Privacy Policy
I. Introduction and Definitions
1. GENERAL INFORMATION
By operating our website at www.narutothegallery.de (hereinafter referred to as the “Website”), we process personal data. We treat this data confidentially and in accordance with applicable laws – in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Digital Services Data Protection Act (TDDDG).
With this privacy policy, we aim to inform you about which personal data we collect from you, the purposes for which we use it, the legal basis for processing, and, if applicable, to whom we disclose it. Furthermore, we explain your rights regarding the protection and enforcement of your personal data.
2. DEFINITIONS
Our privacy policy uses terms defined in the GDPR and BDSG. To improve your understanding, we explain these terms in simple language in advance:
2.1 Personal Data
“Personal data” refers to all information relating to an identified or identifiable individual (Art. 4 No. 1 GDPR). Identified individuals may include names or email addresses. However, personal data also includes information that does not directly identify a person but can be linked to them through the combination of other data sources. For example, someone can be identified through their address, bank account, date of birth, username, IP address, and/or location data. Any information that can in any way lead back to a person is considered relevant.
2.2 Processing
According to Art. 4 No. 2 GDPR, “processing” refers to any operation related to personal data. This includes, but is not limited to: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other forms of provision, alignment or combination, restriction, erasure, or destruction of personal data.
II. Controller and Data Protection Officer
3. CONTROLLER
The party responsible for data processing is:
Company: DEAG Classics AG (“we”)
Legal representatives: Jacqueline Zich, Moritz Schwenkow
Address: Potsdamer Str. 58, 10785 Berlin
Phone: +49 30 81075-0
Email: info@deag.de
4. DATA PROTECTION OFFICER
We have appointed an external data protection officer. You can reach them at:
Name: Reinher Karl
Company: HABEWI GmbH & Co. KG
Address: Palmaille 96, 22767 Hamburg
Phone: +49 40 46008966
Fax: +49 40 46008977
Email: datenschutz@habewi.de
III. Scope of Processing
5. SCOPE OF PROCESSING: WEBSITE
As part of operating the Website, we process the personal data listed in detail in Section IV below. We only process data you actively provide via the Website (e.g., by filling out forms) or data that is automatically collected during your use of our services.
Your data is processed solely by us and is not sold, rented, or shared with third parties. If we engage external service providers for the processing of your personal data, it is within the scope of a so-called data processing agreement where we retain full control and issue instructions as the controller.
For hosting purposes, we engage an external service provider: GoDaddy (Address: 100 S. Mill Ave Suite 1600, Tempe, AZ 85281, USA) using European data center locations.
As a rule, we do not transfer data to third countries, nor is it planned. Any exceptions will be clearly outlined in the relevant sections. If a data transfer to a third country occurs, it is based on the EU-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov/) or the EU Standard Contractual Clauses.
IV. Detailed Processing Activities
6. WEBSITE PROVISION AND SERVER LOG FILES
6.1 Description of Processing
Each time the Website is accessed, we automatically collect data that your browser transmits to our server. This includes:
-
IP address
-
Browser software used, including version and language
-
Operating system
-
Referrer URL (the page from which visitors arrive)
-
Internet service provider
This data is also stored in the log files of our system. Temporary storage of your IP address is necessary for delivering the Website to your device. For this purpose, your IP address must remain stored for the duration of the session. Additionally, the IP address is logged for security reasons, such as defending against attacks (particularly DDoS attacks) and fraud prevention.
6.2 Purpose
The processing ensures the functionality and security of the Website. It also supports statistical analysis and improvement of our online services.
6.3 Legal Basis
Processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1)(f) GDPR). Our legitimate interest corresponds to the purpose stated in Section 6.2.
6.4 Storage Period
Data is deleted when it is no longer needed to achieve the purpose for which it was collected. In the case of data collected to provide the Website, this is typically when the session ends. Log files are deleted after 7 days.
7. COOKIES AND OTHER TRACKING TECHNOLOGIES
7.1 Description of Processing
Our Website uses cookies – small text files stored on the user’s device when visiting a website. Cookies allow device recognition and support specific website functions. We differentiate between first-party and third-party cookies. Our Website uses session cookies and persistent cookies. Session cookies are automatically deleted when the browser is closed. Persistent cookies remain stored for longer periods.
In addition to cookies, we may use other tracking technologies such as pixels or fingerprinting. Technically necessary cookies do not require your consent. All other cookies and tracking technologies are only activated after you provide explicit consent via our consent tool.
We use the “Consentmanager” service provided by consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden. This tool stores your consent selection in a cookie on your device so that you don’t need to make the selection again on future visits.
