Data protection



Data protection statement of M3B GmbH as operator of its websites in accordance with the provisions of the GDPR

Stand: 14.07.2020

1. General information



We are grateful for your interest in our company. Data protection has a special importance for the management and employees of M3B GmbH.

It is generally possible to use the internet sites and other digital media of the brands MESSE BREMEN, CONGRESS BREMEN, ÖVB-Arena, Großmarkt Bremen und Bremer Ratskeller – Weinhandel seit 1405, along with their individual event sites, as well as the business page of M3B GmbH, without providing any personal data. Insofar as a particular person wishes to make use of particular services of the online offerings of M3B GmbH over the internet, however, it could be necessary to process personal data. If the processing of personal data is necessary and if there is no legal basis for this, we will generally obtain the consent of the affected person. The processing of personal data – such as the name, address, email address or telephone number of the affected person – always occurs in conformity with the data protection provisions of the Federal Republic of Germany and the state of Bremen that apply to M3B GmbH.

With this data protection statement M3B GmbH wishes to inform the public about the type, scope and purpose of the personal data that we collect, use and process. In addition the affected data subjects will be informed about their rights by means of this data protection statement.

As the operator of the internet sites and the responsible processing controller, M3B GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of all personal data processed by all of the company’s internet sites. However internet-based data transfers can always entail security gaps, such that an absolute protection cannot be guaranteed. For this reason the data subject is free to convey personal data to us by other means as well, for example by telephone.

For the better understanding of this data protection statement, a definition of concepts for all the concepts used due to the legal situation is given.

In addition individual internet sites use “plug-ins” from third-party providers. These are attached to this data protection under the heading plug-ins and tools from third-party providers to provide a clearer overview.


2. Data protection statement



Data protection statement of:

ITHEC – International Conference and Exhibition on Thermoplastic Composites
CONGRESS BREMEN

as brand of
M3B GmbH, Bremen


2.1. Name and address of the processing controller



The controller in terms of the General Data Protection Regulation and other data protection laws and provisions of the Federal Republic of Germany and the state of Bremen is:

M3B GmbH
Findorffstraße 101
28215 Bremen
Deutschland

www.m3b-bremen.de
datenschutz@m3b-bremen.de

Tel. +49 (0)421 3505-0


2.2. Name and address of the data security officer



Our external data security officer is available to provide you with information on the subject of privacy at the following contact details:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Deutschland

office@datenschutz-nord.de

datenschutz-nord-gruppe.de

If you contact our data security officer, please also indicate the responsible office in this context, which is mentioned above under point 2.1. (name and address of the processing controller).


2.3. General information on data processing



2.3.1. Scope of the processing of personal data

We fundamentally only collect and use personal data of our users insofar as this is necessary to provide a functional website and for its contents and services. The collection and use of the personal data of our users regularly occurs only with the consent of the user. An exception is cases in which the prior obtaining of consent is not possible for factual reasons and the processing of data is permitted by legal provisions.

2.3.2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing procedures, art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

For the processing of personal data that is necessary to fulfill a contract, to which the data subject is a contractual party, art. 6 para. 1 lit. b GDPR serves as the legal basis. This also holds for processing procedures that are necessary to carry out pre-contractual measures.

Insofar as a processing of personal data is necessary to fulfill a legal obligation of our company, art. 6 para. 1 lit. c GDPR serves as the legal basis.

In case vital interests of the data subject or other natural persons make it necessary to process personal data, art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to preserve a legitimate interest of the company or a third party and the interests, basic rights and basic freedoms of the data subject do not outweigh this interest, then art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

2.3.3. Deletion of data and storage period

The personal data of the affected person are deleted or blocked as soon as the purpose of storage is past. Data could be stored beyond this if this is anticipated by the European or national legislative authority in Union directives, laws or other regulations to which the controller is subject. A blocking or deletion of the data also occurs if the storage period anticipated by these norms expires, unless there is a need to continue to store the data for the conclusion or fulfillment of a contract.

