We will inform you below about the type, scope and purpose of the processing of personal data by our company in accordance with the legal requirements of data protection law (in particular in accordance with BDSG n.F. and the European Data Protection Basic Regulation ‘DS-GVO’). This privacy policy also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” or “processing” we refer to Art. 4 DS-GVO.
Name and contact data of the responsible person(s)
Our responsible person(s) (hereinafter “responsible person”) i.S.d. Art. 4 fig. 7 DS-GVO is:
Urban Change Lab GmbH
Habersaathstraße 31
10115, Berlin, Germany
Managing Director Jochen Baumeister
Commercial Register/No.HRB 167984 B
Registergericht: Amtsgericht Charlottenburg
Fax: +49 30 /55 122 98 -3
E-Mail-address: info[ät]urbanchangelab.com
Data types, purposes of processing and categories of affected persons
In the following we inform you about type, extent and purpose of the collection, processing and use of personal data.
1. types of data we process
usage data (access times, websites visited, etc.), inventory data (name, address, etc.), and so on.), contact data (telephone number, e-mail, fax etc.), contract data (subject of the contract, duration etc.), content data (text input, videos, photos etc.), communication data (IP address etc.),
2. Purpose of processing according to Art. 13 Para. 1 c) DS-GVO
Contract execution, technical and economic optimisation of the website, easy access to the website, fulfilment of contractual obligations, fulfilment of legal storage obligations, optimisation and statistical evaluation of our services, support commercial use of the website, improve user experience, make the website user-friendly, Economical operation of advertising and website, marketing / sales / advertising, preparation of statistics, avoidance of SPAM and abuse, handling of an application process, customer service and customer care, contact requests, websites with functions and content provide, uninterrupted, secure operation of our website,
3. Categories of the persons concerned in accordance with Art. 13 Para. 1 e) DS-GVO
visitors/users of the website, customers, suppliers, interested parties, applicants, employees, employees of customers or suppliers,
The persons concerned are collectively referred to as “users”.
Legal basis for the processing of personal data
The following provides you with information on the legal basis for the processing of personal data:
- If we have obtained your consent for the processing of personal data, Art. 6 Paragraph 1 S. 1 lit. a) DS-GVO Legal basis.
- If the processing is necessary for the fulfilment of a contract or for the execution of pre-contractual measures, which take place on your request, then Art. 6 Paragraph 1 S. 1 lit. b) DS-GVO legal basis.
- If the processing is necessary to fulfil a legal obligation to which we are subject (e.g. legal storage obligations), Art. 6 para. 1 sentence 1 lit. c) DS-GVO legal basis.
- If the processing is necessary to protect vital interests of the person concerned or another natural person, Art. 6 para. 1 sentence 1 lit. d) DS-GVO legal basis.
- If processing is necessary to protect our or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, Art. 6 Para. 1 S. 1 lit. f) DS-GVO is the legal basis.
Forwarding personal data to third parties and contract processors
Without your consent, we do not pass on any data to third parties. Should this nevertheless be the case, then the passing on takes place on the basis of the aforementioned legal bases e.g. with the passing on of data to on-line Paymentanbieter for the fulfilment of a contract or due to judicial arrangement or due to a legal obligation to the publication of the data for the purpose of the criminal prosecution, to the danger defence or to the penetration of the rights at the mental property.
We use besides order processors (external Dienstleister e.g. for the Webhosting of our Websites and data bases) for the processing of your data. If data are passed on to processors within the framework of an agreement on order processing, this is always done in accordance with Art. 28 DS-GVO. We carefully select our contract processors, check them regularly and have been granted the right to issue instructions with regard to the data. In addition, the contract processors must have taken appropriate technical and organisational measures and comply with the data protection regulations in accordance with BDSG n.F. and DS-GVO
Data transfer in third countries
The adoption of the European Basic Data Protection Regulation (DS-GVO) has created a uniform basis for data protection in Europe. Your data will therefore mainly be processed by companies for which DS-GVO applies. Should the processing take place by services of third parties outside the European Union or the European Economic Area, these third parties must satisfy the special conditions of Art. 44 et seq. of the European Convention on Contracts for the International Sale of Goods. DS-GVO. This means that the processing takes place on the basis of special guarantees, such as the official recognition by the EU Commission of a level of data protection equivalent to that of the EU or the observance of officially recognised specific contractual obligations, the so-called “standard contractual clauses”. In the case of US companies, submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, fulfils these requirements.
