I. Name and contact details of the controller
This data protection information applies to data processing by the following controller
Bilder der Zukunft e.V., Rüdesheimer Strasse 21, 65197 Wiesbaden, Germany, e-mail: info@bilderderzukunft.de, telephone: +49 (0)611 180 99-0.
II General information on data processing
Scope of the processing of personal data
We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
- When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
- Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
- In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
- If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
DATA PROCESSING IN THIRD COUNTRIES
If we process data in a third country outside the European Union (EU) or the European Economic Area (EEA) or if processing or disclosure to other persons, bodies or companies takes place through third-party services used by us, this is done in accordance with the legal requirements. Unless you have given your separate consent or we process contractually or legally required transfers, we only have the data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).
Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In the case of order processing, this generally takes place after three years. Data may be stored beyond this period if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. If the data of the data subject is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data of the data subject that must be retained for commercial or tax law reasons (six years in accordance with Section 257 (1) HGB and ten years in accordance with Section 147 (1) AO).
III When visiting the website
When you visit our website, your web browser transmits usage data. This is technically necessary in order to establish a connection between the accessing computer and the server and to provide you with our website.
The types of data processed are usage data (e.g. websites visited, data volumes transferred, interest in content, access times, website from which the request comes (referrer URL), information about the browser and browser settings, operating system and its interface, meta/communication data (e.g. device information, IP addresses).
Data subjects are users (e.g. website visitors, users of online services).
The purposes of processing are the provision of our online services and user-friendliness; security measures; initiation and provision of contractual services.
The legal basis is our legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Log file information is stored in anonymised form for a period of two years and then deleted if special purposes (e.g. evidence purposes) make longer storage necessary.
HOSTING HETZNER
This website is hosted by an external service provider (hoster): Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, BRD. The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The use of the hoster is in the legitimate interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent that this is necessary to fulfil its performance obligations and will follow our instructions in accordance with a concluded order processing contract pursuant to Art. 28 GDPR with regard to this data and comply with data protection regulations.
Further information on the purpose and scope of data collection and its processing by the service provider can be found in the privacy policy: https://www.hetzner.de/rechtliches/datenschutz/.
YOUTUBE
Videos are embedded on our website via the YouTube service. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube uses cookies for data collection and statistical data analysis, through which YouTube can analyse the access and frequency of access to the video as well as the website of the embedded video. If you are logged into your YouTube account, YouTube can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your account.
To protect your privacy, we only use embedded YouTube videos in an extended data protection mode. This means that YouTube does not store cookies for a user who views a website with an embedded YouTube video but does not click on the video to play it. If the video is played, YouTube can store cookies on the user's computer, but no personal information about the playback of embedded videos is stored. Further information on data protection by YouTube can be found at www.google.de/intl/de/policies/privacy.
We use YouTube to provide information and entertainment on the website. The use is therefore in our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If we obtain your consent, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Your consent can be revoked at any time.
According to Google, the personal data collected from website visitors is also stored on its servers in the USA and used as part of its own advertising measures. A level of data protection comparable to European law is ensured by participation in the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
VIMEO
We use plugins from the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo.com Inc, 555 West 18th Street, New York, New York 10011, USA. The third country transfer is based on EU standard contractual clauses (SCC).
When you access the website of our Internet presence provided with such a plugin - for example our media library - a connection to the Vimeo servers is established and the plugin is displayed. This tells the Vimeo server which of our websites you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo. The processed data also includes online identifiers (IP address, email address, location information), viewing data and employment information. No special types of data are processed.
We have concluded an order processing contract with the provider (https://vimeo.com/enterpriseterms/dpa), which obliges the provider to follow our instructions with regard to this data in accordance with Art. 28 GDPR and to comply with data protection regulations. Further information on data processing and information on data protection by Vimeo can be found at https://vimeo.com/privacy. The legal basis for the use of Vimeo is Art. 6 para. 1 sentence 1 lit. f GDPR.
IV. Further data collection and functions / COOKIES
GENERAL INFORMATION ON THE USE OF COOKIES
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. This website may use the following types of cookies, the scope and function of which are explained below:
- Transient cookies
- Persistent cookies
- First-party cookies
- Third-party cookies
Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
First-party cookies are set by us, while third-party cookies are used by third parties to process user information.