2.3.4. Remarks on data protection in accordance with art. 13, 14 and 21 GDPR

You can request or view these remarks directly from your contact partner at our company, request them from datenschutz@m3b-bremen.de or download them from the website of the M3B GmbH as PDF.


2.4. Provision of the website and generation of log files


2.4.1. Description and scope of the data processing

Every time our internet site is retrieved, our system automatically captures data and information from the system of the retrieving computer. The following data are captured:
(1) Information on the type of browser and the version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system arrived at our internet site
(7) Websites that are retrieved by the user’s system from our website

The data are also saved in the log files of our system. This data is not stored together with other personal data of the user.

2.4.2. Legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is art. 6 para. 1 lit. f GDPR.

2.4.3. The purpose of the data processing

The temporary storage of the IP addresses by the system is necessary to make it possible to provide the website to the user’s computer. For this purpose the IP address of the user must remain saved for the duration of the session.

The storage in log files is to ensure the functionality of the website. Moreover these data help us to optimize our website and to ensure the security of our informational systems. The data are not assessed for marketing purposes in this context.

These purposes also represent our legitimate interest in data processing in accordance with art. 6 para. 1 lit. f GDPR.

2.4.4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. Concerning the capture of data for the purpose of providing the website, this is the case as soon as that session is ended.

In case of the storage of data in log files, this is also the case after seven days at the latest.

A storage beyond this is possible. In this case the IP addresses of the users are deleted or disguised so that a correlation with the retrieving client is no longer possible.

2.4.5. The possibility of objection and elimination

The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the internet site. Consequently there is no possibility of objection on the part of the user.


2.5. The use of cookies



2.5.1. Description and scope of the data processing

Our website uses cookies. Cookies are text files that are saved in the user’s internet browser or by the internet browser in the user’s computer. If a user retrieves a website, a cookie can be saved in the user’s operating system. This cookie contains a characteristic sequence of characters that makes possible an unequivocal identification of the browser upon a later retrieval of the website. We use cookies to make our website more user-friendly. Several of the elements of our internet site require the retrieving browser to be identified even after changing sites.

The cookies save and convey the following information:
(1) Language settings
(2) Log-in information

On our website we also use cookies to make it possible to analyze the serving behavior of the users. The following data are conveyed:
(1) Search terms inputted
(2) Frequency of site retrieval
(3) Use of website functions

The user data collected in this manner is made pseudonymous through technical arrangements. Hence it is no longer possible to correlate the data to the retrieving user. The data are not stored together with other personal data of the user.

Upon retrieving our website, users are informed about the use of cookies for analytical purposes by an informational banner and referred to this data protection statement. In this context there is also reference to how users can prevent the saving of cookies in their browser settings.

2.5.2. Legal basis for the data processing

The legal basis for the processing of personal data with the use of technically necessary cookies is art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data with the use of cookies for analytical purposes is, upon provision of the corresponding consent of the user, art. 6 para. 1 lit. a GDPR.

2.5.3. Purpose of data processing

The purpose of the use of technically necessary cookies is to simplify the websites for the user. Several functions of our website cannot be offered without the use of cookies. These functions require that the browser be recognized after changing sites.

For the following applications we need to use cookies:
(1) Use of language settings
(2) Registration of search terms

The user data captured by the technically necessary cookies are not used to generate user profiles.

The use of analysis cookies occurs for the purpose of improving the quality of our website and its contents. With the analysis of cookies we learn how the website is used and thus can continually optimize our offerings.

These purposes represent our legitimate interest in the processing of personal data in accordance with art. 6 para. 1 lit. f GDPR. These purposes also represent our legitimate interest in the processing of personal data in accordance with art. 6 para. 1 lit. f GDPR.

2.5.4. Duration of storage, possibility of objection and elimination

Cookies are saved on the user’s computer and conveyed by this computer to our site. Hence as user you have complete control over the use of cookies. By changing the settings in your internet browser you can deactivate or limit the transmission of cookies. Already saved cookies can be deleted at any time. This can also occur automatically. If cookies are deactivated for our website, it is possible that you will no longer be able to make full use of all functions of our website.

