top of page

Privacy Policy - Peter Stahr - ART

Privacy Policy
1. Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data
when you visit this website. Personal data refers to any information that can be used to
identify you personally. For detailed information on data protection, please refer
to our privacy policy listed below this text.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact information
in the “Information on the Responsible Party” section of this privacy policy.
How do we collect your data?
2 / 11
Your data is collected, on the one hand, when you provide it to us. This may include, for example,
data that you enter into a contact form.
Other data is collected automatically or with your consent when you visit the website via our IT systems.
This consists primarily of technical data (e.g., internet browser, operating system, or time
of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure the website functions properly. Other
data may be used to analyze your user behavior. If contracts
can be concluded or initiated via the website, the transmitted data is also processed for contract offers,
orders, or other order inquiries.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge regarding the origin, recipients, and purpose of your
stored personal data. You also have the right to request the correction or
deletion of this data. If you have given consent to data processing,
you may revoke this consent at any time with future effect. Furthermore, you have the right, under
certain circumstances, to request the restriction of the processing of your personal data.
You also have the right to lodge a complaint with the competent supervisory authority.
You may contact us at any time regarding this matter or any other questions about data protection.
2. Hosting
We host the content of our website with the following provider:
WIX
The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter “WIX”).
WIX is a tool for creating and hosting websites. When you visit our website,
WIX is used to analyze user behavior, visitor sources, the region of website visitors, and
visitor numbers. WIX stores cookies on your browser that are necessary for displaying the website
and ensuring security (essential cookies).
The data collected via WIX may be stored on various servers worldwide.
WIX’s servers are located in the U.S., among other places.
For details, please refer to WIX’s Privacy Policy:
https://de.wix.com/about/privacy.
According to WIX, data transfers to the U.S. and other third countries are based on the Standard Contractual Clauses
of the European Commission or comparable safeguards pursuant to Article 46 of the GDPR. Details can be found here:
https://de.wix.com/about/privacy-dpa-users.
The use of WIX is based on Article 6(1)(f) of the GDPR. We have a legitimate
interest in ensuring the most reliable presentation of our website possible. If corresponding
consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a)
GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to
information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. The
consent may be revoked at any time.
3 / 11
The company is certified under the “EU-US Data Privacy Framework” (DPF). The
DPF is an agreement between the European Union and the United States intended to ensure compliance
with European data protection standards for data processing in the United States. Every company
certified under the DPF commits to complying with these data protection standards. Further
information on this is available from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5626.
Data Processing
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service.
This This is a contract required by data protection law that
ensures that the service provider processes the personal data of our website visitors only in accordance with our
instructions and in compliance with the GDPR.
3. General Information and Mandatory Disclosures
Data Protection
The operators of these pages take the protection of your personal data very seriously.

We treat your personal data confidentially and in accordance with applicable data protection laws as well as
this Privacy Policy.
When you use this website, various types of personal data are collected.
Personal data is data that can be used to personally identify you. This
Privacy Policy explains what data we collect and how we use it. It also explains how
and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g., when communicating via email)
may involve security vulnerabilities. It is not possible to completely protect data from access by third parties.
Information on the data controller
The data controller responsible for data processing on this website is:
Peter Stahr ART
Von-Ossietzky-Str. 52
37085 Göttingen
Phone: 05517707976
Email: info@peterstahr.de
The controller is the natural or legal person who, alone or jointly with others,
determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).
 

