Privacy Policy for the ARTBUTLER Website


Version: July 2022


1. Introduction


In this privacy policy, you will learn how we deal with personal data in the context of your visit to our website. If you use our services within the ARTBUTLER software, you will receive a separate privacy policy.

2. Data Controller


This data protection declaration shall apply to data processing by us as the controller pursuant to Article 4 (7) of the General Data Protection Regulation (GDPR, DSGVO). Our contact details are:
ARTBUTLER
teamspring GmbH
Reichenberger Str. 113a
10999 Berlin
Germany

Commercial register: HRB 93459
Register Court: Amtsgericht Berlin-Charlottenburg

Contact: Dirk Herzer   
E-Mail:  info@teamspring.com
Phone: +49 (0)30 48 62 30 66

3. Terminology


Unless this Privacy Policy contains or implies a different definition, reference shall be made to the terms defined in Art. 4 GDPR with regard to the terminology used.

4. Processing of Your Personal Data


4.1. While Accessing Our Website
When you call up our website, i.e. when you otherwise transmit information to us, we or the host provider acting on our behalf only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
IP-Address
Date and time of inquiry
Time zone difference from Greenwich Mean Time (GMT)
Content of the inquiry (specific page)
Access status/HTTP status code
Respective amount of data transferred
Website, from where the inquiry originates
Browser 
Operating system
Language and Version of browser software
This data is technically necessary for us to display and provide you with our website. The legal basis for this processing shall be Art. 6 ( 1) p. 1 lit. f DSGVO. The hosting service provider we use processes personal data on our behalf and within the scope of our instructions as a so-called commissioned processor (Auftragsverarbeiter) pursuant to Art. 28 DSGVO.
Webhosting 
We use a so-called Content Delivery Network (CDN) of the provider IONOS.de, Elgendorfer Str. 57, D-56410 Montabaur, Germany. A CDN is a network of servers that are distributed worldwide. On the one hand, this serves to provide content in the shortest possible time due to greater physical proximity to the user. On the other hand, it mitigates peaks in demand by distributing the data traffic among different servers. Within the scope of using the CDN, the data listed in section 4.1 are processed. 
Furthermore, we use the CDN to ensure a technically flawless and fast presentation of our website and at the same time to relieve our IT infrastructure. The legal basis for this shall be Art. 6 (1) p. 1 lit. f DSGVO.
In the course of using our CDN, data may also be transferred to sub-processors and service providers. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA is judged to be inadequate by the European Commission. The transfer of data to the USA therefore shall be carried out on the basis of the standard contractual clauses pursuant to 46 (2) lit. c DSGVO. The standard contractual clauses are accessible at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE or, alternatively, you may request these documents from us using the contact options provided in section 2. 
Details on data processing by IONOS.de can be accessed here: https://www.ionos.de/terms-gtc/terms-privacy/ .

4.2. Cookies
Essential Cookies
We use cookies on our websites. Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between 
Session cookies: Session cookies are deleted when you close your browser. 
Permanent cookies: these cookies are stored beyond the individual session. 
On our websites, we use cookies that are essential for the operation of our websites. These cookies contain information about certain settings. They are not personal. Among other things, they also facilitate user navigation and ensure the security of the site. We do not use cookies for analytical, tracking or advertising purposes. 
The basis for the use is Art. 6 (1) lit. f DSGVO in the legitimate interest of being able to ensure functionality. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You may also delete cookies at any time in your browser settings and disable the setting of new cookies. Please note that our web pages may then not be displayed and some functions may no longer be technically available. Depending on your preferred browser, this may work in different ways. The following instructions show how to manage cookies in the most common browsers:
https://support.google.com/chrome/answer/95647?tid=311853917 
Safari: Manage Cookies and Website data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer
Internet Explorer: Delete and manage cookies

4.3. Analysis of Use
Matomo
We use Matomo (formerly Piwik) for web analytics. This service belongs to InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, („Matomo“) using cookie technology. 
We have additionally configured Matomo in such a way that your IP address is only recorded in shortened form. We therefore process your personal usage data anonymously. It is not possible for us to draw conclusions about your person. Further information on the Matomo terms of use and the data protection regulations can be found at: https://matomo.org/privacy/


