I. NAME AND ADDRESS OF THE RESPONSIBLE AUTHORITY
Responsible in the sense of the basic data protection regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature:
Palais am Oberanger Hermann-Sack-Straße 3
Phone.: +49 89 944180
Register Court Munich: HRB 163682
II. DATA PROTECTION OFFICER
The data protection officer of the controller is:
Bernd Gasteiger LL.M., Attorney at Law
III. GENERAL NOTES AND MANDATORY INFORMATION
We are pleased that you are visiting our homepage www.concilius.com and thank you for your interest in our company. The protection of your privacy as well as the security of all business data is an extremely important concern for us, which we take into account in our business processes. Data protection and information security are part of our corporate policy. The trust placed in us is very important to us and therefore the importance and obligation to handle your data with care and to protect it from misuse.
To make you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. Therefore, we act in accordance with the applicable legal provisions for the protection of personal data and data security.
With these notes on data protection in this data protection declaration, we would therefore like to inform you about when we store which data and how we use it, of course in compliance with the applicable German jurisdiction. The data protection with us is based on General Data Protection Regulation (GDPR) and is based in particular on the current Federal Data Protection Act (BDSG).
1. The scope of processing of personal data
As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website as well as our contents and services and to realise our corporate purpose. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.
2. The purposes and legal basis for the processing of personal data
We process personal data only to fulfil our contractual obligations or to protect our essential legitimate interests. Our legitimate interests are based on the implementation of our corporate purpose.
As far as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data which is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing activities which are necessary for the implementation of pre-contractual measures. As far as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event, that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3. Categories of recipients and personal data, their origin
We pass on personal data to our business partners and service providers in order to implement our corporate purpose. To implement our corporate purpose, we typically use contact and address data of our customers and business partners. We typically receive the personal data directly from the person concerned or, with the consent of the person concerned, in exceptional cases from third parties.
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the transfer in accordance with Art. 6 Para. 1 sentence 1 lit. f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not transferring your data,
- in the event that there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, and
- this is legally permitted and required for the processing of contractual relationships with you in accordance with Art. 6 Para. 1 sentence 1 lit. b GDPR.
4. Transmission to third countries
As a matter of principle, we do not pass on personal data to recipients in third countries (i.e. countries outside the EU). If data is transferred to recipients in third countries in the future, we will ensure that, in addition to the authorisation required for the transfer, the recipient in the third country ensures an adequate level of data protection (or there is an exception on the basis of Art. 49 para. 1 GDPR).
IV. INFORMATION ON THE COLLECTION OF PERSONAL DATA
- In the following we inform about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
- When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions.
- We delete the data collected in this context after storage is no longer required, or restrict processing, if there are legal storage obligations. You will find more detailed explanations in section VIII of this data protection declaration.
- If we wish to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes below. In this context, we also mention the defined criteria of storage duration.
V. YOUR RIGHTS (RIGHTS OF DATA SUBJECTS)
(1) You have the following rights in relation to the personal data concerning you:
- Right according to Art. 7 para. 3 GDPR. to invoke your once given consent at any time vis-à-vis us. As a consequence, we are not allowed to continue the data processing, that was based on this consent for the future. The legality of the data processing carried out up to the time of revocation remains unaffected by your revocation;
- Right to request information in accordance with Art. 15 DSGVO about your personal data processed by us. You are entitled to request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been and will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of such data;
- Right of correction according to Art. 16 GDPR. Accordingly, you can immediately request the correction of incorrect or the completion of your personal data stored with us;
- Right to deletion according to Art. 17 GDPR. In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restrict processing in accordance with Art. 18 GDPR. You can then demand the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- Right to object to processing in accordance with Art. 21 GDPR;
- Right to data transferability according to Art. 20 GDPR. You have the right to receive your personal data that you have provided us with in a structured, common, machine-readable format or to request that it be transferred to another responsible party.