Deletion of data and storage duration
Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for storage no longer applies, unless their further storage is necessary for purposes of proof or statutory storage obligations stand in the way. This includes, for example, obligations under commercial law to retain business letters in accordance with § 257 (1) HGB (6 years) as well as obligations under tax law to retain documents in accordance with § 147 (1) AO (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or performance of a contract.
Existence of automated decision making
We do not use automatic decision making or profiling.
Provision of our website and creation of logfiles
- If you use our website for informational purposes only (i.e. no registration and no other transmission of information), we only collect personal data transmitted by your browser to our server. If you wish to view our website, we collect the following data:- IP address;
– Internet service provider of the user;
– Date and time of the request;
– Browser type;
– Language and browser version;
– Content of the request;
– Time zone;
– Access status/HTTP status code;
– Data volume;
– Websites from which the request comes;
– Operating system. - These data serve the purpose of the user-friendly, functional and safe delivery of our website to you with functions and contents as well as their optimization and statistical evaluation.
- Legal basis for this is our legitimate interest in data processing according to Art. 6 Para. 1 S.1, which also lies in the above purposes. lit. f) DS-GVO.
- For security reasons, we store these data in server log files for the storage period of 7 days. After this period has expired, they will be automatically deleted unless we need to keep them for evidence purposes in case of attacks on the server infrastructure or other legal infringements.
Cookies
- We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser stores on your computer. When you visit our website again, these cookies provide information to automatically recognize you. The information obtained in this way serves the purpose of technically and economically optimising our web offers and enabling you to access our website more easily and securely. When you access our website, we will inform you about the use of cookies for the aforementioned purposes and how you can object to them or prevent their storage (“opt-out”) by means of a reference to our data protection declaration. Our website uses session cookies, persistent cookies and cookies from third parties:– Session cookies: We use so-called cookies to recognize multiple use of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimise our offers and make it easier for you to access our website. When you close your browser or log out, the session cookies are deleted.
– Persistent cookies: These are automatically deleted after a specified period of time, which may vary depending on the cookie. In the security settings of your browser, you can delete cookies at any time.
– Cookies from third parties (Third-Party-Cookies): Depending on your preferences, you can configure your browser settings and, for example, reject the acceptance of Third-Party-Cookies or all cookies. However, we would like to point out at this point that you may not be able to use all the functions of this website. You can read more about these cookies in the respective privacy statements of the third-party providers.
- The legal basis for this processing is Art. 6 Para. 1 S. lit. b) DS-GVO, if the cookies are used to initiate a contract, e.g. for orders, and otherwise we have a legitimate interest in the effective functionality of the website, so that in that case Art. 6 Para. 1 S. b) DS-GVO is not applicable. 6 Paragraph 1 S. 1 lit. f) DS-GVO legal basis is.
- Contradiction and “Opt-Out”: You can generally prevent the storage of cookies on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in a functional limitation of our offers. You may refuse the use of third party cookies for advertising purposes by opting out of this American Web site (https://optout.aboutads.info) or this European Web site (http://www.youronlinechoices.com/de/praferenzmanagement/).
Settlement of contracts
- We process inventory data (e.g., inventory data).B. Company, title/academic degree, names and addresses as well as contact data of users, e-mail), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of who is the contractual partner; justification, content design and processing of the contract; checking for plausibility of data) and services (e.g. contacting customer service) in accordance with Art. 6 Para. 1 S. 1 lit b) DS-GVO. The entries marked as obligatory in online forms are necessary for the conclusion of the contract.
- A transfer of this data to third parties is not made unless it is necessary to pursue our claims (eg transfer to a lawyer for collection) or to fulfill the contract (eg transfer of data to payment providers) or there is a legal obligation pursuant to the law. Art. 6 Para. 1 S. 1 lit. c) DS-GVO.
- We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
- The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for the inventory and contract data when the data is no longer required for the execution of the contract and no claims can be asserted from the contract because these are statute-barred (warranty:
two years / standard limitation period: three years). We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, when the contract is terminated after three years, we restrict the processing, i.e. your data will only be used to comply with legal obligations. Details remain in the user account until it is deleted.