The transmission of Flash cookies cannot be prevented by the browser settings, but by changing the settings of your Flash player.


2.5.5. Manage Cookies

If you do not want M3B GmbH to store and analyze information about your surfing behavior, you can manage the storage of cookies in the cookie consent ("cookie bar") when you first visit our website. The standard is that only the technically necessary, i.e. essential cookies are active. All other cookies for the analysis or marketing of your visit to our website are inactive. To control the display of cookie approval, a cookie is stored in your web browser. This cookie does not contain any information and is only used to assign your consent or objection to you.

If you click on the button "Activate all" in the cookie consent or set the cookie categories analysis and/or marketing actively under "Customize", you agree to the setting of cookies by actively confirming. The legal basis for the storage of analysis and/or marketing cookies is then Art. 6 para. 1 lit a DSGVO.


2.6. Newsletter



2.6.1. Description and scope of the data processing

Our internet sites offer the possibility of subscribing to a free newsletter. During registration for the newsletter the data from the input mask are transmitted to us, which means that:
(1) Name
(2) E-Mail address

are captured, as well as
(3) Date and time of registration

Your consent is obtained for the processing of the data in the context of the registration process and you are referred to the data protection statement.

If you purchase goods or services on our internet site and thereby input your email address, this can then be used by us to send you the newsletter. In such cases only direct advertising for our own similar goods or services will be sent by way of the newsletter.

In the context of the data processing to send newsletters, no data is given to third parties. The data are exclusively used to send the newsletter.

2.6.2. Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is, given the provision of consent by the user, art. 6 para. 1 lit. a GDPR.

The legal basis for the sending of the newsletter in consequence of the purchase of wares or services is § 7 para. 3 UWG.

2.6.3. Purpose of data processing

The email address of the user is captured to send the newsletter.

The capture of other personal data in the context of the registration procedure serves to prevent a misuse of the services or the email address used.

2.6.4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve they purpose for which they were collected. Thus the email address of the user will only be stored as long as the subscription to the newsletter is active.

2.6.5. Possibility of objection and elimination

The subscription to the newsletter can be terminated at any time by the data subject. For this purpose there is a corresponding link in every newsletter.

It is also possible there to revoke the consent to the storage of the personal data collected during the registration procedure.


2.7. Registration



2.7.1. Description and scope of data processing

On our internet sites we offer users the possibility of registering for specialized events. The data are entered into an input mask and transmitted to us and saved. The data are not transferred to a third party. The following data are captured in the context of the registration process:
(1) Name
(2) Address
(3) Company
(4) Industry
(5) Position

Moreover at the time of registration the following data are saved:
(6) The IP address of the user
(7) Date and time of registration

In the registration process consent is obtained from the user for the processing of this data.

2.7.2. Legal basis for the data processing

The legal basis for the processing of data is, given the provision of consent by the user, art. 6 para. 1 lit. a GDPR.

If the registration serves to fulfill a contract to which the user is a contractual party or to carry our pre-contractual measures, then the additional legal basis for the processing of the data is art. 6 para. 1 lit. b GDPR.

2.7.3. Purpose of the data processing

A registration of the user is necessary to fulfill a contract with the user or to carry out pre-contractual measures or is indispensable for the provision of certain contents and services. They will always be explained in connection with the registration process.

2.7.4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their capture as well as from legal obligations directed at M3B GmbH.

2.7.5. Right of objection and elimination

If the data are necessary to fulfill a contract or to carry out pre-contractual measures, an early deletion of the data is only possible insofar as no contractual or legal obligations conflict with their deletion.

Otherwise as user you have the possibility at any time to suspend the registration. You can have the data saved about you changed at any time.


2.8. Contact form and email contact



2.8.1. Description and scope of the data processing

A contact form is available at our internet site that can be used to contact us electronically. If a user makes use of this possibility, the data inputted into the input mask are transmitted to us and saved.