(2) You also have the right, in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data by us. The competent supervisory authority is the state data protection commissioner of the federal state in which our company has its headquarters. An overview of the state data protection officers and their contact details is available at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/Landesdatenschutzbeauftragte/Landesdatenschutzbeauftragte_liste.html
(3) The assertion of all rights mentioned in V. points (1) and (2) is basically free of charge for you.
However, in the case of manifestly unjustified or – particularly in the case of frequent repetition and excessive requests, we may, in accordance with Art. 12 (5) DSGVO, either demand an appropriate fee, taking into account the administrative costs of informing or notifying or implementing the measure requested, or refuse to act on the basis of the request.
VI. COLLECTION AND STORAGE OF PERSONAL DATA WHEN VISITING OUR WEBSITE AND THE NATURE AND PURPOSE OF ITS USE
(1) In principle, you can visit our website without telling us who you are. Our web servers automatically store information of a general nature. When you call up our websites, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called log file.
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- Date and time of the request,
- Name and URL of the retrieved file,
- Website from which the request comes (referrer URL),
- used browser,
- Operating system Name of your access provider if applicable,
- Language and version of the browser software.
We process the above-mentioned data for the following purposes
- Ensure a smooth connection of the website,
- Guarantee a comfortable use of our website,
- Evaluation of system security and stability and
- for other administrative purposes.
The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest according to Art. 6 para. 1 sentence 1 lit. f GDPR follows from the purposes of data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
VIII. STORAGE DURATION AND DATA ERASURE
We comply with the principles of data reduction and data minimization. In particular, your personal data is deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed. Thereafter, the data will be deleted unless the storage is necessary to fulfil a legal obligation to process the data in accordance with EU or national law to which the individual is subject. Such a legal obligation is represented by the legal storage obligations, which are, for example, 10 years (for accounting data and payroll data) or 6 years (for commercial correspondence). For the duration of the storage obligations, the data is locked, after which it is deleted.
IX. CONTACT AND COMMUNICATION
For questions of any kind we offer you the possibility to contact us by e-mail. It is necessary to provide a valid e-mail address so that we know from whom the request comes from and that we can answer it. Further information can be provided voluntarily. The data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us will be automatically deleted after the completion of your request.
This data is only processed for this correspondence with you and for the purpose for which you have provided us with the data in each case within the scope of this communication, such as for processing your enquiries or to contact you at your request. In this case, the processing of personal data is carried out with your consent and is then permissible in accordance with Art. 6 para. 1 lit. a GDPR. We will delete your data in this regard if the purpose for which you have provided us with your data has been fulfilled or completed and we are not entitled or obliged to continue storing it for legal reasons.
X. OTHER PROCESSING OPERATIONS CARRIED OUT IN RESPONSE TO A LEGITIMATE INTEREST; DATA PROCESSING FOR THE PURPOSE OF MAINTAINING BUSINESS CONTACTS
As far as necessary, we process your data beyond the actual fulfilment of a contract concluded with you or a consent granted by you for the protection of legitimate interests of us or third parties, unless a consideration in the individual case shows that your legitimate basic rights and fundamental freedoms, which require the protection of personal data, outweigh (Art. 6 para. 1 lit. f GDPR). This may include:
- advertising, as far as they have not objected to the use of your data;
- Assertion of legal claims and defence in legal disputes;
- Ensuring IT security and IT operation;
- Prevention and investigation of criminal offences;
- Measures for business management and further development of services and products.
If we have received your contact data from us or others within the scope of a business event, within the scope of a business appointment or through the exchange of business cards or within the scope of an order, we use your contact data (in particular name, address, e-mail address) beyond that for the maintenance of our business contacts. For this purpose, we transfer your contact data to the CRM (Customer Relationship Management) system we use.
This processing is carried out on the basis of a legitimate interest on our part within the meaning of Article 6 para. 1 lit. f GDPR. We have a justified economic interest in maintaining contacts that have arisen in the course of business transactions even beyond the initial contact and in using them to establish a business relationship and to remain in contact with the person concerned for this purpose.
- If you have given us your consent to process personal data for specific, additional purposes (e.g. receipt of the newsletter), this data processing is based on this consent. We will provide details of the content of the consent when the consent is requested.
