Privacy policy

I Scope

With this document, the controller would like to fulfill its information obligations to data subjects
according to Art. 13 and 14 of the General Data Protection Regulation (GDPR).
This privacy policy will be published at https://www.formwelt.net/privacy-policy and apply since September
2020. Due to the further development of our website or due to changed legal or official requirements,
it may become necessary to change this privacy policy. The amended version will be available on this
page

II Who is responsible for data processing?

Responsible for data procesing according to Art. 4 No. 7 GDPR
FORMWELT, gUG (haftungsbeschränkt), Im Anger 18, 29439 Lüchow.
The complete imprint is available at: https://www.formwelt.net/imprint

III Is there a data protection officer (DPO)?

We did not appoint a data protection officer (DPO) for our company.

IV What do we process your data for?

IV.1 Logfiles / Hosting

If you visit our website without registering or otherwise conveying information to us, we will only store
such data that your browser transmits to our server ("server log files"):

The individual pages of our website (URL)
Date and time at the time of the access
Amount of data in bytes
Source/link from which you reached the page
Browser used
Operating system used
IP address used (if applicable anonymized)

Our website is hosted by a hosting provider. The web server used stores the aforementioned server log files.

Processing purpose: Hosting of our website
Legal basis and legitimate interests: Data processing shall take place for the purpose of ensuring readiness for operation of our website in which we have a legitimate overriding interest, Art. 6 para. 1 lit. f GDPR. We commissioned a service provider to supply infrastructure and platform services, computing capacity, storage capacity and database, security and technical maintenance services to us
Data receiver: Webflow, Inc. https://webflow.com
Privacy Policy of Webflow: https://webflow.com/legal/eu-privacy-policy
Transfer of personal data to a third country: If data that is not anonymized is transmitted to Webflow, the data will also be processed in the USA.
Appropriate safeguards: We have concluded the EU standard contractual clauses with Webflow, which are appropriate safeguards according to Art. 46 para. 2 lit c) GDPR.

IV.2 Cookies

IV.2.a General

(aa) Definitions

Below you will find extensive information on so-called "cookies" and other storage technologies („web storage“). They are often stored in databases on your device. The following terms are used below where applicable:

First-Party-Cookie: This cookie is stored or changed on your device directly by the website you are visiting
Third-Party-Cookie: This cookie is stored or changed by third parties with whom the website operator is connected (e.g. an advertising network, a social media platform, etc.)
Session-Cookie: This cookie is deleted from your device when you close the browser. Often, a session cookie only saves a session ID in order to assign several requests from a user on one page to his session
Persistent cookie: This cookie is stored on your device until its validity expires or you delete it manually or automatically in the browser
Technically necessary cookie: his cookie is technically necessary to display our website and enables the necessary functions contained on it
Technically unnecessary cookie: This cookie is not absolutely necessary for the display or use of the website, but enables us or you to have a special functionality
Local Storage: This information is also stored in your web browser until it is manually deleted.
Session Storage: This information is also stored in your web browser until you close the browser window.

Every type of "cookie" or "web storage" can contain personal data. In many cases, however, the data is pseudonymized.

(bb) Legal basis

Technically necessary cookie and web-storage: The storage and modification of technically necessary cookies are based on the legal basis of our overriding legitimate interests under Art. 6 (1) lit. f GDPR. These are the optimal, browser and operating system independent, technically secure external presentation and advertising of our company on the Internet as well as the user-friendly and effective design of your website visit.
Technically unnecessary cookie and web-storage: The storage and modification of technically unnecessary cookies are based on the legal basis of your individual personal and voluntary consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future. The data processing until the revocation remains lawful. Please note that if you do not accept cookies that are not technically necessary, some functionality of our website may be restricted.

(cc) Data recipients / Accessibility

First-Party-Cookies: Only we, as the data controller and site operator, have access to this information.
Third-Party-Cookies: Only the third party that has set these cookies itself has access to them. For example, only Google has access to a cookie set by Google and can read or modify it.
Web-Storage: Only we, as the data controller and site operator, have access to this information.

