we would be delighted to hear from you. Please send us an email at the following address: firstname.lastname@example.org.
17. Regular Updates of our Data Protection Policy
The data protection policy for service providers is subject to constant changes and adjustments. These changes and adjustments require us to update our data protection policy from time to time. The current status can be seen on the line 'Version ...' at the end of this policy.