Online Payment Provider
- Invoicing takes place when paying via “Paypal” via PayPal (Europe) S.àr.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Web: paypal.de, https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
In case of payment via “Sofort.com”, the account will be settled via Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany, https://www.klarna.com/sofort/datenschutz/.
Hereafter referred to as “Online-Abrechner”. The online calculators collect, store and process your usage and billing data for the purpose of determining and billing for the services you have used. The data entered with the online setters are only processed and stored by them. If the online settlements cannot collect the usage fees or can only collect them partially or if the online settlements fail to do so due to a complaint by you, the usage data will be passed on by the online settlements to the responsible person and, if necessary, blocked by the responsible person. The same also applies if, for example, a credit card company reverses a transaction from you at the expense of the responsible party. - The legal basis is Art. 6 Para. S. 1 lit. b) DSGVO, since the processing is necessary for the fulfilment of a contract by the responsible party. In addition, external online computers are used on the basis of Art. 6 Para. 1 S. 1 lit. f) DSGVO for the legitimate interests of the person responsible in order to be able to offer you the most secure, simple and diverse payment options possible.
- With regard to the storage period, revocation, information and affected party rights, we refer to the above data protection declarations of the online computers.
Use blog features / comments
- You can post public comments on our blog, which contains posts about topics on our site. You can use a pseudonym instead of a clear name. Your contribution will then be published under the pseudonym. The indication of the E-Mail address is obligation, all other information is voluntary.
- We store with your attitude of a comment your IP address with date and time, which we delete after days. The storage serves the legitimate interest of the defense against the use of third parties in the publication of illegal or untrue content by you. We store your e-mail address for the purpose of contacting you if third parties should legally object to your comments.
- Legal bases are Art. 6 Para. 1 S. 1 lit. b) and f) DS-GVO.
- Before publication, we do not check your comments. In the event of complaints from third parties, we reserve the right to delete your comments. We do not pass on the data to third parties unless it is necessary to pursue our claims or there is a legal obligation (Art. 6 Para. 1 S. 1 lit. c) DS-GVO).
- The data will be deleted as soon as they are no longer necessary for the purpose of their collection or the performance of the contract because the contract was terminated.
Contact us via contact form / E-Mail / Fax / Post
- When contacting us via contact form, fax, post or e-mail, your details will be processed for the purpose of processing the contact request.
- Legal basis for the processing of the data is with your consent Art. 6 Para. 1 S. 1 lit. a) DS-GVO. The legal basis for the processing of data transmitted in the course of a contact request or e-mail, letter or fax is Art. 6 Para. 1 S. 1 lit. f) DS-GVO. The person responsible has a justified interest in the processing and storage of the data in order to be able to answer user enquiries, to preserve evidence for reasons of liability and to be able to comply with his legal obligation to store business letters. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b) DS-GVO.
- We may store your details and contact request in our Customer Relationship Management System (“CRM System”) or a comparable system.
- The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified. We store requests from users who have an account or contract with us for a period of two years after termination of the contract. In the case of legal archiving obligations, the deletion takes place after their expiration: end of commercial (6 years) and tax (10 years) retention obligation.
- You have the possibility at any time to revoke the consent according to Art. 6 Para. 1 S. 1 lit. a) DS-GVO for the processing of personal data. If you contact us by e-mail, you may object to the storage of your personal data at any time.
Contact us by telephone
- When you contact us by telephone, your telephone number will be used to process the contact request and its processing and temporarily stored or displayed in the RAM / cache of the telephone device / display. The storage takes place for liability and security reasons, in order to be able to lead the proof of the call as well as for economic reasons, in order to make a recall possible. In the event of unauthorized advertising calls, we block the phone numbers.
- Legal basis for the processing of the phone number is Art. 6 paragraph 1 sentence 1 lit. f) DS-GVO. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b) DS-GVO.
- The device cache stores the calls for days and overwrites or successively deletes old data; if the device is disposed of, all data is deleted and the memory may be destroyed. Blocked telephone numbers are checked annually for the need to block them.
- You can prevent the display of the telephone number by calling with the telephone number suppressed.