(dd) Storage duration

Session-Cookies: These remain only temporarily stored in your browser until the end of the browser session or can be deleted by you beforehand.
Persistent-Cookies: These remain stored on your device as long as specified for the respective cookie or can be deleted by you beforehand.
Local-Storage: Remains stored until it is manually deleted.
Session-Storage: Remains saved until the browser window is closed.

The exact storage period is specified under "cookies used".

(ee) Deletion options

Please note that you can configure your browser to inform you about cookies and let you decide individually about accepting or declining cookies for specific cases or in general. Every browser differs in the way it manages cookie settings. This is described in the help menu of every browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

A general objection to the use of cookies for online marketing purposes may be declared for a large number of the services, especially in the case of tracking, via the U.S. site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/

IV.2.b Cookies Used

In the following overview, we list the technically necessary first-party cookies used on our website and the purpose of the data:

pretix_widget_https_pretix_eu_formwelt_larnaca21_ (Persistent Cookie)
Function: Session management and ticket checkout
Storage duration/Validity: 1 month

In the following overview, we list the technically necessary third-party cookies (rami.io GmbH) used on our website and the purpose of the data processing:

__proxy_session (Persistent Cookie)
Function: Session management
Storage duration/Validity: 7 days
pretix_csrftoken (Persistent Cookie)
Function: CSRF (Cross-site request forgery) countermeasure
Storage duration/Validity: 1 year
pretix_language (Persistent Cookie)
Function: Storage of the selected language
Storage duration/Validity: 10 years
pretix_session (Persistent Cookie)
Function: Session management
Storage duration/Validity: 2 weeks

IV.3 Contact us

If you contact us (e.g. using the contact form, e-mail, telephone), personal data will be collected. Which data is collected in the case of a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. Without this mandatory information, we cannot process your request. All other details are optional.

Processing purpose: Answering your request
Legal basis: Art. 6 para. 1 lit. b GDPR for pre-contractual or contractual matters. Art. 6 para. 1 lit. a GDPR for your voluntary information. Art. 6 para. 1 lit.f GDPR for all other inquiries as well as the use of our technical service providers.
Legitimate interests: The processing using the service provider is based on our predominantly legitimate interest in the secure, timely and professional response to your request.
Storage period: Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention requirements. In the case of pre-contractual and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer any legal reason to store it, the data will be deleted.
Data receiver: E-Mails: Hover, a service of Tucows https://www.hover.com. Hosting (see above) for using the contact form.
Privacy policy of hover: https://www.hover.com/privacy
Transfer of personal data to a third country: Unless anonymized data is transmitted to Hover, the data will also be processed in Canada.
Appropriate safeguards: With regard to Canada, the European Commission decided that Canada offers adequate protection for the personal data of citizens from EU member states (Art. 45 GDPR).

Security notice

Please do not send us any sensitive personal data (such as bank data, health data, etc.) via unencrypted e-mail or the contact form to ensure the confidentiality of the information. Data sent unencrypted over the Internet may be read and/or intercepted by unauthorized third parties. Please use the postal service for this sensitive data.

IV.4 Non-profit activities

We process the data of our supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b. GDPR, provided that we offer you contractual services or act within the scope of an existing business relationship, e.g. with members, or are ourselves recipients of services and benefits. In addition, we process the data of data subjects in accordance with Art. 6 (1) (f) GDPR on the basis of our predominant legitimate interests in the success of our organization, e.g. when it comes to administrative tasks or public relations.

IV.5 Donations

If you support us with donations, we will process your personal data as follows.

Processing purpose: Acceptance and accounting of donations
Legal basis: For the required data of the donor: Art. 6 para. 1 p. 1 lit. b GDPR. For further voluntary data: Art. 6 para. 1 lit. a GDPR.
Storage period: This is based on the legal regulations for the treatment of donations
Data receiver: Banks, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
Privacy Policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

IV.6 Online-Videos

YouTube-Videos

Our website uses the embedding function of YouTube, which belongs to Google Ireland Ltd. (Google). A connection to the YouTube servers is only established when you start the embedded YouTube video on a website. This tells YouTube which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand. Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google's privacy policy.