4.4. In the Context of Contacting Us by E-Mail
We process e-mails that you send to us and that we send to you using the services of our e-mail provider. In the context of e-mail communication, our e-mail provider processes your personal data (i.e. your e-mail address and the information you provide in the e-mail) on our behalf to enable us to communicate with you by e-mail or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6 (1) sentence 1 lit. f or Art. 6 (1) sentence 1 lit. b DSGVO. We delete the data if it is no longer necessary and there are no legal obligations to the contrary. We will review this necessity every six months.


4.5. In the Context of Contacting Us by Telephone
If you contact us by telephone, we require your personal data (e.g. name, telephone number, address or e-mail address) in order to process your inquiry or request. This data processing is necessary in order for us to be able to communicate with you or, if you are our customer, to execute the contract. The processing of your personal data shall be based on Art. 6 (1) p. 1 lit. b DSGVO. We delete this data if it is no longer required and there are no legal obligations to the contrary. We will review this necessity every six months.


4.6. In the Context of Contacting Us via Contact Form
If you contact us via contact form or e-mail, we require your personal data (e.g. name, contact details, etc.) in order to process your inquiry or request. This data processing is necessary for us to be able to communicate with you or, if you are our customer, to execute the contract. The processing of your personal data shall be based on Art. 6 (1) S.1 lit. f or Art. 6 (1) S. 1 lit. b DSGVO. We delete the data if they are no longer required and there are no legal obligations that state otherwise. We will review this necessity every six months.


4.7. In the Context of Subscription to Our Newsletter
On our website you have the possibility to register for our free newsletter. 
When you register, we will store your email address. 
For the activation of the newsletter, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an email to the email address you have entered, in which we ask you to confirm that you wish to receive messages. In addition, we will store your IP addresses used and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. 
The newsletter is sent on the basis of the recipients' consent, Art 6 (1) 1 lit a DSGVO, or, if consent is not required, on the basis of our legitimate interests in direct marketing, Art 6 (1) 1 lit f DSGVO, if and insofar as this is permitted by law, e.g. in the case of existing customer advertising. 
We use the provider rapidmail GmbH, Wentzingerstraße 21, D-79106 Freiburg im Breisgau. 
The use of the mailing service provider, the performance of statistical surveys and analyses as well as the recording of the registration process, shall be carried out on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. As a matter of principle, no personal data collected as part of the respective newsletter service is passed on to third parties.
We will process your data in this context for as long as you are our user or until you object to this data processing.
Revocation
You may revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You may declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to contact@artbutler.com or by sending a message to the contact details provided in the imprint.

5. Social Media Appearances and contact plugin


In addition to our website, we are also active on various social media platforms. When you visit our social media presences, certain information about you will be processed. If you are logged into this social network via your own user account when you visit our presence, the data collected in the process will be directly assigned to your existing account.
It is possible that your personal data may also be collected if you are not logged in or do not have an account with the respective social media platform. In this case, this data collection occurs, for example, via cookies that are stored on your end device or by recording your IP address. 
Social networks store the data collected about you as usage profiles and may use them for purposes of analysis, advertising, market research.
When you visit our social media sites, we will process data about your actions and interactions with our social media sites and your publicly viewable profile data (e.g., your name and profile picture). Which personal data from your profile is publicly viewable depends on the settings you have made in your social media account. 
The purpose of our data processing on our social media presences is to inform customers about offers, products and company news, as well as to interact with the visitors of the social media appearances, to answer questions etc.. The legal basis for this shall be Art. 6 (1) p. 1 lit. f DSGVO. The data processing is carried out in the interest of our public relations and communication.
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. For you, this means that you may assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media platform.
We would like to point out that despite the joint responsibility with the social media platform operators, we do not have full influence on the data processing operations there. Our options are largely determined by the corporate policy of the respective platform operator.
The data collected directly by us via our social media presence will be deleted by us as soon as the purpose for storing the data no longer exists, you instruct us to delete the data, revoke your consent to store the data, or the purpose for storing the data no longer exists, unless statutory retention obligations apply.
For information on the storage period of your data on the social media platforms, please refer to the data protection declarations of the operators of the respective platforms. 

