As the operator of this website, we take the protection of your personal data very seriously. We treat your personal information confidentially and in accordance with the statutory data protection regulations as stated in the data protection declaration below.

Data protection declaration pursuant to GDPR

The responsible party within the meaning of the General Data Protection Regulation and other national data protection statutes of the member states and other data protection provisions is

Anna Polke-Stiftung
Domstr. 60, Hofhaus
50668 Cologne
Germany

+49 (0) 221 29438-633
mail@anna-polke-stiftung.com
www.anna-polke-stiftung.com

I. General information on data processing

1. Scope of processing of personal data

In principle, we process personal data of our users only to the extent necessary for providing a functional website as well as our content and services. Users’ personal data is regularly processed only with the users’ consent. The only exceptions are cases in which obtaining prior consent is not possible for practical reasons and the processing of the data is permitted according to statutory provisions.

In principle, we process personal data of our users only to the extent necessary for providing a functional website as well as our content and services. Users’ personal data is regularly processed only with the users’ consent. The only exceptions are cases in which obtaining prior consent is not possible for practical reasons and the processing of the data is permitted according to statutory provisions.

2. Legal basis for processing personal data

To the extent that we obtain the consent of the data subjects to process personal data, Art. 6 (1) a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing of personal data is necessary to fulfil a contract to which the data subject is a party, Art. 6 (1) b GDPR serves as the legal basis. This also applies for the processing required to carry out pre-contractual actions.
Insofar as personal data must be processed in order to meet a legal requirement to which our enterprise is subject, Art. 6 (1) c GDPR serves as the legal basis.
Should vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) d GDPR serves as the legal basis.
If processing is necessary within the scope of a legitimate interest of our enterprise or a third party and this is not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 (1) f GDPR serves as the legal basis for processing.

3. Data erasure and duration of storage

Personal data of the data subject are erased or blocked when the purpose of storage no longer obtains. Additionally, data can be stored where provided for by European or national legislation in the form of ordinances, statutes or other regulations to which the responsible organisation is subject. Data are also blocked or erased when a storage period set out in the cited legal norms expires unless further storage of the data is required for conclusion or execution of a contract.

II. Provision of the website and generation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically logs data and information from the computer system of the accessing computer.

The following data are collected:

1. Information on the browser type and version used
2. The user’s operating system
3. The user’s internet service provider
4. The IP address (in anonymised form)
5. Date and time of access

These data are also stored in the log files of our system. This does not apply to the user’s IP address or other data that enable an association of the data with a user. These data are not stored together with the user’s other personal data.

2. Legal basis for data processing

Art. 6 (1) f GDPR constitutes the legal basis for the temporary storage of data and log files.

3. Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Storage using a pixel or in log files is performed to in order to secure the website’s functionality. We also use the data to optimise our website and ensure the security of our IT systems. Data are not evaluated for marketing purposes in this connection.

These purposes represent a legitimate interest within the meaning of Art. 6 (1) f GDPR.

4. Duration of storage

The data are deleted as soon as they are no longer required for achieving the purpose for which they were stored. In the case of acquisition of data for provision of the website, this is the case when the respective session is concluded.

Where data are stored using a pixel or in log files, this is done solely in anonymised form (solely to determine the location of access). The data are stored for eight weeks. In this case, the users’ IP addresses are only used in anonymised form, so that they can no longer be associated with the accessing clients.

5. Possibility for objection and elimination

The acquisition of the data for provision of the website and storage of the data in log files are essential for the operation of the web presence. The user has no possibility for objection.

III. Use of cookies, tracking and logging

a) Description and scope of data processing
Our website does not use cookies. Tracking and logging are active by default.
The following data are stored and transferred:

1. Referrer (previously visited website)
2. Requested web page or file
3. Browser type and version
4. Operating system used
5. Device type used
6. Time of access
7. IP address in anonymised form (used for determining accessing location)

The user data acquired in this way are anonymised using technical precautions. Consequently, it is no longer possible to associate the data with the accessing user. The data are not stored together with other personal data of the user.

b) Purpose of data processing

The purpose of data acquisition (web analytics) is solely for a legitimate interest, in order to ensure the security and stability of the offering and provide website visitors the highest quality experience.
In web analytics, the data are only analysed statistically, and collected for the purpose of technically optimising the web offering.
No data are disclosed to third parties. Data are not transmitted to third countries.

The purpose of data acquisition (web analytics) is solely for a legitimate interest, in order to ensure the security and stability of the offering and provide website visitors the highest quality experience.
In web analytics, the data are only analysed statistically, and collected for the purpose of technically optimising the web offering.
No data are disclosed to third parties. Data are not transmitted to third countries.

