Privacy policy
I Scope
With this document, the controller would like to fulfill its information obligations to data subjects
according to Art. 13 and 14 of the General Data Protection Regulation (GDPR).
This privacy policy will be published at https://www.formwelt.net/privacy-policy and apply since September
2020. Due to the further development of our website or due to changed legal or official requirements,
it may become necessary to change this privacy policy. The amended version will be available on this
page
II Who is responsible for data processing?
Responsible for data procesing according to Art. 4 No. 7 GDPR
FORMWELT, gUG (haftungsbeschränkt), Im Anger 18, 29439 Lüchow.
The complete imprint is available at: https://www.formwelt.net/imprint
III Is there a data protection officer (DPO)?
We did not appoint a data protection officer (DPO) for our company.
IV What do we process your data for?
IV.1 Logfiles / Hosting
If you visit our website without registering or otherwise conveying information to us, we will only store
such data that your browser transmits to our server ("server log files"):
- The individual pages of our website (URL)
- Date and time at the time of the access
- Amount of data in bytes
- Source/link from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable anonymized)
Our website is hosted by a hosting provider. The web server used stores the aforementioned server log files.
- Processing purpose: Hosting of our website
- Legal basis and legitimate interests: Data processing shall take place for the purpose of ensuring readiness for operation of our website in which we have a legitimate overriding interest, Art. 6 para. 1 lit. f GDPR. We commissioned a service provider to supply infrastructure and platform services, computing capacity, storage capacity and database, security and technical maintenance services to us
- Data receiver: Webflow, Inc. https://webflow.com
- Privacy Policy of Webflow: https://webflow.com/legal/eu-privacy-policy
- Transfer of personal data to a third country: If data that is not anonymized is transmitted to Webflow, the data will also be processed in the USA.
- Appropriate safeguards: We have concluded the EU standard contractual clauses with Webflow, which are appropriate safeguards according to Art. 46 para. 2 lit c) GDPR.
IV.2 Cookies
IV.2.a General
(aa) Definitions
Below you will find extensive information on so-called "cookies" and other storage technologies („web storage“). They are often stored in databases on your device. The following terms are used below where applicable:
- First-Party-Cookie: This cookie is stored or changed on your device directly by the website you are visiting
- Third-Party-Cookie: This cookie is stored or changed by third parties with whom the website operator is connected (e.g. an advertising network, a social media platform, etc.)
- Session-Cookie: This cookie is deleted from your device when you close the browser. Often, a session cookie only saves a session ID in order to assign several requests from a user on one page to his session
- Persistent cookie: This cookie is stored on your device until its validity expires or you delete it manually or automatically in the browser
- Technically necessary cookie: his cookie is technically necessary to display our website and enables the necessary functions contained on it
- Technically unnecessary cookie: This cookie is not absolutely necessary for the display or use of the website, but enables us or you to have a special functionality
- Local Storage: This information is also stored in your web browser until it is manually deleted.
- Session Storage: This information is also stored in your web browser until you close the browser window.
Every type of "cookie" or "web storage" can contain personal data. In many cases, however, the data is pseudonymized.
(bb) Legal basis
- Technically necessary cookie and web-storage: The storage and modification of technically necessary cookies are based on the legal basis of our overriding legitimate interests under Art. 6 (1) lit. f GDPR. These are the optimal, browser and operating system independent, technically secure external presentation and advertising of our company on the Internet as well as the user-friendly and effective design of your website visit.
- Technically unnecessary cookie and web-storage: The storage and modification of technically unnecessary cookies are based on the legal basis of your individual personal and voluntary consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future. The data processing until the revocation remains lawful. Please note that if you do not accept cookies that are not technically necessary, some functionality of our website may be restricted.
(cc) Data recipients / Accessibility
- First-Party-Cookies: Only we, as the data controller and site operator, have access to this information.
- Third-Party-Cookies: Only the third party that has set these cookies itself has access to them. For example, only Google has access to a cookie set by Google and can read or modify it.
- Web-Storage: Only we, as the data controller and site operator, have access to this information.
(dd) Storage duration
- Session-Cookies: These remain only temporarily stored in your browser until the end of the browser session or can be deleted by you beforehand.