Newsletter
- You can subscribe to our newsletter with your voluntary consent by entering your e-mail address. Only this one is obligatory. The provision of further data is voluntary and serves only the purpose of a personal approach. We use the so-called “double opt-in procedure” for registration. After your registration with your e-mail, you will receive an e-mail from us confirming your registration with a confirmation link. If you click on this confirmation link, your e-mail will be included in the newsletter distribution list and saved for the purpose of sending e-mails. If you do not click on the confirmation link within hours, your login data will be blocked and automatically deleted after days.
- In addition, we log your IP address used for registration as well as the date and time of the double opt-in (registration and confirmation). The purpose of this storage is to fulfil legal requirements regarding the proof of your registration and to prevent misuse of your e-mail.
- The contents (e.g. advertised products/services, offers, advertising and topics) of the newsletter are specifically described within the scope of your declaration of consent.
- We evaluate your user behaviour when sending the newsletter. The newsletters contain so-called “web beacons” or “tracking pixels” which are called up when the newsletter is opened. For the evaluations we link the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. The data is collected exclusively under a pseudonym, so the IDs are not linked to your other personal data, a direct personal reference is excluded. With these data we can determine if and when you opened the newsletter and which links were clicked in the newsletter. This serves the purpose of optimizing and statistically evaluating our newsletter.
- We use the above data to create a user profile in order to identify the reading habits and interests of our users and thus individualize the newsletter. If you have also carried out further actions on our website, we also link this data to it in order to adapt our newsletter content to your interests.
- Legal basis for newsletter dispatch, performance measurement and storage of the e-mail is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a) DS-GVO in connection with § 7 Abs. 2 Nr. 3 UWG and for the recording of the consent Art. 6 Abs. 1 S. 1 lit. f) DS-GVO, as this serves our legitimate interest of legal provability.
- You can object to tracking at any time by clicking the unsubscribe link at the end of the newsletter. In this case, however, the newsletter reception would also be terminated. If you deactivate the display of images in your e-mail software, tracking is also not possible. However, this may have restrictions with regard to the functions of the newsletter and any images contained will not be displayed.
- You can revoke your consent to receive the newsletter at any time. You can exercise your right of withdrawal by clicking the unsubscribe link at the end of the newsletter, sending an e-mail or sending a message to our contact details above. We store your data as long as you have subscribed to the newsletter. After you unsubscribe, your data will only be stored anonymously for statistical purposes.
Presence in social media
- We maintain profiles in social media or Fanpages in order to communicate with the users connected and registered there and to inform about our products, offers and services. The US providers are certified according to the so-called Privacy Shield and are therefore obliged to comply with European data protection laws. When you use and call up our profile in the respective network, the respective data protection information and terms of use of the respective network apply. We process the data that you send to us via these networks in order to communicate with you and to respond to your messages there.
- The legal basis for the processing of personal data is our legitimate interest in communication with users and our external presentation for the purpose of advertising pursuant to Art. 6 Para. 1 S. 1 lit. f) DS-GVO. If you have given your consent to the person responsible for the social network to process your personal data, the legal basis is Art. 6 Para. 1 S. 1 lit. a) and Art. 7 DS-GVO.
- You will find the data protection information, information options and objection options (opt-out) of the respective networks here:- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Statement: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
– Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Statement / Opt-Out: http://instagram.com/about/legal/privacy/.
– Twitter (Twitter Inc.., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
– XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Statement / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
– Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) – Privacy Policy: https://policy.pinterest.com/de/privacy-policy, Opt-Out: https://help.pinterest.com/en/articles/personalized-ads-pinterest.
– LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie policy and opt-out: https://www.linkedin.com/legal/cookie-policy, Privacy Shield of the US company LinkedIn Inc.: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
Social-Media-Plug-ins
- We use social media plug-ins from social networks on our website. We use the so-called “Two-Click-Solution”-Shariff from c’t or heise.de. When you access our website, no personal data will be transmitted to the providers of the plug-ins. Next to the logo or brand of the social network you will find a slider with which you can activate the plug-in with a click. After activation, the social network provider receives the information that you have visited our website and that your personal data is transferred to the plug-in provider and stored there. These are so-called Thirdparty Cookies. With some providers, such as Facebook and XING, your IP address is anonymized immediately after it has been collected according to their specifications.
