1. Our Privacy Commitment
Digital Pinakothek is committed to protecting your privacy and ensuring transparency in our data practices. As a cultural institution dedicated to democratizing access to art, we believe privacy is a fundamental right that must be respected and protected.
Our Core Privacy Principles:
- Minimal Data Collection: We collect only what's necessary to provide our services
- No Personal Data Sales: We never sell or share personal information for commercial purposes
- User Control: You have full control over your data and privacy settings
- Transparency: We clearly explain what data we collect and why
- Security: We implement industry-standard security measures to protect your data
2. Information We Collect
We collect minimal information necessary to provide and improve our museum services. Our approach prioritizes your privacy while ensuring a quality experience.
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Technical Data IP address, browser type, device info |
Service functionality, security, analytics | Legitimate Interest |
| Usage Data Pages visited, search queries, artwork views |
Improve user experience, curate content | Legitimate Interest |
| Optional Data Email for newsletter, feedback |
Communication, updates, support | Consent |
| Cookies Preference settings, session data |
Personalization, functionality | Consent / Legitimate Interest |
3. How We Use Your Information
Your information helps us provide a better museum experience while respecting your privacy. We use data only for legitimate purposes that benefit our users and cultural mission.
- Service Provision: Deliver core functionality, search, and browsing capabilities
- User Experience: Personalize content recommendations and remember preferences
- Security: Protect against fraud, abuse, and security threats
- Analytics: Understand usage patterns to improve our collections and features
- Communication: Send updates about new exhibitions and features (opt-in only)
- Research: Conduct anonymized research to advance digital humanities
- Legal Compliance: Meet legal obligations and respond to valid legal requests
4. Cookies and Tracking
We use cookies and similar technologies to enhance your browsing experience and understand how our platform is used. You have full control over cookie preferences.
Types of Cookies We Use:
- Essential Cookies: Required for basic site functionality (cannot be disabled)
- Preference Cookies: Remember your settings and choices
- Analytics Cookies: Help us understand site usage (anonymized data)
- Performance Cookies: Optimize loading times and functionality
You can manage cookie preferences through your browser settings or our cookie management tool. Disabling certain cookies may affect site functionality.
5. Data Sharing and Third Parties
We believe in data minimalism and only share information when necessary for service provision or legal compliance. We never sell personal data to third parties.
- Service Providers: Trusted partners who help operate our platform (hosting, analytics, security)
- Cultural Institutions: Anonymized data for academic research and cultural preservation
- Legal Requirements: When required by law or to protect rights and safety
- Business Transfer: In case of merger or acquisition (with user notification)
All third-party partners are contractually bound to protect your data and use it only for specified purposes. We conduct regular audits to ensure compliance.
6. Data Security
We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
- Encryption: All data transmission is encrypted using industry-standard SSL/TLS
- Access Controls: Strict access limitations and authentication requirements
- Regular Audits: Continuous monitoring and security assessments
- Data Backup: Secure, encrypted backups with geographic redundancy
- Incident Response: Established procedures for security breach notification
- Employee Training: Regular privacy and security training for all staff
7. Your Privacy Rights
You have comprehensive rights regarding your personal data. We respect these rights and provide easy mechanisms for exercising them.
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate or incomplete personal information
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your personal data
- Objection: Object to processing based on legitimate interests
- Consent Withdrawal: Withdraw consent for data processing at any time
To exercise these rights, contact us at privacy@pinakothek.online. We will respond within 30 days and verify your identity before processing requests.
8. Children's Privacy
Digital Pinakothek is designed to be educational and appropriate for all ages, including children. We take special care to protect children's privacy and comply with applicable children's privacy laws.
Our Children's Privacy Practices:
- We do not knowingly collect personal information from children under 13
- No behavioral advertising or tracking of children
- Educational content is carefully curated for appropriateness
- Parental controls and supervision features are available
- Any inadvertent collection of children's data is immediately deleted
9. International Data Transfers
As a global digital museum, we may transfer data internationally to provide our services. We ensure appropriate safeguards are in place for all international transfers.
- Adequacy Decisions: Transfers to countries with adequate data protection laws
- Standard Contractual Clauses: EU-approved contracts for international transfers
- Binding Corporate Rules: Internal policies ensuring consistent protection standards
- Certification Programs: Partners certified under recognized privacy frameworks
10. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. We regularly review and delete outdated information.
| Data Type | Retention Period | Rationale |
|---|---|---|
| Account Data | Until account deletion | Service provision |
| Usage Analytics | 2 years (anonymized) | Service improvement |
| Security Logs | 1 year | Security and fraud prevention |
| Marketing Data | Until consent withdrawal | Communication preferences |
11. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify users of significant changes through appropriate channels.
How We Notify You of Changes:
- Email notification for substantial changes (if you've subscribed)
- Prominent notice on our website homepage
- Updated "Last Modified" date on this policy
- Social media announcements for major updates
Continued use of our services after policy changes constitutes acceptance of the updated terms. If you disagree with changes, you may discontinue using our services.
12. Contact Information
We're committed to transparency and open communication about privacy matters. If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us.
Privacy Officer: privacy@pinakothek.online
General Inquiries: info@pinakothek.online
Data Protection Officer: dpo@pinakothek.online
You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your privacy concerns.
Last Updated: January 15, 2025
Effective Date: January 15, 2025
Version: 2.1