Privacy Policy

Data Controller under the GDPR

The controller within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union, as well as other provisions of a data protection nature, is:

Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH
Carl-Benz-Straße 5
48565 Steinfurt
www.westmbh.de
post@westmbh.de
+49 2551 69 2700

Privacy Policy

We welcome you to our website and appreciate your interest. The protection of your personal data is very important to us. That is why we conduct our activities in accordance with applicable laws regarding the protection of personal data and data security. Below, we would like to inform you about which data from your visit is used and for what purposes.

Data Protection Officer

Nils Möllers
Keyed GmbH
info@keyed.de

What is personal data?

The term “personal data” is defined in the Federal Data Protection Act and the EU GDPR. According to these definitions, personal data consists of specific information regarding the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, your full name, your address, your phone number, or your date of birth. Learn more here about what data protection entails.

Scope of Anonymous Data Collection and Processing

Unless otherwise stated in the following sections, no personal data is generally collected, processed, or used when you use our websites. However, through the use of analytics and tracking tools, we obtain certain technical information based on the data transmitted by your browser (such as browser type/version, operating system used, webpages visited on our site including duration of visit, and previously visited webpage). We evaluate this information solely for statistical purposes.

Legal Basis for the Processing of Personal Data

  1. To the extent that we obtain your consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
  2. When processing personal data necessary for the performance of a contract to which you are a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
  3. To the extent that the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
  4. In the event that vital interests on your part or on the part of another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
  5. If processing is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights, and freedoms do not override the aforementioned interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
  6. If the processing is necessary for the performance of a task carried out in the public interest and entrusted to the controller, Article 6(1)(e) of the GDPR serves as the legal basis for the data processing.

Creation of Log Files

Each time the website is accessed, Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH collects data and information via an automated system. This data is stored in the server’s log files. The data is also stored in our system’s log files. This data is not stored together with any other personal data belonging to you. The following data may be collected in this process:

(1) Information about the browser type and version used
(2) Your operating system
(3) Your Internet service provider
(4) Your Internet service provider
(5) Date and time of access
(6) Websites from which your system accessed our website (referrer)
(7) Websites accessed by your system via our website

Routine Deletion and Blocking of Personal Data

The data controller processes and stores your personal data only for as long as is necessary to achieve the purpose of storage. Storage may also take place to the extent that this is provided for by European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. As soon as the purpose of storage no longer applies or a retention period prescribed by the aforementioned provisions expires, your personal data will be routinely blocked or deleted.

Privacy Notice for Participation in WESt mbH Events

We appreciate your interest in our events. To ensure your smooth participation, we process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR).

1. Nature and Scope of Data Processing

Depending on the format of the event (in-person or online), we collect the following categories of data:

  • Basic data: Last name, first name, institution/school.
  • Contact data: Email address, phone number if applicable.
  • Event-specific data: Participant status (e.g., teacher, student, entrepreneur), consent forms from legal guardians (for minors).
  • Online events: Metadata regarding technical implementation (IP address, time of participation) as well as, if applicable, audio and video data, provided you activate your camera or microphone.

2. Purpose of Processing

Data processing is carried out for the following purposes:

  • Organization, implementation, and follow-up of the event (e.g., participant lists, certificate issuance).
  • Distribution of event-related information and materials.
  • For online formats: Provision of the technical platform.

3. Participation of Minors (Students)

For events in which minors participate, we place particular emphasis on data protection.

  • The collection of data serves exclusively to conduct the educational or career-oriented program.
  • If registration is done directly by the minors, those aged 16 and older may provide their own consent. For younger participants, the consent of a legal guardian is mandatory.

4. Special considerations for online events

For our digital formats, we use standard conferencing tools (e.g., Zoom, Microsoft Teams, or Webex).

  • Note: Video or audio recording will only take place if we explicitly inform you of this and obtain separate consent.
  • You can generally also participate using pseudonymous data (e.g., first name only) and keep your camera and microphone disabled.

5. Image and Audio Recordings (Public Relations)

During our events, photos or videos are occasionally taken for press relations as well as for documentation on our website or social media.

  • On-site: We will notify you on-site when recordings are being made. You have the right at any time to inform the photographer that you do not wish to be recorded.
  • Minors: Photos of students will only be taken if a written consent form from their legal guardians is provided.

