1. Definitions of terms
The data protection declaration of artecom Veranstaltungs GmbH & Co. KG is governed by the terms used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be easy to read and understand for the public as well as for our customers and business partners. In order to ensure this, we would like to explain the terminology involved beforehand.
This data protection declaration uses the following terms, among others:
a) Personal data
Personal data refers to any information pertaining to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person means an individual who can be identified, directly or indirectly, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
b) Data subject
A data subject means any identified or identifiable natural person, the personal data of whom are processed by the controller.
c) Processing
Processing means any operation or series of operations carried out with or without the assistance of automated procedures in connection with personal data, such as the collection, recording, organisation, sorting, storage, adaptation or alteration, extraction, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing involves flagging stored personal data with the aim of restricting its future processing.
e) Profiling
Profiling means any form of automated processing of personal data consisting of using personal data in order to assess certain personal aspects concerning a natural person, especially to analyse or forecast aspects relating to that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location.
f) Pseudonymisation
Pseudonymisation involves processing personal data in a manner in which the personal data can no longer be associated with a specific data subject without the need for additional information, insofar as this additional information is stored separately and is subjected to technical and organisational measures ensuring that the personal data is not associated with an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing refers to the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of any processing of personal data. To the extent that the purposes and means of such processing are determined by legislation of the European Union or of the Member States, the controller or controller responsible for the processing or the specific criteria for its nomination may be specified in accordance with legislation of the European Union or of the Member States.
h) Processor
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which personal data is disclosed, regardless of whether it is a third party or not. Authorities potentially receiving personal data in the context of a specific investigation mandate under legislation of the European Union or Member States are not considered recipients.
j) Third parties
Third party means a natural or legal person, public authority, agency or body apart from the data subject, controller, processor and persons who are authorised to process personal data under the direct responsibility of the controller or processor.
k) Consent
Consent refers to any voluntary, informed and unambiguous indication of the data subject’s wishes in the specific case, in the form of a statement or other unambiguous confirmatory act whereby the data subject expresses his or her consent to the processing of personal data relating to him or her.
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation, other data protection legislation applicable in the Member States of the European Union and other provisions relating to data protection is:
artecom Veranstaltungs GmbH & Co. KG
Ruschestraße 68
10365 Berlin
Germany
Tel.: +49 (0)30 55 494 11 0
Email: berlin@artecom-event.de
Website: www.artecom-event.de
Name and address of the data protection officer
The data protection officer of the controller is:
IMS GmbH
Schiffbauergasse 15, 14467 Potsdam
Germany
Tel.: +49 (0)30 20 62 50 10
Email: info@e-datenschutz.de
Website: www.e-datenschutz.de
Any data subject wishing to raise questions or suggestions regarding data protection can contact our data protection officer directly at any time.
1.4 Cookies
The Internet pages of artecom Veranstaltungs GmbH & Co KG use cookies. Cookies are text files that are placed and stored on a computer system by means of an Internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It is made up of a string of characters that can be used to assign websites and servers to the specific Internet browser where the cookie was stored. This makes it possible for the websites and servers that are visited to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified through the unique cookie ID.
artecom Veranstaltungs GmbH & Co. KG can provide users of this website with more user-friendly services that would not be possible without the use of cookies.
Cookies can be used to optimise the information and offers provided on our website for the benefit of the user. As mentioned previously, cookies allow us to recognise the users of our website. The purpose of such recognition is to make our website easier for users to use.
The data subject has the option of preventing cookies from being set by our website at any time by making the appropriate setting in the Internet browser used and in doing so, permanently objecting to cookies being set. Furthermore, any cookies that have already been set may be deleted at any time using an Internet browser or other software programmes. It is possible to do this in all conventional Internet browsers. If the data subject deactivates cookies from being set in the Internet browser used, it may not be possible to use all the functions of our website to their full extent.
Identification of Google Analytics
Interactions of visitors (users) on websites are primarily recorded in Google Analytics using dedicated cookies. Users are able to deactivate cookies or delete them individually.
An optional browser add-on is also supported in Google Analytics. If users install and activate it, it prevents their data from being collected by Google Analytics when they visit websites. The add-on only deactivates Google Analytics, however.
Google Analytics collects an app instance ID through the use of Firebase SDK. This is a randomly generated number that identifies a single app installation. If a user resets their advertising ID on Android or iOS, the app instance ID is also reset.
IP addresses (Internet Protocol addresses) are also recorded in Google Analytics for the purpose of ensuring the security of the service and to inform website owners about the country, region or city in which their users are based. This is also known as IP location determination. IP addresses recorded in Google Analytics can be anonymised using so-called IP masks.
