Data Protection Policy
Personal data (hereinafter usually referred to as "data") is processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered therein.
Pursuant to Article 4(1) of Regulation (EU) 2016/679, i.e. the EU General Data Protection Regulation (hereinafter referred to only as "GDPR"), "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following data protection policy, we inform you in particular about the nature, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. In addition, we inform you below about the third-party applications we use for optimization purposes and to increase the usability quality, insofar as third parties process data as independent controllers.
Our Data Protection Policy is structured as follows:
I. Information about us as controllers
II. Rights of data subjects and users
III. Information on processing
I. Information about us as controllers
Joint controllers of processing of personal data on this website are:
Backbone Art Deutschland GmbH
Telephone: +49 32 212 29 21 29
Backbone Art SA
8 Rue Muzy
Data Protection Officer:
II. Rights of data subjects and users
With regard to the data processing described in more detail below, users and data subjects have the right :
- to confirmation as to whether data concerning you is being processed, access to the data being processed, further information about the processing and copies of such personal data (cf. also Art. 15 GDPR);
- to rectification of inaccurate personal data and to have incomplete personal data completed (cf. also Art. 16 GDPR);
- to erasure of personal data concerning you (cf. also Art. 17 DSGVO), alternatively, insofar as further processing is necessary in accordance with Art. 17(3) GDPR, to restriction of processing in accordance with Art. 18 GDPR;
- to receive the data concerning and provided by you and to transmit this data to other providers/controllers (cf. also Art. 20 GDPR);
- to withdraw any consent you may have given;
- to lodge a complaint with a supervisory authority if you consider that the processing of the personal data relating to you by us infringes data protection law (cf. also Art. 77 GDPR).
In addition, we are obliged to communicate any rectification or erasure of data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 GDPR to each recipient to whom data has been disclosed by us. However, this obligation does not apply insofar as this notification is impossible or involves a disproportionate effort. Notwithstanding this, you have a right to information about these recipients.
Likewise, pursuant to Article 21 of the GDPR, data subjects have the right to object to the future processing of data relating to them, where the data is processed by us pursuant to Article 6(1)(f) of the GDPR, by contacting us or the Data Protection Officer (e.g. by email, contact details above). The cases in which we base the processing on our legitimate interest can be found in this Data Protection Policy. In particular, an objection to the processing of data for the purpose of direct marketing, for example regarding a newsletter, is legitimate.
III. Information on processing
Your data processed when using our website will be erased or blocked as soon as the purpose of the storage no longer applies, the erasure of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.
For technical purposes, to ensure a secure and stable website, data is transmitted by your internet browser to us or to our hosting provider. These so-called server log files are used to collect, among other things, the type and version of your internet browser, the operating system, the website from which you accessed our website (referer URL), the webpage(s) of our website that you visit, the date and time of the respective access as well as the IP address of the Internet connection from which the use of our website takes place.
The data collected this way is temporarily stored, but not together with other data from you.
This processing is based on the legal basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data is deleted after seven days at the latest, unless further storage is required for purposes of evidence. Otherwise, the data is exempt from deletion in whole or in part until the final clarification of an incident.
a) Session cookies
We use so-called cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your end device by the internet browser you use. These cookies process certain information about you on an individual basis, such as your browser or location data or your IP address.
This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the display of our website in different languages or the offer of a shopping cart function.
These session cookies are deleted when you close your browser.
b) Third party cookies
For further details, in particular the purposes and legal basis for the processing of such third-party cookies, please refer to the following information.
c) Possibility to delete cookies
You can prevent or restrict the installation of cookies by setting your internet browser. You can also delete cookies that have already been stored at any time. However, the steps and measures required for this depend on the specific internet browser you use. If you have any questions, please use the help function or documentation of your Internet browser or contact its developer or support. Insofar as we use so-called Flash cookies, these are not collected by your browser, but by your Flash plug-in. Flash cookies store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash cookies to be processed, you must install a suitable add-on. If you have any questions, please also use the help function or documentation of your Flash player or contact the developer or customer support.
However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be fully used.
