Data Privacy Policy of AXICA Kongress- und Tagungszentrum Pariser Platz 3 GmbH
We thank you for visiting our website and your interest in our company. Protecting your personal data is of the utmost importance to us. When processing your personal data, such as your name, address, email address or phone number we strictly comply with the existing European and national legislation.
Below AXICA Kongress- und Tagungszentrum Pariser Platz 3 GmbH (hereafter: „AXICA“) will inform the public about the nature, scope and purpose of personal data processed by us. We will also inform you about your rights in this Data Privacy Notice.
I. CONTROLLER’S NAME AND ADDRESS
The controller in the sense of the EU General Data Protection Regulation and the Federal Data Protection Act of 25 May 2018 is:
AXICA Kongress- und Tagungszentrum Pariser Platz 3 GmbH
Pariser Platz 3
10117 Berlin
Phone number: +49 30 200086–0
Fax number: +49 30 200086–701
Website: www.axica.de
Email: datenschutz@axica.de
The managing director of AXICA Kongress- und Tagungszentrum Pariser Platz 3 GmbH is
Marc-Alexander Mundstock.
II. NAME AND ADDRESS OF OUR DATA PROTECTION OFFICER
AXICA’s Data Protection Officer:
SHIELD GmbH
Martin Vogel
Ohlrattweg 5
25497 Prisdorf
Phone number: +49 4101 80 50–600
E‑Mail: info@shield-datenschutz.de
III. VISITING OUR WEBSITE
1. Scope of the processing of personal data
Each time our website www.axica.de is accessed, AXICA collects certain general data and information from the system of the requesting computer. The following data is recorded:
- internet browser types and versions used
- operating system used by the accessing system
- the website from which the accessing system arrived at our website (called referrer)
- the sub-pages from which our website is accessed by a requesting system
- the date and time of access to the website
- an internet protocol address (IP address)
- the internet service provider of the requesting system
- other similar data and information which may be needed to address safety and security needs in the case of attacks on our IT systems.
This general information is then stored in the server log files. The data in the server log files is kept separately from any personal data provided by a data subject.
2. Legal basis
The legal foundation for temporarily storing the data in the log files is Art. 6 Para. 1 lit. f GDPR.
3. Purpose of data processing
AXICA has an interest in making available our website, keeping it functional and optimising it to meet our visitors‘ interests.
The processing of the data mentioned above is necessary to ensure that our website content is correctly delivered when our website is accessed, to optimise the website content and tailor advertising to our website, and to ensure the continued functioning of our IT systems and internet technology. The data is also stored for the purpose of providing the information required for the prosecution of criminal offences to the criminal investigation authorities in the case of a cyber attack.
4. Length of data storage
AXICA will principally store personal data collected during a visit to the website only for the time needed for achieving the purpose for which the data were stored.
The purpose has been achieved when the session ends and the data have been analysed for the purpose of optimising the website and ensuring the safety and security of our IT systems. The data stored in the log files will be erased after seven days. The data may be stored for further extended periods. In this case your IP addresses will be deleted.
5. Opt-out and erasure option
You have no possibility to object to the data being collected for the purpose of making the website available and being store in log files, as this is absolutely necessary for operating the website.
IV. USE OF COOKIES
1. Description and scope of data processing
In order to make our online presence user-friendly and tailor it to the needs of our website visitors, we use cookies. Cookies are small text files which are sent from a web server to your internet browser each time you access our website and are stored locally on the end device of the website user (PC, notebook, tablet, smart phone etc.). Most cookies contain what is referred to as a cookie ID. A Cookie ID is a unique cookie identifier. It is made up of a string of characters which allows websites and servers to identify the internet browser where the cookie was saved.
2. Legal basis
The legal basis for the processing of personal data while using cookies is Art. 6 Para. 1 lit. a GDPR, § 25 Para. 1 TTDSG and Art. 6 Para. 1 lit. f GDPR.
3. Purpose of data processing
AXICA has an interest in making its website user-friendly. Using cookies with a cookie ID allows the accessed websites and servers to distinguish the individual browser from any other internet browsers which contain different cookies. A certain internet browser can be recognised and identified through the unique cookie ID. This information allows the end device to be automatically recognised, if the website is revisited with the same end device and makes navigation easier for the user.