Facebook
We have a presence on Facebook. 
The data processing here takes place on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO, which you may view here: https://www.facebook.com/legal/terms/page_controller_addendum 
For details, please refer to the Facebook privacy policy: https://www.facebook.com/about/privacy/ 
The transmission and further processing of users' personal data to third countries, such as the USA, as well as the associated possible risks for users cannot be ruled out by us as the operator of the site.
You can contact Facebook's data protection officer via the online contact form provided by Facebook at https://www.facebook.com/help/contact/540977946302970 .

Instagram
We have an appearance on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. 
The transmission and further processing of users' personal data to third countries, such as the USA, as well as the associated possible risks for users cannot be ruled out by us as the operator of the site.
For details on their handling of your personal data, please refer to Instagram's privacy statement: help.instagram.com/519522125107875.

Zendesk
Zendesk GmbH c/o TaylorWessing, Neue Schönhauser Straße 3-5, D-10178 Berlin, Germany. The provider also uses servers outside the EEA where an adequacy decision exists. Data transfer to the USA may also occur. The level of data protection in the USA is assessed by the European Commission as not adequate. The data transfer to the USA shall be carried out, among other things, on the basis of the standard contractual clauses and our legitimate interests in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 (1) p. 1 lit. f. DSGVO in conjunction with. Art. 28 DSGVO, 46 (2) lit. c DSGVO. The standard contractual clauses are accessible at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE or, alternatively, you may request these documents from us using the contact options provided in section 2.
Information on data processing by Zendesk can be found here https://www.zendesk.de/company/agreements-and-terms/privacy-policy/#international-transfer-of-personal-data

6. Deletion of Data


The data processed by us will be deleted in accordance with Art. 17 DSGVO or restricted in its processing in accordance with Art. 18 DSGVO.

Unless otherwise regulated within the scope of this Privacy Policy, the data processed by us will be deleted as soon as it is no longer necessary for its purpose and the deletion does not conflict with any statutory retention obligations. We review the necessity every six months.


7. Rights of Persons Affected
 

You have the right:
In accordance with Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, conclusive information about its details;
pursuant to Art. 16 DSGVO, to request the correction of incorrect or incomplete personal data stored by us without undue delay;
pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you may contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.


8. Revocation of Granted Consent
 

If we process your personal data on the basis of your consent pursuant to Art. 9 (2) lit. a or Art. 6 (1) lit. a. DSGVO, you have the right to revoke any consent given to us pursuant to Art. 7 (3) DSGVO with effect for the future. 
If you would like to exercise your right of revocation, you may notify us by email to [please add]. Alternatively, you can also use the contact details mentioned above under point 2.


9. Objection in Case of Processing based on Legitimate Interest
 

Insofar as we process your personal data on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without indication of a particular situation.
If you would like to exercise your right of objection, you can notify us by e-mail to [please add]. Alternatively, you can also use the contact details mentioned above under point 2.


10. Security Measures
 

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.


11. Changes of the Privacy Policy
 

We shall reserve the right to change our Privacy Policy if this should be necessary due to new technologies or changes in our data processing procedures or in order to adapt it to changes in the legal situation applicable to us. However, this shall only apply to this Privacy Policy. If we process your personal data on the basis of your consent or if parts of the Privacy Policy contain provisions of the contractual relationship with you, any changes shall only be made with your consent.
The current version of our Privacy Policy and its history of changes can be found under artbutler.com/en/privacy-policy/.

Privacy Policy for ARTBUTLER CLOUD / Websites

1. Who is responsible for the data collection

teamspring GmbH
Dirk Herzer
Reichenberger Straße 113a
10999 Berlin
Germany

phoen: +49 (0)30/48623068
email: contact@artbutler.com

2. Collecting and storing personal data, as well as the type and purpose of data use

2.1 Data is processed on the basis of Article 6 Paragraph 1 Letter b of the GDPR for the specified purposes of fulfilling contractually agreed services. This relates to personal data that is required to facilitate the online service, bill for it (usage data) and the customer’s hosted data (content data). teamspring only collects and stores personal data shared by the customer (salutation, name, address, e-mail address, telephone number, fax number, bank details, bid history, purchase history) in accordance with the provisions of German data protection law.

