NOTICE IN ACCORDANCE WITH ARTICLES 13 AND 21 GDPR FOR THE WEBSEITE OF PETER NITSCH
1. In general
Peter Nitsch take the protection of your personal data as well as the legal obligation to protect them very seriously. The statutory provisions require full transparency regarding the processing of personal data. Only if the processing is comprehensible for you, as a data subject, you are adequately informed about purpose, objectives and extent of the processing. Therefore, privacy statement explains in detail which so-called personal data (for definition see 2.1) are being processed by us for the use of the website www.peternitsch.com and for the use of all other internet sites which refer to it (for definition see 2.2).
In accordance with Article 4 (7), responsible for the purposes of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) as well as other data protection regulations are
Nitsch & Malakul
VAT No: DE-234438941
hereafter referred to as ‚responsible company‘ or ‚we‘.
The obligation to order a data protection officer does not exist.
Please note that via links on our website you may get to other internet sites which are not operated by us but by third parties. Such links are either clearly marked by us or are identifiable by the change of your browser’s address line. We are not responsible for the observation of data protection provisions and the safe handling of your personal data on these websites operated by third parties.
2.1 From GDPR
This data protection notice uses the terms of the GDPR legal text. You may see the definitions (Art. 4 of GDPR) e.g. on https://dejure.org/gesetze/DSGVO/4.html.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
3. General information on data processing
We process personal data only as far as it is permitted by law. The transmission of personal data takes only place in the cases described below (see 4.).
The personal data are deleted or protected by technical and organizational measures (e.g. pseudonymization, encryption) as soon as the purpose of processing does not apply. This takes also place when a storage obligation expires, unless the further storage of personal data is required for the conclusion or the performance of a contract.
Provided that we are not legally bound to store data for a longer period or pass them on to third parties (in particular law enforcement authorities), the decision which personal data we collect, for how long they are being saved and to which extent you possibly need to disclose them depends on the functions of the website you use in the individual case.
4. Data processing in connection with the use of the website
The use of the website and its functions requires the processing of certain personal data regularly for e.g. processing your order. For payments with PayPal: purchase total, currency, billing information. For payments, we send the purchase total, currency and customer’s billing information to the respective payment processor. For taxes: the value of goods in the cart, value of shipping, destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products. We also store the purchased shipping labels on our server to make it easy to reprint them and handle support requests.
4.1 What we collect
- your name;
- your contact information such as your address, email address and telephone number;
- information related to your attendance of, and interest in, exhibitions, events and art fairs;
- information about you that you give us in person at our events and art fairs, by filling in forms on our site www.peternitsch.com (in the contact us section or the sign up to our mailing list) or by corresponding with us by phone, e-mail or otherwise;
- and information in relation to your purchase of our art work or use of our services.
4.2 How we collect information about you
Collecting information you give to us when you purchase any art work (prints) or visit us at each art fair;
completion of forms on our website
4.3 What we do with the information we gather
We use your information to:
- provide information about our art work (prints) and services to you;
- communicate with you;
- administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- keep our site safe and secure;
- comply with legal and regulatory obligations;
- and for security and to check your identity;
- legal basis for processing.
Our processing of your personal information is necessary:
- for the performance of contracts to which you will be a party to and in order to take steps at your request prior to you entering into those contracts;
- for the purposes of legitimate interests pursued by us; or
- in order to comply with a legal obligation to which we are subject;
- in relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent from you at the time unless there is otherwise a legal requirement for us to process such information.
4.2 Site analytics
Believe it or not, we don’t use Google Analytics. Instead we use Jetpack. As visitor the following data is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Please also see Data Visibility and Retention information for this feature.
4.3 Contacting via e-mail
If you send us an e-mail the personal data you indicate in the e-mail are being processed by us. This information is transmitted by your browser or e-mail client and stored in our information technology systems. Processing of these personal data is necessary for the answer of your inquiry. In addition, your IP address, day and time of the contact request are stored if you send us an e-mail. Data processing serves to answer your inquiry. These processings are lawful since the answer of your inquiry is a legitimate interest in line with Article 6(1)(f) of GDPR.
Personal data are stored as long as it is necessary for the response to your request. If your inquiry results in the conclusion of a contract, personal data are stored as long as they are required for pre-contractual measures or the performance of a contract. After that, personal data are routinely deleted every 4 weeks. We do not merge these personal data with other data sources. There is no data transmission to third parties. A transmission to a third country or an international organization is not intended. You are not obliged to provide these personal data, sending of an e-mail, however, is not possible without your data provision.
5. Rights of data subjects
As a data subject you have the right to obtain information according to Article 15 of GDPR, the right of revocation according to Article 16 of GDPR, the right to request the cancelation according to Article 17 of GDPR, the right to limit processing according to Article 18 of GDPR as well as the right of data portability according to Article 20 of GDPR. The limitations according to §§ 34, 35 of BDSG (German Federal Data Protection Act) apply for information right and cancelation right. In addition, there is a right of complaint before a data protection authority (Article 77 of GDPR in connection with § 19 of BDSG).
6. Automated decisions in individual cases including profiling
Automated decisions in individual cases including profiling are not made.
7. Reporting obligations of responsible persons
We inform all recipients the personal data of whom were disclosed about each adjustment or cancelation of their personal data or a limitation of processing according to Articles 16, 17(1) and 18 of GDPR, unless it is impossible to inform them or the information would be associated with disproportionate time and effort.
We inform you about the recipients on your request.
8.1 Data used
In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
8.2 Activity tracked
Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
9. Right of objection
At any time you have the right to object the processing of the personal data related to you which takes place according to Article 6(1)(e) or (f) of GDPR for reasons which result from your particular situation. If personal data are processed for purposes of direct advertising, you have the right to object at any time the processing of personal data related to you and used for purposes of such advertising.
10. Right of revocation of the consent to processing personal data
According to Article 7(3)(4) of GDPR you have the right to revoke your consent at any time. The legality of data processing due to the consent until the revocation is not affected. Therefore, the revocation applies only for the planned processing after the revocation. The revocation can be made informal by mail or e-mail. If you enter a revocation your personal data are not processed any longer, unless another (legal) basis allows it. If, however, a revocation is entered and there are no other permissions, according to Article 17(2)(b) of GDPR your personal data need to be deleted immediately on your request. The revocation can be made formless and should be addressed to:
11. Changes to this policy
Any changes we make to our policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our policy.