Moreover at the time the message is sent the following data are saved:
(1) Name
(2) Address
(3) E-Mail adresse and
(4) Concern

and in addition
(5) The IP address of the user
(6) Date and time of registration

For the processing of the data, during the sending procedure your consent is obtained and you are referred to this data protection statement.

Alternatively you can contact us using the email address provided. In this case we will only save the user’s personal data that is conveyed with the email.

In this context there is no transmission of data to third parties. The data are used exclusively for processing the conversation.

2.8.2. Legal basis for the data processing

The legal basis for the processing of the data is, given the provision of consent of the user, art. 6 para. 1 lit. a GDPR.

The legal basis for processing the data that are conveyed by transmission of an email is art. 6 para. 1 lit. f GDPR. If the email contact leads to the conclusion of a contract, the additional legal basis for the processing is art. 6 para. 1 lit. b GDPR.

2.8.3. Purpose of the data processing

The processing of personal data from the input mask serves exclusively to process the establishment of contact. In case contact is established by email, this is the necessary legitimate interest in processing the data.

The other personal data processed during the sending procedure serves to prevent a misuse of the contact form and to ensure the security of our informational systems.

2.8.4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their capture. For personal data from the input mask of the contact form and those sent by email, this is the case as soon as that conversation with the user has concluded. The conversation has ended when it can be inferred from the circumstances that the issue in question has been conclusively clarified.

Additional personal data captured during the sending procedure will be deleted at the latest after a period of seven days.

2.8.5. Possibility of objection and elimination

The user has the possibility at any time of revoking his or her consent to the processing of personal data. If the user establishes contact with us over email, he or she can object to the saving of his or her personal data at any time. In such a case the conversation cannot be continued.

The revocation can be addressed using the contact form itself or the email address or telephone number listed at the beginning.

All personal data that were saved in the course of establishing contact will be deleted in this case.


2.9. Rights of the data subject



If your personal data is processed, then you are the ‘data subject’ in terms of the GDPR and you have the following rights relative to the controller:


2.9.1. Right to information

You may request a confirmation from the controller as to whether personal data that concern you are processed by us.

If there is such processing of your personal data, you may request the following information from the controller:
(1) the purposes for which personal data are processed;
(2) the categories for which personal data are processed;
(3) the recipient or categories of recipients to which the personal data concerning you are revealed or will be revealed;
(4) the planned duration of storage of the personal data concerning you or, if concrete specification of this is not possible, the criteria that determine the storage duration;
(5) the existence of a right to correction of deletion of the personal data concerning you, a right to restriction of the processing by the responsible party or a right of objection to this processing;
(6) the existence of a right of complaint to a regulatory authority;
(7) all available information on the origin of the data, if the personal data have not been collected from the affected person;
(8) the existence of an automated decision-making process including profiling in accordance with art. 22 para. 1 and 4 GDPR and – at least in these cases – significant information about the logic involved as well as the reach and intended consequences of such processing for the data subject.

You have the right to demand information as to whether personal data concerning you have been transmitted to a third country or an international organization. In this context you can demand to be instructed about the suitable guarantees in accordance with art. 46 GDPR in connection with the transmission.

2.9.2. Right to rectification

You have a right to rectification and/or completion against the controller insofar as the processed personal data concerning you are incorrect or incomplete. The controller is to immediately carry out the correction.

2.9.3. Right to restriction of processing

You may demand a restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the correctness of the personal data concerning you for a length of time that makes it possible for the controller to review the correctness of the personal data;
(2) if the processing is unlawful and you reject a deletion of the personal data and instead request a restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, you however need them to assert, exercise or defend legal claims, or
(4) you have filed an objection to the processing in accordance with art. 21 para. 1 GDPR and it is not yet determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of the personal data concerning you is restricted, these data – aside from their storage – may only be processed with your consent or to assert, exercise or defend against legal claims or to protect the rights of other natural or legal persons or for reasons of an important public interest of the Union or a member state.

