data protection

1. General information

We are grateful for your interest in our company. Data protection has a special importance for the management and employees of M3B GmbH.

It is generally possible to use the internet sites and other digital media of the brands MESSE BREMEN, ÖVB-Arena, CONGRESS BREMEN, Großmarkt bremen and Bremer Ratskeller – Weinhandel 1405, along with their individual event sites, as well as the business page of M3B GmbH, without providing any personal data. Insofar as a particular person wishes to make use of particular services of the online offerings of M3B GmbH over the internet, however, it could be necessary to process personal data. If the processing of personal data is necessary and if there is no legal basis for this, we will generally obtain the consent of the affected person. The processing of personal data – such as the name, address, email address or telephone number of the affected person – always occurs in conformity with the data protection provisions of the Federal Republic of Germany and the state of Bremen that apply to M3B GmbH.

With this data protection statement M3B GmbH wishes to inform the public about the type, scope and purpose of the personal data that we collect, use and process. In addition the affected data subjects will be informed about their rights by means of this data protection statement.

As the operator of the internet sites and the responsible processing controller, M3B GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of all personal data processed by all of the company’s internet sites. However internet-based data transfers can always entail security gaps, such that an absolute protection cannot be guaranteed. For this reason the data subject is free to convey personal data to us by other means as well, for example by telephone.

Application procedures at M3B GmbH primarily occur online. The processing of personal data this involves is described by Attachment 2 of this data protection statement.

In addition individual internet sites use “plug-ins” from third-party providers. These are attached to this data protection statement as Attachment 3 to provide a clearer overview.

2. Data protection statement of

MESSE BREMEN & ÖVB-Arena
as brands of
M3B GmbH, Bremen

2.1. Name and address of the processing controller

The controller in terms of the General Data Protection Regulation and other data protection laws and provisions of the Federal Republic of Germany and the state of Bremen is:

M3B GmbH
Findorffstraße 101
28215 Bremen
Deutschland

www.m3b-bremen.de
datenschutz@m3b-bremen.de

Tel. +49 (0)421 3505-0

2.2. Name and address of the data security officer

The data security officer of the responsible party is:

Martin Mielke

3G Business Datenschutz GmbH
Michaelkirchplatz 5
10179 Berlin
Germany

mielke@3g-business.de
Tel. +49 (0)162 1007910

2.3. General information on data processing

2.3.1. Scope of the processing of personal data
We fundamentally only collect and use personal data of our users insofar as this is necessary to provide a functional website and for its contents and services. The collection and use of the personal data of our users regularly occurs only with the consent of the user. An exception is cases in which the prior obtaining of consent is not possible for factual reasons and the processing of data is permitted by legal provisions.

2.3.2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing procedures, art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

For the processing of personal data that is necessary to fulfill a contract, to which the data subject is a contractual party, art. 6 para. 1 lit. b GDPR serves as the legal basis. This also holds for processing procedures that are necessary to carry out pre-contractual measures.

Insofar as a processing of personal data is necessary to fulfill a legal obligation of our company, art. 6 para. 1 lit. c GDPR serves as the legal basis.

In case vital interests of the data subject or other natural persons make it necessary to process personal data, art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to preserve a legitimate interest of the company or a third party and the interests, basic rights and basic freedoms of the data subject do not outweigh this interest, then art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

2.3.3. Deletion of data and storage period
The personal data of the affected person are deleted or blocked as soon as the purpose of storage is past. Data could be stored beyond this if this is anticipated by the European or national legislative authority in Union directives, laws or other regulations to which the controller is subject. A blocking or deletion of the data also occurs if the storage period anticipated by these norms expires, unless there is a need to continue to store the data for the conclusion or fulfillment of a contract.

2.3.4. Remarks on data protection in accordance with art. 13, 14 and 21 GDPR
You can request or view these remarks directly from your contact partner at our company, request them from datenschutz@m3b-bremen.de or download them from the menu option “EU-DSGVO” as PDF.

2.4. Provision of the website and generation of log files

2.4.1. Description and scope of the data processing
Every time our internet site is retrieved, our system automatically captures data and information from the system of the retrieving computer. The following data are captured:
(1) Information on the type of browser and the version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system arrived at our internet site
(7) Websites that are retrieved by the user’s system from our website

The data are also saved in the log files of our system. This data is not stored together with other personal data of the user.

