Privacy Policy

Controller

Climate Art Collection e.V.
Stettiner Str. 63
13357 Berlin
Germany

Email: contact@climateartcollection.com

We have not appointed a statutory data protection officer. Privacy requests can be sent to the contact address above.

Scope

This notice explains how we process personal data when you visit the Climate Art Collection website, browse the archive, submit an artwork, contact us, make an artwork inquiry, or interact with our review and administration workflows.

Website Access And Hosting

The website is hosted on Netlify. When you access the site, technical data is processed to deliver pages and keep the service secure. This may include IP address, date and time of request, requested URL, referrer, browser and device information, HTTP status, and similar server log data.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is the secure, reliable, and efficient operation of the website.

Archive Browsing

The public collection loads artwork and artist records from Google Firebase/Firestore and artwork media from Firebase Storage. Public archive records may include artist names, artwork titles, years, materials, descriptions, climate-related statements, image files, video or document links, artist websites, social links, and other metadata accepted into the archive.

Legal basis: Article 6(1)(f) GDPR for operating a public non-profit art archive, and Article 6(1)(a) GDPR where artists have consented to publication of submitted material.

Artwork Submissions

When you submit artwork, we process the information you provide, including artist name, email address, nationality, birth date where provided, location, website, Instagram handle, gallery or representation details, biography, artwork titles, descriptions, climate-change relation, materials, year, size, editions, tags, images, files, consent choices, and technical metadata related to the upload.

We use this data to receive the submission, store the files, review eligibility, contact you, prevent abuse, administer the archive, and, if accepted, publish agreed archive information. Uploaded files are stored in Firebase Storage and submission records in Firestore.

Legal bases: Article 6(1)(b) GDPR for pre-contractual or contractual submission handling, Article 6(1)(a) GDPR for publication consent, Article 6(1)(f) GDPR for curatorial review and archive administration, and Article 6(1)(c) GDPR where we must retain information for legal obligations.

AI-Assisted Submission Review

We may use Google Gemini through Google AI or Google Cloud Vertex AI to assist with curatorial review. The review may consider submission text, artist information, artwork metadata, and submitted media. The system can recommend acceptance, rejection, or human review and stores review scores, reasons, flags, confidence values, and image assessments in Firestore for administration.

The review is used for curatorial triage of a non-profit archive. It does not create a legal entitlement to publication and does not make decisions with legal effects equivalent to credit, employment, insurance, or public-benefit decisions. If your submission is rejected or you believe the review is wrong, you can request human review by emailing us.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is consistent, efficient, and documented review of archive submissions.

Inquiries And Contact

If you contact us by email or use an artwork inquiry form, we process your name, email address, message, related artwork information, and communication metadata to respond to the inquiry and administer any follow-up. Inquiry forms are currently processed through Formspark.

Legal basis: Article 6(1)(b) GDPR where the inquiry relates to a requested service or collaboration, and Article 6(1)(f) GDPR for responding to general communications and protecting legitimate interests.

Email Notifications

Submission notifications may be sent to the CAC review address using MailerSend. If MailerSend is unavailable or not configured, a Formspark endpoint may be used as a fallback. Notification emails can include artist name, email, submitted artwork titles, and consent choices.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is reliable internal handling of submissions and review notifications.

Newsletter And External Channels

If we activate or link to a newsletter, subscription handling may take place through Substack or a form provider. The newsletter provider is responsible for its own platform processing; we process subscription data to send archive updates and communications you requested. You can unsubscribe through the link in any newsletter email.

Legal basis: Article 6(1)(a) GDPR for newsletter consent, and Article 6(1)(f) GDPR for documenting and managing subscriptions.

Cookies And Browser Storage

We do not currently use Google Analytics, Google AdSense, advertising cookies, or tracking pixels on the website. The app may use technically necessary browser storage for functions requested by the user, such as standard Firebase operation, form state, and image upload handling.

Under section 25 TDDDG, consent is not required where storage or access is strictly necessary to provide a digital service expressly requested by the user. If we introduce analytics, marketing cookies, or non-essential tracking later, we will request consent before using them where required.

Google Fonts

The website loads the Inter typeface through the Google Fonts API. When the font is requested, Google may receive the IP address, requested Google URL, user-agent, referrer, and related HTTP headers. Google states that the Google Fonts API is unauthenticated and does not set or log cookies.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is a fast, consistent, and maintainable public archive interface.

Recipients And Processors

Depending on how the site is used, personal data may be processed by or disclosed to:

• Netlify, for hosting, serverless functions, and logs.
• Google Firebase and Google Cloud, for Firestore, Storage, and AI-assisted review.
• Google Fonts, for loading web fonts.
• MailerSend, for transactional submission notifications.
• Formspark, for inquiry forms and fallback submission notices.
• Substack, if you subscribe to an activated newsletter.
• Public website visitors, where artwork and artist information is accepted and published in the archive.
• Courts, authorities, lawyers, or rights holders where necessary to comply with law or defend legal claims.

International Transfers

Some providers are based outside the European Economic Area or may process data in countries that do not provide the same level of data protection as the EU. Where required, we rely on appropriate safeguards such as EU Standard Contractual Clauses, data processing agreements, adequacy decisions, or the EU-U.S. Data Privacy Framework where applicable.

Retention

We retain personal data only as long as necessary for the relevant purpose. Public archive records are generally retained for the life of the archive unless removed under the submission terms, withdrawn consent, legal request, or curatorial decision. Pending, rejected, or incomplete submissions are retained as long as needed for review, documentation, abuse prevention, legal defense, and administration, then deleted or anonymized where appropriate.

Contact and inquiry data is retained while the request is active and for a reasonable documentation period afterward. Statutory retention obligations and legal-claim limitation periods may require longer storage.

Your Rights

Subject to the legal conditions, you have the right to request access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time with future effect.

To exercise rights, email contact@climateartcollection.com . You also have the right to lodge a complaint with a supervisory authority. For Berlin, the competent authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, mailbox@datenschutz-berlin.de .

Security

We use technical and organizational measures appropriate to the risk, including server-side validation for submissions, signed upload URLs, locked Firestore and Storage rules, provider security controls, and separation of public archive data from non-public submission and review data. No internet service can be guaranteed completely secure.

Changes

We may update this privacy policy when the archive, providers, or legal requirements change. The date at the top shows the current version.