If the restriction of processing was restricted in accordance with the above-mentioned conditions, then you will be informed by the responsible party before the restriction is lifted.

2.9.4. Right to deletion

2.9.4.1. Duty to deletion
You can demand that the controller immediately delete the personal data concerning you, and the controller is obligated to immediately delete these data insofar as one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing rested in accordance with art. 6 para. 1 lit. a or art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) In accordance with art. 21 para. 1 GDPR you file an objection to the processing and there are no overriding legitimate reasons for the processing, or you file an objection to the processing in accordance with art. 21 para. 2 GDPR.
(4) The personal data concerning you were unlawfully processed.
(5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation in accordance with Union law or the law of member states to which the controller is subject.
(6) The personal data concerning you were collected in relation to offered services of the information society in accordance with art. 8 para. 1 GDPR.

2.9.4.2. Information to third parties
If the controller had made personal data concerning you public and is obligated to their deletion in accordance with art. 17 para. 1 GDPR, then he or she will take appropriate measures, in consideration of the available technology and the costs of implementation – also measures of a technical nature – to inform those processing controllers who are processing the personal data that you as the data subject demand the deletion of all links to these personal data or to copies or replications of these personal data.

2.9.4.3. Exceptions
The right to deletion does not exist insofar as the processing is necessary
(1) to exercise a right to free expression and information;
(2) to fulfill a legal obligation that requires the processing in accordance with the law of the Union or of member states to which the controller is subject or to pursue a task that is in the public interest or in the exercise of public authority that was transferred to the responsible party;
(3) for reasons of public interest in the area of public health in accordance with art. 9 para. 2 lit. h and i as well as art. 9 para. 3 GDPR;
(4) for the archival purposes or scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with art. 89 para. 1 GDPR, insofar as the right named under section a) is anticipated to make the realization of the goals of this processing impossible or seriously impair it, or
(5) to assert, exercise or defend legal claims.

2.9.5. Right to instruction

If you have asserted the right to correction, deletion or restriction of the processing against the controller, then this controller is obligated to communicate this correction or deletion of data or restriction of processing to all recipients to whom the personal data in question have been revealed, unless this proves impossible or involves a disproportionate expenditure.

You have the right against the controller to be informed about these recipients.

2.9.6. Right to data portability

You have the right to receive the personal data concerning you and that you have provided to the controller in a structured, typical and machine-readable format. In addition you have the right to transmit these data to another controller without being hindered by the controller to whom you had provided the personal data, insofar as
(1) the processing rests on a consent in accordance with art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a GDPR or on a contract in accordance with art. 6 para. 1 lit. b GDPR and
(2) the processing occurs with the help of automated procedures.

In exercising this right you also have the right to have the personal data concerning you transferred directly from a controller to another controller insofar as this is technically feasible. Freedoms and rights of other persons may not be impaired by this.

The right to data portability does not apply to a processing of personal data that is necessary for the fulfillment of a task that lies in the public interest or occurs in the exercise of a public authority that was transferred to the controller.

2.9.7. Right to objection

You have the right at any time, for reasons arising from your particular situation, to object to the processing of personal data concerning you that occurs on the basis of art. 6 para. 1 lit. e or f GDPR; this also holds for any profiling resting on these determinations.

The controller will no longer process the personal data concerning you, unless he or she can demonstrate compelling reasons for the processing requiring protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend against legal claims.

If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also holds for profiling insofar as it relates to such direct advertising.

If you object to the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

You have the possibility exercise your right of objection in connection with the use of services of the information society – notwithstanding the guideline 2002/58/EG – by means of automated procedures that use technical specifications.

2.9.8. Right to revocation of the declaration of consent

You have the right to revoke your declaration of consent concerning data protection law at any time. The revocation of your consent will not affect the lawfulness of the processing that occurred on the basis of your consent until your revocation.

