privacy policy – ARTSCENICO

This Privacy Policy applies to information ARTSCENICO collects about individuals who interact with our organization. It explains what personal information we collect and how we use it.

If you have any comments or questions about this notice, feel free to contact us at office(at)artscenico(dot)com.

1. Artscenico.com

1 Responsible for the content of artsenico.com is

ARTSCENICO – European Federation for Costume & Production Design
c/o CST, 9 rue Baudoin
75013 Paris, France

office(at)artscenico(dot)com

Association loi 1901 n° W751252536, registered 31/05/2019

2 Responsible for Webhosting is

Höllers Büro für IT-Dienstleistungen
Inhaber: Dipl.Ing. Michael Höller
1150 Wien, Lehnergasse 5
0043 1 715 78 70
office(at)hoellers-buero(dot)at

3 Logfiles

Artscenico follows a standard procedure of using log files on its Website. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on artscenico.com, which are sent directly to users’ browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit. Note that Artscenico has no access to or control over these cookies that are used by third-party advertisers. Our Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in artscenico.com. This policy is not applicable to any information collected offline or via channels other than this website.

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

2. Data collection & processing

The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.

Purpose	Data (key elements)	Basis
Enquiring about our organisation and its work	Name, email, message	Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect.
Subscribing to email updates about our work	Name, email	Consent – you have given your active consent.
Making a donation	Name, email, address, payment information	Legitimate interests – this information is necessary for us to fulfil your intention of donating money and your expectation of receiving a confirmation message.
Signing up as a member	Name, email	Contract – by paying your membership fees you have entered into a contractual relationship with us as set out in our membership terms and conditions.
Website functionality	Website activity collected through cookies	Legitimate interests – it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.

ARTSCENICO is bound by law to follow the General Data Protection Regulation (GDPR) for processing data. Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89, not be considered to be incompatible with the initial purposes (‘purpose limitation’); adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’); accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’); processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

We will only use your data in a manner that is according to these principles, considering the basis on which that data was collected, as set out in the table at the top of this policy.

2.1 Personal Data Use

We may use your personal information to:

reply to enquiries you send to us;
handle donations or other transactions that you initiate;
where you have specifically agreed to this: send you newsletter or other communications by email relating to our work and members which we think may be of interest to you.

3. Data sharing & ZOOM

We will only pass your data to third parties in the following circumstances:

you have provided your explicit consent for us to pass data to a named third party;
we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
we are required by law to share your data.

In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.

We’re offering virtual/online open forums via Zoom. Zoom was selected because, in contrast to other systems on the market, it delivers very high quality, is particularly user-friendly and transparent in its operation, and offers a large number of privacy-friendly configuration options.

3.1 ZOOM Settings

In the interest of privacy-compliant use, the following settings are chosen for our meetings:

Calendar and contact integration [disabled]
Require password when creating new meetings [enabled]
Encryption required for third party endpoints (H323/SIP) [enabled]
Prevent participants from saving the chat [enabled]
Auto-save chats [disabled]
Remote control [disabled]
Camera remote control [disabled]
Automatic recording [disabled]
Only the host can download cloud recordings [enabled]
Recording disclaimer [enabled]
Delete chat data from device (30 days) [enabled]
Archiving third party chat data [disabled]
Company contacts [disabled]

3.2 Controller & Processor

This Privacy Policy also enables you to find out about the processing of your personal data when using “Zoom.” The controller as defined by the GDPR and other data protection regulations is:

ARTSCENICO – European Federation for Costume & Production Design
c/o CST, 9 rue Baudoin
75013 Paris, France

ARTSCENICO is a registered association (Association loi 1901 n° W751252536, registered 31/05/2019). It is legally represented by the President, Maximilian Lange.

As processor or data defined by Article 28 GDPR for ARTSCENICO acts:
Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113. Find Zooms handling of and compliance with the GDPR here.

3.3 Data Transfer

In the case of business Zoom accounts, the following data is transferred to Zoom after login and confirmation by the user (registration process):

Pseudonym, otherwise, optionally, the full name (display name) as well as first name(s) and last names as separate fields
Language settings
The name of the institution
Optional: job title, telephone number, place, company or institution
Registration password
If you log in with another Zoom account, the personal data stored there will be processed
If you connect to a Zoom room (in the browser or via client) as a guest without logging in using a Zoom account, you will be asked to choose an alias for yourself so that you do not have to disclose your name to Zoom
If you connect via telephone dial-in, your telephone number will be processed
Video, Audio, and Text Data: Video data, if you have enabled the camera of your end device; Audio data, if you have enabled the microphone of your end device; Text data, if the chat, question, or poll feature is used.
Meeting Metadata: Meeting duration; Start and end (time) of persons’ participation, Name and description of the meeting, Scheduled date/time of the meeting, Chat status, IP addresses of the end devices used for participation as well as other device/hardware information (MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or speaker, type of connection, etc.), approximate location for establishing a connection to the nearest Zoom data center
Meeting Recordings: mp4 of all video and audio recordings and presentations, m4a of all audio recordings, Text file of all annotations, chats, audio log file, Audio log file and other information shared while using the service
ARTSCENICO’s full name, official email address, billing and procurement data

In any case, video and audio data contain your likeness as well as your voice as personal data as defined by Article 4(1) GDPR, as the data relates to you as an identified or identifiable natural person. In addition, the content of your contributions may allow conclusions about your person. The IP address and device/hardware information may also allow conclusions about your person and are therefore to be treated as personal data.