IV. Newsletter

1. Description and scope of data processing

On our website, it is possible to subscribe to a free newsletter. For this purpose, the data for newsletter registration are transmitted to us from the entry form.

Only the entry of the email address is essential. Entry of a name is voluntary.

The following data are additionally collected during registration:

1. IP address of the accessing user
2. Date and time of registration

Your consent is obtained for the purposes of processing the data as part of the registration process and reference is made to this data protection declaration.
If you wish to receive the newsletter offered on this website, we require your email address and information that enables us to verify that you are the holder of the entered email address and consent to receive the newsletter.
We use the double opt-in method to ensure consent to our sending the newsletter. This process adds the potential recipient to our distribution list. The user then receives a confirmation email with the option of confirming registration with legal certainty. The address is actively added to the distribution list only when confirmation is received.
We use these data solely to send the requested information and offerings.
We use Newsletter2Go to manage our newsletters. Your data are transmitted to Newsletter2Go GmbH for this purpose. Newsletter2Go is not allowed to sell your data or use it for any other purpose than sending newsletters. Newsletter2Go is a German, certified provider that was selected according to the requirements of the General Data Protection Regulation and the German Data Protection Act.
Further information is available at: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
You can revoke your consent to the storage of data, your email address and their use to send newsletters at any time, for instance via the “Unsubscribe” link in the newsletter.

The legal data protection actions are subject to continuing technical progress; for this reason, we encourage you to inform yourself about our data protection actions by regularly viewing our data protection declaration.

No data are provided to third parties in the context of data processing for the purpose of distributing newsletters. These data are used solely for distributing the newsletter.

2. Legal basis for data processing

The legal basis for processing data following the user’s registration for the newsletter where the user’s consent has been obtained is Art. 6 (1) a GDPR

3. Purpose of data processing
The user’s email address is acquired for the purpose of delivering the newsletter.

4. Duration of storage
The data are erased as soon as they are no longer required for achieving the purpose for which they were stored. The user’s email address is thus stored for as long as their newsletter subscription is active.

5. Possibility of objection and elimination
Users can terminate their subscription to the newsletter at any time. Each newsletter contains a corresponding link for this purpose.

V. Rights of data subjects
If your personal data are processed, you are a data subject within the meaning of the GDPR, and have the following rights with respect to the responsible party:

1. Right of information

You may demand from the responsible party confirmation whether we process personal data that relate to you.
If such data are processed, you may demand the following information from the responsible party:

1. The purposes for which the personal data are processed
2. The categories of personal data that are processed
3. The recipients and categories of recipients to whom your personal data have been disclosed or will be disclosed
4. The planned duration of storage of your personal data or, if concrete information is not possible here, criteria for determining the duration of storage
5. The existence of a right to rectify or erase your personal data, a right to restrict the processing of your personal data by the responsible party or a right to object to such processing
6. The existence of a right to complain to a supervisory authority
7. All available information respecting the origin of the data if the personal data were not obtained from the data subject
8. The existence of an automated decision-making process including profiling pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information as to the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to demand information as to whether your personal data have been transmitted to a third country or an international organisation. In this connection, you can demand to be informed of the appropriate guarantees within the meaning of Art. 46 GDPR in connection with the transmission of data.

2. Right to rectify personal data
You have a right with respect to the responsible party to rectify and/or complete personal data insofar as the personal data relating to you that is being processed is incorrect or incomplete. The responsible party must implement this rectification without delay

3. Right to restriction of processing

You can demand restriction of the processing of your personal data under the following circumstances:

1. When you dispute the correctness of the personal data pertaining to you over a period that enables the responsible party to review the correctness of the personal data
2. When the processing is illegal and you decline the erasure of your personal data and instead demand that the use of your personal data be restricted
3. When the responsible party no longer requires your personal data for the purposes of processing but you require these in order to assert, exercise or defend claims in law; or
4. When you have lodged an objection to processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the responsible party’s legitimate interests outweigh your reasons.

If the processing of your personal data has been restricted, these data can – with the exception of their storage – only be processed with your consent or in order to assert, exercise or defend claims in law or to protect the rights of other natural or legal persons or for reasons of an important public interest of the Union or a member state.
If processing has been restricted under the aforementioned conditions, the responsible party will inform you before the restriction is lifted.

