PRIVACY POLICY

This Privacy Policy informs you about which of your personal data (hereinafter “data”) are processed, to what extent and for what purpose as part of our online service and the associated websites, functions, content and external online presences, e.g. our social media profiles (hereinafter “online service”). With regard to the terms used such as “processing” or “data controller” we draw your attention to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

DATA CONTROLLER

 

LIGA 2037 GmbH

Herdweg 59

70174 Stuttgart, Germany

Managing Director/ Owner: Dr. Marc Schumacher

Link to Legal Information: https://www.liga2037.com/imprint/

Data Protection Officer contact address: datenschutz@zeitgeist.group

 

 

 

TYPES OF DATA PROCESSED:

 

– User data (e.g. name and address)

– Contact data (e.g. e-mail address, telephone numbers)

– Content data (e.g. text input, photographs, videos)

– Usage data (e.g. websites visited, interest in content, times of visits).

– Metadata/Communication data (e.g. information about devices used, IP addresses).

 

 

 

PURPOSE OF PROCESSING

 

– Provision of the online service, its functions and its content

– To respond to contact requests and for communication with users

– Security measures

– Audience reach measurement/Marketing.

 

 

 

TERMS USED

 

“Personal data” are all information that relates to an identified or identifiable natural person (hereinafter the “data subject”); a natural person will be considered identifiable if they can be identified directly or indirectly particularly through association with a designation such as a name, an ID number, location data, online identification (e.g. a cookie) or one or more specific features that indicate the physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

 

“Processing” is any automated or non-automated process or sequence effected in connection with personal data. The term is far-reaching and covers virtually every use of data.

 

The “data controller” is the natural or legal person, authority, establishment or other body that alone or with others decides on how and for what purpose personal data are processed.

 

 

 

APPLICABLE LEGAL PROVISIONS

 

In accordance with Art. 13 GDPR we are informing you of the legal bases on which we undertake data processing. Insofar as the legal basis is not specified in this Privacy Policy the following apply: Art. 6 (1) a) and Art. 7 GDPR form the legal basis for obtaining consent; the legal basis for processing for the purpose of providing our services, executing contractual measures and answering requests is Art. 6 (1) b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6 (1) c) GDPR; and the legal basis for processing to pursue our legitimate interests is Art. 6 (1) f) GDPR. In the event that processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, the legal basis is Art. 6 (1) d) GDPR.

 

 

 

SECURITY MEASURES

 

We would ask you to regularly read our Privacy Policy from time to time. We modify our Privacy Policy whenever changes arising out of our data processing render this necessary. We will inform you as soon as such changes require some action on your part (e.g. consent) or where personal notification is otherwise necessary.

 

 

 

COLLABORATION WITH DATA PROCESSORS AND THIRD PARTIES

 

Insofar as we disclose data to other individuals and businesses (data processors and third parties), transfer data to them or otherwise give them access to the data within the scope of our processing, this is effected only where this is legally permissible (e.g. where transfer of the data to a third party such as payment service providers is necessary for contract performance in accordance with Art. 6 (1) b) GDPR), where you have given your consent, where a legal obligation exists, or where it is on the basis of our legitimate interests (e.g. in the event that agents, web hosters, etc. are used).

Insofar as we instruct third parties to process data on the basis of a data processing contract, this is done on the basis of Art. 28 GDPR.

 

 

 

TRANSFER TO THIRD COUNTRIES

 

Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so by using the services of a third party and/or disclose and/or transfer data to third parties, this is only done in order to fulfill our precontractual and/or contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we process data or have data processed in a third country only where the special conditions set out in Art. 44 ff. GDPR exist. This means that processing is effected on the basis of special guarantees such as the officially recognized establishment of a EU-compliant level of data protection (e.g. the Privacy Shield in the USA) or observation of officially recognized special contractual obligations (what are known as “standard contractual clauses”).

 

 

 

RIGHTS OF THE DATA SUBJECT

 

Under the provisions of Art. 15 GDPR you have the right to request information about which data are being processed, and the right to information about these data as well as to further information and a copy of the data.

Under the provisions of Art. 16 GDPR you have the right to request the completion of your personal data and/or rectification of incorrect personal data.

Under the provisions of Art. 17 GDPR you have the right to request the immediate erasure of your personal data and/or to request that the processing of your personal data be restricted under the provisions of Art. 18 GDPR.

Under the provisions of Art. 20 GDPR you have the right to receive the personal data that you have provided to us, and the right to have that data transferred to another data controller.

Furthermore, Art. 77 GDPR gives you the right to lodge a complaint with the competent supervisory authority.

 

 

 

RIGHT TO WITHDRAW CONSENT

 

Under the provisions of Art. 7 (3) GDPR you have the right to withdraw any consents you have given with future effect.

 

 

 

RIGHT TO OBJECT

 

Under the provisions of Art. 21 GDPR you may object at any time to the future processing of your personal data. This objection may most notably be exercised against processing for the purposes of direct advertising.

