Privacy
Privacy statement of M3B GmbH as operator of its websites in accordance with the provisions of the GDPR
Stand: 14.07.2020
Contents
1. General information
2. Privacy statement
2.1. Name and address of the processing controller
2.2. Name and address of the data security officer
2.3. General information on data processing
2.4. Provision of the website and generation of log files
2.5. The use of cookies
2.6. Newsletter
2.7. Registration
2.8. Contact form and email contact
2.9. Rights of the data subject
3. Conceptual definitions
3.1. Personal data
3.2. Data subject
3.3. Processing
3.4. Restriction of processing
3.5. Profiling
3.6. Pseudonymization
3.7. Controller or processing controller
3.8. Joint controllers
3.9. Processor
3.10. Recipient
3.11. Third parties
3.12. Consent
4. Data transfer to third parties
5. Plug-ins from third-party suppliers
5.1 WordPress plug-ins
5.2. Analysis tools
5.3. Internet advertising
5.4. Social media
5.5. Other tools
1. General information
We are grateful for your interest in our company. Privacy has a special importance for the management and employees of M3B GmbH.
It is generally possible to use the internet sites and other digital media of the brands MESSE BREMEN, CONGRESS BREMEN, ÖVB-Arena, Großmarkt Bremen und Bremer Ratskeller – Weinhandel seit 1405, along with their individual event sites, as well as the business page of M3B GmbH, without providing any personal data. Insofar as a particular person wishes to make use of particular services of the online offerings of M3B GmbH over the internet, however, it could be necessary to process personal data. If the processing of personal data is necessary and if there is no legal basis for this, we will generally obtain the consent of the affected person. The processing of personal data – such as the name, address, email address or telephone number of the affected person – always occurs in conformity with the data protection provisions of the Federal Republic of Germany and the state of Bremen that apply to M3B GmbH.
With this privacy statement M3B GmbH wishes to inform the public about the type, scope and purpose of the personal data that we collect, use and process. In addition the affected data subjects will be informed about their rights by means of this privacy statement.
As the operator of the internet sites and the responsible processing controller, M3B GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of all personal data processed by all of the company’s internet sites. However internet-based data transfers can always entail security gaps, such that an absolute protection cannot be guaranteed. For this reason the data subject is free to convey personal data to us by other means as well, for example by telephone.
For the better understanding of this privacy statement, a definition of concepts for all the concepts used due to the legal situation is given.
In addition individual internet sites use “plug-ins” from third-party providers. These are attached to this data protection under the heading plug-ins and tools from third-party providers to provide a clearer overview.
2. Privacy statement
Privacy statement of:
MESSE BREMEN,
CONGRESS BREMEN,
ÖVB-Arena,
Großmarkt Bremen und
Bremer Ratskeller – Weinhandel seit 1405
as brands of
M3B GmbH, Bremen
2.1. Name and address of the processing controller
The controller in terms of the General Data Protection Regulation and other data protection laws and provisions of the Federal Republic of Germany and the state of Bremen is:
M3B GmbH
Findorffstraße 101
28215 Bremen
Deutschland
www.m3b-bremen.de
datenschutz@m3b-bremen.de
Tel. +49 (0)421 3505-0
2.2. Name and address of the data security officer
The data security officer of the responsible party is:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Deutschland
office@datenschutz-nord.de
Tel. +49 (0)421 69 66 32 0
2.3. General information on data processing
2.3.1. Scope of the processing of personal data
We fundamentally only collect and use personal data of our users insofar as this is necessary to provide a functional website and for its contents and services. The collection and use of the personal data of our users regularly occurs only with the consent of the user. An exception is cases in which the prior obtaining of consent is not possible for factual reasons and the processing of data is permitted by legal provisions.
2.3.2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing procedures, art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
For the processing of personal data that is necessary to fulfill a contract, to which the data subject is a contractual party, art. 6 para. 1 lit. b GDPR serves as the legal basis. This also holds for processing procedures that are necessary to carry out pre-contractual measures.
Insofar as a processing of personal data is necessary to fulfill a legal obligation of our company, art. 6 para. 1 lit. c GDPR serves as the legal basis. In case vital interests of the data subject or other natural persons make it necessary to process personal data, art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to preserve a legitimate interest of the company or a third party and the interests, basic rights and basic freedoms of the data subject do not outweigh this interest, then art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
2.3.3. Deletion of data and storage period
The personal data of the affected person are deleted or blocked as soon as the purpose of storage is past. Data could be stored beyond this if this is anticipated by the European or national legislative authority in Union directives, laws or other regulations to which the controller is subject. A blocking or deletion of the data also occurs if the storage period anticipated by these norms expires, unless there is a need to continue to store the data for the conclusion or fulfillment of a contract.
2.3.4. Remarks on data protection in accordance with art. 13, 14 and 21 GDPR
You can request or view these remarks directly from your contact partner at our company, request them from datenschutz@m3b-bremen.de or download them from the website of the M3B GmbH as PDF.
2.4. Provision of the website and generation of log files
2.4.1. Description and scope of the data processing
Every time our internet site is retrieved, our system automatically captures data and information from the system of the retrieving computer. The following data are captured:
(1) Information on the type of browser and the version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system arrived at our internet site
(7) Websites that are retrieved by the user’s system from our website
The data are also saved in the log files of our system. This data is not stored together with other personal data of the user.
