Thank you for your interest in THE WALTHER COLLECTION and in our website. For the Walther Family Foundation as well as for its Board of Directors as operator of the website http://walthercollection.com/en/ data privacy is of the highest priority. We would therefore like to ask you to take the time and carefully read through this data privacy statement.
Use of this website is generally also possible without indicating personal data. However, when using certain offers and services of this website, the processing of personal data may be required. The collection, processing and use of personal data is always done in correspondence with the General Data Protection Regulation (hereinafter referred to as: "GDPR") as well as applicable European and national statutory regulations. The collection of personal data is carried out on a legal basis or on the basis of the consent of the individual data subject. The Walther Family Foundation follows the principle of economical and efficient data collection and assures the data subject of the responsible and safe use and handling of any data collected.
In this data privacy statement, we would like to inform you as to which personal data we collect, process and use if you visit and use our website, and as to how we handle such data. In addition, we will provide information about the legal basis for the processing of your personal data and, to the extent that such processing is required to safeguard our legitimate interests, also about our legitimate interests and will also provide information regarding your rights.
In the data privacy statement on hand, the pronouns "we," "our," etc. refer to the Walther Family Foundation. The pronoun "you," "your," etc. refer to the users of our website or the data subject whose personal data is processed.
1. Definitions
The data privacy statement used the terminology used in the GDPR, as defined in Section 4 GDPR. In order for you to understand such terminology, we would like to explain any definitions in advance:
1.1. Personal data
Personal data is all data that refer to you or that says anything about you personally and that can be associated with you, either alone or in combination with other information. Personal data refers to, for example, name, address, phone and fax number, email address but also the IP address. According to GDPR, personal information is all information that refers to an identified or identifiable natural person (hereinafter referred to as "data subject"). A natural person is deemed identifiable that can be identified in a direct or indirect fashion, in particular via association to an identifier such as a name, an identification number, location information, online identification or to one or several special features that are the expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.
1.2. Processing of personal data
Processingis any process carried out (with or without the help of automated procedures) or any such sequence of procedures in connection with personal data such as for example the collection, recording, organizing, filing, storing, adjusting or changing, reading out, retrieving, use, disclosure via transmission, distribution or another form of provisioning, the comparison or linking, the limitation, deletion or destruction.
1.3. Restricting the processing of personal data
Limitation of processingis the marking of stored personal data with the goal to restrict its future processing.
1.4. Profiling using personal data
Profiling is any type of automated processing of personal data that consists in the fact that this personal data is used to assess certain personal aspects related to a natural person, in particular to analyze or predict aspects pertaining to work performance, economic situation, health, personal preferences, interests, reliability, behavior, place of residence or change in the place of residence of this natural person.
1.5. Pseudonymization of personal data
Pseudonymization is the processing of personal data in a way according to which such personal data cannot be associated any longer with a specific data subject without the inclusion of additional information, provided that such additional information is stored separately and that it is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
1.6. Controller
Controller is a natural or legal person, authority, institution or other body who, alone or together with others, determines the purposes and means of processing of personal data.
1.7. Processor
Processor is a natural or legal person, authority, institution or other body who processes the personal data on behalf of the controller.
1.8. Recipient of personal data
Recipient is a natural or legal person, authority, institution or other body personal data is disclosed to, independent of the fact whether such is a third party. However, authorities who potentially receive personal data in line with a certain request for investigation according to European Union law or the law of the Member States are not deemed recipient.
1.9. Third party
A third party is a natural or legal person, authority, institution or other body besides the data subject, the controller, the processor and the persons who under the direct responsibility of the controller or the processor are authorized to process the personal data.
1.10. Consent for the processing of personal data
Consent is any statement of intent made voluntarily by the data subject for the specific case in an informed and unambiguous fashion in the form of a declaration or another clear and confirming action with which the data subject makes it understood that he agrees with the processing of personal data affecting such data subject.
2. Controller
Controller within the meaning of GDPR is:
Walther Family Foundation
526 West 26 Street, Suite 718
New York City, NY 10001, USA
Phone: +1 212 352 0683
Email: Website: http://www.walthercollection.com
In addition to us as the responsible party, we have appointed our representative in the European Union in accordance with Section 27 Subsection 1 GDPR:
Walther Foundation (legally responsible foundation under German civil law)
Represented by Artur Walther, chairman of the foundation board
Supervisory Authority: Government of Upper Bavaria, Supervisory Authority for Foundations, Munich, Germany
If you have any questions about data protection, please contact Daniela Baumann (member of the foundation board):
Daniela Baumann
Director Exhibitions & Collection
Reichenauerstr. 21
89233 Neu-Ulm, Germany
Phone: +49 731 1769143
Email:
3. Collection of general data and information, cookies
3.1. Logfiles
Each time you access our website, your browser automatically sends certain information to the server of the website and subsequently stored by it in so-called logfiles. The Internet Protocol address (hereinafter referred to as: "IP address") of your computer, the inquiry of your browser, as well as time and date of this inquiry, the user agent may be recorded. Furthermore, the product and version information about the browser used and the operating system of your computer may be recorded.
The IP address of your computer is then stored, subject to any legal retention obligations, only for the time of your use of the website and is subsequently immediately deleted or rendered anonymous through shortening of such. In addition, we use the information provided by your browser to our server anonymously – without the possibility that such can be traced back to you – for the operation of our website, to analyze and improve our services. In this way we can, for example, identify and eliminate potential errors on the website as well as determine on which days and at what times the website was used the most in order to make adjustments or improvements. The anonymous data of the logfiles is stored separately from all personal data indicated by a data subject. The legal basis for the collection and processing of the information stored in a logfile is either Section 6 Subsection 1 lit. b) GDPR for the execution of pre-contractual measures, or Section 6 Subsection 1 lit. f) GDPR on the basis of our legitimate interest in improving the functionality of our website.
3.2. Cookies
Each time you access our website, our website also collects information about your use of our website through the use of so-called browser cookies. These are small text files that are stored on your data carrier and that store specific settings and data for the exchange with our system via your browser. A cookie typically contains the name of the domain from which the cookie data has been sent as well as information about the age of the cookie and an alphanumeric identifier. Cookies help our systems to recognize the device of the user and to make directly available potential default settings. As soon as a data subject accesses the website, a cookie is transmitted to the hard drive of the computer of the respective data subject. Cookies help us to improve our website and to offer you a better and more tailored service. They allow us to recognize your computer when you return to our website; by doing so, they store information on your preferred activities on the website and tailor our website to your individual interests. This includes, if applicable, advertising, for example, that is tailored to your personal interests. Furthermore, cookies make it possible to accelerate the speed with which we process your requests.
In the cookies used by us, only the above-mentioned (see item 3.1.) data regarding your use of our website is stored. This is not done via association to you personally, but by assigning an ID number to the cookie ("cookie ID"). Combining the cookie ID with your name, IP address or similar data that would allow association of the cookie to you, does not take place. To the extent that also personal data is processed via cookies, such processing is either done in accordance with Section 6 Subsection 1 lit. b) GDPR for the execution of pre-contractual measures, or Section 6 Subsection 1 lit. f) GDPR on the basis of our legitimate interest in improving the functionality of our website.
Should a data subject object to the use of browser cookies, such data subject may configure the browser settings in a way that storing of cookies is not accepted or only after the express confirmation by the data subject. In addition, cookies that have already been stored may be deleted at any time via an internet browser or, if applicable, using a different program. When deactivating the storing of cookies, please consider that our website may possibly only be used in a limited fashion.