2.4.2. Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is art. 6 para. 1 lit. f GDPR.

2.4.3. The purpose of the data processing
The temporary storage of the IP addresses by the system is necessary to make it possible to provide the website to the user’s computer. For this purpose the IP address of the user must remain saved for the duration of the session.

The storage in log files is to ensure the functionality of the website. Moreover these data help us to optimize our website and to ensure the security of our informational systems. The data are not assessed for marketing purposes in this context.

These purposes also represent our legitimate interest in data processing in accordance with art. 6 para. 1 lit. f GDPR.

2.4.4. Duration of storage
The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. Concerning the capture of data for the purpose of providing the website, this is the case as soon as that session is ended.

In case of the storage of data in log files, this is also the case after thirty days at the latest.

A storage beyond this is possible. In this case the IP addresses of the users are deleted or disguised so that a correlation with the retrieving client is no longer possible.

2.4.5. The possibility of objection and elimination
The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the internet site. Consequently there is no possibility of objection on the part of the user.

2.5. The use of cookies

2.5.1. Description and scope of the data processing
Our website uses cookies. Cookies are text files that are saved in the user’s internet browser or by the internet browser in the user’s computer. If a user retrieves a website, a cookie can be saved in the user’s operating system. This cookie contains a characteristic sequence of characters that makes possible an unequivocal identification of the browser upon a later retrieval of the website. We use cookies to make our website more user-friendly. Several of the elements of our internet site require the retrieving browser to be identified even after changing sites.

The cookies save and convey the following information:
(1) Language settings
(2) Log-In information

On our website we also use cookies to make it possible to analyze the serving behavior of the users. The following data are conveyed:
(1) Use of website functions

The user data collected in this manner is made pseudonymous through technical arrangements. Hence it is no longer possible to correlate the data to the retrieving user. The data are not stored together with other personal data of the user.

Upon retrieving our website, users are informed about the use of cookies for analytical purposes by an informational banner and referred to this data protection statement. In this context there is also reference to how users can prevent the saving of cookies in their browser settings.

2.5.2. Legal basis for the data processing
The legal basis for the processing of personal data with the use of technically necessary cookies is art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data with the use of cookies for analytical purposes is, upon provision of the corresponding consent of the user, art. 6 para. 1 lit. a GDPR.

2.5.3. Purpose of data processing
The purpose of the use of technically necessary cookies is to simplify the websites for the user. Several functions of our website cannot be offered without the use of cookies. These functions require that the browser be recognized after changing sites.

For the following applications we need to use cookies:
(1) Use of language settings

The user data captured by the technically necessary cookies are not used to generate user profiles.

The use of analysis cookies occurs for the purpose of improving the quality of our website and its contents. With the analysis of cookies we learn how the website is used and thus can continually optimize our offerings.

These purposes represent our legitimate interest in the processing of personal data in accordance with art. 6 para. 1 lit. f GDPR. These purposes also represent our legitimate interest in the processing of personal data in accordance with art. 6 para. 1 lit. f GDPR.

2.5.4. Duration of storage, possibility of objection and elimination
Cookies are saved on the user’s computer and conveyed by this computer to our site. Hence as user you have complete control over the use of cookies. By changing the settings in your internet browser you can deactivate or limit the transmission of cookies. Already saved cookies can be deleted at any time. This can also occur automatically. If cookies are deactivated for our website, it is possible that you will no longer be able to make full use of all functions of our website.

The transmission of Flash cookies cannot be prevented by the browser settings, but by changing the settings of your Flash player.

2.6. Contact form and email contact

2.6.1. Description and scope of the data processing
A contact form is available at our internet site that can be used to contact us electronically. If a user makes use of this possibility, the data inputted into the input mask are transmitted to us and saved.

Moreover at the time the message is sent the following data are saved:
Name, address, email address, phone, fax, and topic

and in addition
(1) the IP address of the user
(2) date and time of registration

For the processing of the data, during the sending procedure your consent is obtained and you are referred to this data protection statement.

Alternatively you can contact us using the email address provided. In this case we will only save the user’s personal data that is conveyed with the email.

In this context there is no transmission of data to third parties. The data are used exclusively for processing the conversation.

2.6.2. Legal basis for the data processing
The legal basis for the processing of the data is, given the provision of consent of the user, art. 6 para. 1 lit. a GDPR.