2.4.2. Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is art. 6 para. 1 lit. f GDPR.
2.4.3. The purpose of the data processing
The temporary storage of the IP addresses by the system is necessary to make it possible to provide the website to the user’s computer. For this purpose the IP address of the user must remain saved for the duration of the session.
The storage in log files is to ensure the functionality of the website. Moreover these data help us to optimize our website and to ensure the security of our informational systems. The data are not assessed for marketing purposes in this context.
These purposes also represent our legitimate interest in data processing in accordance with art. 6 para. 1 lit. f GDPR.
2.4.4. Duration of storage
The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. Concerning the capture of data for the purpose of providing the website, this is the case as soon as that session is ended.
In case of the storage of data in log files, this is also the case after seven days at the latest.
A storage beyond this is possible. In this case the IP addresses of the users are deleted or disguised so that a correlation with the retrieving client is no longer possible.
2.4.5. The possibility of objection and elimination
The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the internet site. Consequently there is no possibility of objection on the part of the user.
2.5. The use of cookies
2.5.1. Description and scope of the data processing
Our website uses cookies. Cookies are text files that are saved in the user’s internet browser or by the internet browser in the user’s computer. If a user retrieves a website, a cookie can be saved in the user’s operating system. This cookie contains a characteristic sequence of characters that makes possible an unequivocal identification of the browser upon a later retrieval of the website. We use cookies to make our website more user-friendly. Several of the elements of our internet site require the retrieving browser to be identified even after changing sites.
The cookies save and convey the following information:
(1) Language settings
(2) Log-in information
On our website we also use cookies to make it possible to analyze the serving behavior of the users. The following data are conveyed:
(1) Search terms inputted
(2) Frequency of site retrieval
(3) Use of website functions
The user data collected in this manner is made pseudonymous through technical arrangements. Hence it is no longer possible to correlate the data to the retrieving user. The data are not stored together with other personal data of the user.
Upon retrieving our website, users are informed about the use of cookies for analytical purposes by an informational banner and referred to this privacy statement. In this context there is also reference to how users can prevent the saving of cookies in their browser settings.
2.5.2. Legal basis for the data processing
The legal basis for the processing of personal data with the use of technically necessary cookies is art. 6 para. 1 lit. f GDPR.
</>The legal basis for the processing of personal data with the use of cookies for analytical purposes is, upon provision of the corresponding consent of the user, art. 6 para. 1 lit. a GDPR.
2.5.3. Purpose of data processing
The purpose of the use of technically necessary cookies is to simplify the websites for the user. Several functions of our website cannot be offered without the use of cookies. These functions require that the browser be recognized after changing sites.
For the following applications we need to use cookies:
(1) Use of language settings
(2) Registration of search terms
The user data captured by the technically necessary cookies are not used to generate user profiles.
The use of analysis cookies occurs for the purpose of improving the quality of our website and its contents. With the analysis of cookies we learn how the website is used and thus can continually optimize our offerings.
These purposes represent our legitimate interest in the processing of personal data in accordance with art. 6 para. 1 lit. f GDPR. These purposes also represent our legitimate interest in the processing of personal data in accordance with art. 6 para. 1 lit. f GDPR.
2.5.4. Duration of storage, possibility of objection and elimination
Cookies are saved on the user’s computer and conveyed by this computer to our site. Hence as user you have complete control over the use of cookies. By changing the settings in your internet browser you can deactivate or limit the transmission of cookies. Already saved cookies can be deleted at any time. This can also occur automatically. If cookies are deactivated for our website, it is possible that you will no longer be able to make full use of all functions of our website.
The transmission of Flash cookies cannot be prevented by the browser settings, but by changing the settings of your Flash player.
2.5.5. Cookies verwalten
Wenn Sie nicht möchten, dass die M3B GmbH Informationen über Ihr Surfverhalten speichert und analysiert, können Sie beim ersten Aufruf unserer Website in der Cookie-Zustimmung („Cookie-Balken“) die Speicherung von Cookies verwalten. Standard ist, dass lediglich die technisch notwendigen, also essenziellen Cookies aktiv sind. Alle anderen Cookies für die Analyse oder das Marketing Ihres Besuchs auf unserer Website sind inaktiv. Zur Steuerung der Anzeige der Cookie-Zustimmung wird in ihrem Webbrowser ein Cookie abgelegt. Dieses Cookie enthält keinerlei Informationen und dient ausschließlich dazu, Ihnen Ihre Zustimmung/Ihren Widerspruch zuordnen zu können.
Wenn Sie in der Cookie-Zustimmung den Button „Alle aktivieren“ klicken oder unter „Anpassen“ die Cookie-Kategorien Analyse und/oder Marketing aktiv setzen, stimmen Sie durch aktives Bestätigen dem Setzen von Cookies zu. Die Rechtsgrundlage für die Speicherung von Analyse- und /oder Marketing-Cookies ist dann Art. 6 Abs. 1 lit a DSGVO.
2.6. Newsletter
2.6.1. Description and scope of the data processing
Our internet sites offer the possibility of subscribing to a free newsletter. During registration for the newsletter the data from the input mask are transmitted to us, which means that:
(1) Name
(2) E-Mail address
are captured, as well as
(3) Date and time of registration
Your consent is obtained for the processing of the data in the context of the registration process and you are referred to the privacy statement.
