Privacy Policy
Scope of application
Blue Horizon GmbH (herewith "Blue Horizon", "us" or "we") is committed to protecting your privacy and personal data. With this privacy notice we would like to inform you in detail about how we use your personal data. And by personal data, we mean any information that directly or indirectly identifies a natural person or is able to make such person identifiable ("Personal Data").
This privacy notice applies to the use of your Personal Data when you visit our websites and when you purchase a good on our websites available at https://collection.theartmaze.com/ and https://www.theartmaze.com/ ("Websites") and when you contact us by mail, e-mail or telephone.
Data Controller
Blue Horizon GmbH, Heinrich-Heine-Allee 12, c/o Orrick, Herrington & Sutcliffe LLP, 40213 Düsseldorf, Germany, is responsible for the processing of Personal Data described in this privacy notice.
You can contact the following office for all inquiries related to data protection:
Blue Horizon GmbH,
Heinrich-Heine-Allee 12, c/o Orrick, Herrington & Sutcliffe LLP,
40213 Düsseldorf,
Germany
Email: management@theartmaze.com
Data we process from you
We collect and process various Personal Data from you depending on the specific processing situation. You will find a list of the data related to the respective processing situations in Annex 1.
Purposes and legal basis for the processing of your data
We process your Personal Data in accordance with the applicable legal provisions, especially those of the General Data Protection Regulation ("GDPR") and the German Federal Data Protection Act (Bundesdatenschutzgesetz) ("BDSG"). In this section you can find short explanations of some legal bases laid out in the GDPR. The legal bases applicable in the specific case can be found in the respective sections on the different processing operations described in Annex 1.
For the performance of a contract
We may process your Personal Data to fulfill contractual or quasi-contractual obligations, to enter into an agreement, e.g., to provide services, to support current customers, or to answer questions. The legal basis for the processing is Art. 6 (1) lit. b GDPR.
To be in compliance with legal obligations
To the extent that we are subject to legal obligations, for the compliance of which the processing of your Personal Data is necessary, we process your Personal Data on the basis of these legal obligations. The legal basis for the processing is Art. 6 (1) lit. c GDPR.
Based on our legitimate interests
We also process your Personal Data to protect our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your Personal Data prevail. The legal basis for the processing is Art. 6 (1) lit. f GDPR.
Based on your consent
If you have given us separate consent to process your Personal Data, we will process your Personal Data within and on the basis of this consent. Consents may, for example, relate to the evaluation of your data for targeted advertising activities or sending of communication. The legal basis for the processing is Art. 6 (1) lit. a GDPR.
Consent is always freely given. Refusing or revoking your consent will not have any negative consequences for you.
Visiting our Websites
You can visit our Websites without disclosing your identity. If you use the services provided by us on the Websites without registering, we will process your Personal Data according to Annex 1.
Contacting us
Depending on your request, you can contact us via our Websites using the contact or inquiry form, by e-mail, by phone or in writing. We will process your Personal Data according to Annex 1.
Registering to our Websites
On some of our Websites you have the option to register. We will process your Personal Data according to Annex 1.
Web Shop
When you purchase art, services, or other products through our Websites, we will need to process certain Personal Data. We will process your Personal Data according to Annex 1.
Collection of your Personal Data
Personal data is only collected directly from you, e.g., by visiting our Websites or using the services offered, such as the possibility of contacting us by e-mail.
Recipients of your personal information
We may share your personal information with the following (as required in accordance with the uses set out in the Annex 1):
• Service providers and advisors: We may share your personal information with third party service providers that provide services to us or on our behalf, which may include without limitation providing mailing and email services. For the processing of your data we use service providers to whom we transfer your Personal Data, that only process the data on our behalf and only in a contractually agreed upon manner (“Processors”). Processors are also contractually obliged, for example, to either delete or return data upon termination of the engagement. A list of our regular service providers can be found in Annex 2.
• Independent service providers and consultants. If necessary, to realize our legitimate interests (in the context of using professional services) or to comply with legal requirements, such as consulting auditors, tax advisors and lawyers.
• Buyers and third parties in connection with a business transaction. Personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, restructuring, financing, change of control or acquisition of all or part of our business. This data may be disclosed for due diligence purposes to enable a potential buyer or investor to evaluate our business.
• Law enforcement, regulators, government bodies and other third parties for legal reasons: We may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect investigate and respond to potential civil or criminal violations, such as breaches of agreements or laws, respectively; and/or (iii) otherwise exercise or protect the rights, property, or personal safety of us, our team members or others.
