ashoka ritualGLOBAL ARTIST NETWORKING LIVE!NO BORDERS. NO NATIONS. Join now!

Data Privacy

Privacy Policy

Scope: This Privacy Policy applies to https://www.artist-ritual.de, https://www.artist-ritual.com and https://www.ashoka-ritual.com, including the websites, magazines, registration, profile and community functions and linked online services for which we are responsible.

Version: 25 April 2026

 

1. Responsible company

The responsible company within the meaning of Article 4(7) GDPR is:

artist ritual GmbH
Hofrichterstrasse 32
51067 Cologne
Germany
Email: mail@artist-ritual.com

Registered office and commercial register: Cologne HRB 92145
VAT ID: DE301501077
Managing Director: Siegfried Uhl

 

2. Data Protection Officer

Our Data Protection Officer is:

David Uhl
Email: david.uhl@artist-ritual.com

You may contact the Data Protection Officer at any time regarding data protection questions, data subject requests or this Privacy Policy.

 

3. General information on processing

We process personal data only where necessary to provide our websites, publish editorial content, operate the “ashoka ritual” platform, communicate with you, comply with legal obligations, protect legitimate interests or where you have given consent.

Personal data means any information relating to an identified or identifiable natural person, for example name, artist name, email address, IP address, device information, communication content, profile information or usage data.

 

4. Access data, hosting and server log files

When you access our websites or platform functions, our web server processes technically required access data. This may include IP address, date and time of access, requested URL, referrer URL, browser type and version, operating system, device data, transferred data volume, HTTP status code and error logs.

This processing is necessary to deliver the websites, ensure stability and security, detect and defend against attacks and analyse errors. The legal basis is Article 6(1)(f) GDPR. Where processing is necessary to perform a user contract or pre-contractual measures, Article 6(1)(b) GDPR applies.

Server log files are retained only for as long as necessary for security, error analysis and evidentiary purposes. Longer retention occurs only where required to investigate security incidents, defend legal claims or comply with statutory obligations.

 

5. Encryption

Our websites are generally delivered via TLS/SSL encryption. This protects content transmitted to us against interception by third parties during transmission. Internet-based communication can nevertheless never be absolutely secure.

 

6. Cookies, local storage technologies and consent management

We use cookies and similar technologies such as local storage or session storage. These technologies may be necessary for basic functions such as navigation, language settings, security, login, registration, session management, cookie settings and profile functions.

Necessary technologies are processed on the basis of Article 6(1)(f) GDPR or, where required for a service requested by you, Article 6(1)(b) GDPR. Optional technologies, in particular analytics, reach measurement, marketing, external media or convenience functions, are used only where consent is required and you have given it; the legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG.

You may withdraw or change consent at any time with future effect via the cookie settings. You may also delete or block cookies in your browser settings. Some functions may be limited if cookies are fully blocked.

 

7. Contact by email

If you contact us by email, we process your email address, the content of your message, attachments, communication metadata and any other information you voluntarily provide. Processing is carried out to handle your request and follow-up communication.

The legal basis is Article 6(1)(b) GDPR where the request relates to a contract or pre-contractual measures; otherwise Article 6(1)(f) GDPR. Communications subject to statutory retention obligations are stored on the basis of Article 6(1)(c) GDPR.

 

8. Editorial art magazine and public content

On artist-ritual.de and artist-ritual.com we operate an art and culture magazine. We may publish names, artist names, author information, profile images, images of works, interviews, editorial texts, image credits, social media or website links and other information about artists, authors, partners or interviewees.

Depending on the context, publication is based on consent under Article 6(1)(a) GDPR, performance of an agreement under Article 6(1)(b) GDPR or our legitimate interest in press, art, culture and public relations work under Article 6(1)(f) GDPR. Where special categories of personal data, such as religious, philosophical or health-related information, are expressly part of an art, interview or profile publication, publication takes place only on an appropriate legal basis, in particular explicit consent or where the data subject has manifestly made the data public.

Publicly published content can be accessed worldwide, indexed by search engines and stored or redistributed by third parties. We cannot guarantee complete deletion from external search engines, archives or third-party copies, but we support justified deletion or rectification requests within our sphere of influence.

 

9. Registration and user account on ashoka ritual

You may create a user account for the ashoka ritual platform. We process registration data and mandatory fields such as email address and password and, where provided or voluntary, telephone number, name, artist name, language, country/region, profile data, portfolio and work data, images, video, audio, texts, links, messages, settings, login times, security information and technical usage data.

Processing is carried out to create and manage the user account, authenticate users, provide profile, networking, community and communication functions, display content according to your visibility settings, prevent abuse, ensure security and enforce our terms of service. The legal basis is Article 6(1)(b) GDPR. For security and abuse prevention, Article 6(1)(f) GDPR also applies. Voluntary profile data is based on your consent or voluntary publication where it is not required for contract performance.

