GCB GERMAN CONVENTION BUREAU E.V.
DATA PRIVACY REGULATIONS
The protection of your personal data is important to us.
We have taken technical and organisational measures to ensure that data protection regulations are met, both by ourselves and also by any external contractors instructed by us.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, phone number, email address, and also your IP address.
Data are anonymous if no personal reference to the user can be established.
YOUR RIGHTS AS A DATA SUBJECT
First of all, we would like to inform you of your rights as a data subject. These rights are specified in EU GDPR Articles 15-22. They include:
The right of access (EU GDPR Article 15)
The right to erasure (EU GDPR Article 17)
The right to rectification (EU GDPR Article 16)
The right to data transfer (EU GDPR Article 20)
The right to restrict data processing (EU GDPR Article 18)
The right to object to data processing (EU GDPR Article 21)
To exercise any of these rights, please contact: Michael Heidrich, Executive Director at email@example.com or +49 69 2429300. The same applies if you have questions about data processing by our company. You also have the right to lodge a complaint with a data protection supervisory authority.
RIGHT TO OBJECT
Please note the following in connection with your right to object:
If we process your personal data for the purpose of direct marketing, you have the right to object to such data processing at any time and without giving reasons. This also applies to any profiling associated with direct marketing.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for those purposes. You do not incur any costs when you object, and you can present your objection informally, preferably by writing to GCB German Convention Bureau e.V., Kaiserstr. 53, 60329 Frankfurt, Germany, or you can send an email to firstname.lastname@example.org.
In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
In such a case we will stop processing your personal data, unless we can prove compelling legitimate grounds to continue processing and to override your interests, rights and freedoms or if processing serves the assertion, exercise or defence of legal claims.
You may at any time withdraw your consent to our collection, processing and use of your personal data.
Should this become relevant, please write to GCB German Convention Bureau e.V., Kaiserstr. 53, 60329 Frankfurt, Germany, or you can send an email to email@example.com.
PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
When processing your personal data, we will observe the provisions of the EU GDPR and all other applicable data protection regulations. The legal basis for data processing is specified, in particular, in EU GDPR Article 6.
We will use your data to initiate business, to meet contractual and legal obligations, to implement the contract, to offer products and services and to strengthen our relationship with you as a customer, which may also include analyses for the purpose of marketing, including direct marketing.
Your consent is also a mandatory requirement for us under data protection law. When you provide consent, we will advise you about the purpose of data processing and your right to object. If consent covers the processing of special categories of personal data, we will expressly point this out to you in the declaration of consent, thus meeting the requirements of EU GDPR Article 88 (1).
Special categories of personal data within the meaning of EU GDPR Article 9 (1) will only be processed if this is required by legal regulations and if there is no reason to assume that you have an overriding legitimate interest in the exclusion of processing (see EU GDPR Article 88 (1)).
SPECIFIC USE / DISCLOSURE TO THIRD PARTIES
Any personal data you provide will be used by us to answer your queries or enquiries within the legal provisions, to deal with your orders or to provide you with access to specific information or offers. If we ask you to provide further data, then this is always voluntary information. Personal data are processed entirely for the purpose of performing the requested service and to safeguard any legitimate business interests we may have.
To implement specifically agreed services and to maintain our relationship with you as a customer, either we or a contractor instructed by us may use your personal data to keep you updated about products on offer or to conduct online surveys with a view to improving our services and the way we meet our customers’ needs. Your data will not be disclosed to third parties without your express consent and knowledge.
We will not sell your personal data to third parties or market them in any other way.
Personal data will only be collected and disclosed to suitably authorised state institutions and authorities in application of the relevant laws or in cases where we are required to disclose data under a court order.
RECIPIENTS OF DATA / CATEGORIES OF RECIPIENTS
Within our company we take care to ensure that your data are only disclosed to persons requiring them for the fulfilment of contractual or statutory duties. All persons are placed by us under an obligation to maintain confidentiality and to comply with data protection laws.
In some instances our departments engage the support of contractors in the fulfilment of their duties. In such cases we only transfer personal data to contractors or suppliers where such data are necessary for the fulfilment of tasks. The necessary data protection agreements have been concluded with all contractors and suppliers.
TRANSFER TO THIRD COUNTRIES / INTENTION TO TRANSFER TO THIRD COUNTRIES
Data will only be transferred to third countries (outside the European Union and the European Economic Area) if this is necessary for the performance of contractual obligations, if it is required by law or if you have given us your consent to do so.
We will transfer your personal data to a contractor or an affiliate in the following countries outside the European Economic Area: United Kingdom, United States of America. We guarantee compliance with data protection standards through binding corporate data privacy regulations and contract processing agreements.