2.9.9. Automated individual decision-making including profiling

You have the right not to remain subject to a decision resting exclusively on automated processing – including profiling – that leads to any legal effect for you or significantly affects you in a similar manner. This does not hold if the decision
(1) is necessary for the fulfillment of a contract between you and the responsible party,
(2) is permissible on the basis of the legal provisions of the Union or the member states to which the responsible party is subject and these provisions contain appropriate measures to preserve your rights and freedoms as well as your legitimate interests, or
(3) occurs with your explicit consent.

However these decisions may not rest on special categories of personal data in accordance with art. 9 para. 1 GDPR, unless art. 9 para. 2 lit. a or g holds and appropriate measures to protect rights and freedoms as well as your legitimate interests have been taken.

Concerning the cases named in (1) and (3), the controller will take appropriate measures to preserve rights and freedoms as well as your legitimate interests, which includes at least the right to bring it about that a person intervenes on the part of the controlling party, the right to represent one’s own standpoint and the right to contest a decision.

2.9.10. Right to complain to a regulatory authority

Notwithstanding any other administrative or judicial remedy, you have the right to complain to a regulatory authority, in particular in the member state of your residence, your site of work or the site of the alleged violation, if you are of the opinion that the processing of the personal data concerning you violates the GDPR.

The regulatory authorities who receive the complaint will inform the complainant about the state and the results of the complaint, including the possibility of judicial remedy in accordance with art. 78 GDPR.

This data protection statement was generated on the basis of the information provided by the data protection statement generator of the GDG German Society for Data Protection GmbH.

M3B GmbH, Bremen


3. Conceptual definitions



The data protection statement of the M3B GmbH rests on concepts that have been used by the authoring body of the European guidelines and ordinances in enacting the General Data Protection Regulation (GDPR). Our data protection statement should be easily readable and understandable for the public as well as for our customers and business partners. To ensure this we would like to start by explaining the concepts used.

In this data protection statement we use the following concepts:

3.1. Personal data


Personal data is any information relating to an identified or identifiable natural person (hereafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2. Data subject


A data subject is every identified or identifiable natural person whose personal data is processed by the party responsible for processing.

3.3. Processing


Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4. Restriction of processing


Restriction of processing is the marking of stored personal data with the aim of limiting their processing during the legal storage periods. This means that the data are still stored but can only be used for certain types of processing, such as e.g. review by financial authorities.

3.5. Profiling


Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

3.6. Pseudonymization


Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3.7. Controller or processing controller


Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be provided for by Union or Member State law.

3.8. Joint controllers


If several companies process personal data together and determine the purposes and means of processing together in the context of common tasks or projects, then these companies may agree on data protection regulations together as “joint controllers” in accordance with art. 26 GDPR and also jointly implement the rights of the data subjects.

3.9. Processor


Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3.10. Recipient


Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

3.11. Third parties


Third parties are natural or legal persons, public authorities, agencies or bodies other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data.


Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


4. Data transfer to third parties



As a matter of principle, we only use your personal data within our company. If and to the extent that we involve third parties in the performance of contracts (Internet service providers, logistics service providers, payment service providers), they will only receive personal data to the extent that the transmission is necessary for the corresponding service.

In the event that we outsource certain parts of the data processing ("contract processing"), we contractually oblige contract processors to use personal data only in accordance with the requirements of the data protection laws and to ensure the protection of the rights of the data subject.

Data transfer to bodies or persons outside the EU outside the case mentioned in this declaration in section 4 does not take place and is not planned.


5. Plug-ins from third-party suppliers



Our website to some extent uses plug-ins from third-party suppliers, which are described here:


5.1 WorldPress plug-ins




5.1.1 Data protection statement on the deployment and use of Contact Form 7

The controller has integrated components from Takayuki Miyoshi on this internet site. We use Contact Form 7 for contact forms. The form allows Ajax-supported sending, reCaptcha and Akismet spam-filtering. The valid data protection regulations of Contact Form 7 can be retrieved under de.wordpress.org/plugins/contact-form-7/#description.


