1.2 CONTROLLER
The data processing controller according to Art. 4 No. 7 GDPR is:
Event Safety Consult GmbH & Co. KG
Im Weiher 10
69121 Heidelberg
Mr. Sven Hansen
E-mail: datenschutz@event-safety-consult.eu
1.3 PLACE OF DATA PROCESSING
Your data will generally be processed in Germany and in the European Union.
If your data is processed in countries outside the European Union (i.e. in so-called third countries), this is done insofar as you have expressly consented to this or it is necessary for us to provide services to you or mandated by law (Art. 49 GDPR). Your data will only be processed in third countries if an appropriate level of data protection is ensured.
1.4 DISCLOSURE OF DATA
ESC will disclose your information as follows:
- a. Data processor: These are service providers and vicarious agents who are entrusted with the processing of data within the scope provided by law pursuant to Art. 28 GDPR. We hire companies in the following areas in particular: IT services, sales, marketing, consulting.
- b. Cooperation partners: These are companies that provide services for you on their own responsibility. Your data will be disclosed in particular if you order or request services from the partner.
- c. Legal obligation: To the extent we are required by law, we disclose certain data to the requesting government agency.
Please see the “Data” section for specific information on the disclosure of your data.
1.5 LEGAL BASIS
ESC processes your data on the basis of the European and German data protection laws for the following purposes:
- a. Art. 6 para. 1 lit. a GDPR: As far as you have given consent
- b. Art. 6 para. 1 lit. b GDPR: To fulfill a contract or to carry out pre-contractual measures with you
- c. Art. 6 para. 1 lit. f GDPR: Processing is necessary to protect the legitimate interests of ESC or third parties
- d. Art. 6 para. 1 lit. e GDPR: Due to legal requirements or insofar as the processing is in the public interest
Please see the “Data” section for specific information on the purpose and legal basis of the processing of your data.
1.6 RIGHTS OF THE DATA SUBJECT
You have the right,
- To request information on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Art. 15 GDPR); to request the rectification or completion of incorrect or incomplete data (Art. 16 GDPR);
- to revoke a given consent at any time with effect for the future (Art. 7 (3) GDPR);
- to object to data processing that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21 (1) GDPR);
- in certain cases, within the framework of Art. 17 GDPR, to demand the erasure of data - in particular insofar as the data is no longer required for the intended purpose or is processed unlawfully, or you have revoked your consent in accordance with (c) above or declared an objection in accordance with (d) above;
- under certain conditions, to demand the restriction of data, insofar as erasure is not possible or the obligation to erase is disputed (Art. 18 GDPR);
- to data portability, i.e. you can receive your data that you have provided to us in a common machine-readable format such as CSV and transmit it to others if necessary (Art. 20 GDPR;)
- to complain about data processing to the competent supervisory authority. The competent supervisory authority is: Landesbeauftragter für den Datenschutz und die Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information), Postfach 10 29 32, 70025 Stuttgart, Germany.
If you assert your rights as a data subject, your personal data will be stored for 3 years to prove that we have provided you with comprehensive information and complied with the legal requirements.
1.7 SSL- OR TLS ENCRYPTION
This site uses SSL or TLS encryption for security reasons and to protect the data you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the lock symbol appearing in your browser bar.
2.1 NEWSLETTER
a. Legal basis, purpose
The data collected by ESC includes, but is not limited to: first name, last name, e-mail address, company. These details are passes on to “mailchimp” as part of your consent to receive the newsletter. Analysis of your data (tracking) is disabled.
In order to ensure that no mistakes have been made when entering the e-mail address, we use a double opt-in procedure: after you have entered your e-mail address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link, will your e-mail address be added to our distribution list.
The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR.
b. Disclosure of data
As a necessary consequence of the subscription process, your data will be shared with The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA. You can find the privacy policy of mailchimp here:
https://mailchimp.com/legal/privacy/#1._The_Basics.
c. Storage period
The above data will be stored until you unsubscribe from the newsletter or when it is discontinued. After unsubscribing, your data will remain stored for up to 3 years for the purpose of securing evidence.
d. Revocation, change of settings
You can revoke consent with future effect by clicking on the “Unsubscribe” link at the end of a newsletter you receive.
You can change settings for receiving the newsletter by clicking on the “modify subscription” link at the end of a received newsletter.
2.2 USE OF THE WEBSITE
a. Legal basis, purpose
The web server of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This data is necessary for the proper functioning of the website. The access logs of the web servers record which page requests have taken place and when. They include the following data:
- IP address (stored version is shortened by the last 3 digits)
- Directory protection user to protect against unwanted access
- Date, time, pages viewed, amount of data
- Logs, error logs containing erroneous page access attempts and IP addresses
- Status code
The server uses the http status code to tell the client whether its request was successful. In the event of an error, the status code provides information on how to retrieve the requested information. - Referrer URL (last visited website), user agent (e.g. web browser), invoked host name (name of a client)
Your data will be processed for the following purposes:
- Smooth establishment of connections
- Website use
- System safety and stability.