- Consent is always voluntary. If the processing of personal data is based on your consent, you have the right to revoke this consent at any time. The legal basis for data processing based on consent is Article 6 para. 1 lit. a GDPR.
- Your personal data will only be processed beyond this if you have given us your consent and we are therefore entitled to process your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In some areas of our website you have the possibility to give such an explicit consent. We will inform you in each case of the purpose for which the data will be processed if you give your consent, and how long we will store this personal data.
XII. OBJECTION OR WITHDRAWAL OF CONSENT TO THE PROCESSING OF YOUR DATA
- If you have given your consent to the processing of your data, you can revoke this consent at any time. Such revocation affects the permissibility of processing your personal data after you have expressed it to us.
- As far as we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is shown by us in the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have
done. In the event of your justified objection, we will examine the facts of the case and either stop or adapt the data processing or show you our compelling reasons for continuing the processing that are worthy of protection.
- Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time.
- If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to the e-mail address firstname.lastname@example.org or a message to the contact addresses listed in the imprint.
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
Contract data processing
We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
We use Google Analytics to analyse and regularly improve the use of our website. With the statistics obtained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.
XIV. SOCIAL MEDIA PLUG – INS
(1) We use social media plug-ins from Facebook and Twitter on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR to make our company known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection compliant operation is to be guaranteed by the respective provider. The integration of this plug-in by us takes place by means of the so-called two-click method, in order to protect visitors to our website in the best possible way. Our relevant buttons act as external links, so that without clicking on one of the buttons no information is transferred to one of these providers. If you do not want these social networks to collect data on the use of our websites, please do not click on the buttons mentioned. You can recognize the providers of the plugins by the mark on the box by its initial letter or logo.
(2) When the user clicks on one of the buttons, he is redirected to the website of the respective provider. The URL of the current page is passed as a parameter. We have no influence on whether or how the providers use this date for evaluation purposes.
In the case of Facebook, the IP address is anonymised immediately after it has been collected, according to information provided by the respective providers in Germany. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data, in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also do not have any information about the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or the design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting, advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider in order to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.
he data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your account with the plug-in provider. If you click on the activated button and, for example, link to the page, the plug-in provider will also save this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you avoid being assigned to your profile with the plug-in provider.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, e.g. confirm the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and the design of Facebook pages to meet the needs of the market. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website. For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please see the Facebook data protection information at (https://www.facebook.com/about/privacy/).
(5) Further information on the purpose and scope of data collection and its processing by the plug-in providers can be found in the data protection declarations of these providers, which are provided below. There you will also receive further information on your rights in this regard and setting options to protect your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted itself to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted itself to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework
XV. OTHER PLUGINS AND TOOLS
GOOGLE WEB FONTS
This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google’s servers. Through this, Google obtains knowledge that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a default font is used by your computer.
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an attractive presentation of our online offers and easy findability of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
XVI. DATA SECURITY – SSL ENCRYPTION
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Our servers are secured by firewalls and virus protection.
We also use SSL or TLS encryption (SSL = Secure Sockets Layer; TLS = Transport Layer Security; SSL is the previous name of TLS) within your website visit. You can tell whether an individual page of our Internet presence is transmitted in encrypted form by the fact that the address line of the browser changes from “http://” to “https://” and also by the lock symbol in your browser line. If SSL or TLS encryption is activated, data that you transmit to us cannot be read by third parties.
However, complete data security cannot be guaranteed when transmitting data over the Internet (e.g. when communicating by e-mail). You are therefore free to send confidential information by post only.
XVII. LINKS TO WEBSITES OF OTHER PROVIDERS
As far as this website refers to external pages of other providers (links), you leave the website and the contents of CONCILIUS through these links. The operators of these sites and not CONCILIUS are solely responsible for compliance with data protection regulations on these sites.
XVIII. OBLIGATION OF EMPLOYEES AND EXTERNAL SERVICE PROVIDERS
It goes without saying that our employees and the service companies commissioned by us are obliged to maintain secrecy and to comply with the provisions of data protection.