Processing purpose: Bereitstellung eines umfassenden und professionellen Onlineangebots auch mit Videos. Nutzerfreundliche Wiedergabemöglichkeit ohne Wechsel der Website. Schnelligkeit der Videowiedergabe.
Legal basis: For the use of YouTube you give us your consent according to Art. 6 para. 1 s. 1 lit. a GDPR, which you can revoke at any time with effect for the future by closing the browser window. The evaluation by Google is carried out in accordance with Art 6 (1) (f) GDPR on the basis of Google's legitimate interests in the display of personalized advertising, market research and / or the needs-based design of its website. You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise this right.
Storage period: With regard to the storage period, we refer to Google’s privacy policy.
Data receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy von Google: https://policies.google.com/privacy
Possibility of objection (Opt Out Plugin): https://tools.google.com/dlpage/gaoptout?hl=de
Transfer of personal data to a third country: If data that has not been anonymized is transmitted to Google LLC, data processing takes place in the USA.

IV.7 Web Fonts

Our website uses so-called web fonts that are provided by the respective provider for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the servers of the respective provider. This gives the provider knowledge that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be loaded from your computer.

Processing purpose: Uniform presentation of our website in all media
Legal basis and legitimate interests: The integration takes place on the basis of our legitimate interests (Art. 6 para. 1 s. 1 lit. f. GDPR) in a technically safe, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.

We use web fonts from the following providers:

Google

Data receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy von Google: https://policies.google.com/privacy
Transfer of personal data to a third country: If data that has not been anonymized is transmitted to Google LLC, data processing takes place in the USA.

IV.8 Sale of tickets for events

IV.8.c General

If you book your participation in events with us, your data will be processed as follows: The mandatory information can be found on the booking form. Without this mandatory information, we cannot carry out the booking.

Processing purpose: Processing your ticket booking.
Legal basis: Contract according to Art. 6 para. 1 lit. b GDPR. Your consent in accordance with Art. 6 Para. 1 lit. a GDPR applies to the data you voluntarily provide. For other processing, Article 6 (1) (f) GDPR applies.
Legitimate interests: Debt collection and enforcement; Measures for business management and further development of services and products
Storage period: Once the contract has been fully processed and the outstanding claims have been paid in full, your data will be blocked for further use and deleted after the retention periods under tax and commercial law have expired, unless you have expressly consented to further use of your data.
Data receiver: For ticket processing: rami.io GmbH https://pretix.eu. For e-mails: Hover, a service of Tucows https://www.hover.com.
Privacy Policy of rami.io GmbH: https://pretix.eu/about/de/privacy
Privacy Policy of hover: https://www.hover.com/privacy
Transfer of personal data to a third country: Unless anonymized data is transmitted to Hover, the data will also be processed in Canada.
Appropriate safeguards: With regard to Canada, the European Commission decided that Canada offers adequate protection for the personal data of citizens from EU member states (Art. 45 GDPR).

IV.8.d Education / Trainings

If you book workshops or trainings with us, we will use Eventbrite as an external partner.

Processing purpose: Processing your booking.
Legal basis: Contract according to Art. 6 para. 1 lit. b GDPR. Your consent in accordance with Art. 6 Para. 1 lit. a GDPR applies to the data you voluntarily provide. Article 6 (1) (f) GDPR applies to other processing and the use of the processor.
Legitimate interests: Professional handling of the booked services
Data receiver: Eventbrite, Inc. https://www.eventbrite.de
Privacy Policy of Eventbrite:
‍https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von-eventbrite?lg=de
Transfer of personal data to a third country: Insofar as personal data is processed, the data processing takes place in the USA.
Appropriate safeguards: We have concluded the EU standard contractual clauses with Eventbrite, which are to be regarded as suitable guarantees according to Art. 46 para. 2 lit c) GDPR

IV.8.e Payment processing

Processing purpose: Execution of the order. Processing the payment.
Legal basis: Contract according to Art. 6 Para. 1 lit. b GDPR.
Provision obligation: Depending on the selected payment method, you must provide us or the payment service provider with the required payment data.
Data receiver: The payment service providers used are listed below:

paypal

Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
Privacy Policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Credit check: PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

Stripe

If you opt for a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., to whom we will send the information you provided during the ordering process along with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR.