Newsletter
1. Description and scope of data processing
It is possible to subscribe to a free newsletter on our website. When registering for the newsletter, your email address from the input field will be transmitted to us.
The newsletter published by artecom Veranstaltungs GmbH & Co. KG may only be received by the data subject if (1) they have a valid e-mail address and (2) the data subject signs up to receive the newsletter. A confirmation email is sent to the email address that a data subject has entered initially for the newsletter mailing for legal reasons using the double opt-in procedure. This confirmation email is used to check whether the owner of the email address as the data subject has given authorisation to receive the newsletter.
We also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject when registering for the newsletter, as well as the date and time of registration. It is necessary that this data is collected so that the (possible) misuse of the email address of a data subject can be traced at a later date and is therefore used for the legal safeguarding of the controller.
2. Purpose of data processing
artecom Veranstaltungs GmbH & Co. KG collects data when registering for the newsletter. The data collected is:
Salutation
First name
Surname
Company (optional)
Email address
3. Legal foundation for data processing
The legal foundation for the processing of data after the data subject has registered for the newsletter is Art. 6 para. 1 sentence 1 lit. a GDPR provided the data subject has given consent.
4. Duration of storage
The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. As a result, the email address of the user is stored for as long as the subscription to the newsletter is active.
5. Right of revocation and removal
The user in question is entitled to cancel their subscription to the newsletter at any time. A corresponding link can be found in every newsletter for this purpose.
Collection of general data and information
The website of artecom Veranstaltungs GmbH & Co. KG collects a series of general data and information whenever a data subject or automated system accesses the website. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website which the accessing system uses to access our website (so-called referrer), (4) the sub-websites which are visited via an accessing system on our website (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems may be collected.
artecom Veranstaltungs GmbH & Co. KG does not draw any conclusions about the data subject when this general data and information is used. On the contrary, this information is required for the purposes of (1) correctly displaying the content of our website, (2) optimising the content of our website and advertising for it, (3) ensuring the continued functionality of our information technology systems and the technology of our website and (4) providing law enforcement authorities with the information they need to prosecute criminal offences in the event of a cyber-attack. This anonymously collected data and information is therefore analysed by artecom Veranstaltungs GmbH & Co KG for statistical purposes and with the aim of increasing data protection and data security within our company to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
Routine deletion and blocking of personal data
The controller only processes and stores personal data of the data subject for the period of time required to achieve the purpose of storage or to the extent provided for by the legislator of European directives and regulations or another legislator in laws or regulations to which the controller is subject.
If the purpose of storage ceases to apply or if a storage period prescribed by the legislator of European directives and regulations or another competent legislator expires, then the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Rights of the data subject
a) Right to obtain confirmation
Each data subject is granted the right by the legislator of European directives and regulations to obtain confirmation from the controller as to whether or not personal data relating to them is being processed. If a data subject would like to make use of this right to obtain confirmation, they have the option of contacting an employee of the data controller at any time.
b) Right to information
The legislator of European directives and regulations grants every data subject whose personal data is processed the right to obtain free information about the personal data stored about them and a copy of this information from the controller at any time. The legislator of European directives and regulations has also granted the data subject access to the following information:
• the purposes of processing
• the categories of personal data that are processed
• the recipients or categories of recipients in relation to whom the personal data has been or shall be disclosed, including in particular recipients in third countries or international organisations
• to the extent possible, the planned period for which the personal data shall be stored, or, if not possible, the criteria used to determine such a period
• the existence of the right to request rectification or deletion of personal data concerning them or restriction of processing by the controller or the right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data is not collected from the data subject: all available information about the origin of the data
• the existence of automated decision-making, including profiling, in accordance with Article 22 para 1 and 4 GDPR and – at the very least in these cases – pertinent information about the logic involved as well as the scope and envisaged consequences of such processing for the data subject.
The data subject also has a right to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, then the data subject also has the right to obtain information about the appropriate safeguards in connection with the transmission.
If a data subject would like to make use of this right to obtain information, they have the option of contacting an employee of the data controller at any time.
c) Right to rectification
Any data subject whose personal data is processed has the right granted by the legislator of European directives and regulations to obtain the rectification of inaccurate personal data concerning them without any undue delay. The data subject also has the right to request that incomplete personal data be completed, including through a supplementary declaration, subject to the purposes of the processing.
