§1 Information on the collection of personal data
- The following covers our policy on collecting personal data when you visit our website. The term “personal data” refers to any data that can be used as a reference to you as a person, such as your name, address, e-mail addresses, or user behaviour.
- The controller applicable to this website and service according to EU General Data Protection Regulation (GDPR) Art. 4 para. 7 is Business Metropole Ruhr GmbH (BMR), Kronprinzenstr. 30, 45128 Essen, Germany; Tel. +49 201 6324880; e-mail: firstname.lastname@example.org (see our copyright and legal statements). Our Privacy Officer can be reached here: Aulinger Datenschutz & Consulting GmbH, Dr. Ralf Heine, Frankenstraße 348, 45133 Essen; Tel.: +49 201 9598662, E-mail: email@example.com
- By sending us an enquiry using the contact form, your data from the form including any contact data you have provided will be stored for processing your enquiry, and kept on store in case we need to contact you again. We will not pass on this data without your consent.
We will only process the data you have entered in the contact form on your consent according to GDPR Art. 6.1 (a). You may withdraw this consent at any time. All you need to do is send us an informal request by e-mail. Remember that the legitimacy of any data processing activities that have taken place before your revocation will remain intact.
We will keep the data from the contact form on file until you request their deletion or withdraw your consent to have the data stored, or until the purpose for storing the data has ceased to apply, such as after we have dealt with your enquiry. Mandatory legal provisions, especially retention periods, shall remain unaffected.
- Your enquiry, including all resulting personal data (name, enquiry) will be stored and processed for handling your request if you contact us by e-mail, telephone or fax. We will not pass on this data without your consent.
Your data will be processed according to GDPR Art. 6.1 (b) if your enquiry involves fulfilment of a contract or is necessary in fulfilling pre-contractual measures. In all other cases, your data will be processed on your consent according to GDPR Art. 6.1 (a) and/or our legitimate interest according to GDPR Art. 6.1 (f), as we have a legitimate interest in the effective handling of enquiries addressed to us.
We will keep the data sent to us from contact enquiries until you request their deletion or withdraw your consent to have the data stored, or until the purpose for storing the data has ceased to apply, such as after we have dealt with your enquiry. Mandatory legal provisions, especially statutory retention periods, shall remain unaffected.
- You may register on our website to benefit from additional features on the website. We will only use the data entered in order to provide you with the specific offering or service you have registered for. The mandatory information requested during registration must be given in full for you to be able to register.
We will use the e-mail address specified during registration to inform you on any important changes such as in our range of services or necessary technical changes.
We will therefore process the data you have entered on registration as based on your consent according to GDPR Art. 6.1 (a). You may at any time withdraw any consent you have previously given. All you need to do is send us an informal request by e-mail. Your revocation will not affect the legitimacy of any data processing that has already taken place.
We will store data collected during registration as long as you are registered on our website, and delete the data after that. Statutory retention periods remain unaffected.
- We will only collect, process and use personal data as necessary for establishing, developing or altering a contractual relationship (inventory data). Your data will be processed according to GDPR Art. 6.1 (b), which allows the data to be processed in the course of contract preparation or fulfilment. We will only collect, process and use personal data on the use of our website (user data) as necessary to enable users to benefit from our services or for billing purposes.
We will delete your customer data that we have collected after fulfilling your order or the end of our business relationship. Statutory retention periods remain unaffected.
- We will inform you in detail on the respective procedures as described below if we need to involve authorised service providers for individual features of our service or would like to use your data for advertising purposes. We will also state the predefined criteria applicable to storage periods.
§2 Personal data collected on visiting our website
- We will only collect personal data that your browser sends to our server if you visit our website without logging in or transmitting any other information to us. We will collect the following data from your visit to our website as technically necessary for us to display our website and ensure stability and security according to GDPR Art. 6.1 (f): IP address; date and time of the request; time zone difference from Greenwich Mean Time (GMT); request content (actual page visited); access status or HTTP status code; data amount transmitted; referring website that sent the request; browser; operating system, user interface and language, and browser software version.
