Data protection

Data controller under the GDPR

The controller within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union, as well as other provisions relating to data protection, is:

Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH
Carl-Benz-Straße 5
48565 Steinfurt

www.westmbh.de post@westmbh.de
+49 2551 69 2700

Privacy Policy

We welcome you to our website and appreciate your interest. The protection of your personal data is of great importance to us. We therefore conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. We would like to inform you below about which data from your visit is used and for what purposes.

Data Protection Officer

Nils Möllers
Keyed GmbH
info@keyed.de

What is personal data?

The term ‘personal data’ is defined in the Federal Data Protection Act and the EU GDPR. According to these, personal data refers to specific details regarding the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, your full name, your address, your telephone number or your date of birth. Find out more here about exactly what data protection entails.

Scope of anonymous data collection and data processing

Unless otherwise stated in the following sections, no personal data is collected, processed or used when you use our websites. However, through the use of analytics and tracking tools, we obtain certain technical information based on the data transmitted by your browser (for example, browser type/version, operating system used, web pages visited on our site including duration of visit, previously visited website). We analyse this information solely for statistical purposes.

Legal basis for the processing of personal data

  1. Where we obtain your consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
  2. Where the processing of personal data is necessary for the performance of a contract to which you are a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
  3. Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
  4. Where the processing of personal data is necessary to protect your vital interests or those of another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
  5. If processing is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights and freedoms do not override the former interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
  6. If the processing is necessary for the performance of a task carried out in the public interest and entrusted to the controller, Article 6(1)(e) of the GDPR serves as the legal basis for the data processing.

Creation of log files

Each time the website is accessed, Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH collects data and information via an automated system. This is stored in the server’s log files. The data is also stored in our system’s log files. This data is not stored together with any other personal data relating to you. The following data may be collected in this process:

(1) Information about the browser type and version used
(2) Your operating system
(3) Your internet service provider
(4) Your internet service provider
(5) Date and time of access
(6) Websites from which your system accessed our website (referrer)
(7) Websites accessed by your system via our website

Routine deletion and blocking of personal data

The data controller processes and stores your personal data only for as long as is necessary to fulfil the purpose of storage. Data may also be stored if this is provided for by European or national legislation in EU regulations, laws or other provisions to which the data controller is subject. As soon as the purpose of storage no longer applies or a retention period prescribed by the aforementioned provisions expires, your personal data will be routinely blocked or deleted.

Privacy Notice for Participation in WESt mbH Events

We appreciate your interest in our events. To ensure your participation runs smoothly, we process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR).

1. Nature and scope of data processing

Depending on the format of the event (in-person or online), we collect the following categories of data:

  • Master data: Surname, first name, institution/school.
  • Contact details: email address, telephone number where applicable.
  • Event-specific data: Participant status (e.g. teacher, pupil, entrepreneur), consent forms from legal guardians (for minors).
  • Online events: Metadata relating to technical implementation (IP address, time of participation) and, where applicable, audio and video data, provided you activate your camera or microphone.

2. Purpose of processing

Data processing is carried out for the following purposes:

  • Organisation, delivery and follow-up of the event (e.g. participant lists, certificate issuance).
  • Sending event-related information and materials.
  • For online formats: provision of the technical platform.

3. Participation of minors

For events in which minors participate, we place particular emphasis on data protection.

  • The collection of data serves exclusively to facilitate the educational or career-oriented format.
  • If registration is carried out directly by the minors themselves, those aged 16 and over may give their own consent. For younger participants, the consent of their legal guardians is mandatory.

4. Specific features of online events

For our digital formats, we use standard conference tools (e.g. Zoom, Microsoft Teams or Webex).

  • Please note: Video or audio recording will only take place if we explicitly inform you of this and obtain your separate consent.
  • You can usually also participate using pseudonymous data (e.g. first name only) and keep your camera and microphone switched off.

5. Image and audio recordings (public relations)

During our events, photos or videos are occasionally taken for press relations and for documentation on our website or on social media.