6. Legal Basis

Processing is based on:

  • Art. 6(1)(b) GDPR (performance of a contract/pre-contractual measures) for the processing of the registration.
  • Art. 6(1)(f) GDPR (Legitimate Interest) for the documentation and public relations activities of WESt mbH.
  • Art. 6(1)(a) GDPR (Consent), provided you have given us explicit consent (e.g., for newsletters or photos).

7. Retention Period and Disclosure

We store your data only for as long as is necessary to carry out the event and to comply with statutory retention periods (e.g., for funded projects). Data will only be disclosed to third parties if this is absolutely necessary for the event’s execution (e.g., to cooperation partners or speakers).

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access pursuant to Art. 15 GDPR

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request the following information from the controller:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  4. the planned duration of the storage of your personal data or, if specific details are not available, the criteria used to determine the storage period;
  5. the existence of a right to rectification or erasure of your personal data, a right to restrict processing by the controller, or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information regarding the origin of the data, if the personal data is not collected from you;
  8. the existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) of the GDPR, and—at least in these cases—meaningful information regarding the logic involved, as well as the scope and intended effects of such processing on you.

You have the right to request information regarding whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

Right to rectification pursuant to Art. 16 GDPR

You have the right to request rectification and/or completion from the controller if the personal data concerning you that is being processed is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

Right to erasure pursuant to Art. 17 GDPR

(1) You may request that the controller erase your personal data without undue delay, and the controller is obligated to erase such data without undue delay if any of the following grounds apply:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you was collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

(2) If the controller has made your personal data public and is obligated to erase it pursuant to Article 17(1) of the GDPR, the controller shall, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure of all links to such personal data or of copies or replications of such personal data. 

(3) The right to erasure does not apply where the processing is necessary

  1. for the exercise of the right to freedom of expression and information;
  2. to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
  5. for the establishment, exercise, or defense of legal claims.

Right to restriction of processing pursuant to Art. 18 GDPR

You may request the restriction of the processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal data for a period that allows the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use;
  3. the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims; or
  4. if you have objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.

If the processing of your personal data has been restricted, such data—apart from its storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to be informed pursuant to Art. 19 GDPR

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obligated to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.

Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
  2. the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, provided this is technically feasible. The rights and freedoms of others must not be adversely affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the option, in connection with the use of information society services—notwithstanding Directive 2002/58/EC—to exercise your right to object by means of automated procedures using technical specifications.

Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is permitted by Union or Member State law to which the controller is subject, and that law provides for appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data as defined in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in a. and c., the controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which shall include at least the right to obtain human intervention on the part of the controller, to present your point of view, and to challenge the decision.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority to which the complaint was submitted shall inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 77 of the GDPR.

Duration of Storage of Personal Data

Personal data is stored for the duration of the respective statutory retention period. Upon expiration of the retention period, the data is routinely deleted, unless it is necessary for the initiation or fulfillment of a contract.

Use of Cookies

The websites of Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH use cookies. Cookies are data stored by your web browser on your computer system. Cookies may be transmitted to a website when you visit it, thereby enabling your identification. Cookies help simplify your use of websites. 

You may object to the setting of cookies at any time by adjusting the settings in your web browser. Set cookies can be deleted. Please note that if you disable cookies, you may not be able to use all features of our website to their full extent. The data collected from you in this manner is pseudonymized through technical measures. Therefore, it is no longer possible to link the data to you. The data is not stored together with any other personal data about you. When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this privacy policy. In this context, you are also informed about how you can prevent the storage of cookies in your browser settings. The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR. The legal basis for processing personal data using cookies for analytical purposes is Article 6(1)(a) of the GDPR, provided you have given your consent. Please refer to our cookie banner and the information in this privacy policy to determine whether and to what extent cookies are used on our website.

hellotrust

Description and Purpose

The operator of this website uses the functions of hellotrust. The provider of hellotrust is Keyed GmbH, Siemensstr. 12, 48341 Altenberge. hellotrust provides the website operator with a legally required cookie notice and enables the operator to manage opt-in and opt-out options, as required by law, using a Cookie Consent Manager. To determine which tools are in use, the website is scanned by the hellotrust crawler. The scanned information is then incorporated into the cookie notice/cookie consent manager. Additionally, hellotrust automatically generates a dynamic privacy policy for the website operator in accordance with the requirements of the General Data Protection Regulation (GDPR).