- Persistent-Cookies: These remain stored on your device as long as specified for the respective cookie or can be deleted by you beforehand.
- Local-Storage: Remains stored until it is manually deleted.
- Session-Storage: Remains saved until the browser window is closed.
The exact storage period is specified under "cookies used".
(ee) Deletion options
Please note that you can configure your browser to inform you about cookies and let you decide individually about accepting or declining cookies for specific cases or in general. Every browser differs in the way it manages cookie settings. This is described in the help menu of every browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
A general objection to the use of cookies for online marketing purposes may be declared for a large number of the services, especially in the case of tracking, via the U.S. site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/
IV.2.b Cookies Used
In the following overview, we list the technically necessary first-party cookies used on our website and the purpose of the data:
- pretix_widget_https_pretix_eu_formwelt_larnaca21_ (Persistent Cookie)
Function: Session management and ticket checkout
Storage duration/Validity: 1 month
In the following overview, we list the technically necessary third-party cookies (rami.io GmbH) used on our website and the purpose of the data processing:
- __proxy_session (Persistent Cookie)
Function: Session management
Storage duration/Validity: 7 days - pretix_csrftoken (Persistent Cookie)
Function: CSRF (Cross-site request forgery) countermeasure
Storage duration/Validity: 1 year - pretix_language (Persistent Cookie)
Function: Storage of the selected language
Storage duration/Validity: 10 years - pretix_session (Persistent Cookie)
Function: Session management
Storage duration/Validity: 2 weeks
IV.3 Contact us
If you contact us (e.g. using the contact form, e-mail, telephone), personal data will be collected. Which data is collected in the case of a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. Without this mandatory information, we cannot process your request. All other details are optional.
- Processing purpose: Answering your request
- Legal basis: Art. 6 para. 1 lit. b GDPR for pre-contractual or contractual matters. Art. 6 para. 1 lit. a GDPR for your voluntary information. Art. 6 para. 1 lit.f GDPR for all other inquiries as well as the use of our technical service providers.
- Legitimate interests: The processing using the service provider is based on our predominantly legitimate interest in the secure, timely and professional response to your request.
- Storage period: Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention requirements. In the case of pre-contractual and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer any legal reason to store it, the data will be deleted.
- Data receiver: E-Mails: Hover, a service of Tucows https://www.hover.com. Hosting (see above) for using the contact form.
- Privacy policy of hover: https://www.hover.com/privacy
- Transfer of personal data to a third country: Unless anonymized data is transmitted to Hover, the data will also be processed in Canada.
- Appropriate safeguards: With regard to Canada, the European Commission decided that Canada offers adequate protection for the personal data of citizens from EU member states (Art. 45 GDPR).
Security notice
Please do not send us any sensitive personal data (such as bank data, health data, etc.) via unencrypted e-mail or the contact form to ensure the confidentiality of the information. Data sent unencrypted over the Internet may be read and/or intercepted by unauthorized third parties. Please use the postal service for this sensitive data.
IV.4 Non-profit activities
We process the data of our supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b. GDPR, provided that we offer you contractual services or act within the scope of an existing business relationship, e.g. with members, or are ourselves recipients of services and benefits. In addition, we process the data of data subjects in accordance with Art. 6 (1) (f) GDPR on the basis of our predominant legitimate interests in the success of our organization, e.g. when it comes to administrative tasks or public relations.
IV.5 Donations
If you support us with donations, we will process your personal data as follows.
- Processing purpose: Acceptance and accounting of donations
- Legal basis: For the required data of the donor: Art. 6 para. 1 p. 1 lit. b GDPR. For further voluntary data: Art. 6 para. 1 lit. a GDPR.
- Storage period: This is based on the legal regulations for the treatment of donations
- Data receiver: Banks, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
- Privacy Policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
IV.6 Online-Videos
YouTube-Videos
Our website uses the embedding function of YouTube, which belongs to Google Ireland Ltd. (Google). A connection to the YouTube servers is only established when you start the embedded YouTube video on a website. This tells YouTube which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand. Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google's privacy policy.
- Processing purpose: Bereitstellung eines umfassenden und professionellen Onlineangebots auch mit Videos. Nutzerfreundliche Wiedergabemöglichkeit ohne Wechsel der Website. Schnelligkeit der Videowiedergabe.