2.2 Collected customer data is stored for the duration of the contractual relationship and after this period in line with retention obligations and documentation obligations under tax law and commercial law.

2.3 teamspring is also entitled to use usage data in an aggregated and anonymised way in order to generate statistics and carry out evaluations in accordance with Article 6 Paragraph 1 Letter f of the GDPR for the purposes of improving online services.

2.4 If the personal data required to conclude the contract is not provided by the customer or is inaccurate, teamspring reserves the right to refuse to conclude the contract or withdraw from the contract.

3. Sharing data with third parties

3.1 The client’s personal data is not shared with third parties for purposes other than those listed below.

3.2 Data sent to teamspring is hosted by third-party service providers (possibly also foreign service providers). Contract data processing contracts have been concluded with these service providers in accordance with Article 30 Paragraph 2 of the GDPR.

4. Data subject rights

4.1 You have the right to receive information about the origin and recipients of your stored personal data and the purposes for which this stored data is used for free at any time. You also have the right to request that this data is corrected, blocked or deleted.

4.2 You have the right to be notified if your personal data is further processed for purposes other than those for which is was collected. Pursuant to Article 13 (3) of the GDPR, teamspring GmbH notifies data subjects about other purposes and all other relevant information in accordance with Article 2(2) before this further processing begins.

4.3 If data protection law is breached, the data subject has a right to submit a complaint to the responsible supervisory authorities. The responsible supervisory authority for data protection law issues is the federal state’s data protection officer in the federal state where our company has its registered office.

4.4 The customer has the right to withdraw the consent given for Point 2.3 at any time. Sending an informal message to us by e-mail is sufficient to do so. The legality of the data processing carried out until consent is withdrawn remains unaffected by the withdrawal.

Privacy Policy for Artbutler NEXT


Version: July 2022


1. Introduction
 

Data protection is an important concern for us. Therefore, we shall always treat your personal data confidentially and, of course, comply with all applicable data protection regulations. This privacy policy is intended to inform you about how your personal data is processed.
This data protection declaration shall only apply to the processing of your data within the framework of the customer relationship. For your visit to our website www.artbutler.com, please refer to the relevant privacy policy. 


2. Data Controller
 

This data protection declaration shall apply to data processing by us as the controller pursuant to Article 4 (7) of the General Data Protection Regulation (GDPR, DSGVO). Our contact details are:
ARTBUTLER
teamspring GmbH
Reichenberger Str. 113a
10999 Berlin
Germany
Commercial register: HRB 93459
Register court: Amtsgericht Berlin-Charlottenburg
Contact: Dirk Herzer   
E-Mail:  info@teamspring.com
Phone: +49 (0)30 48 62 30 66


3. Terminology
 

Unless this Privacy Policy contains or implies a different definition, reference shall be made to the terms defined in Art. 4 GDPR with regard to the terminology used.


4. Commissioned Processing 
 

To fulfill our contractual obligations, we shall rely on the services of carefully selected third parties who process the data on our behalf. These shall in each case be commissioned processors with whom we have concluded an agreement in accordance with Art. 28 DSGVO. In addition, we shall ensure in advance, of course, that our processors comply with all data protection requirements, so that your data shall always be secure.


5. Processing of Your Personal Data 
 

5.1 In the Context of Contacting Us
 

If you contact us (e.g. by phone, contact form, email or via social media), we need your personal data (e.g. name, contact details, etc.) to process your inquiry or request. The processing of your personal data shall be based on Art. 6 (1) lit. b DSGVO. This personal data shall be stored in a CRM system ("Customer Relationship Management System") or comparable systems for inquiry management. This enables us to efficiently organize incoming contacts. This processing of your personal data shall be based on Art. 6 (1) lit. f DSGVO.
We shall delete the inquiries if they are no longer necessary or - in the case of statutory retention obligations - we shall restrict the processing. We shall review the necessity every six months. 