Legal Basis

The transfer of your data to the website operator is based on Art. 6(1)(c) (legal obligation) and Art. 6(1)(f) GDPR (legitimate interest)

Recipient

The recipient of the data is the website operator.

Transfer to third countries

No data is transferred to a third country.

Duration of data storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you revoke your consent or request the deletion of your personal data.

Right to object

You have the option to withdraw your consent to data processing at any time. Withdrawal does not affect the validity of past data processing operations.

Contractual or Legal Obligation

There is no contractual or legal obligation to provide the data.

Further privacy information via link

https://hellotrust.de/datenschutzerklaerung/

 

Google Analytics 4

Description and Purpose

This website uses the “Google Analytics 4” service, provided by Google LLC, to analyze website usage by users. The service uses “cookies”—text files that are stored on your device. First-party cookies are used for this purpose. With a first-party cookie, the user can only be recognized by the site from which the cookie originates, not across multiple domains. The information collected by the cookies is generally sent to a Google server in the United States and stored there. Where applicable, Google Analytics is used on this website with the code “gat._anonymizeIp();” to ensure the anonymized collection of IP addresses (so-called IP masking). Please also note the following information regarding the use of Google Analytics: The IP address of users is truncated within the member states of the EU and the European Economic Area. This truncation removes the personal reference from your IP address. For EU citizens, the IP address is also used only to derive location data and is then deleted. You also have the option to enable or disable the collection of detailed location and device data for individual regions (tracking settings). Additionally, Google Signals can be disabled to prevent association with a Google account, and personalized ads can be disabled. Under the data processing agreement that the website operators have entered into with Google LLC, Google uses the collected information to analyze website usage and activity and to provide services related to internet usage.

Legal Basis

The legal basis for the processing of your personal data is Art. 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. We have entered into standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Furthermore, the data will be deleted if you exercise your right to erasure within the meaning of Art. 17(1) GDPR. The maximum storage period is 14 months.

Withdrawal

You have the right to withdraw your consent at any time, see Art. 7(3) sentence 1 GDPR. This may be done informally and without stating reasons, and takes effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. You can find further information on this above in our Privacy Policy under “Rights of Data Subjects.”

Contractual and Legal Obligation

There is no contractual or legal obligation to provide the data.

Additional privacy notices

You can find further information on the processing of your personal data here: https://support.google.com/analytics/answer/6004245?hl=de, https://policies.google.com/privacy?hl=de&gl=de.

 

Data Transfer to Third Countries

The controller may transfer personal data to a third country. In principle, the controller can ensure an adequate level of protection for the processing through various appropriate safeguards. Data transfers may be carried out on the basis of an adequacy decision, internal data protection regulations, approved codes of conduct, standard data protection clauses, or an approved certification mechanism pursuant to Art. 46(2)(a)–(f) of the GDPR.

If the controller transfers data to a third country on the legal basis of Article 49(1)(a) of the GDPR, you will be informed here about the potential risks of transferring data to a third country.

There is a risk that the third country receiving your personal data may not be able to provide a level of protection equivalent to that provided for personal data within the European Union. This may be the case, for example, if the European Commission has not issued an adequacy decision for the respective third country or if certain agreements between the European Union and the respective third country are declared invalid. Specifically, in some third countries, there are risks regarding the effective protection of EU fundamental rights due to the application of surveillance laws (for example, the United States). In such a case, it is the responsibility of the controller and the recipient to assess whether the rights of data subjects in the third country enjoy a level of protection equivalent to that in the Union and can also be effectively enforced.

However, the General Data Protection Regulation should not undermine the level of protection guaranteed throughout the Union for natural persons when personal data is transferred from the Union to controllers, processors, or other recipients in third countries or to international organizations, even if personal data is further transferred from a third country or an international organization to controllers or processors in the same or another third country or to the same or another international organization.