XIX. COOPERATION WITH EXTERNAL SERVICE PROVIDERS
If necessary, we commission other companies and individuals to perform tasks for us. Examples include parcel delivery, sending letters, maintaining our customer lists, analyzing our databases, advertising (including the provision of search results and links), processing payments (credit card, direct debit) and customer service. These service providers have access to personal information needed to perform their tasks. However, they may not use them for other purposes. Furthermore, they are obliged to treat the information in accordance with this data protection declaration as well as the German data protection laws and the basic data protection regulation.
If these contractors are commissioned data processors in accordance with § 11 BDSG (commissioned processors in accordance with Article 28 GDPR), we have concluded corresponding contracts with them in conformity with the law.
XX. PUBLICATION OF JOB ADVERTISEMENTS/ ONLINE JOB APPLICATIONS
The protection of your personal data during the entire application process is an important concern for us.
Your application data will be collected and processed electronically by us exclusively for the purpose of handling the application procedure.
The subject of data protection is personal data (Art. 4 para. 1 GDPR). This is information about personal or factual circumstances, such as name, address, e-mail address or telephone number, which you provide to us as part of the application process:
- Personal master data (for example, applicant name, address, date of birth)
- Communication data (e.g. telephone, e-mail)
- Data from the applicant’s curriculum vitae (e.g. professional career, secondary employment, leisure activities)
- Results of selection procedures (e.g. tests, interviews)
- Process data (e.g. status, dates)
The processing of your personal data is based on Article 6 paragraph 1 lit. a. GDPR, as you have given your consent to the processing of your personal data for one or more specific purposes before completing the application.
If your application is followed by the conclusion of a contract of employment, your transmitted data may be stored by us in your personnel file for the purpose of the usual organisational and administrative process in compliance with the relevant legal provisions. If your job application is rejected, the data you provided will be deleted automatically no later than 6 months after notification of the rejection. This does not apply if longer storage is necessary due to legal requirements (e.g. the duty of proof under the General Equal Treatment Act) or if you have expressly agreed to longer storage in our database of interested parties.
There is no data transfer to third countries.
You are responsible for all contents of the application, such as photos, and must take sole responsibility for compliance with legal requirements, such as trademark, copyright, personal or other rights of third parties.
You have the right to data transferability and the right to complain to a data protection supervisory authority.
You are entitled to revoke your consent to the use of personal data at any time.
If you have any questions about data protection or wish to exercise your right of information or revocation, please contact the person who was given as contact person in the job advertisement or our external data protection officer email@example.com
XXI. INFORMATION DUTIES ACCORDING TO ART. 13 GDPR IN RELATION TO EVENTS
With the following information we give you an overview of the processing of your personal data (hereafter “data”) at events of CONCILIUS or at events of CONCILIUS for clients as well as your data protection rights.
1. What data is stored about the customer?
We process the following categories of personal data:
- Contact information, in particular first and last name, title if applicable, address, telephone number if applicable, e-mail address
- Details of the company or institution for which you work
- Details of your professional position
- any photos and video recordings made by you at the event
- if applicable, date and place of birth (e.g. for invitations to events that require a security check by the BKA)
In principle, we collect this data directly from you or from publicly accessible sources. In individual cases, we may receive personal information about you from the company or institution you work for so that we can invite you to one of our events, or from individuals who register you for events.
2. For what purpose your data are processed (purpose of processing) and on what legal basis?
We use your contact details (name, postal address, e-mail address) to send invitations to our events and for the purpose of further organising the event. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR based on our legitimate interest in adequate communication of our corporate strategy and our entrepreneurial activities.
If you no longer wish to receive invitations to our events, you have the option of objecting to the use of your data for these purposes at any time by sending an e-mail with your objection to firstname.lastname@example.org. In this case we will immediately stop sending future invitations to our events.