  • On-site: We will inform you on site that recordings are being made. You have the right at any time to inform the photographer that you do not wish to be recorded.
  • Minors: Recordings of minors will only be made with the written consent of their legal guardians.

6. Legal basis

Processing is carried out on the basis of:

  • Art. 6(1)(b) GDPR (performance of a contract/pre-contractual measures) for the processing of registrations.
  • Art. 6(1)(f) GDPR (legitimate interest) for the documentation and public relations work of WESt mbH.
  • Art. 6(1)(a) GDPR (consent), provided you have given us your explicit consent (e.g. for newsletters or photos).

7. Retention period and disclosure

We will only store your data for as long as is necessary to organise the event and to comply with statutory retention periods (e.g. for funded projects). Data will only be disclosed to third parties if this is absolutely necessary for the organisation of the event (e.g. to cooperation partners or speakers).

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access pursuant to Article 15 of the GDPR

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request the following information from the controller:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom your personal data have been or will be disclosed;
  4. the envisaged period for which your personal data will be stored, or, if this is not possible, the criteria used to determine that period;
  5. the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information regarding the origin of the data, where the personal data are not collected directly from you;
  8. the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

Right to rectification pursuant to Article 16 of the GDPR

You have the right to request from the controller the rectification and/or completion of your personal data if the personal data concerning you is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

Right to erasure pursuant to Article 17 of the GDPR

(1) You may request that the controller erases your personal data without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

(2) Where the controller has made your personal data public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the controller shall, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure of all links to such personal data or of copies or replicas of such personal data. 

(3) The right to erasure does not apply where the processing is necessary

  1. for the exercise of the right to freedom of expression and information;
  2. to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
  5. for the establishment, exercise or defence of legal claims.

Right to restriction of processing pursuant to Article 18 of the GDPR

You may request the restriction of the processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
  4. if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.

If the processing of your personal data has been restricted, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. If the restriction on processing has been imposed in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to be informed pursuant to Article 19 of the GDPR

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller of these recipients.

Right to data portability pursuant to Article 20 of the GDPR

You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  1. the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
  2. the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object pursuant to Article 21 of the GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. If your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes. In connection with the use of information society services – notwithstanding Directive 2002/58/EC – you have the option of exercising your right to object by means of automated procedures using technical specifications.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is authorised by Union or Member State law to which the controller is subject, and that law provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
  3. is based on your explicit consent.

However, such decisions must not be based on special categories of personal data as referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in a. and c., the controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which shall include at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 77 of the GDPR.

Duration of storage of personal data

Personal data is stored for the duration of the respective statutory retention period. Upon expiry of this period, the data is routinely deleted, unless it is required for the initiation or performance of a contract.

Use of cookies

The website of Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH uses cookies. Cookies are data stored by your web browser on your computer system. Cookies may be transmitted to a website when you visit it, thereby enabling your identity to be identified. Cookies help to simplify your use of websites. 

You may object to the setting of cookies at any time by adjusting the settings in your web browser accordingly. Cookies that have been set can be deleted. Please note that if you disable cookies, you may not be able to use all the functions of our website to their full extent. The data collected from you in this way is pseudonymised through technical measures. Consequently, it is no longer possible to link the data to you. The data is not stored together with any other personal data relating to you. When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this privacy policy. In this context, you are also informed of how you can prevent the storage of cookies in your browser settings. The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is Article 6(1)(a) of the GDPR, provided you have given your consent in this regard. Please refer to our cookie banner and the information in this privacy policy to find out whether and to what extent cookies are used on our website.

hellotrust

Description and purpose

The operator of this website uses the functions of hellotrust. The provider of hellotrust is Keyed GmbH, Siemensstr. 12, 48341 Altenberge. hellotrust provides the website operator with a legally required cookie notice and enables the operator to manage opt-in and opt-out options, as required by law, with the help of a Cookie Consent Manager. To determine which tools are in use, the website is scanned by the hellotrust crawler. The scanned information is then incorporated into the cookie notice/cookie consent manager. In addition, hellotrust automatically generates a dynamic privacy policy for the website operator in accordance with the provisions of the General Data Protection Regulation (GDPR).