5.2. Analysis tools




5.2.1. Data protection provisions on the deployment and use of Matomo (formerly PIWIK)

The controller has integrated components of Matomo into this website. Matomo is an open-source software tool for web analysis. Web analysis is the capture, collection and assessment of data on the behavior of visitors on internet sites. A web analysis tool collects data on, among other things, which internet site the data subject came from (the so-called referrer), which sub-sites of the internet site they access and how often or for how long they view a sub-site. A web analysis is primarily used to optimize an internet site and is used for a cost-benefit analysis of internet advertising.

The software is operated on the server of the controller, the log files that are sensitive in terms of data protection law are stored on this server.

The purpose of Matomo components is to analyze the stream of visitors to our internet site. The controller uses the data and information obtained among other things to assess the use of this internet site in order to generate online reports displaying the activities on our internet site.

Matomo places a cookie in the information-technology system of the data subject. It has already been explained above what cookies are. The setting of cookies makes it possible for us to analyze the use of our internet site. For every retrieval of one of the individual pages of our internet site, the internet browser on the information-technology system of the data subject is automatically prompted by the Matomo components to transmit data for the purpose of an online analysis on our servers. Through this technical procedure we retain knowledge of personal data such as the IP address of the data subject that serves among other things to help us understand the origin of the visitors and clicks.

By means of cookies, personal information is saved, such as time of access, the site from which access occurred and the frequency of visits to our internet site. With every visit to our internet site these personal data, including the IP address of the data subject’s internet connection, are transmitted to our server. We save these personal data. We do not transfer these personal data to third parties.

The data subject may prevent the setting of cookies by our internet site, as described above, at any time by means of the corresponding settings of the internet browser used by the data subject and thereby object lastingly to the use of cookies. Such a setting of the internet browser used would also prevent Matomo from placing a cookie in the information technology system of the data subject. In addition a cookie already set by Matomo can be deleted at any time by means of the internet browser or other software programs.

In addition the data subject has the possibility to object to the capture of the data generated by Matomo relating to the use of this internet site and to prevent it. For this purpose the data subject must set an opt-out cookie under the link matomo.org/docs/privacy. If the information-technology system of the data subject is deleted, formatted or reinstalled at a later point, the data subject will need to once more set an opt-out cookie under matomo.org/docs/privacy.

However with setting of an opt-out cookie it is possible that the internet site of the controller will no longer be fully usable for the data subject.

Further information and the valid data protection regulations of Matomo can be retrieved under matomo.org/docs/privacy.


5.3. Social Media




5.3.1. Data protection provisions on the deployment and use of YouTube

The controller has integrated components of YouTube into this internet site. YouTube is an internet video portal that allows video publishers to present videos free of cost and other users to view them and assess and comment on them free of cost. YouTube permits the publication of all types of videos, so that complete film and television broadcasts as well as music videos, trailers and videos made by the users themselves can be retrieved at this internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For every retrieval of one of the individual pages of this internet site that is operated by the controller and that integrates a YouTube component (YouTube video), the internet browser of the data subject’s information-technology system is automatically prompted by the particular YouTube component to download a representation of the particular YouTube component from YouTube. Further information on YouTube can be retrieved under youtube.com/yt/about/de. Within this technical procedure, YouTube and Google receive information about which specific sub-sites of our internet site are visited by the data subject.

Insofar as the data subject is logged in to YouTube at the same time, for every retrieval of sub-site containing a YouTube video YouTube recognizes which specific sub-site of our internet site the data subject is visiting. This information is collected by YouTube and Google and correlated with the particular YouTube account of the data subject.

YouTube and Google receive the information, from the YouTube components, that the data subject has visited our internet site if the data subject is logged in to YouTube at the time of the retrieval of our internet site; this occurs regardless of whether or not the data subject clicks on a YouTube video. If such a transmission of this information to YouTube and Google is not desired by the data subject, this transmission can be prevented by logging out of your YouTube account before retrieving our internet site.

The data protection provisions published by YouTube, which can be retrieved under google.de/intl/de/policies/privacy, provide information on the capture, processing and use of personal data by YouTube and Google.