If you participate in an event that is hosted by us, we process your data mentioned under point 1 in order to carry out the event and enable that you can participate. This also includes that we may include your name, details of your company or institution and your current professional position in a list of participants, which will be made available to the other participants of the event (if necessary also in electronic form), or we may make your data (name, details of company/institution) available to the organizers of the event for the purpose of holding the event. In addition, we use this data to send you event-relevant materials (e.g. conference proceedings) produced after the event. Furthermore, we may pass on your data to cooperating institutions if this is necessary to carry out the event and to enable your participation, e.g. external guest management. The legal basis for these data processing operations is Art. 6 para. 1 sentence 1 lit. b GDPR.
In accordance with Art. 21 para. 1 GDPR, you have the right to object to the publication of your data on the guest list with future effect at any time for reasons arising from your particular situation by sending an e-mail with your objection to email@example.com.
If you are invited to an event which requires a security check by the BKA, your data mentioned under point 1 will be used to carry out the security check and will also be passed on to the BKA for this purpose. The legal basis for these data processing operations is Art. 6 para. 1 sentence 1 lit. b, c and e GDPR.
In addition, photos and/or videos are regularly taken at our events, which are published in external and internal reports or in newsletters, if necessary, together with your name. In addition to photo and video recordings, metadata such as the time and place of recording and location are automatically stored in the digital cameras. The legal basis for taking and storing photographs and video recordings is Art. 6 para 1 sentence 1 lit. f GDPR based on our legitimate interest in reporting on the event.
According to Art. 21 para. 1 GDPR, you have the right to object to the taking and storage of your photo and video recordings with future effect at any time for reasons arising from your particular situation by sending an e-mail with your objection to firstname.lastname@example.org.
We expressly point out that external reporters are present at the events, who also produce photos and videos. However, as we have no influence on the photos and videos taken by the external reporters and
their use by them, we cannot give any information on the purpose and extent of the processing of your data by these external reporters.
3. Is there an obligation for you to provide the data?
The provision of your data is not required by law or contract. However, if you wish to participate in our events or receive invitations to the events, you must provide us with your data. Without your data, we will generally not be able to send you invitations to our events or enable you to participate in our events.
4. Who gets your data?
We will pass on your data to the bodies mentioned in point 2 for the purposes mentioned in point 2. Furthermore, we use service providers (order processors, e.g. dispatch service providers) bound by instructions, among other things for the postal or digital dispatch of invitations or within the scope of guest management. All processors will only have access to your data to the extent and for the period of time necessary to provide the services. If these service providers process your data outside the European Union, this may result in your data being transferred to a country that does not guarantee the same standard of data protection as the European Union. In this case, we will ensure that the service providers guarantee an equivalent level of data protection by contract or otherwise.
5. How long is your data stored?
We store your contact data for the purpose of sending invitations until you object, in order to be able to meet the legitimate mutual interest in communication or information. We will store your objection for the purpose of securing evidence for a period of 2 years.
Any other data collected for the purpose of the event or for security checks will be deleted immediately after the event.
The photo and video recordings and metadata stored by you on the basis of Article 6 para.1 sentence 1 lit. f GDPR will be stored until you have lodged a justified objection to the storage in accordance with Article 21 lit. 1 GDPR, unless there are overriding legitimate reasons for processing data within the meaning of Article 21 para. 1 sentence 2 GDPR.
Should data be passed on to processors who are bound by instructions, this shall only happen to the extent and for the period of time necessary for the provision of the services in question. We ensure that appropriate deletion agreements are observed.
6. What rights do you have in relation to your data?
You have the right to request information about the personal data we have stored about you at any time. If data about your person is incorrect or no longer current, you have the right to request that it be corrected. You also have the right to request the deletion or restriction of the processing of your data in accordance with Articles 17 and 18 of the GDPR.
If you have provided us with data and the processing by means of automated procedures is based on your consent or on a contract with you, you have the right to receive this data provided by you in a structured, common and machine-readable format (right to data transferability). If you wish to exercise your rights, you may contact us at any time at the following address: email@example.com. For information on your right of objection, please refer to section 2.
You also have the possibility to contact a data protection authority and file a complaint. The authority responsible for us is the Bavarian State Office for Data Protection Supervision. You can also contact the data protection authority responsible for your place of residence, which will then forward your request to the competent authority.