If you purchase goods or services on our internet site and thereby input your email address, this can then be used by us to send you the newsletter. In such cases only direct advertising for our own similar goods or services will be sent by way of the newsletter.
In the context of the data processing to send newsletters, no data is given to third parties. The data are exclusively used to send the newsletter.
2.6.2. Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is, given the provision of consent by the user, art. 6 para. 1 lit. a GDPR.
The legal basis for the sending of the newsletter in consequence of the purchase of wares or services is § 7 para. 3 UWG.
2.6.3. Purpose of data processing
The email address of the user is captured to send the newsletter.
The capture of other personal data in the context of the registration procedure serves to prevent a misuse of the services or the email address used.
2.6.4. Duration of storage
The data are deleted as soon as they are no longer necessary to achieve they purpose for which they were collected. Thus the email address of the user will only be stored as long as the subscription to the newsletter is active.
2.6.5. Possibility of objection and elimination
The subscription to the newsletter can be terminated at any time by the data subject. For this purpose there is a corresponding link in every newsletter.
It is also possible there to revoke the consent to the storage of the personal data collected during the registration procedure.
2.7. Registration
2.7.1. Description and scope of data processing
On our internet sites we offer users the possibility of registering for specialized events. The data are entered into an input mask and transmitted to us and saved. The data are not transferred to a third party. The following data are captured in the context of the registration process:
(1) Name
(2) Address
(3) Company
(4) Industry
(5) Position
Moreover at the time of registration the following data are saved:
(6) The IP address of the user
(7) Date and time of registration
In the registration process consent is obtained from the user for the processing of this data.
2.7.2. Legal basis for the data processing
The legal basis for the processing of data is, given the provision of consent by the user, art. 6 para. 1 lit. a GDPR.
If the registration serves to fulfill a contract to which the user is a contractual party or to carry our pre-contractual measures, then the additional legal basis for the processing of the data is art. 6 para. 1 lit. b GDPR.
2.7.3. Purpose of the data processing
A registration of the user is necessary to fulfill a contract with the user or to carry out pre-contractual measures or is indispensable for the provision of certain contents and services. They will always be explained in connection with the registration process.
2.7.4. Duration of storage
The data are deleted as soon as they are no longer necessary to achieve the purpose of their capture as well as from legal obligations directed at M3B GmbH.
2.7.5. Right of objection and elimination
If the data are necessary to fulfill a contract or to carry out pre-contractual measures, an early deletion of the data is only possible insofar as no contractual or legal obligations conflict with their deletion.
Otherwise as user you have the possibility at any time to suspend the registration. You can have the data saved about you changed at any time.
2.8. Contact form and email contact
2.8.1. Description and scope of the data processing
A contact form is available at our internet site that can be used to contact us electronically. If a user makes use of this possibility, the data inputted into the input mask are transmitted to us and saved.
Moreover at the time the message is sent the following data are saved:
(1) Name
(2) Address
(3) E-Mail adresse and
(4) Concern
and in addition
(5) The IP address of the user
(6) Date and time of registration
For the processing of the data, during the sending procedure your consent is obtained and you are referred to this privacy statement.
Alternatively you can contact us using the email address provided. In this case we will only save the user’s personal data that is conveyed with the email.
In this context there is no transmission of data to third parties. The data are used exclusively for processing the conversation.
2.8.2. Legal basis for the data processing
The legal basis for the processing of the data is, given the provision of consent of the user, art. 6 para. 1 lit. a GDPR.
The legal basis for processing the data that are conveyed by transmission of an email is art. 6 para. 1 lit. f GDPR. If the email contact leads to the conclusion of a contract, the additional legal basis for the processing is art. 6 para. 1 lit. b GDPR.
2.8.3. Purpose of the data processing
The processing of personal data from the input mask serves exclusively to process the establishment of contact. In case contact is established by email, this is the necessary legitimate interest in processing the data.
The other personal data processed during the sending procedure serves to prevent a misuse of the contact form and to ensure the security of our informational systems.
2.8.4. Duration of storage
The data are deleted as soon as they are no longer necessary to achieve the purpose of their capture. For personal data from the input mask of the contact form and those sent by email, this is the case as soon as that conversation with the user has concluded. The conversation has ended when it can be inferred from the circumstances that the issue in question has been conclusively clarified.
Additional personal data captured during the sending procedure will be deleted at the latest after a period of seven days.
2.8.5. Possibility of objection and elimination
The user has the possibility at any time of revoking his or her consent to the processing of personal data. If the user establishes contact with us over email, he or she can object to the saving of his or her personal data at any time. In such a case the conversation cannot be continued.
The revocation can be addressed using the contact form itself or the email address or telephone number listed at the beginning.
All personal data that were saved in the course of establishing contact will be deleted in this case.
2.9. Rights of the data subject
If your personal data is processed, then you are the ‘data subject’ in terms of the GDPR and you have the following rights relative to the controller:
2.9.1. Right to information
You may request a confirmation from the controller as to whether personal data that concern you are processed by us.
