This data protection declaration covers the processing of personal data on this website, including the services offered there as well as our social media channels and to the extent that no special information is provided.
For more information on the processing of your data, please use the contact details given below.
A. General information
Contact details of the controller
The controller, i.e. the organisation responsible for data processing as defined in data protection legislation, especially the General Data Protection Regulation (GDPR), is the:
Akademie der Bildenden Künste Nürnberg
Telephone: + 49-911-94 04-0
Fax: + 49-911-94 04-150
The Akademie der Bildenden Künste in Nürnberg is an organisation under public law and a state institution (article 11 (1) of the Bavarian Higher Education Act (BayHSchG)). It is represented by the president, Prof. Holger Felten.
Contact details of the Data Protection Officer
Data Protection Officer of the Akademie der Bildenden Künste Nürnberg
Purpose of and legal basis for the processing of personal data
The purpose of our data processing is to perform public services delegated to us by law, especially those tasks of public information.
The legal basis for processing your personal data, unless indicated otherwise, is article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with Article 6 (1) point e) of the General Data Protection Regulation (GDPR). Pursuant to this legislation, we are authorised to process data required for us to fulfil our responsibilities.
Where you have given consent for your data to be processed, processing is covered by article 6 (1) point a) of the GDPR.
Recipients of personal data
Technical operation of our data processing systems is conducted by
Telephone: +49 89 998 288 026
Fax: +49 89 55 266 222
If necessary, your data is forwarded to the respective authorities responsible for supervision and auditing so that they can fulfil their duties.
To prevent risks to the security of information technology, data may be forwarded to the Landesamt für Sicherheit in der Informationstechnik (Bavarian state office for security in information technology) and processed there on the basis of section 12 of the Bavarian act to promote electronic government (BayEGovG).
Storage period for personal data
Your data is only stored as long as it is necessary to complete relevant tasks whilst observing legal retention requirements.
B. Rights of the data subject
Pursuant to article 15 of the GDPR, you, the data subject, are entitled to the following rights concerning the processing of your data:
• You can ask for information about whether data concerning you is being processed. If this is the case, you are entitled to information about which data is processed and other information relating to the processing (article 15 of the GDPR). Please note that this right to information can be restricted or excluded in certain cases (see in particular article 10 of the BayDSG).
• If the personal data concerning you is/has become inaccurate or incomplete, you can request that this data is rectified and/or completed (article 16 of the GDPR).
• If the legal requirements are met, you can request that your personal data be deleted (article 17 of the GDPR) or processing of your data be restricted (article 18 of the GDPR). The right to deletion pursuant to article 17 (1) and (2) of the GDPR does not apply, however, if the processing of personal data is vital for the performance of a task that is in the public interest or is performed in the exercise of official authority (article 17 (3) point b) of the GDPR).
• If you have consented to data processing or there is a contract concerning data processing and data is processed automatically, you may be entitled to data portability (article 20 of the GDPR).
• You are entitled to file a complaint concerning the processing of your personal data with a supervisory authority as defined in article 51 of the GDPR. The pertinent supervisory authority for the Bavarian public service is the Bavarian Data Protection Commissioner, Wagmüllerstraße 18, 80538 München.
Right to object
You may object to the processing of your personal data at any time due to reasons based on your personal circumstances (pursuant to article 21 of the GDPR). If the legal requirements are met, we will then not further process your personal data.
C. Information about the website
Our web server is operated by durch domainfactory GmbH. The personal data transmitted by you when you visit our website is therefore processed by
Telephone: +49 89 998 288 026
Fax: +49 89 55 266 222
on our behalf.
Creation of log files
By using this or other web pages, you transmit data to our web server through your internet browser. The following data is recorded during any open connection for communication between your internet browser and our web server:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file and data volume transmitted
- Access status (file transmitted, not found etc.)
- Identifying data of browser and operating system used (if transmitted by the browser accessing the site)
- The website from which our website is accessed (if transmitted by the browser accessing the site)
The data in this log file is processed as follows:
- Log entries are continually and automatically analysed, with the purpose of recognising attacks on the server and being able to react accordingly.
- In some instances, for example if an error or security breach is reported, a manual analysis is performed.
- Log entries that are older than seven days are anonymised by shortening the IP address.
- The anonymised logs are used for creating statistics on site access. The software used for this is operated locally.
The IP addresses contained in the log files are not combined with other data, so conclusions can be drawn about individual users.
This data is deleted once the connection is ended.
We use state-of-the-art encryption processes (such as SSL) using HTTPS to protect your data while it is being transferred.
D. Information on specific instances of data processing
On our social media pages, we create content within the scope of our public relations activities and our freedom of research, teaching and art, and we see the contributions and interactions of the community there. We endeavour to inform our users according to the needs of our target audience and to engage in a dialogue with our target audience.
The social media pages of the AdBK Nuremberg are intended only as an additional offer for the users of the social networks. Students and any other interested people can find alternative information and communication options on the homepage of the AdBK Nuremberg, which can be used without any disadvantage. The AdBK Nuremberg points out that the respective social media pages are for information and communication purposes only, but that no service or other administrative duties can be provided by them.
We will expose any content, contributions or enquiries that violate the rights of third parties or that constitute a criminal or regulatory offence by transmitting it to the responsible authority or the social media provider; we will also block or delete it.
The legal basis for data processing on our social media pages and elements is article 6 (1) point e) of the GDPR in connection with article 2 (6) of the Bavarian Higher Education Act (BayHSchG), article 3 of the BayHschG, article 4 (1) sentences 1 and 2 of the BayEGovG, section 5 (1) point 2) of the German Broadcast Media Act (TMG) and, if applicable, the contract between the respective service provider pursuant to article 6 (1) point b) of the GDPR.