Legal basis

The transfer of your data to the website operator is based on Article 6(1)(c) (legal obligation) and Article 6(1)(f) of the GDPR (legitimate interest)

Recipient

The recipient of the data is the website operator.

Transfer to third countries

No data is transferred to a third country.

Duration of data storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Furthermore, the data will be deleted if you withdraw your consent or request the deletion of your personal data.

Right to object

You have the right to withdraw your consent to data processing at any time. Withdrawal does not affect the lawfulness of data processing operations carried out prior to the withdrawal.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information via link

https://hellotrust.de/datenschutzerklaerung/

 

Google Analytics 4

Description and purpose

This website uses the “Google Analytics 4” service, provided by Google LLC, to analyse how users use the website. The service uses “cookies” – text files that are stored on your device. First-party cookies are used for this purpose. With a first-party cookie, the user can only be recognised by the site from which the cookie originates, not across multiple domains. The information collected by the cookies is usually sent to a Google server in the USA and stored there. Where applicable, Google Analytics is used on this website with the code “gat._anonymizeIp();” added to ensure the anonymised collection of IP addresses (so-called IP masking). Please also note the following information regarding the use of Google Analytics: Users’ IP addresses are truncated within the member states of the EU and the European Economic Area. This truncation removes the personal reference from your IP address. For EU citizens, the IP address is also used only to derive location data and is then deleted. You also have the option to enable or disable the collection of detailed location and device data for individual regions (tracking settings). Furthermore, Google Signals can be disabled to prevent association with a Google account, and personalised ads can be disabled. Under the data processing agreement concluded between the website operators and Google LLC, the latter uses the collected information to analyse website usage and activity and to provide services related to internet usage.

Legal basis

The legal basis for the processing of your personal data is Article 6(1)(a) of the GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Article 46 of the GDPR. We have entered into standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibilities and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

The data will be erased as soon as it is no longer necessary for the purpose for which it was collected. Furthermore, the data will be erased if you exercise your right to erasure within the meaning of Article 17(1) of the GDPR. The maximum storage period is 14 months.

Withdrawal

You have the right to withdraw your consent at any time, cf. Article 7(3), first sentence, of the GDPR. This may be done informally and without giving reasons, and takes effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://support.google.com/analytics/answer/6004245?hl=de, https://policies.google.com/privacy?hl=de&gl=de.

 

Data transfer to third countries

The controller may transfer personal data to a third country. In principle, the controller can ensure an adequate level of protection for the processing by means of various appropriate safeguards. Data transfers may be carried out on the basis of an adequacy decision, internal data protection regulations, approved codes of conduct, standard data protection clauses or an approved certification mechanism in accordance with Article 46(2)(a) to (f) of the GDPR.

If the controller carries out a transfer to a third country on the legal basis of Article 49(1)(a) of the GDPR, you will be informed here of the potential risks of a data transfer to a third country.

There is a risk that the third country receiving your personal data may not be able to provide a level of protection equivalent to that afforded to personal data within the European Union. This may be the case, for example, if the European Commission has not issued an adequacy decision for the third country in question or if certain agreements between the European Union and the third country in question are declared invalid. Specifically, in some third countries there are risks regarding the effective protection of EU fundamental rights due to the application of surveillance laws (for example, the USA). In such a case, it is the responsibility of the controller and the recipient to assess whether the rights of data subjects in the third country enjoy a level of protection equivalent to that in the Union and can also be effectively enforced.

However, the General Data Protection Regulation should not undermine the level of protection guaranteed throughout the Union for natural persons when personal data is transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, even where personal data is transferred from a third country or an international organisation to controllers or processors in the same or another third country or to the same or another international organisation.