Details about which cookies are used, their purpose, duration, and any consents you’ve given are provided in the overview below.
|
Cookie Name |
Purpose |
Storage Period |
|
|
|
|
7.2 Purpose
Cookies and tracking technologies improve the usability of the Website and support the features described in Section 7.1.
7.3 Legal Basis
Technically necessary cookies and use of the consent tool are based on our legitimate interests (Art. 6(1)(f) GDPR in conjunction with §25(2) TDDDG). For all other cookies and tracking technologies, processing is based on your consent (Art. 6(1)(a) GDPR in conjunction with §25(1) TDDDG). Consent is voluntary.
7.4 Storage Period and Withdrawal of Consent
Cookies are deleted when a session ends or after their defined storage duration. As a user, you have full control over cookie use. You can change your browser settings to disable or delete cookies. Deactivating cookies may limit some Website functions. You can withdraw your consent at any time via the consent tool settings.
7.5 Recipients
When using cookies/tracking technologies, data may be transmitted to third-party service providers. This may include transfers to countries outside the EU/EEA. Details are provided in the consent tool settings and respective sections of this privacy policy. Data may also be shared with the provider of the consent tool, consentmanager AB.
8. CONTACT FORM AND EMAIL COMMUNICATION
8.1 Description of Processing
Our Website offers a contact form where you can enter your name, email address, and message. By clicking “Send,” the data is transmitted to us using SSL encryption (see Section 13). Submitting the form requires you to acknowledge this privacy policy by checking the corresponding box. You may also contact us via email; in that case, your transmitted data will be processed accordingly.
8.2 Purpose
We provide the contact form to offer a convenient way to get in touch. The data you submit via the form or email is used solely for processing and responding to your inquiry.
8.3 Legal Basis
Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) as outlined in Section 8.2. If the contact leads to the conclusion or performance of a contract, processing is based on Art. 6(1)(b) GDPR.
8.4 Storage Period
Data is deleted once it is no longer necessary for its original purpose, typically after the communication has concluded. Communication is considered concluded when it is evident that your inquiry has been fully resolved. Legal retention obligations may override this and delay deletion.
9. GOOGLE ANALYTICS
9.1 Description of Processing
Our website uses “Google Analytics”, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Analytics uses cookies (see section 7) that enable an analysis of your use of our online offering. The information generated by the cookies is usually transmitted to and stored on a Google server in the USA. However, we use Google Analytics exclusively with IP anonymization enabled. This means that your IP address is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. The statistics generated by Google Analytics record, in particular, how many users visit our website, from which country or city the access takes place, which subpages are accessed, and via which links or search terms visitors arrive at our website. The Google Analytics Terms of Service are available at www.google.com/analytics/terms/de.html. An overview of data protection with Google Analytics can be found at www.google.com/intl/de/analytics/learn/privacy.html. Google’s privacy policy is available at www.google.de/intl/de/policies/privacy.
9.2 Purpose
The processing is carried out in order to evaluate the use of our website. The information obtained in this way helps us to improve and tailor our online presence to suit demand.
9.3 Legal Basis
The processing is based on your consent pursuant to Art. 6(1)(a) GDPR. This consent is obtained via the consent tool (see section 7.1). Providing this consent is voluntary.
9.4 Storage Duration and Right to Object / Withdrawal of Consent
We have outlined the storage duration and your control and settings options regarding cookies in section 7.4. You may withdraw your consent regarding Google Analytics at any time with future effect via the settings in the consent tool. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on provided by Google at tools.google.com/dlpage/gaoptout?hl=de. The analytics data processed and stored by Google Analytics will be automatically deleted by us after 14 months.
9.5 Recipients and Transfer to Third Countries
According to the German data protection authorities (Data Protection Conference), Google Analytics is operated under joint responsibility. Accordingly, we have entered into the “Google Measurement Controller-Controller Data Protection Terms” with Google. Google also processes your personal data in the USA.
10. GOOGLE WEBFONTS
10.1 Description of Processing
Our website uses “Google Webfonts”, a font replacement service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Webfonts replaces the standard fonts on your device with fonts from Google’s catalog when displaying our website. If your browser blocks the use of Google Webfonts, the text on our website will be displayed in the standard fonts of your device. The Google Fonts are loaded directly from a Google server. To enable this, your browser sends a request to a Google server, which may also result in your IP address being transmitted to Google in connection with our website address. Google Webfonts does not store any cookies on your device. According to Google, data processed through the Google Webfonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com and is not linked with data that may be processed in connection with other Google services, such as the search engine or Gmail. More information on data protection for Google Webfonts can be found at developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google can be found at policies.google.com/privacy?hl=de-DE.