• Other transfers: If you have given us a separate consent to use and transfer your Personal Data, your Personal Data may be passed on to the recipients named therein.
In addition, no Personal Data will be transferred on to third parties unless, in individual cases, there is a specific legal justification for the transfer, and your interests or fundamental rights and freedoms do not prevail.
Transfer to third countries
Your Personal Data may be transferred to the USA or other countries outside the European Economic Area ("EEA"), in which the data protection regulations are less strict.
For some of those countries, the European Commission determined that the local level of data protection is equal to that of the EEA. You can find a list of those countries under https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. In case we process your data in countries for which no such adequacy decision has been established, we entered into the new standard contractual clauses provided by the European commission with our service providers. In addition, we have taken further measures to increase the level of data protection. If necessary, we may also ask you again specifically for consent before we transfer your data to a third country.
If you would like to find out more about the existing guarantees, please contact us using the given contact options.
How long do we store your Personal Data?
We process and store your Personal Data only as long as necessary for our processing purposes.
Upon request, we may regularly delete the data collected and stored for our Websites’ usage. We will do this ourselves and within certain set time periods, unless we have a particular interest in continuing storage for individual cases, e.g., cyberattacks. The respective time periods can be found in Annex 1.
Insofar as a longer retention period is required by statutory retention and documentation obligations or to protect our legitimate interests, e.g., in the event of possible legal disputes, your Personal Data will be stored and processed even after the above-mentioned period has expired
A final deletion takes place after the legal retention and documentation obligation periods expire, which are usually between two and ten years and result, inter alia, from the Fiscal Code of Germany (Abgabenordnung) or German Commercial Code (Handelsgesetzbuch).
Your rights
In the following, you will find a summary of your rights regarding the processing of your Personal Data:
Rights to access, delete, correct, restrict processing, and portability of your data
According to Article 15 GDPR, you have the right to obtain confirmation from us as to whether or not Personal Data concerning you is being processed by us. Where that is the case, you have a right to access the Personal Data and obtain further information.
According to Article 16 GDPR, you may have the right to obtain the rectification of inaccurate Personal Data concerning you without undue delay.
According to Article 17 GDPR, you may have the right to obtain erasure of Personal Data concerning you if (i) it is no longer necessary in relation to the purpose for which it is collected, (ii) you have withdrawn your consent on which the processing is based, (iii) you have objected to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR, (iv) your Personal Data has been unlawfully processed; (v) the Personal Data has to be erased for compliance with a legal obligation to which Blue Horizon is subject, or (vi) the Personal Data has been collected in relation to the offer of information society services pursuant to Article 8 (1) GDPR.
According to Article 18 GDPR, you may have the right to obtain the restriction of processing. Such right shall exist if (i) you contested the accuracy of the Personal Data, (ii) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead, (iii) the Personal Data is no longer needed for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims, or (iv) you have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether our grounds legitimately override yours.
According to Article 19 GDPR, you have the right to obtain information about the recipients of data to whom the rectification, erasure, or restriction of processing has been communicated.
According to Article 20 GDPR, you have the right to obtain Personal Data concerning you in a structured, commonly used and machine-readable format and to transmit the data to another controller.
If the processing or transfer of your Personal Data is based on a consent given by you, you can withdraw your consent at any time with effect for the future.
You have the right to lodge a complaint against the processing of your data or any decision of Blue Horizon in relation to one of your rights you have exercised, to a competent supervisory authority, for example the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf.
Contact
To exercise Your rights, you can contact us without any formality by post or e-mail at the points of contact listed in section "Data Controller".
RIGHT TO OBJECT PURSUANT TO ARTICLE 21 GDPR
OBJECTION ON GROUNDS OF YOUR PARTICULAR SITUATION
ACCORDING TO ARTICLE 21 (1) GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME, TO PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS BASED ON OUR LEGITIMATE INTERESTS, INCLUDING PROFILING (E.G., CREDIT RATING). WE SHALL NO LONGER PROCESS THE PERSONAL DATA UNLESS WE DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE THE INTERESTS, RIGHTS, AND FREEDOMS OF YOU, OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
OBJECTION AGAINST DIRECT MARKETING
ACCORDING TO ARTICLE 21 (2) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR PURPOSES OF DIRECT MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT TO THE PROCESSING FOR DIRECT MARKETING PURPOSES, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR SUCH PURPOSES.