- Legal basis: For the use of YouTube you give us your consent according to Art. 6 para. 1 s. 1 lit. a GDPR, which you can revoke at any time with effect for the future by closing the browser window. The evaluation by Google is carried out in accordance with Art 6 (1) (f) GDPR on the basis of Google's legitimate interests in the display of personalized advertising, market research and / or the needs-based design of its website. You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise this right.
- Storage period: With regard to the storage period, we refer to Google’s privacy policy.
- Data receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA - Privacy policy von Google: https://policies.google.com/privacy
- Possibility of objection (Opt Out Plugin): https://tools.google.com/dlpage/gaoptout?hl=de
- Transfer of personal data to a third country: If data that has not been anonymized is transmitted to Google LLC, data processing takes place in the USA.
IV.7 Web Fonts
Our website uses so-called web fonts that are provided by the respective provider for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the servers of the respective provider. This gives the provider knowledge that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be loaded from your computer.
- Processing purpose: Uniform presentation of our website in all media
- Legal basis and legitimate interests: The integration takes place on the basis of our legitimate interests (Art. 6 para. 1 s. 1 lit. f. GDPR) in a technically safe, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
We use web fonts from the following providers:
Google
- Data receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA - Privacy policy von Google: https://policies.google.com/privacy
- Transfer of personal data to a third country: If data that has not been anonymized is transmitted to Google LLC, data processing takes place in the USA.
IV.8 Sale of tickets for events
IV.8.c General
If you book your participation in events with us, your data will be processed as follows: The mandatory information can be found on the booking form. Without this mandatory information, we cannot carry out the booking.
- Processing purpose: Processing your ticket booking.
- Legal basis: Contract according to Art. 6 para. 1 lit. b GDPR. Your consent in accordance with Art. 6 Para. 1 lit. a GDPR applies to the data you voluntarily provide. For other processing, Article 6 (1) (f) GDPR applies.
- Legitimate interests: Debt collection and enforcement; Measures for business management and further development of services and products
- Storage period: Once the contract has been fully processed and the outstanding claims have been paid in full, your data will be blocked for further use and deleted after the retention periods under tax and commercial law have expired, unless you have expressly consented to further use of your data.
- Data receiver: For ticket processing: rami.io GmbH https://pretix.eu. For e-mails: Hover, a service of Tucows https://www.hover.com.
- Privacy Policy of rami.io GmbH: https://pretix.eu/about/de/privacy
- Privacy Policy of hover: https://www.hover.com/privacy
- Transfer of personal data to a third country: Unless anonymized data is transmitted to Hover, the data will also be processed in Canada.
- Appropriate safeguards: With regard to Canada, the European Commission decided that Canada offers adequate protection for the personal data of citizens from EU member states (Art. 45 GDPR).
IV.8.d Education / Trainings
If you book workshops or trainings with us, we will use Eventbrite as an external partner.
- Processing purpose: Processing your booking.
- Legal basis: Contract according to Art. 6 para. 1 lit. b GDPR. Your consent in accordance with Art. 6 Para. 1 lit. a GDPR applies to the data you voluntarily provide. Article 6 (1) (f) GDPR applies to other processing and the use of the processor.
- Legitimate interests: Professional handling of the booked services
- Data receiver: Eventbrite, Inc. https://www.eventbrite.de
- Privacy Policy of Eventbrite:
https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von-eventbrite?lg=de - Transfer of personal data to a third country: Insofar as personal data is processed, the data processing takes place in the USA.
- Appropriate safeguards: We have concluded the EU standard contractual clauses with Eventbrite, which are to be regarded as suitable guarantees according to Art. 46 para. 2 lit c) GDPR
IV.8.e Payment processing
- Processing purpose: Execution of the order. Processing the payment.
- Legal basis: Contract according to Art. 6 Para. 1 lit. b GDPR.
- Provision obligation: Depending on the selected payment method, you must provide us or the payment service provider with the required payment data.
- Data receiver: The payment service providers used are listed below:
paypal
- Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
- Privacy Policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Credit check: PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
Stripe
If you opt for a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., to whom we will send the information you provided during the ordering process along with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR.