 

 

 

COOKIES AND THE RIGHT TO OBJECT TO DIRECT ADVERTISING

 

Cookies are small files that are stored on your computer. Various information may be stored on cookies. The main purpose of a cookie is to store information about you, as a user (such as the device on which the cookie is stored) during and/or after your visit to an online service. Cookies that are deleted after you have left the online service and closed your browser are known as temporary, session, or transient cookies. This kind of cookie may, for example, store the contents of your shopping cart in an online store or your login status. Permanent or persistent cookies are those cookies that remain stored on your device even after the browser is closed. This means that your login status can be stored when you return to the service at some later date. Equally, this kind of cookie can store your interests and this information is used to measure audience reach or for marketing purposes. Third- party cookies are those cookies that are placed by providers other than the party providing the online service (that party’s cookies are known as first-party cookies).

We may use temporary and permanent cookies and explain their use in our Privacy Policy.

If you do not wish cookies to be stored on your computers, you should deactivate them by adjusting your browser settings accordingly. Browser settings can be used to deleted cookies that are already stored. Blocking cookies may reduce the functionality of this online service.

You may make a blanket objection to the use of cookies for the purposes of online marketing for a wide range of services, and particularly tracking, via the US web page www.aboutads.info/choices/ or the EU page www.youronlinechoices.com. The storage of cookies may furthermore be prevented by adjusting the browser settings to block them. Please note that if you do so, you may not be able to use all the functions of this online service.

 

 

ERASURE OF DATA

 

The data we process are erased in accordance with Art. 17 and 18 GDPR or their processing is restricted. Insofar as not explicitly specified in this Privacy Policy, the data we have stored are erased as soon as they are no longer required for the purpose for which they were collected, and where no statutory retention periods conflict with such erasure. Where the data are not erased because they are required for other, lawful purposes, their processing is restricted. This means that the data are blocked and are not processed for other purposes. This applies, for example, to data that must be retained under the provisions of commercial or fiscal law.

Under the provisions of German law, the most notable retention periods are 10 years in accordance with Art. 147 (1), Art. 257 (1) 1) and 4) AO (German Tax Code), Art. 4 HGB (German Commercial Code) (books, records, situation reports, booking receipts, account books, documents relevant for tax purposes, etc.), and 6 years in accordance with Art. 257 (1) 2) and 3), and (4) HGB (business correspondence).

Under the provisions of Austrian law, the most notable retention periods are 7 years (accounting documents, receipts/invoices, accounts, vouchers, business papers, records of income and outgoings, etc.) in accordance with Art. 132 (1) BAO (Austrian Tax Code), 22 years in connection with real estate lots, and 10 years for documentation connected with services provided electronically, telecommunications, radio and television services provided to non-entrepreneurs in EU member states, and those services for which the Mini-One-Stop-Shop (MOSS) is used.

 

 

 

BUSINESS-RELATED PROCESSING

 

We also process

– contractual data (e.g. subject matter of the contract, contract term, customer category)

– payment data (e.g. bank details, payment history) of our customers, leads and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.

 

 

 

HOSTING

 

The hosting services we use serve the provision of the following services: infrastructure and platform services, computing capacity, storage and database services, security services, and technical maintenance services that we use for the purpose of operating this online service.

In doing so we process, for example, our hosting provider’s user data, contact data, content data, contractual data, usage data, meta data and communication data of customers, leads, and visitors to this online service on the basis of our legitimate interests in an efficient and secure provision of this online service in accordance with Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR (conclusion of a processing contract).

 

 

 

COLLECTION OF ACCESS DATA
AND LOG FILES

 

We and/or our hosting provider collect data in what are known as log files every time the server on which this service is located is accessed, on the basis of our legitimate interest in the sense of Art. 6 (1) f) GDPR. These access data include the name of the web page visited, file, date and time of the visit, transferred data volume, report on successful retrieval, browser type and version, the user’s operating system, the referrer URL (the previously visited page), IP address and the name of the internet services provider.

Log file information is stored for a maximum 7 days for security reasons (e.g. to establish misuse or fraudulent acts) and then erased. Data which need to be retained for longer for evidence are not erased until the respective incident has been finalized.

 

 

 

AGENCY SERVICES

 

We process our customers’ data within the scope of our contractual services which include conceptual and strategic consultancy, campaign planning, software and design development/consultancy or maintenance, implementation of campaigns and processes/handling, server administration, data analysis / consultancy services and training services.