Service provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Irland, https://stripe.com/de
Privacy Policy of Stripe: https://stripe.com/de/privacy#translation
Transfer of personal data to a third country: see privacy policy of Stripe: https://stripe.com/de/privacy#translation

IV.8.f Direct mail

Processing purpose: Direct mail, sales promotion
Legal basis: Our overriding legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR
Legitimate interests: Direct mail, sales promotion
Data receiver: Marketing agencies, Lettershop

IV.8.g Legal obligation

Processing purpose: Fulfillment of legal obligations (e.g. information, notification, disclosure and retention obligations, payment of taxes and duties)
Legal basis: The respective legal regulation in connection with Art. 6 Paragraph 1 lit. c GDPR applies.
Data receiver: Authorities, state institutions, lawyer, tax advisor, possibly data protection officer

V What data protection rights do I have?

1. As a person concerned, you have the following rights:

Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data are being processed. The requirements for this can be found in Art. 15 DSGVO;
Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 of the GDPR;
Correction: You have the right to request that inaccurate personal data concerning you be corrected without delay. The requirements for this can be found in Art. 16 of the GDPR;
Deletion: You have the right to request the immediate deletion of personal data concerning you. The requirements for this can be found in Art. 17 of the GDPR;
Restriction of processing: You have the right to request the restriction of the processing of your personal data. The requirements for this can be found in Art. 18 DSGVO;
Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to have this data transferred to another controller by us. The requirements for this can be found in Art. 20 DSGVO;
Revocation of consent: You have the right to revoke your consent at any time if the processing is based on Art. 6 (1) lit. a or Art. 9 (2) lit. a DSGVO. The data processing remains lawful until the revocation. The revocation only applies for the future. The requirements for this can be found in Art. 7 (3) DSGVO;
Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The requirements for this can be found in Art. 77 DSGVO. You can contact the supervisory authority responsible for the controller or the one in your country or federal state. You can find a list of all supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

2. Right of objection

You have the right to object at any time and with future effect to the processing of personal data relating to you which we process on the basis of our overriding legitimate interest (Art. 6 (1) lit. e or f DSGVO) for reasons arising from your particular situation; this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

3. Right to object to processing of data for direct marketing and product evaluation purposes

We collect and process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
In some cases, we may process and use your personal data to send you a product review and/or other review requests by email solely in connection with your purchase, transaction and/or other analogous transactions. We may also use your email address and/or postal address in this context to send you product recommendations by email and/or post about similar goods and/or services we offer. You will receive these evaluation requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
Exercise of the objection: You can object to these evaluation requests and product recommendations at any time by letter to FORMWELT gUG (haftungsbeschränkt), Im Anger 18, 29439 Lüchow, or by e-mail to contact@formwelt.net and/or at the end of each evaluation and/or product recommendation e-mail with effect for the future, without incurring any costs other than the respective transmission costs according to the basic rates. Your right to object automatically also applies to possible profiling, insofar as it is connected with such direct advertising. If you object to processing for the purpose of product evaluation and/or other evaluation requests and/or product recommendations, we will no longer process your personal data for these purposes with effect for the future.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes with effect for the future.

VI Where does the data come from?

We process personal data that we have received from you or the recipients of personal data.

VII Is there an obligation to provide data?

In the course of initiating and concluding a ticket purchase, you will be required to provide such personal data as is necessary for the commencement, execution and performance of the related contractual obligations or as we are required to collect by law. Without this data, we will generally not be able to conclude the contract with you or execute it.

VIII How long will the data be stored?

Unless otherwise provided for above, the following criteria shall apply to determine the storage period:

In the event of consent pursuant to Art. 6 (1) a DSGVO, the data will be stored until the data subject revokes his/her consent.
In the case of pre-contractual and contractual purposes pursuant to Art. 6 para. 1 lit. b DSGVO, the data will be stored until the termination of the contract.
In the case of our prevailing legitimate interest pursuant to Art. 6(1)(f) DSGVO, the data will be stored until the data subject exercises his or her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
In the case of direct advertising pursuant to Art. 6 (1) f DSGVO, the data will be stored until the data subject exercises his/her right to object pursuant to Art. 21 (2), (3) DSGVO.

Apart from that, personal data is only stored for as long as there is a legal reason to store it.

IX Existence of automated decision making including profiling

For the establishment and implementation of the business relationship, we generally do not use automatic decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.