Data Protection Declaration pursuant to GDPR
The website www.cn-bc.org is operated by the IDZ | Internationales Design Zentrum Berlin e.V. and Sqetch by Sourcebook GmbH. We take the protection of personal data very seriously. In the following, we describe which data we collect, process and store within the scope of our website, when and for what purposes. This is to explain to you how our services offered via the website work and how the protection of your personal data is ensured in the process. The processing and use of your data always takes place in compliance with the relevant German and European data protection laws.
I ) Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
IDZ | Internationales Design Zentrum Berlin e.V.
Hagelberger Straße 52, 10965 Berlin
Board of Directors: Prof. Karsten Henze, Prof. Pelin Celik
Charlottenburg Local Court
Registration number: VR 4034 B
Phone: 49 (0)30 61 62 321-0
Fax: +49 (0)30 61 62 321-19
Sqetch by Sourcebook GmbH
Skalitzer Str. 97, 10997 Berlin
Management: Marte Hentschel
Charlottenburg Local Court
Registration number: HRB 169897 B
Phone: 030 403679179
If you have any questions about the processing of your personal data, or about your data protection rights, please contact Magdalena Jaster at firstname.lastname@example.org or Christin Jachow email@example.com
II ) General information on data processing
Scope of the processing of personal data
As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users generally takes place only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the prior-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
Cooperation with processors and third parties
If, in the course of our processing, we transfer data to other persons and companies (commissioned processors or third parties) or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required pursuant to Art. 6 (1) (b) GDPR), you have consented, a legal obligation provides for this, for the processing of contractual relationships with you, or we have a legitimate interest in the transfer of data (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.
We use the widespread SSL (Secure Socket Layer) procedure on the website in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the display of the locked key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Company profiles in social media
We operate company profiles within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in our Data Protection Declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
III ) Provision of the website and creation of log files
When you visit our website www.cn-bc.org information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file.
The following information is collected without your intervention and stored until automated deletion:
- Information about the browser type and version used
- The operating system of the user
- The user’s internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites that are accessed by the user’s system via our website
- Protocol (GET or POST)
- Status code (200 or 500)
The above data will be processed by us for the following purposes:
- Ensuring smooth connection of the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability, and
- Other administrative purposes.
Insofar as cookies are technically necessary, our legitimate interest in data processing lies in the aforementioned purposes. The legal basis in these cases is Art. 6 (1) (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
V ) User account
You can register on our website and create a user account. You provide personal information voluntarily as part of the registration process, for example when using the services offered on our website. This personal information may include:
- First and last name
- Email address
- Company description
- Company Type & Services
- Project Activity Interest
- Matchmaking Interest
The data entered as part of the registration process is used for the purposes of using the content and services provided via our website. The legal basis for the processing is Art. 6 (1) (b) GDPR. Insofar as we use data for a purpose that requires your consent in accordance with the statutory provisions, we will ask you for your express consent in each case. You can revoke your consent once given and/or object to future uses of your data at any time.
Within the scope of the use of our registration and login functions as well as the use of our website by registered users, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as in the interest of the users in protection against misuse and other unauthorised use of their user data. As a rule, this data is not passed on to third parties unless it is necessary for the processing of contractual relationships and for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 (1) (c) GDPR. The IP addresses are anonymised or deleted after 24h at the latest.
If the registration or login on our website takes place via single sign-in service with a social media account (e.g. LinkedIn, Google), we initially only collect the data required for the registration or login (name, email address and location). Other data and information transmitted to us depend on the data protection settings made on the respective social media platforms used by the user. Further information on data protection on the respective platforms can be found in the data protection declarations or privacy policies of the respective social media service.
Furthermore, we can recognise you as the same user on different devices if the registration or login is done with a single sign-in service.
VI ) Email contact
Contacting us is possible via the provided email address firstname.lastname@example.org or email@example.com. In this case, the user’s personal data transmitted with the email will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation. We process the data you provide in the contact form in order to answer your enquiry. The legal basis for the data processing described is Art. 6 (1) (b) GDPR. The data collected when using the contact form will be automatically deleted after your request has been fully processed, unless we still need your request to fulfil contractual or legal obligations.
VII ) Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right to information
Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
Right to rectification
Pursuant to Art. 16 GDPR, you may immediately request the correction of inaccurate or incomplete personal data stored by us.
Right to erasure
Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
Right to restriction of processing
Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
Right to data portability
Pursuant to Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, common and machine-readable format or request that it be transferred to another controller.
Right to revocation
In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
Right to object
Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your data pursuant to Art. 21 GDPR and to provide us with reasons that arise from your particular situation and that you believe outweigh your interests worthy of protection. If you object to the processing of data for direct marketing purposes, you have a general right to object, which we will also implement without you being required to give reasons. If you wish to make use of your right to revocation or objection, it is sufficient to send an informal message to our data protection officer.
Right to lodge a complaint
Pursuant to Art. 77 GDPR, you have a right to complain to a supervisory authority if you believe that the processing of personal data concerning you violates data protection regulations. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. The supervisory authority with which the complaint has been lodged shall inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
The competent supervisory authority for us is:
Berlin Commissioner for Data Protection and Freedom of Information
Phone: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
VIII ) Updating of the Data Protection Declaration
This Data Protection Declaration is currently valid and has the status February 2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this Data Protection Declaration. You can access and print out the current Data Protection Declaration at any time on our website at https://www.cn-bc.org/privacy-policy-toc/.