Data Privacy Notice
The 4ART App and the 4ART Platform are operated by 4ARTechnologies AG with domicile at Turmstrasse 30, 6312 Steinhausen, Switzerland («4ART», «we»).
We will explain to you in the information below on data privacy what Personal Data affecting you we process when you use the Services, how and for what purpose we do this and what rights you have in this case. 4ART is the body responsible within the meaning of data privacy laws and processes your data.
The definitions in the GTCs apply correspondingly.
1. Personal Data and processing
The protection and the economical processing of your Personal Data is important to us. Therefore, where possible and appropriate, we do not process Personal Data or we anonymise it.
Processing means any handling of your Personal Data, in particular recording, storing, collecting, anonymising, managing, using, transmitting or deleting.
By using the 4ARTapp, you state that you have understood the following outlined processing of Personal Data and agree with this. Please read through these data privacy notices carefully and contact us if you have any questions (firstname.lastname@example.org, subject: Data Privacy).
2. What Personal Data do we process and for what purpose
In order to offer, further develop and protect our Services as best as possible, we and the Support Partners engaged by us (see Point 3) process the following Personal Data:
Account Information – In order to use the 4ART App and the 4ART Platform, you need a personal 4ART Account. Depending on the type of account we will ask for the following Personal Data, and will process this data for the purpose of assignability and security:
- Company name
- First name and last name
- Email address
- Details and a copy of a valid passport / personal ID / identity card (for complete registration)
- Data in relation to access permissions: Using your personal 4ART Account, you can grant access permissions (e.g. for employees) with respect to your 4ART Account or perform Transactions on behalf of and in the name of another 4ART Account as the individual authorised for access. If the individual authorised for access does not have a 4ART Account yet, you provide an email address for this/these individual(s). We will use this information to send this individual a link to download the 4ARTapp. Please ensure, before you provide the contact details of this individual, that you have informed them beforehand and have obtained their consent to the corresponding use of the contact details. We will also store and process all operations carried out via an employee account in order to assign them to the corresponding 4ART Account.
Usage Data – We record information about, how and when you use the 4ART App and our Services. This includes in particular all actions carried out by you in your account and the transmitted volumes of data. We process this information to provide and improve our Services, to determine the fees and to protect our Services and Users.
Information about the Device – When you use the 4ART App, the device used by you automatically transmits certain usage information. This includes IP addresses, the model of the device used and as the case may be any identifiers associated with your device. Location information will be transmitted to us only after your explicit consent in the 4ART App.
This information (usage data and information on the device used) is anonymised, where possible and appropriate, and processed for the purposes of technical administration (e.g. error detection and correction), to improve the user experience and our Services, for statistical evaluation and to defend against unlawful actions.
Information in relation to Digital Copies and Transactions – In order to provide and carry out our Services, we store and process Data and information in relation to the Digital Copies and Data recorded and Transactions performed by Users via the 4ART App. Therefore, we record for example when a User transfers a Digital Copy and Data to another User or shares it with other Users or respectively, we transfer this information and Data to this/these User(s). If you provide 4ART with Data that contains Personal Data (such as for example Personal Data on a previous owner of an Artwork or Personal Data in relation to access rights generated by the User), you undertake to comply with applicable data protection law when processing Personal Data in relation to the use of the Services and when transmitting Personal Data to 4ART. The User in particular must ensure that Personal Data transmitted to 4ART is lawfully collected and that they are entitled to transmit this Personal Data to 4ART. The User is required to fulfil all information duties with respect to the data subjects and, where necessary, obtain their consent to the transmission to 4ART and the contractual processing by 4ART. If these duties are violated, the User shall hold 4ART completely harmless from all damages and claims of third parties in relation to the contractual processing of Personal Data by 4ART.
Payment Method Information, Passwords and Private Keys – We ourselves do not store any payment method information, passwords or private keys of your 4ART Wallet. They are stored on the respective end user device and/or with the corresponding provider (e.g. credit card provider) and, if used by the User, with a cloud service (e.g. Apple KeyChain) as a backup. 4ART recommends for security (e.g. in the event of loss of or damage to your end user device) to also store in particular the private key of your 4ART Wallet on a secure cloud service or to safeguard it at another secure location separate from the Mobile Device.
Marketing – If you register for 4ART, you consent to occasionally receiving information from us about our Services. To this end, we use your Personal Data (in particular your email address) to send newsletters to you. Our newsletters may contain information and offers for our own Services as well as those of partners and third parties associated with 4ART Services and products. You can object to the sending of newsletters at any time directly via the unsubscribe link in the corresponding email.
Plug-ins and Other Integrations of Third Party Offers – Our Services may be linked to third party functions and system, for example by integrating social media plug-ins of third party social networks (such as in particular Facebook, Twitter or Google Plus). If you have a user account with these third parties, it is possible, under certain circumstances, for these third parties to measure and evaluate your usage of our Services. In this case, other Personal Data such as IP address, personal browser settings and other parameters may be transmitted to these third parties and stored there. When using a social media log-in service, the respective provider can transmit Personal Data to us such as for example name, email address and profile picture which are stored by them about you. We have no control over the usage of Personal Data by third parties collected in this manner and we accept no responsibility or liability. You can find more information about this on the websites of the corresponding third party providers.