5.3.2. Data protection provisions on the deployment and use of LinkedIn

The controller has integrated components of the LinkedIn corporation into this internet site. LinkedIn is an internet-based social network that allows users with existing business contacts to connect and also to form new business contacts. Over 400 million registered persons use LinkedIn in more than 200 countries. Thus LinkedIn is at the moment the largest platform for business contacts and one of the most frequently visited internet sites of the world.

The operating society of LinkedIn is the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection issues outside of the USA, the responsible party is LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

For every retrieval of our internet site that is equipped with a LinkedIn component (LinkedIn plug-in), this component prompts the browser used by the data subject to download a corresponding representation of the components of LinkedIn. Further information on the LinkedIn plug-ins can be retrieved under developer.linkedin.com/plugins. Withint his technical procedure LinkedIn obtains knowledge about which concrete sub-site of our internet site the data subject is visiting.

Insofar as the data subject is logged in to LinkedIn at the same time, with every retrieval of our internet site by the data subject and for the entire duration of his or her visit to our internet site LinkedIn recognizes which specific sub-sites of our internet site are visited by the data subject. This information is collected by the LinkedIn components and correlated with the data subject’s particular LinkedIn account by LinkedIn. If the data subject clicks one of the LinkedIn buttons integrated into our internet site, LinkedIn correlates this information to the personal LinkedIn user account of the data subject and saves this personal data.

LinkedIn always receives information, by way of the LinkedIn components, that the data subject has visited our internet site if the data subject is logged in to LinkedIn at the time of the retrieval of our internet site; this occurs regardless of whether or not the data subject clicks on the LinkedIn components. If such a transmission of this information to LinkedIn is not desired by the data subject, he or she can prevent this transmission by logging out of his or her LinkedIn account before retrieving our internet site.

LinkedIn offers the possibility, under linkedin.com/psettings/guest-controls, of deactivating email notifications, text message notifications and targeted displays as well as administrating display settings. Furthermore LinkedIn uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which can set cookies. These cookies can be declined under linkedin.com/legal/cookie-policy. The valid data protection provisions can be retrieved under linkedin.com/legal/privacy-policy. The cookie guidelines of LinkedIn can be linkedin.com/legal/cookie-policy.


5.4. Payment options




5.4.1. Data protection provisions on PayPal as a payment option

The controller has integrated components of PayPal into this internet site. PayPal is an online payment service provider. Payments are made between so-called PayPal accounts, which represent private or business accounts. In addition PayPal offers the possibility of making virtual payments by means of credit cards if the user does not have a PayPal account. A PayPal account is managed through an email address, which is why there is no classic account number. PayPal makes it possible to make online payments to third parties and also to receive payments. Additionally PayPal offers trustee functions and provides buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.

If the data subject chooses the payment option “PayPal” during the ordering procedure in our online shop, data of the data subject are automatically transmitted to PayPal. In selecting this payment option the data subject consents to the transmission of personal data necessary for the processing of payment.

The personal data transmitted to PayPal generally involves first name, last name, address, email address, IP address, telephone number, cell phone number or other data that are necessary to process the payment. To conclude the purchase contract the personal data connected with the particular order are also necessary.

The transmission of the data is for the purpose of processing the payment and preventing fraud. The controller will transmit personal data to PayPal in particular when a legitimate interest in such transmission is given. The personal data exchanged between PayPal and the processor will under certain circumstances be transmitted to financial information agencies. This transmission serves the purpose of an identity and credit check.

PayPal may further transmit personal data to associated companies and service providers or sub-contractors insofar as this is necessary to fulfill the contractual obligations or insofar as the data are to be processed on commission.

The data subject has the possibility to revoke his or her consent that PayPal work with the personal data at any time. A revocation does not affect the personal data that must necessarily be processed, used or transferred for the (contractual) conclusion of payment. The valid data protection provisions of PayPal can be retrieved under paypal.com/de/webapps/mpp/ua/privacy-full.


© 2018 – 2020 M3B GmbH – Bremen