If a data subject would like to make use of this right to rectification, they have the option of contacting an employee of the data controller at any time.
d) Right to deletion (right to be forgotten)
Any data subject whose personal data is processed has the right, granted by the legislator of European directives and regulations, to request that the controller delete the personal data relating to them without delay, provided that one of the following reasons is given and to the extent that the processing is not mandatory:
• The personal data was collected or processed in any other way for purposes for which it is no longer necessary.
• The data subject revokes the consent to which the processing was based in accordance with Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR and no other legal basis for the processing exists.
• The data subject lodges an objection to the processing in accordance with Art. 21 para. 1 GDPR and there are no prevailing legitimate reasons for the processing, or the data subject lodges an objection to the processing in accordance with Art. 21 para. 2 GDPR.
• The personal data was processed in an unlawful manner.
• It is necessary to delete the personal data for compliance with a legal obligation under European Union or Member State law which the controller is subject to.
• The personal data was collected with respect to information society services offered in accordance with Art. 8 para. 1 GDPR.
If one of the reasons mentioned above applies and a data subject wants to arrange for the deletion of personal data stored by artecom Veranstaltungs GmbH & Co KG, then they may contact an employee of the controller at any time. The employee of artecom Veranstaltungs GmbH & Co. KG shall promptly ensure that the request for deletion is complied with without delay.
If the personal data has been made public by artecom Veranstaltungs GmbH & Co. KG and our company as the controller is obliged to erase the personal data in accordance with Art. 17 para. 1 GDPR, artecom Veranstaltungs GmbH & Co. KG undertakes to implement appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to inform other data controllers which process the published personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data controllers, to the extent that the processing is not mandatory. The employee of artecom Veranstaltungs GmbH & Co. KG will arrange the necessary measures in individual cases.
e) Right to restrict processing
Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to require the controller to restrict the processing if one of the following conditions is met:
• The accuracy of the personal data is contested by the data subject, namely for a period of time that enables the controller to review the accuracy of the personal data.
• The processing is unlawful and the data subject objects to the deletion of the personal data and instead requests that the use of the personal data be restricted.
• The controller no longer requires the personal data for the purposes of the processing, but the data subject requires it for asserting, exercising or defending legal claims.
• The data subject has lodged an objection to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear as to whether the legitimate reasons of the controller override those of the data subject.
If one of the prerequisites mentioned above is given and a data subject wants to demand the restriction of personal data stored by artecom Veranstaltungs GmbH & Co KG, then they may contact an employee of the controller at any time. The employee of artecom Veranstaltungs GmbH & Co. KG will arrange for the restriction of the processing.
f) Right to data portability
Every data subject whose personal data is processed has the right, granted by the legislator of European directives and regulations, to obtain the personal data pertaining to them, which has been provided to a controller by the data subject, in a structured, conventional and machine-readable format. The data subject shall also have the right to have this data transmitted to another controller without being hindered by the controller to which the personal data has been provided, insofar as the processing is based on consent in accordance with Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract in accordance with Art. 6 para. 1 letter b GDPR and processing is performed by automated means, except where processing is necessary to fulfil a task carried out in the public interest or as part of the exercise of official authority entrusted to the controller.
The data subject is also entitled, when exercising their right to data portability in accordance with Art. 20 para. 1 GDPR, to have the personal data transmitted directly from one controller to another, to the extent that this is technically feasible and insofar as this does not compromise the rights and freedoms of other persons.
The data subject may contact an employee of artecom Veranstaltungs GmbH & Co. KG at any time to assert the right to data portability.
g) Right to object
Any data subject whose personal data is processed has the right granted by the legislator of European directives and regulations to lodge an objection at any time, on grounds pertaining to their particular situation, to the processing of personal data pertaining to them that is carried out in accordance with Art. 6 para. 1 (e) or (f) GDPR. This is also applicable to profiling based on these provisions.
artecom Veranstaltungs GmbH & Co KG ceases to process personal data should an objection be lodged unless we can prove compelling legitimate grounds for such processing that outweigh the interests, rights and freedoms of the data subject, or the processing is required for the assertion, exercise or defence of legal claims.
If artecom Veranstaltungs GmbH & Co KG processes personal data for the purposes of direct marketing, then the data subject has the right at any time to object to the processing of personal data for the purposes of such marketing. This is also applicable to profiling to the extent that it is associated with such direct advertising. If the data subject objects to artecom Veranstaltungs GmbH & Co KG processing the data for direct marketing purposes, artecom Veranstaltungs GmbH & Co KG shall no longer process the personal data for such purposes.
The data subject also has the right, for reasons pertaining to their particular situation, to object to the processing of personal data pertaining to them by artecom Veranstaltungs GmbH & Co KG for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, except where such processing is necessary to fulfil a task in the public interest.