If there is such processing of your personal data, you may request the following information from the controller:
(1) the purposes for which personal data are processed;
(2) the categories for which personal data are processed;
(3) the recipient or categories of recipients to which the personal data concerning you are revealed or will be revealed;
(4) the planned duration of storage of the personal data concerning you or, if concrete specification of this is not possible, the criteria that determine the storage duration;
(5) the existence of a right to correction of deletion of the personal data concerning you, a right to restriction of the processing by the responsible party or a right of objection to this processing;
(6) the existence of a right of complaint to a regulatory authority;
(7) all available information on the origin of the data, if the personal data have not been collected from the affected person;
(8) the existence of an automated decision-making process including profiling in accordance with art. 22 para. 1 and 4 GDPR and – at least in these cases – significant information about the logic involved as well as the reach and intended consequences of such processing for the data subject.
You have the right to demand information as to whether personal data concerning you have been transmitted to a third country or an international organization. In this context you can demand to be instructed about the suitable guarantees in accordance with art. 46 GDPR in connection with the transmission.
2.9.2. Right to rectification
You have a right to rectification and/or completion against the controller insofar as the processed personal data concerning you are incorrect or incomplete. The controller is to immediately carry out the correction.
2.9.3. Right to restriction of processing
You may demand a restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the correctness of the personal data concerning you for a length of time that makes it possible for the controller to review the correctness of the personal data;
(2) if the processing is unlawful and you reject a deletion of the personal data and instead request a restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, you however need them to assert, exercise or defend legal claims, or
(4) you have filed an objection to the processing in accordance with art. 21 para. 1 GDPR and it is not yet determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of the personal data concerning you is restricted, these data – aside from their storage – may only be processed with your consent or to assert, exercise or defend against legal claims or to protect the rights of other natural or legal persons or for reasons of an important public interest of the Union or a member state
If the restriction of processing was restricted in accordance with the above-mentioned conditions, then you will be informed by the responsible party before the restriction is lifted.
2.9.4. Right to deletion
2.9.4.1. Duty to deletion
You can demand that the controller immediately delete the personal data concerning you, and the controller is obligated to immediately delete these data insofar as one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing rested in accordance with art. 6 para. 1 lit. a or art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) In accordance with art. 21 para. 1 GDPR you file an objection to the processing and there are no overriding legitimate reasons for the processing, or you file an objection to the processing in accordance with art. 21 para. 2 GDPR.
(4) The personal data concerning you were unlawfully processed.
(5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation in accordance with Union law or the law of member states to which the controller is subject.
(6) The personal data concerning you were collected in relation to offered services of the information society in accordance with art. 8 para. 1 GDPR.
2.9.4.2. Information to third parties
If the controller had made personal data concerning you public and is obligated to their deletion in accordance with art. 17 para. 1 GDPR, then he or she will take appropriate measures, in consideration of the available technology and the costs of implementation – also measures of a technical nature – to inform those processing controllers who are processing the personal data that you as the data subject demand the deletion of all links to these personal data or to copies or replications of these personal data.
2.9.4.3. Exceptions
The right to deletion does not exist insofar as the processing is necessary
(1) to exercise a right to free expression and information;
(2) to fulfill a legal obligation that requires the processing in accordance with the law of the Union or of member states to which the controller is subject or to pursue a task that is in the public interest or in the exercise of public authority that was transferred to the responsible party;
(3) for reasons of public interest in the area of public health in accordance with art. 9 para. 2 lit. h and i as well as art. 9 para. 3 GDPR;
(4) for the archival purposes or scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with art. 89 para. 1 GDPR, insofar as the right named under section a) is anticipated to make the realization of the goals of this processing impossible or seriously impair it, or
(5) to assert, exercise or defend legal claims.
2.9.5. Right to instruction
If you have asserted the right to correction, deletion or restriction of the processing against the controller, then this controller is obligated to communicate this correction or deletion of data or restriction of processing to all recipients to whom the personal data in question have been revealed, unless this proves impossible or involves a disproportionate expenditure.
You have the right against the controller to be informed about these recipients.
2.9.6. Right to data portability
You have the right to receive the personal data concerning you and that you have provided to the controller in a structured, typical and machine-readable format. In addition you have the right to transmit these data to another controller without being hindered by the controller to whom you had provided the personal data, insofar as
(1) the processing rests on a consent in accordance with art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a GDPR or on a contract in accordance with art. 6 para. 1 lit. b GDPR and
(2) the processing occurs with the help of automated procedures.
In exercising this right you also have the right to have the personal data concerning you transferred directly from a controller to another controller insofar as this is technically feasible. Freedoms and rights of other persons may not be impaired by this.
The right to data portability does not apply to a processing of personal data that is necessary for the fulfillment of a task that lies in the public interest or occurs in the exercise of a public authority that was transferred to the controller.
2.9.7. Right to objection
You have the right at any time, for reasons arising from your particular situation, to object to the processing of personal data concerning you that occurs on the basis of art. 6 para. 1 lit. e or f GDPR; this also holds for any profiling resting on these determinations.
The controller will no longer process the personal data concerning you, unless he or she can demonstrate compelling reasons for the processing requiring protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend against legal claims.
If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also holds for profiling insofar as it relates to such direct advertising.
If you object to the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.
You have the possibility exercise your right of objection in connection with the use of services of the information society – notwithstanding the guideline 2002/58/EG – by means of automated procedures that use technical specifications.