RETENTION PERIOD FOR DATA
We store your data for as long as they are needed for the relevant processing purpose. Please be aware that numerous retention periods require the (mandatory and) continued storage of your date. This applies in particular to storage under commercial law and tax law (e.g. the German Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, data will be routinely deleted once their purpose has been achieved.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
SECURE TRANSMISSION OF YOUR DATA
In order to protect the data stored by us from accidental or intentional manipulation, loss, destruction or unauthorised access, we apply suitable technical and organisational security measures. Security levels are continually checked in cooperation with security experts and adapted to new security standards.
Any data exchange from and to our website is encrypted. We offer HTTPS as the transmission protocol for our website, in each instance using the latest encryption protocols. However, we may also want to use alternative channels of communication (e.g. postal services).
OBLIGATION TO PROVIDE PERSONAL DATA
Various personal data are necessary for the establishment, execution and termination of our contractual obligation and for the fulfilment of associated contractual and legal duties. The same applies to the use of our website and the various functions it provides.
We have summarised the relevant details for you in the above point. There are sometimes cases when we need to collect or provide data on the grounds of statutory provisions. Please be aware that we cannot process your request or perform our underlying obligation without the provision of those data.
DATA CATEGORIES, SOURCES AND ORIGINS
The data we process depend on each context. You may, for example, have logged into an online members’ area or presented a request via our contact form, or you may have sent us an application or sent an enquiry to our general email address.
Please be aware that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or making a contact request.
WHEN YOU VISIT OUR WEBSITE, WE COLLECT AND PROCESS THE FOLLOWING DATA:
• Name of your internet service provider
• Details of the website from which you are visiting our own site
• Your web browser and operating system
• The IP address assigned by your internet service provider
• Requested files, transferred data volume, downloads/file export
• Information about the pages of our website you visit, including dates and times
For technical security reasons (in particular to prevent attempts to attack our web server), such data are saved in accordance with EU GDPR • Article 6 (1) point f. After a maximum of 7 days your data are anonymised by truncating your IP address, so that you cannot be traced as the user.
WHEN YOU PRESENT A CONTACT REQUEST, WE COLLECT AND PROCESS THE FOLLOWING DATA:
• Surname, first name
• Email address
• Details of your requests and interests
WE COLLECT AND PROCESS THE FOLLOWING DATA FOR NEWSLETTER SUBSCRIPTIONS:
• Surname, first name
• Email address
• If necessary, data from a newsletter analysis
WE COLLECT AND PROCESS THE FOLLOWING DATA FOR COMPETITIONS:
• Surname, first name
• Email address (depending on the notification channel)
• Contact form / contact made by email (EU GDPR Article 6 (1) points a and b)
There is a contact form on our website that can be used for electronic contact. If you write to us via the contact form, we will process the information you provide on that form, so that we can then contact you and answer your questions and requests.
We observe the principles of data economy and data reduction by only requesting data which are necessary for us in order to contact you. These are your email address and the content of the message box itself. For technical reasons and for legal protection, we will also process your IP address. All other data are voluntary and can be entered optionally (e.g. to receive more specific answers to your questions).
If you contact us by email, any personal data you provide will only be used for the purpose of handling your enquiry or request. No further-reaching data collection will take place unless you use the relevant contact forms we offer.
When you complete a form, we see this as your consent to use your data as described above.
NEWSLETTER (EU GDPR ARTICLE 6 (1) POINT A)
Our website gives you the option of subscribing to a free newsletter. When you subscribe, the email address and name you specify will be used for the purpose of sending you personalised newsletters.
The principles of data economy and data reduction are met because the only information that is marked as mandatory is your email address (and, if necessary, also your name so that we can send you a personalised newsletter). For technical reasons and for legal protection, we also process your IP address when you subscribe.
You can of course cancel your subscription at any time via the unsubscription option provided in the newsletter, thus revoking your consent. Furthermore, you always have the option of unsubscribing directly via our website.
CONTESTS / MARKETING CONSENT (EU GDPR ARTICLE 6 (1) POINTS A AND B)
Our website provides you with the option of participating in our contests. When you complete the contest form or send us an email under the terms and conditions of the contest, we will process the relevant data exclusively for the purpose of the contest.
We observe the principles of data economy and data reduction by only requesting data which are necessary for the purpose of the contest and to notify you if you win a prize. This includes data such as your name and email address.
Any details that are mandatory for this purpose are marked in the relevant boxes with an asterisk (*) or are suitably specified in the terms and conditions for entry. For technical reasons and for legal protection, we also process your IP address. The remaining details are optional, i.e. you are welcome to complete them if you wish to do so. We regret that we can only run the contest if we have the details requested in the mandatory boxes, so that you can only participate if you share those details with us.