- The data collected about the user is stored by the plug-in provider as usage profiles. These are used for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) in order to display demand-oriented advertising and to inform other users of the social network about the activities of the user on our website. The user has the right to object to the creation of these user profiles, whereby one must contact the respective plug-in provider to exercise this right.
- Legal basis for the use of the plug-ins is our legitimate interest in the improvement and optimization of our website by increasing our awareness through social networks and the possibility of interaction with you and the users among each other via social networks in accordance with Art. 6 Para. 1 S.1. lit. f) DS-GVO.
- We have no influence on the collected data and data processing procedures. We also have no knowledge of the scope of data collection, the purpose of processing and the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
- With regard to the purpose and scope of data collection and processing, we refer to the respective data protection declarations of the social networks. You will also find information about your rights and settings to protect your personal data.
Privacy protection for applications and in the application process
- Applications sent electronically or by post to the person responsible will be processed electronically or manually for the purpose of handling the application process.
- We expressly point out that application documents with “special categories of personal data” according to Art. 9 DS-GVO (e.g. a photo which gives information about your ethnic origin, religion or marital status), with the exception of a possible severe disability, which you would like to disclose freely, are undesirable. You should submit your application without this data. This has no effect on your applicant chances.
- Li>Legal bases for the processing are art. 6 para. 1 sentence 1 lit. b) DS-GVO as well as § 26 BDSG n.F.
- If an employment relationship with the applicant is entered after conclusion of the application procedure, the applicant data are stored under consideration of relevant data protection regulations. If you are not offered a position after completion of the application procedure, your application letter and documents will be deleted 6 months after dispatch of the rejection in order to be able to satisfy any claims and obligations to provide evidence under the AGG.
Rights of the person concerned
- Contradiction or revocation against the processing of your dataInsofar as the processing on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a), Art. 7 DS-GVO, you have the right to revoke your consent at any time. This does not affect the legality of the processing carried out on the basis of your consent until revocation.
Insofar as we base the processing of your personal data on the weighing of interests pursuant to Art. 6 Para. 1 S. 1 lit. f) DS-GVO, you may object to the processing. This is the case, if the processing is not necessary in particular for the fulfilment of a contract with you, which is represented by us in each case with the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts and either discontinue or adapt data processing or show you our compelling reasons worthy of protection on the basis of which we continue processing.
You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right of objection free of charge. You can inform us about your advertising objection under the following contact data:
Urban Change Lab GmbH
Habersaathstraße 31
10115, Berlin, Germany
Managing Director Jochen Baumeister
Commercial Register/No.HRB 167984 B
Registergericht: Amtsgericht Charlottenburg
Fax: +49 30 /55 122 98 -3
E-Mail-address: info[ät]urbanchangelab.com - Right of access
You have a right of access to your personal data stored by us according to Art. 15 DS-GVO. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the origin of your data, unless they have been collected directly from you. - Right to correction
You have a right to correct incorrect data or to complete correct data according to Art. 16 DS-GVO. - Right to deletion
You have a right to deletion of your data stored with us according to Art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage oppose this. - Right to restriction
You have the right to demand a restriction on the processing of your personal data if one of the conditions in Art. 18 para. 1 lit. a) to d) DS-GVO is fulfilled:
– If you dispute the accuracy of the personal data concerning you for a period of time that allows the data controller to verify the accuracy of the personal data;- the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;
– the person responsible no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims, or
– if you object to the processing in accordance with Art. 21 para. 1 DS-GVO and it has not yet been determined whether the justified reasons of the person responsible outweigh your reasons. - Light to data transferability
You have a right to data transferability in accordance with Art. 20 DS-GVO, which means that you may receive the personal data we have stored about you in a structured, common and machine-readable format or request that it be transferred to another person responsible. - Right to complain
You have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority, in particular in the member state of your place of residence, your place of work or the location of the suspected infringement, for this purpose.
Data security
In order to protect all personal data transmitted to us and to ensure that the data protection regulations are observed by us, but also by our external service providers, we have taken appropriate technical and organisational security measures. Therefore, all data between your browser and our server is transmitted encrypted via a secure SSL connection.
Source of German version: JuraForum.de
Stand: 25.10.2018