2.9.8. Right to revocation of the declaration of consent
You have the right to revoke your declaration of consent concerning data protection law at any time. The revocation of your consent will not affect the lawfulness of the processing that occurred on the basis of your consent until your revocation.
2.9.9. Automated individual decision-making including profiling
You have the right not to remain subject to a decision resting exclusively on automated processing – including profiling – that leads to any legal effect for you or significantly affects you in a similar manner. This does not hold if the decision
(1) is necessary for the fulfillment of a contract between you and the responsible party,
(2) is permissible on the basis of the legal provisions of the Union or the member states to which the responsible party is subject and these provisions contain appropriate measures to preserve your rights and freedoms as well as your legitimate interests, or
(3) occurs with your explicit consent.
However these decisions may not rest on special categories of personal data in accordance with art. 9 para. 1 GDPR, unless art. 9 para. 2 lit. a or g holds and appropriate measures to protect rights and freedoms as well as your legitimate interests have been taken.
Concerning the cases named in (1) and (3), the controller will take appropriate measures to preserve rights and freedoms as well as your legitimate interests, which includes at least the right to bring it about that a person intervenes on the part of the controlling party, the right to represent one’s own standpoint and the right to contest a decision.
2.9.10. Right to complain to a regulatory authority
Notwithstanding any other administrative or judicial remedy, you have the right to complain to a regulatory authority, in particular in the member state of your residence, your site of work or the site of the alleged violation, if you are of the opinion that the processing of the personal data concerning you violates the GDPR.
The regulatory authorities who receive the complaint will inform the complainant about the state and the results of the complaint, including the possibility of judicial remedy in accordance with art. 78 GDPR.
This privacy statement was generated on the basis of the information provided by the privacy statement generator of the GDG German Society for Data Protection GmbH.
M3B GmbH, Bremen
3. Conceptual definitions
The privacy statement of the M3B GmbH rests on concepts that have been used by the authoring body of the European guidelines and ordinances in enacting the General Data Protection Regulation (GDPR). Our privacy statement should be easily readable and understandable for the public as well as for our customers and business partners. To ensure this we would like to start by explaining the concepts used.
In this privacy statement we use the following concepts:
3.1. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2. Data subject
A data subject is every identified or identifiable natural person whose personal data is processed by the party responsible for processing.
3.3. Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing during the legal storage periods. This means that the data are still stored but can only be used for certain types of processing, such as e.g. review by financial authorities.
3.5. Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
3.6. Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
3.7. Controller or processing controller
Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be provided for by Union or Member State law.
3.8. Joint controllers
If several companies process personal data together and determine the purposes and means of processing together in the context of common tasks or projects, then these companies may agree on data protection regulations together as “joint controllers” in accordance with art. 26 GDPR and also jointly implement the rights of the data subjects.
3.9. Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3.10. Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
3.11. Third parties
Third parties are natural or legal persons, public authorities, agencies or bodies other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data.
3.12. Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4. Data transfer to third parties
As a matter of principle, we only use your personal data within our company. If and to the extent that we involve third parties in the performance of contracts (Internet service providers, logistics service providers, payment service providers), they will only receive personal data to the extent that the transmission is necessary for the corresponding service.
In the event that we outsource certain parts of the data processing ("contract processing"), we contractually oblige contract processors to use personal data only in accordance with the requirements of the data protection laws and to ensure the protection of the rights of the data subject.
Data transfer to bodies or persons outside the EU outside the case mentioned in this declaration in section 4 does not take place and is not planned.
5. Plug-ins from third-party suppliers
Our website to some extent uses plug-ins from third-party suppliers, which are described here:
5.1 WorldPress plug-ins
5.1.1 Privacy statement on the deployment and use of Contact Form 7
The controller has integrated components from Takayuki Miyoshi on this internet site. We use Contact Form 7 for contact forms. The form allows Ajax-supported sending, reCaptcha and Akismet spam-filtering. The valid data protection regulations of Contact Form 7 can be retrieved under de.wordpress.org/plugins/contact-form-7/#description.
5.2. Analysis tools
5.2.1. Data protection provisions on the deployment and use of Matomo (formerly PIWIK)
The controller has integrated components of Matomo into this website. Matomo is an open-source software tool for web analysis. Web analysis is the capture, collection and assessment of data on the behavior of visitors on internet sites. A web analysis tool collects data on, among other things, which internet site the data subject came from (the so-called referrer), which sub-sites of the internet site they access and how often or for how long they view a sub-site. A web analysis is primarily used to optimize an internet site and is used for a cost-benefit analysis of internet advertising.
The software is operated on the server of the controller, the log files that are sensitive in terms of data protection law are stored on this server.
The purpose of Matomo components is to analyze the stream of visitors to our internet site. The controller uses the data and information obtained among other things to assess the use of this internet site in order to generate online reports displaying the activities on our internet site.
Matomo places a cookie in the information-technology system of the data subject. It has already been explained above what cookies are. The setting of cookies makes it possible for us to analyze the use of our internet site. For every retrieval of one of the individual pages of our internet site, the internet browser on the information-technology system of the data subject is automatically prompted by the Matomo components to transmit data for the purpose of an online analysis on our servers. Through this technical procedure we retain knowledge of personal data such as the IP address of the data subject that serves among other things to help us understand the origin of the visitors and clicks.