The legal basis for processing the data that are conveyed by transmission of an email is art. 6 para. 1 lit. f GDPR. If the email contact leads to the conclusion of a contract, the additional legal basis for the processing is art. 6 para. 1 lit. b GDPR.

2.6.3. Purpose of the data processing
The processing of personal data from the input mask serves exclusively to process the establishment of contact. In case contact is established by email, this is the necessary legitimate interest in processing the data.

The other personal data processed during the sending procedure serves to prevent a misuse of the contact form and to ensure the security of our informational systems.

2.6.4. Duration of storage
The data are deleted as soon as they are no longer necessary to achieve the purpose of their capture. For personal data from the input mask of the contact form and those sent by email, this is the case as soon as that conversation with the user has concluded. The conversation has ended when it can be inferred from the circumstances that the issue in question has been conclusively clarified.

Additional personal data captured during the sending procedure will be deleted at the latest after a period of seven days.

2.6.5. Possibility of objection and elimination
The user has the possibility at any time of revoking his or her consent to the processing of personal data. If the user establishes contact with us over email, he or she can object to the saving of his or her personal data at any time. In such a case the conversation cannot be continued.

The revocation can be addressed using the contact form itself or the email address or telephone number listed at the beginning.

All personal data that were saved in the course of establishing contact will be deleted in this case.

2.7. Rights of the data subject

If your personal data is processed, then you are the ‘data subject’ in terms of the GDPR and you have the following rights relative to the controller:

2.7.1. Right to information
You may request a confirmation from the controller as to whether personal data that concern you are processed by us.

If there is such processing of your personal data, you may request the following information from the controller:
(1) the purposes for which personal data are processed;
(2) the categories for which personal data are processed;
(3) the recipient or categories of recipients to which the personal data concerning you are revealed or will be revealed;
(4) the planned duration of storage of the personal data concerning you or, if concrete specification of this is not possible, the criteria that determine the storage duration;
(5) the existence of a right to correction of deletion of the personal data concerning you, a right to restriction of the processing by the responsible party or a right of objection to this processing;
(6) the existence of a right of complaint to a regulatory authority;
(7) all available information on the origin of the data, if the personal data have not been collected from the affected person;
(8) the existence of an automated decision-making process including profiling in accordance with art. 22 para. 1 and 4 GDPR and – at least in these cases – significant information about the logic involved as well as the reach and intended consequences of such processing for the data subject.

You have the right to demand information as to whether personal data concerning you have been transmitted to a third country or an international organization. In this context you can demand to be instructed about the suitable guarantees in accordance with art. 46 GDPR in connection with the transmission.

2.7.2. Right to rectification
You have a right to rectification and/or completion against the controller insofar as the processed personal data concerning you are incorrect or incomplete. The controller is to immediately carry out the correction.

2.7.3. Right to restriction of processing
You may demand a restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the correctness of the personal data concerning you for a length of time that makes it possible for the controller to review the correctness of the personal data;
(2) if the processing is unlawful and you reject a deletion of the personal data and instead request a restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, you however need them to assert, exercise or defend legal claims, or
(4) you have filed an objection to the processing in accordance with art. 21 para. 1 GDPR and it is not yet determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of the personal data concerning you is restricted, these data – aside from their storage – may only be processed with your consent or to assert, exercise or defend against legal claims or to protect the rights of other natural or legal persons or for reasons of an important public interest of the Union or a member state.

If the restriction of processing was restricted in accordance with the above-mentioned conditions, then you will be informed by the responsible party before the restriction is lifted.

2.7.4. Right to deletion
2.7.4.1. Duty to deletion
You can demand that the controller immediately delete the personal data concerning you, and the controller is obligated to immediately delete these data insofar as one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing rested in accordance with art. 6 para. 1 lit. a or art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) In accordance with art. 21 para. 1 GDPR you file an objection to the processing and there are no overriding legitimate reasons for the processing, or you file an objection to the processing in accordance with art. 21 para. 2 GDPR.
(4) The personal data concerning you were unlawfully processed.
(5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation in accordance with Union law or the law of member states to which the controller is subject.
(6) The personal data concerning you were collected in relation to offered services of the information society in accordance with art. 8 para. 1 GDPR.