The contest form also allows you to give us your marketing consent. It is of course also possible to participate in the contest without giving your marketing consent.
If you give us your consent by ticking the relevant checkbox, one of the purposes of our data processing will be to email you information and offers on products and services.
You can always withdraw your consent without giving reasons. To do so, ring +44 69 2429300, send an email to firstname.lastname@example.org or send a letter to GCB German Convention Bureau e.V., Kaiserstrasse 53, 60329 Frankfurt am Main, Germany.
REGISTRATION / MEMBERSHIP ACCOUNT (EU GDPR ARTICLE 6 (1) POINTS A AND B)
On our website we give each member the option of logging into their membership account with their personal data.
Registration is therefore necessary or possible, either so that we can perform our side of the contract with you or so that we can carry out pre-contractual measures.
We observe the principles of data economy and data reduction by only marking data as mandatory if they are necessary for registration. These are the username and the password.
When you log onto our website, we also store your IP address and the date and time of your registration (technical background data). By clicking “Login”, you give your consent to the processing of your data.
Once you have received a password, please remember to change it after your first login. Employees of our company cannot access this password, so that they cannot therefore give you any information if you have forgotten your password.
No employee is entitled to ask you for your password by phone or in writing. Never share your password if you receive such requests.
MARKETING TOWARDS MEMBERS AND CUSTOMERS (GDPR ARTICLE 6 (1) POINT F)
GCB German Convention Bureau e.V. Is interested in maintaining a relationship with you as a member and customer and in providing you with information and offers concerning our products and services. We therefore process your data with a view to sending you relevant information and offers by email.
If you do not want this to happen, you can always object to the use of your personal data for the purpose of direct marketing; this also applies to any profiling that may be connected with direct marketing. If you file an objection, we will no longer process your data for this purpose.
You can present your objection free of charge and without giving reasons, preferably by ringing +49 69 2429300, by emailing email@example.com or by writing a letter to GCB German Convention Bureau e.V., Kaiserstr. 60329 Frankfurt, Germany.
AUTOMATED CASE-BY-CASE DECISIONS
We do not use purely automated decision-making processes.
COOKIES (EU GDPR ARTICLE 6 (1) POINT F / ARTICLE 6 (1) POINT A ON CONSENT)
Parts of our website use so-called cookies. These are intended to make our website more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser (i.e. saved locally to your hard drive).
They allow us to analyse how users use our website and to ensure that web content is suitably geared towards our visitors’ needs. Cookies also allow us to measure the effectiveness of certain advertisements and their placements, for example, depending on the topics that interest our users.
Most of the cookies we use are session cookies and are therefore deleted as soon as a given session has finished. Permanent cookies are automatically deleted from your computer when their period of validity (usually six months) has been reached or if you delete them yourself before they expire.
Most web browsers automatically accept cookies. However, you can change the relevant settings of your browser at any time if you do not wish to send such information to us. You can still use the offers on our website without restrictions (with the exception of configurators).
However, you can also use our website without cookies. If you do not want us to recognise your computer, you can prevent cookies from being saved to your hard drive by choosing the option “Do not accept cookies” in your browser settings. To find out how to do this, please consult the user instructions provided by your browser manufacturer. Please be aware, however, that if you disable cookies, the functions of our services may be limited for you.
USE OF GOOGLE ANALYTICS (EU GDPR ARTICLE 6 (1) POINT F)
(1) This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter referred to as “Google”). Google Analytics uses so-called cookies – text files that are saved to your computer and which allow us to analyse your use of our website. The information that is created by cookies on your use of our website is usually sent to a Google server in the United States, where it is saved. However, if you have activated IP anonymisation for this website, your IP address will not be sent without first being truncated by Google within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and then truncated there. Acting upon our instruction as the website operator, Google will use this information to analyse your use of the website, to set up reports on website activities and to provide us with other services connected with website use and internet use.
(2) The IP address which Google Analytics sends via your browser will not be linked by Google with any other data it may have. You have the option of preventing the storage of cookies through a suitable setting in your browser; please be aware, however, that this may prevent you from using all the functions of this website to their full potential.
(3) Furthermore, if you wish to prevent the collection of data generated by cookies and related to the usage of the website (incl. your IP address) and if you wish to opt out of such data being processed by Google, you can download and install a browser plugin from the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Our site uses so-called social plug-ins (“plug-ins”) for the social media providers Facebook and Google+ as well as for the micro-blogging services Twitter and Instagram. We also use YouTube and LinkedIn plug-ins. These services are offered by Facebook Inc., Twitter Inc., Instagram LLC, YouTube LLC and the LinkedIn Corporation (“service providers”).
