Thank you for your interest in our Website available under https://www.lightartspace.org/ (hereinafter "Website") and our services provided on it (hereinafter "Services").
The protection of personal data in the context of the use of the Website and the Services is very important to us. We respect your privacy. This is why we only collect and process your personal data in accordance with the applicable statutory provisions.
The controller within the scope of the General Data Protection Regulation (Art. 4 no. 7 GDPR) is the Light Art Space gGmbH, Caroline-von-Humboldt-Weg 34, 10117 Berlin, Germany, phone: +49 30 21 48 02 346 (hereinafter "LAS," "we," "our," "us" etc.)
2. What is personal data
Personal data is all information that can be associated with you individually (cf. Art. 4 no. 1 GDPR). This includes e.g. your name, your address, your phone number and your email address. On the other hand, general information by means of which you cannot be identified does not constitute personal data. Such information includes e.g. the number of users of the Website.
3. What types of personal data do we collect and process for which purposes
3.1. Web server protocols (Including the IP address)
When you visit our Website, due to technical requirements, our web server will automatically record your full IP address, the date and the time at which you are visiting the Website, the sections you access on the Website, the website you visited before accessing the Website, the browser you use (e.g. Mozilla Firefox, Google Chrome etc.), the operating system you use (e.g. Windows 10, MacOS etc.), and the domain name and address of your Internet provider (e.g. Deutsche Telekom). This information is required for the technical transmission of the Website and the secure operation of the server. This information is not merged with other data sources. We process this information in order to observe and monitor the stability, functionality, and technical performance of the Website and the Services and in order to detect, identify, eliminate and solve any potential problems and errors on the Website and within the Services. The legal basis for the processing of this information is our legitimate interests (Art. 6 (1) lit. f GDPR), which consist in ensuring and improving the integrity, stability, and functionality of the Website and the Services – as far as this is technically possible and reasonable. Furthermore, for reasons of technical security, in particular, to ward off attempted attacks or other abuse of the Website, the Services and/or our web server, this information is stored for a short period of time. We are not able to directly associate this information with individual persons. After seven days at the latest, this information will be anonymized through the shortening of the IP address to the domain level, so that it will no longer be possible to connect this information to an individual person. However, in the period of time until the shortening of the IP address, we may process this information in case of a security incident (attempted attack or abuse etc.) in cooperation with your internet provider and/or the local authorities in order to identify the party that caused the security incident. The legal basis for this is our legitimate interests (Art. 6 (1) lit. f GDPR) which consist in protecting the integrity of the Website, the Services, our system and of our users. This information will only be processed for statistical, market research and/or advertising purposes in anonymized form, i.e. after the IP address has been shortened to the domain level.
3.2. Personal data that you provide in the context of your use of the services on the website
(a) Contacting us
If you wish to contact us, e.g. by using the contact form or email, the data you provide when doing so will be used to process your request and to get in contact with you. Providing that data is necessary to handle and answer your request; without those data, we cannot answer your request completely or at all. The legal basis for the processing of your personal data is the fulfilment of our contractual obligations (Art. 6 (1) lit. b GDPR) as well as safeguarding our legitimate interests, which include, but are not limited to, contacting you and communicating with you about any concerns you have contacted us about (Art. 6 (1) lit. f GDPR).
If you have provided your consent, we also collect your name and email address when registering for our newsletter. We process this personal data in order to send you our newsletter. The legal basis for this is the consent provided by you (Art. 6 (1) lit. a GDPR). We use the service provider MailChimp for sending our newsletters. More information on MailChimp is available in section 4.2.
We use the so-called double opt-in procedure for the registration of our newsletter, i.e. once you have registered for the newsletter, we will first of all send you an email that includes a confirmation link. Only once you have clicked on the confirmation link and we have received the confirmation, will we activate the delivery of the newsletter. You may withdraw your consent at any time with future effect. You can declare such a withdrawal of consent at any time by following our withdrawal instructions that are included in each newsletter or by sending your withdrawal request to the contact details specified in section 1.
4. Disclosure of personal data
4.1. General information
We do not disclose any personal data to third parties unless such disclosure is required for contractual performance or otherwise allowed by applicable statutory provisions or unless you have given us your consent.
Please note that we are entitled to outsource the processing of personal data in the context of data protection law provisions fully or partially to external service providers working on our behalf as data processors (Art. 4 no. 8 GDPR). If these service providers are domiciled outside the European Union (EU) or the signatory states of the Agreement on the European Economic Area (EEA), we will take appropriate security measures in accordance with the provisions of the applicable laws and the supervisory authorities in order to ensure the security of your personal data.
A list of these external service providers including descriptions of their respective services and of the appropriate data protection level provided is presented in the following table: — Service provider and, if applicable, name of the service: MailChimp Rocket Science Group LLC, 675 Ponce De Leon Ave. NE #5000, Atlanta, GA 30308, United States of America, phone: +1 404 806 5843, email: [email protected] Description of the service: Newsletter service for the administration, delivery, and evaluation of our newsletter (cf. also section 4.2) Place of processing; Measures for ensuring the existence of an appropriate level of protection: USA EU-US Privacy Shield certification — Service provider and, if applicable, name of the service: Google Analytics Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America Description of the service: Analysis of user behavior of visitors of the website (cf. also section 6.2.) Place of processing; Measures for ensuring the existence of an appropriate level of protection: USA EU-US Privacy Shield certification
4.2. Use of the newsletter deliver service provider MailChimp
5. Storage Period
We will only store your personal data for as long as its storage is required for the achievement of the purposes for which it was collected or for the duration of the statutory retention periods, if the law dictates longer retention periods (e.g. Sec. 147 AO [German Fiscal Code] and Sec. 257 HGB [German Commercial Code]). Afterwards, your personal data will be deleted.
6. Cookies and web analytics
6.2. Web analytics
If you have given your consent, we use the service "Google Analytics" provided by Google LLC on our website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").
Scope of processing
Transfer to third countries
A transfer of data to the USA cannot be excluded.
The data sent by us and linked to cookies are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. You can also prevent the collection of data related to your use of our website which is linked to cookies (including your IP address) and the processing of this data by Google by not give your consent to the setting of the cookie or download and install the browser add-on for deactivating Google Analytics here: You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser to refuse all cookies, this may limit the functionality of this and other websites.
Legal basis and possibility of revocation
7. Your data protection rights as a data subject
8. Links to other websites
9. Right to make changes
Last Update: August 2020