We use the CRM system of the following providers: 
Zendesk, Zendesk GmbH c/o TaylorWessing, Neue Schönhauser Straße 3-5, D-10178 Berlin, Germany. The provider also uses servers outside the EEA where an adequacy decision exists. Data transfer to the USA may also occur. The level of data protection in the USA is assessed by the European Commission as not adequate. The data transfer to the USA shall be carried out, among other things, on the basis of the standard contractual clauses and our legitimate interests in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 (1) p. 1 lit. f. DSGVO in conjunction with. Art. 28 DSGVO, 46 (2) lit. c DSGVO. The standard contractual clauses are accessible at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE or, alternatively, you may request these documents from us using the contact options provided in section 2.
Information on data processing by Zendesk can be found here https://www.zendesk.de/company/agreements-and-terms/privacy-policy/#international-transfer-of-personal-data .
 

Atlassian Pty Ltd; Level 6, 341 George Street, Sydney NSW 2000, Australia. Data processing may also involve data transfer to the USA. The provider also uses servers outside the EEA, insofar as an adequacy decision exists. Data may also be transferred to the USA. The level of data protection in the USA is assessed by the European Commission as not adequate. The data transfer to the USA shall be carried out, among other things, on the basis of the standard contractual clauses and our legitimate interests in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 (1) p. 1 lit. f. DSGVO in conjunction with. Art. 28 DSGVO, 46 (2) lit. c DSGVO. The standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE or, alternatively you may request these documents from us using the contact details provided in section 2.
Information on data processing by Atlassian can be found here  https://www.atlassian.com/de/legal/privacy-policy#how-we-transfer-information-we-collect-internationally . 
 

For handling telephone calls, we use an external VOIP system of the
Sipgate GmbH, Gladbacher Straße 74, 40219 Düsseldorf, Germany ("Sipgate"). All data transmitted via Sipgate is sent with 256 bit encryption and stored in Europe.
Sipgate uses the data of the users only for the technical processing of the requests and does not pass them on to third parties. In the course of processing service requests, it may be necessary to collect further data (name, address).
We have concluded a commissioned processing agreement with Sigpate pursuant to Art 28 DSGVO.
Information on data processing by Sigpate can be found here https://www.sipgate.de/datenschutz 
 

5.2 In Case of Using Our ARTBUTLER Software
 

5.2.1 Mandatory Information When Registering for the ARTBUTLER Software 
 

When you register to use the ARTBUTLER software, you shall provide certain information about yourself as mandatory data. We shall therefore process the following personal data from you:
Name
E-Mail address
Device (hardware identifications)
Password
The legal basis for the processing shall be Art. 6 (1) p. 1 lit. b DSGVO. 
We shall store your data until the trial period has expired and you do not select a paid use and delete the account data after 4 months.
If you choose a paid use of the ARTBUTLER software, we shall store the data for the duration of the contractual relationship. The account data shall be stored for another 3 years after the end of the contractual relationship according to the limitation period of civil law claims. 
After that, your data shall be deleted with regard to the user account, unless their storage is necessary for reasons of commercial or tax law according to Art. 6 (1) S.1 lit. c DSGVO.


5.2.2. Voluntary Information When Using the ARTBUTLER Software 

 
In addition to the required mandatory information, you may provide additional information when using the ARTBUTLER Software services. Therefore, we may process personal data that you voluntarily add to your profile, such as
User Data such as work- or artist descriptions
The legal basis for the processing shall be Art. 6 (1) p. 1 lit. b DSGVO. The deletion of this data is either selective for certain details when you remove them from our platform and complete 4 weeks after you delete your account on our platform.
All data you enter and manage in your account when using our software services such as art management and website/showroom services shall generally not be visible to third parties, privacy by default. 
However, you have the option to make data visible to third parties of your choice when using our Website Services and Showroom Services. 