Performance of contract
The data provided by you for the use of our services are processed by us for the purpose of fulfilling the contract and are insofar necessary. Conclusion and performance of the contract are not possible without the provision of your data.
The legal basis for the processing is Art. 6(1)(b) GDPR.
We delete the data once the contract has been fully executed, insofar as we do not have to retain it due to the retention periods under tax and commercial law.
Information we share between accounts:
Information can be shared between users only as necessary and for the purpose of providing the content and the services ordered. For example, Data might be shared between Creatives and Clients of a specific order to ensure good performance of the service.
Besides, by placing an order, you declare that all contacts provided in the order have given you explicit consent to share their information with and to be contacted by Backbone Art SA and/or Backbone Art GmbH to facilitate your order.
Account / registration
If you create an account with us via our website, we will collect and store the data you entered during registration (e.g. your name, address or email address) exclusively for precontractual services, for the fulfilment of the contract or for the purpose of customer service (e.g. to provide you with an overview of your previous orders with us). At the same time, we store the IP address and the date of your registration together with its time. Of course, this data will not be passed on to third parties.
During the further registration process, your consent to this processing might be obtained and reference will be made to this Data Protection Policy. The data collected by us in this process will be used exclusively for the provision of the customer account.
Insofar as you consent to this processing, Art. 6(1)(a) GDPR is the legal basis for the processing. If the opening of the customer account also serves precontractual actions or the performance of the contract, the legal basis for this processing is also Art. 6(1)(b) GDPR.
In accordance with Art. 7(3) GDPR, you may withdraw your consent to the opening and running of the customer account at any time with effect for the future. To do so, you only need to inform us of your withdrawal.
The data collected insofar will be deleted as soon as the processing is no longer necessary. However, we must observe retention periods under tax and commercial law.
Orders and payment
On our ordering platform, you have the option to pay credit card or SEPA direct debit. We do not collect, store, or transmit financial account information. Instead, we use a third-party payment processor called Stripe to process our payments.
We send a newsletter to our customers and to other individuals (especially registered users of our platform and creatives who are part of our community or those who want to join our community). In doing so, we process your email address, but also perform analyses of reading behavior. In particular, we analyze how many times the newsletter is opened, the click rate, the bounce rate, which links are clicked and the cancellation of the newsletter subscription. For this purpose, we use the data that your browser automatically transmits to us when you click on a link, as well as so-called tracking pixels. Tracking pixels are small image files that are automatically loaded when the email is displayed. Thus, for example, your IP address and various configurations of your end device are communicated to us, which allows us to identify you as a specific user.
The legal basis for sending the newsletter to our customers and for analyzing user behavior is Art. 6(1)(f) GDPR, since it is in our legitimate interest to maintain contact with our customers and to inform them about new offers or products and to better understand their consumer preferences. If we send the newsletter to non-customers who have registered for the newsletter, the legal basis for sending and for the analysis of user behavior is the consent of the data subject pursuant to Art. 6(1)(a) GDPR.
All recipients of the newsletter can unsubscribe at any time by clicking on an unsubscribe link in the newsletter and thus revoke your consent or object to the sending of the newsletter.
To send the newsletter, we use the tool ActiveCampaign of ActiveCampaign LLC, 1 North Dearborn St, 5th Floor, Chicago, IL 60602, US. In the process, personal data may be transferred to the United States, Australia or Ireland. The US and Australia are not members of the European Economic Area (EEA). We therefore use EU standard contractual clauses as the basis for the transfer. ActiveCampaign acts as a processor on our behalf, so we have concluded a processing contract in accordance with Article 28(3) GDPR. However, ActiveCampaign also processes certain transferred data for its own purposes. ActiveCampaign itself is independent controller of that processing. We therefore refer to the data protection policy of ActiveCampaign for the description of this processing.
We process your personal data in order to optimize our website and products. In the process, pseudonymized user profiles are created and cookies are set on your device. The legal basis for the processing is Art. 6 (1) lit. a GDPR.