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Such plug-ins are marked with a Facebook logo or by the additional text “Facebook Social Plug-in”. When you press a button, calling up a page on our website that contains such functions, your browser connects directly to Facebook servers. Facebook then sends the content of the plug-in directly to your browser, which integrates it into the website.
By activating the plug-in, Facebook is told that you have accessed the corresponding page on our website. If you are logged on to Facebook at that time, Facebook can from that moment onwards associate your visit with your Facebook account even if you have not provided further confirmation via a Facebook button. If you interact with the plug-ins (e.g. via the “Like” button) or if you use the Facebook interface when logging in, your browser sends this information directly to Facebook, where it is then stored.
If you do not want Facebook to link the data collected on our website to your Facebook account, you must log out of Facebook before visiting our website. You also have the option of installing suitable blockers through add-ons in your browser.
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In this process, data are also transferred to Twitter.
By activating the plug-in, Twitter is told that you have accessed the corresponding page on our website. If you are logged on to Twitter at that time, Twitter may from that moment onwards associate your visit with your Twitter account even if you have not provided further confirmation via a Twitter button. If you interact with the plug-ins (e.g. by posting a tweet), your browser sends this information directly to Twitter, where it is then stored.
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This allows Instagram to associate your visit to our site with your user account. Please be aware that we, the site operators, have no knowledge of the content of data transmitted or how Instagram uses those data. For further details, please refer to Instagram’s Platform Policy, available at https://www.instagram.com/about/legal/terms/api/.
Our website uses YouTube plug-ins, operated by Google. The operator of such pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection is established with the relevant YouTube servers. The YouTube server is notified which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing patterns directly with your personal profile. You can prevent this by logging out of your YouTube account. Further details about the use of user data can be found in the YouTube Privacy Guidelines at https://www.youtube.com/static?template=privacy_guidelines
Our site uses functions from the LinkedIn network, provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages containing LinkedIn features, your browser establishes a direct connection to LinkedIn servers. LinkedIn is told that you have visited our website from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit of our website with your user account. Please be aware that we, the site operators, have no knowledge of the content of data transmitted or how LinkedIn uses those data.
Two clicks for more privacy. A social media button is only activated when you click on it, and your browser then connects directly with the relevant servers. When you click on such a button for the first time, you therefore indicate your consent to data being transferred to the relevant service provider. Your click on the button tells the service provider that you have accessed the relevant page on our website. If you are already logged into the relevant social media network, your visit can be associated with your account from that moment onwards, even if you do not click the button for a second time. If you interact with the plug-ins (e.g. by posting a comment and therefore clicking the button for a second time), your browser sends this information directly to the service provider, where it is then stored.
The legal basis for such data processing is GDPR Article 6 (1) point f. Our purpose and legitimate interest are to achieve an increased awareness of our products.
CHILDREN AND YOUNG PEOPLE
Persons under 18 must not send us personal data or issue a declaration of consent to us without obtaining the consent of a parent or guardian. We do not request personal data from children or young people, nor do we collect such information or disclose it to third parties. Furthermore, we wish to encourage parents and guardians to take an active role in their children’s online activities and interests.
Our website also contains clearly recognisable links to the websites of other companies. We have no influence on the content of such websites. We cannot therefore give any guarantee or accept any liability for their contents. Such content is always the responsibility of the relevant site owner or operator.
The linked sites have been checked for possible legal infringements or recognisable violations at the time of being linked. No unlawful content was apparent at the time when the links were created. Unless there is concrete evidence that unlawful acts have been committed, we cannot be expected to monitor the content of linked sites on a permanent basis. Should legal violations become known to us, we will remove the relevant links immediately.
We have taken technical and organisational security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and all individuals involved in information processing are under an obligation to observe the German Federal Data Protection Act (BDSG) and other privacy-related laws and have undertaken to ensure the confidential use of personal data.
QUESTIONS, SUGGESTIONS AND COMPLAINTS
CONTROLLER AND DATA PROTECTION OFFICER
GCB German Convention Bureau e.V., Kaiserstrasse 53, 60329 Frankfurt am Main, Germany
Phone: +49 69 2429300, fax: +49 69 24293026, email: firstname.lastname@example.org, URL: www.gcb.de
CONTACT DETAILS OF DATA PROTECTION OFFICER
GCB German Convention Bureau e.V., Mr Michael Heidrich, Executive Director
Pursuant to the European Directive 2013/11/EU, we wish to point out that the EU Commission runs an internet platform (“OS Platform”) for the online resolution of disputes between businesses and consumers. You can access this platform at ec.europa.eu/consumers/odr.
Thank you for your trust in GCB German Convention Bureau e.V.