 

10. Profiles, visibility and user-published content

If you post profile information or content on ashoka ritual, it will be displayed according to the available visibility settings, for example public, registered users only or selected contacts only. Public content may be indexed by search engines and viewed, stored or shared by third parties.

You are responsible for uploading or publishing only content and personal data of third parties for which you have a sufficient legal basis, permission or consent. This applies in particular to image, audio and video material, artist profiles, work descriptions and communication content.

 

11. Direct messages and confidential communication

Where the platform enables direct messages or comparable non-public communication, we process communication content, sender and recipient information, timestamps and technical metadata to provide the function, deliver messages, ensure security and prevent abuse. The legal basis is Article 6(1)(b) GDPR and, for security purposes, Article 6(1)(f) GDPR.

Non-public communication content is treated confidentially. Access by us occurs only where technically or organisationally necessary, legally permitted, required for support cases or necessary to prevent abuse, security incidents or legal violations.

 

12. Search functions

When you use search functions, we process search terms, technical access data and, where applicable, filter or language settings to provide search results and ensure functionality. The legal basis is Article 6(1)(f) GDPR; for logged-in users Article 6(1)(b) GDPR may also apply.

 

13. Newsletter and direct marketing

If we offer a newsletter or similar electronic direct communication, we process your email address and, where applicable, name, language, consent timestamp, IP address at signup and double-opt-in proof data. Sending takes place only with your consent under Article 6(1)(a) GDPR unless a statutory exception applies. You may withdraw consent at any time with future effect.

Existing-customer advertising may be carried out within the legally permitted scope on the basis of Article 6(1)(f) GDPR. You may object at any time.

 

14. Google Analytics

Where Google Analytics is used and you have consented, we use the web analytics service Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics helps us measure use of our services, improve content and make technical or editorial decisions on an aggregated basis.

Usage data, device information, browser data, shortened IP addresses, referrers, pages visited, interactions and cookie or device identifiers may be processed. We use IP anonymisation where technically available. The legal basis is your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG. Analytics data may be retained for up to 38 months where configured.

Google may process data in third countries. Transfers take place only under Articles 44 et seq. GDPR, in particular on the basis of an adequacy decision or appropriate safeguards such as EU Standard Contractual Clauses. You may withdraw consent at any time via the cookie settings. You can also use browser add-ons or browser settings to restrict tracking.

 

15. Google Fonts

Where fonts are loaded from Google Fonts servers, your IP address is transmitted to Google. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Processing serves uniform and performant display of our websites.

Where fonts are technically required for display, the legal basis is Article 6(1)(f) GDPR. Where external loading requires consent, use takes place only on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG. Where possible, we prefer local or privacy-friendly configurations.

 

16. Google Remarketing, Google Ads and conversion tracking

Where Google Remarketing, Google Ads or conversion tracking is activated, usage data, cookie or device identifiers, interactions, referrers and conversion events may be processed to measure advertising effectiveness or display interest-based advertising. Provider: Google Ireland Limited.

We use these services only where they are activated and you have consented. The legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw consent at any time via the cookie settings.

 

17. YouTube and external media

Our websites may embed or link to YouTube videos or other external media. YouTube is provided by Google Ireland Limited. When embedded content is loaded, IP address, device and browser information, referrer, interactions and, where applicable, cookie or account information may be transmitted to the provider, particularly if you are logged in there.

External media is loaded, where technically possible, only after your consent. The legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG. Plain links to external media trigger processing by the provider only when you click them.

 

18. Social media links, share functions and AddThis

Our websites contain links or buttons to social networks and platforms, in particular Facebook, Instagram, YouTube, Pinterest, LinkedIn, X/Twitter and Google Share or similar share functions. If these are plain links, no data is transmitted to the provider before you click the link.

Where active social plugins, share tools or AddThis functions are embedded, personal data such as IP address, device information, referrer, page visited, cookie IDs and interactions may be transmitted to the respective provider when the function is loaded or activated. AddThis is a sharing and recommendation service historically operated by Oracle America, Inc. or affiliated companies. Where such tools are used, this takes place only on the basis of consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG.

The respective providers are responsible for processing after you click a social media link or use the relevant platform. Please refer to their privacy notices.

 

19. Facebook and Instagram

Where we use Facebook or Instagram components, pages, profiles or links, data may be processed by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. With active plugins or embedded content, Meta services may recognise that you visited our website and may associate that information with your account if you are logged in.

We use active Meta components only on the basis of your consent. The legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG. Interactions on our social media profiles are also subject to Meta's privacy terms.

