Privacy Policy

Hinweis: Da sich diese Website an ein internationales Publikum richtet, steht die Datenschutzerklärung nur auf Englisch zur Verfügung. Wenn Sie Fragen hierzu haben, wenden Sie sich gerne an oder die Datenschutzbeauftragte des ZKM unter

Privacy Policy for this website
(hereinafter "Privacy Policy")

Table of contents

  1. Purpose of data protection and legal framework
  2. Server log data
  3. Contact via E-Mail
  4. Cookies
  5. Web analysis/Matomo
  6. Embedded links to third-party offerings
  7. Recipients of personal data
  8. Retention policy
  9. Your rights
  10. Our Data Protection Officer
  11. Safety and security
  12. Amendments

As the Data Controller responsible for (hereinafter also referred to as the “Website”), we

ZKM | Zentrum für Kunst und Medien Karlsruhe

Public Foundation
Lorenzstraße 19
76135 Karlsruhe, Germany

Phone: +49 (0) 721/8100-0
Fax: +49 (0) 721/8100-1139

(hereinafter also referred to as “we”, “us” or “ZKM”)

would like to inform you of relevant aspects of data protection law with respect to the use of the Website.
The processing of your personal data is performed exclusively within the framework of the provisions of the data protection law of the European Union, in particular the EU General Data Protection Regulation (“GDPR”), and also the Data Protection Act of the State of Baden-Württemberg (“LDSG BW”) and other statutory provisions on data protection (hereinafter jointly referred to as “Data Protection Laws”).
If you would like to read the GDPR for yourself, you can find a copy at:
This Privacy Policy applies to this website as a sub-domain of and as such refers to the privacy policy available at With respect to other online presences of ZKM, only the privacy policies published on such presences apply. Accordingly, this Privacy Policy furthermore does not apply to ZKM presences on third-party platforms, in particular social networks (e.g. Facebook, Twitter, or Instagram), even if a ZKM website links to such presences. With respect to our presences on these platforms, the privacy policies of the respective platform provider and any special privacy policies indicated by ZKM on such presences apply.
Furthermore, the following information does not apply to third-party websites run by other operators which are linked to from this Website. The terms used in this Privacy Policy, such as “personal data” or “processing”, are given the definitions contained under Article 4 GDPR.

1. Purpose of data protection and legal framework

The purpose of data protection is to protect personal data. Personal data means all information relating to an identified or identifiable person (“data subject”). Therefore, your personal data includes all data that could be used to identify your person, e.g. your name, address, telephone number, or e-mail address. Personal data also includes information that is of necessity generated by your use of this Website, e.g. the start, end and extent of your use, or your IP address.
We only process your data where this is permitted by an applicable legal regulation. The legal basis for processing your data is, among others:

  • Consent (Article 6(1)(1), point (a) GDPR): Certain data we use only on the basis of prior, explicit and voluntary consent which you have given us. You have the right to withdraw your consent at any time with effect for the future.
  • Performance of a contract or steps necessary prior to entering into a contract (Article 6(1)(1), point (b) GDPR): We require certain data from you, in particular with respect to initiating or conducting a contractual relationship with ZKM.
  • Compliance with a legal obligation (Article 6(1)(1), point (c) GDPR): We also process your personal data in order to comply with legal obligations, such as the directives of supervisory authorities or data retention requirements under commercial and tax law.
  • Protecting legitimate interests (Article 6(1)(1), point (f) GDPR): ZKM will process certain data in order to protect its own interests or the interests of third parties. However, this shall not apply in such cases where your interests override ours.

Please be aware that this is not a complete or exhaustive list of possible legal bases, rather these are simply examples intended to make the legal framework provided for data protection laws more transparent. For further details regarding the legal framework for each instance where data are processed within the context of using this Website, please see the explanations in the clauses below.

2. Server log data

When you visit this Website, the following information concerning your access may be stored:

  • IP address of the end device making the request;
  • Name of website and file accessed;
  • HTTP response code;
  • Website, from which you are visiting the Website (Referrer URL);
  • Date and time of server request;
  • Browser type and version;
  • Operating system used by the computer making the request;
  • Search term used to find the Website, e.g. via Google.

We process these data on the basis of Article 6(1)(1), point (f) GDPR in order to make this Website available, to ensure correct operation of the technology, and for the safety and security of our IT systems. We are thereby pursuing our interest in facilitating the use of this Website and its technological functionalities and permanently maintaining such. These data are processed automatically when this Website is accessed. Otherwise, you will not be able to use this Website. We do not use these data for the purposes of drawing conclusions pertaining to your identity.
Generally, these automatically generated data are erased once they are no longer required for the purpose, for which they were collected, except in individual cases where an alternative legal framework applies. In the case of the latter, we erase these data immediately after this alternative legal framework ceases to apply.
We cannot comply with any objections to the collection and storage of your server log data since these data are absolutely necessary in order to ensure the smooth operation of this Website.

3. Contact via E-Mail

On this Website, you have the option of getting in touch with us via e-mail. When you contact us in this manner, we collect and store any data you may have voluntarily given us, such as the following data:

  • Surname;
  • First name;
  • E-mail address;
  • Your individual message.

Our outgoing e-mail communication is encrypted for transmission using the TLS 1.3 standard (see Sec. 11). Your e-mail communication to us may or may not be encrypted depending on the settings of your e-mail server or provider. Your contact details as well as any data provided by you voluntarily are collected, processed and used solely for the purposes of receiving and, where applicable, responding to your inquiry. The processing of data transmitted within the context of communication via e-mail is based on Article 6(1)(1), point (b) GDPR, if such communication pertains to the initiation or conducting of a contractual relationship with you, or alternatively Article 6(1)(1), point (f) GDPR. In the latter case, we have a legitimate interest in processing contact requests sent to us voluntarily.
We erase the data you have provided as soon as they are no longer required for the purpose, for which they were collected, subject to compliance with statutory retention obligations that may still apply.
Where your data are processed on the basis of legitimate interests, you can object to the storage of your personal data at any time. In such case, we will no longer process your data unless we can prove that we have an overriding legitimate interest in this processing, or we are otherwise legally required to store your data. In order to exercise your right to object to storage, please contact us in writing via fax or e-mail.
Please be aware, however, that we cannot guarantee complete data security in the event of communication via e-mail. Therefore, we recommend sending your communication via secure means, such as ordinary mail, particularly with respect to confidential information.

4. Cookies

We use cookies and similar tracking technologies, such as HTML5 Storage, (hereinafter referred to generally as “cookies”) on this Website in order to optimize its design. Among other things, this helps to make navigation easier and makes the Website very user-friendly.

Cookies are, generally speaking, small identifiers which our web server sends to your browser and which are stored on your computer, provided you have configured standard settings. These cookies can be used to determine whether your end device has already communicated with us. They thus serve the purpose of making the Website easier to use and streamlining our presence by allowing us to analyze the use of this Website. Cookies may be used by us or by third-party providers, such as our analytics, marketing and social media partners. Data processing is based on Article 6(1)(1), point (f) GDPR, or alternatively Article 6(1)(1), point (a) GDPR if you have explicitly consented to the use and storage of cookies. Personal data can then be stored in cookies where the technology requires this or you have given your consent. Recourse to other legal frameworks is explicitly reserved.

If you consent to the use and storage of non-essential cookies (see Sec. 4, points (b)), you can withdraw this consent at any time with effect for the future via the cookie settings on this Website.
You can also block the storage of necessary cookies at any time by selecting “Block all cookies” in your browser settings. For details of how to manage and delete cookies via your browser settings, please refer to the Help function of your browser.
You can also block the use and storage of all cookies using free browser add-ons such as “Adblock Plus” ( combined with the “EasyPrivacy” list (
However, blocking the storage of all cookies may restrict the functionality of this Website.

a) Necessary cookies
We use necessary cookies to help this Website function. We have a legitimate interest in storing these cookies since otherwise we would not be able to offer certain basic Website functionalities (e.g. you would have to reconfigure Website settings every time you switch a page). You will find an overview of the necessary cookies we use in this table:

ncc_cNuxtUsed by the cookie control banner to store the user's consent.12 months
ncc_eNuxtUsed by the cookie control banner to store the list of allowed cookies.12 months

The storage and use of necessary cookies is based on Article 6(1)(1), point (f) GDPR. You can only deactivate necessary cookies via your browser settings or browser add-ons. Please see the previous section for further details. This may restrict the functionality of this Website.

b) Statistics cookies
Statistics cookies help us better understand how visitors are interacting with this Website and our content by analyzing information on usage. We also use third-party cookies which may in certain cases allow these third parties to obtain information on your usage and to use this information for their own purposes (see Sec. 5). Please visit the websites of the third-party providers listed in the table for more information on how they use cookies.

_pk_idMatomoContains a randomly generated User ID. Using this ID, Matomo can recognize returning users of the Website and collate data from previous visits.13 months
_pk_sesMatomoTracks the number of page views during the session.30 minutes

Where you have given us your consent to do so, the storage and use of statistics cookies is based on Article 6(1)(1), point (a) GDPR. Please see the previous sections for further details. You can withdraw this consent at any time with effect for the future via the cookie banner on this Website.

5. Web analysis/Matomo

If you have consented to the use of statistics cookies, we use the open-source web analysis service Matomo for statistical evaluation of visitor accesses to make this Website better and more user-friendly.
Matomo enables statistical evaluations on this Website, in particular on visitor accesses and page views, using technologies such as cookies and device fingerprinting. Matomo collects, analyses and categorizes incoming information generated by the user's terminal equipment about the use of this Website and interactions with it as well as access data, in particular IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of statistical analytics. The information generated by Matomo concerning your use of this Website is stored locally on our self-run server which is located on our premises in Karlsruhe, Germany. The legal basis is Article 6(1)(1), point (a) GDPR since data processing is performed based on your consent. Recourse to other legal frameworks is explicitly reserved.
We will use this information to analyze your use of this Website in order to compile reports on activities on this Website. The data processed may be used to create pseudonymous user profiles.
We only ever use Matomo with IP anonymization activated. This means that user IP addresses will be shortened, to make it more difficult to identify the individual user.
The data are erased as soon as they are no longer necessary for our record-keeping purposes. For us, this is generally after 24 months.
You can withdraw any consent you have given to the use of Matomo at any time via the cookie settings on this Website (see Sec. 4 above). You can also block the use and storage of cookies by configuring your browser settings accordingly or using browser add-ons (see Sec. 4 above).
Further information about the privacy settings of Matomo can be found on Matomo‘s website at the following link:

Where we link to websites and services (“offerings”) of third parties, clicking on the hyperlink will redirect you to the offering of the respective third party.
Please be aware that the third-party offerings linked to on this Website may install their own cookies on your end device or collect personal data. We have no control over this. Wherever applicable, please seek relevant information from the providers of these linked third-party offerings. The respective provider and controller will be indicated in the legal notice and privacy policy of the respective website.

7. Recipients of personal data

We only ever forward your personal data to external recipients where this is necessary in order to handle or process your inquiry, or we have your consent to do so, or we have other permission to do so under law.
External recipients may include, in particular:

  • Data processors: These are service providers who we engage to render services relating to our technical infrastructure or maintenance of this Website, for example. We carefully select and regularly review these data processors in order to ensure that your privacy is guaranteed. These service providers may only ever use the data they receive for the purposes we have specified and according to our instructions. We are authorized to make use of such data processors subject to our compliance with the legal requirements of Article 28 GDPR.
  • Public agencies: These are public authorities, state institutions, and other public bodies, e.g. supervisory authorities, courts, public prosecutors, or financial authorities. Personal data are only ever transmitted to such public agencies where there exist legally compelling grounds to do so. The legal basis for such a transmission of data is Article 6(1)(1), point (c) GDPR.
  • Non-public bodies: These are service providers and agents, to whom data are transmitted on the basis of a legal obligation or in order to protect legitimate interests, e.g. tax advisors or financial auditors. Such a transmission of data is thus based on Article 6(1)(1), point (c) and/or point (f) GDPR.

