Information on data protection and the way your data is handled

The purpose of this information is to explain to you how your data is handled when you visit our websites and We take the protection of your data very seriously and keep your data confidential under the terms of the statutory data protection regulations and this privacy notice.

Responsible for processing your data (website operator)

Owner: Raphael Petrov e. K.
Domstr. 6
60311 Frankfurt am Main
Tel.: +49 (0)69 29 13 38
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data collection on our websites

One way that your data is collected is when you pass it on to us. In this context we can, for example, be talking about personal data (such as your name, address and e-mail address). Other data is gathered automatically by IT systems when you visit our websites. This is mainly technical data (such as the Internet browser you are using, your operating system and the time when you accessed the website). This data is recorded automatically as soon as you access our websites.

When you visit our websites

When you access the websites and the provider of these websites (PageCon GmbH, Bad Dürkheim) automatically communicates information to us in something known as a server log, which your browser in turn passes on to us automatically.

The data collected by the provider is comprised of:

• Internet browser: type, version and functionality
• operating system used and terminal device; screen resolution
• referrer URL (in the case of linking via another website)
• host name of the accessing computer
• date and time of the server inquiry
• user’s IP address
• quantity of data transmitted in bytes

The collection of this data serves to:

• provide the visitor’s computer with access to the abovementioned websites
• guarantee and optimize the websites’ functionality
• guarantee the safety of the IT infrastructure

The data stored will be permanently deleted by our provider after 14 days. If for any reason the data happens to be stored for more than 14 days any personal information such as the IP address will be made unrecognizable or deleted. This means that the relevant data cannot be traced back to you. Such scenarios may occur if security issues or unexpected technical problems arise.

The abovementioned data is collected in accordance with Art. 6 para. 1 p. 1 lit. f of GDPR on the basis of our legitimate interest in the safe and correct operation of our IT infrastructure, in combating misuse, prosecuting criminal offenses and in safeguarding, asserting and implementing claims.


If you would like to subscribe to the free newsletter on offer on our websites we need you to provide us with an e-mail address (mandatory field marked with an *). You can also input your given name and/or surname if you so desire, thus allowing us to personalize your newsletter. In other words, we can then greet you with the name you have input. In order to make sure that you are happy for us to send you the newsletter, you will initially receive a confirmation e-mail, sent to the e-mail address you have supplied. No further data will be collected. We use the abovementioned data solely in order to send you the requested information and will not pass on your details to third parties. The only exception to this is our partner rapidmail GmbH, which sends the e-mail to you. The information on data protection issued by this service provider is available at

The data you provide on the registration form for the newsletter is processed solely on the basis of your consent in accordance with Art. 6 para. 1 p. 1 lit. a of GDPR. This consent to have the newsletter sent to you can be revoked by you at any time, either by sending an e-mail to our abovenamed address or by clicking directly onto the unsubscribe link on any issue of our newsletter. This revocation shall not affect the legitimacy of any data that has already been processed.

Your data, which we have on file in order for us to be able to send you the newsletter, will be stored by us until you unsubscribe from it and will be deleted after you cancel your order. Any data stored by us for other purposes (e.g., your address for sending out invitations via mail) shall not be affected by this unless you request the data be deleted.


Our websites sometimes use something known as cookies. Cookies will not damage your computer and do not contain viruses. The purpose of cookies is to make what we offer you more user-friendly, more effective and safer. They are small text files which are placed on your computer and stored by your browser. By their nature, cookies cannot identify you as a person.

Most of the cookies we use are known as session cookies. These are deleted from our websites automatically after you end your visit. Other cookies remain stored on your device until you delete them yourself. These cookies allow us to recognize your browser the next time you visit us, provided that you have not deleted them. Our content management system Joomla! also uses cookies.

You can set your browser so that it informs you about any cookies that have been placed on your computer, so that it only allows the process in individual cases and so that it blocks cookies in certain situations or generally. You can also set it to automatically delete cookies when you close the browser. The functionality of our websites can be restricted if you deactivate cookies.

Cookies required for certain electronic communication procedures or for providing certain functions that you require (e.g., newsletter registration) are stored under the terms of Art. 6 para. 1 p. 1 lit. f of GDPR. The website operator has a legitimate interest in storing cookies so that the services offered are free of technical errors and provided in the best-possible way.

Statistics and analysis by Matomo

These websites use functions provided by Web analytics service provider Matomo. Matomo is an open-source application for statistically evaluating the number of visitors to a website. The application is supplied by InnoCraft Ltd., 150 Willis St, Wellington 6011, New Zealand.

Matomo uses cookies. The company stores the following data:

• abbreviated and therefore anonymized IP address (the last two bytes are deleted)
• Internet browser: type, version and functional capability
• operating system used and terminal equipment; screen resolution
• date and time of server inquiry
• referrer URL (in the case of linking via another website)
• outbound linking on our websites
• statistical data concerning the visit to the sites (frequency, duration, URLs, request’s country of origin)

Matomo cookies are stored in accordance with Art. 6 para. 1 p. 1 lit. f of GDPR. The website operator has a legitimate interest in analyzing patterns of use in order to optimize its Web services.

The stored data shall be irrevocably deleted as soon as it is no longer needed for record taking (for statistics supplied by our provider PageCon GmbH). This is the case after three years.


We use Google Maps on our websites to indicate the location of Galerie Raphael and to show visitors how to get to the gallery. The service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as “Google”).

Under the terms of the EU-US Privacy Shield (see, Google guarantees that the EU’s data protection regulations are also applied to data processed in the United States of America.

If you access Google Maps via our websites Google will use your browser to store a cookie on your device. In order to display our location and directions for how to get there your user settings and data will be processed. In this connection we cannot rule out the possibility of Google servers in the United States being used.

The legal basis for this is Art. 6 para. 1 lit. f of GDPR, in accordance with our legitimate interest in guaranteeing and optimizing the functionality of our websites.

Google can, via the connection thus established with Google, determine which website was used, from which IP address the query was sent and where the directions should be sent.

If you do not agree with the above you can block the cookie by changing the settings in your browser (please also refer to the section “Cookies”).

Moreover, you are accessing Google Maps under Google’s terms of use and the Google Maps terms and conditions More information is available at and

Social media plugins (Facebook)

Our websites have plugins for the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA integrated into them for legitimate advertising purposes. The legal basis for this is Art. 6 para. 1 p. 1 lit. f of GDPR. You will recognize these plugins by their Facebook logos or the “Like” button on our websites. You will find a summary of the Facebook plugins at:

When you access a page on our websites with this kind of plugin your browser establishes a direct connection with Facebook’s servers. The content from this plugin will be sent directly to your browser by Facebook and integrated into the website by the latter company. Through the integration of these plugins Facebook receives the information that your browser has accessed the relevant page of our websites, even if you do not have an account with Facebook or are not currently logged in to Facebook.

This information (including your IP address) will be sent directly from your browser to a Facebook server in the United States and stored there.

If you are logged in to Facebook the latter company can correlate your visit to our websites with your Facebook account. If you interact with the plugins, for instance, by clicking the “Like” button, the relevant information is also sent directly to a Facebook server, where it is stored. The information is also published on Facebook and shared with your Facebook friends (depending on your personal privacy settings).

Facebook can use this information for advertising, market research and for customizing the design of Facebook pages. To this end, Facebook can produce profiles relating to your usage, interests and relationships, for example in order to evaluate your use of our websites in terms of the advertisements placed by Facebook, to inform other Facebook users about your activities on our websites, and to perform other services associated with the use of Facebook.

If you do not wish Facebook to correlate the information gathered from our websites with your Facebook account you need to log out of Facebook before visiting our websites.

Please refer to Facebook’s data protection policy ( to find out more about how much data is collected, to what end, how Facebook processes and uses this data and your rights and setting options to protect your own privacy.

Passing on data

Apart from the abovementioned instances we will only pass on your data if:

• it is necessary to pass it on in accordance with Art. 6 para. 1 p. 1 lit. f of GDPR in order to assert, execute or defend legal claims and there is no reason to suppose that you have an overriding and legitimate interest in your data not being passed on;
• a legal requirement exists in accordance with Art. 6 para. 1 p. 1 lit. c of GDPR or if passing on the data is legally permissible and necessary for entering into a contractual relationship with you in accordance with Art. 6 para. 1 p. 1 lit. b of GDPR. Data shall not be passed on to third parties for anything other than the abovementioned purposes.

Rights of the affected party

You have the right

• in accordance with Art. 15 of GDPR to demand information about any personal data of yours that is processed by us. In particular, you can demand information about the reasons why we process your data, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to correction, deletion, the restriction of processing or to object to this, the existence of a right to complain, the provenance of any data not collected by us and about the existence of an automated decision-making process including profiling and, if appropriate, meaningful information about the details of the latter;
• in accordance with Art. 16 of GDPR to demand the immediate correction of any incorrect data or its completion;
• in accordance with Art. 17 of GDPR to demand that any of your personal data that we have on file be deleted unless we require its processing in order to exercise our right to free speech and information, to fulfill a legal obligation, for reasons of public interest or the assertion, exercise or defense of legal claims;
• in accordance with Art. 18 of GDPR to demand restrictions to the processing of your personal data if you contest the correctness of said data, if its processing is unlawful but you refuse to have it deleted and we no longer require the data although you need it in order to assert, exercise or defend legal claims or you have objected to its processing in accordance with Art. 21 of GDPR;
• in accordance with Art. 20 of GDPR to demand to receive the personal data that you have provided to us in a structured and prevalent format that can be read by a machine or to have it transferred to another responsible party;
• in accordance with Art. 7 para. 3 of GDPR to revoke the consent you have provided to us at any time. All you need to do is tell us this informally by sending us an e-mail (This email address is being protected from spambots. You need JavaScript enabled to view it. ). The legality of any data processing that had already taken place before you revoked your consent shall not be affected by this revocation.

Insofar as your personal data has been processed on the basis of legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f of GDPR you have the right, in accordance with Art. 21 of GDPR, to object to your personal data being processed if the reasons for this exist as a result of special circumstances or the objection is directed against direct mail. All you need to do is tell us this informally by sending us an e-mail (This email address is being protected from spambots. You need JavaScript enabled to view it. ). In the latter case you have a general right to object and this will be implemented without you having to refer to special circumstances.

You also have the option of passing on any complaints you might have to a supervisory authority for data protection. The supervisory authority for data protection that is responsible for us is:

Der Hessische Datenschutzbeauftragte (The State of Hessen’s Data Protection Officer)
PO Box 3163
65021 Wiesbaden
Tel.: +49 611 1408 – 0
Fax: +49 611 1408 – 611

Data security

For reasons of security and in order to protect the transfer of confidential information such as any inquiries you may send us as a website operator, these websites use SSL encryption. You will recognize that a connection is encrypted when the browser’s address line changes from “http://” to “https://” and by the padlock symbol in your browser’s address line. When SSL encryption is activated, as a matter of principle the data that you send us cannot be read by third parties. However, we should point out that data transmission via the Internet may have security flaws. The complete protection of data from access by third parties is not possible.

Validity of and changes to this privacy statement

This privacy statement is valid as at August 2, 2018.

Since new technologies and the continual development of these websites can mean that changes may be made to this privacy statement, we recommend re-reading it at regular intervals. You can access the current version of it at any time at: and