5.2.3. When Using Our Website-Services
 

You can set the web page that you create with our software to public. This means that all the personal data you submit to the website will be visible to third parties.
Hosting
Use of a Content Delivery Network
We use a so-called Content Delivery Network (CDN) of the provider AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg. A CDN is a network of servers that are distributed worldwide. On the one hand, this serves to provide content in the shortest possible time due to greater physical proximity to the user. On the other hand, it mitigates peaks in demand by distributing the data traffic among different servers. The following data is processed when using the CDN:
IP-Address
Date and time of inquiry
Time zone difference from Greenwich Mean Time (GMT)
Content of the inquiry (specific page)
Access status/HTTP status code
Respective amount of data transferred
Website, from where the inquiry originates from
Browser 
Operating system
Language and Version of browser software
Furthermore, we use the CDN to ensure a technically flawless and fast presentation of our website and at the same time to relieve our IT infrastructure. The legal basis for this shall be Art. 6 (1) p. 1 lit. f DSGVO.
In the course of using our CDN, data may also be transferred to sub-processors and service providers. In this context, the above-mentioned data may be transferred to the USA and stored there. The level of data protection in the USA is judged to be inadequate by the European Commission. The transfer of data to the USA therefore shall be carried out on the basis of the standard contractual clauses pursuant to 46 (2) lit. c DSGVO. The standard contractual clauses are accessible at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE or, alternatively, you may request these documents from us using the contact options provided in section 2. 
Details on data processing by AWS can be found here:
https://aws.amazon.com/de/caching/cdn/; https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation_2022_02_04.pdf


5.2.4. When Using the Artbutler Showrooms


While Using the Artbutler Software you have the possibility to set up showrooms. These will generally be set to be private, privacy by default. 
You have the opportunity to enable access to these showrooms to third persons by sending them an invitation link. Personal Data that is provided in the showroom will thereby be visible to third persons. 


5.3. Processing of Your Data for the Execution of the Contract
 

If you are or become our customer, we shall process data from you that may have personal reference in the context of processing your order. The processed data includes master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons as well as information on the products ordered and delivered via the platform) as well as payment data (e.g., your bank details in case of direct debit payment, credit card number if applicable, payment history).
This data is required by us for the fulfillment of the contract. If this includes personal data, the processing shall be carried out on the basis of Art. 6 (1) lit. b DSGVO.
In principle, the data shall be deleted as soon as they are no longer required to achieve the stated purpose; Art. 17 (1) lit. a DSGVO. All data processed for contractual purposes shall be necessary for dealing with any warranty and comparable obligations at least for the duration of the respective warranty obligation. The necessity of keeping the data shall be reviewed every three years.


Payment Provider
For the payment of our services, we offer you the services of payment providers.
PayPal
When paying via PayPal, the collection, processing and storage of electronic payment transaction data is carried out by our partner PayPal (PayPal (Europe) S.à r. l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449, Luxembourg).
If you wish to pay via PayPal, you must be registered with PayPal or register first and legitimize yourself with your access data. The payment transaction is carried out automatically by PayPal immediately after confirmation of the payment instruction. You will receive further instructions during the order process.
For each payment transaction PayPal receives data for the processing of electronic payment transactions, such as gender, first name, last name, company, address, zip code, city, country, customer number, e-mail, or type of payment. PayPal collects this data directly from you and it is processed by PayPal as part of the payment processing. The transfer of your data to PayPal takes place in each case in accordance with Art. 6 (1) lit. b DSGVO. For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. 
You may object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments or if there are legal obligations to retain data.


Stripe
The execution and thus the collection, processing and storage of electronic payment transaction data is carried out by our payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland („Stripe“). Through Stripe, it is possible to offer various payment methods, such as credit card payments or direct debit.
For each payment transaction, Stripe receives data for the processing of electronic payment transactions, such as the information you provided during the ordering process together with information about your order (name, address, account number, bank routing number, credit card number (if applicable), invoice amount, currency and transaction number). The processing of your data by Stripe is necessary for payment processing and thus for the execution of the contract. The legal basis for this shall be Art. 6 ( 1) p. 1 lit. b DSGVO. This data will be deleted after expiry of the legal retention obligations. Stripe processes your personal data on our behalf and within the scope of our instructions as a so-called commissioned processor in accordance with Art. 28 DSGVO.
The service provider Stripe used by us in this context, which processes personal data on our behalf and within the scope of our instructions as a so-called order processor pursuant to Art. 28 DSGVO, transmits data to group companies in the USA. The level of data protection in the USA is assessed by the European Commission as not adequate. The transfer of data to the USA therefore shall be carried out on the basis of the standard contractual clauses pursuant to Art. 46 (2) lit. c DSGVO. The standard contractual clauses are accessible at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE or, alternatively, you may request these documents from us using the contact details provided in section 2.
Further information on data processing by Stripe can be found herehttps://stripe.com/at/privacy?tid=311853917 