2.7.4.2. Information to third parties
If the controller had made personal data concerning you public and is obligated to their deletion in accordance with art. 17 para. 1 GDPR, then he or she will take appropriate measures, in consideration of the available technology and the costs of implementation – also measures of a technical nature – to inform those processing controllers who are processing the personal data that you as the data subject demand the deletion of all links to these personal data or to copies or replications of these personal data.

2.7.4.3. Exceptions
The right to deletion does not exist insofar as the processing is necessary
(1) to exercise a right to free expression and information;
(2) to fulfill a legal obligation that requires the processing in accordance with the law of the Union or of member states to which the controller is subject or to pursue a task that is in the public interest or in the exercise of public authority that was transferred to the responsible party;
(3) for reasons of public interest in the area of public health in accordance with art. 9 para. 2 lit. h and i as well as art. 9 para. 3 GDPR;
(4) for the archival purposes or scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with art. 89 para. 1 GDPR, insofar as the right named under section a) is anticipated to make the realization of the goals of this processing impossible or seriously impair it, or
(5) to assert, exercise or defend legal claims.

2.7.5. Right to instruction
If you have asserted the right to correction, deletion or restriction of the processing against the controller, then this controller is obligated to communicate this correction or deletion of data or restriction of processing to all recipients to whom the personal data in question have been revealed, unless this proves impossible or involves a disproportionate expenditure.

You have the right against the controller to be informed about these recipients.

2.7.6. Right to data portability
You have the right to receive the personal data concerning you and that you have provided to the controller in a structured, typical and machine-readable format. In addition you have the right to transmit these data to another controller without being hindered by the controller to whom you had provided the personal data, insofar as
(1) the processing rests on a consent in accordance with art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a GDPR or on a contract in accordance with art. 6 para. 1 lit. b GDPR and (2) the processing occurs with the help of automated procedures.

In exercising this right you also have the right to have the personal data concerning you transferred directly from a controller to another controller insofar as this is technically feasible. Freedoms and rights of other persons may not be impaired by this.

The right to data portability does not apply to a processing of personal data that is necessary for the fulfillment of a task that lies in the public interest or occurs in the exercise of a public authority that was transferred to the controller.

2.7.7. Right to objection
You have the right at any time, for reasons arising from your particular situation, to object to the processing of personal data concerning you that occurs on the basis of art. 6 para. 1 lit. e or f GDPR; this also holds for any profiling resting on these determinations.

The controller will no longer process the personal data concerning you, unless he or she can demonstrate compelling reasons for the processing requiring protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend against legal claims.

If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also holds for profiling insofar as it relates to such direct advertising.

If you object to the processing for purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

You have the possibility exercise your right of objection in connection with the use of services of the information society – notwithstanding the guideline 2002/58/EG – by means of automated procedures that use technical specifications.

2.7.8. Right to revocation of the declaration of consent
You have the right to revoke your declaration of consent concerning data protection law at any time. The revocation of your consent will not affect the lawfulness of the processing that occurred on the basis of your consent until your revocation.

2.7.9. Automated individual decision-making including profiling
You have the right not to remain subject to a decision resting exclusively on automated processing – including profiling – that leads to any legal effect for you or significantly affects you in a similar manner. This does not hold if the decision
(1) is necessary for the fulfillment of a contract between you and the responsible party,
(2) is permissible on the basis of the legal provisions of the Union or the member states to which the responsible party is subject and these provisions contain appropriate measures to preserve your rights and freedoms as well as your legitimate interests, or
(3) occurs with your explicit consent.

However these decisions may not rest on special categories of personal data in accordance with art. 9 para. 1 GDPR, unless art. 9 para. 2 lit. a or g holds and appropriate measures to protect rights and freedoms as well as your legitimate interests have been taken.

Concerning the cases named in (1) and (3), the controller will take appropriate measures to preserve rights and freedoms as well as your legitimate interests, which includes at least the right to bring it about that a person intervenes on the part of the controlling party, the right to represent one’s own standpoint and the right to contest a decision.

2.7.10. Right to complain to a regulatory authority
Notwithstanding any other administrative or judicial remedy, you have the right to complain to a regulatory authority, in particular in the member state of your residence, your site of work or the site of the alleged violation, if you are of the opinion that the processing of the personal data concerning you violates the GDPR. The regulatory authorities who receive the complaint will inform the complainant about the state and the results of the complaint, including the possibility of judicial remedy in accordance with art. 78 GDPR.

This data protection statement was generated on the basis of the information provided by the data protection statement generator of the GDG German Society for Data Protection GmbH.

