1. Controller for Data Processing and General Principles
(1) We, the Korese Convention & Event Service GmbH, Kornhausgasse 4, 88212 Ravensburg, Germany, Tel.: +49 751 / 5 60 53-0, Fax: +49 751 / 5 60 53-18, E-Mail: firstname.lastname@example.org, as operator of the websites, available at “www.korese.com” and www.coboonline.de (hereinafter referred to respectively as “WEBSITE”), are the controller for the processing of personal data of the users of our website (“You”) subject to Art. 4 No. 7 General Data Protection Regulation (GDPR) and other national data protection laws of the Member States and other data protection provisions.
(2) Hereinafter, in the context of our information obligations, we would like to inform you in detail, which data are processed when visiting our WEBSITE and the use of our other services and offers on our WEBSITE. Furthermore, we would like to inform you about the associated protective measures we have also taken in technical and organizational terms.
2. Processing of personal data
(1) „Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data therefore includes all data that may be directly or indirectly assigned to you as a person such as your name, your address, your phone number or your e-mail address.
(2) Personal data is processed by us only if and to the extent of which
- the processing of data is necessary to fulfill a legal obligation to which we are subject to (Article 6 (1) Subpar. 1 c) GDPR), or
- the processing is necessary for the performance of a contract of which you are a party or for the performance of pre-contractual actions that you request (Article 6 (1) Subpar. 1 b) GDPR), or
- You have given us your consent to the processing of data for one or more specific purposes (Article 6 (1) Subpar. 1 a) GDPR), or
- the processing of data is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Article 6 (1) Subpar. 1 f) GDPR).
(5) The extent and nature of the processing of your data differs depending on whether you visit our WEBSITE solely for the purpose of retrieving information (see the following Sect. 3) or make use of services offered by us (see the following Sect. 4).
3. Merely informative use of our WEBSITE
(1) In connection with the mere informational use of our WEBSITE, that is, if you do not use any of our services and offers on our WEBSITE or provide us with any other information, we will only collect those data that your Internet browser automatically transmits to our server. The following data is collected hereby:
- IP address of the network access device of the respective requesting computer
- Date and time of the request (in GMT)
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) This information is technically necessary for us to enable you usage and functionality of our WEBSITE, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. There is no link between this data and personal data of a specific natural person. Our legitimate interest lies in a functioning website. The legal basis is Art. 6 (1) Subpar. 1 f) GDPR.
(3) We will delete your data as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for the merely informative provisioning of our WEBSITE, the deletion takes place when the respective session has ended. A storage of your IP address takes up to seven days in complete, then in anonymous form. Your IP address will be shortened by the last octet (sub-segment). The temporary storage of the IP address by our system is necessary in order to remedy disruptions of our website and to avert dangers.
4. Other features and offers
In addition to the purely informational use of our WEBSITE, we offer various offers and functions (hereinafter also referred to as “Services“) that you can use, if you are interested. To do this, you will generally need to provide other personal information that we use to provide the service and for which the aforementioned data processing principles apply.
(1) If you contact us, e.g. to provide us with your feedback, the processing of your communicated contact information (e.g. first name, surname, e-mail address, telephone number) will be used to answer your inquiries and / or suggestions via the contact form, e-mail or otherwise.
(2) The legal basis for the processing of the data is Art. 6 (1) Subpar. 1 f) GDPR. If your message aims to conclude a contract, then additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 b) GDPR.
(3) Insofar as the deletion of your personal data does not prevent statutory or contractual retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection. This is the case when the conversation with you is over. In general, the conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified.
4.2 Customer account
(1) If you are already a customer with us, we can create a customer account for you on request, through which we store your data for subsequent further services by us.
(2) Further information on the storage of your data, in particular for the exact purposes and the duration of the data storage can be found in the supplementary privacy statements for the customer account.
(2) Our WEBSITE uses Transient Cookies. Transient cookies are automatically deleted when you close the browser. In particular, these include the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our WEBSITE. The session cookies are deleted when you log out or close the browser.