The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. The purposes of the non-essential cookies are listed individually below.
The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25 (2) TTDSG is Art. 6 (1) (f) GDPR.
We also use cookies on our website for various functions, including to enable an analysis of users' surfing behaviour. In this way, the following data can be transmitted, for example
Search terms entered
Frequency of page views
Utilisation of website functions
The legal basis for the processing of personal data using technically unnecessary cookies is otherwise your consent Art. 6 para. 1 lit. a GDPR.
We use types of cookies, the scope and function of which are explained below and in our consent tool:
Cookie Name | Type: Own / third party cookie | Saved on domain | Provider | Lifetime | Description |
|---|
| CRAFT_CSRF_TOKEN | First Party | .see-conference.org | | Session Cookie | |
| __stripe_mid | First Party | .see-conference.org | | | |
| _fbp | First Party | .see-conference.org | | | |
| see-sid | First Party | .see-conference.org | | Session Cookie | |
| Klaro | First Party | .see-conference.org | | | Consent State |
| commerce_cart | First Party | .see-conference.org | | | Shopping Cart |
| _pk_ses | 3rd Party | | Matomo | 30 minutes | Short-lived cookies that are used to temporarily store data for the visit. |
| _pk_id | 3rd Party | | Matomo | 13 months | Used to store some details about the user, such as the unique visitor ID. |
| __stripe_mid | 3rd Party | .checkout.stripe.com | Stripe | 1 year | Serves to prevent fraud and helps us to assess the risk associated with an attempted transaction. |
| machine_identifier | 3rd Party | .stripe.com | Stripe | 1 year | To prevent fraud, Stripe makes it possible to determine the computer used on the Stripe Dashboard. |
| private_machine_identifier | 3rd Party | .stripe.com | Stripe | 1 year | Identifies the computer across login sessions and users to prevent fraud. |
| __stripe_orig_props | 3rd Party | stripe.com | Stripe | 1 year | Reminds you how you arrived at our website, including the URL you came from and the Stripe page you originally landed on. |
| stripe_mid | 3rd Party | stripe.com | Stripe | 1 year | Serves to prevent fraud and helps us to assess the risk associated with an attempted transaction. |
| Scfc | 3rd Party | stripe.com | Stripe | 1 year | Fixes errors on our website in certain situations by forcing the browser cache to be cleared. |
| stripe.csrf | 3rd Party | stripe.com | Stripe | Session Cookie | Prevents attackers from making requests from other websites that change user data to Stripe. |
| Locale | 3rd Party | stripe.com | Stripe | Session Cookie | Controls the language on stripe.com to give you a reading experience in the language you expect. |
| presence | 3rd Party | .facebook.com | Meta | 30 days | This cookie supports your use of Messanger chat windows. |
| usida | 3rd Party | .facebook.com | Meta | Session Cookie | Captures a combination of the user's browser and a unique identifier that is used to customise advertising to users. |
| xs | 3rd Party | .facebook.com | Meta | 1 year | We use these cookies to authenticate you and so that you can stay logged in while you switch between different Facebook pages. |
| c_user | 3rd Party | .facebook.com | Meta | 1 year | We use these cookies to authenticate you and so that you can stay logged in while you switch between different Facebook pages. |
| sb | 3rd Party | .facebook.com | Meta | 400 days | These cookies help us to identify your browser securely. |
| locale | 3rd Party | .facebook.com | Meta | 7 days | The language is saved with the help of a cookie so that the language selection is retained. |
| wd | 3rd Party | .facebook.com | Meta | 7 days | These cookies help provide an optimised experience for your device's screen. |
| datr | 3rd Party | .facebook.com | Meta | 400 days | This cookie is a unique identifier for your browser that helps us, among other things, to protect you from fraud. It also helps us identify browsers used by malicious actors and prevent cybersecurity attacks. |
| dpr | 3rd Party | .facebook.com | Meta | 7 days | These cookies help provide an optimised experience for your device's screen. |
| li_mc | 3rd Party | .linkedin.com | LinkedIn | 6 months | Used as a temporary cache to avoid database queries for a member's consent to use non-essential cookies, and is used to have consent information on the client side to enforce consent on the client side. |
| lms_ads | 3rd Party | .linkedin.com | LinkedIn | 30 days | Used to identify LinkedIn members outside of LinkedIn for advertising purposes. |