M3B GmbH, Bremen

 

3. Conceptual definitions

The data protection statement of the M3B GmbH rests on concepts that have been used by the authoring body of the European guidelines and ordinances in enacting the General Data Protection Regulation (GDPR). Our data protection statement should be easily readable and understandable for the public as well as for our customers and business partners. To ensure this we would like to start by explaining the concepts used.

In this data protection statement we use the following concepts:

3.1. Personal data

Personal data is any information relating to an identified or identifiable natural person (hereafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2. Data subject

A data subject is every identified or identifiable natural person whose personal data is processed by the party responsible for processing.

3.3. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing during the legal storage periods. This means that the data are still stored but can only be used for certain types of processing, such as e.g. review by financial authorities.

3.5. Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

3.6. Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3.7. Controller or processing controller

Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be provided for by Union or Member State law.

3.8. Joint controllers

If several companies process personal data together and determine the purposes and means of processing together in the context of common tasks or projects, then these companies may agree on data protection regulations together as “joint controllers” in accordance with art. 26 GDPR and also jointly implement the rights of the data subjects.

3.9. Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3.10. Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

3.11. Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data.

3.12. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Plug-ins from third-party suppliers

Our website to some extent uses plug-ins from third-party suppliers, which are described here:

4.1. WordPress plugins

4.1.1. Data protection statement on the deployment and use of Contact Form 7
The controller has integrated components from Takayuki Miyoshi on this internet site. We use Contact Form 7 for contact forms. The form allows Ajax-supported sending, reCaptcha and Akismet spam-filtering. The valid data protection regulations of Contact Form 7 can be retrieved under https://de.wordpress.org/plugins/contact-form-7/#description.

4.1.2. Use of Google reCaptcha and Google Maps
To secure the contact forms in the object profiles we use the service reCAPTCHA by the company Google Inc. (Google). To represent maps we use Google Maps by the same company. The regulations on data protection correspond to those of the website in which the service is integrated. These are explained in another passage of the data protection statement.

4.2. Analysis tools

4.2.1. Data protection provisions on the deployment and use of PIWIK
The controller has integrated components of PIWIK into this website. PIWIK is an open-source software tool for web analysis. Web analysis is the capture, collection and assessment of data on the behavior of visitors on internet sites. A web analysis tool collects data on, among other things, which internet site the data subject came from (the so-called referrer), which sub-sites of the internet site they access and how often or for how long they view a sub-site. A web analysis is primarily used to optimize an internet site and is used for a cost-benefit analysis of internet advertising.

The software is operated on the server of the controller, the log files that are sensitive in terms of data protection law are stored on this server.

The purpose of PIWIK components is to analyze the stream of visitors to our internet site. The controller uses the data and information obtained among other things to assess the use of this internet site in order to generate online reports displaying the activities on our internet site.

PIWIK places a cookie in the information-technology system of the data subject. It has already been explained above what cookies are. The setting of cookies makes it possible for us to analyze the use of our internet site. For every retrieval of one of the individual pages of our internet site, the internet browser on the information-technology system of the data subject is automatically prompted by the PIWIK components to transmit data for the purpose of an online analysis on our servers. Through this technical procedure we retain knowledge of personal data such as the IP address of the data subject that serves among other things to help us understand the origin of the visitors and clicks.

By means of cookies, personal information is saved, such as time of access, the site from which access occurred and the frequency of visits to our internet site. With every visit to our internet site these personal data, including the IP address of the data subject’s internet connection, are transmitted to our server. We save these personal data. We do not transfer these personal data to third parties.

The data subject may prevent the setting of cookies by our internet site, as described above, at any time by means of the corresponding settings of the internet browser used by the data subject and thereby object lastingly to the use of cookies. Such a setting of the internet browser used would also prevent PIWIK from placing a cookie in the information technology system of the data subject. In addition a cookie already set by PIWIK can be deleted at any time by means of the internet browser or other software programs.

In addition the data subject has the possibility to object to the capture of the data generated by PIWIK relating to the use of this internet site and to prevent it. For this purpose the data subject must set an opt-out cookie under the link http://piwik.org/docs/privacy/. If the information-technology system of the data subject is deleted, formatted or reinstalled at a later point, the data subject will need to once more set an opt-out cookie under http://piwik.org/docs/privacy/

However with setting of an opt-out cookie it is possible that the internet site of the controller will no longer be fully usable for the data subject.