8. Retention policy

We only store your personal data for as long as this is necessary in order to fulfill the relevant purposes or – if you give your consent – until such time as you withdraw your consent. If you do withdraw your consent, we will stop processing your personal data unless we are permitted or required to continue processing according to the relevant statutory provisions (e.g. within the context of retention obligations under commercial and tax law). We will also erase your personal data where we are required to do so for legal reasons.
For further details of how long we store your personal data for, please see the relevant explanations in the sections above.

9. Your rights

As a data subject, you have a number of rights. These rights are:

  • Right of access (Article 15 GDPR): You have the right to receive information on the personal data we are storing concerning you.
  • Right to rectification and erasure (Article 16 and Article 17 GDPR): You can request that we rectify incorrect data and – provided the legal requirements are satisfied – that we erase your data.
  • Right to restriction of processing (Article 18 GDPR): You can request that we restrict our processing of your data, provided the legal requirements are satisfied.
  • Right to data portability (Article 20 GDPR): If you have provided us with data on the basis of a contract or consent, then you can request to receive the data you have provided in a structured and commonly used format or alternatively that we transmit these data to another controller, provided the legal requirements are satisfied.
  • Right to object to data processing on the grounds of legitimate interests (Article 21 GDPR): You have the right to object, on grounds relating to your particular situation, to our processing of personal data, provided this is based on legitimate interests within the meaning of Article 6(1)(1), point (f) GDPR. If you make use of your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests.
  • Withdrawing consent (Article 7 GDPR): If you have consented to our processing of your data, you can withdraw this consent at any time with effect for the future. This shall not affect the lawfulness of processing based on consent before its withdrawal. If you would like to withdraw your consent to the use of specific cookies, please refer to the explanations under Sec. 4.
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You can also lodge a complaint with the relevant supervisory authority if you are of the opinion that the processing of your data infringes on the applicable law. To do this, you can contact either the data protection authority with jurisdiction over your place of residence, workplace or place of the purported violation, or the data protection authority with jurisdiction over us. The supervisory authority for data protection with jurisdiction over us is the State Data Protection Officer for Baden-Württemberg (

In case of questions concerning the processing of your data, your rights as a data subject, and any consent you may have given, you can contact our Data Protection Officer via the communication channels listed under Sec. 10. Please also contact our Data Protection Officer directly in order to exercise your rights as a data subject. You can of course also contact the controllers indicated above in this respect.

10. Our Data Protection Officer

We have appointed a company Data Protection Officer. You can reach them using the following information:

ZKM Data Protection Officer
c/o V-Formation GmbH
Stephanienstr. 18
76133 Karlsruhe
Phone: +49 (0) 721/17029034

11. Safety and security

We implement technical and organizational security measures in order to protect your personal data against intentional or unintentional manipulation, loss, destruction, or access by authorized persons. These measures are always adjusted according to the current state of the art.
Personal data concerning you that are transmitted in the context of your use of this Website are transmitted to us securely using encryption. We do this using the Transport Layer Security (TLS) encryption protocol, largely known by its former name Secure Socket Layer (SSL).
Our employees are obliged to observe data secrecy.

12. Amendments

From time to time, it may be necessary to modify the content of this Privacy Policy. We reserve the right to amend this policy at any time. Where your consent is required for an amendment, we will obtain this consent from you. We will publish the amended version of the Privacy Policy in the same location as this current Privacy Policy. You should therefore read through the revised Privacy Policy the next time you visit this Website.

Last updated: June 2023