5.4. Processing of Your Data for Contact Management and Marketing
 

We shall store master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers) as well as contractual data (e.g., services used, contents of contracts, contractual communication, names of contact persons) of customers, prospective customers, suppliers and other business partners, e.g., for the purpose of contacting them at a later date. This personal data can be stored in a CRM system ("Customer-Relationship-Management System") or comparable systems for the organization of inquiries. This enables us to efficiently organize incoming contacts. This processing of your personal data shall be carried out on the basis of Art. 6 (1) lit. f DSGVO.
For the purpose of contact management, we shall use the commissioned processors mentioned under section 6.1. which we have carefully selected, with whom we have concluded an agreement in accordance with Art. 28 DSGVO and whose reliability we regularly check.


5.5.Processing of Your Data for Online-Marketing Purposes
 

We use rapidmail GmbH, Wentzingerstraße 21, D-79106 Freiburg im Breisgau, Germany, for our online marketing. That is an embedded software solution that we use to cover various aspects of our online marketing. These include:
E-Mail-Marketing (newsletters as well as automated mailings, e.g. to provide downloads),
Reporting (e.g. traffic sources, accesses, etc. …)
Contact management (e.g. user segmentation & CRM)
Contact forms.
The contents of our website are stored on servers of our service provider. They may be used by us to contact visitors to our website and to determine which of our company's services are of interest to you. We use all collected information exclusively to optimize our marketing measures.
We use rapidmail due to our interest in optimizing our marketing measures and improving our service quality on the website. The legal basis for the use of the services of rapidmail shall therefore be Art. 6 (1) lit. f DSGVO. 


5.6.Processing of Your Data for Accounting Purposes
 

In addition, we process your data for accounting purposes. Such processing is based, for one thing, on legal obligations pursuant to Art. 6 (1) lit. c DSGVO and, for another, on our interest in the efficient design of accounting processes, pursuant to Art. 6 (1) lit. f DSGVO. For this purpose, we use processors that we have carefully selected, with whom we have concluded an agreement pursuant to Art. 28 DSGVO and whose reliability we regularly check. For accounting, we use services of the provider  DATEV eG, Paumgartnerstraße 6-14, D 90429 Nürnberg, Germany.
According to legal requirements in Germany, we shall also be obliged to retain or store certain data so that we may not delete or destroy them even after the purpose has been achieved; Art. 17 (3) lit. b DSGVO. This concerns master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).
Thus, the retention or storage in particular of books, records, inventories, annual financial statements, management reports, the opening balance sheet as well as the respective work instructions and other organizational documents required for their understanding, the received and sent commercial or business letters, the accounting vouchers as well as other documents, insofar as they are of importance for taxation, is prescribed for ten years in accordance with § 147 (1) AO. This shall also apply to any personal data of data subjects contained in the aforementioned documents. The legal basis for this retention or storage shall be Art. 6 (1) lit. c DSGVO.