This data is not merged with other data sources.
The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR.
b. Disclosure of data
To provide the website, data is passed on to service providers and vicarious agents, which we as the data processor hire in accordance with Art. 28 GDPR.
c. Storage period
Your data will be stored for the following periods:
- Truncated IP addresses – 60 days
- Directory protection user information is anonymized after one day.
- Error logs – 7 days
All other data is stored for a period of 60 days and then automatically deleted. If you stop using our website, the geolocation data will be deleted.
2.3 CONTACT FORM
a. Legal basis, purpose
Personal data that you submit to us when filling out contact forms are processed exclusively for the intended purpose. Depending on the form, the data collected by ESC includes, but is not limited to the following: name, company name, function, project, project details, risk assessment parameters, e-mail address, comments.
The respective processing purpose is described in the contact form and can be in particular: Contacting, arranging a consultation appointment, sending offers and practical examples.
In order to ensure that no mistakes have been made when entering the e-mail address, we use a double opt-in procedure: after you have entered your e-mail address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link, will we answer your inquiry.
The legal basis for data processing is your or our legitimate interest in responding to your request (Art. 6 para. 1 lit. f GDPR), as well as our/your interest in the preparation of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
b. Disclosure
As far as possible, we will not disclose your data. Any disclosure to cooperation partners and data processors takes place according to a contractual obligation pursuant to Article 28 GDPR.
c. Storage period
The data is stored for a period of 6 months and then automatically deleted, as we regularly do not receive any further queries 6 months after the final response to an inquiry.
After this, your data will remain stored for 3 years for the purpose of providing evidence of compliance with the terms of service.
2.4. COOKIES
a. Legal basis, purpose
We use cookies on our website so that you can use our website optimally, so that we can constantly improve our offer and so that we can provide you with the information that is suitable for you.
Cookies are small text files that are stored on your end device (e.g. laptop, smartphone) when you visit our website. The information stored in a cookie is related to the respective end device. Cookies do not cause any harm and do not contain malware. They do not make you directly identifiable. There are various types of cookies:
- Required cookies
These cookies are necessary so that you can use essential functions of the website. For this purpose, mainly the following data is processed:
CookieConsent: This cookie stores your cookie settings.
fe_typo_user: This cookie is a standard TYPO3 session cookie. It stores the access data entered when a user logs in to a closed area.
The legal basis for these cookies is Art. 6 para. 1 lit. b GDPR or, in the case of third countries, Art. 49 para. 1 lit. b GDPR. - Analytical cookies
These cookies allow us to create pseudonymous or anonymous statistics for the use of our website. We use these cookies to better adapt our website to your needs. For this purpose, mainly the following data is processed: Usage data (e.g. websites visited, interest in content, access times), device information, IP address
The legal basis for these cookies is Art. 6 para. 1 lit. a GDPR or, in the case of third countries, Art. 49 para. 1 lit. b GDPR.
Via the cookie message that appears when you visit our websites, you have the option of agreeing to or rejecting the use of cookies. Required cookies cannot be rejected. An overview of the cookies used on our website can be found here.
b. Disclosure
Insofar as data is passed on to the aforementioned providers, they are contractually obligated pursuant to Article 28 GDPR.
c. Storage period
The storage periods are indicated in the table above. The following general points apply here:
- “Session” cookies are deleted when you log off or close your browser.
- “Persistent” cookies are stored permanently in each case until the corresponding consent is revoked, unless a specified storage period exists, as shown above.
You can delete all cookies at any time in the security settings of your browser.
2.5 GOOGLE ANALYTICS
a. Legal basis, purpose
We have an interest in constantly improving the offer of our website. For this reason, we use Google Analytics. Google Analytics uses cookies.
To protect your data, we use Google Analytics only with IP anonymization enabled. This means that your IP address is truncated by Google within the member states of the European Union or in contracting states to the Agreement on the European Economic Area. In exceptional cases, however, the full IP address may be transmitted to a Google server in the USA and truncated there.
This website does not use the demographic features function of Google Analytics.
The IP address transmitted by the user’s browser is not merged with other data from Google.
The information collected is processed by Google on our behalf for the purpose of evaluating the use of our website, compiling reports on website activity and providing other services relating to the use of this website. In the process, pseudonymous usage profiles of the users can be created.
The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. a GDPR or, in the case of third countries, Art. 49 para. 1 lit. a GDPR.
b. Disclosure
We disclose your data to the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Tel: +1 650 253 0000, e-mail: support-deutschland@google.com .
The information generated by the cookie about the use of the online offer by the website user is usually transmitted to a Google server in the USA and stored there.
For more information about Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) and to the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
c. Storage period
These are persistent cookies. The users’ personal data is deleted or anonymized after 6 months.
d. Revocation
You can revoke your consent at any time with effect for the future by clicking here and re-opening the cookie message. By rejecting Google Analytics, you revoke your consent.
You can delete all cookies or disable their storage at any time in the security settings of your browser. You can also prevent the collection and processing of your data by installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The latter may mean that not all functions of this website can be used to their full extent.