4. Establishing contact
Due to statutory regulations, the website contains information that enables us to be contacted quickly and electronically (via email). If a data subject contacts us via email, personal data (such as name, email address) is collected. Such data is used and stored to answer your inquiry or to contact you, including the technical processing of such. The legal basis for the processing of data is our legitimate interest pursuant to Section 6 Subsection 1 lit. f) GDPR to answer your inquiry. If establishing contact also serves to enter into a contract, also Section 6 Subsection 1 lit. b) GDPR is deemed legal basis for processing. Your data is deleted after we complete processing of your inquiry; this is the case if it can be deduced from the circumstances that the facts in question have been ultimately clarified, and provided that there are no legal retention obligations that oppose such.
5. Your rights as a data subject
5.1. Right to confirmation and information
You have the right at any time to receive confirmation from us as to whether personal data concerning you is processed. To receive such information, you may send a request by mail or email to us (see contact information above in item 2). Furthermore, you have the right to receive information as well as a copy of such information regarding personal data processed by us that concern you in the context of Section 15 GDPR.
Such information includes the purposes of processing, the categories of personal data, the recipients or categories of recipients towards which the personal data was disclosed or will still be disclosed, and, if possible, the planned duration of storage or otherwise at least the criteria to determine such duration. In addition, you have a right to know that you have the right to correction or deletion of personal data that concern you or to limitation of processing; also, you have the right to object to such data processing or to complain with a supervisory authority. If we do not collect personal data directly from you, you have a right to all available information regarding the origin of such data.
Furthermore, the data subject has a right to information as to whether personal data was transmitted to a third country or an international organization, and the data subject has the right to be informed regarding such transmission via the appropriate guarantees pursuant to Section 46 GDPR.
5.2. Right to correction
You have the right to request the immediate correction of incorrect data (Section 16 GDPR). While taking into account the purposes for processing, you also have the right to request completion of incomplete data. If you would like to exercise your right to correction, you may contact us at any time (see contact information above in item 2).
5.3. Right to deletion ("right to be forgotten")
You have the right, pursuant to the prerequisites described in Section 17 GDPR to request from us the deletion of personal data concerning you. Such prerequisites stipulate in particular the existence of a reason for such deletion as well as the fact that processing is not required. A right to deletion exists in particular if the personal data is no longer required for the purposes for which it was collected or otherwise processed, and in cases in which you revoke your consent (and there is no other legal basis for the processing). Furthermore, there is a right to deletion in the event of an objection (if there are no overriding legitimate reasons for the processing), in the event of unlawful processing and in the event of an obligation to delete under European Union law or the law of the Member State which we are subject to.
If the Walther Family Foundation as the controller has made public the personal data and if the Walther Family Foundation is obligated to delete such personal data, it will take the appropriate measures, also of a technical kind, while taking into consideration the available technology as well as implementation costs to inform controllers who process personal data that you as the data subject have requested the deletion of all links to such personal data or of copies or replications of such personal data, and that the processing is not required.
To exercise your right to deletion, you may contact us at any time (see contact data above in item 2).
5.4. Right to limitation of processing
As data subject, you have the right to request from us the limitation of processing pursuant to Section 18 GDPR. This right applies in particular if you dispute the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data, as well as in the event that processing is unlawful and you request limited processing instead of deletion; furthermore, in the event that the data is no longer required for the purposes pursued by us, but that such personal data is needed by you to assert, exercise or defend legal claims. Furthermore, a right to limitation of processing exists if you have objected to such processing as long as it is not yet clear whether our legitimate reasons outweigh your interests.
To exercise your right to limitation of processing, you may contact us at any time (see contact information above in item 2).
5.5. Right to be informed
If you have asserted your right to the correction, deletion or limitation of processing towards us, we shall inform all recipients your personal data was disclosed to, unless this proves to be impossible or unless such undertaking involves a disproportionate effort. Pursuant to Section 19 GDPR, you have the right to be informed regarding such recipients. To exercise your right to be informed, you may contact us at any time (see contact information above in item 2).
5.6. Right to data portability
You have the right to receive your personal data that was provided by you to us in a structured, standard and machine-readable format pursuant to Section 20 GDPR unless this affects the rights and freedoms of other persons. In exercising this right to data portability, you also have the right for it to be effected that your personal data is directly transmitted by a controller to another controller to the extent that this is technically feasible.
