Data protection information for visitors to the website unfixcon.events and other data subjects
Here we – the Ministry Group GmbH (“Ministry” or “we”) – inform you about our processing of your personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”).
Our data protection notices are modular in structure. They consist of general notices for any processing of personal data and processing situations (I.) and special notices, the content of which relates in each case only to the processing situation specified therein (II. et seq.). In order to find the parts that are relevant to you, please refer to the following overview of the subdivision of the data protection notices:
II. Supplementary information for the website
III. Supplementary information for communication with us
IV. Supplementary information for customer and contract data
I. General notes
1. Party responsible for data protection
The responsible party in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Ministry Group GmbH
Telephone: +49 40 27 15 15 30
2. Data Protection Officer
The Data Protection Officer is:
Prof. Dr. Christian Rauda
Lawyer and specialist in information technology law
Graef Rechtsanwälte Digital PartG mbH
3. Legal basis for the processing of personal data
We process some of your personal data on the basis of the following legal grounds:
a) Consent of the data subject.
Insofar as we obtain the consent of the data subject for processing for a specific purpose, Art. 6 (1) p. 1 lit. a GDPR is the legal basis.
b) Fulfillment of contractual obligations
Where processing is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) p. 1 lit. b GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
c) Legal requirements and obligations
Insofar as processing is necessary to comply with a legal obligation to which we are subject, Art. 6 (1) p. 1 lit. c GDPR is the legal basis.
d) Performance of a task in the public interest or in the exercise of official authority.
Insofar as processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, Art. 6 (1) p. 1 lit. e GDPR is the legal basis.
e) Safeguarding legitimate interests
If the processing is necessary to protect our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, then Art. 6 (1) p. 1 lit. f GDPR is the legal basis.
f) Processing of sensitive data (= special categories of personal data).
Insofar as we process health data on the basis of consent, Art. 9 (2) a) GDPR is the legal basis.
4. Storage period and deletion of personal data
The personal data of the data subject will be deleted or blocked as soon as there is no longer a purpose for the processing. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Blocking or deletion of personal data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is still a legal basis for processing.
5. Recipients of personal data
We only process personal data by those entities that require it for the fulfillment of their processing purposes. This also applies to the processors we use, such as service providers and vicarious agents. All bodies and persons who work with personal data are obliged to maintain data secrecy and have been made aware of the sensitive nature of handling such data.
Personal data will only be passed on to third parties if this is in accordance with data protection regulations. In particular, persons employed to carry out our business operations (e.g. banks, tax consultants, service providers for EDP and IT services) as well as government agencies/authorities, insofar as this is necessary to fulfill a legal obligation, may receive your personal data.
6. Data processing in third countries
For technical reasons, our services may require the use of servers in third countries by our processors, which means that personal data is also processed in these countries; we explicitly point this out below. Insofar as personal data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, which has been confirmed by the EU Commission by means of an adequacy decision pursuant to Article 45 (3) of the GDPR, we have concluded EU standard contractual clauses with the companies concerned in order to establish suitable guarantees within the meaning of Article 46 of the GDPR. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE
7. Data subject rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against us as the controller:
a) Right of access
In accordance with Article 15 of the GDPR, you have the right to request information about the personal data we process. In particular, you may request
- Information about the purposes of processing,
- the category of the data,
- the categories of recipients to whom your data has been or will be disclosed, as well as information as to whether the personal data will be transferred to a third country or to an international organization (in this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR),
- the planned storage period,
- the existence of a right to rectification, erasure, restriction of processing or objection,
- the existence of a right of appeal, the origin of your data, if it was not collected by us,
- as well as about the existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) of the GDPR and – at least in these cases – to request meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
b) Right to rectification
In accordance with Article 16 of the GDPR, you have the right to have your personal data corrected and/or completed if it is incorrect or incomplete. We shall carry out the rectification without undue delay.
c) Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful.
If the restriction of processing has been restricted, you will be informed by us before the restriction is lifted.
d) Right to deletion
In accordance with Article 17 of the GDPR, you have the right to request the erasure of your personal data, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
e) Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data have been disclosed of this rectification, erasure of the personal data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You also have the right against us to be informed about these recipients.
f) Right to data portability
In accordance with Article 20 of the GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
g) Right of objection
In accordance with Art. 21 GDPR, you have the right to object to processing, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f GDPR. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In this case, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
h) Right to revoke the declaration of consent under data protection law.
In accordance with Article 7 (3) of the GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
i) Automated decision in individual cases including profiling.
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision
- is necessary for the conclusion or fulfillment of a contract between you and the responsible party,
- is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- is done with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
j) Right to complain to a supervisory authority
In accordance with Article 77 of the GDPR, you have the right to complain to a data protection supervisory authority about our processing of your personal data.
II. Supplementary notes for the website
We are responsible for our website unfixcon.events and its subpages (“Website”). Through the use of our website, personal data is processed. Below we inform in detail about the data processing that takes place.