IV.8.f Direct mail
- Processing purpose: Direct mail, sales promotion
- Legal basis: Our overriding legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR
- Legitimate interests: Direct mail, sales promotion
- Data receiver: Marketing agencies, Lettershop
IV.8.g Legal obligation
- Processing purpose: Fulfillment of legal obligations (e.g. information, notification, disclosure and retention obligations, payment of taxes and duties)
- Legal basis: The respective legal regulation in connection with Art. 6 Paragraph 1 lit. c GDPR applies.
- Data receiver: Authorities, state institutions, lawyer, tax advisor, possibly data protection officer
V What data protection rights do I have?
1. As a person concerned, you have the following rights:
- Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data are being processed. The requirements for this can be found in Art. 15 DSGVO;
- Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 of the GDPR;
- Correction: You have the right to request that inaccurate personal data concerning you be corrected without delay. The requirements for this can be found in Art. 16 of the GDPR;
- Deletion: You have the right to request the immediate deletion of personal data concerning you. The requirements for this can be found in Art. 17 of the GDPR;
- Restriction of processing: You have the right to request the restriction of the processing of your personal data. The requirements for this can be found in Art. 18 DSGVO;
- Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to have this data transferred to another controller by us. The requirements for this can be found in Art. 20 DSGVO;
- Revocation of consent: You have the right to revoke your consent at any time if the processing is based on Art. 6 (1) lit. a or Art. 9 (2) lit. a DSGVO. The data processing remains lawful until the revocation. The revocation only applies for the future. The requirements for this can be found in Art. 7 (3) DSGVO;
- Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The requirements for this can be found in Art. 77 DSGVO. You can contact the supervisory authority responsible for the controller or the one in your country or federal state. You can find a list of all supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
2. Right of objection
- You have the right to object at any time and with future effect to the processing of personal data relating to you which we process on the basis of our overriding legitimate interest (Art. 6 (1) lit. e or f DSGVO) for reasons arising from your particular situation; this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
3. Right to object to processing of data for direct marketing and product evaluation purposes
- We collect and process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
- In some cases, we may process and use your personal data to send you a product review and/or other review requests by email solely in connection with your purchase, transaction and/or other analogous transactions. We may also use your email address and/or postal address in this context to send you product recommendations by email and/or post about similar goods and/or services we offer. You will receive these evaluation requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
- Exercise of the objection: You can object to these evaluation requests and product recommendations at any time by letter to FORMWELT gUG (haftungsbeschränkt), Im Anger 18, 29439 Lüchow, or by e-mail to contact@formwelt.net and/or at the end of each evaluation and/or product recommendation e-mail with effect for the future, without incurring any costs other than the respective transmission costs according to the basic rates. Your right to object automatically also applies to possible profiling, insofar as it is connected with such direct advertising. If you object to processing for the purpose of product evaluation and/or other evaluation requests and/or product recommendations, we will no longer process your personal data for these purposes with effect for the future.
- If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes with effect for the future.
VI Where does the data come from?
We process personal data that we have received from you or the recipients of personal data.
VII Is there an obligation to provide data?
In the course of initiating and concluding a ticket purchase, you will be required to provide such personal data as is necessary for the commencement, execution and performance of the related contractual obligations or as we are required to collect by law. Without this data, we will generally not be able to conclude the contract with you or execute it.
VIII How long will the data be stored?
Unless otherwise provided for above, the following criteria shall apply to determine the storage period:
- In the event of consent pursuant to Art. 6 (1) a DSGVO, the data will be stored until the data subject revokes his/her consent.
- In the case of pre-contractual and contractual purposes pursuant to Art. 6 para. 1 lit. b DSGVO, the data will be stored until the termination of the contract.
- In the case of our prevailing legitimate interest pursuant to Art. 6(1)(f) DSGVO, the data will be stored until the data subject exercises his or her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
- In the case of direct advertising pursuant to Art. 6 (1) f DSGVO, the data will be stored until the data subject exercises his/her right to object pursuant to Art. 21 (2), (3) DSGVO.
Apart from that, personal data is only stored for as long as there is a legal reason to store it.
IX Existence of automated decision making including profiling
For the establishment and implementation of the business relationship, we generally do not use automatic decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.
X Copyright
Copyright 2021 Rechtsanwalt Marc Oliver Giel