10.2 Purpose
The processing is carried out to display the text on our website in a more legible and visually appealing manner.
10.3 Legal Basis
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose named in section 10.2.
10.4 Recipients and Transfer to Third Countries
The use of Google Webfonts may result in the transmission of personal data to Google. Google also processes your personal data in the USA.
11. YOUTUBE
11.1 Description of Processing
Our website uses services from “YouTube”, a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos on our website using iframes so that they can be played directly on our website. The videos are embedded using the “extended data protection mode” offered by YouTube, which means that no personal data is transferred to Google unless you play the videos. Personal data is only transmitted to Google when you play a video, and we have no influence over this data transmission. When you play an embedded video on a subpage of our website, Google is informed of which subpage you visited and which video you watched. Your IP address may also be transmitted. If you are logged in as a YouTube or Google user, this information is associated with your user account. Google stores your data as usage profiles and uses them for advertising, market research, and/or the demand-oriented design of Google websites. You have the right to object to the creation of these user profiles; you must contact Google directly to exercise this right. Further information on data protection at Google can be found at www.google.com/intl/de-DE/policies/privacy/.
11.2 Purpose
The processing is carried out to enable us to display videos on our website.
11.3 Legal Basis
The processing is based on your consent pursuant to Art. 6(1)(a) GDPR. This consent is obtained via the “Consentmanager” tool (see section 7.1) or through a content blocker where the YouTube video is embedded. Providing this consent is voluntary.
11.4 Withdrawal of Consent
You can withdraw your consent to display YouTube videos on our website at any time with future effect via the consent tool settings.
11.5 Recipients and Transfer to Third Countries
The integration of YouTube may result in the transmission of personal data to YouTube LLC or Google. Google also processes your personal data in the USA.
12. GOOGLE MAPS
12.1 Description of Processing
Our website uses “Google Maps”, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). We use Google Maps by embedding a map showing our business address into our website. The map is loaded directly from a Google server. For this to occur, your browser sends a request to a Google server, which may also result in your IP address being transmitted to Google in connection with our website address. Google Maps does not store any cookies on your device. If you are logged into your Google account while visiting our site, Google Maps links this information to your account. Google stores your data as usage profiles and uses them for advertising, market research, and/or the demand-oriented design of Google websites. You have the right to object to the creation of these profiles; you must contact Google directly to exercise this right. Further information on data protection at Google can be found at policies.google.com/privacy?hl=de-DE.
12.2 Purpose
The processing is carried out to enable us to display an interactive map on our website.
12.3 Legal Basis
The processing is based on your consent pursuant to Art. 6(1)(a) GDPR. This consent is obtained via the “Consentmanager” tool (see section 7.1) or through a content blocker where the map is embedded. Providing this consent is voluntary.
12.4 Withdrawal of Consent
You can withdraw your consent to display Google Maps on our website at any time with future effect via the consent tool settings.
12.5 Recipients and Transfer to Third Countries
Google also processes your personal data in the USA.
V. SECURITY MEASURES
13. Security Measures
To protect your personal data from unauthorized access, our website uses an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s device. You can recognize active SSL or TLS encryption by the small padlock icon displayed to the left of the browser’s address bar.
VI. YOUR RIGHTS
14. Data Subject Rights
With regard to the data processing described above, you have the following rights under the GDPR:
14.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation from us as to whether or not we are processing personal data concerning you. If this is the case, you have the right to access the personal data and the information listed in Art. 15 GDPR.
14.2 Right to Rectification (Art. 16 GDPR)
You have the right to request the rectification of inaccurate personal data concerning you and the completion of incomplete personal data.
14.3 Right to Erasure (Art. 17 GDPR)
You have the right to request the erasure of personal data concerning you without undue delay, provided one of the grounds listed in Art. 17 GDPR applies, e.g., if your data is no longer necessary for the purposes for which it was collected.
14.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g., if you contest the accuracy of your personal data, processing will be restricted while the accuracy is verified.
14.5 Right to Data Portability (Art. 20 GDPR)
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
14.6 Right to Withdraw Consent (Art. 7(3) GDPR)
Where processing is based on your consent, you have the right to withdraw that consent at any time with future effect. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
14.7 Right to Lodge a Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, place of work, or the place of the alleged infringement.
14.8 Right to Object to Automated Decisions / Profiling (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects or significantly affects you. We do not use such automated decision-making processes, including profiling, in connection with your personal data.
14.9 Right to Object (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6(1)(f) GDPR (legitimate interests), you have the right to object to this processing on grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims. Regardless of any particular situation, you have the right to object at any time to the processing of your personal data for direct marketing purposes.
Last updated: June 2025