| fptctx2 | 3rd Party | .linkedin.com | LinkedIn | Session Cookie | To prevent misuse in payment processes for LinkedIn. |
| lms_analytics | 3rd Party | .linkedin.com | LinkedIn | 30 days | Used to identify LinkedIn members outside of LinkedIn for advertising purposes. |
| dfpfpt | 3rd Party | .linkedin.com | LinkedIn | 2 years | Unique user ID to prevent misuse in payment processes at LinkedIn. |
| liap | 3rd Party | .linkedin.com | LinkedIn | 1 year | Used by non-WWW domains to identify the login status of a member. |
| AnalyticsSyncHistory | 3rd Party | .linkedin.com | LinkedIn | 30 days | Used to store information about the time of a synchronisation with the lms_analytics cookie. |
| li_sugr | 3rd Party | .linkedin.com | LinkedIn | 90 days | Used to make a probable match of a user's identity outside the designated countries. |
| bcookie | 3rd Party | .linkedin.com | LinkedIn | 1 year | Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect misuse on the platform. |
| li_gc | 3rd Party | .linkedin.com | LinkedIn | 6 months | Used to store guests' consent to the use of cookies for non-essential purposes. |
| lang | 3rd Party | .linkedin.com | LinkedIn | Session Cookie | Used to save a user's language setting so that LinkedIn.com is displayed in the language the user has selected in their settings. |
| lidc | 3rd Party | .linkedin.com | LinkedIn | 1 day | To facilitate the selection of data centres. |
| UserMatchHistory | 3rd Party | .linkedin.com | LinkedIn | 30 days | Synchronisation of the LinkedIn Ads ID. |
| __cf_bm | 3rd Party | .vimeo.com | Vimeo | 1 day | This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports on the use of its website. |
| vuid | 3rd Party | .vimeo.com | Vimeo | 2 years | Collects data about the user's visits to the website, such as which pages have been read. |
3rd party cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
You can adjust your settings for these cookies here: Cookie settings
Unless deleted by the user, the cookie is stored for as long as it is used for the respective purpose. It is automatically deleted in accordance with the expiry date.
You can also object to the use of cookies from various providers on the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, we will inform you separately about the objection options of individual providers used here.
MATOMO
This website uses Matomo, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, to analyse and regularly improve the use of our website (https://matomo.org/). We can use the statistics obtained to improve our website and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. f GDPR.
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
Cookies (see sections 3 and 4 for more details) are stored on your computer for this analysis.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
You can stop the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. You can prevent the storage of cookies by changing the settings in your browser. You can prevent the use of Matomo by deactivating Matomo in the Cookie settings.
This website uses Matomo with the ‘AnonymiseIP’ extension. This means that IP addresses are further processed in abbreviated form, so that direct personal identification can be ruled out. The IP address transmitted by your browser via Matomo is not merged with other data collected by us. Information from the third-party provider on data protection can be found at https://matomo.org/privacy/.
LINKEDIN INSIGHT TAG
Unsere Website verwendet das „LinkedIn Insight Tag“ der LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland. Mithilfe dieses Tools wird ein Cookie in Ihrem Webbrowser platziert, das die Erfassung verschiedener Daten ermöglicht, darunter sogenannte Logfiles wie Ihre IP-Adresse, Geräte- und Browsereigenschaften sowie Seitenereignisse wie z.B. Seitenabrufe. Diese Daten werden verschlüsselt und innerhalb von sieben Tagen anonymisiert. Nach 90 Tagen werden die anonymisierten Daten gelöscht. LinkedIn übermittelt keine personenbezogenen Daten an uns, sondern stellt anonymisierte Berichte über die Zielgruppe unserer Website sowie ggf. die Nutzung von Werbeanzeigen bereit. Darüber hinaus bietet das Insight Tag von LinkedIn die Möglichkeit eines sog. Retargetings. Auf dieser Grundlage können wir gezielte Werbung außerhalb unserer Website schalten, ohne Sie als Websitebesucher identifizieren zu können. Über die gewonnenen Statistiken können wir unser Angebot verbessern und für Sie als Nutzer interessanter ausgestalten. Rechtsgrundlage für die Nutzung des Insight Tag ist Art. 6 Abs. 1 S. 1 lit. f DS-GVO, sowie Ihre Einwilligung nach Art. 6 Abs. 1 S. 1 lit. a DS-GVO, sofern wir diese einholen.