Integration of other third-party services and content

Description and purpose

It may happen that third-party content, such as videos, fonts or graphics from other websites, is integrated within this online service. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) receive the user’s IP address. Without the IP address, they would not be able to send the content to the user’s browser. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers use the IP address solely for the delivery of the content. However, we have no influence over whether third-party providers store the IP address, for example for statistical purposes. To the extent that we are aware of this, we inform users accordingly. We aim to provide and improve our online service through these integrations.

Legal basis

The legal basis for the integration of other third-party services and content is Article 6(1)(f) of the GDPR. Our overriding legitimate interest lies in the intention to present our online presence appropriately and to provide user-friendly and economically efficient services on our part. Further information can be found in the respective privacy policies of the providers.

Contractual or legal obligation to provide personal data

The provision of personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide personal data. However, failure to provide such data may mean that you cannot use this function at all or to its full extent.

 

YouTube

Description and purpose

We use the YouTube.com platform to upload our own videos and make them publicly available. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Some pages on our website contain links to YouTube. As a general rule, we are not responsible for the content of websites to which links are provided. However, should you follow a link to YouTube, we would like to point out that YouTube stores its users’ data (e.g. personal information, IP address) in accordance with its own data usage policies and uses it for commercial purposes. We also embed videos stored on YouTube directly into some of our web pages. When this is done, content from the YouTube website is displayed in sections of a browser window. However, the YouTube videos are only accessed when you click on them separately. This technique is also known as ‘framing’. When you visit a page or subpage of our website where YouTube videos are embedded in this way, a connection is established with the YouTube servers and the content is displayed on the website via a notification to your browser.

Legal basis

The legal basis for the processing of your personal data is Article 6(1)(a) of the GDPR.

Recipient

The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Article 46 of the GDPR. We have entered into standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibilities and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

The data will be erased as soon as it is no longer necessary for the purpose for which it was collected. Furthermore, the data will be erased if you exercise your right to erasure within the meaning of Article 17(1) of the GDPR.

Withdrawal

You have the right to withdraw your consent at any time, cf. Article 7(3) sentence 1 of the GDPR. This may be done informally and without giving reasons, and takes effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. You can find further information on this above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://policies.google.com/privacy

Embedded resources:

  • www.umwelt.nrw.de
  • siteassets.parastorage.com
  • fonts.googleapis.com
  • cdnjs.cloudflare.com
  • www.gstatic.com
  • www.betriebsplus.de
  • code.jquery.com
  • video.wixstatic.com
  • fonts.gstatic.com
  • www.zenit.de
  • www.google.com
  • static.wixstatic.com
  • static.parastorage.com
  • timeline.lumifish.eu
  • frog.wix.com
  • files.newsletter2go.com
  • www2.duisburg.de
  • www.newsletter2go.com
  • static.newsletter2go.com
  • api.newsletter2go.com

Other website features

Ways to get in touch

The website of Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH features a contact form that can be used to make contact electronically. Alternatively, contact can be made via the email address provided. If the data subject contacts the data controller via one of these channels, the personal data transmitted by the data subject is automatically stored. The data is stored solely for the purpose of processing the enquiry or contacting the data subject. The data will not be disclosed to third parties. Where the user has given their consent, the legal basis for the processing of the data is Article 6(1)(a) of the GDPR. The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) of the GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data from the contact form input field and data sent by email, this is the case once the relevant conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved.

Newsletter

If you subscribe to our company’s newsletter, the data entered in the relevant form will be transmitted to the data controller. Registration for our newsletter takes place via a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else’s email address. When you subscribe to the newsletter, the user’s IP address and the date and time of registration are stored. This is to prevent misuse of the services or the data subject’s email address. The data will not be passed on to unauthorised third parties. However, data necessary for the purpose of sending the newsletter may be transmitted to relevant service providers. An exception also applies where there is a legal obligation to disclose such data. The data is used exclusively for sending the newsletter. The data subject may cancel their subscription to the newsletter at any time. Similarly, consent to the storage of personal data may be withdrawn at any time. For this purpose, a corresponding link is provided in every newsletter. The legal basis for processing the data following the user’s subscription to the newsletter is Article 6(1)(a) of the GDPR, provided the user has given their consent. The legal basis for sending the newsletter following the sale of goods or services is Section 7(3) of the Unfair Competition Act (UWG).