To exercise your right to data portability, you may contact us at any time (see contact information above in item 2).
5.7. Right to objection
You have the right, for reasons that pertain to your specific situation, to object at any time pursuant to Section 21 GDPR to the processing of your personal data that is carried out, amongst others, pursuant to Section 6 Subsection 1 lit. e) or f) GDPR; this also applies to profiling that is based on these provisions. We shall no longer process your personal data, unless we can establish compelling reasons worthy of protection for such processing that outweigh your interests, rights and freedoms, or if such processing serves to assert, exercise or defend legal claims.
If the Walther Family Foundation processes personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of his personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising. To the extent that the data subject objects to processing for direct advertising purposes, personal data shall no longer be processed for such purposes.
In addition, you have the right, for reasons that pertain to your specific situation, to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Section 89 Subsection 1 GDPR, unless such processing is required to fulfill a task that is in the public interest.
To exercise your right to objection, you may contact us at any time (see contact information above in item 2).
5.8. Automated decisions in individual cases, including profiling
Pursuant to Section 22 GDPR, you have the right not to be subjected to a decision that is based exclusively on automated processing – including profiling – that has a legal effect towards you or that substantially impairs you in a similar fashion. This does not apply, if the decision is required to enter into or fulfill a contract between the data subject and the controller, or if the decision is permissible on the basis of statutory provisions of the European Union or the Member States the controller is subject to, and if these statutory provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, or if the decision is made with the express consent of the data subject.
If the decision is required to enter into or fulfill a contract between the data subject and the controller, or if it is made with the express consent of the data subject, we shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject – this includes at the very minimum the right to effect the intervention of a person on the part of the controller, the right to explain the own point of view and the right to challenge the decision.
To exercise your right in connection with automated decisions, you may contact us at any time (see contact information above in item 2).
5.9. Right to lodge a complaint
You furthermore have the right to lodge a complaint with the competent supervisory authority. The competent authority for Bavaria is the following:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
[Data Protection Authority of Bavaria for the Private Sector]
Promenade 27
91522 Ansbach
Phone: +49 981 53 1300
Fax: +49 981 53 98 1300
Email:
5.10. Right to revoke consent pertaining to data protection
You have the right to revoke at any time given once regarding the processing of personal data. The lawfulness of processing operations which were carried out on the basis of the consent remains unaffected. In the event of revocation, we shall immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent.
To exercise your right to revoke consent, you may contact us at any time (see contact information above in item 2).
6. Legal basis for processing
Pursuant to Section 13 GDPR, we shall provide you with the legal basis for our processing of personal data. If the legal basis is not separately pointed out in the respective paragraph of the data privacy statement, the following applies: Section 6 Subsection 1 lit. a) GDPR and Section 7 GDPR shall serve as the legal basis for processing operations for which we obtain consent for a particular use. For the processing of personal data to fulfill our services and contractual measures (e.g. sending of an exhibition catalog) or pre-contractual measures (e.g. in cases of inquiries regarding exhibitions, exhibition catalogs, etc.) as well as to answer other inquiries, Section 6 Subsection 1 lit. b) GDPR shall serve as the legal basis. Processing to fulfill our legal obligations (e.g. tax obligations) is done on the legal basis of Section 6 Subsection 1 lit. c) GDPR. To the extent that the processing in exceptional cases may be necessary to protect the vital interests of the data subject or of a natural person, this would be done on the basis of Section 6 Subsection 1 lit. d) GDPR.
Finally, the processing of personal data may be done on the legal basis of Section 6 Subsection 1 lit. f) GDPR. The processing of personal data pursuant to Section 6 Subsection 1 lit. f) GDPR may also be legal if it is not comprised by one of the aforementioned legal basis, but if it is required to protect the legitimate interests of the controller or of a third party unless the interests or basic rights and freedoms of the data subject that require the protection of personal data are predominant, in particular if the data subject is a child. In its recital 47 p.1 GDPR, the European legislator emphasizes in this context that the assessment of the legitimate interest must be based on the relationship between the data subject and the controller and that the resulting reasonable expectations of the data subjects must be taken into account. A legitimate interest from the point of view of the European legislator can be assumed if the data subject is a customer of the controller (recital 47 p. 2 GDPR). The European legislator points out that the processing of personal data for direct advertising purposes may be seen as processing serving a legitimate interest (recital 47 p. 7 GDPR).
