We collect various types of data on our websites. Some data is collected by us automatically when you use our services, for example through the use of so-called cookies. This automatically collected data is mostly of a general nature and primarily contains information about the duration and location of access. In addition, we collect personal data with your consent and data that you enter voluntarily if you wish to use certain services. It is possible to use our website without providing personal data, but this may be considerably restricted in some cases.

You decide whether to consent to the use of various purposes and service providers the first time you visit our website. With the exception of the processing that is absolutely necessary for the operation of the website, it is up to you to decide which data processing you allow.

Due to many regulatory changes, a comprehensive set of data protection regulations has emerged in recent years, which is intended to ensure data security and strengthen the rights of users on the one hand, but has also produced a flood of relevant terms on the other. In order to make the following more detailed explanations of collected data, legal regulations and rights more accessible, we have briefly summarized the most important of these terms below.

Definitions of terms

In our data protection information, we use terms that are used and defined in the GDPR. We would like to explain the most important terms so that you know what they mean.

Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller in accordance with instructions.

Consent banner

As a user, you have the option to give your consent to processing that requires consent and to revoke this consent for the future. You make this decision via the so-called consent banner, which is automatically called up the first time you visit our website and provides you with the most important information on data processing.

Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s device. A cookie is primarily used to store information about a user during or after their visit to an online service. The information stored may include, for example, the language settings on a website, the login status, a shopping cart or video interactions. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”). Cookies are used to make websites more user-friendly. As cookies are stored on the user’s computer, you have control over the cookies. You can make changes to the use and storage of cookies in your Internet browser settings. However, deactivating cookies will in most cases limit the usability of our website.

Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent

Consent is an expression of self-determination under data protection law. It is the voluntary, informed and unambiguous expression of will in the form of a statement or other unambiguous affirmative act by which the data subject indicates that they consent to the processing of their personal data. Any consent given can be revoked at any time for the future.

Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Telecommunications Telemedia Data Protection Act (TTDSG) 

The TTDSG is a law designed to protect the integrity of the end device and thus the privacy of users. The legal basis for the storage and retrieval of information in the end user’s terminal equipment is consent, in accordance with Section 25 (1) sentence 1 TTDSG. This consent is requested when the website is accessed.

According to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.  In the cookie settings, you can see which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exception rule of Section 25 (2) TTDSG and therefore do not require consent.

Please note that the legal basis for the downstream processing of personal data is then derived from the GDPR. The relevant legal bases for the processing of personal data on this website can be found later in this privacy policy.

Processing

Processing is any operation or set of operations which is performed on personal data, whether or not by automated means. This basically includes any handling of personal data such as the collection, storage, modification, use, transmission, dissemination, erasure or destruction of personal data.

Controller

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller must ensure the permissibility of data processing through the use of technical and organizational measures that are regularly reviewed.

Data transfer outside the EU

The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union as part of the use of third-party services.

We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may then only be processed on the basis of special guarantees, such as the EU Commission’s officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations, the so-called “standard data protection clauses”.

If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. This data is not merged with other data sources without your consent.

When you visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address
• Directory protection user
• Date, time
• Pages accessed
• logs
• status code
• amount of data
• Referrer URL (last website visited)
• User agent (browser)
• Host name called up.

Temporary storage of the IP address by our system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Temporary storage or processing of this so-called server log data is absolutely necessary for reasons of ensuring functionality or technical security, in particular to defend against and defend against attempts to attack or cause damage, and is carried out with our corresponding legitimate interest, in accordance with Art. 6 Para. 1 lit. f) GDPR.

Under the EU General Data Protection Regulation, you as the data subject have various rights that you can assert at datenschutzbeauftragter@bvdw.org. These are set out below:

Right to information

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from us:

• the purposes for which the personal data are processed
• the categories of personal data being processed
• the recipients or categories of recipients to whom your personal data have been or will be disclosed
• the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period
• the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• all available information about the origin of the data if the personal data is not collected from the data subject
• the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You also have the right to request information as to whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

You also have a right to rectification and completion vis-à-vis us if your personal data is incorrect or incomplete.

Right to lodge a complaint with the supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority responsible for us:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61

10555 Berlin

Phone: +49 30 13889-0

Fax: +49 30 2155050

E-mail: mailbox@datenschutz-berlin.de

The supervisory authority with which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions

• if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
• if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether our legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

Right to erasure

You can demand that we delete your personal data immediately and we are obliged to delete this data immediately if one of the following reasons applies:

• your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing;
• you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;
• your personal data has been processed unlawfully;
• the erasure of your personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject
• your personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

The right to erasure does not exist if the processing is necessary

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDP
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise or defense of legal claims.

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that

• the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
• the processing is carried out by automated means.

In exercising this right, you also have the right to obtain that your personal data be transferred directly by us to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

We integrate content from other websites on various pages on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. This content is inactive by default, but you can activate it. This integration makes it possible to call up the excerpts, contributions and, in particular, videos directly on our website.

Even if you have not consented to the use of the respective provider of the external content, you have the option of giving your direct consent for the respective content for each embedded post or video. You can revoke this consent at any time in our data protection settings.

If you have consented to the display of external content or use a social media button, the provider may set cookies and collect data for statistical analysis. When embedding content from Facebook, the IP address is anonymized immediately after collection, according to the respective provider in Germany. YouTube uses cookies to collect reliable video statistics, to prevent fraud and to improve user-friendliness, among other things. By activating the external content, either directly when the page is called up or directly with the respective contribution, personal data is transmitted to the respective provider and stored there (in the case of US providers in the USA).

We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

If content is integrated via a social media provider or you use the respective social media button, the data collected about you is stored as a user profile and used for the purposes of advertising, market research and / or needs-based design of the social media page. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective provider to exercise this right. Data is passed on regardless of whether you have an account with the social media provider and are logged in there.

We integrate content from the following external providers. You can find out more about the privacy policies of the individual third-party providers by clicking on the following links:

• Twitter content: We integrate Twitter content into the website via the Tweet plugin. To the Twitter privacy policy: https://twitter.com/de/privacy 
• Content from Facebook: We integrate Facebook content into the website via the Facebook plugin. To the Facebook privacy policy: https://www.facebook.com/privacy/explanation
• Content from YouTube: We use the YouTube player to integrate videos from its YouTube channels or videos from other providers into the website. To the Google privacy policy: https://support.google.com/youtube/answer/2801895?hl=de 
• Content from Instagram: Instagram’s “Embed” function allows us to integrate images and videos from Instagram into our website. To the Instagram privacy policy: https://www.instagram.com/legal/privacy/

We maintain a presence on social media. Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information on data protection in relation to our company websites.

In addition to us, we are responsible for the company websites within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations:

• Meta Platforms (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
• Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
• Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)

You use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). We would like to point out that your personal data may be processed outside the European Union.

The processing of your personal data by us is based on our legitimate interests in effective information and communication in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

As we do not have full access to your personal data, you should contact the social media providers directly when asserting your rights as a data subject, as they have access to the personal data of their users and can take appropriate measures and provide information.

If you still need help, we will of course try to support you.

 This section lists the data processing procedures on this website. It also transparently shows which services we use for this purpose.

Consent management using WordPress

Our website uses a WordPress-based consent management tool to obtain your consent preferences for the storage of certain cookies in your browser and to document these in compliance with data protection regulations.

When you visit our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you ask us to delete it or delete the cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

The consent management platform is used to obtain the legally required consent for the use of cookies and downstream data processing. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) and c) GDPR.

Hosting

This website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany (host). The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our hoster will only process your data within the framework of the existing order processing, in accordance with our instructions.

Hubspot 

This website uses the HubSpot software from the US software company of the same name with a branch in Ireland, HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is a software solution for managing and implementing inbound marketing. The stored information is saved on HubSpot servers. It can be used by us to contact visitors to our website and to determine which of our company’s services are of interest to you. We use all information collected exclusively to optimize our marketing. You can find more information in the terms of use and the data protection guidelines of HubSpot Inc. at http://www.hubspot.com/terms-of-service and at http://www.hubspot.com/privacy-policy.

We need Hubspot to process user requests efficiently and quickly. The basis for data processing is Art. 6 para. 1 lit. f) GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Contacting us

If you contact us, a contact form is available on our website, which you can use to contact us electronically. The data entered in the input mask will be transmitted to us and stored. These data are

• Name
• e-mail address
• Message

The following data is also stored when the message is sent:

• IP address

It is also possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. Your data will not be passed on to third parties in this context; the data will only be used to process the communication.

The processing of personal data in this context serves solely to process the contact. The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 sentence 1 lit. b) GDPR, additionally Art. 6 para. 1 sentence 1 lit. f) GDPR.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Become a member

On our website, we offer you the opportunity to apply for membership with us. You have the option of applying for ordinary, special or supporting membership. We also offer a separate membership for individuals under 30.

The processing of personal data in this context serves solely to initiate a membership and the subsequent fulfillment of the contract in the context of a successful membership. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

Newsletter

You can subscribe to a free newsletter on our website, with which we inform you about our current interesting offers. The data that you enter in the input mask during registration will be transmitted to us.

We collect the following data on the basis of the consent obtained from you during the registration process: Title, surname, first name, e-mail address. In addition, the IP address of the accessing computer and the date and time of registration are collected and stored.

Double opt-in and logging

Registration for our newsletter takes place in a so-called double opt-in procedure. After registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people’s e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

Legal basis

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The purpose of collecting the user’s email address is to send the newsletter.

Deletion, revocation and objection

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active. You can unsubscribe from the newsletter at any time by revoking your consent. There is a corresponding link for this purpose in every newsletter. We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.

Dispatch service provider
The newsletter is sent via “Inxmail”, a newsletter dispatch platform of the provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg.

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on Inxmail’s servers in Germany. Inxmail uses this information to send and analyze the newsletter on our behalf. Furthermore, anonymized data is used to optimize or improve the Inxmail services, e.g. for the technical optimization of the dispatch and presentation of the newsletter, for statistical purposes or to improve IT security. However, Inxmail does not use the data of our newsletter recipients to write to them itself or pass it on to third parties. Furthermore, we have concluded an order processing agreement with Inxmail.

Statistical survey

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link your personal data and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID.

The data is only collected in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal identification is excluded. You can object to this tracking at any time by clicking on the separate link provided in every e-mail or by informing us via another contact channel. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously.

Ticket sales

On our website, we offer you the opportunity to purchase tickets for various events. To process ticket orders on our website, we have integrated the service pretix, which is offered by rami.io GmbH, Markgräfler Straße 16, 69126 Heidelberg, Germany. The service is integrated via JavaScript. We have concluded an order processing contract with rami.io GmbH.

When purchasing tickets, pretix uses a technically necessary cookie to enable the order process and, for example, to enable the shopping cart to function. Further information on data protection at pretix can be found at: https://pretix.eu/about/de/privacy.

The legal basis for data processing is Art. 6 para. 1 lit. b) GDPR (contractual relationship regarding the purchase of tickets).

Advertising by email, telephone and letter

We use your contact data for advertising if you have consented to this (Art. 6 para. 1 lit. a) GDPR), as well as for legally permissible direct advertising for our own and related products if you have specified this when ordering or registering (Art. 6 para. 1 lit. f) GDPR in conjunction with. § Section 7 para. 3 UWG).

If you no longer wish to receive advertising, you can revoke your consent at any time or object to direct advertising by clicking on the unsubscribe link at the end of the email, or by sending an email to datenschutzbeauftragter@bvdw.org in writing to our company address given at the beginning (please provide your name and contact details) or by telephone using the telephone number given at the beginning.

Your personal data will be passed on to our external and internal marketing and newsletter service providers and competition partners if they support us in data processing. We contractually oblige them neither to use data for their own purposes nor to pass it on to others. We will not pass on your data to third parties for advertising purposes without your express consent. The data processed by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

We and our partners use certain cookies and similar technologies in order to be able to offer our digital services, to technically provide you with the content on the website, to ensure the security of the website, to correct possible errors and to carry out analyses.

For this purpose, we and our partners (“providers”) process personal data such as your IP address or ID and browser information. The legal basis for this processing is your voluntary consent, which you can revoke at any time, in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

In some cases, we or our partners (“providers”) process your data on the legal basis of legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests here include session-based reach measurement and the display of paywalls, which are absolutely necessary for the operation and refinancing of our digital offering.

Some of our service providers process your data outside the European Union. We only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may then only be processed on the basis of special guarantees, such as the EU Commission’s officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations, the so-called “standard data protection clauses”.

Purposes of the data processing

As part of our website, we and our partners (“providers”) pursue the purposes described below:

• Essential: Essential cookies enable basic functions and are necessary for the proper functioning of the website.
• Marketing: Marketing cookies collect information anonymously. This information helps us to understand how our visitors use our website.
• External media: Content from video platforms and social media platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent.

Information on the tools used for the purposes described can be found directly in our privacy settings. These can be found below or in the footer of our website.

You can adjust and revoke your consent to data processing requiring consent, for example to advertising tracking, at any time in the data protection settings.