LinkedIn speichert die erfassten personenbezogenen Daten der Websitebesucher auf seinen Servern auch in den USA und nutzt sie im Rahmen eigener Werbemaßnahmen. Ein mit dem europäischen Recht vergleichbares Datenschutzniveau wird dabei durch den Abschluss der von der Europäischen Kommission vorab genehmigten Standard-Vertragsklauseln und die Teilnahme an dem EU-US Data Privacy Framework sichergestellt (https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de).
LinkedIn also stores the personal data collected from website visitors on its servers in the USA and uses it as part of its own advertising measures. A level of data protection comparable to European law is ensured by the conclusion of standard contractual clauses approved in advance by the European Commission and participation in the EU-US Data Privacy Framework (https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de).
We have concluded an order processing contract with LinkedIn (https://www.linkedin.com/legal/l/dpa), which obliges the provider to follow our instructions with regard to this data in accordance with Art. 28 GDPR and to comply with data protection regulations.
LinkedIn members can control the use of their personal data for advertising purposes in their account settings (https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out). You can deactivate the Insight tag on our website in our consent tool (‘opt-out’). Further information on LinkedIn's data processing can be found in this privacy policy: https://www.linkedin.com/legal/privacy-policy.
META-PIXEL
This website uses Meta Pixel to measure conversions. The service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The meta pixel makes it possible to track the behaviour of site visitors after they have been redirected to our website by clicking on a Facebook ad. This allows us to evaluate the effectiveness of our Facebook ads for statistical purposes and optimise our future advertising measures.
The data collected is anonymous to us as the operator of this website, so we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. Facebook may use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy and enable the display of adverts on Facebook pages and outside of Facebook. As the website operator, we have no influence on this use of the data.
If personal data is collected on our website and forwarded to Meta, we and Meta are jointly responsible for this collection and forwarding in accordance with Art. 26 GDPR: https://www.facebook.com/legal/controller_addendum.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
According to Meta, the personal data collected from website visitors is also stored on its servers in the USA and used as part of its own advertising measures. A level of data protection comparable to European law is ensured by the conclusion of standard contractual clauses approved in advance by the European Commission and participation in the EU-US Data Privacy Framework: https://de-de.facebook.com/help/566994660333381; https://www.facebook.com/legal/EU_data_transfer_addendum.
Further information on data processing at Meta can be found here: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.
CONTACT
If you contact us via the e-mail address provided, the user's personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. If contact is made by email, the sole purpose is to process the contact. This also constitutes the necessary legitimate interest in processing the data.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and, if applicable, storage is no longer required due to legal obligations.
SOCIAL MEDIA
We currently use the following social media links on our website: Facebook, Instagram, Threads and LinkedIn. We give you the opportunity to communicate directly with the provider via a link using the button. Only if you click on the marked field and thereby activate it will these platforms receive the information that you have accessed the corresponding website of our online offering (usage data). In addition, contact data (e.g. e-mail, user IDs); content data (e.g. entries in online forms); meta and communication data (e.g. IP addresses, identification numbers) are apparently transmitted. According to these platforms, in Germany the IP address is anonymised immediately after collection. However, by activating the link, your personal data is transmitted to these platforms and also stored outside the EU, including in the USA. A level of data protection comparable to European law is ensured by the conclusion of standard contractual clauses approved in advance by the European Commission and/or participation in the EU-US Data Privacy Framework.
As the platforms collect data via cookies in particular, we recommend that you delete all cookies via your browser's security settings before clicking on the link. However, we have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of any data collected by the social media provider.
These platforms store the data collected about you as user profiles and use them for the purposes of advertising, market research and/or customising their website. Such an evaluation is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective platform to exercise this right.