4. Length of data storage, opt-out and erasure option
Cookies are stored on your computer which transmits them to our website. You have control over the use of cookies: You can consent to or reject cookies via our cookie consent banner when you enter the website, but also beforehand via the settings of your web browser. You can configure your internet browser so that acceptance of cookies is generally blocked or that you are alerted if a cookie is to be saved. In this case the website functioning may however be affected (for example for online orders). The internet browser also has a function which allows you to delete browser cookies (for instance via „Clear all browser data“). This is possible in all standard internet browsers. More information can be found in the user instructions and/or settings section of your internet browser.
V. NEWSLETTER
1. Description and scope of data processing
If you would like to receive the newsletter offered on the website, we need an e‑mail address from you as well as information that allows us to verify that you are the owner of the e‑mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use these data exclusively for sending the requested information and for the purpose of statistical analysis of the newsletter campaigns.
By opening a sent e‑mail, a file contained in the e‑mail (so-called „web-beacon“) connects to our servers. This allows us to determine whether a newsletter message has been opened and how many links have been clicked on. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not agree with these analyses, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
2. Legal basis
If you sign up for the newsletter on our website, we will ask for your consent during registration. The legal basis for the processing of the data in this case is Art. 6 Para. 1 lit. a GDPR.
If the newsletter is sent out after a previous contract performance, the legal basis is Section 7 Para. 3 UWG (German Law against Unfair Competition). In this case the mailing would also be authorised by Art. 6 Para. 1 lit. f GDPR in conjunction with Recital 47 S. 7 GDPR.
3. Purpose of data processing
AXICA has an interest in making you offers for other events and thus generating additional business. Your email address may be collected and stored for the purpose of sending you the newsletter.
4. Length of data storage
AXICA will store your personal data solely for the time period necessary for achieving the purpose for which the data is held. This means your email address will be stored for as long as the newsletter subscription is still active.
Users who have subscribed to the newsletter can withdraw their consent given for this use of their email address at any time. Each newsletter contains a link for such a withdrawal. AXICA would like to point out that the withdrawal of consent will only take effect prospectively. Any data processing performed up to the time of the withdrawal will still remain lawful.
If you receive the newsletter as a result of the performance of a contract, you can still unsubscribe from the newsletter at any time by clicking the corresponding link in each newsletter.
VI. REGISTRATION
1. Description and scope of data processing
AXICA offers you the opportunity to participate in various events. On our website you can register for an event, show your interest and create an account for a chosen event by providing your personal data. The contact information is entered via an input form and transmitted to and stored by AXICA. The personal data submitted by you are recorded and stored solely for internal use and purposes. During registration, we will also record the IP address assigned by your internet service provider and also the date and time of the registration. This data will not be disclosed to any third parties, unless we are required to do so by law or such disclosure serves the purpose of investigating or prosecuting criminal offences.
2. Legal basis
If registration is for precontractual measures, the legal basis for the processing of the data is Art. 6 Para. 1 lit. b GDPR.
3. Purpose of data processing
A registration with voluntary submission of personal data serves the purpose of offering you content or services which by their very nature can only be offered to registered users. The purpose of data processing are inquiries about events, customer’s own events, media and press requests and newsletters.
The IP address, date and time are gathered as this is the only way to prevent misuse of the offered services, and if needed these data would assist in solving any criminal offences or copyright infringements. It is therefore necessary to retain such data for the safeguarding and protection of the data controller responsible for data processing.
4. Length of data storage
AXICA will store your personal data solely for the time period necessary for achieving the purpose for which the data is held. The data will be erased if the registration is cancelled or if the data is no longer necessary for executing the contract. Even after the contract has been concluded, it may be necessary to retain the contractual partner’s personal data to be able to comply with contractual or legal obligations.
5. Opt-out and erasure option
You can demand that the personal data submitted with the registration be completely erased from our databases. The account can be deleted as follows:
AXICA will delete any personal data collected through submission of the registration immediately after staging the event.
VII. CONTACTING US
Irrespective of whether the entering into communication described below could be considered data collection in the sense of the law or not, as a precaution we would like to inform you about how we treat your personal data when you contact us.
1. Description and scope of data processing
Personal data is also processed by AXICA if you voluntarily submit it. This is the case, for instance, every time when you contact AXICA through the provided email address or by calling us. In this case the transmitted personal data, such as your email address or phone number, will be collected. Of course, any personal data submitted this way will only be used for the purpose for which you made it available when contacting us.
2. Legal basis
This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR), provided that the enquiry was made.
3. Purpose of data processing
The data will be processed solely for the purpose of processing your communication.
4. Length of data storage
AXICA will store your personal data solely for the time period necessary for achieving the purpose for which the data is held. The personal data which AXICA has received through your contacting us will be stored until it becomes apparent from the circumstances that the matter which led you to contacting us has been finally resolved.