In doing so we process user data (e.g. customer user data such as names or addresses), contact data (e.g. e-mail addresses, telephone numbers), content data (e.g. text input, photographs, videos), contractual data (e.g. subject matter of the contract, contract term), payment data (e.g. bank details, payment history), usage and meta data (e.g. within the scope of analyzing and measuring the success of marketing measures). We do not process special categories of personal data save where these form part of a contracted processing. The data subjects include our customers, leads, and their customers, users, website visitors or employees, and third parties. The purpose of processing lies in the provision of contractual services, invoicing, and our customer service. Art. 6 (1) b) GDPR (contractual services) and Art. 6 (1) f) GDPR (analysis, statistics, optimization, security measures) form the legal basis for processing. We process data that are necessary to establish and provide contractual services and we draw attention to the need to provide these data. They are only disclosed to third parties where this is necessary within the scope of a contract. When processing data within the scope of a contract, we act on the instruction of the client and we comply with the statutory requirements for contracted processing as set out in Art. 28 GDPR, and we do not process the data for any purpose other than that specified in the contract.

We erase the data once statutory warranty and similar retention obligations have lapsed. The necessity of retaining data is checked every three years; in the event of statutory archiving obligations, erasure is effected once they have lapsed (6-year obligatory retention period under the provisions of Art. 257 (1) of the German Commercial Code; 10 years under the provisions of Art. 147 (1) of the German Tax Code). In the case of data that are disclosed to us by the client within the scope of a contract, we erase the data in accordance with the terms of the contract, and always once the contract has ended.

 

 

 

ADMINISTRATION, ACCOUNTING, OFFICE
ORGANIZATION, CONTACT MANAGEMENT

 

We process data within the scope of administrative duties and the organization of our business, accounting, and complying with legal obligations such as archiving. In doing so we process the same data that we process within the scope of providing our contractual services. Art. 6 (1) c) GDPR and Art. 6 (1) f) GDPR form the legal basis for processing. This processing affects customers, leads, business partners and website visitors. The purpose of and our interest in processing lies in administration, accounting, office organization, and archiving of data. In other words, tasks that serve the maintenance of our business activities, administration of our duties, and provision of our services. The erasure of the data with regard to contractual services and contractual communication corresponds with the details specified for these processing activities.

In the course of processing we disclose or transfer data to financial authorities, consultants such as tax consultants or auditors, and other billing centers and payment service providers.

On the basis of our commercial interests we furthermore store data about suppliers, event organizers and other business partners for the purpose of, say, making contact in future. We permanently store these data, the majority of which are business-related.

 

 

 

 MAKING CONTACT

 

When you make contact with us (e.g. by contact form, e-mail, telephone, or via social media) your data are processed for the purpose of dealing with the contact request and resolving it in accordance with Art. 6 (1) b) GDPR. Your data may be stored in a customer relationship management system (CRM system) or some similar request organization system.

We erase queries once they are no longer required. We examine their necessity every two years. The statutory archiving retention periods also apply.

 

 

 

INTEGRATION OF THE SERVICES AND
CONTENT OF THIRD PARTIES

 

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and cost-effective operation of our online service in the sense of Art. 6 (1) f) GDPR) within our online service we use the content or services of third-party providers in order to integrate their content and services such as videos or fonts (hereinafter “content”).

Such integration presupposes that the third-party provider of this content recognizes the your IP address as they cannot send their content to your browser without your IP address. This means that the IP address is necessary in order to display that content. We endeavor to use only content whose respective providers only use the IP address to deliver that content. Third-party providers may also use what are known as pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags allow information such as visitor traffic to a website’s pages to be analyzed. This pseudonymized information can also be stored on cookies on your device and may include technical information about your browser and operating system, the referring websites, time of the visit and other details, and may also be associated with such information from other sources.

 

 

 

Google Fonts

 

We use Fonts („Google Fonts“) by  Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data security policy: https://www.google.com/policies/privacy/,

Opt-Out: https://adssettings.google.com/authenticated.

 

 

 

Data protection provisions about the application and use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn provides under https://www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

 

 

 

Data protection provisions about the application and use of Twitter

 

On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.

Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.

 

 

 

Data protection provisions about the application and use of Xing

 

On this website, the controller has integrated components of XING. XING is an Internet-based social network that enables users to connect with existing business contacts and to create new business contacts. The individual users can create a personal profile of themselves at XING. Companies may, e.g. create company profiles or publish jobs on XING.

The operating company of XING is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a XING component (XING plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding XING component of XING. Further information about the XING plug-in the may be accessed under https://dev.xing.com/plugins. During the course of this technical procedure, XING gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on XING, XING detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the XING component and associated with the respective XING account of the data subject. If the data subject clicks on the XING button integrated on our Internet site, e.g. the “Share”-button, then XING assigns this information to the personal XING user account of the data subject and stores the personal data.

XING receives information via the XING component that the data subject has visited our website, provided that the data subject is logged in at XING at the time of the call to our website. This occurs regardless of whether the person clicks on the XING component or not. If such a transmission of information to XING is not desirable for the data subject, then he or she can prevent this by logging off from their XING account before a call-up to our website is made.

The data protection provisions published by XING, which is available under https://www.xing.com/privacy, provide information on the collection, processing and use of personal data by XING. In addition, XING has published privacy notices for the XING share button under https://www.xing.com/app/share?op=data_protection.

Produced using Datenschutz-Generator.de provided by RA Dr. Thomas Schwenke (Lawyer)