The text within the chat feature is saved in a separate file and is not part of the video in the event of recording.

For further information on data processing when using Zoom, please visit Zoom Privacy and Security. Please note that this is an external website operated by Zoom Video Communications, Inc. under its own responsibility and that personal data is processed when you visit the website.

4. Collection & Storage Duration

We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.

Where data is collected on the basis of consent, we will seek renewal of consent eventually.

4.1 Zoom

The data mentioned above will be processed as long as it is required for the execution of the online meetings and related services. This does not apply if, by way of derogation, a longer storage or retention period is required by law or is necessary for law enforcement within the statutory limitation periods. If data is only retained for the aforementioned purposes, data access is limited to the extent necessary for this purpose.

If the online meeting is recorded, you will be informed of this via a prior notice from the ARTSCENICO and/or via technical signaling. You can disable your camera and microphone independently and leave the meeting at any time. With recording, the data of the audio and video stream and optionally the messages in the chat, question, or poll feature are stored and remain stored beyond the duration of the meeting. The recordings stored on the cloud servers of the provider of “Zoom” are automatically deleted after 30 days at the latest. If online meetings are not recorded, the provider states that it does not store the meeting content after the meeting is over. If you are logged in with a Zoom account, online meeting reports (meeting metadata, telephone dial-in data, questions and answers in webinars, poll feature in webinars) can be stored in Zoom for up to one month.

When Zoom is used, personal data is processed outside the EU/EEA. The transfer of data takes place on the basis of standard data protection clauses of the EU Commission as an appropriate guarantee for an adequate level of data protection in accordance with Article 46(2) c) GDPR. Zoom is configured in such a way that the data collected directly during online meetings (such as image, sound, meeting content) is generally processed at the nearest server location, and thus regularly within the EU, and otherwise exclusively on US servers. The remaining so-called metadata is processed on US servers.

Since Zoom meetings require the sound and image of the speaker to be transmitted to a large number of people in high quality, the connection does not use end-to-end encryption, but transport encryption. On October 14, 2020, Zoom announced the technical preview of an end-to-end encryption (E2EE). Currently, the following features are not usable in conjunction with E2EE encryption: e.g. entering before the host, cloud recording, streaming, live transcription, breakout rooms, polling, 1:1 privacy chat, and meeting responses. Please note that we have no direct influence on the security of data when using cloud services. Although ARTSCENICO has configured the service to minimize data, we nevertheless ask that you do not disclose an unnecessarily large amount of data about yourself.

5. Rights to one’s data

With regard to your personal data, you have the following rights:

Right to withdraw your consent with effect for the future (Article 7(3) GDPR)
Right to confirmation as to whether your personal data is being processed and right to information about the data processed, further information about the data processing and copies of the data (Article 15 GDPR)
Right to rectification or completion of inaccurate or incomplete data (Article 16 GDPR)
Right to immediate erasure of your personal data (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to receive the data in a structured, common, and machine-readable format, provided that the processing is based on consent in accordance with Article 6(1), subparagraph 1, a) or Article 9(2) a), or on a contract in accordance with Article 6(1), subparagraph 1, b), and no exception applies (Article 20 GDPR)
You also have the right to complain to a supervisory authority about the processing of your personal data by ARTSCENICO (Article 77 GDPR).
You have the right to object to the future processing of your data, provided that the data is processed in accordance with Article 6(1), subparagraph 1, a) or c) GDPR.

A full summary of your legal rights over your data can be found on the following site: https://gdpr.eu/tag/gdpr/

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us.

Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.

5.1 Zoom recordings

The content of the events and all materials (documents, recordings provided, etc.) is – unless indicated otherwise – the intellectual property of the speaker in question and protected by copyright. It may only be used by you as a person registered for the event. In particular, publication, reproduction, passing on, or processing, in whole or in part, are not permitted, nor is the recording of an event in audio or video or by means of screenshots. The unauthorized publication of a recording violates the participants’ right to the spoken word or the right to one’s own image. Any misuse may result in legal action. As a participant, you agree to respect the copyrights and to only use the (live) video conferences individually for your own use within the scope of the invitation by ARTSCENICO.

If ARTSCENICO is recording a meeting it is for lawful, fair and transparent use on ARTSCENICO related channels only. Before and during the registration to a meeting you will be informed, that the meeting you are registering for might be recorded and used as means to promote ARTSCENICO on its own channels (Website, Instagram). If you are registering, you are consenting to potentially being recorded and the usage of said recording as explained above. You have the right to withdraw consent, to not participate, to participate but without using your camera or contributing spoken words – in which case your chosen username might still be in sight. In consenting to participation and being recorded, you renounce your right to assert the right to your own image or spoken words.

6. Cookies & usage tracking

A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.

Where cookies are used to collect personal data, we list these purposes in section 1 above, along with other personal data that we collect. However, we also use some cookies that do not collect personal information but that do help us collect anonymous information about how people use our website. We use Google Analytics for this purpose. Google Analytics generates statistical and other information about website usage by means of cookies, which are stored on users’ computers. The information collected by Google Analytics about usage of our website is not personally identifiable. The data is collected anonymously, stored by Google and used by us to create reports about website usage. Find Google’s privacy policy available here.

7. Modifications

We may modify this Privacy Policy from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and is affected.