What Are We Worth?
DE

Legal

Privacy

This statement describes how we handle your personal data — in particular within our interviews, recordings, and the website.

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data within the project "What Are We Worth?" is: Blended Art Space gGmbH represented by Dr. Martina Taubenberger (Managing Director) Kirchenstraße 60, 81675 Munich, Germany Email: office@blended-art.space The processor within the meaning of Art. 4(8) GDPR for the technical operation of the website, recording and post-production services, and management of project-related media data is Kenichi Kawabata (Feldkirch, Austria), who is also the media owner of the website under § 25 MedienG (full address: see Imprint). Processing takes place exclusively on documented instructions of the controller pursuant to Art. 28 GDPR. The legal organiser of the event on 22 October 2026 is impulse Privatstiftung. impulse Privatstiftung processes personal data in connection with the event as an independent controller (e.g. registration, admission, funding documentation). No joint controllership under Art. 26 GDPR with Blended Art Space gGmbH currently exists.

2. Hosting, CDN and cloud services (Hetzner, Cloudflare, Apple iCloud, Google Workspace)

This website is operated on a server of Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany), located in Nuremberg. Data processing for hosting and archive takes place exclusively in data centres within Germany. A data processing agreement under Art. 28 GDPR is in place with Hetzner. For CDN and proxy services (protection against attacks, faster delivery), Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) is used. For synchronisation of the processor's working devices (device and keychain sync, project-related notes, calendar), Apple iCloud (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA) may be used. For project-related documents, spreadsheets and possible file synchronisation, Google Workspace including Google Drive (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) may be used. Apple Inc., Cloudflare, Inc. and Google LLC are certified under the EU-US Data Privacy Framework. Data transfers to the USA are based on the adequacy decision under Art. 45 GDPR and additionally on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. All project-related personal data — including raw and edited recordings — is processed, transferred and stored exclusively through the approved processors listed above. No transfers to non-approved third-party providers take place. Hetzner privacy policy: https://www.hetzner.com/legal/privacy Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/ Apple privacy policy: https://www.apple.com/legal/privacy/ Google privacy policy: https://policies.google.com/privacy

3. Server logs

When you access this website, the web server automatically records IP address, access time, requested URL, HTTP status, referrer and user agent in log files. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable and secure operation). Log files are deleted automatically after 30 days at the latest and are not combined with other data.

4. Cookies and local storage

This website uses no tracking cookies, no analytics tools and no profiling. Only strictly necessary functions are used (e.g. language detection from HTTP headers on first visit). No consent is required for this under § 165(3) TKG 2021.

5. Fonts

All fonts used on this website are served directly from our own server or as system fonts of the visitor's browser. No connection is made to Google Fonts or any other third-party font provider.

6. Embedded content

This website does not embed any external content (no YouTube, no Vimeo, no Google Maps, no social media plug-ins). All images and videos are served directly from our own server. Visiting this website therefore does not transmit data to third-party providers, except for the technical processes described under sections 2, 3 and 7.

7. Email contact (Google Mail)

If you contact us by email (officewhatareweworth@gmail.com), the information you provide is used to handle your request and possible follow-up questions. Legal basis: Art. 6(1)(b) and (f) GDPR. The email address is operated through Google Mail (Google LLC, USA / Google Ireland Ltd., Ireland). Processing in the USA is based on the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023, Art. 45 GDPR) and additionally on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Privacy policy: https://policies.google.com/privacy. Emails are retained for as long as necessary to handle the request and meet statutory retention obligations; they are deleted on request.

8. SSL/TLS encryption

For security reasons and to protect confidential transmissions, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the lock symbol in the browser bar and by "https://" in the address bar. Legal basis: Art. 32 GDPR (security of processing).