4. Right to erasure

a) Erasure obligation
You can demand that the responsible party erase your personal data without delay, and the responsible party is obligated to erase these data without delay, insofar as one of the following reasons applies:

1. Your personal data are no longer required for the purpose for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing pursuant to Art. 6 (1) a or Art. 6 (2) a GDPR rested, and no further legal basis for processing exists.
3. You lodge an objection to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to processing pursuant to Art. 21 (2) GDPR.
4. The relevant personal data were processed unlawfully.
5. The erasure of your personal data is required to fulfil a legal obligation under Union law or the law of the member states to which the responsible party is subject.
6. Your personal data were acquired in connection with the provision of information society services pursuant to Art. 8 (1) GDPR.

b) Information to third parties
If the responsible party has publicly disclosed your personal data and it is obligated to erase these data according to Art. 17 (1) GDPR, the responsible party is obligated to take appropriate actions necessary under consideration of the available technology and the implementation costs, including technical actions, to inform the party responsible for processing the personal data that you as the data subject have demanded the erasure of all links to these personal data or of copies or replications of these personal data.

c) Exceptions
The right to erasure does not exist insofar as processing is necessary

1. To exercise the right of free expression and information
2. To fulfil a legal obligation required by the law of the Union or the member states to which the responsible party is subject or to perform a mission in the public interest or in the exercise of public power which has been delegated to the responsible party
3. For reasons of the public interest in the area of public health pursuant to Art. 9 (2) h and I and Art. 9 (3) GDPR
4. For archiving purposes in the public interest, scholarly and historical research or statistical purposes pursuant to Art. 89 (1) GDPR insofar as the right set out in a) is likely to render impossible or severely impair the realisation of the ends of this processing; or
5. To assert, exercise or defend claims in law.

5. Right to be informe

If you have asserted your right of rectification, erasure or restriction of processing with respect to the responsible party, the latter is obligated to notify all recipients to which it disclosed your personal data of this rectification or erasure of data or restriction of processing, unless this should prove to be impossible or entails unreasonable expense.
In place of this, you have the right to demand that the responsible party inform you of these recipients.

6. Right to data portability

You have the right to receive the personal data which you have provided to the responsible party in a structured, generally used and machine-readable format. Additionally, you have the right to transmit these data to another responsible party without obstruction by the responsible party to whom the personal data were provided, insofar a

1. Processing is based on consent pursuant to Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract pursuant to Art. 6 (1) b GDPR; and
2. Data are processed using automated procedures.

In exercise of this right, you additionally have the right to require that your data be transmitted directly from one responsible party to another, insofar as this is technically feasible. This may not impair the freedoms and rights of other persons.
The right to data portability does not apply for the processing of personal data required to perform a mission in the public interest or in the exercise of public power that has been delegated to the responsible party

7. Right of objection

You have the right to object to the processing of your personal data on the basis of Art. 6 (1) e or f GDPR at any time for reasons relating to your specific situation; this also applies to profiling on the basis of these provisions.
The responsible party will no longer process your personal data unless it can demonstrate compelling reasons worthy of protection for such processing that outweigh your interests, rights and freedoms, of the processing serves the assertion, exercise or defence of claims in law.
If your personal data are processed for the purpose of direct advertising, you have the right to object to the processing of your personal data for the purposes of such advertising at any time; this also applies for profiling, insofar as this is associated with such advertising.
If you object to processing for the purposes of direct advertising, your personal data will no longer be used for this purpose.
In connection with the use of information society services, you have the possibility to exercise your right of objection using automated processes in which technical specifications are used, irrespective of Directive 2002/58/EEC.

8. Right to revoke your data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. This revocation of consent does not affect the legality of processing on the basis of consent prior to revocation

9. Automated decision-making in individual cases including profiling
You have the right to not be subject to a decision based solely on automatic decision-making – including profiling – that affects you legally or otherwise materially damages you. This does not apply when the decision

1. Is required for concluding or fulfilling a contract between you and the responsible party
2. Is permissible on the basis of legal provisions of the Union or the member states to which the responsible party is subject and these legal provisions contain appropriate actions for preserving your right and freedoms and your legitimate interests; or
3. Occurs with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, provided Art. 9 (2) a or g GDPR do not apply and appropriate actions have been implemented to protect your rights and freedoms and legitimate interests.
With respect to the cases in (1) and (3), the responsible party shall implement suitable measures to preserve your rights and freedoms and legitimate interests, which at a minimum shall include the right to present your position and challenge the decision to a person in the responsible party’s employ.

10. Right to complain to a supervisory authority

Irrespective of other administrative or judicial legal recourse, you have the right to complain to a supervisory authority, in particular in the member state in which you reside, work, or in which the alleged violation occurred, if you believe that the processing of your personal data is in violation of GDPR.
The supervisory authority to which you complain informs the complainant of the status and the result of the complaint including the possibility of judicial recourse purusant to Art. 78 GDPR.