5. Opt-out and erasure option
You can object to the storage and processing of your personal data at any time. If you do, we cannot continue the communication. In this case all personal data will be erased.
VIII. LINKS TO OTHER WEBSITES
The www.axica.de website provides links to other websites (also referred to as external links).
As a provider of its own proprietary content AXICA is responsible in accordance with the applicable European and national laws and regulations. These proprietary contents must be distinguished from the links to content provided by other providers. AXICA has no control over whether the operators of other websites comply with the applicable European and national laws and regulations or not. In this regard you have to inform yourself about the data privacy policies on the relevant websites.
IX. APPLICANTS
1. Description and scope of data processing
AXICA collects and processes the personal data submitted by applicants. The processing can also be performed electronically. This is in particular the case if the applicant sends the application to AXICA by electronic means, such as email.
2. Legal basis
The legal basis for the collection of applicants‘ information is Art. 6 Para. 1 lit. b GDPR.
3. Purpose of data processing
The collection of personal data is necessary for the decision as to whether to enter into an employment contract.
4. Length of data storage
AXICA will store your personal data solely for the time period necessary for achieving the purpose for which the data is held.
If no employment contract is concluded with the applicant, the application documents will be automatically erased after informing the applicant about the rejection, unless such erasure conflicts with AXICA’s other legitimate interests. Such a legitimate interest could be the obligation to furnish proof pursuant to the Allgemeine Gleichbehandlungsgesetz (AGG) (German General Equality of Treatment Act).
5. Opt-out and erasure option
The collection of the data is necessary for carrying out the application procedure. Applicants can object to the processing of their data at any time. If they do, it should be noted that completion of the application procedure may not be possible.
X. DATA SUBJECTS‘ RIGHTS
If personal data is processed, the affected individual is referred to as a data subject within the meaning of the GDPR. A data subject has the following rights against the Controller.
1. Right to obtain confirmation:
Every data subject has the right to obtain from the controller responsible for the processing confirmation as to whether or not personal data concerning him or her is being processed. If an individual concerned wishes to exercise his or her right to obtain confirmation, such individual can do so at any time by contacting the controller responsible for the processing.
2. Right of access:
Every data subject impacted by the processing of his or her personal data has the right to be informed free of charge by the controller responsible for processing as to which personal data concerning him or her has been stored and to receive a copy of such information. Data subjects can demand access to the following information:
- the processing purposes
- the categories of personal data to be processed
- the receiver or categories of receivers to whom the personal data was or is to be disclosed, in particular if such receiver is located in third countries or is an international organisation
- if possible the planned length of storage for which the personal data will be held or, should this not be possible, the criteria for the definition of such time period
- information about the rights of having the personal data relating to him or her corrected or erased or the right to restrictions on processing by the controller or the right to object to such processing
- information about the right to complain to the authorities
- all available information about the origin of the data, if the personal data were not collected directly from the data subject,
- information about the existence of an automated decision-making process, including profiling pursuant to Art. 22 Paras. 1 and 4 GDPR and — at least in these cases — meaningful information about the logic involved as well as the implications and the intended effects of such procedures on the data subject.
In addition, the data subject is entitled to be informed as to whether personal data were transmitted to a third country or an international organisation. Should this be case, the data subject also has the right to be informed of all suitable guarantees relating to this transmission.
If a data subject wishes to exercise this right of access, he or she can do so at any time by contacting the controller responsible for data processing.
3. Right to rectification:
Every data subject impacted by the processing of personal data has the right to demand that any incorrect personal data concerning him or her be rectified without undue delay. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed — including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she can do so at any time by contacting the controller responsible for processing.
4. Right to erasure (Right to be forgotten):
Every data subject impacted by the processing of personal data has the right to obtain from the controller the erasure of the personal data concerning him or her without undue delay, where one of the following grounds apply and to the extent that the processing is not necessary:
The personal data is no longer necessary to implement the purposes for which they were collected or otherwise processed.
The data subject has withdrawn his or her consent on which the processing was based in accordance with Art. 6 Para. 1 lit a GDPR or Art. 9 Para. 2 lit a GDPR, and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Art. 21 Para. 1 GDPR, and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 Para. 2 GDPR.
The personal data have been unlawfully processed.
The personal data must be erased for compliance with a legal requirement under Union or Member State law, to which the controller is subject.
The personal data have been collected in connection with an offer of information society services pursuant to Art. 8 Para. 1 GDPR.