CONTACT
YOU CAN SEND YOUR OBJECTION INFORMALLY BY POST OR E-MAIL ADDRESSED TO:
Name Dr. Oliver Duys
Blue Horizon GmbH,
Heinrich-Heine-Allee 12, c/o Orrick,
Herrington & Sutcliffe LLP,
40213 Düsseldorf,
Germany
Email: management@theartmaze.com
Obligation to provide Personal Data
There is neither a contractual nor a legal obligation to provide us with your Personal Data for the use of our Websites. However, if you wish to contact us, register to our web shop or wish to acquire art from us, certain information may be required to enable us to process your request.
Automated decision-making and profiling
You have a right not to be subject to a decision based solely on automated processing, including profiling, if the decision is not necessary for the conclusion or performance of a contract, is not required by mandatory law, or is not based on your explicit consent
Blue Horizion does not use automated decision-making procedures, including profiling, unless we have explicitly informed you of them.
Our Websites use various software tools from third parties and ourselves, which are regularly based on the use of cookies, Flash cookies (also called Flash Local Shared Objects), web beacons or similar technologies (collectively as "Tracking Technologies"). Tracking Technologies can help us understand how you use our services (e.g., the pages you display or the links you click and other actions you perform with the services), give us information about your browser and online usage patterns (e.g., IP address, log data, browser type, browser language, referring/exiting pages and URLs, pages viewed, whether you have opened an e-mail, clicked links, etc.) as well as information about the devices with which you access our services. Tracking Technologies allow us to link the devices you use to access our services so that we can identify and contact you on the various devices you use.
The Cookies we use are designed to help you get the most from the Websites. However, if you do not wish to receive Cookies, most browsers allow you to change your Cookie settings. Depending on your mobile device and operating system, you may not be able to delete or block all Cookies. Please note that if you choose to refuse all Cookies you may not be able to use the full functionality of our Websites. These settings will typically be found in the “options” or “preferences” menu of your browser. To understand these settings, the following links may be helpful, otherwise you should use the “Help” option in your browser for more details.
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookies settings in Safari web and iOS.
If you would like to find out more about Cookies and other similar technologies, please visit the Network Advertising Initiative's online sources at www.networkadvertising.org. We and our third-party partners may also use Cookies and tracking technologies for advertising purposes.
Please note that deleting or blocking Cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.
What are cookies?
A cookie is a small file that is transferred during the use of a website from the host server of the Websites and stored on the user's device (desktop computer, laptop, tablet, smartphone, other Internet-enabled devices) by the browser used. Cookies are used to store information about the user and to retrieve it when the website is called up again.
What are cookies used for?
Cookies help us understand the use of our Websites, analyze trends, administer the Websites, track a user's steps on our Websites, collect demographic information about our user base as a whole, allow you to navigate efficiently between the pages, remember your preferences and settings on our Websites, and generally improve your browsing experience. We process the data collected using Tracking Technologies to (i) remember information so that you do not have to re-enter them during your visit or a new visit, (ii) recognize you across multiple devices, (iii) control the functionality and performance of our Websites, (iv) collect aggregated metrics regarding the total number of visitors, total traffic, usage and demographic patterns on our Websites, (v) diagnose and resolve technical issues, and (vi) otherwise plan and improve our Websites.
What types of cookies are used on our Websites?
The cookies used on our Websites can usually be categorized as follows: Strictly necessary cookies, performance cookies, functionality cookies and targeting cookies.
• Strictly necessary cookies: These Cookies enable core functionality such as security, network management and accessibility. You may disable these by changing your browser settings, but this may affect how the Websites functions. The legal basis for our use of functionality Cookies are our legitimate interests, namely being able to provide and maintain our Websites.
• Performance cookies: They allow us to recognize and count the number of visitors and to see how visitors move around our Websites when they are using them. This helps us to improve the way our Websites work, for example, by ensuring that users are finding what they are looking for easily. If you are located in the EU, the legal basis for our use of analytical/performance Cookies is your consent. If you are accessing our Website from the EU or other relevant jurisdiction, you have been asked to consent to the use of these cookies. You are free to deny your consent.
• Functionality cookies: These enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. If you are located in the EU or other relevant jurisdiction, the legal basis for our use of functionality Cookies is your consent. If you are accessing our Websites, you have been asked to consent to the use of these cookies. You are free to deny your consent.
• Targeting cookies: These Cookies record your visit to our Websites, the pages you have visited and the links you have followed. They are used to track visitors across websites. We will use this information to make our Websites and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose. If you are located in the EU or other relevant jurisdiction, the legal basis for our use of targeting Cookies is your consent. If you are accessing our Website, you have been asked to consent to the use of these cookies. You are free to deny your consent.