By means of cookies, personal information is saved, such as time of access, the site from which access occurred and the frequency of visits to our internet site. With every visit to our internet site these personal data, including the IP address of the data subject’s internet connection, are transmitted to our server. We save these personal data. We do not transfer these personal data to third parties.
The data subject may prevent the setting of cookies by our internet site, as described above, at any time by means of the corresponding settings of the internet browser used by the data subject and thereby object lastingly to the use of cookies. Such a setting of the internet browser used would also prevent Matomo from placing a cookie in the information technology system of the data subject. In addition a cookie already set by Matomo can be deleted at any time by means of the internet browser or other software programs.
In addition the data subject has the possibility to object to the capture of the data generated by Matomo relating to the use of this internet site and to prevent it. For this purpose the data subject must set an opt-out cookie under the link matomo.org/docs/privacy. If the information-technology system of the data subject is deleted, formatted or reinstalled at a later point, the data subject will need to once more set an opt-out cookie under matomo.org/docs/privacy.
However with setting of an opt-out cookie it is possible that the internet site of the controller will no longer be fully usable for the data subject.
Further information and the valid data protection regulations of Matomo can be retrieved under matomo.org/docs/privacy.
5.2.2. Data protection regulations on the deployment and use of Google Analytics (with anonymization function)
The controller has integrated components of Google Analytics (with anonymization function) into this internet site. Google Analytics is a web analysis service. Web analysis is the capture, collection and assessment of data on the behavior of visitors on internet sites. A web analysis service includes among other things data on which internet site the data subject on an internet site came from (the so-called referrer), which sub-sites of the internet site are accessed and how long a sub-site is viewed. A web analysis is used primarily to optimize an internet site and is deployed for a cost-benefit analysis of internet advertising.
The operating company of Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition of "_gat._anonymizeIp" for the web analysis by way of Google Analytics. This addition abbreviates and anonymizes the IP address of the internet connection of the data subject if our internet site is accessed from a member state of the European Union or from another contractual state of the agreement on the European Economic Area.
The purpose of the Google Analytics components is to analyze the visitor stream to our internet site. Google uses the data and information obtained, among other things, to assess the use of our internet site in order to generate online reports displaying the activities on our internet sites and to provide further services standing in relation to the use of our internet site.
Google Analytics places a cookie in the information-technology system of the data subject. It was explained above what cookies are. By playing a cookie Google makes an analysis of the use of our internet site possible. For every retrieval of one of the individual sub-sites of this internet site that is operated by the processing controller and that has integrated a component of Google Analytics, the internet browser of the data subject’s information-technology system is automatically prompted by the Google Analytics component to transmit data to Google for the purpose of online analysis. In this technical process Google obtains knowledge of personal data, such as the IP address of the data subject, that allows Google among other things to reconstruct the origin of the visitors and clicks and in consequence to calculate commissions.
Information such as the time of access, the place from which a site was accessed and the frequency of visits to our internet site by the data subject are saved by means of cookies. For every visit to our internet sites these personal data, including the IP address of the data subject’s internet connection, are transmitted to Google in the United States of America. These personal data are saved by Google in the United States of America. Google could under certain circumstances transfer this data obtained by technical procedures to third parties.
The data subject may at any time prevent the setting of cookies by our internet site, as described above, by means of the corresponding settings of the internet browser used, and thus object lastingly to the use of cookies. Such a setting of the internet browser used will also prevent Google from setting a cookie in the information-technology system of the data subject. In addition a cookie already set by Google Analytics can be deleted by means of the internet browser or other software programs at any time.
Additionally the data subject has the possibility of objecting to the capture of the data generated by Google Analytics relating to the use of this internet site and to the processing of this data by Google and prevent it. For this purpose the data subject must download a browser add-on under the link tools.google.com/dlpage/gaoptout and install it. This browser add-on communicates to Google by way of a Java script that no data and information on the visits to internet sites may be transmitted to Google Analytics. The installation of the browser add-on is assessed by Google as an objection. If the information-technology system of the data subject is deleted, formatted or reinstalled at a later point, the data subject must again install the browser add-on in order to deactivate Google Analytics. Insofar as the browser add-on is deinstalled or deactivated by the data subject or another person to be ascribed to their sphere of control, there is a possibility of reinstalling or reactivating the browser add-on.
Further information and the valid data protection provisions of Google can be retrieved under google.de/intl/de/policies/privacy and under marketingplatform.google.com/about/analytics/terms/de. Google Analytics is described more precisely under this link google.com/intl/de_de/analytics.
5.3. Internet advertising
5.3.1 Data protection provisions on the deployment and use of Google AdWords
The controller has integrated Google AdWords into this internet site. Google AdWords is a web advertising service that allows the advertisers to display ads both in the Google search engine results as well as in the Google ad network. Google AdWords makes it possible for an advertiser to determine certain key words, by means of which an ad is only displayed in the Google search engine results when the user retrieves a result with the search engine that is relevant to the key words. In the Google ad network the ads are displayed using an automatic algorithm and distributed to thematically relevant internet sites in consideration of the previously determined key words.
The operating company of the service of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our internet site by displaying interest-relevant advertising on the internet sites of third-party companies and in the search engine results of the search engine Google and to display third-party advertising on our internet site.