Social media posts and messages that you transmit to us in non-public form are checked at regular intervals, as to whether storing these requests is still necessary for the purpose of dealing with possible follow-up questions. If it is no longer necessary to store them, their processing will be limited and they will still be stored in accordance with legal retention requirements and archiving regulations.
If you have publicly communicated with us via social media, you can decide yourself how long the data should remain public or ask us to delete it. We will then delete this data in accordance with archiving regulations within our area of responsibility. Should any copies of the data remain after deletion, their processing will be restricted and they will be stored in accordance with legal retention requirements and archiving regulations.
Additional data protection information on the service providers or services
Social media providers often create extensive profiles of their members and of those they are in contact with via tele-media services (for example by clicking a like button or accessing a website). These profiles are used for the purpose of selling advertisements, amongst other things. So if you use our services with these providers, they will know that there is a connection between you and us. As we are jointly responsible for some of this data processing, we provide further information on the processing by the social media providers.
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, owned by: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
Data protection policy: https://help.instagram.com/519522125107875
Possibilities to object: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
Facebook (including Instagram)
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Facebook, Inc. 1601 Willow Road Menlo Park, California 94025, USA
• Website (Facebook): https://www.facebook.com
• Website (Instagram): https://www.instagram.com
• Data protection policy (Facebook): https://en-gb.facebook.com/about/privacy/
• Data protection policy (Instagram): https://help.instagram.com/519522125107875
• Pages, Groups and Events Policies (Facebook): https://www.facebook.com/policies/pages_groups_events#
• Platform Policy (Instagram): https://help.instagram.com/325135857663734/
• Information on page insights data (Facebook): https://www.facebook.com/legal/terms/information_about_page_insights_data
• Additional agreement on Page Insights (Facebook): https://en-gb.facebook.com/legal/terms/page_controller_addendum
• Possibilities to object (Facebook): https://www.facebook.com/settings?tab=ads
• Possibilities to object (Instagram): https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland and Twitter Inc., 1355 Market Street #900, San Francisco, California 94103, USA
• Terms of service: https://twitter.com/en/tos#intlTerms
• Data protection policy: https://twitter.com/en/privacy
• Platform rules: https://twitter.com/rules
• Possibility to object: https://twitter.com/settings/account
Google (including YouTube)
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Data protection policy for (Google): https://policies.google.com/privacy?hl=en-GB&gl=de
• Platform rules (YouTube): https://www.youtube.com/yt/about/policies/#community-guidelines
• Possibilities to object: https://adssettings.google.com/authenticated
You can subscribe to our newsletter. To subscribe it is generally sufficient to enter your email address. We may, however, ask you to give your name, so that we can address you personally in the newsletter, or to give other information that is necessary for the purposes of the newsletter. Your email address is stored for the purpose of sending the newsletter and processed only for the purpose of sending the newsletter. The newsletter is sent based on your consent.
Your address and your order are forwarded to the distribution company MailChimp, a newsletter distribution platform operated by the US-American provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA for the purpose of processing your order.
• Website: https://mailchimp.com
• Data protection policy: https://mailchimp.com/legal/privacy/.
Double-opt-in procedure: Subscription to our newsletter always uses a so-called double-opt-in procedure: This means that you receive an email upon registration; this message asks you to confirm your registration. This confirmation is necessary to prevent people from registering with other people's email addresses. Registrations for the newsletter are logged so that the registration process can be documented in accordance with legal requirements. This includes storing the time of registration and time of confirmation as well as the IP address. Changes to the data stored with the distributor are also logged.
Possibility to object (opt out): You may cancel your subscription to our newsletter, i.e. revoke your consent or object to further receipt, at any time. A link for cancelling the subscription is provided at the end of each newsletter, or you can use any of the above-mentioned ways to contact us, preferably email.
The data you enter is stored for the purpose of communicating with you individually. To do this we need a valid email address and your name. This serves the purpose of assigning and subsequently answering your enquiry. Any further information is optional.
The basis for the processing of the personal data you enter in the obligatory fields is, if nothing else is specified, article 4 (1) of the Bavarian Data Protection Act (BayDSG) in combination with article 2 of the Bavarian Higher Education Act (BayHSchG) within the scope of the opening clause of article 6 (2)-(3) in combination with article 6 (1) point (1) point (e) of the GDPR. These provisions allow the Akademie der Bildenden Künste Nürnberg to process the data necessary to complete its tasks as stated in the higher education act. Permission to process data can also be based on a legal duty of the Akademie der Bildenden Künste Nürnberg pursuant to article 6 (1) point 1 (c) of the GDPR in combination with duties resulting from the BayHSchG.
For our events, we process the data necessary for registration and organisation in accordance with article 6 (1) point e) of the GDPR. Data is deleted in accordance with legal retention periods, i.e. after six years for business letters and after ten years for invoices, unless the data of the participants is required beyond these periods to be able to issue copies or confirmations.
E. Amendments to our data protection declaration
We reserve the right to change our data protection declaration, to accommodate changes to legislation or changes in the services we provide, (e.g., if we introduce new services). The new data protection policy will then apply to your future visit to our website.
Do you have any questions?
If you have questions about data protection, please write us an email or contact the person responsible for data protection in our organisation directly:
Data Protection Officer of the Akademie der Bildenden Künste Nürnberg
F. Data Protection Declaration