5.7.Disclosure of Your Data in the Event of a Corporate Transaction or Sale of Our Company or Part Thereof
 

It may happen that our company becomes the subject of a corporate transaction, i.e. when our company or a part of it is sold or an investor takes part in it. In such a event, it is necessary for the buyer or investor to receive information about our current business relationships in advance in order to be able to assess the value of our company or to continue the current business relationships. 
In the event of a corporate transaction, we transmit your anonymized or pseudonymized data to the investor or a commissioned service provider so that the latter can quantify the value of our company. The transmitted data includes contract data (e.g. services used, contract content (anonymized or pseudonymized) , contractual communication), as well as payment data (e.g. payment history). The legal basis for this transfer shall be Art. 6 (1) lit. f DSGVO. Before any transfer of your data to third parties, we carefully weigh the interests involved. In this process, the legitimate interest of our company in a valuable corporate transaction as well as the interest of the investor in an accurate and fair pricing shall be weighed against your interests in a responsible handling of your customer data.
In the event of the sale of our company or part of whose customer you are, we will transfer your personal data to the buyer so that the buyer can continue the business already in progress with you. In such a case, the transmitted data includes your master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history). The legal basis for this transfer is Art. 6 (1) lit. f DSGVO. Before any transfer of your data to third parties, we carefully weigh the interests. Here, the legitimate interest of the buyer in a continuation of the business relationship with you shall be weighed against your interests in a responsible handling of your customer data. In addition, we will inform you before the planned transfer and give you the opportunity to object to the transfer of your data to the buyer of the business unit.


6.Transfer to Third Countries
 

We only process your personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) if it is necessary for the fulfillment of our (pre)contractual obligations (pursuant to Art. 6 (1) lit. b. DSGVO), on the basis of your consent (pursuant to Art. 6 (1) lit. a DSGVO), on the basis of a legal obligation (pursuant to Art. 6 (1) lit. c. DSGVO) or on the basis of our legitimate interests (pursuant to Art. 6 (1) lit. f. DSGVO). The same applies if third parties process your data on our behalf in a third country. 
Subject to legal or contractual permissions, we shall only process or allow the processing of data in a third country if the special requirements of Art. 44 et seq. DSGVO are met. I.e. the processing takes place e.g. on the basis of an adequacy decision, or officially recognized special contractual obligations (EU Standard contractual clauses https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en ). 


7. Deletion of Data
 

The data processed by us will be deleted in accordance with Art. 17 DSGVO or restricted in its processing in accordance with Art. 18 DSGVO. 
Unless otherwise regulated within the scope of this Privacy Policy, the data processed by us will be deleted as soon as it is no longer necessary for its purpose and the deletion does not conflict with any statutory retention obligations. We review the necessity every six months. If the data is not deleted because it is required for other, legally permissible purposes, its processing is restricted. I.e. the data is blocked and not used. This applies, for example, to data that must be retained for reasons of commercial or tax law. 
According to legal requirements in Germany, the retention or storage of, in particular, books, records, management reports, accounting vouchers, commercial and business letters, as well as documents relevant for taxation, etc., is carried out for ten years in accordance with Section 147 (1) AO (Abgabenordnung).


8. Rights of Persons Affected
 

You have the right:
In accordance with Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, conclusive information about its details;
pursuant to Art. 16 DSGVO, to request the correction of incorrect or incomplete personal data stored by us without undue delay;
pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you may contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.


9. Rights of Revocation and Objection
 

9.1.Revocation of Granted Consent
 

If we process your personal data on the basis of your consent pursuant to Art. 6 (1) lit. a. DSGVO, you have the right to revoke any consent given to us pursuant to Art. 7 (3) DSGVO with effect for the future.
If you would like to exercise your right of revocation, you may notify us by email to contact@artbutler.com. Alternatively, you can also use the contact details mentioned above under point 2.


9.2. Objection in Case of Processing based on Legitimate Interest


Insofar as we process your personal data on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without indication of a particular situation.
If you would like to exercise your right of objection, you can notify us by e-mail to contact@artbutler.com. Alternatively, you can also use the contact details mentioned above under point 2.


10. Security Measures


We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.


11. Changes of the Privacy Policy


We shall reserve the right to change our Privacy Policy if this should be necessary due to new technologies or changes in our data processing procedures or in order to adapt it to changes in the legal situation applicable to us. However, this shall only apply to this Privacy Policy. If we process your personal data on the basis of your consent or if parts of the Privacy Policy contain provisions of the contractual relationship with you, any changes shall only be made with your consent.
The current version of our Privacy Policy and its history of changes can be found under artbutler.com/en/privacy-policy