If the processing is based on the legal basis of Section 6 Subsection 1 lit. f) GDPR, our legitimate interest is the execution of our exhibition activities and the proper operation of this website. Furthermore, our legitimate interest also lies in informing you about new exhibitions and news about THE WALTHER COLLECTION by email by means of direct advertising, should there be a customer relationship between you and our company. In this connection, we again would like to refer to your right to objection (for details, see item 5.7.). If you do not wish to have your personal data processed, you may at any time object and inform us accordingly.
7. Duration of storage of personal data
The duration of storage of personal data is based on the respective statutory retention period (e.g. retention periods according to tax or commercial law). After expiration of the period, the corresponding data is deleted as a matter of routine, unless such data is still required to fulfill a contract or for contract negotiations and/or unless we have a legitimate interest in the continued storing of such data.
8. Notice that the provision of the personal data is in part prescribed by law or contract or is required to enter into a contract; obligation to provide personal data; possible consequences in the event of failure to provide personal data
We would like to point out that the provision of personal data is in part prescribed by law (e.g. due to tax regulations) or contract (e.g. due to the contractual agreement to indicate information regarding the contractual partner) or may be required to enter into a contract. In addition, the data subject may be obligated to provide personal data. For example, when entering into a purchase contract regarding an exhibition catalog that is to be sent to you by mail, you are obligated to provide us with personal data. Without such provision, entering into such a contract would not be possible. Prior to providing personal data, the data subject should contact us. We will inform the data subject in regard to the individual case whether the provision of the personal data is prescribed by law or contract or is required to enter into a contract, whether the data subject is obligated to provide the personal data and what could be the possible consequences if such personal data is not provided
9. Data privacy and third-party websites
The website may contain hyperlinks to and from websites of third parties. If you follow a hyperlink to any of these websites, please note that we cannot assume any responsibility or liability for third-party content or privacy policies. Please check the applicable privacy policy before you submit personal data to these websites
10. Transmission/forwarding of your personal data
We will not share your personal data with third parties unless you have consented to the forwarding of data or unless we are authorized or required on the basis of statutory provisions and/or when ordered by authorities or courts to forward such data. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.
However, forwarding of personal data for technical reasons may take place if and insofar as this is necessary for the operation of our website or for other reasons for the establishment, implementation or processing of your user relationship with us. For example, this may be the case if the website is hosted by an external service provider and if an external service provider is operating the servers for us. Unless this pertains to processing, forwarding of personal data is based on Section 6 Subsection 1 lit. b) GDPR.
11. Data privacy statement regarding the use of Facebook, social media (social plugins)
We have integrated into this website components of Facebook. Facebook is a social network, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject resides outside of the US, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is the controller. The purpose of integrating the Facebook plugin is to enable our users to redistribute the content of this website in order to make this website more known and thus increase the number of users of this website.
You can recognize the Facebook plugins by the Facebook logo or the "Facebook Social Plugin" suffix. Via https://developers.facebook.co... you may retrieve an overview of the Facebook plugins and what they look like.
If you visit a sub-page of our website that contains a social plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted from Facebook directly to your browser and integrated into the website. Your browser transmits to Facebook in the US information (incl. IP address) that your browser has accessed a corresponding sub-page of our website. This data is stored there. This is also the case if you do not have a Facebook profile or if you are not logged in.
In the event that you are logged into Facebook, Facebook can associate you accessing the corresponding sub-page of our website with your Facebook profile. This also applies in the event that you use the plugin, for example if you click on a "Like" button or use the share function. The information is also published on your Facebook profile and displayed to your Facebook friends. If you do not wish for this to happen, you must log out of Facebook prior to visiting our website.