Data is passed on regardless of whether you have an account with the respective platform and are logged in there. If you are logged in there, your data collected by us will be assigned directly to your existing account there. If you click the activated button and, for example, link the page, the respective platform will also save this information in your user account and may share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile on the respective platform.
We use the links to offer you the opportunity to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the links is Art. 6 para. 1 sentence 1 lit. f GDPR.
We are also present on social networks and other communication platforms (Facebook, Instagram and LinkedIn). If you contact us on these channels, write posts or interact with our posts, we will process the data you provide there in order to respond to your enquiries. The risks described above apply. If we collect further data from you, we will inform you separately about its scope and use. The legal basis is Art. 6 para. 1 sentence 1 lit. b and f GDPR, unless we obtain separate consent from you for data processing.
Further information on the purpose and scope of data collection and its processing by the social media provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy:
The Facebook service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo as well as through the joint agreement on personal data provided by Facebook there https://www.facebook.com/legal/terms/page_controller_addendum. This agreement is provided by Meta Platforms Ireland Limited for all fan page operators and comes into force through our use of the fan page. Further information can be found in the ‘Information on Page Insights’ (https://www.facebook.com/legal/terms/information_about_page_insights_data); Standard Contractual Clauses (guaranteeing the level of data protection for processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further information: Agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data.
The Instagram service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Instagram privacy policy: http://instagram.com/about/legal/privacy/.
The LinkedIn service is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out; Further information on joint processing: https://legal.linkedin.com/pages-joint-controller-addendum.
V. ORDER PROCESSING
We also process various data of our customers and participating service providers, suppliers and third parties (in particular contact details, bank details and order-related data) in accordance with Art. 6 para. 1 lit. b. GDPR in order to fulfil our contractual obligations towards them. GDPR in order to provide them with our contractual or pre-contractual services, unless we make separate reference to further uses, as well as Art. 6 para. 1 lit. c. GDPR (legally required archiving). The required scope, type and duration of processing depend on the underlying purpose of the respective contractual relationship. Data will only be passed on to third parties if this is necessary to fulfil our contractual obligations and to process the contract or if we are legally obliged to do so, e.g. by authorities.
On our website, we offer users the opportunity to enter personal data once for an order. The data is entered in an input mask, transmitted to us and stored. Data may be passed on to one or more processors and contractual partners, in particular for the fulfilment of a contract.
The following data may be collected as part of the registration process
- Surname, first name
- company name
- company address
- Telephone number
- e-mail address
Unless otherwise agreed with our customers, we delete the data collected in this context after storage is no longer required, usually after the expiry of contractual or legal claims by us or our customers, or restrict processing if there are statutory retention obligations.
To prevent unauthorised access to your personal data by third parties, we encrypt our website using TLS technology.
STRIPE
We also use the payment service provider ‘Stripe’ (Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland) for your order. Data may also be transferred to the USA; the basis for the third country transfer are EU standard contractual clauses (SCC) and Stripe's participation in the EU-US Data Privacy Framework.
In this context, we pass on the following data to Stripe for the purpose of contract fulfilment: name of the cardholder, bank details, credit card details, credit card expiry date, credit card verification number (CVC), date and time of the transaction, transaction amount. This is done to fulfil our contractual obligations in accordance with Art. 6 para. 1 lit b. GDPR, as otherwise we would not be able to make a payment to the service provider Stripe. The use of this service provider corresponds to our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to offer you an efficient and secure payment method. We have concluded an order processing contract with Stripe (https://stripe.com/de/legal/dpa), which obliges Stripe to follow our instructions with regard to this data and to comply with data protection regulations in accordance with Art. 28 GDPR. Further information on objection and removal options vis-à-vis Stripe can be found at: https://stripe.com/de/privacy.
VI Rights of data subjects
You have the right
- in accordance with Art. 7 para. 3 GDPR, to withdraw any consent you may have given us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future;
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details (said decision-making does not take place).
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
- in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller; and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters (Hesse).
VII. RIGHT TO OBJECT
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation.
If you would like to exercise your right to object, simply send an email to info@bilderderzukunft.de or send a message to our contact details above.