- Cookies will be stored on your device in addition to the above data transmission. Cookies are small text files stored on your hard drive and assigned to the browser you are using. This provides the party storing the cookie (in this case, us) certain information. Cookies cannot execute programs or infect your device with viruses; their purpose is to improve usability for visitors to our website according to GDPR Art. 6.1 (f).
a) This website uses various cookie types with the scope and function of transient cookies referred to in b) and persistent cookies referred to in c).
b) Transient cookies are automatically deleted when you close your browser. This especially includes session cookies, which store the session ID that various requests from your browser are assigned to in your browsing session. Their purpose is to allow your device to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a certain period depending on the cookie. You may delete the cookies at any time in your browser security or privacy settings.
d) You may also configure your browser according to your wishes and refuse third-party cookies or all cookies; however, this may prevent you from using all the features on this website.
- You may subscribe to our newsletter by your own consent. The newsletter is to inform you about our current services that may be of interest to you. The goods and services advertised will be named in the consent form.
- We use what is referred to as the double opt-in procedure for new subscriptions to our newsletter. This means that after you register, we will send an e-mail to the e-mail address you have given us asking you to confirm that you do indeed wish to receive our newsletter. Your data will be automatically restricted for processing and deleted after a month if you do not confirm the subscription within 24 hours. Apart from that, we will save IP addresses assigned to you and the times of subscription and your subscription confirmation. The aim of this procedure is to document your subscription and, if applicable, to trace any possible misuse of your personal data.
- Your e-mail address is all the data you need to provide us with in order to receive our newsletter. You may optionally and voluntarily provide additional data for us to be able to contact you personally. After receiving your confirmation, we will store your e-mail address for the purpose of sending the newsletter on the legal basis of GDPR Art. 6.1 (a).
- You may at any time withdraw your consent and unsubscribe from our newsletter. To revoke your consent and unsubscribe from our newsletter, you may either click the e-mail link included in every newsletter or use this website form to write an e-mail to firstname.lastname@example.org, or send a message using the contact details quoted in the copyright and legal statements section of this website.
§4 Analytical tools
We use the following tracking tools as listed below on the legal basis of GDPR Art. 6.1 (f). We use these tracking tools in order to ensure continuous design and optimisation for our website according to requirements. Apart from that, we use tracking tools to collect data on how our website is being used for statistical evaluation in order to optimise our service. These interests are to be regarded as justified according to the regulation quoted in the above.
Refer to the corresponding tracking tools for the respective data processing purposes and data categories.
- This website uses functions in the Google Analytics service. This is a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
Google Analytics uses what are referred to as cookies. These are text files that are stored on your computer to make it possible for us to analyse how you have been using this website. Cookies store information on how you use our website, which is then usually transmitted to Google’s servers in the US for storage. Data sent by us and linked to cookies, user IDs and advertising IDs will be deleted automatically after 14 months. Data will be automatically deleted once a month after reaching the end of the corresponding retention period.
The Google Analytics analysis tool is used and the resulting cookies stored according to GDPR Art. 6.1 (f). The website owner has a legitimate interest in analysing user behaviour towards optimising both website and advertising. In exceptional cases where personal data is transmitted to the US, Google has adopted the EU-US Privacy Shield; see https://www.privacyshield.gov/EU-US-Framework.
- We have activated the IP anonymisation function on this website. This involves Google truncating the last octet of an IP address from a member state of the European Union or other parties to the Agreement on the European Economic Area before transmission to the US. The full IP address will only be sent to and shortened by Google servers in the USA in exceptional cases. Google will use this information to analyse your use of our website, compile reports on website activities for the webmaster, and provide additional services involving website and Internet use as commissioned by this website's webmaster. Google will not link your IP address in the Google Analytics service with any other data held by Google.
- You may prevent your browser from storing cookies using the appropriate settings in your web browser software; however, if you should choose to do so, note that you may not be able to use the website’s functionality to its full extent. You may also prevent Google from collecting and using data in the form of cookies and IP addresses by downloading and installing the browser plugin available at http://tools.google.com/dlpage/gaoptout.
- You may prevent Google from acquiring data using Google Analytics by clicking the following link. This will store an opt-out cookie on your device to prevent your browser from collecting information when you visit this website: Disable Google Analytics.
- We have concluded a data processing contract with Google, and have implemented the strict regulations to their full extent from the German data protection authorities in using Google Analytics.
- This website uses the demographic characteristics function in Google Analytics. This allows reports to be compiled with information on age, gender and interests of our website visitors. This information originates from Google interest-based advertising as well as visitor information from third parties. None of this data can be assigned to any particular person. You may deactivate this function in your Google Account or prevent Google Analytics from collecting your data as described in Para. 4.
- Our website uses the Facebook pixel, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as Facebook) to measure user conversion.
This allows us to track visitors to our website after clicking on a Facebook advertisement referring them to the provider’s website. We use this service to assess the effectiveness of Facebook advertising for statistical and market research purposes and optimise future advertising campaigns.
- The information collected is anonymous to us as operators of this website, and we cannot use it to draw any conclusions as to the identity of any user. However, the data will be stored and processed by Facebook; this may allow Facebook to link the data to your user profile, which Facebook may use for advertising purposes according to Facebook’s Data Policy. This allows Facebook to display advertisements on its own pages and outside the Facebook domain. We as a website operator have no influence on this use of data.
We use the Facebook pixel service according to GDPR Art. 6.1 (f). The website owner has a legitimate interest in effective promotional activities, including social media.
You may also disable the Custom Audiences function in settings for advertising on https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. This requires you to be signed in on Facebook.
You can also deactivate use-based advertising on Facebook using the European Interactive Digital Advertising Alliance website if you do not have a Facebook account: http://www.youronlinechoices.com/de/praferenzmanagement/.
- We use the Google reCAPTCHA service (referred to as reCAPTCHA) on our websites. This a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (referred to as Google).
- The aim of reCAPTCHA is to check whether data entered on our website, such as in a contact form, has been entered by an actual person or an automated program. This involves reCAPTCHA analysing website visitor behaviour based on various characteristics. Analysis begins automatically as soon as you visit our website. To analyse the data, reCAPTCHA evaluates various items of information such as your IP address, how long you stayed on the website, and your mouse movements. The data collected during the analysis will be transmitted to Google.
- All reCAPTCHA analyses take place in the background. As a visitor to our website, you will not be informed that an analysis is taking place.
- This data will be processed according to GDPR Art. 6.1 (f). The website owner has a legitimate interest in protecting the website service from abusive automated spying and SPAM.
§5 Integrated YouTube videos
- Our website uses YouTube website plugins. This is a service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
- We use YouTube in privacy-enhanced mode. According to YouTube, this mode prevents YouTube from storing data on visitors to this website before they watch the video. However, this privacy-enhanced mode cannot be guaranteed to prevent data from being transmitted to YouTube partners. YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.
- As soon as you start playing a YouTube video on our website, a connection will be made to the YouTube servers informing the respective server as to which page you visited. YouTube will be able to assign your surfing habits directly to your personal profile if you are logged in to your YouTube account. You can prevent this by logging out of your YouTube account.
- Apart from that, YouTube may store a variety of cookies on your device after your start playing a YouTube video. These cookies provide YouTube with information on visitors to our website. This information is used for collecting video statistics towards improving user-friendliness and preventing fraud, among other things. The cookies will remain on your device until you delete them.
- Other data processing operations may also be triggered once you start playing a YouTube video; we have no control over this.
- We use YouTube with the aim of presenting our online services in an appealing and accessible fashion. This represents a legitimate interest according to GDPR Art. 6.1 (f).
§6 Google Maps
- This website uses the Google Maps API. This a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- Using this feature will require storing your IP address. This information is usually transmitted to a server in the US and stored there. The provider of our website has no control on this data transmission.
- The use of Google Maps also serves the appealing presentation of our online services and ease of finding locations named on our website. This represents a legitimate interest according to GDPR Art. 6.1 (f).
§7 Social media plugins
We have no influence on the data collection or processing, nor do we have any knowledge as to the full scope of data collection, purposes of processing the data, or the retention periods that apply. We also have no knowledge on the vendor’s deletion policy.
Facebook plugins (Like & Share button)
- Our website has integrated plugins from the Facebook social network provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook plugins can be identified by a Facebook logo or “Like” button on the website. Refer to the following website for a summary of Facebook plugins: http://developers.facebook.com/docs/plugins/.
- The plugin will form a direct connection between your browser and the Facebook server whenever you visit this website. This will inform Facebook that you have visited our website by your IP address. Clicking the Facebook Like button while logged in to Facebook will link the contents of the page on our website to your Facebook profile. Facebook will then be able to link your visit to our website to your user account. Note that as a website provider, we do not have any access to the content of the data transmitted or how Facebook will use the data. Refer to the following Facebook data policy for details: https://www.facebook.com/privacy/explanation.
- If you object to having Facebook linking your visit on our website to your Facebook account, then please log out of your Facebook account.
- We use the Facebook plugin service according to GDPR Art. 6.1 (f). The website owner has a legitimate interest in the maximum possible degree of outreach using social media.
- We use the Twitter plugin service according to GDPR Art. 6.1 (f). The website owner has a legitimate interest in the maximum possible degree of outreach using social media.
- You may alter your privacy settings on Twitter in account settings under https://twitter.com/settings/account.
- This website has integrated Instagram functions provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
- You may link content from our website to your Instagram profile by clicking the Instagram button if you are logged into your Instagram account. Instagram will then be able to link your visit to our website to your user account. Note that as a website provider, we do not have any access to the content of the data transmitted or how Instagram will use the data.
- We use the Instagram plugin service according to GDPR Art. 6.1 (f). The website owner has a legitimate interest in the maximum possible degree of outreach using social media.
- Our site uses LinkedIn network service functions provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
- A connection to LinkedIn servers will be made every time one of our pages containing LinkedIn functions is accessed. This will inform LinkedIn that you have visited our website by your IP address. Clicking the LinkedIn Recommend button while logged in to your LinkedIn account will enable LinkedIn to link your visit on our website to your user account. Note that as a website provider, we do not have any access to the content of the data transmitted or how LinkedIn will use the data.
- We use the LinkedIn plugin service according to GDPR Art. 6.1 (f). The website owner has a legitimate interest in the maximum possible degree of outreach using social media.
§8 WhatsApp news ticker
- We provide the option of sending you news about our activities using the WhatsApp news ticker function. This will entail you giving your mobile phone number and sending us a message using WhatsApp. We will not disclose your mobile phone number to any third parties, and will only use it for the WhatsApp news ticker. We will not send you any advertising or spam, and we will not call you for advertising purposes. We act on the consent you have voluntarily provided to us according to GDPR Art. 6.1 (a).
- However, remember that you need to agree to the terms and conditions of WhatsApp to install and use WhatsApp on your mobile device; these terms and conditions are beyond our control. These terms and conditions include WhatsApp Inc. gaining access to telephone numbers and contacts stored on the mobile device. Similarly, data will be stored on WhatsApp Inc. servers, which are not subject to European data protection law. Click here for details on data protection at WhatsApp Inc.
§9 Your rights
- You have the following rights regarding your personal data:
- You may at any time without charge request information on your personal data that we have stored, its origin and recipient and purpose of processing, and you may have the data corrected, blocked or erased within the scope of the statutory regulations. If you have any questions about this or other topics concerning data privacy and protection, please do not hesitate to contact us at the address provided in the copyright and legal statements.
You may demand a restriction on processing your personal data. Please do not hesitate to contact us at the address provided in the copyright and legal statements on this matter. You have a right to processing restriction in the following scenarios:
- We will usually need some time to verify an objection you might lodge as to the accuracy of your personal data we have stored. You may demand a restriction on processing your personal data during this period.
- You may also demand a restriction on processing your personal data instead of having it deleted if it has been or is being processed illicitly.
- You may demand a restriction on processing your personal data instead of erasure if we no longer need the data except for asserting or defending legal claims.
- Objection according to GDPR Art. 21.1 will require a balance of interests. You may demand a restriction on processing your personal data during this period before a decision is reached as to whose interests should prevail.
- Personal data you have had restricted for processing will only be processed on your consent (except for storage purposes), or to establish, assert or defend legal claims or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.
- You have the right to have your personal data that we have automatically processed with your consent towards fulfilling a contract sent to you or any third party named by you in a common electronically readable format (data portability). We can only transmit your data to another data controller named by you as requested as long as it is technically feasible for us to do so.
You may also lodge an objection to any data protection authority regarding the processing of your personal data.
§10 Right to objection
If we are processing your personal data for the purposes of direct marketing, you may at any time object to our processing of your personal data for the purpose of such advertising; this also applies to any profiling in connection with direct marketing. If you object, we will no longer use your personal data for direct marketing purposes (objection according to GDPR Art. 21.2).
§11 Data security
We use the commonplace SSL (secure socket layer) protocol in connection with the highest level of encryption supported by your browser when you visit our website. SSL usually uses 256-bit encryption. Our website will use 128-bit v3 technology instead if your browser does not support 256-bit encryption. You will be able to see whether an individual page on our website uses encryption by the key or lock symbol in your browser’s status bar.
We otherwise use the appropriate technical and organisational measures to protect your data against inadvertent or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We constantly improve our security measures in step with technological development.
Data protection information for online meetings, telephone conferences and webinars via "Zoom" of Business Metropole Ruhr GmbH
We would like to inform you in the following about the processing of personal data in connection with the use of "Zoom".
Purpose of the processing
We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Zoom" is a service of Zoom Video Communications, Inc. which is based in the USA.
Business Metropole Ruhr GmbH is responsible for data processing which is directly related to the holding of "online meetings".
Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, you only need to call up the Internet site to use "Zoom" in order to download the software for using "Zoom". You can also use "Zoom" if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the "Zoom" app. If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.
What data is processed?
When using "Zoom", different types of data are processed. The scope of the data also depends on the information you provide before or during participation in an "online meeting".
The following personal data are subject to processing:
- User details: first name, last name, telephone (optional), e-mail address, password (if "Single-Sign-On" is not used), profile picture (optional), department (optional)
- Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
- When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
- Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications.
In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.
Scope of processing
We use "zoom" to conduct "online meetings". If we want to record "online meetings", we will inform you in advance in a transparent manner and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "Zoom" app.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars.
If you are registered as a user at "Zoom", reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".
Automated decision making in the sense of Art. 22 DSGVO is not used.
Legal basis of the data processing
Insofar as personal data is processed by employees of Business Metropole Ruhr GmbH, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of "Zoom", Art. 6 Paragraph 1 letter f) DSGVO is the legal basis for data processing. In these cases, we are interested in the effective conduct of "online meetings".
In other respects, the legal basis for data processing in connection with the holding of " meetings online " is Art. 6 para. 1 lit. b) DPA, insofar as the meetings are held within the framework of contractual relations.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of "online meetings".
Recipient / passing on of data
Personal data processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that contents from "online meetings" as well as personal meetings are often used to communicate information with customers, interested parties or third parties and are therefore intended to be passed on.
Other recipients: The provider of "Zoom" necessarily obtains knowledge of the above-mentioned data to the extent that this is provided for in our contract processing agreement with "Zoom".
Data processing outside the European Union
"Zoom" is a service provided by a provider from the USA. A processing of the personal data takes place also in a third country. We have concluded an order processing contract with the provider of "Zoom" which meets the requirements of Art. 28 DSGVO.
An appropriate level of data protection is guaranteed on the one hand by the "Privacy Shield" certification of Zoom Video Communications, Inc. and on the other hand by the conclusion of the so-called EU standard contract clauses.
Data protection officer
We have appointed a data protection officer. You can reach him as follows: Business Metropole Ruhr GmbH, - data protection officer -, Am Thyssenhaus 1-3, 45128 Essen, e-mail: email@example.com
Your rights as a data subject
You have the right of access to personal data concerning you. You can contact us for information at any time. In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be. Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. Finally, you have the right to object to the processing within the scope of the statutory provisions. You also have a right to data transferability within the framework of the data protection regulations.
Deletion of data
As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or avert warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion shall only be considered after expiry of the respective storage obligation.
Right of complaint to a supervisory authority
You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
Status: April 6th 2020
Your contact person
Dr. Ralf Heine
Data protection commissioner at BMR
Aulinger Datenschutz & Consulting GmbH
Tel.: +49 201 9598662