Data Protection Declaration pursuant to GDPR

 

The website www.cn-bc.org is operated by the IDZ | Internationales Design Zentrum Berlin e.V. and Sqetch by Sourcebook GmbH. We take the protection of personal data very seriously. In the following, we describe which data we collect, process and store within the scope of our website, when and for what purposes. This is to explain to you how our services offered via the website work and how the protection of your personal data is ensured in the process. The processing and use of your data always takes place in compliance with the relevant German and European data protection laws.

I ) Name and address of the controller

 

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

 

IDZ | Internationales Design Zentrum Berlin e.V.

Hagelberger Straße 52, 10965 Berlin

Board of Directors: Prof. Karsten Henze, Prof. Pelin Celik

Charlottenburg Local Court 

Registration number: VR 4034 B

Phone: 49 (0)30 61 62 321-0

Fax: +49 (0)30 61 62 321-19

idz@idz.de

www.idz.de

 

Sqetch by Sourcebook GmbH

Skalitzer Str. 97, 10997 Berlin

Management: Marte Hentschel  

Charlottenburg Local Court 

Registration number: HRB 169897 B

Phone: 030 403679179

Email: support@sqetch.co

www.sqetch.co

 

If you have any questions about the processing of your personal data, or about your data protection rights, please contact IDZ at idz@idz.de or Christin Jachow christin@sqetch.co 

II ) General information on data processing

Scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users generally takes place only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations. 

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the prior-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

Cooperation with processors and third parties

If, in the course of our processing, we transfer data to other persons and companies (commissioned processors or third parties) or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required pursuant to Art. 6 (1) (b) GDPR), you have consented, a legal obligation provides for this, for the processing of contractual relationships with you, or we have a legitimate interest in the transfer of data (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.

Data security

We use the widespread SSL (Secure Socket Layer) procedure on the website in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the display of the locked key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

Company profiles in social media

We operate company profiles within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply. 

Unless otherwise stated in our Data Protection Declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

III ) Provision of the website and creation of log files

When you visit our website www.cn-bc.org information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file.

The following information is collected without your intervention and stored until automated deletion:

• Information about the browser type and version used
• The operating system of the user
• The user’s internet service provider
• The IP address of the user
• Date and time of access
• Websites from which the user’s system accesses our website
• Websites that are accessed by the user’s system via our website
• Protocol (GET or POST)
• Status code (200 or 500)

The above data will be processed by us for the following purposes:

• Ensuring smooth connection of the website,
• Ensuring comfortable use of our website,
• Evaluation of system security and stability, and
• Other administrative purposes.

The legal basis for data processing is Art. 6 (1) (f) GDPR. There is a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your terminal device. For the latter, the processing of your IP address in particular is necessary. In no case do we use the collected data for the purpose of drawing conclusions about your person. In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations on this under points V and XI of this Data Protection Declaration.

IV ) Use of cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again. 

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see section XI). These cookies enable us to automatically recognise that you have already visited us when you visit our site again. These cookies are automatically deleted after a defined period of time. When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this Data Protection Declaration. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.

Insofar as cookies are technically necessary, our legitimate interest in data processing lies in the aforementioned purposes. The legal basis in these cases is Art. 6 (1) (f) GDPR. 

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

V ) User account

You can register on our website and create a user account. You provide personal information voluntarily as part of the registration process, for example when using the services offered on our website. This personal information may include:

• First and last name
• Address
• Email address
• Company
• Company description 
• Company Type & Services
• Project Activity Interest
• Matchmaking Interest

The data entered as part of the registration process is used for the purposes of using the content and services provided via our website. The legal basis for the processing is Art. 6 (1) (b) GDPR. Insofar as we use data for a purpose that requires your consent in accordance with the statutory provisions, we will ask you for your express consent in each case. You can revoke your consent once given and/or object to future uses of your data at any time.

Within the scope of the use of our registration and login functions as well as the use of our website by registered users, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as in the interest of the users in protection against misuse and other unauthorised use of their user data. As a rule, this data is not passed on to third parties unless it is necessary for the processing of contractual relationships and for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 (1) (c) GDPR. The IP addresses are anonymised or deleted after 24h  at the latest.

If the registration or login on our website takes place via single sign-in service with a social media account (e.g. LinkedIn, Google), we initially only collect the data required for the registration or login (name, email address and location). Other data and information transmitted to us depend on the data protection settings made on the respective social media platforms used by the user. Further information on data protection on the respective platforms can be found in the data protection declarations or privacy policies of the respective social media service.

Furthermore, we can recognise you as the same user on different devices if the registration or login is done with a single sign-in service. 

VI ) Email contact

Contacting us is possible via the provided email address idz@idz.de or christin@sqetch.co. In this case, the user’s personal data transmitted with the email will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation. We process the data you provide in the contact form in order to answer your enquiry. The legal basis for the data processing described is Art. 6 (1) (b) GDPR. The data collected when using the contact form will be automatically deleted after your request has been fully processed, unless we still need your request to fulfil contractual or legal obligations.

 

VII ) Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information

Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

Right to rectification

Pursuant to Art. 16 GDPR, you may immediately request the correction of inaccurate or incomplete personal data stored by us.

Right to erasure

Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

Right to restriction of processing

Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

Right to data portability

Pursuant to Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, common and machine-readable format or request that it be transferred to another controller.

Right to revocation

In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Right to object

Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your data pursuant to Art. 21 GDPR and to provide us with reasons that arise from your particular situation and that you believe outweigh your interests worthy of protection. If you object to the processing of data for direct marketing purposes, you have a general right to object, which we will also implement without you being required to give reasons. If you wish to make use of your right to revocation or objection, it is sufficient to send an informal message to our data protection officer.

Right to lodge a complaint

Pursuant to Art. 77 GDPR, you have a right to complain to a supervisory authority if you believe that the processing of personal data concerning you violates data protection regulations. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. The supervisory authority with which the complaint has been lodged shall inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

The competent supervisory authority for us is:

Berlin Commissioner for Data Protection and Freedom of Information
Maja Smoltczyk
Friedrichstr. 219
10969 Berlin

Phone: +49 (0)30 13889-0
Fax: +49 (0)30 2155050

Email: mailbox@datenschutz-berlin.de

VIII ) Updating of the Data Protection Declaration

This Data Protection Declaration is currently valid and has the status February 2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this Data Protection Declaration. You can access and print out the current Data Protection Declaration at any time on our website at https://www.cn-bc.org/privacy-policy-toc/.