9. Interview material — audio, photo, video, text

As part of the project "What Are We Worth?", we collect voluntary contributions from students, teachers and professionals in the form of audio, image, video and/or text material. Processing takes place exclusively on the basis of your explicit consent under Art. 6(1)(a) GDPR and — for voice and image recordings — Art. 9(2)(a) GDPR (special categories of personal data). Before every recording, you receive a written consent form. In it, you decide individually for each purpose whether and in what form your contribution may be used: • B1 — Live concert on 22 October 2026 (sound/video installation, concert programme) • B2 — Publication of audio/video excerpts on the website whatareweworth.com • B3 — Online archive, podcast and educational materials from 23 October 2026 • B4 — Excerpts on the project's social media channels (Instagram, YouTube etc.) • B5 — Academic research and non-commercial professional documentation by members of the project team (with written authorisation of the controller) • C — Use only as a non-identifiable background voice or background sound (fully anonymous) For each purpose, you may additionally request anonymisation or voice masking. Note on Art. 9 GDPR: If you reveal special categories of personal data in the interview (e.g. experiences of discrimination, social background or economic situation), processing only takes place on the basis of your separate explicit consent (Art. 9(2)(a) GDPR). You can withdraw your consent at any time with effect for the future (Art. 7(3) GDPR). Original recordings are deleted at the latest five years after the end of the project; on request, deletion takes place earlier. During editing and post-production, recordings are processed on disk-encrypted working devices of the processor (FileVault, multi-factor authentication). The working devices are located predominantly within the European Economic Area (EEA); travel-related temporary processing in Japan may occur — Japan benefits from an adequacy decision of the European Commission under Art. 45 GDPR. Cloud synchronisation of the working devices takes place exclusively through the approved services listed under section 2 (Apple iCloud, Google Workspace), to which the EU-US Data Privacy Framework and Standard Contractual Clauses apply. Raw recordings are not synchronised to third-country cloud services; they are stored for long-term archiving and web delivery exclusively on servers in Germany (Hetzner, Nuremberg). We do not pass them on to further third parties (other than persons participating in the project and the approved processors under section 2).

10. Likeness of the participants and the artistic direction

The participants and the artistic direction shown on this website have given their consent to the publication of their likeness, name and voice within this project (Art. 6(1)(a) GDPR). This consent also serves as authorisation within the meaning of § 78 UrhG (image protection, Austria). Consent can be withdrawn at any time with effect for the future; in such a case, the material in question will be removed as soon as technically possible.

11. Transfers to third countries

Personal data is transferred to the following third countries: • Cloudflare, Inc. (USA) — CDN/proxy as per section 2. Legal basis: EU-US Data Privacy Framework (Art. 45 GDPR) + Standard Contractual Clauses (Art. 46(2)(c) GDPR). • Apple Inc. (USA) — iCloud synchronisation of working devices as per section 2. Legal basis: EU-US Data Privacy Framework + Standard Contractual Clauses. • Google LLC (USA) — Google Workspace including Gmail and Google Drive as per sections 2 and 7. Legal basis: EU-US Data Privacy Framework + Standard Contractual Clauses. • Japan — travel-related temporary processing on the processor's working devices as per section 9. Legal basis: adequacy decision of the European Commission under Art. 45 GDPR (decision of 23 January 2019, Japan). No transfers to other third countries take place.

12. Your rights

You have the right to: • access (Art. 15 GDPR) • rectification (Art. 16 GDPR) • erasure (Art. 17 GDPR) • restriction of processing (Art. 18 GDPR) • data portability (Art. 20 GDPR) • objection (Art. 21 GDPR) • withdraw consent (Art. 7(3) GDPR) An informal notification to office@blended-art.space is sufficient to exercise these rights.

13. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Austria is: Österreichische Datenschutzbehörde Barichgasse 40-42, 1030 Vienna Phone: +43 1 52 152-0 Email: dsb@dsb.gv.at Web: https://www.dsb.gv.at Since the controller (Blended Art Space gGmbH) is based in Bavaria, Germany, you may alternatively contact the German supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18, 91522 Ansbach Web: https://www.lda.bayern.de

14. No automated decision-making

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place.

15. Changes

This privacy policy is updated in case of legal or technical changes. The version published on this website at the time of your visit applies.

Last updated: 2026-05-13