Privacy policy
Privacy policy
1. Privacy at a Glance
General Information
The following provides a simple overview of what happens with your personal data when you visit this website. Personal data is any data that can identify you personally. For comprehensive information on data protection, please refer to our full privacy policy below.
Data Collection on This Website
Who is responsible for collecting data on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found under the section "Controller Information" in this privacy policy.
How do we collect your data?
Your data is collected in two ways:
-
You provide it to us, for example by entering data into a contact form.
-
Automatically or with your consent, by our IT systems when you visit the site. This primarily includes technical data (e.g., web browser, operating system, or time of page access). These data are collected automatically as soon as you visit the site.
What do we use your data for?
-
Some data are necessary to ensure the website functions correctly.
-
Other data may be used to analyze user behavior.
-
If contracts are concluded or initiated via the website, the data transmitted will also be processed for offers, orders, or other requests.
What rights do you have regarding your data?
You have the right, at any time and free of charge, to:
-
Obtain information about the origin, recipients, and purpose of your stored personal data,
-
Request correction or deletion of your data,
-
Withdraw any consent you have given for data processing,
-
Request restriction of data processing under certain circumstances, and
-
Lodge a complaint with the relevant supervisory authority.
For any questions regarding data protection, please contact us directly
2. Hosting
We host the contents of our website with the following provider:
WIX
Wix.com Ltd.
40 Namal Tel Aviv St.
Tel Aviv 6350671,
Israel
Wix is a tool for creating and hosting websites. When you visit our website, Wix analyzes user behavior, traffic sources, visitor regions, and visitor numbers. Wix stores cookies on your browser that are necessary for website display and security (strictly necessary cookies).
The data collected by Wix may be stored on servers worldwide, including in the USA.
Details can be found in Wix’s privacy policy.
Data transfers to the USA and other third countries are based on the EU Commission’s Standard Contractual Clauses or equivalent safeguards under Art. 46 GDPR.
See Wix’s data privacy documentation for details.
Legal Basis:
-
Art. 6(1)(f) GDPR for our legitimate interest in a reliable website display,
-
With consent, Art. 6(1)(a) GDPR and § 25 TDDDG for cookie storage or device access, which can be revoked at any time.
Wix is certified under the EU‑US Data Privacy Framework (DPF), which ensures compliance with EU data protection standards.
3. General Information and Mandatory Disclosures
Data Protection
We take the protection of your personal data very seriously and handle it with confidentiality and in accordance with applicable data protection laws and this privacy policy. Note that data transmission over the Internet (e.g., via email) may have security vulnerabilities.
Controller Information
Controller for data processing on this site:
Felix Goral
Zeller Straße 31
77654 Offenburg
Germany
Phone: +49 1573 3718910
Email: felix@grundstein.art
Data Storage Duration
Unless otherwise specified, your personal data is retained until the purpose of processing ceases. If you request deletion or withdraw consent, your data will be erased unless legal obligations require continued storage (e.g., tax or commercial retention periods).
Legal Bases for Data Processing
Depending on context, we process data based on your consent (Art. 6(1)(a), Art. 9(2)(a) GDPR, §25 TDDDG), contract (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), or legitimate interest (Art. 6(1)(f) GDPR). Specific legal bases are detailed in the respective policy sections.
Recipients of Personal Data
We may disclose personal data to external parties if necessary for contract fulfillment, legal compliance, legitimate interests (Art. 6(1)(f) GDPR), or other legal bases. Where data processors are used, we comply with data processing agreements. In joint processing scenarios, agreements are in place.
Withdrawing Consent
You can withdraw any previously given consent at any time without affecting the lawfulness of past processing.
Right to Object
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object on grounds relating to your specific situation, including for profiling. If your data is processed for direct marketing, you can object at any time, which stops further processing for that purpose.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in your member state of habitual residence, workplace, or where the alleged infringement occurred.
Right to Data Portability
You can request receipt of personal data processed by automated means, based on consent or contract, in a common, machine-readable format. You may request direct transmission to another controller where technically feasible.
Right to Access, Correction, and Deletion
You have the right to free access to your personal data, including origin, recipients, purpose, and the right to request correction or deletion at any time.
Right to Restrict Processing
You may request restriction of processing when:
-
You contest accuracy of data,
-
Processing is unlawful but you prefer restriction over deletion,
-
Data is no longer required but is needed for legal claims,
-
You object under Art. 21(1) GDPR and a balance between interests is pending.
Restricted data may only be processed with your consent or for legal claims or public interest.
SSL/TLS Encryption
This site uses SSL/TLS encryption to protect confidential content, such as orders or inquiries. An encrypted connection is indicated by “https://” and a lock icon in your browser. Your data cannot be read by third parties during transmission.
4. Data Collection on This Website
Cookies
Our website uses “cookies”: small data files stored temporarily (session cookies) or permanently on your device. Session cookies are deleted when the browser is closed; permanent cookies remain until manually or automatically deleted. Cookies may be set by us (first-party) or third parties (third-party) and serve various purposes, such as enabling payment cart functions or analytics.
Strictly necessary cookies are processed based on Art. 6(1)(f) GDPR. With your consent, additional cookies are processed under Art. 6(1)(a) GDPR and §25 TDDDG. You may disable cookies via browser settings, but this may impair website functionality.
Contact Form
When you use our contact form, your data (including contact details) are stored to process your request and for follow-up queries. These data are not shared without your consent.
Processing is based on Art. 6(1)(b) GDPR (contract-related) or Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent). Your data is retained until you request deletion, withdraw consent, or the processing purpose ends, subject to legal retention obligations.
Email, Phone, Fax Inquiries
Inquiries via email, phone, or fax store your personal data for processing your request. Data is not shared without consent.
Processing follows the same legal bases as the contact form. Data are retained until you request deletion, withdraw consent, or the purpose ends, subject to retention regulations.
5. Plugins and Tools
YouTube (Enhanced Privacy Mode)
Our site embeds YouTube videos using Google Ireland Limited (“Google”) under enhanced privacy mode. No cookies are set by YouTube, but local storage elements may still collect personal data. If logged into YouTube, Google may associate your viewing behavior with your profile. To prevent this, log out of YouTube.
Placing videos under enhanced protection mode ensures they are not used for ad personalization.
Data processing is based on our legitimate interest (Art. 6(1)(f) GDPR), or with consent (Art. 6(1)(a) GDPR and §25 TDDDG). Consent is revocable. YouTube is certified under the EU‑US Data Privacy Framework.
Google reCAPTCHA (Translation)
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether data entered on this website (e.g. in a contact form) is made by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as the visitor accesses the website.
For the analysis, reCAPTCHA evaluates various information (e.g. IP address, the amount of time the visitor spends on the site, or user mouse movements). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analysis runs completely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated spying and from spam. If corresponding consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.
For more information about Google reCAPTCHA, please see Google's Privacy Policy and Terms of Use at the following links:
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards when processing data in the U.S. Every company certified under the DPF commits to complying with these standards. More information is available directly from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5780
Source: