PRIVACY POLICY
GCB German Convention Bureau e.V.
Data privacy regulations
The protection of your personal data is important to us.
We, the German Convention Bureau e.V., are pleased that you are interested in our company and our services. We also want you to feel confident that your personal data will be protected whenever you visit pages on our website. The protection of your data is a major priority for us, and we therefore process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and any national implementation acts that are applicable to us. One purpose of this Privacy Policy is to give you comprehensive information about the way we process your personal data at GCB German Convention Bureau e.V. and also about the rights to which you are entitled.
We have taken technical and organisational measures to ensure that data protection regulations are met, both by ourselves and also by any external contractors instructed by us.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, phone number, email address, and also your IP address.
Data are anonymous if no personal reference to the user can be established.
Your rights as a data subject
First of all, we would like to inform you of your rights as a data subject. These rights are specified in EU GDPR Articles 15-22. They include:
- The right of access (EU GDPR Article 15)
- The right to erasure (EU GDPR Article 17)
- The right to rectification (EU GDPR Article 16)
- The right to data transfer (EU GDPR Article 20)
- The right to restrict data processing (EU GDPR Article 18)
- The right to object to data processing (EU GDPR Article 21)
To exercise any of these rights, please contact: Michael Heidrich, Executive Director at info@gcb.de or +49 69 2429300. The same applies if you have questions about data processing by our company. You also have the right to lodge a complaint with a data protection supervisory authority.
Right to object
Please note the following in connection with your right to object:
If we process your personal data for the purpose of direct marketing, you have the right to object to such data processing at any time and without giving reasons. This also applies to any profiling associated with direct marketing.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for those purposes. You do not incur any costs when you object, and you can present your objection informally, preferably by writing to GCB German Convention Bureau e.V., c/o WeWork, Taunusanlage 8
60329 Frankfurt am Main, Germany, or you can send an email to info@gcb.de.
In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
In such a case we will stop processing your personal data, unless we can prove compelling legitimate grounds to continue processing and to override your interests, rights and freedoms or if processing serves the assertion, exercise or defence of legal claims.
You may at any time withdraw your consent to our collection, processing and use of your personal data.
Should this become relevant, please write to GCB German Convention Bureau e.V.
c/o WeWork
Taunusanlage 8
60329 Frankfurt am Main, Germany, or you can send an email to info@gcb.de.
Purposes and legal basis for data processing
When processing your personal data, we will observe the provisions of the EU GDPR and all other applicable data protection regulations. The legal basis for data processing is specified, in particular, in EU GDPR Article 6.
We will use your data to initiate business, to meet contractual and legal obligations, to implement the contract, to offer products and services and to strengthen our relationship with you as a customer, which may also include analyses for the purpose of marketing, including direct marketing.
Your consent is also a mandatory requirement for us under data protection law. When you provide consent, we will advise you about the purpose of data processing and your right to object. If consent covers the processing of special categories of personal data, we will expressly point this out to you in the declaration of consent, thus meeting the requirements of EU GDPR Article 88 (1).
Special categories of personal data within the meaning of EU GDPR Article 9 (1) will only be processed if this is required by legal regulations and if there is no reason to assume that you have an overriding legitimate interest in the exclusion of processing (see EU GDPR Article 88 (1)).
Specific use / disclosure to third parties
Any personal data you provide will be used by us to answer your queries or enquiries within the legal provisions, to deal with your orders or to provide you with access to specific information or offers. If we ask you to provide further data, then this is always voluntary information. Personal data are processed entirely for the purpose of performing the requested service and to safeguard any legitimate business interests we may have.
To implement specifically agreed services and to maintain our relationship with you as a customer, either we or a contractor instructed by us may use your personal data to keep you updated about products on offer or to conduct online surveys with a view to improving our services and the way we meet our customers’ needs. Your data will not be disclosed to third parties without your express consent and knowledge.
We will not sell your personal data to third parties or market them in any other way.
Personal data will only be collected and disclosed to suitably authorised state institutions and authorities in application of the relevant laws or in cases where we are required to disclose data under a court order.
Recipients of data / categories of recipients
Within our company we take care to ensure that your data are only disclosed to persons requiring them for the fulfilment of contractual or statutory duties. All persons are placed by us under an obligation to maintain confidentiality and to comply with data protection laws.
In some instances our departments engage the support of contractors in the fulfilment of their duties. In such cases we only transfer personal data to contractors or suppliers where such data are necessary for the fulfilment of tasks. The necessary data protection agreements have been concluded with all contractors and suppliers.
Transfer to third countries / intention to transfer to third countries
Data will only be transferred to third countries (outside the European Union and the European Economic Area) if this is necessary for the performance of contractual obligations, if it is required by law or if you have given us your consent to do so.
We will transfer your personal data to a contractor or an affiliate in the following countries outside the European Economic Area: United Kingdom, United States of America. We guarantee compliance with data protection standards through binding corporate data privacy regulations and contract processing agreements.
Retention period for data
We store your data for as long as they are needed for the relevant processing purpose. Please be aware that numerous retention periods require the (mandatory and) continued storage of your date. This applies in particular to storage under commercial law and tax law (e.g. the German Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, data will be routinely deleted once their purpose has been achieved.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
Secure transmission of your data
In order to protect the data stored by us from accidental or intentional manipulation, loss, destruction or unauthorised access, we apply suitable technical and organisational security measures. Security levels are continually checked in cooperation with security experts and adapted to new security standards.
Any data exchange from and to our website is encrypted. We offer HTTPS as the transmission protocol for our website, in each instance using the latest encryption protocols. However, we may also want to use alternative channels of communication (e.g. postal services).
Obligation to provide personal data
Various personal data are necessary for the establishment, execution and termination of our contractual obligation and for the fulfilment of associated contractual and legal duties. The same applies to the use of our website and the various functions it provides.
We have summarised the relevant details for you in the above point. There are sometimes cases when we need to collect or provide data on the grounds of statutory provisions. Please be aware that we cannot process your request or perform our underlying obligation without the provision of those data.
Data categories, sources and origins
The data we process depend on each context. You may, for example, have logged into an online members’ area or presented a request via our contact form, or you may have sent us an application or sent an enquiry to our general email address.
Please be aware that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or making a contact request.
When you visit our website, we collect and process the following data:
- Name of your internet service provider
- Details of the website from which you are visiting our own site
- Your web browser and operating system
- The IP address assigned by your internet service provider
- Requested files, transferred data volume, downloads/file export
- Information about the pages of our website you visit, including dates and times
For technical security reasons (in particular to prevent attempts to attack our web server), such data are saved in accordance with EU GDPR Article 6 (1) point f. After a maximum of 7 days your data are anonymised by truncating your IP address, so that you cannot be traced as the user.
When you present a contact request, we collect and process the following data:
- Surname, first name
- Email address
- Details of your requests and interests
We collect and process the following data for newsletter subscriptions:
- Surname, first name
- Email address
- Title
- If necessary, data from a newsletter analysis
We collect and process the following data for competitions:
- Surname, first name
- Address
- Email address (depending on the notification channel)
Contact form / contact made by email (EU GDPR Article 6 (1) points a and b)
There is a contact form on our website that can be used for electronic contact. If you write to us via the contact form, we will process the information you provide on that form, so that we can then contact you and answer your questions and requests.
We observe the principles of data economy and data reduction by only requesting data which are necessary for us in order to contact you. These are your email address and the content of the message box itself. For technical reasons and for legal protection, we will also process your IP address. All other data are voluntary and can be entered optionally (e.g. to receive more specific answers to your questions).
If you contact us by email, any personal data you provide will only be used for the purpose of handling your enquiry or request. No further-reaching data collection will take place unless you use the relevant contact forms we offer.
When you complete a form, we see this as your consent to use your data as described above.
Newsletter (EU GDPR Article 6 (1) point a)
Our website gives you the option of subscribing to a free newsletter. When you subscribe, the email address and name you specify will be used for the purpose of sending you personalised newsletters.
The principles of data economy and data reduction are met because the only information that is marked as mandatory is your email address (and, if necessary, also your name so that we can send you a personalised newsletter). For technical reasons and for legal protection, we also process your IP address when you subscribe.
You can of course cancel your subscription at any time via the unsubscription option provided in the newsletter, thus revoking your consent. Furthermore, you always have the option of unsubscribing directly via our website.
Contests / marketing consent (EU GDPR Article 6 (1) points a and b)
Our website provides you with the option of participating in our contests. When you complete the contest form or send us an email under the terms and conditions of the contest, we will process the relevant data exclusively for the purpose of the contest.
We observe the principles of data economy and data reduction by only requesting data which are necessary for the purpose of the contest and to notify you if you win a prize. This includes data such as your name and email address.
Any details that are mandatory for this purpose are marked in the relevant boxes with an asterisk (*) or are suitably specified in the terms and conditions for entry. For technical reasons and for legal protection, we also process your IP address. The remaining details are optional, i.e. you are welcome to complete them if you wish to do so. We regret that we can only run the contest if we have the details requested in the mandatory boxes, so that you can only participate if you share those details with us.
The contest form also allows you to give us your marketing consent. It is of course also possible to participate in the contest without giving your marketing consent.
If you give us your consent by ticking the relevant checkbox, one of the purposes of our data processing will be to email you information and offers on products and services.
You can always withdraw your consent without giving reasons. To do so, ring +44 69 2429300, send an email to info@gcb.de or send a letter to GCB German Convention Bureau e.V., c/o WeWork, Taunusanlage 8
60329 Frankfurt am Main, Germany.
Registration / membership account (EU GDPR Article 6 (1) points a and b)
On our website we give each member the option of logging into their membership account with their personal data.
Registration is therefore necessary or possible, either so that we can perform our side of the contract with you or so that we can carry out pre-contractual measures.
We observe the principles of data economy and data reduction by only marking data as mandatory if they are necessary for registration. These are the username and the password.
When you log onto our website, we also store your IP address and the date and time of your registration (technical background data). By clicking “Login”, you give your consent to the processing of your data.
Once you have received a password, please remember to change it after your first login. Employees of our company cannot access this password, so that they cannot therefore give you any information if you have forgotten your password.
No employee is entitled to ask you for your password by phone or in writing. Never share your password if you receive such requests.
Marketing towards members and customers (GDPR Article 6 (1) point f)
GCB German Convention Bureau e.V. Is interested in maintaining a relationship with you as a member and customer and in providing you with information and offers concerning our products and services. We therefore process your data with a view to sending you relevant information and offers by email.
If you do not want this to happen, you can always object to the use of your personal data for the purpose of direct marketing; this also applies to any profiling that may be connected with direct marketing. If you file an objection, we will no longer process your data for this purpose.
You can present your objection free of charge and without giving reasons, preferably by ringing +49 69 2429300, by emailing info@gcb.de or by writing a letter to GCB German Convention Bureau e.V.,
c/o WeWork, Taunusanlage 8,
60329 Frankfurt am Main
Automated case-by-case decisions
We do not use purely automated decision-making processes.
Cookies (EU GDPR Article 6 (1) point f / Article 6 (1) point a on consent)
Parts of our website use so-called cookies. These are intended to make our website more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser (i.e. saved locally to your hard drive).
They allow us to analyse how users use our website and to ensure that web content is suitably geared towards our visitors’ needs. Cookies also allow us to measure the effectiveness of certain advertisements and their placements, for example, depending on the topics that interest our users.
Most of the cookies we use are session cookies and are therefore deleted as soon as a given session has finished. Permanent cookies are automatically deleted from your computer when their period of validity (usually six months) has been reached or if you delete them yourself before they expire.
Most web browsers automatically accept cookies. However, you can change the relevant settings of your browser at any time if you do not wish to send such information to us. You can still use the offers on our website without restrictions (with the exception of configurators).
We use cookies to make our website more user-friendly, efficient and secure. We also use cookies which enable us to analyse how users use our website, so that web content is suitably geared towards our visitors’ needs. Cookies also allow us to measure the effectiveness of certain advertisements and their placements, for example, depending on the topics that interest our users.
Cookies are stored on your computer which then sends them to our site, so that you as the user have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your web browser. Also, any cookies that have already been set can always be deleted via a web browser or other software applications. This can be done in all the common web browsers.
However, you can also use our website without cookies. If you do not want us to recognise your computer, you can prevent cookies from being saved to your hard drive by choosing the option “Do not accept cookies” in your browser settings. To find out how to do this, please consult the user instructions provided by your browser manufacturer. Please be aware, however, that if you disable cookies, the functions of our services may be limited for you.
Use of Google Analytics (EU GDPR Article 6 (1) point f)
(1) This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter referred to as “Google”). Google Analytics uses so-called cookies – text files that are saved to your computer and which allow us to analyse your use of our website. The information that is created by cookies on your use of our website is usually sent to a Google server in the United States, where it is saved. However, if you have activated IP anonymisation for this website, your IP address will not be sent without first being truncated by Google within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and then truncated there. Acting upon our instruction as the website operator, Google will use this information to analyse your use of the website, to set up reports on website activities and to provide us with other services connected with website use and internet use.
(2) The IP address which Google Analytics sends via your browser will not be linked by Google with any other data it may have. You have the option of preventing the storage of cookies through a suitable setting in your browser; please be aware, however, that this may prevent you from using all the functions of this website to their full potential.
(3) Furthermore, if you wish to prevent the collection of data generated by cookies and related to the usage of the website (incl. your IP address) and if you wish to opt out of such data being processed by Google, you can download and install a browser plugin from the following link: http://tools.google.com/dlpage/gaoptout?hl=en
(4) Google Analytics is used in compliance with the terms and conditions agreed with Google by the German data protection authorities. You will find more detailed information in Google’s Terms of Use and Privacy Policy, at https://www.google.com/analytics/terms/us.html. and https://policies.google.com/privacy. Please note that Google Analytics has been extended on this website by the code “anonymizeIp” to warrant the anonymised collection of IP addresses (so-called IP masking).
Use of Google reCaptcha (EU GDPR Article 6 (1) point f)
This Website uses the function reCaptcha by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function serves the purpose to distinguish whether input is made by a natural person or is abusive by mechanical and automated processing. Legal basis for data processing is Art. 6 para. 1 lit. f) GDPR based on our legitimate interest in the security of our website and in the prevention of misuse and spam.
The query includes the sending of your IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to and processed by Google.
Google LLC in the USA is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google’s terms of use can be reviewed at the following link www.google.de/intl/de/policies/terms/regional.html, additional detailed privacy information can be found on the Google website (“Google Privacy Policy”): http://www.google.de/intl/de/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated
Use of Google Maps (EU GDPR Article 6 (1) point f)
This Website uses the map service Goolge Maps by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To interact with Google Maps, processing your IP-Adress is necessary. This information is usually transmitted to and stored by Google on servers in the United States. The provider of this page has no influence on this data transfer.
Using Google Maps is based on our interest in an appealing presentation of our online offers and to allow visitors to easily find the locations mentioned on our website. This constitutes our legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
Further information regarding the processing of user data can be found in the data privacy statement of Google: www.google.de/intl/de/policies/privacy/.
Social media
Our site uses so-called social plug-ins (“plug-ins”) for the social media providers Facebook and Google+ as well as for the micro-blogging services Twitter and Instagram. We also use YouTube and LinkedIn plug-ins. These services are offered by Facebook Inc., Twitter Inc., Instagram LLC, YouTube LLC and the LinkedIn Corporation (“service providers”).
- Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Such plug-ins are marked with a Facebook logo or by the additional text “Facebook Social Plug-in”. When you press a button, calling up a page on our website that contains such functions, your browser connects directly to Facebook servers. Facebook then sends the content of the plug-in directly to your browser, which integrates it into the website.By activating the plug-in, Facebook is told that you have accessed the corresponding page on our website. If you are logged on to Facebook at that time, Facebook can from that moment onwards associate your visit with your Facebook account even if you have not provided further confirmation via a Facebook button. If you interact with the plug-ins (e.g. via the “Like” button) or if you use the Facebook interface when logging in, your browser sends this information directly to Facebook, where it is then stored.Facebook can collect data about you (e.g. your IP address) even if you do not have a Facebook account. Please see the Facebook Privacy Policy for information on the purpose and scope of data collection and its further processing and use of data by Facebook, as well as your applicable rights and settings options for protecting your privacy.If you do not want Facebook to link the data collected on our website to your Facebook account, you must log out of Facebook before visiting our website. You also have the option of installing suitable blockers through add-ons in your browser.
- Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In this process, data are also transferred to Twitter.By activating the plug-in, Twitter is told that you have accessed the corresponding page on our website. If you are logged on to Twitter at that time, Twitter may from that moment onwards associate your visit with your Twitter account even if you have not provided further confirmation via a Twitter button. If you interact with the plug-ins (e.g. by posting a tweet), your browser sends this information directly to Twitter, where it is then stored.Please be aware that, as the operator of our site, we have no knowledge of the content of data transmitted to Twitter or how Twitter uses such data. For further details, please refer to Twitter’s Privacy Policy, available at twitter.com/en/privacy.
- Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This allows Instagram to associate your visit to our site with your user account. Please be aware that we, the site operators, have no knowledge of the content of data transmitted or how Instagram uses those data. For further details, please refer to Instagram’s Platform Policy, available at https://www.instagram.com/about/legal/terms/api/.
- Our website uses YouTube plug-ins, operated by Google. The operator of such pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection is established with the relevant YouTube servers. The YouTube server is notified which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing patterns directly with your personal profile. You can prevent this by logging out of your YouTube account. Further details about the use of user data can be found in the YouTube Privacy Guidelines at https://www.youtube.com/static?template=privacy_guidelines
- Our site uses functions from the LinkedIn network, provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages containing LinkedIn features, your browser establishes a direct connection to LinkedIn servers. LinkedIn is told that you have visited our website from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit of our website with your user account. Please be aware that we, the site operators, have no knowledge of the content of data transmitted or how LinkedIn uses those data.For further details, please refer to LinkedIn’s Privacy Policy at www.linkedin.com/legal/privacy-policy.
Two clicks for more privacy. A social media button is only activated when you click on it, and your browser then connects directly with the relevant servers. When you click on such a button for the first time, you therefore indicate your consent to data being transferred to the relevant service provider. Your click on the button tells the service provider that you have accessed the relevant page on our website. If you are already logged into the relevant social media network, your visit can be associated with your account from that moment onwards, even if you do not click the button for a second time. If you interact with the plug-ins (e.g. by posting a comment and therefore clicking the button for a second time), your browser sends this information directly to the service provider, where it is then stored.
The legal basis for such data processing is GDPR Article 6 (1) point f. Our purpose and legitimate interest are to achieve an increased awareness of our products.
Children and young people
Persons under 18 must not send us personal data or issue a declaration of consent to us without obtaining the consent of a parent or guardian. We do not request personal data from children or young people, nor do we collect such information or disclose it to third parties. Furthermore, we wish to encourage parents and guardians to take an active role in their children’s online activities and interests.
Links
Our website also contains clearly recognisable links to the websites of other companies. We have no influence on the content of such websites. We cannot therefore give any guarantee or accept any liability for their contents. Such content is always the responsibility of the relevant site owner or operator.
The linked sites have been checked for possible legal infringements or recognisable violations at the time of being linked. No unlawful content was apparent at the time when the links were created. Unless there is concrete evidence that unlawful acts have been committed, we cannot be expected to monitor the content of linked sites on a permanent basis. Should legal violations become known to us, we will remove the relevant links immediately.
Security
We have taken technical and organisational security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and all individuals involved in information processing are under an obligation to observe the German Federal Data Protection Act (BDSG) and other privacy-related laws and have undertaken to ensure the confidential use of personal data.
Changes to our Privacy Policy
We reserve the right to change our security and data privacy precautions where this is required on account of technical developments. In such cases we will update our Privacy Policy as necessary. We must therefore advise you always to refer to the latest version of our Privacy Policy.
Questions, suggestions and complaints
You can contact us directly if you have any questions about our Privacy Policy or about the way we process your personal data: Kaiserstr. 53, 60329 Frankfurt, phone: +49(0)69-2429300, fax: +44(0)69-24293026, email: info@gcb.de. You are also welcome to contact us if you require information, if you want to make suggestions or if you wish to complain.
Controller and Data Protection Officer
GCB German Convention Bureau e.V., Kaiserstrasse 53, 60329 Frankfurt am Main, Germany
Phone: +49 69 2429300, fax: +49 69 24293026, email: info@gcb.de, URL: www.gcb.de
Contact details of Data Protection Officer
GCB German Convention Bureau e.V., Mr Michael Heidrich, Executive Director
Email: heidrich@gcb.de
Pursuant to the European Directive 2013/11/EU, we wish to point out that the EU Commission runs an internet platform (“OS Platform”) for the online resolution of disputes between businesses and consumers. You can access this platform at ec.europa.eu/consumers/odr.
Thank you for your trust in GCB German Convention Bureau e.V.