A. Data protection policy according to the GDPR
I. NAME AND ADDRESS OF THE RESPONSIBLE PERSON
The person responsible according to the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection-juridical regulations is the:
Initiative Media GmbH
Tel.: +49 040-431 960
II. NAME AND ADRESS OF THE DATA PROTECTION OFFICER
The data protection officer of the person responsible is:
Walbecker Str. 53
Walbecker Straße 53
D – 47608 Geldern
Tel.: + 49 2831 121910
III. GENERAL INFORMATION ON DATA PROCESSING
1. SCOPE OF PROCESSING OF PERSONAL DATA
We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users is prohibited.
Users are regularly only provided with the consent of the user. An exception applies in cases where prior consent cannot be obtained for actual reasons and the processing of data is permitted by law.
2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
To the extent that we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
To the extent that the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In case that vital interests of the person concerned or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3. DATA ERASURE AND STORAGE DURATION
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU ordinances, laws or other regulations to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
IV. PROVISION OF THE WEBSITE AND CREATION OF LOGFILES
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
• IP address of the visitor
• Date/time/time zone of the call
• Request Line: The Request Line contains the called page/element (e.g. “/news.html” or “/bild.jpg”), as well as the HTTP protocol version (“HTTP1.1” or “HTTP2”). The HTTP protocol is the language a browser uses to communicate with the web server.
• http status code: An HTTP status code is provided by a server in response to each HTTP request and consists of a three-digit number.
If the first digit is 2, this is a successful access. If the status code starts with a 3, it is a redirection, a 4 is an error triggered by the client/browser and a 5 is an error triggered by the server. Common status codes are for example:
200 (OK) – The request was successfully processed and the result of the request is transmitted in the response.
301 (Moved Permanently) – The requested resource is now available at a different address. This serves e.g. as forwarding.
404 (Not found) – The requested resource was not found.
500 (Internal Server Error) – Collected status code for unexpected server errors.
• File size of the requested element
• Referer: The page that refers to the called element.
For an image, this is usually the website that contains the image. If, for example, the website contains an image with the name “bild.jpg”, the referrer of this image is this address when the page is opened.
If the page is linked on another website (e.g. on https://google.de/), then the referrer is https://google.de/. when clicking on this link.
• User Agent http Request Header: Information that the visitor’s browser reveals.
This includes the following information, for example (varies depending on the browser used)
• Name (or version) of the browser
• Name (or version) of the operating system
• other supported features of the browser
A typical user agent http request header looks like this:
Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3
The log files contain IP addresses or other data that can be assigned to a user. This could be the case, for example, if the link to the Web site from which the user links to the Web site or the link to the Web site to which the user links contains personal information.
To ensure increased security of our systems, we also log the IP addresses of our website visitors. The data is also stored in the log files of our system. However, after 14 days these entries are deleted from our web server again
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. PURPOSE OF DATA PROCESSING
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.
4. DURATION OF STORAGE
The data are deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the session in question has ended.
If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible. In this case, the IP addresses of the users will be deleted or alienated so that an assignment of the calling client is no longer possible.
5. POSSIBILITY OF OBJECTION AND REMOVAL
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
1. a) Description and scope of data processing
• Language settings
In this way, the following data can be transmitted:
• Entered search terms
• Geodata via Google Analytics. The allocation to country, region or city is made on the basis of the IP addresses. Google Analytics uses IP addresses only with the extension “_anonymizeIp()”. For this reason, IP addresses are only processed in abbreviated form in order to exclude direct personal references.
• Frequency of page views
• Time spent on pages
• User behaviour on the page Leaving the page
• Use of website functions
• IP address
• the visited URL
• the date
• the time of the visit
1. b) Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
1. c) Purpose of data processing
We need cookies for the following applications:
• To make the website more user-friendly
• to ensure safety
to simplify page navigation the user data collected by technically necessary cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
We use the Google advertising tool “Google Adwords” and in this context the analysis service “Conversion Tracking” of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA). If you reached our site via a Google advertisement, a cookie is stored on your computer. These so-called “conversion cookies” lose their validity after 30 days and contain no personal data. If you call up individual pages of our website during the validity of the cookie, we and Google can recognise that you as a user have clicked on one of our ads placed with Google and have been forwarded to our page. It should be noted that every Google AdWords customer receives a different cookie. It is therefore not possible to track individual cookies via the websites of AdWords customers.
Google uses the information collected in this context to compile visit statistics. This only tells us the total number of users who clicked on our ad and which pages of our website were subsequently accessed by the respective user. A personal identification of individual users is not possible.
You can deactivate cookies completely or partially at any time in your browser settings. Please note, however, that some functions of the pages may not function correctly or may be slower if you reject the cookies.
You can find Google’s data protection statement on the following link: https://services.google.com/sitestats/de.html
We use the Google Tag Manager. This is a tool that can be used to manage website tags via an interface. Tags are small pieces of code used, among other things, to measure traffic and visitor behavior and to measure the impact of online advertising and social channels. No personal data is collected and no cookies are set. The tool triggers other tags that collect data themselves under certain circumstances. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this will remain in effect for all tracking tags implemented with Google Tag Manager. Our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR also lies in these purposes.
1. e) duration of storage, possibility of objection and removal
1. f) Google Maps
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us. This data is the e-mail address of the subscriber. Optionally, we ask for surname, first name and information about the position or title, the company and the postal address. However, these data are not binding for a registration. We store this data in order to send invitations to industry events or events such as the Oktoberfest by post in the future. And since we work on a target group and interest basis, we also need positions, industries etc. We also pass on information or insights at these events.
We send our newsletter through the service provider MailChimp (Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA).
The personal data described in the context of this instruction are stored on the servers of MailChimp in the USA. MailChimp uses this data for sending and evaluating the newsletter on our behalf. MailChimp will not use the data to write to the subscribers of the newsletter themselves and will not pass the data to third parties.
Statistical survey and analyses
The newsletters contain a so-called “web-beacon”. This is a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. In this context, technical information (e.g. regarding browser and system), your IP address and the time of retrieval of the newsletter are collected. This information is used for the technical improvement of the services.
For statistical purposes, it is evaluated whether and when the newsletter was opened and which links were clicked. This information can be assigned to the individual newsletter recipients. The statistical evaluations are only intended to identify the reading habits of newsletter recipients and to adapt the newsletter content accordingly.
Online access and data management
Links may lead you to the websites of MailChimp. This is the case, for example, if the newsletter is retrieved online via a link contained in the newsletter. Furthermore, you can subsequently correct the data you provide to us on the MailCimp website. If you wish to call up the MailChimp data protection declaration, this can only be done via the MailChimp website.
In addition, the following data is collected during registration:
• IP address of the calling computer
• Date and time of registration
• Name / First name (at registration)
• E-Mail address (at registration)
• (optional): Company, position and address (when registering)
Your consent will be obtained for the processing of your data during the registration process and reference will be made to this data protection declaration.
No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for the dispatch of the newsletter.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of data by the user after registration for the newsletter is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
3. PURPOSE OF DATA PROCESSING
The collection of the user’s e-mail address serves to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
4. DURATION OF STORAGE
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user’s e-mail address will therefore be stored as long as the newsletter subscription is active.
The other personal data collected during the registration process will generally be deleted after a period of seven days.
5. POSSIBILITY OF OBJECTION AND REMOVAL
The subscription of the newsletter can be cancelled by the affected user at any time. For this purpose there is a corresponding link in every newsletter. Thus your consent regarding MailChimp and the statistical evaluations expires at the same time. A separate revocation of the dispatch via MailChimp or the statistical evaluation is unfortunately not possible.
With the cancellation of the subscription also a revocation of the consent of the storage of the personal data collected during the registration process is made possible.
We use the MessengerPeople service (MessengerPeople GmbH, Herzog-Heinrich-Str. 9,80336 Munich). The service is used to inform those who have subscribed to Messenger WhatsApp about news.
In order to provide the service, MessengerPeople GmbH will automatically collect and store your telephone number, user name and the type of device used by the subscriber after registration. We then only receive the user name and the messages sent by the subscriber. These data are used exclusively for the dispatch of messages and for the optimization of our offer.
The dispatch of messages can be terminated at any time. For this only a message with the text “Stop” must be sent by WhatsApp to our mobile phone number. Once this message has been sent, the subscriber will no longer receive any messages. In case of a new registration messages will be sent again.
By sending a message via WhatsApp with the text “Delete all data” to our mobile phone number, all data stored by the subscriber will be deleted. This permanently terminates the service.
VIII. E-MAIL CONTACT
On our website it is possible to contact various contact persons of the agency via e-mail. In this case, the personal data of the user transmitted with the e-mail will be stored.
At the time the message is sent, the group’s own IPG mail servers in the USA (Omaha) only store a protocol on the delivery of the mail (sender, recipient, time, date, sending status). The requirements of Art. 44 GDPR for data transmission are met. In addition, the e-mail address is stored in the recipient’s inbox.
• Send status
• E-mail address in the recipient’s inbox
In this context, it does not pursue the transfer of data to third parties. The data will be used exclusively for the processing of the conversation.
6. LEGAL BASIS FOR DATA PROCESSING
Art. 6 para. 1 lit. f GDPR is the legal basis for the processing of data transmitted in the course of sending an e-mail. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
7. PURPOSE OF DATA PROCESSING
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact. If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
8. DURATION OF STORAGE
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
9. POSSIBILITY OF OBJECTION AND REMOVAL
The user has the possibility to revoke his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
You can address your objection directly to email@example.com or by email to the contact person with whom you were in contact.
All personal data stored in the course of contacting you will be deleted in this case.
IX. RIGHTS OF THE AFFECTED PERSON
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible:
1. RIGHT TO INFORMATION
You may request confirmation from the data controller as to whether personal data concerning you will be processed by us.
In the event of such processing, you may request the following information from the data controller:
(1) the purposes for which the personal data will be processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
(4) the planned duration of the retention of the personal data relating to you or, if it is not possible to provide specific information in this respect, criteria for determining the retention period;
(5) the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
2. RIGHT TO RECTIFICATION
You have the right to have your personal data corrected and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.
3. RIGHT TO LIMIT THE PROCESSING
Under the following conditions, you may request that the processing of your personal data be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period of time which allows the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, such data may not be processed – apart from their storage – without your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. RIGHT TO DELETION
A) DELETION OBLIGATION
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
Personal data relating to you shall no longer be necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data relating to you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
B) INFORMATION TO THIRD PARTIES
If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to deletion does not exist if the processing is necessary.
(1) the exercise of freedom of expression and information;
(2) to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
(4) for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.
5. RIGHT TO INFORMATION
If you have exercised the right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of the processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients by the data controller.
6. RIGHT TO DATA TRANSFERABILITY
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to communicate these data to another data controller without being hindered by the controller to whom the personal data was provided, provided that
(1) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly by one responsible person to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. RIGHT OF OBJECTION
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data relating to you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the right to exercise your right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8. RIGHT TO REVOKE THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.
9. AUTOMATED DECISION IN INDIVIDUAL CASES INCLUDING PROFILING
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is authorised by legislation of the Union or of the Member States to which the person responsible is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state his own position and to challenge the decision.
10. RIGHT TO APPEAL TO A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you are staying, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is contrary to the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.