Prior to this, however, your IP address on our website is shortened (i.e. the last digits are deleted) using a special script to protect your rights. This shortened IP address is transmitted to Google servers in the USA. The shortening of the IP address also takes place via Google, but usually on servers within the EU or other signatory states to the Agreement on the European Economic Area. In exceptional cases, according to Google, it may happen nevertheless that data is transmitted to the USA for shortening. According to Google, the (full) IP address transmitted for shortening is not merged with any other data that Google holds about you.
- You do not give your consent via our data protection banner when visiting our website for analytics purposes or revoke your consent there.
- You can prohibit the setting of cookies in the settings of your browser. To make the settings, please ask the help and support section of your browser provider.
- You install a free browser plugin.
Contact requests/ contact channels
If you contact us via contact form or e-mail, the data you provide will be used to process your request. The provision of the data is necessary for processing and answering your request - without their provision, we can not answer your request or at best limited.
The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest in this regard is to be able to respond to you. Insofar as your contact serves to initiate or perform a contract, the legal basis is Art. 6(1)(b) GDPR.
Your data will be deleted if your inquiry has been answered conclusively and the deletion does not conflict with any legal obligations to retain data, such as in the case of any subsequent contract processing.
Mixpanel helps us analyze usage patterns of our users.
You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page.
CRM platforms and database
We use Pipedrive and Salesforce in our sales process. Your data will be processed with due care and in accordance with Pipedrive's data protection guidelines and Salesforce’s privacy policies.
We use Airtable as our database (check Airtable’s privacy policies for more details about their security).
Since Backbone GmbH and Backbone Art SA share joint operations, both legal entities may have access to and may process your personal data in accordance with and in the scope described by this data protection policy. We are joint controllers for the processing of your personal data and have entered into a joint controller agreement pursuant to Art. 26 GDPR. In this agreement, we have determined our respective responsibilities for compliance with the obligations when processing your personal data under the GDPR, in particular regarding the exercise of data subject rights. In any case, you may exercise your data subject request vis-à-vis each joint controller.
We will also provide you with a summary of the material terms of our joint controller agreement upon request. Please direct such request to our data protection officer.
For the purposes of our joint operations, Backbone GmbH may transfer your personal data to Backbone Art SA. Therefore, your personal data may leave the European Economic Area to Switzerland. However, the Commission of the EU has decided that Switzerland ensures an adequate level of protection for personal data.
We embed videos on our website that are hosted on the Vimeo platform. When viewing the videos and, possibly, already when viewing the website on which a video is embedded, personal data is processed by Vimeo and, for example, also transferred to the USA. For details of the processing, we refer to the data protection policy of Vimeo, which is controller of this processing under data protection law. Vimeo is a platform of Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA.To ensure the protection of your personal data, we have concluded the EU standard contractual clauses of the European Commission in the controller-to-controller version with Vimeo.
The legal basis for the processing is Art. 6 (1) lit. f DSGVO, insofar as the data transfer is technically necessary to display the videos.
Google Ads Conversion and Google Retargeting
We use Google Ads to generate attention for our products and services by running targeted and personalized advertising campaigns on Google and the Google advertising network. Data generated by such campaigns helps us to determine the success rate of each campaign. We aim to provide you with advertisements that are relevant to you, to make our website more interesting, and to improve our advertising’s overall quality and relevance.
More detailed information can be found here: https://policies.google.com/privacy
Google Conversion Linker
We use the Google Conversion Linker to be able to assign your interactions with us to a campaign click on Google Ads and the Google Marketing Platform for a longer period of time, by storing information in first party cookies instead of third party cookies. This enables us to better optimize our marketing campaigns.
As part of LinkedIn ads, we use forms where LinkedIn users enter additional data on top of the data already pre-filled with their profile information. They submit their data to us by sending the form. We can access this profile data and use it only to communicate relevant information to the participants. By submitting the form, LinkedIn users allow us to send them additional advertising or marketing communications.
More detailed information can be found here: https://www.linkedin.com/legal/privacy-policy
Google Tag Manager
We use Google Tag Manager which triggers other tags that record data under certain circumstances. Google Tag Manager neither has access to this data nor collects personal data. If it has been deactivated at the domain or cookie level, it remains in place for all tracking tags that are implemented with Google Tag Manager.
More detailed information can be found here: https://www.google.com/tagmanager/use-policy.html