If a data subject ends up at our internet site by way of a Google ad, a co-called cookie is placed on the information-technology system of the affected person by Google. It has already been described above what cookies are. A conversion cookie loses its validity after thirty days and does not serve to identify the data subject. The conversion cookie, insofar as it has not yet expired, makes it possible to determine whether certain sub-sites, such as the shopping cart of an online shopping system, have been retrieved on our internet site. By means of the conversion cookie we and also Google can determine whether the data subject who arrived at our website by way of an AdWords ad generated a sale, i.e. whether they concluded a purchase of wares or broke it off.
The data and information obtained by the use of conversion cookies are used by Google to generate visit statistics for our internet site. These visit statistics are then used by us to determine the total number of users that AdWords displays have brought to us, hence to determine the success or failure of particular AdWords displays and to optimize our AdWords displays for the future. Neither our company nor other advertising customers of Google AdWords receive any information from Google by means of which the data subject could be identified.
Personal information such as the internet sites visited by the data subject are saved by means of conversion cookies. For every visit to our internet sites, personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are saved by Google in the United States of America. In certain circumstances Google may transmit these personal data obtained by the technical procedure to third parties.
The data subject may prevent the setting of cookies by our internet site, as described above, at any time by means of the corresponding settings in the internet browser used and thus lastingly object to the setting of cookies. Such a setting of the internet browser used will also prevent Google from setting a conversion cookie on the information-technology system of the data subject. In addition a cookie already set by Google AdWords can be deleted at any time using the internet browser or other software programs.
Additionally the data subject has the possibility of objecting to the interest-based advertising by Google. For this purpose the data subject has to retrieve the link www.google.de/settings/ads in every internet browser that he or she uses and configure the settings there as desired.
urther information and the valid data protection provisions of Google can be retrieved under google.de/intl/de/policies/privacy.
5.3.2. Datenschutzbestimmungen zu Einsatz und Verwendung von Facebook Pixel
Unsere Website nutzt zur Konversionsmessung das Besucheraktions-Pixel von Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook”).
So kann das Verhalten der Seitenbesucher nachverfolgt werden, nachdem diese durch Klick auf eine Facebook-Werbeanzeige auf die Website des Anbieters weitergeleitet wurden. Dadurch können die Wirksamkeit der Facebook-Werbeanzeigen für statistische und Marktforschungszwecke ausgewertet werden und zukünftige Werbemaßnahmen optimiert werden.
Die erhobenen Daten sind für uns als Betreiber dieser Website anonym, wir können keine Rückschlüsse auf die Identität der Nutzer ziehen. Die Daten werden aber von Facebook gespeichert und verarbeitet, sodass eine Verbindung zum jeweiligen Nutzerprofil möglich ist und Facebook die Daten für eigene Werbezwecke, entsprechend der Facebook-Datenverwendungsrichtlinie verwenden kann. Dadurch kann Facebook das Schalten von Werbeanzeigen auf Seiten von Facebook sowie außerhalb von Facebook ermöglichen. Diese Verwendung der Daten kann von uns als Seitenbetreiber nicht beeinflusst werden.
In den Datenschutzhinweisen von Facebook finden Sie weitere Hinweise zum Schutz Ihrer Privatsphäre: facebook.com/about/privacy. Sie können außerdem die Remarketing-Funktion "Custom Audiences” im Bereich Einstellungen für Werbeanzeigen unter facebook.com/ads/preferences/?entry_product=ad_settings_screen deaktivieren. Dazu müssen Sie bei Facebook angemeldet sein.
Wenn Sie kein Facebook Konto besitzen, können Sie nutzungsbasierte Werbung von Facebook auf der Website der European Interactive Digital Advertising Alliance deaktivieren: youronlinechoices.com/de/praferenzmanagement.
5.4. Social media
5.4.1. Data protection provisions on the deployment and use of Facebook
The controller has integrated components of the company Facebook into this internet site. Facebook is a social network. A social network is a social meeting point operated on the internet, an online community that generally makes it possible for users to communicate with one another and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences or make it possible for the internet community to provide personal or business-related information. Facebook allows the users of its social network among other things to generate private profiles, upload photos and connect to one another by friend-requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of the processing of personal data is, if the data subject lives outside of the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For every retrieval of one of the individual pages of this internet site that is operated by the processing controller and that has integrated a Facebook component (Facebook plug-in), the internet browser on the information-technology system of the data subject is automatically prompted by the particular Facebook component to download a representation of the particular Facebook component from Facebook. A total overview of all Facebook plug-ins can be retrieved under developers.facebook.com/docs/plugins/?locale=de_DE. Within this technical procedure Facebook obtains knowledge of which specific sub-site of our internet site was visited by the data subject.
Insofar as the data subject is simultaneously logged in to Facebook, Facebook recognizes, with every retrieval of our internet site by the data subject and during the entire duration of his or her visit to our internet site, which concrete sub-sites of our internet site the data subject is visiting. This information is collected by the Facebook components and correlated with the particular Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our internet site, for example the “like me” button, or if the data subject offers a comment, Facebook correlates this information to the personal Facebook user account of the data subject and saves this personal data.
Facebook always receives the information, by way of the Facebook components, that the data subject has visited our internet site if the data subject is logged in to Facebook at the time that he or she retrieves our internet site; this occurs regardless of whether or not the data subject clicks on the Facebook component. If such a transmission of this information to Facebook is not desired by the data subject, this transmission can be prevented by logging out of his or her Facebook account before retrieving our internet site.