Retention Period
Unless a more specific retention period is stated in this Privacy Policy,
we will retain your personal data until the purpose for which it was collected no longer applies. If you
submit a valid request for erasure or revoke your consent to data processing,
your data will be deleted unless we have other legally permissible grounds for storing your
personal data (e.g., retention periods under tax or commercial law); in
the latter case, the data will be deleted once these grounds no longer apply.
4 / 11
General Information on the Legal Bases for Data Processing on This
Website
If you have consented to data processing, we process your personal data on
the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, provided that special categories of data
are processed in accordance with Art. 9(1) GDPR. In the event of explicit consent to the transfer
of personal data to third countries, data processing is also carried out on the basis of Art.
49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on
your end device (e.g., via device fingerprinting), data processing is additionally
based on Section 25(1) of the TDDDG. Consent may be revoked at any time. If your data is
necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your
data based on Article 6(1)(b) of the GDPR. Furthermore, we process your data if it
is necessary to fulfill a legal obligation on the basis of Article 6(1)(c) of the GDPR.
Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f)
of the GDPR. The legal bases applicable in each individual case are described in the following
sections of this Privacy Policy.
Recipients of Personal Data
As part of our business activities, we collaborate with various external parties. In doing so,
it is sometimes necessary to transfer personal data to these external parties.
We only disclose personal data to external parties if this is necessary for the
performance of a contract, if we are legally obligated to do so (e.g., disclosure of data
to tax authorities), if we have a legitimate interest pursuant to Art. 6(1)(f) GDPR in the disclosure,
or if another legal basis permits the disclosure of data. When using
data processors, we only transfer our customers’ personal data on the basis of a valid
data processing agreement. In the case of joint processing, a joint
processing agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may withdraw
consent that has already been given at any time. The lawfulness of the data processing carried out prior to the withdrawal
remains unaffected by the withdrawal.
Right to object to data collection in specific cases as well as to
direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(e) OR (f) OF THE GDPR
, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA
; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
THE SPECIFIC LEGAL BASIS ON WHICH PROCESSING IS BASED
CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT,
WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS
WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING
that override your interests, rights, and freedoms, or the
processing is necessary for the establishment, exercise, or defense of
legal claims (objection pursuant to Art. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES,
YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR
for the purposes of such marketing;
this also applies to profiling, insofar as it is related to such direct marketing
5 / 11
. IF YOU OBJECT, YOUR PERSONAL DATA
WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION
PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a
supervisory authority, in particular in the Member State of their habitual residence, their place of work,
or the location of the alleged violation. This right to lodge a complaint is without prejudice to other
administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract
provided to you or to a third party in a commonly used, machine-readable format.
If you request the direct transfer of the data to another controller,
this will only take place to the extent that it is technically feasible.
Access, Rectification, and Erasure
Within the scope of applicable legal provisions, you have the right at any time to obtain, free of charge,
information about your stored personal data, its origin and recipients, and the
purpose of data processing, as well as, where applicable, the right to rectify or erase this data. For this purpose, as well as
for further questions regarding personal data, you may contact us at any time.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data.
You may contact us at any time regarding this. The right to restriction of processing applies in
the following cases:
If you dispute the accuracy of your personal data stored with us, we generally
need time to verify this. For the duration of the verification, you have the right to
request the restriction of the processing of your personal data.
If the processing of your personal data was or is unlawful, you may
request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it to exercise,
defend, or assert legal claims, you have the right to request the
deletion, to request the restriction of the processing of your personal data.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of
your interests against ours must be carried out. As long as it has not yet been determined whose interests
prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data—apart from
its storage—may only be processed with your consent or for the assertion, exercise, or
defense of legal claims, or to protect the rights of another natural or
legal person, or for reasons of an important public interest of the European Union or
a Member State.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as
orders or inquiries that you send to us as the site operator, this site uses SSL or TLS
6 / 11
encryption. You can recognize an encrypted connection by the fact that the address bar of the browser changes from
“http://” to “https://” and by the lock icon in your browser bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot
be read by third parties.
4. Data Collection on This Website
Cookies
Our website uses so-called “cookies.” Cookies are small data packets and do not cause
any damage to your device. They are stored on your device either temporarily for the duration of a session
(session cookies) or permanently (permanent cookies). Session cookies
are automatically deleted at the end of your visit. Permanent cookies remain stored on your device
until you delete them yourself or your web browser deletes them automatically.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party
cookies). Third-party cookies enable the integration of certain services from
third-party companies within websites (e.g., cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain
website functions would not work without them (e.g., the shopping cart function or the display
of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies serve various purposes. Many cookies are technically necessary, as certain
website features would not work without them (e.g., the shopping cart feature or the display
of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide
certain functions you have requested (e.g., the shopping cart function), or to optimize the
website (e.g., cookies for measuring web traffic) (necessary cookies) are stored on the
basis of Art. 6(1)(f) GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies to
ensure the technically error-free and optimized provision of its services. If consent to
the storage of cookies and comparable recognition technologies has been requested, the
processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1)
TDDDG); consent may be revoked at any time.
You can configure your browser to be notified when cookies are set and
to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for specific cases or generally,
and to enable the automatic deletion of cookies when closing the browser. If
cookies are deactivated, the functionality of this website may be limited.
If additional cookies and services are used on this website, you can find this information in this
Privacy Policy.
Contact Form
If you send us inquiries via the contact form, your details from the
inquiry form, including the contact information you provided there, will be stored by us for the purpose of processing the inquiry
and in case of follow-up questions. We will not disclose this data without your
consent.
The processing of this data is based on Art. 6(1)(b) GDPR, provided your inquiry is related to
the performance of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases, processing is based on our legitimate interest in the In all other cases, processing is based on our legitimate interest in the
effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your
7 / 11
consent (Art. 6(1)(a) GDPR) if such consent was requested; consent may be
withdrawn at any time.
The data you enter in the contact form will remain with us until you request its deletion,
withdraw your consent to its storage, or the purpose for data storage no longer applies
(e.g., after your inquiry has been processed). Mandatory legal provisions—
in particular retention periods—remain unaffected.
Inquiries via email, phone, or fax
If you contact us via email, phone, or fax, your inquiry, including all resulting
personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request.
We will not disclose this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, provided your inquiry is
related to the performance of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases, the processing is based on our legitimate interest in the
effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your
consent (Art. 6(1)(a) GDPR) provided that this was requested; consent may be
withdrawn at any time.
The data you send to us via contact requests remains with us until you request its deletion,
withdraw your consent to its storage, or the purpose for data storage no longer applies
(e.g., after your request has been processed). Mandatory legal provisions—
in particular statutory retention periods—remain unaffected.
5. Social Media
Facebook
Elements of the Facebook social network are integrated into this website. The provider of this service is
Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Facebook, the collected data is
also transferred to the United States and other third countries.
An overview of the Facebook social media elements can be found here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the
Facebook server. Facebook thereby receives the information that you have visited this
website using your IP address. If you click the Facebook “Like” button while logged into your Facebook
account, you can link the content of this website to your Facebook profile.
This allows Facebook to associate your visit to this website with your user account. Please note
that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it is used
by Facebook. For more information, please refer to Facebook’s Privacy Policy
at:
https://de-de.facebook.com/privacy/explanation.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and §
25(1) TDDDG. Consent may be revoked at any time.
To the extent that personal data is collected on our website using the tool described here and forwarded to
Facebook, we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4,
Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The
joint responsibility is limited exclusively to the collection of the data and its
8 / 11
transfer to Facebook. The processing by Facebook following the transfer is not part
of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a
joint processing agreement. The text of the agreement can be found
at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing
the privacy notice when using the Facebook tool and for the data protection-compliant
implementation of the tool on our website. Facebook is responsible for the data security of Facebook
products. Data subject rights (e.g., requests for information) regarding the data
processed by Facebook can be exercised directly with Facebook. If you exercise your
data subject rights with us, we are obligated to forward them to Facebook.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381, and
https://www.facebook.com/policy.php.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The
DPF is an agreement between the European Union and the United States designed to ensure compliance
with European data protection standards for data processing in the United States. Every company
certified under the DPF commits to adhering to these data protection standards. Further
information on this is available from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452.
Instagram
This website incorporates features of the Instagram service. These features are
provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When the social media element is active, a direct connection is established between your device and the
Instagram server. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile
by clicking the Instagram button. This allows Instagram to associate your visit to this
website with your user account. Please note that, as the provider of these pages, we have no
knowledge of the content of the transmitted data or its use by Instagram.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and §
25(1) TDDDG. Consent may be revoked at any time.
To the extent that personal data is collected on our website using the tool described here and forwarded to
Facebook or Instagram, we and Meta Platforms Ireland Limited, Merrion
Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26
GDPR). This joint responsibility is limited exclusively to the collection of the
data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram
following the transfer is not part of the joint responsibility. The obligations
jointly incumbent upon us have been set forth in a joint processing agreement.
You can find the text of the agreement at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing
the privacy information when using the Facebook or Instagram tool and for the
data protection-compliant implementation of the tool on our website. Facebook is responsible for the
data security of the Facebook or Instagram products. Data subject rights
(e.g., requests for information) regarding the data processed by Facebook or Instagram can be
exercised directly with Facebook. If you exercise your data subject rights with us, we are
9 / 11
is required to forward this information to Facebook.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://privacycenter.instagram.com/policy/, and
https://de-de.facebook.com/help/566994660333381.
Further information on this can be found in Instagram’s Privacy Policy:
https://privacycenter.instagram.com/policy/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The
DPF is an agreement between the European Union and the US intended to ensure compliance
with European data protection standards for data processing in the US. Every company
certified under the DPF commits to complying with these data protection standards. Further
information on this is available from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452.
Source:
https://www.e-recht24.de

bottom of page