Further information and the valid data protection regulations of PIWIK can be retrieved under http://piwik.org/docs/privacy/.

4.2.2. Data protection regulations on the deployment and use of Google Analytics (with anonymization function)
The controller has integrated components of Google Analytics (with anonymization function) into this internet site. Google Analytics is a web analysis service. Web analysis is the capture, collection and assessment of data on the behavior of visitors on internet sites. A web analysis service includes among other things data on which internet site the data subject on an internet site came from (the so-called referrer), which sub-sites of the internet site are accessed and how long a sub-site is viewed. A web analysis is used primarily to optimize an internet site and is deployed for a cost-benefit analysis of internet advertising.

The operating company of Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the addition of “_gat._anonymizeIp” for the web analysis by way of Google Analytics. This addition abbreviates and anonymizes the IP address of the internet connection of the data subject if our internet site is accessed from a member state of the European Union or from another contractual state of the agreement on the European Economic Area.

The purpose of the Google Analytics components is to analyze the visitor stream to our internet site. Google uses the data and information obtained, among other things, to assess the use of our internet site in order to generate online reports displaying the activities on our internet sites and to provide further services standing in relation to the use of our internet site.

Google Analytics places a cookie in the information-technology system of the data subject. It was explained above what cookies are. By playing a cookie Google makes an analysis of the use of our internet site possible. For every retrieval of one of the individual sub-sites of this internet site that is operated by the processing controller and that has integrated a component of Google Analytics, the internet browser of the data subject’s information-technology system is automatically prompted by the Google Analytics component to transmit data to Google for the purpose of online analysis. In this technical process Google obtains knowledge of personal data, such as the IP address of the data subject, that allows Google among other things to reconstruct the origin of the visitors and clicks and in consequence to calculate commissions.

Information such as the time of access, the place from which a site was accessed and the frequency of visits to our internet site by the data subject are saved by means of cookies. For every visit to our internet sites these personal data, including the IP address of the data subject’s internet connection, are transmitted to Google in the United States of America. These personal data are saved by Google in the United States of America. Google could under certain circumstances transfer this data obtained by technical procedures to third parties.

The data subject may at any time prevent the setting of cookies by our internet site, as described above, by means of the corresponding settings of the internet browser used, and thus object lastingly to the use of cookies. Such a setting of the internet browser used will also prevent Google from setting a cookie in the information-technology system of the data subject. In addition a cookie already set by Google Analytics can be deleted by means of the internet browser or other software programs at any time.

Additionally the data subject has the possibility of objecting to the capture of the data generated by Google Analytics relating to the use of this internet site and to the processing of this data by Google and prevent it. For this purpose the data subject must download a browser add-on under the link Link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on communicates to Google by way of a Java script that no data and information on the visits to internet sites may be transmitted to Google Analytics. The installation of the browser add-on is assessed by Google as an objection. If the information-technology system of the data subject is deleted, formatted or reinstalled at a later point, the data subject must again install the browser add-on in order to deactivate Google Analytics. Insofar as the browser add-on is deinstalled or deactivated by the data subject or another person to be ascribed to their sphere of control, there is a possibility of reinstalling or reactivating the browser add-on.

Further information and the valid data protection provisions of Google can be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is described more precisely under this link: https://www.google.com/intl/de_de/analytics/.

4.3. Social media

4.3.1. Data protection provisions on the deployment and use of Facebook
The controller has integrated components of the company Facebook into this internet site. Facebook is a social network. A social network is a social meeting point operated on the internet, an online community that generally makes it possible for users to communicate with one another and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences or make it possible for the internet community to provide personal or business-related information. Facebook allows the users of its social network among other things to generate private profiles, upload photos and connect to one another by friend-requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of the processing of personal data is, if the data subject lives outside of the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

For every retrieval of one of the individual pages of this internet site that is operated by the processing controller and that has integrated a Facebook component (Facebook plug-in), the internet browser on the information-technology system of the data subject is automatically prompted by the particular Facebook component to download a representation of the particular Facebook component from Facebook. A total overview of all Facebook plug-ins can be retrieved under https://developers.facebook.com/docs/plugins/?locale=de_DE. Within this technical procedure Facebook obtains knowledge of which specific sub-site of our internet site was visited by the data subject.