XXII. GENERAL GUIDANCE REFERRED TO IN ARTICLES 13, 14 AND 21
- Who is responsible for data processing and whom can I contact?
CONCILIUS AG Palais am Oberanger Hermann-Sack-Straße 3 80331 Munich Phone.: +49 89 944180 E-Mail: firstname.lastname@example.org
Register Court Munich: HRB 163682
You can reach our data protection officer at
The data protection officer of the responsible person is: Bernd Gasteiger LL.M., attorney at law Roseggerstr. 56 82229 Seefeld E-Mail: email@example.com
- What sources and data do we use?
We process personal data that we receive from you in the course of our business relationship. According to Art. 4 para. 1 of the DPA, personal data includes all information that relates or can be related to a natural person.
- For what purpose do we process your data (purpose of processing) and on what legal basis?
We process personal data exclusively for the intended purpose and in good faith in accordance with the provisions of the European Data Protection Basic Regulation (GDPR) and the Federal Data Protection Act (BDSG):
a) To fulfil contractual obligations Art. 6 para. 1 lit. b GDPR
The processing of personal data (Art. 4 para. 2 GDPR) is carried out for the purpose of providing services, in particular for the execution of our contracts with you, as well as for all activities necessary for the operation and administration of a company.
The purposes of data processing are primarily based on the services offered and contractual services.
b) As part of the balancing of interests (Article 6 para.1 lit. f GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties.
c) On the basis of your consent (Art. 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. A given consent can be revoked at any time.
Please note that the revocation is only effective for the future. Processing operations that took place before the revocation are not affected. Your revocation has no influence on a processing data if we are legally entitled to continue processing.
d) Due to legal requirements (Art. 6 para. 1 lit. c GDPR)
We are also subject to various legal obligations, i.e. legal requirements. Insofar as data is processed in this respect, this is done exclusively on the basis of these regulations.
- Who gets my data?
Within the company, your data will be passed on to those bodies that need it to fulfil our contractual and legal obligations. When we transmit personal data to affiliated companies, agents, service providers or contractors, we do so only in connection with contracts for order processing.
Other data recipients may be those entities for which you have given us your consent to transfer data (Art. 6 Paragraph 1 a GDPR).
- How long will my data be stored?
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract or for the fulfilment of the contractual purposes.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention or documentation specified there are two to ten years.
- Is data transferred to a third country or to an international organisation?
Insofar as data is transferred to third countries or disclosed to bodies in third countries, the additional requirements are observed. In accordance with these regulations, a contract will be concluded between us and the respective processing unit in accordance with the EU standard contract clauses and in conformity with the GDPR data protection regulations. This contract will also guarantee the data subject an adequate level of data protection when personal data are processed in third countries.
- What data protection rights do I have?
Every data subject has the right of access under Art. 15 GDPR, the right of rectification under Art. 16 GDPR, the right of deletion under Art. 17 GDPR, the right to restrict processing under Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. With regard to the right of information and the right of deletion, the restrictions according to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). Furthermore, we refer to § 2 of this data protection declaration.
- Is there an obligation for me to provide data?
Within the scope of our business relationship, you only need to provide us with personal data that is necessary for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it. All other information is voluntary.
- To what extent is there automated decision-making in individual cases?
We do not use a fully automated decision-making process in accordance with Art. 22 GDPR to establish and conduct the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.
- To what extent is my data used for targeted information and scoring?
We do not process your data automatically.
- Information about your right of objection under Art. 21 of the Basic Data Protection Regulation (GDPR)
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 para. 1 lit. e of the DPA (data processing in the public interest) and Article 6 para. 1 lit. f of the basic data protection regulation (data processing based on a balancing of interests).
If you object, we will no longer process your personal data, unless we can prove compelling reasons for processing that are worthy of protection, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
XXIV. PRINT AND SAVE THIS DATA PROTECTION NOTICE
You can print and save this data protection notice directly, for example by using the print or save function in your browser.
Status: January 2020