It is possible to install applications (also add-ons for your browser) that prevent the loading of Facebook plugins and a data transmission to Facebook, e.g. with the script blocker "NoScript" (http://noscript.net/).
Facebook Inc., headquartered in the United States, is certified for the US-European Privacy Shield Agreement, which ensures compliance with applicable EU privacy standards.
The data processing as outlined above is done on the basis of Section 6 Subsection 1 lit. f) GDPR on the basis of the legitimate interests of Facebook. This includes, amongst others, displaying personalized advertisements to inform other Facebook users about your activities on our website. You have the right to object, and you will have to contact Facebook in order to do so.
The purpose and scope of the collection, processing and use of personal data by Facebook, as well as your rights in this regard and setting options to protect your privacy, can be found in Facebook's data protection information, which can be accessed at http://www.facebook.com/policy.php.
12. Data privacy statement regarding the use of Twitter
We have integrated into this website components of Twitter. Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, operates a publicly available microblogging service that allows users to publish short messages with a character limit of 280 (so-called tweets), to share them with so-called followers and to link them. The latter are persons who also have a Twitter profile. The tweets can in part also be read by persons who do not have a Twitter profile. The purpose of integrating the Twitter component is to enable our users to redistribute the content of this website in order to make this website more known and thus increase the number of users of this website.
If you visit a sub-page of our website that contains a Twitter component, your browser establishes a direct connection to the Twitter servers. The content of the component is transmitted from Twitter directly to your browser and integrated into the website. Your browser transmits to Twitter information that your browser has accessed a corresponding sub-page of our website.
In the event that you are logged into Twitter, Twitter can associate you accessing the corresponding sub-page of our website with your Twitter user account and profile. This also applies in the event that you use the integrated Twitter component. The data or information transmitted in this way is associated with the Twitter account and stored and processed by Twitter. If you do not wish for this to happen, you must log out of Twitter prior to visiting our website.
The data processing as outlined above is done on the basis of Section 6 Subsection 1 lit. f) GDPR on the basis of the legitimate interests of Twitter. This includes, amongst others, displaying personalized advertisements to inform other Twitter users about your activities on our website. You have the right to object, and you will have to contact Twitter in order to do so.
The applicable data protection information of Twitter can be accessed via https://twitter.com/en/privacy.
13. Data privacy statement regarding the use of Google Maps
We have integrated into this website Google Maps (API) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Maps is a web service to display interactive maps. By using this service, we can show you our location, inform you about new exhibition locations and make it easier to give you directions to such.
If you visit a sub-page of our website that contains Google Maps, information (e.g. your IP address) regarding the use of the website is transmitted to the servers of Google in the US, stored there in the form of user profiles and evaluated. This is also the case if you do not have a Google user account or profile or if you are not logged into such.
In the event that you are logged into Google, Google can associate you accessing the corresponding sub-page of our website with your Google user account and profile. If you do not wish for this to happen, you must log out of Google prior to visiting our website.
It is possible to completely deactivate Google Maps by turning off JavaScript in your browser in the event that you do not consent to the transmission of your data to Google in line with the use of Google Maps. Google Maps or the maps of Google Maps can then no longer be displayed or used on this website.
Google LLC, headquartered in the United States, is certified for the US-European Privacy Shield Agreement, which ensures compliance with applicable EU privacy standards.
The data processing as outlined above is done on the basis of Section 6 Subsection 1 lit. f) GDPR on the basis of the legitimate interests of Google. This includes, amongst others, displaying personalized advertisements, market research and improving the website of the company. You have the right to object, and you will have to contact Google in order to do so.
You may access information regarding data protection in connection with the use of Google Maps on Google's website ("Google Privacy Policy"): http://www.google.de/intl/en/policies/privacy.
14. Waiving automated decision-making or profiling
For this website, we do not use automated decision-making or profiling.