Further classification of cookies
The types of Cookies described above can be further differentiated between First-Party Cookies and Third-Party Cookies and Session Cookies and Persistent Cookies.
• First-Party Cookies: First-Party Cookie means any Cookie that is created and placed by a website directly. With respect to the Websites this means, First-Party Cookies are all Cookies that are placed by Blue Horizon directly.
• Third-Party Cookies: Please be aware that advertisers and other third parties may use their own Cookies tags when you click on an advertisement or link on our Websites. These third parties are responsible for setting out their own Cookie and privacy policies. If you are accessing our Websites from the EU or other relevant jurisdiction, you have been asked to consent to the use of these cookies. You are free to deny your consent.
Consent
If the processing of Personal Data is based on consent, you can withdraw such consent given through our Cookie banner or change your preferences with respect to the use of Cookies outlined above by using our Cookie preference tool cookiebot.com
How long are cookies stored on my device?
The retention period depends essentially on whether the cookie is "persistent" or "session-based.” Session-based cookies are deleted after you leave the websites that set the cookie. Persistent cookies remain on your device even after you have finished browsing until they are deleted or until they have expired.
Description of the cookies used on our Websites
We will use the Cookies described in Annex 3.
Matomo
We are using Matomo to analyze your use of our Websites when you visit them. We do so for statistical purposes, to protect our Websites from misuse and to better understand our visitors to improve the Websites. We will process the website you visited us from, the parts of our Websites you visit, the date and duration of your visit, your anonymized IP-address, Links outside the domain you clicked, information from your device (like your browser, language, screen resolution, timezone and location), a random unique visitor ID, time and number of your visits, custom dimensions and variables, campaigns, site search, goals, events, ecommerce, viewing and clicking on contents, mouse movements, clicks and scrolls, form interactions, video and audio interactions.
We will process and store this data on servers within the EU.
The legal basis for the processing of this information is your consent, Art. 6 (1) lit. a GDPR.
For more information please visit Matomos´ privacy notice at https://matomo.org/privacy-policy/
Technical security measures
For security reasons and to protect the transmission of confidential information that you send to us as the Website provider, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us usually cannot be read by third parties.
Changes to this notice
We may update this Privacy and Cookie Notice from time to time, so you should review this page periodically. When we change these Notices in a material way, we will update the “last modified”
date at the end of this Notice. Changes to these Notices are effective when they are posted on the Websites
How to contact us
Please contact management@theartmaze.com if you have any questions, comments, and requests regarding these notices.
Annex 1
Processing operation and Category of personal information
Visiting our Websites:
Data about the usage of the provided websites Websites (e.g., used browser, used operating system, URL, referrer URL, time of server request, requested contents, duration of usage; connection speed; mobile network operator, hardware used);
IP address; and
Other technical data equivalent to those above.
Contacting us:
Via e-mail, the contact form or inquiry form
E-mail-address: management@theartmaze.com
Name and title: Dr. Oliver Duys
Information provided by you to contact us (such as contents of your message)
Registering:
Name
Salutation
E-mail-address
Phone number
If applicable: Deviating delivery address
Address
Purchasing:
Name
Salutation
E-mail-address
Phone number
Address
If applicable: Deviating delivery address
Payment information
Purposes
Tailored design and provision of the Websites
Security of the Websites and integrity of the content offered
Processing of your request
Performance of the communication
Creating and sustaining a user profile
Processing your order
Fulfilling the contract
Optional: Creating a user profile (you can opt-out)
Legal basis
Our legitimate interest to provide a secure, needs-based Website, Art. 6 (1) lit. f GDPR
Depending on the reason you are contacting us:
The processing is necessary for entering or performance of a contract with you, Art. 6 (1) lit. b GDPR
The processing is based on Art. 6 (1) lit. b GDPR.
The processing is necessary for entering or performance of a contract with you, Art. 6 (1) lit. b GDPR
Storage period
Up to 30 days
Up to three years after your request has been answered.
Up to three years after deletion of your profile.
Up to three years after completion of your order.
If you choose to create a profile: Up to three years after deletion of your profile.
Annex 2
SERVICE PROVIDERS
Service Provider
Matomo
Theme ware
TC-Innovations GmbH
Hammfelddamm 6
41460 Neuss
Provided Service
Cookie Consent Management Tool
Website analytics
Provision of Website Theme
Provision of the Website