Provision of the website and creation of log files
When our website is called up, data and information are automatically collected from the user’s terminal device. The following personal data is processed:
- Visited website
- Amount of data transferred
- information about the type and version of the browser used,
- the user’s operating system
- the IP address of the user
- the date and time of access, and
- the websites from which the user’s system has accessed our website
The data is stored in the log files of our system. This data is required for the provision of the website on the user’s terminal device, its functionality and for the analysis of any malfunctions. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR. The collection of log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
The log files are deleted within fourteen days at the latest.
In order to provide our website, we use the order processor IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, with whom we have concluded an order processing agreement and who processes the above-mentioned personal data for the provision of the website exclusively on our behalf.
a) Technically necessary cookies
We use technical cookies to enable our system to recognize whether the user has consented to or restricted processes requiring consent in his browser, such as the placement of cookies (so-called opt-out cookies). These technically necessary cookies are not used to determine the identity of the user or to create user profiles. The legal basis for the storage of the technically necessary cookies is Section 25 (2) TTDSG; for the processing of the resulting personal data is Article 6 (1) p. 1 lit. f GDPR. The use of these cookies is technically necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
These necessary cookies are deleted after 14 days.
b) Optional cookies
We do not use optional analysis cookies on our website as a matter of principle, but external media and services where applicable. Optional cookies are used for functional, analysis or marketing purposes. The use of these cookies is based on the consent of the user, which the user gives when visiting the website for the first time and which includes, on the one hand, the storage and retrieval of cookies as such and, on the other hand, the processing of the resulting personal data for analysis purposes. The legal basis for the storage and retrieval of the analysis cookies is Section 25 (2) TTDSG; the legal basis for the processing of the resulting personal data is Article 6 (1) p. 1 lit. a GDPR. You can revoke your consent at any time by changing the setting in the Consent Manager accessible here:
There you will also find all information about the cookies used, their purpose, the respective storage period and the recipients of the data processed by the cookies. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
3. External media and services
We offer the use of several external media and services on our website.
a) Google Maps
This site provides the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to process your IP address. This information is usually transferred to a Google server in the USA and processed there. We have no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
We embed videos on our website via the provider YouTube, a brand of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“YouTube”). This results – for technical reasons – in calls to the YouTube servers, some of which are located in the USA. For the associated use of data from your browser or terminal device, we refer to the data protection information of YouTube, as YouTube is responsible for the data processing there. You can find YouTube’s data protection information here: https://policies.google.com/privacy
The legal basis for the integration of YouTube videos and the associated transmission of personal data to YouTube is for users of these web pages who are in the process of initiating a contract with us, Art. 6 para. 1 lit. b GDPR. For other users, Art. 6 para. 1 lit. f GDPR is the legal basis for the transmission of the technically necessary data to YouTube. Our interest in integrating videos via an external service provider outweighs the interest of the users of our website in not processing personal data.
As a protective measure, we generally embed videos on YouTube in the “Do Not Track” variant, so that personal data is only transmitted to YouTube in a necessary manner.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
If you order tickets via our website, then you will be taken to the Eventbrite (Eventbrite, Inc., 535 Mission Street, 8th Floor, San Francisco, CA 94105, USA (“Eventbrite”)) site via an IFrame. Eventbrite processes the data required for the implementation of the event for us as a processor. In all other respects, the following applies: For the personal data processed there solely by Eventbrite, Eventbrite is also the sole controller within the meaning of the GDPR. Eventbrite may also process data in the USA and offers sufficient guarantees within the meaning of Art. 46 GDPR due to the use of EU standard contractual clauses. Data protection information on the processing of personal data by Eventbrite can be found at https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von-eventbrite?lg=de.
4. Network protection
We have integrated the Wordfence service on this website to protect our website from unwanted access or malicious cyberattacks. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).
For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made to our website and block them if necessary.
The use of Wordfence is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.
III. Supplementary notes for communication with us
You can communicate with us using a contact form, by e-mail, telephone or letter. In this case, your information from the request, including the contact data you provide there, will be processed by us exclusively for the purpose of processing the request and in the event of follow-up questions. The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. f GDPR. If the communication aims at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Mandatory legal provisions – in particular retention periods – remain unaffected.
IV. Supplementary notes for customer and contract data
We collect, process and use personal customer and contract data for the purpose of establishing, defining the content of and amending our contractual relationships. If personal data about the use of this website (usage data) is collected, we process and use it only to the extent necessary to enable the user to use the service or to bill the user. The legal basis for this is Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
The collected customer data will be deleted after completion of the order or termination of the business relationship and expiration of any existing legal retention periods. Legal retention periods remain unaffected.
We transmit personal data to third parties only if this is necessary in the context of the contract, for example, to the credit institution entrusted with the processing of payments. A further transmission of data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
Status: January 2023