(3) If personal data is processed by individual cookies, the processing is carried out in accordance with Art. 6 (1) Subpar. 1 b) GDPR either for the execution of the contract or in accordance with Art. 6 (1) Subpar. 1 f) GDPR for the protection of our legitimate interests in the best possible functionality of our WEBSITE as well as a customer-friendly and effective design of the page visit.
(4) You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. We point out that you may not be able to use all the features of our WEBSITE.
6. Google Analytics
Our WEBSITE does not use Google Analytics.
7. Data security
(1) We use technical and organizational security measures in order to protect accruing or collected personal data, against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons in particular. Our security measures are continuously being improved as technological developments progress.
(2) Our WEBSITE is encrypted using SSL technology to prevent access by unauthorized third parties. You can recognize the secure transfer by the protocol name “https: //” in the URL line.
8. Your Rights
(1) With regard to the processing of personal data concerning you, under the legal preconditions you are entitled to the rights listed below under a)-h). Please contact us for this. The contact details can be found under Sect. 1.
a) Right to Receive Information
Subject to Art. 15 GDPR you can require a confirmation as to whether personal data concerning you are processed by us. In this case, according to Art. 15 (1) GDPR, you have the right to obtain information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned retention period or the criteria for the personal data determining the retention period, the right of rectification or deletion of your personal data, as well as restriction of processing or opposition to processing, the existence of a right to complain to a supervisory authority, the origin of the data, if we have not collected your data from you, existence of an automated decision-making including profiling and according to Art. 15 (2) GDPR the right to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transfer of personal data to third countries.
b) Right to Demand Rectification
According to Art. 16 GDPR you can demand the immediate correction and / or considering the purpose of the processing the completion of your personal data, if your data is incorrect or incomplete.
c) Right to Demand Deletion
According to Art. 17 GDPR you can require the immediate deletion of your personal data, provided that there is a reason under Art. 17 (1) a) – f) GDPR. However, the right to delete your personal data does not exist, in particular, if its processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal rights (Art. 17 (3) GDPR).
d) Right to Demand Restriction of Processing
You may restrict the processing of your personal data in accordance with Art. 18 GDPR, as long as we verify the accuracy of your data, if you refuse the deletion of your data due to unlawful processing and instead demand the restriction of the use of your data, if you need your data for the assertion, exercise or defense of legal claims or if you have objected to the processing, as long as it is not certain that our legitimate reasons prevail.
e) Right to Notification
According to Art. 19 GDPR we will communicate any rectification or deletion of your personal data or a limitation of their processing under Art. 16, 17 (1) and 18 GDPR to all recipients to whom your personal data have been disclosed, unless this turns out to be impossible or is associated with a disproportionate effort. According to Art. 19 sent. 2 GDPR you have the right to be informed about these recipients on request.
f) Right to Data Portability
According to Art. 20 GDPR you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format and to transmit this data to another person responsible, provided that the further requirements of Art. 20 GDPR exist, in particular, this is technically feasible.
g) Right to objection
As far as we base the processing of your personal data on the balance of interests according to Art. 6 (1) Subpar. 1 f) GDPR, you can appeal object to the processing according to Art. 21 GDPR. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in each case in the above description of the offers. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we examine the situation and according to Art. 21 (1) sent. 2 GDPR either no longer process the personal data or prove to you our compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. Further processing is reserved, if the processing serves the assertion, exercise or defense of legal claims.
According to Art. 21 (2) GDPR, you can object to the processing of your personal data for the purpose of advertising and profiling at any time, as far as it is associated with direct advertising.
You can inform us about your objection under the contact data mentioned in Sect. 1.
h) Right to Revoke Consent
(1) According to Art. 7 (3) GDPR you have the right to revoke any data protection consent granted to us at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place based on your consent until the time of the cancellation.
(2) If you believe that the processing of your data violates data protection regulations, you have the additional right to complain to a supervisory authority according to Art. 77 DSGVO. Please contact a supervisor in the Member State of your place of residence, your work place or the location of the potential breach. An overview can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Effective: Juny 04, 2018