If any of the reasons mentioned above applies and a data subject wishes to obtain the erasure of personal data held by AXICA, they can do so at any time by contacting the controller responsible for processing. In this case, the data subject’s request for erasure will be met immediately.
Where the personal data were made public by AXICA and where our company as the controller is obliged pursuant to Art. 17 Para. 1 GDPR to erase the personal data, AXICA, taking into account available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers responsible for the data processing who have processed the published personal data that the individual concerned has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, insofar as the processing is not required. The controller responsible for the processing will then take the appropriate steps in the individual case.
5. Right to restriction of processing:
Every data subject impacted by the processing of personal data has the right to obtain from the controller restriction of processing, where one of the following conditions apply:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject has rejected the erasure of the personal data and demands restriction of their use instead.
The controller no longer needs the personal data for the purposes of processing, but they are still needed by the data subject for establishing, exercising or defending his or her legal claims.
The data subject has objected to the processing pursuant to Art. 21 Para. 1 GDPR, and it has not yet been verified whether the legitimate grounds of the controller override those of the data subject.
Where any of the conditions mentioned above are present and the data subject wishes to obtain restriction of the personal data held by AXICA, they can do so at any time by contacting the controller responsible for the processing. In this case the restriction of processing will be implemented immediately.
6. Right to data portability:
Every data subject impacted by the processing of personal data has the right to be given the personal data concerning him or her, which such individual provided to a controller, in a structured, commonly used and machine-readable format. A data subject also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent given pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit b GDPR; and the processing is carried out by automatic means, and insofar as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on the controller.
In exercising his or her right to data portability, the data subject has the right pursuant to Art. 20 Para. 1 GDPR to have the personal data transmitted directly from one controller to another, where technically feasible and if this does not adversely affect the rights and freedoms of others.
Where the data subject wishes to exercise the right to portability, he or she can do so at any time by contacting the controller responsible for data processing.
7. Right to object:
Every data subject impacted by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is performed based on Art. 6 Para. 1 lit e or lit. f GDPR. The also applies to profiling based on these legal provisions.
AXICA will no longer process the personal data in the case of an objection, unless AXICA can provide compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves the purpose of establishing, exercising or defending legal claims.
Where AXICA processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. The same shall apply to profiling to the extent that it is related to such direct marketing. Where the data subject objects to the processing for direct marketing purposes vis-à-vis AXICA, AXICA will stop processing the personal data for such purposes.
The data subject also has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, performed by AXICA for scientific or historical research purposes or statistical purposes pursuant to Art. 89 Para. 1 GDPR, unless the processing is necessary for performing a task carried out for reasons of public interest.
Where a data subject wishes to exercise his or her right to object, such person can do so by directly contacting the controller responsible for processing. Furthermore, the data subject may exercise his or her right to object by automated means using technical specifications in the context of the use of information society services, and notwithstanding Directive 2002/58/EC.
8. Automated individual decision-making, including profiling:
Every data subject impacted by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects such person in a similar way – unless such decision:
- is necessary for concluding or fulfilling a contract between the data subject and the controller or
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
- is based on the data subject’s explicit consent.
If the decision is necessary for concluding or fulfilling a contract made between the data subject and AXICA or if it is based on the data subject’s explicit consent, AXICA will implement suitable measures to safeguard the rights and freedoms and the legitimate interests of the data subject; including at least the right to obtain human intervention on the controller’s part, to express the data subject’s own point of view and to contest the decision.
If the data subject wishes to exercise his or her rights in relation to automated decisions, he or she can do so at any time by contacting the controller responsible for data processing.
9. Right to withdraw consent for data processing:
Every data subject impacted by the processing of personal data is entitled to withdraw his or her consent to the processing of personal data at any time. The consent should be withdrawn in the same manner as it was given.
The withdrawal of consent shall take effect solely for the future. Any data processing performed up to the time of the withdrawal will still remain lawful.
XI. COMPLAINTS TO SUPERVISORY AUTHORITY
Without any prejudice to any other administrative or judicial remedy you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you think that the processing of personal data relating to you infringes the GDPR.
The supervisory authority where the complaint was lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
A list of the state data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html (in German)
The data protection supervisory authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin
Phone: +49 30 138 89–0
Email: mailbox@datenschutz-berlin.de
XII. GOOGLE ANALYTICS
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“), to analyse the use of websites.
When using Google Analytics 4, so-called „cookies“ are used as standard. Cookies are text files that are stored on your terminal device and enable an analysis of your use of a website. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last few digits, see below) is usually transmitted to a Google server and stored and processed there.