Insofar as the data subject is simultaneously logged in to Facebook, Facebook recognizes, with every retrieval of our internet site by the data subject and during the entire duration of his or her visit to our internet site, which concrete sub-sites of our internet site the data subject is visiting. This information is collected by the Facebook components and correlated with the particular Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our internet site, for example the “like me” button, or if the data subject offers a comment, Facebook correlates this information to the personal Facebook user account of the data subject and saves this personal data.

Facebook always receives the information, by way of the Facebook components, that the data subject has visited our internet site if the data subject is logged in to Facebook at the time that he or she retrieves our internet site; this occurs regardless of whether or not the data subject clicks on the Facebook component. If such a transmission of this information to Facebook is not desired by the data subject, this transmission can be prevented by logging out of his or her Facebook account before retrieving our internet site.

The data guidelines published by Facebook, which can be retrieved under https://de-de.facebook.com/about/privacy/, provide information about the capture, processing and use of personal data by Facebook. Additionally these guidelines explain which Facebook settings are possible to protect the privacy of the data subject. Moreover different applications are available that make it possible to suppress any data transmission to Facebook, for example the Facebook-blocker provided by Webgraph, which can be procured under http://webgraph.com/resources/facebookblocker/. These applications can be used by the data subject to suppress a transmission of data to Facebook.

4.3.2. Data protection provisions on the deployment and use of Instagram
The processing controller has integrated components of the Instagram service into this internet site. Instagram is a service that can be described as an audio-visual platform and that allows users to share photos and videos and in addition allows the further dissemination of such data in other social networks.

The operating company of the Instagram service is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

For every retrieval of one of the individual pages of this internet site that is operated by the controller and that integrates an Instagram component (Insta-button) the internet browser of the data subject’s information-technology system is automatically prompted by the particular Instagram component to download a representation of that particular component from Instagram. Within this technical procedure Instagram obtains knowledge of which specific sub-sites of our internet site are visited by the data subject.

Insofar as the data subject is logged in to Instagram at the same time, Instagram recognizes, with every retrieval of our internet site by the data subject and for the entire duration of his or her visit to our internet site, which specific sub-sites the data subject visits. This information is collected by the Instagram components and correlated by Instagram with the Instagram account of the data subject. If the data subject clicks one of the Instagram buttons integrated into our internet site, the data and information thereby transmitted are correlated with the user account of the data subject and are saved and processed by Instagram.

Instagram always receives the information that the data subject has visited our internet site by means of the Instragram components if the data subject is logged in to Instagram when they retrieve our internet site; this occurs regardless of whether or not the data subject clicks on the Instagram components. If the data subject does not desire such a transmission of these data, he or she can prevent this transmission at any time by logging out of his or her Instagram account before retrieving our internet site.

Further information and the valid data protection provisions of Instagram can be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

4.3.3. Data protection provisions on the deployment and use of YouTube
The controller has integrated components of YouTube into this internet site. YouTube is an internet video portal that allows video publishers to present videos free of cost and other users to view them and assess and comment on them free of cost. YouTube permits the publication of all types of videos, so that complete film and television broadcasts as well as music videos, trailers and videos made by the users themselves can be retrieved at this internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For every retrieval of one of the individual pages of this internet site that is operated by the controller and that integrates a YouTube component (YouTube video), the internet browser of the data subject’s information-technology system is automatically prompted by the particular YouTube component to download a representation of the particular YouTube component from YouTube. Further information on YouTube can be retrieved under https://www.youtube.com/yt/about/de/. Within this technical procedure, YouTube and Google receive information about which specific sub-sites of our internet site are visited by the data subject.

Insofar as the data subject is logged in to YouTube at the same time, for every retrieval of sub-site containing a YouTube video YouTube recognizes which specific sub-site of our internet site the data subject is visiting. This information is collected by YouTube and Google and correlated with the particular YouTube account of the data subject.

YouTube and Google receive the information, from the YouTube components, that the data subject has visited our internet site if the data subject is logged in to YouTube at the time of the retrieval of our internet site; this occurs regardless of whether or not the data subject clicks on a YouTube video. If such a transmission of this information to YouTube and Google is not desired by the data subject, this transmission can be prevented by logging out of your YouTube account before retrieving our internet site.

The data protection provisions published by YouTube, which can be retrieved under https://www.google.de/intl/de/policies/privacy/, provide information on the capture, processing and use of personal data by YouTube and Google.