3. Sharing of Personal Data with Third Parties
We may engage third parties to process Personal Data. This is in particular done when it makes our Services more secure and reliable and generally to fulfil contractual purposes. We share Personal Data with the following categories of (contracted) data processors:
Contractual Partners Working for or with 4ART – In certain cases (in particular to improve, expand and protect our Services and products), it may be reasonable for us to rely on technical and organisational services of trustworthy third party companies (such as hosting providers, customer service, IT support, identity checking, web analysis, additional functions, insurance and marketing services), even those domiciled abroad. Your data may for example be stored, processed and transferred on servers worldwide (in particular in Switzerland, the EU, Japan and the USA) to provide our Services. In this case, we ascertain that any transmitted Personal Data is processed exclusively on our behalf and for this purpose and where possible anonymised or encrypted and is not shared. 4ART still remains responsible for processing your Personal Data.
Legal Requirements and Public Interest – We may also release your Personal Data for third parties when said release seems reasonable and necessary in our view in order to (a) act on applicable laws, regulations, legal processes or reasonable requests from authorities, (b) protect 4ART or our Users against misuse, (c) protect the rights, the ownership, the security or the interests of 4ART or (d) perform tasks in the public interest.
4. How We Protect Your Personal Data
Location – Unless these data privacy notices determine otherwise, your Personal Data will be stored and processed exclusively within the EU and Switzerland in trustworthy data centres. We contractually require data centres to comply with the rights applicable between you and 4ART in accordance with Section 6 also in the relationship between 4ART and the respective provider.
Security – Your Personal Data will be protected by means of suitable technical and organisational measures against tampering, loss and unauthorised third party access and our security measures will be continuously adapted in accordance with technological developments. Personal Data can also be stored locally on the devices used by you to access your 4ART Account. Since no system is 100% secure, there is always a risk of unauthorised accessing of your Personal Data which you accept when you use the Services. Therefore, it is important that you protect your 4ART Account and the device that you use with a secure password in order to minimise the risk of unauthorised access. All Personal Data and passwords will be stored where possible and appropriate in anonymised and/or encrypted format.
Duration – We store your Personal Data for as long as we require them in order to offer you our Services in accordance with our GTCs or as long as we are legally required to do so. If you delete your account or object to your Personal Data being processed, we will generally delete your Personal Data within the legally applicable periods. Please note that some time may pass between the deletion of your account and the deletion on the servers and we may have to retain Personal Data in particular in order to fulfil our legal obligations or to resolve disputes.
5. Bases for the Processing of Your Personal Data
We record and use the Personal Data described above in order to provide you with the Services in a reliable and secure manner. Moreover, we record and use Personal Data for our own, legitimate, commercial purposes. As far as we process your Personal Data for other purposes, we will obtain your consent to do so beforehand.
The legal bases for processing your Personal Data by us are generally found in:
- The processing directly related to concluding or processing a contract (Article 13 (2) (a) of the Data Protection Act, corresponds to Article 6 (1) (b) of the GDPR)
- To safeguard our legitimate interests or obligation to process by law (Article 13 (1) of the Data Protection Act, corresponds to Article 6 (1) (c) and (f) of the GDPR)
- The consent of the data subject (Article 13 (1) of the Data Protection Act, corresponds to Article 6 (1) (a) of the GDPR) Please note that third party websites and offers that are for example available via our Services are not subject to the principles set out here, but rather they generally set their own data privacy provisions. We cannot accept any responsibility or liability for their compliance with data privacy.
6. Your Rights/Contact
The following rights are available to you upon request:
- According to Art. 15 of the GDPR, the right to request disclosure of your Personal Data processed by us in the scope described there;
- According to Art. 16 of the GDPR, the right to request the correction of inaccurate or the completion of your Personal Data stored by us without delay;
- According to Art. 17 GDPR, the right to request the deletion of your Personal Data stored by us, provided further processing is not required:
- to exercise the right to freedom of opinion and information;
- to fulfil a legal obligation;
- for reasons in the public interest or
- to assert, exercise or defend legal claims;
- According to Art. 18 of the GDPR, the right to request the restriction of the processing of your Personal Data, provided:
- the accuracy of the data is disputed by you;
- the processing is unlawful, but you refuse its deletion;
- we no longer require the data, but you require it to assert, exercise or defend legal claims or
- you have lodged an objection to the processing according to Art. 21 of the GDPR;
- According to Art. 20 of the GDPR, the right to receive your Personal Data provided to us by you in a structured, conventional and machine-readable format or to request the transmission thereof to another controller;
- According to Art. 77 of the GDPR, the right to complain with a supervisory authority. In general, you can contact the supervisory authority in your usual place of residence or place of work or in our company domicile.
In order to make such a request to exercise a right described in this Section, please contact us (email@example.com or 4ARTechnologies GmbH, Bahnhofstrasse 124, 78532 Tuttlingen, Germany).
If we do not act on a request, we will inform you of the reasons for this. We may for example deny the deletion in a manner permitted by law if your Personal Data is still required for the original purposes (for instance if you still receive a Service from us), if the processing is based on a mandatory legal basis (for example on legal financial accounting requirements), or if we have our own overriding interest (for instance in the event of a legal dispute against the data subject).
Data Privacy Provisions – We reserve the right to adapt these data privacy notices occasionally so that they always meet the current legal requirements or to implement changes to our Services in the data privacy notices, e.g. when introducing new features and functions. The new data privacy notices will then apply to your next visit. If a change significantly restricts your rights, we will inform you.
Legal Relationships – In the event of a structural change (restructuring, a merger, a takeover or a sale of 4ART), Personal Data may be transferred, sold or otherwise shared with third parties as part of this transaction or reorganisation. 4ART will make you aware of this in good time. If you do not agree with such a change, you can at any time arrange for your Personal Data and/or your account to be permanently deleted.
In the event of discrepancies or interpretation issues between the German and English version of these notices, the German version shall prevail.
Last updated May 2020 | Version 1.1