top of page

Data protection

PRIVACY POLICY

1. Principles of Data Processing

We are pleased that you are visiting our website. Protecting your privacy and your personal data when using our website is very important to us.

Personal data (Art. 4 No. 1 GDPR) includes all information relating to an identified or identifiable natural person (e.g. name, address, phone number, email address, IP address).
Non-personal data is information that cannot be linked to you personally (e.g. fully anonymized data).

We process personal data (e.g. collection, storage, use, transmission or deletion) exclusively on the basis of a legal basis or your consent. Data is deleted as soon as the purpose of the processing has been fulfilled and no legal retention periods apply.

This privacy policy informs you about the type, scope, purpose and legal basis of data processing, as well as your rights as a data subject.

It also explains how we process your personal data when you visit our website, including:

  • the type and scope of the data processing

  • the purpose and legal basis

  • the relevant retention periods

This privacy policy applies exclusively to this website.
It does not apply to external websites linked by us. Since we have no influence over whether third-party sites comply with data protection regulations, we cannot assume responsibility for their data practices.
Please refer to the privacy policies of those third-party websites directly.

2. Controller

The controller under the GDPR is:

Kunst mit Freude x Joy Dahlmann
and
KMF x Joy Studio
Owner: Joy Dahlmann
Hammer Straße 17
59269 Beckum, Germany

📧 joy@kunst-mit-freude.com
🌐 www.joydahlmann.de

3. Hosting & Server Log Files

This website is hosted by Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel.

Wix stores personal data in data centers located in the EU, USA, South Korea, Taiwan and Israel.
Israel is recognized by the EU Commission as a country with an adequate level of data protection.
Wix is certified under the EU–U.S. Data Privacy Framework.

A Data Processing Agreement (Art. 28 GDPR) has been concluded with Wix.

a) Type and Scope of Data Processing

When you use our website without submitting data (e.g. via a contact form), we automatically collect technically necessary data via server log files:

Collected data (server log files):

  • IP address

  • Date & time of the request

  • Referrer URL

  • Browser type & version

  • Operating system

  • Access status / HTTP status code

Legal basis: Art. 6(1)(f) GDPR (legitimate interest: technical operation & security).
Retention period: data is deleted once the purpose has been achieved.

4. Cookies

We use technically necessary cookies as well as — with your consent — analytics, marketing, and social media cookies.

Cookies are small files placed on your device during your visit.
Some cookies are essential for operating the website, while others help improve performance or analyze usage.

Types of Cookies Used

Session Cookies (Temporary Cookies)

Automatically deleted after closing your browser.
They enable session identification and device recognition.

Persistent Cookies

Stored for a longer period.
You can delete them manually through your browser settings.

Third-Party Cookies

Used for:

  • anonymized user analytics

  • advertising and targeted marketing

  • social media integrations (content sharing, login functions)

Browser Settings

Most browsers accept cookies automatically.
You can configure your browser to:

  • block cookies

  • delete stored cookies

  • notify you before cookies are placed

Disabling cookies may affect website functionality.

Legal Bases

  • Art. 6(1)(f) GDPR – legitimate interest (technically necessary cookies)

  • Art. 6(1)(a) GDPR – your consent via the cookie banner (analytics, marketing, social media cookies)

5. Data Collection for Orders & Contract Fulfilment

To process orders (prints, artworks, products), we collect:

  • name

  • address

  • email address

  • phone number

  • payment details

Legal basis: Art. 6(1)(b) GDPR (contract performance)
Retention: until the purpose is fulfilled or based on legal retention obligations (HGB, AO).

6. Payment Providers

We use:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg – see PayPal’s privacy policy.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

7. Contact Options (Form & Email)

If you contact us via contact form or email, we process:

  • name

  • email address

  • message content

Legal bases:

  • Art. 6(1)(a) GDPR (consent via form)

  • Art. 6(1)(f) GDPR (legitimate interest: responding to inquiries)

Retention: until the inquiry is completed and no retention obligations exist.

8. Newsletter

Newsletters are only sent after registration via double opt-in.

Stored data:

  • name

  • email address

  • IP address

  • date of registration

Legal basis: Art. 6(1)(a) GDPR (consent).
Unsubscribing is possible at any time.

9. Social Media

We operate profiles on:

  • Instagram (Meta Platforms Ireland Ltd.)

  • Facebook (Meta Platforms Ireland Ltd.)

Our website may include functions from Meta (Instagram/Facebook).

The privacy policies of Meta apply.

10. Web Analytics

We may use Google Analytics (Google Ireland Ltd.).

Data may be transferred to the USA.

Legal basis: Art. 6(1)(a) GDPR (consent).

11. Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21; especially for direct marketing)

  • Right to withdraw consent (Art. 7(3))

  • Right to lodge a complaint (Art. 77)

12. Data Transfers

We transfer personal data to third parties only when:

a) you have given explicit consent (Art. 6(1)(a) GDPR)
b) it is necessary for contract fulfilment (Art. 6(1)(b) GDPR)
c) there is a legal obligation (Art. 6(1)(c) GDPR)
d) it is necessary for legitimate interests (Art. 6(1)(f) GDPR)
e) processing is carried out by contracted processors (Art. 28 GDPR)

We may be legally required to transfer data to authorities (e.g. tax offices, social security carriers, supervisory authorities, law enforcement agencies).

13. Data Security

We take extensive technical and organizational measures to protect your personal data.

This includes standard encryption technologies such as SSL or TLS.

Please note: unencrypted data (e.g. emails) may be accessed by third parties; this is outside our control.

14. Changes to This Privacy Policy

We reserve the right to update this policy when necessary.

15. Your Rights (Detailed)

You may exercise your rights by contacting the controller (see Section 2).

a) Withdrawal of Consent (Art. 7(3) GDPR)

You may withdraw consent at any time with future effect.

b) Right of Access (Art. 15 GDPR)

Information about stored data, its purpose, categories, recipients, and retention.

c) Right to Rectification (Art. 16 GDPR)

Correction of inaccurate or incomplete data.

d) Right to Erasure (Art. 17 GDPR)

Deletion when data is no longer necessary or unlawfully processed.

e) Right to Restriction (Art. 18 GDPR)

Restriction of processing, e.g. if data is disputed.

f) Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format.

g) Right to Object (Art. 21 GDPR)

Right to object to processing for reasons relating to your situation;
absolute right to object to direct marketing.

h) No Automated Decision-Making (Art. 22 GDPR)

We do not use automated decision-making or profiling.

i) Right to Lodge a Complaint (Art. 77 GDPR)

Supervisory authority:

State Commissioner for Data Protection and Freedom of Information NRW
Kavalleriestraße 2–4
40213 Düsseldorf, Germany
📞 +49 211 38424-0
📧 poststelle@ldi.nrw.de

bottom of page