This may also result in the transmission of information to the servers of Google LLC, a company based in the USA, where the information is further processed.
When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always collected and processed automatically and by default only in an anonymised manner, so that the information collected cannot be directly related to a person. This automatic anonymisation is carried out by Google shortening the IP address transmitted by your terminal device within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA) by the last digits.
Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activities and usage behaviour and to provide us with other services related to your website usage and internet usage. In this context, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be stored for 2 months and then deleted.
Google Analytics 4 also enables the creation of statistics with statements about age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the inclusion of third-party information via a special function, the so-called „demographic characteristics“. This makes it possible to determine and distinguish user groups of the website for the purpose of targeting marketing measures. However, data collected via the „demographic characteristics“ cannot be assigned to a specific person and thus also not to you personally. This data collected via the „demographic characteristics“ function is kept for two months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the end device used by you for the use of the website, will only take place if you have given us your explicit consent for this in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the „Cookie Consent Tool“ provided on the website.
We have concluded a so-called Data Processing Agreement („DPA“) with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.
To ensure compliance with the European level of data protection, also in the event of any transfer of data from the EU or EEA to the USA and possible further processing there, Google refers to the so-called Standard Data Protection Clauses of the European Commission, which we have contractually agreed with Google.
Further legal information on Google Analytics 4, including a copy of the aforementioned Standard Data Protection Clauses, can be found at:
https://policies.google.com/privacy and at
https://policies.google.com/technologies/partner-sites
XIII. GOOGLE TAG MANAGER
We use the Google Tag Manager on our website. „Google“ is a group of companies and consists of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC.
The Google Tag Manager is an auxiliary service and only processes personal data itself for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
The legal basis for the use of this service is your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG.
For more information on Google Tag Manager and Google’s privacy policy, please see the following link: https://policies.google.com/privacy
XIV. CALENDLY
This website uses the planning and organisation tool „Calendly“ of the provider Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA (hereinafter referred to as „Calendly“).
Calendly also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of the processing.
As a basis for data processing at the recipient located in third countries (outside the European Union, Iceland, Liechtenstein, Norway and especially in the USA) or a data transfer there, Calendly uses Standard Contract Clauses approved by the EU Commission in accordance with Art. 46 Para. 2 and 3 GDPR. These clauses oblige Calendly to comply with the EU level of data protection when processing relevant data outside the EU.
The legal basis for the use of Calendly is our legitimate interest according to Art. 6 Para. 1 lit. f GDPR to enable a simple and user-friendly planning and organisation tool.
If the processing of personal data by Calendly is necessary for the implementation of contractual or pre-contractual measures, a further legal basis also arises from Art. 6 Para. 1 lit. b GDPR.
For more information on data protection at Calendly, please see their privacy policy at https://calendly.com/privacy
XV. FRIENDLY CAPTCHA
On our website we use the service „Friendly Captcha“ of Friendly Captcha GmbH, Am Anger 3–5, 82237 Woerthsee (hereinafter referred to as „Friendly Captcha“).
The service is used to prevent automated and abusive requests by so-called „bots“. As part of this process, your IP address is captured by Friendly Captcha in order to send a cryptographic task to your terminal device. This task is solved in the background and once solved, a confirmation is sent by Friendly Captcha to the server that this is a natural person. Friendly Captcha processes and stores the following data in the above process:
- Anonymized IP address of the requesting computer.
- Information about the used browser, as well as operating system
- Anonymized counter per IP address to control the cryptographic tasks
- Website from which the access has taken place (so-called referrer URL)
- The data is used for protection against bots.
The legal basis for the use and processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. Our aim is to prevent abusive access or spam attacks by bots.
If personal data is processed when Friendly Captcha is used, it is deleted after 30 days.
For more information on data protection at Friendly Captcha, please see their privacy policy at https://friendlycaptcha.com/de/privacy.
XVI. SOCIAL MEDIA PRESENCES
Data processing through social networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
1. Legal basis
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 Para 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
2. Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
1. Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as „Facebook“). According to Facebook, the collected data is also transferred to the USA and other third countries.
We have concluded a joint processing agreement (Controller Addendum) with Facebook.
This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads
For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on their handling of your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=en
Instagram
We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
XVII. CHANGES TO THIS DATA PROTECTION POLICY
AXICA reserves the right to change its data protection practices and this policy in order to adapt data to any changes to relevant laws and/or regulations or to better meet the needs. Any changes to data privacy practices will be published on this page. Therefore, the version date of the data privacy notice should be heeded.
Berlin, January 2023