Integration of Other Third-Party Services and Content

Description and Purpose

It may occur that third-party content, such as videos, fonts, or graphics from other websites, is integrated within this online offering. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) detect the user’s IP address. Without the IP address, they would not be able to send the content to the respective user’s browser. The IP address is therefore necessary for the display of this content. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. However, we have no influence over whether third-party providers store the IP address, e.g., for statistical purposes. To the extent we are aware of this, we inform users accordingly. We aim to provide and improve our online service through these integrations.

Legal Basis

The legal basis for the integration of other third-party services and content is Art. 6(1)(f) GDPR. Our overriding legitimate interest lies in the intention to present our online presence appropriately and to provide user-friendly and economically efficient services on our part. For further information, please refer to the respective privacy policies of the providers.

Contractual or Legal Obligation to Provide Personal Data

The provision of personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obligated to provide personal data. However, failure to provide such data may result in your inability to use this feature, or to use it to its full extent.

 

YouTube

Description and Purpose

We use the YouTube.com platform to upload our own videos and make them publicly available. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Some pages on our website contain links to YouTube. Generally, we are not responsible for the content of websites linked to from our site. However, if you follow a link to YouTube, please note that YouTube stores its users’ data (e.g., personal information, IP address) in accordance with its own data usage policies and uses it for business purposes. We also directly embed videos stored on YouTube on some of our web pages. With this embedding, content from the YouTube website is displayed in sections of a browser window. However, the YouTube videos are only loaded when you click on them separately. This technique is also known as “framing.” When you visit a page or subpage of our website where YouTube videos are embedded in this manner, a connection is established with the YouTube servers, and the content is displayed on the webpage by being transmitted to your browser.

Legal Basis

The legal basis for the processing of your personal data is Art. 6(1)(a) GDPR.

Recipient

The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. We have entered into standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibilities and, where necessary, take additional measures to ensure the protection of personal data and to safeguard the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you exercise your right to erasure within the meaning of Article 17(1) of the GDPR.

Withdrawal

You have the right to withdraw your consent at any time, see Art. 7(3) sentence 1 GDPR. This may be done informally and without stating reasons, and takes effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. You can find further information on this above in our Privacy Policy under “Rights of Data Subjects.”

Contractual and Legal Obligation

There is no contractual or legal obligation to provide the data.

Additional privacy notices

You can find further information on the processing of your personal data here: https://policies.google.com/privacy

Embedded resources:

  • www.umwelt.nrw.de
  • siteassets.parastorage.com
  • fonts.googleapis.com
  • cdnjs.cloudflare.com
  • www.gstatic.com
  • www.betriebsplus.de
  • code.jquery.com
  • video.wixstatic.com
  • fonts.gstatic.com
  • www.zenit.de
  • www.google.com
  • static.wixstatic.com
  • static.parastorage.com
  • timeline.lumifish.eu
  • frog.wix.com
  • files.newsletter2go.com
  • www2.duisburg.de
  • www.newsletter2go.com
  • static.newsletter2go.com
  • api.newsletter2go.com

Additional website features

Ways to contact us

The website of Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH features a contact form that can be used to contact us electronically. Alternatively, you may contact us via the provided email address. If the data subject contacts the data controller via one of these channels, the personal data transmitted by the data subject will be automatically stored. The storage serves solely for the purpose of processing the request or contacting the data subject. The data will not be disclosed to third parties. The legal basis for processing the data, provided the user has given consent, is Article 6(1)(a) of the GDPR. The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) of the GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the contact form input field and data sent via email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Newsletter

If you subscribe to our company’s newsletter, the data entered in the respective form is transmitted to the data controller. Registration for our newsletter takes place via a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from signing up using someone else’s email address. When you sign up for the newsletter, the user’s IP address as well as the date and time of registration are stored. This is done to prevent misuse of the services or the data subject’s email address. The data will not be disclosed to unauthorized third parties. However, data necessary for the purpose of sending the newsletter may be transmitted to relevant service providers. An exception also applies if there is a legal obligation to disclose the data. The data is used exclusively for sending the newsletter. The data subject may cancel the newsletter subscription at any time. Likewise, consent to the storage of personal data may be revoked at any time. For this purpose, a corresponding link is included in every newsletter. The legal basis for processing the data following the user’s subscription to the newsletter is Article 6(1)(a) of the GDPR, provided the user has given consent. The legal basis for sending the newsletter following the sale of goods or services is Section 7(3) of the UWG.

Registration on our website

If the data subject uses the option to register on the controller’s website by providing personal data, the data entered in the respective input form is transmitted to the controller. The data is stored exclusively for internal use by the data controller. The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Upon registration, the user’s IP address as well as the date and time of registration are stored. This serves to prevent misuse of the services. The data is not disclosed to third parties. An exception applies if there is a legal obligation to disclose the data. Registration of the data is necessary for the provision of content or services. Registered individuals have the option at any time to have the stored data deleted or modified. The data subject may obtain information about their stored personal data at any time.

Calendly

Description and Purpose

We use the Calendly service to schedule appointments. The provider is Calendly, LLC, USA. Through Calendly, interested parties, customers, partners, or other contacts can select available appointments and book them directly. When using the service, the data you enter as well as technical usage data are processed. This may include, in particular, first and last name, email address, phone number, preferred appointment time, and, if applicable, content details or messages, as well as meta and log data such as IP address, date and time of booking, time zone, device type, and browser information. Processing is carried out for the purpose of efficient appointment scheduling, appointment confirmation, and the conduct of initial contacts, meetings, or consultation appointments. Calendly generally processes appointment data in connection with the use of the service on behalf of the respective customer; in addition, Calendly also processes certain data for its own purposes, such as for the provision and security of the service.

Legal Basis

The legal basis for the processing of your personal data is Art. 6(1)(b) GDPR, provided that the appointment booking is made in connection with the initiation or performance of a contract. If the service is used for general contact or simplified appointment scheduling, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in simple and user-friendly appointment booking as well as in the efficient organization of meetings. To the extent that consent is requested, Article 6(1)(a) of the GDPR serves as the legal basis for processing.

Recipient

The recipient of your personal data is Calendly, LLC, USA.

Transfer to Third Countries

Personal data may be transferred to the United States or other third countries. According to current information from Calendly, Calendly relies in particular on the EU-U.S. Data Privacy Framework, the UK Extension thereto, as well as on standard contractual clauses and the UK Addendum for transfers of personal data from the EEA, the United Kingdom, and Switzerland.

Duration of data storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and there are no legal retention obligations to the contrary. Otherwise, the retention period is determined by Calendly’s guidelines and our internal deletion schedules. Calendly states that it generally stores personal data only for as long as necessary to achieve the purpose, to fulfill contractual and legal obligations, or to assert, exercise, or defend legal claims.

Objection

To the extent that processing is based on Art. 6(1)(f) of the GDPR, you have the right under Art. 21 of the GDPR to object at any time to the processing of your personal data for reasons arising from your particular situation.

Contractual and Legal Obligation

There is no legal or contractual obligation to provide the data. However, without providing the required data, booking an appointment via Calendly may not be possible or may not be completed in full under certain circumstances.

Further privacy notices

You can find further information on the processing of your personal data here: https://calendly.com/legal/privacy-notice

Webinars

We use the Go to Webinar service, provided by LogMeIn Ireland Limited, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland (“LogMeIn”), for the registration and hosting of our webinars.

Registration for a webinar without providing your data is not available. In exchange for providing this service, we use the data you provide to contact you so that we can offer you the opportunity to participate in our informational events and seminars.

The legal basis for the processing of your personal data is your consent pursuant to Art. 6(1)(a) GDPR. You may revoke this consent at any time with future effect via email.

When you register or during the webinar, LogMeIn processes the following data on our behalf:

  • Data you provide when registering for our event (name, email address, and any questions regarding the topic),
  • Service data voluntarily provided by you or others when participating in a webinar (e.g., participant information, contact details, schedules, etc.),
  • Data passively logged by the service (session duration, webcam usage, connection data)
  • Usage and log data regarding the use of the service (information about the device used, IP address, location information, language settings, operating system used, unique device identifier, diagnostic data)

Your personal data may be transferred worldwide to and by LogMeIn’s affiliated and non-affiliated service providers and/or be accessible to them. LogMeIn always complies with legal requirements and ensures an appropriate level of data protection regardless of where the data is transferred or accessed.

