Data protection information for visitors to the website unfixcon.events and other data subjects

Here we – the Ministry Group GmbH (“Ministry” or “we”) – inform you about our processing of your personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”).

Our data protection notices are modular in structure. They consist of general notices for any processing of personal data and processing situations (I.) and special notices, the content of which relates in each case only to the processing situation specified therein (II. et seq.). In order to find the parts that are relevant to you, please refer to the following overview of the subdivision of the data protection notices:

I. General notes

II. Supplementary information for the website

III. Supplementary information for communication with us

IV. Supplementary information for customer and contract data

I. General notes

1. Party responsible for data protection

The responsible party in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Ministry Group GmbH
Kanalstraße 28 (Hinterhaus)
22085 Hamburg
Germany

Telephone: +49 40 27 15 15 30
E-Mail: info@minitsry.de

 

2. Data Protection Officer

The Data Protection Officer is:

Prof. Dr. Christian Rauda
Lawyer and specialist in information technology law
Graef Rechtsanwälte Digital PartG mbH
Jungfrauenthal 8
20149 Hamburg
Germany

Tel. +4940.8060009-0
Fax +49408060009-10
E-Mail: dataprotection@ministrygroup.de

 

3. Legal basis for the processing of personal data

We process some of your personal data on the basis of the following legal grounds:

a) Consent of the data subject.

Insofar as we obtain the consent of the data subject for processing for a specific purpose, Art. 6 (1) p. 1 lit. a GDPR is the legal basis.

b) Fulfillment of contractual obligations

Where processing is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) p. 1 lit. b GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

c) Legal requirements and obligations

Insofar as processing is necessary to comply with a legal obligation to which we are subject, Art. 6 (1) p. 1 lit. c GDPR is the legal basis.

d) Performance of a task in the public interest or in the exercise of official authority.

Insofar as processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, Art. 6 (1) p. 1 lit. e GDPR is the legal basis.

e) Safeguarding legitimate interests

If the processing is necessary to protect our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, then Art. 6 (1) p. 1 lit. f GDPR is the legal basis.

f) Processing of sensitive data (= special categories of personal data).

Insofar as we process health data on the basis of consent, Art. 9 (2) a) GDPR is the legal basis.

 

4. Storage period and deletion of personal data

The personal data of the data subject will be deleted or blocked as soon as there is no longer a purpose for the processing. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Blocking or deletion of personal data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is still a legal basis for processing.

 

5. Recipients of personal data

We only process personal data by those entities that require it for the fulfillment of their processing purposes. This also applies to the processors we use, such as service providers and vicarious agents. All bodies and persons who work with personal data are obliged to maintain data secrecy and have been made aware of the sensitive nature of handling such data.

Personal data will only be passed on to third parties if this is in accordance with data protection regulations. In particular, persons employed to carry out our business operations (e.g. banks, tax consultants, service providers for EDP and IT services) as well as government agencies/authorities, insofar as this is necessary to fulfill a legal obligation, may receive your personal data.

6. Data processing in third countries

For technical reasons, our services may require the use of servers in third countries by our processors, which means that personal data is also processed in these countries; we explicitly point this out below. Insofar as personal data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, which has been confirmed by the EU Commission by means of an adequacy decision pursuant to Article 45 (3) of the GDPR, we have concluded EU standard contractual clauses with the companies concerned in order to establish suitable guarantees within the meaning of Article 46 of the GDPR. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE

7. Data subject rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against us as the controller:

a) Right of access

In accordance with Article 15 of the GDPR, you have the right to request information about the personal data we process. In particular, you may request

• Information about the purposes of processing,
• the category of the data,
• the categories of recipients to whom your data has been or will be disclosed, as well as information as to whether the personal data will be transferred to a third country or to an international organization (in this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR),
• the planned storage period,
• the existence of a right to rectification, erasure, restriction of processing or objection,
• the existence of a right of appeal, the origin of your data, if it was not collected by us,
• as well as about the existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) of the GDPR and – at least in these cases – to request meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

b) Right to rectification

In accordance with Article 16 of the GDPR, you have the right to have your personal data corrected and/or completed if it is incorrect or incomplete. We shall carry out the rectification without undue delay.

c) Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful.

If the restriction of processing has been restricted, you will be informed by us before the restriction is lifted.

d) Right to deletion

In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.

e) Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data have been disclosed of this rectification, erasure of the personal data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You also have the right against us to be informed about these recipients.

f) Right to data portability

In accordance with Article 20 of the GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

g) Right of objection

In accordance with Art. 21 GDPR, you have the right to object to processing, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f GDPR. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In this case, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

h) Right to revoke the declaration of consent under data protection law.

In accordance with Article 7 (3) of the GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

i) Automated decision in individual cases including profiling.

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision

1. is necessary for the conclusion or fulfillment of a contract between you and the responsible party,
2. is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
3. is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

j) Right to complain to a supervisory authority

In accordance with Article 77 of the GDPR, you have the right to complain to a data protection supervisory authority about our processing of your personal data.

 

II. Supplementary notes for the website

We are responsible for our website unfixcon.events and its subpages (“Website”). Through the use of our website, personal data is processed. Below we inform in detail about the data processing that takes place.

Provision of the website and creation of log files

When our website is called up, data and information are automatically collected from the user’s terminal device. The following personal data is processed:

1. Visited website
2. Amount of data transferred
3. information about the type and version of the browser used,
4. the user’s operating system
5. the IP address of the user
6. the date and time of access, and
7. the websites from which the user’s system has accessed our website

The data is stored in the log files of our system. This data is required for the provision of the website on the user’s terminal device, its functionality and for the analysis of any malfunctions. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR. The collection of log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

The log files are deleted within fourteen days at the latest.

In order to provide our website, we use the order processor IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, with whom we have concluded an order processing agreement and who processes the above-mentioned personal data for the provision of the website exclusively on our behalf.

2. use of cookies

We use cookies on our website. These are text files that are stored in or by the Internet browser on the system of the user’s terminal device when visiting a website. This cookie contains a characteristic string of characters that makes it possible to uniquely identify the browser the next time the website is accessed.

a) Technically necessary cookies

We use technical cookies to enable our system to recognize whether the user has consented to or restricted processes requiring consent in his browser, such as the placement of cookies (so-called opt-out cookies). These technically necessary cookies are not used to determine the identity of the user or to create user profiles. The legal basis for the storage of the technically necessary cookies is Section 25 (2) TTDSG; for the processing of the resulting personal data is Article 6 (1) p. 1 lit. f GDPR. The use of these cookies is technically necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

These necessary cookies are deleted after 14 days.

b) Optional cookies

We do not use optional analysis cookies on our website as a matter of principle, but external media and services where applicable. Optional cookies are used for functional, analysis or marketing purposes. The use of these cookies is based on the consent of the user, which the user gives when visiting the website for the first time and which includes, on the one hand, the storage and retrieval of cookies as such and, on the other hand, the processing of the resulting personal data for analysis purposes. The legal basis for the storage and retrieval of the analysis cookies is Section 25 (2) TTDSG; the legal basis for the processing of the resulting personal data is Article 6 (1) p. 1 lit. a GDPR. You can revoke your consent at any time by changing the setting in the Consent Manager accessible here: