In this data protection statement we inform you of the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering. For further information on the terms used such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Telephone: +49 (0) 2161 189 700
Fax: +49 (0) 2161 189 602
represented by the managing directors
Types of data processed
- Master data (e.g. name, address)
- Contact data (e.g. e-mail address, telephone numbers)
- Content data (e.g. text input)
- Meta/communication data (e.g. websites visited, browser type, IP address)
Purpose of the processing
- The provision of the online offering, its functions and content
- Replying to contact enquiries
- Security measures
- The fulfilment of orders placed
Relevant legal basis
Unless a specific legal basis is expressly stated, the following applies generally:
For the performance of our services, the implementation of contractual measures and replying to enquiries, data is processed on the basis of Art. 6 Para. 1 Letter a and Art. 7 GDPR. For the fulfilment of our statutory obligations, data is processed on the basis of Art. 6 Para. 1 Letter c GDPR. Data is processed in order to protect our legitimate interests pursuant to Art. 6 Para. 1 Letter f GDPR. If the vital interests of the data subject or of another natural person require the processing of data, Art. 6 Para. 1 Letter d GDPR serves as the legal basis.
We ask you to inform yourself regularly about the content of our data protection statement. We will adjust our data protection statement as soon as changes to our data processing activities make this necessary. We will inform you as soon as the changes necessitate an act of cooperation (e.g. consent) by yourself
Cooperation with contract data processors and third parties
Where we disclose, transmit or otherwise grant access to data to persons and companies (contract data processors or third parties) in the course of our processing, this will be on the basis of a statutory regulation (e.g. transfer of data for the fulfilment of the order or to financial service providers, Art. 6 Para. 1 Letter b GDPR), your consent, a legal obligation or a legitimate interest (e.g. when agents are used, web hosting, etc). Where we engage third parties to process data on the basis of a “data processing contract”, this will be on the basis of Art. 28 GDPR.
If data is transmitted to third countries (countries outside of the EU / EEA) for the fulfilment of our (pre-)contractual obligations, this will be done provided there are recognised guarantees of a level of protection equivalent to those in the EU (e.g. the "Whitelist" of the EU, "Privacy Shield" of the USA, etc) or in observance of recognised contractual obligations (“standard contractual clauses of the EU”).
Rights of the data subjects
- You have the right to obtain confirmation as to whether or not data concerning yourself is being processed, as well as information about this data in accordance with Art. 15 GDPR
- You have the right to ask for the completion or rectification of this data (Art. 16 GDPR)
- You have the right to ask for the immediate erasure of the data pursuant to Art. 17 GDPR or alternatively the restriction of the processing of data pursuant to Art. 18 GDPR
- You have the right to receive the data concerning yourself which you have provided to us or to ask for this data to be transmitted to another controller (Art. 20 GDPR)
- You also have the right to lodge a complaint with the responsible supervisory authority (Art. 77 Para. 3 GDPR). You can find a list at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to withdraw consent and right to object
You can withdraw consent given pursuant to Art. 7 Para. 3 GDPR with effect for the future. You can also object at any time to the future processing of data in accordance with Art. 21 GDPR. You can object in particular to processing for purposes of direct marketing. The lawfulness of the processing that has taken place up until the withdrawal will not be affected by the withdrawal.
Cookies are small files which are stored on your device when you visit our website. Cookies are used primarily to recognise you when you use our online offering. Our online offering uses exclusively a special type of cookie which is deleted after your browser session has finished and is therefore only active as long as you use our online offering. Such cookies are also called “session cookies”. You can manage and prevent the storage of such cookies via your browser. Please note that without “session cookies” our ordering system will have limited functionality and these cookies are therefore necessary for the ordering system to work. The cookies are stored on the basis of Art. 6 Para. 1 Letter f GDPR.
Deletion of data
The data processed by us is deleted or the processing of the data is restricted (e.g. blocked) pursuant to Art. 17 and 18 GDPR as soon as it is no longer needed for the intended purpose or for the services to be performed and there is no statutory requirement to retain the data. In accordance with statutory requirements in Germany, data is retained for 10 years pursuant to §§ 147 Para. 1 of the German Tax Code (AO), 257 Para. 1 Nos. 1 and 4, Para. 4 of the German Commercial Code (HGB) (accounts, records, management reports, vouchers, trading books, for the taxation of relevant documentation, etc.) and 6 years pursuant to § 257 Para. 1 Nos. 2 and 3, Para. 4 HGB (commercial letters).
We also process contract data (e.g., object of contract, term, customer category), payment data (e.g. bank account, payment history) and booking data (e.g. hotel bookings, booking of participation) of our customers, potential customers and business partners for the purpose of performing the contractually-agreed services, service and customer care.
The hosting services used by us serve the provision of our online offering. Here we, or our hosting provider, process master data, contact data, content data, contract data, usage data, meta and communication data of customers, potential customers and visitors to this online offering on the basis of our legitimate interests of ensuring the efficient and secure provision of this online offering pursuant to Art. 6 Para. 1 Letter f GDPR in conjunction with Art. 28 GDPR (conclusion of data processing contract).
We, or our hosting provider, collect on the basis of our legitimate interests in accordance with Art. 6 Para. 1 Letter f. GDPR data about every access to the server upon which this service is located (so-called server log files). The access data includes the name of the website or file retrieved, the date and time of retrieval, the data volume transferred, report on successful retrieval, browser type and version, the operating system of the user, referrer URL (the last visited website), IP address and the requesting provider. Log file information is stored for security reasons (e.g. to clear up cases of misuse and fraud) for a maximum of 30 days and then deleted. Data which needs to be retained for longer as evidence will not be deleted until the incident has been finally cleared up.
Financial accounting, office organisation, contact management
We process data in administrative activities, the organisation of our business, financial accounting and compliance with statutory obligations, e.g. archiving. Here we process the same data that we process in the performance of our contractual services. The data is processed on the basis of Art. 6 Para. 1 Letter c. GDPR, Art. 6 Para. 1 Letter f. GDPR. The purpose of and our interest in the processing lie in the financial accounting, office organisation, archiving of data, i.e. tasks which serve the maintenance of our business activities and the performance of our duties and services. The deletion of data in respect of contractual services and the contractual communication corresponds with the information referred to for these processing activities.
We disclose or transmit data here to the tax authorities, consultants such tax consultants, auditors, other billing offices and payment service providers. We also store on the basis of our business interests information about suppliers, event organisers and other business partners, e.g. for the purpose of contact at a later date. We store this mostly business-related data on a permanent basis.
For security reasons and to protect the transmission of confidential content which you send to us as the site operator, our website uses SSL or TLS encryption. This ensures that data which you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address bar in your browser and by the padlock icon in the browser line.