Further information on Go to Webinar’s privacy policy: https://www.logmein.com/de/legal/privacy

Zoom

Description and Purpose

We use the Zoom tool on our site to conduct telephone conferences, video conferences, and/or webinars (“online meetings”). When using Zoom, various types of data are processed. The scope of the data also depends on what information you provide before or during your participation in an online meeting. To participate in an online meeting, you must at least provide your name to enter the “meeting room.”

The following other personal data may be subject to processing:

User information:

  • First name, last name, phone number (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)

Meeting metadata:

  • Topic, description (optional), participant IP addresses, device/hardware information

For recordings (optional):

  • MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat

When dialing in by phone:

  • Information on the incoming and outgoing phone numbers, country name, start and end times. Additional connection data, such as the device’s IP address, may be stored if applicable.

Text, audio, and video data:

  • You may have the option to use the chat, question, or poll functions in an online meeting. In this regard, the text you enter is processed to display it in the online meeting and, if necessary, to log it. To enable video display and audio playback, data from your device’s microphone and any video camera on your device will be processed accordingly during the duration of the online meeting. You can turn off or mute the camera or microphone yourself at any time via the Zoom application.

Legal Basis

For employees of the controller, Section 26 of the BDSG-neu serves as the legal basis for data processing. If data is collected during the use of Zoom that is essential for its use, and no employment relationship exists between the data subject and the controller, the legal basis for processing is Article 6(1)(f) of the GDPR. In these cases, our interest lies in the effective conduct of online meetings. For other participants in online meetings—provided the meetings are conducted within the framework of contractual relationships—Article 6(1)(b) of the GDPR serves as the legal basis for data processing.

Recipient

The recipient of your personal data is Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113.

Transfer to Third Countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. We have entered into standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibilities and, where necessary, take additional measures to ensure the protection of personal data and to safeguard the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Furthermore, the data will be deleted if you exercise your right to erasure within the meaning of Article 17(1) of the GDPR.

Objection

In the event that your personal data is processed on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right at any time, pursuant to Article 21(1) of the GDPR, to object to the processing of your personal data. If you exercise this right, processing for this purpose will no longer take place. You can find further information on this above in our Privacy Policy under “Rights of Data Subjects.”

Contractual and Legal Obligation

There is no contractual or legal obligation to provide the data.

Additional privacy notices

You can find further information on the processing of your personal data here: https://zoom.us/de-de/privacy.html

 

Google reCAPTCHA

Description and Purpose

To protect your orders submitted via the online form, we use the reCAPTCHA service (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which is equipped with an advanced risk analysis engine and adaptive challenges to protect against malware and abusive activities. The query serves to distinguish whether the input is made by a human or abusively through automated, machine-based processing. reCAPTCHA collects IP addresses and anonymizes them, typically transmitting truncated IP addresses. The IP address transmitted by your browser as part of reCAPTCHA is not combined with other data from Google. You can find more information about reCAPTCHA here.

Legal Basis

The legal basis for the processing of your personal data is Art. 6(1)(a) GDPR. 

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards pursuant to Article 46 of the GDPR. To this end, we have, where necessary, entered into appropriate safeguards within the meaning of Article 46(2) of the GDPR with the data importer. Furthermore, we are aware of our responsibility and, where necessary, take additional measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of Data Storage

The data is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.

Withdrawal

You have the right to withdraw your consent at any time, see Art. 7(3) sentence 1 GDPR. This can be done informally and without providing reasons, and takes effect for the future. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. You can find further information on this above in our Privacy Policy under “Rights of Data Subjects.”

Contractual and Legal Obligation

There is no contractual or legal obligation to provide the data.

Further privacy notices

You can find further information on the processing of your personal data here: https://policies.google.com/privacy?hl=de&gl=del

Security

We have implemented extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological advancements. Furthermore, we ensure continuous data protection through ongoing auditing and optimization of our data protection organization.

Wirtschaftsförderungs- und Entwicklungsgesellschaft Steinfurt mbH reserves all rights to make changes and updates to this privacy policy. This privacy policy was created by the data protection management system as part of hellotrust, a brand of Keyed GmbH.