The data guidelines published by Facebook, which can be retrieved under de-de.facebook.com/about/privacy provide information about the capture, processing and use of personal data by Facebook. Additionally these guidelines explain which Facebook settings are possible to protect the privacy of the data subject. Moreover different applications are available that make it possible to suppress any data transmission to Facebook, for example the Facebook-blocker provided by Webgraph, which can be procured under webgraph.com/resources/facebookblocker/. These applications can be used by the data subject to suppress a transmission of data to Facebook.
5.4.2. Data protection provisions on the deployment and use of YouTube
The controller has integrated components of YouTube into this internet site. YouTube is an internet video portal that allows video publishers to present videos free of cost and other users to view them and assess and comment on them free of cost. YouTube permits the publication of all types of videos, so that complete film and television broadcasts as well as music videos, trailers and videos made by the users themselves can be retrieved at this internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For every retrieval of one of the individual pages of this internet site that is operated by the controller and that integrates a YouTube component (YouTube video), the internet browser of the data subject’s information-technology system is automatically prompted by the particular YouTube component to download a representation of the particular YouTube component from YouTube. Further information on YouTube can be retrieved under youtube.com/yt/about/de. Within this technical procedure, YouTube and Google receive information about which specific sub-sites of our internet site are visited by the data subject.
Insofar as the data subject is logged in to YouTube at the same time, for every retrieval of sub-site containing a YouTube video YouTube recognizes which specific sub-site of our internet site the data subject is visiting. This information is collected by YouTube and Google and correlated with the particular YouTube account of the data subject.
YouTube and Google receive the information, from the YouTube components, that the data subject has visited our internet site if the data subject is logged in to YouTube at the time of the retrieval of our internet site; this occurs regardless of whether or not the data subject clicks on a YouTube video. If such a transmission of this information to YouTube and Google is not desired by the data subject, this transmission can be prevented by logging out of your YouTube account before retrieving our internet site.
The data protection provisions published by YouTube, which can be retrieved under google.de/intl/de/policies/privacy, provide information on the capture, processing and use of personal data by YouTube and Google.
5.5. Other tools
5.5.1. Google Web Fonts
Diese Seite nutzt zur einheitlichen Darstellung von Schriftarten so genannte Web Fonts, die von Google bereitgestellt werden. Beim Aufruf einer Seite lädt Ihr Browser die benötigten Web Fonts in ihren Browsercache, um Texte und Schriftarten korrekt anzuzeigen.
Zu diesem Zweck muss der von Ihnen verwendete Browser Verbindung zu den Servern von Google aufnehmen. Hierdurch erlangt Google Kenntnis darüber, dass über Ihre IP-Adresse diese Website aufgerufen wurde. Die Nutzung von Google WebFonts erfolgt auf Grundlage von Art. 6 Abs. 1 lit. f DSGVO. Der Websitebetreiber hat ein berechtigtes Interesse an der einheitlichen Darstellung des Schriftbildes auf seiner Website. Sofern eine entsprechende Einwilligung abgefragt wurde (z. B. eine Einwilligung zur Speicherung von Cookies), erfolgt die Verarbeitung ausschließlich auf Grundlage von Art. 6 Abs. 1 lit. a DSGVO; die Einwilligung ist jederzeit widerrufbar.
Wenn Ihr Browser Web Fonts nicht unterstützt, wird eine Standardschrift von Ihrem Computer genutzt.
Weitere Informationen zu Google Web Fonts finden Sie unter https://developers.google.com/fonts/faq und in der Datenschutzerklärung von Google: policies.google.com/privacy?hl=de.
5.5.2. OpenStreetMap
Wir nutzen den Kartendienst von OpenStreetMap (OSM). Anbieterin ist die Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
Wenn Sie eine Website besuchen, auf der OpenStreetMap eingebunden ist, werden u. a. Ihre IP-Adresse und weitere Informationen über Ihr Verhalten auf dieser Website an die OSMF weitergeleitet. OpenStreetMap speichert hierzu unter Umständen Cookies in Ihrem Browser oder setzt vergleichbare Wiedererkennungstechnologien ein.
Ferner kann Ihr Standort erfasst werden, wenn Sie dies in Ihren Geräteeinstellungen – z. B. auf Ihrem Handy – zugelassen haben. Der Anbieter dieser Seite hat keinen Einfluss auf diese Datenübertragung. Details entnehmen Sie der Datenschutzerklärung von OpenStreetMap unter folgendem Link: wiki.osmfoundation.org/wiki/Privacy_Policy.
Die Nutzung von OpenStreetMap erfolgt im Interesse einer ansprechenden Darstellung unserer Online-Angebote und einer leichten Auffindbarkeit der von uns auf der Website angegebenen Orte. Dies stellt ein berechtigtes Interesse im Sinne von Art. 6 Abs. 1 lit. f DSGVO dar. Sofern eine entsprechende Einwilligung abgefragt wurde (z. B. eine Einwilligung zur Speicherung von Cookies), erfolgt die Verarbeitung ausschließlich auf Grundlage von Art. 6 Abs. 1 lit. a DSGVO; die Einwilligung ist jederzeit widerrufbar.
© 2018 – 2021 M3B GmbH, Bremen