The data subject may contact an employee of artecom Veranstaltungs GmbH & Co KG directly to exercise the right to object. Notwithstanding Directive 2002/58/EC, the data subject is also free, within the context of the use of services of the information society, to exercise their right to object by automated means involving technical specifications.
h) Automated decisions taken in individual cases, including profiling
Any data subject whose personal data is processed has the right, granted by the legislator of European directives and regulations, not to be made subject to a decision based solely on automated processing, including profiling, having legal effect on them or significantly affecting them in a similar manner, to the extent that the decision (1) is not necessary for concluding or fulfilling a contract between the data subject and the controller, or (2) is authorised by EU or Member State law that governs the controller and this legislation sets out suitable measures to safeguard the data subject’s rights and freedoms as well as legitimate interests, or (3) is based on the explicit consent of the data subject.
If the decision (1) is necessary for concluding or fulfilling a contract between the data subject and the controller or (2) is made with the explicit consent of the data subject, artecom Veranstaltungs GmbH & Co. KG shall implement suitable measures in order to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, as well as the right to express their point of view and contest the decision.
If a data subject would like to make use of rights relating to automated decisions, they have the option of contacting an employee of the data controller at any time.
c) Right to withdraw consent under data protection law
Any data subject whose personal data is processed has the right granted by the legislator of European directives and regulations to withdraw consent to the processing of personal data at any time.
If the data subject would like to make use of their right to revoke their consent, they have the option of contacting an employee of the data controller at any time.
1.8 Data protection for applications and during the application process
The data controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is the case in particular when an applicant submits corresponding application documents to the controller by electronic means, such as by email or via a web form on the website. If the data controller concludes an employment contract with an applicant, then the data transmitted will be stored for the purpose of processing the employment relationship subject to the statutory provisions. If the data controller fails to enter into an employment contract with the applicant, then the application documents will be automatically deleted two months after notification of the rejection decision, assuming no other legitimate interests of the data controller prevent deletion. Other legitimate interest in this sense is, for instance, a burden of proof in proceedings in accordance with the General Equal Treatment Law (AGG)
1.9 Legal foundation of the processing
Art. 6 I lit. a GDPR provides the legal foundation for our company to process data where we obtain consent for a specific processing purpose. Should it be necessary to process personal data in order to fulfil a contract where the data subject is a party, such as in the case of processing operations needed for the delivery of goods or the provision of another service or counter-performance, such processing is based on Art. 6 I lit. b GDPR. The same is true for such processing operations necessary for the fulfilment of pre-contractual measures, such as in cases involving enquiries about our products or services. In the event that our company is subject to a legal obligation requiring it to process personal data, such as for the fulfilment of tax obligations, such processing is based on Art. 6 I lit. c GDPR. It may be necessary in rare cases to process personal data if this is necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, should a visitor sustain an injury in our company and their name, age, health insurance details or other vital information would then need passing on to medical professionals, a hospital or other third parties. Processing would then be based on Art. 6 I lit. d GDPR. In the final instance, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not governed by any of the aforementioned legal foundations are based on this legal foundation insofar as the processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject prevail. We are authorised to engage in such processing operations particularly because they have been specifically referred to by the European legislator. The legislator took the view in this respect that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Clause 2 GDPR).
1.10 Legitimate interests in the processing being pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, then we have a legitimate interest in conducting our business activities in favour of the well-being of all our employees and our shareholders.
1.11 Duration for which the personal data is stored
The criteria governing the duration of how long personal data is stored is the respective statutory retention period. Once this period has expired, then the corresponding data is deleted on a routine basis, assuming it is no longer required to fulfil or initiate a contract.
1.12 Legal or contractual requirements for the provision of personal data; necessity for concluding the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We hereby draw your attention to the fact that providing personal data is partially prescribed by law (e.g. tax regulations) or may also ensue from contractual provisions (e.g. information on the contractual partner). It may sometimes be necessary to conclude a contract as such, that a data subject provides us with personal data that must subsequently be processed by us. The data subject is, for example, under an obligation to provide us with personal data if our company concludes a contract with them. Not providing the personal data would have the consequence of the contract not being able to be concluded with the data subject. The data subject must contact an employee of artecom before providing personal data. Our employee will inform the data subject in each individual case as to whether it is required by law or contract that the personal data be provided or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data is not provided.
1.13 Existence of automated decision-making procedures
We do not use automated decision-making procedures or profiling as a responsible company.
This data protection declaration was compiled by the data protection declaration generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as external data protection officer Ingolstadt, in cooperation with the IT and data protection lawyer Christian Solmecke.