 

20. X/Twitter, Pinterest and LinkedIn

Where links, buttons or embedded content from X/Twitter, Pinterest or LinkedIn are used, the respective provider may process personal data when you click or load the content. Active embedding is used only on the basis of consent. For plain links, data transfer occurs only when you actively open the link.

 

21. Payment and billing data

Where paid services, memberships, bookings or other services are offered, we process billing data such as name, billing address, contact details, service data, payment status, invoice number, tax-relevant information and, where applicable, transaction information. Payment data may be processed by external payment service providers.

The legal basis is Article 6(1)(b) GDPR for contract performance and Article 6(1)(c) GDPR for commercial and tax obligations. Payment service providers may act as independent controllers depending on the service.

 

22. Applications and careers

If you apply to us, we process application data such as contact details, CV, certificates, qualifications, communication data and other information you provide. Processing is carried out to conduct the application process. The legal basis is Section 26 BDSG, Article 6(1)(b) GDPR and, where applicable, Article 6(1)(f) GDPR.

Application data is deleted once it is no longer required for the procedure and no retention or evidentiary interests apply. Longer storage in a talent pool occurs only with consent.

 

23. Recipients and processors

We disclose personal data only where necessary, legally permitted or initiated by you. Recipients may include hosting and IT service providers, maintenance and support providers, email and communication providers, analytics and consent providers, payment providers, legal and tax advisers, authorities where legally required and other users or the public according to your publication and visibility settings.

We enter into data processing agreements under Article 28 GDPR with processors where required.

 

24. Third-country transfers

Some providers may process personal data outside the European Union or the European Economic Area. Transfers take place only if the requirements of Articles 44 et seq. GDPR are met, in particular on the basis of an adequacy decision, the EU-US Data Privacy Framework, EU Standard Contractual Clauses or other appropriate safeguards. For consent-based services, your consent also covers the risk of a third-country transfer under Article 49(1)(a) GDPR where required.

 

25. Government and authority requests

We disclose personal data to authorities only where we are legally obliged to do so or where a lawful and verified request exists. Where legally permissible, we inform affected persons about such requests. We do not voluntarily disclose data to public authorities without cause.

 

26. Retention and deletion

We store personal data only as long as necessary for the respective purposes. Thereafter, data is deleted or anonymised unless statutory retention obligations, evidentiary interests or legal claims prevent deletion.

  • Server log files: generally short-term; longer only for security incidents or evidence.
  • Contact requests: until final handling and thereafter according to statutory retention periods or legitimate evidentiary interests.
  • User accounts: for the duration of the account; after account deletion, data is deleted or anonymised unless obligations prevent this.
  • Public content: generally until deletion by you or by us; editorial content may be retained longer for documentation, press freedom, art and cultural reporting or legal defence.
  • Billing and accounting data: according to statutory commercial and tax retention periods.

 

27. Obligation to provide data

Certain data is required to technically use our websites, create a user account or receive contractual services. Without this data, individual functions cannot be provided or can only be provided in a limited manner. Voluntary information is marked as such or follows from the context.

 

28. Automated decisions and profiling

We do not make automated decisions within the meaning of Article 22 GDPR that have legal effects concerning you or similarly significantly affect you. Security and abuse detection may contain automated elements but does not serve legally significant decision-making without human review.

 

29. Your rights

Subject to the statutory requirements, you have the following rights:

  • access to your personal data under Article 15 GDPR,
  • rectification of inaccurate data under Article 16 GDPR,
  • erasure under Article 17 GDPR,
  • restriction of processing under Article 18 GDPR,
  • data portability under Article 20 GDPR,
  • objection to processing based on Article 6(1)(e) or (f) GDPR under Article 21 GDPR,
  • withdrawal of consent with future effect under Article 7(3) GDPR,
  • complaint to a data protection supervisory authority under Article 77 GDPR.

To exercise your rights, send a message to mail@artist-ritual.com or to our Data Protection Officer at david.uhl@artist-ritual.com. To prevent unauthorised access or deletion, we may request reasonable proof of identity.

 

30. Right to object under Article 21 GDPR

If we process personal data on the basis of Article 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation. We will then no longer process the data unless we demonstrate compelling legitimate grounds or processing serves the establishment, exercise or defence of legal claims.

If personal data is processed for direct marketing, you may object at any time. We will then no longer process your data for that purpose.

 

31. Minors

Our services are generally not directed at children under 16 unless parental consent exists or another legal basis applies. If we become aware that personal data of minors has been processed without required consent, we will take appropriate steps to delete or restrict the data.

 

32. Changes to this Privacy Policy

We may amend this Privacy Policy if our services, third-party services, technical processes or legal requirements change. The version published on the websites applies.