Registration on our website

If the data subject makes use of the option to register on the website of the data controller by providing personal data, the data entered in the relevant form will be transmitted to the data controller. The data is stored exclusively for internal use by the data controller. The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Upon registration, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services. The data is not disclosed to third parties. An exception applies where there is a legal obligation to disclose the data. The registration of data is necessary for the provision of content or services. Registered individuals may have their stored data deleted or amended at any time. The data subject may obtain information about their stored personal data at any time.

Calendly

Description and purpose

We use the Calendly service to arrange appointments. The provider is Calendly, LLC, USA. Via Calendly, interested parties, customers, partners or other contacts can select available slots and book them directly. When using the service, the data you enter as well as technical usage data are processed. This may include, in particular, your first and last name, email address, telephone number, preferred appointment time, any details of the content or messages, as well as meta and log data such as IP address, date and time of booking, time zone, device type and browser information. The processing is carried out for the purpose of efficient appointment organisation, appointment confirmation and the arrangement of initial contacts, meetings or consultation appointments. Calendly generally processes appointment data in connection with the use of the service on behalf of the respective customer; in addition, Calendly also processes certain data for its own purposes, such as for the provision and security of the service.

Legal basis

The legal basis for the processing of your personal data is Article 6(1)(b) of the GDPR, provided that the appointment booking is made in connection with the initiation or performance of a contract. If the service is used for general contact or for simplified appointment organisation, the legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in simple and user-friendly appointment booking as well as in the efficient organisation of meetings. Where consent is sought, Article 6(1)(a) of the GDPR forms the legal basis for the processing.

Recipient

The recipient of your personal data is Calendly, LLC, USA.

Transfer to third countries

Personal data may be transferred to the United States or other third countries. According to current information from Calendly, Calendly relies in particular on the EU-US Data Privacy Framework, the UK Extension thereto, as well as on standard contractual clauses and the UK Addendum for transfers of personal data from the EEA, the United Kingdom and Switzerland.

Duration of data storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected and there are no legal retention obligations to the contrary. Otherwise, the storage period is governed by Calendly’s guidelines and our internal deletion deadlines. Calendly states that it generally only stores personal data for as long as is necessary to achieve the purpose, to fulfil contractual and legal obligations, or to assert, exercise or defend legal claims.

Objection

Where processing is based on Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object at any time to the processing of your personal data on grounds relating to your particular situation.

Contractual and legal obligation

There is no legal or contractual obligation to provide the data. However, without providing the required data, it may not be possible to book an appointment via Calendly, or the booking may not be completed in full.

Further data protection information

Further information on the processing of your personal data can be found here: https://calendly.com/legal/privacy-notice

Webinars

We use the Go to Webinar service, provided by LogMeIn Ireland Limited, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland (“LogMeIn”), for the registration and delivery of our webinars.

It is not possible to register for a webinar without registering and providing your details. In return for providing this service, we use the data you have provided to contact you so that we can offer you the opportunity to participate in our information events and seminars.

The legal basis for the processing of your personal data is your consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw this consent at any time with future effect by email.

When you register or during the webinar, LogMeIn processes the following data on our behalf:

  • Data you provide when registering for our event (name, email address, any questions on the topic),
  • Service data voluntarily provided by you or others when participating in a webinar (e.g. participant information, contact details, schedules, etc.),
  • Data passively logged by the service (session duration, use of webcams, connection data)
  • Usage and log data relating to the use of the service (information about the device used, IP address, location information, language settings, operating system used, unique device identifier, diagnostic data)

Your personal data may be transferred to and/or accessed by LogMeIn’s affiliated and non-affiliated service providers worldwide. LogMeIn always complies with legal requirements and ensures an appropriate level of data protection regardless of where the data is transferred or accessed.

Further information on Go to Webinar’s privacy policy: https://www.logmein.com/de/legal/privacy

Zoom

Description and purpose

We use the Zoom tool on our site to conduct telephone conferences, video conferences and/or webinars (“online meetings”). When using Zoom, various types of data are processed. The scope of the data also depends on what information you provide before or during your participation in an online meeting. To participate in an online meeting, you must at least provide your name in order to enter the “meeting room”.

The following other personal data may be processed:

User details:

  • First name, surname, telephone number (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)

Meeting metadata:

  • Topic, description (optional), participants’ IP addresses, device/hardware information

For recordings (optional):

  • MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat

When dialling in by telephone:

  • Details of the incoming and outgoing phone numbers, country name, start and end times. Where applicable, further connection data, such as the device’s IP address, may be stored.

Text, audio and video data:

  • You may have the option to use the chat, question or poll functions during an online meeting. In this respect, the text you enter is processed in order to display it in the online meeting and, where applicable, to log it. To enable the display of video and the playback of audio, data from your device’s microphone and any video camera on your device will be processed for the duration of the online meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom application.

Legal basis

For employees of the controller, Section 26 of the new Federal Data Protection Act (BDSG-neu) forms the legal basis for data processing. Where data is collected during the use of Zoom that is an essential component of its use, and no employment relationship exists between the data subject and the controller, the legal basis for processing is Article 6(1)(f) of the GDPR. In these cases, our interest lies in the effective conduct of online meetings. For other participants in online meetings – insofar as the meetings are held within the framework of contractual relationships – Article 6(1)(b) of the GDPR is the legal basis for data processing.

Recipient

The recipient of your personal data is Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113.

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Article 46 of the GDPR. We have entered into standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibilities and, where necessary, take further measures to ensure the protection of personal data in order to safeguard the rights and freedoms of natural persons.

Duration of data storage

The data will be erased as soon as it is no longer necessary for the purpose for which it was collected. Furthermore, the data will be erased if you exercise your right to erasure within the meaning of Article 17(1) of the GDPR.

Objection

Where your personal data is processed on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right, at any time, to object to the processing of your personal data in accordance with Article 21(1) of the GDPR. Should you exercise this right, processing for this purpose will cease. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://zoom.us/de-de/privacy.html

 

Google reCAPTCHA

Description and purpose

To protect your orders submitted via the online form, we use the reCAPTCHA service (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which is equipped with an advanced risk analysis engine and adaptive challenges to protect against malware and abusive activities. The query serves to distinguish whether the input is made by a human or, abusively, through automated, machine processing. reCAPTCHA collects IP addresses and anonymises them, whereby truncated IP addresses are usually transmitted. The IP address transmitted by your browser as part of reCAPTCHA is not merged with other data from Google. You can find further information on reCAPTCHA here.

Legal basis

The legal basis for the processing of your personal data is Article 6(1)(a) of the GDPR. 

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Article 46 of the GDPR. Where necessary, we have agreed appropriate safeguards within the meaning of Article 46(2) of the GDPR with the data importer. Furthermore, we are aware of our responsibilities and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

The data is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.

Withdrawal

You have the right to withdraw your consent at any time, cf. Article 7(3) sentence 1 of the GDPR. This may be done informally and without giving reasons, and takes effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

You can find further information on the processing of your personal data here: https://policies.google.com/privacy?hl=de&gl=del

Security

We have implemented comprehensive technical and organisational security measures to protect your data against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological advancements. Furthermore, we ensure data protection on an ongoing basis through continuous auditing and optimisation of our data protection organisation.

Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH reserves all rights to make changes and updates to this privacy policy. This privacy policy was created by the data protection management system as part of hellotrust, a brand of Keyed GmbH.