Privacy Policy

Privacy
Policy

We are deligh­ted about your inte­rest in our net­work. Data pro­tec­tion has a par­ti­cu­lar­ly high prio­ri­ty for ber­lin-com­mu­ni­ca­ti­on. It is pos­si­ble to use the Internet pages of the ber­lin-com­mu­ni­ca­ti­on net­work wit­hout pro­vi­ding any per­so­nal data. However, if a data sub­ject wants to use spe­cial ser­vices via our web­site, it could beco­me neces­sa­ry to pro­cess per­so­nal data. If the pro­ces­sing of per­so­nal data is neces­sa­ry and the­re is no legal basis for such pro­ces­sing, we gene­ral­ly obtain the con­sent of the data subject. 

The pro­ces­sing of per­so­nal data, such as the data sub­jec­t’s name, address, email address or tele­pho­ne num­ber, shall always accord with the pro­vi­si­ons of the General Data Protection Regulation and the coun­try-spe­ci­fic data pro­tec­tion regu­la­ti­ons appli­ca­ble to ber­lin-com­mu­ni­ca­ti­on’s inter­pre­ters. By means of this Privacy Policy, our net­work would like to inform the public about the natu­re, scope and pur­po­se of the per­so­nal data we coll­ect, use and pro­cess. Furthermore, this Privacy Policy informs data sub­jects about their rights. 

As the con­trol­ler, the mem­bers of ber­lin-com­mu­ni­ca­ti­on have imple­men­ted num­e­rous tech­ni­cal and orga­ni­sa­tio­nal mea­su­res to ensu­re the most com­ple­te pro­tec­tion of per­so­nal data pro­ces­sed through this web­site. Nevertheless, Internet-based data trans­mis­si­ons can always be sub­ject to secu­ri­ty vul­nerabi­li­ties, so that abso­lu­te pro­tec­tion can­not be gua­ran­teed. For this reason, every data sub­ject is free to sub­mit per­so­nal data to us by alter­na­ti­ve means, for exam­p­le by telephone. 

 

  1. Definitions

Berlin-com­mu­ni­ca­ti­on’s Privacy Policy is based on the terms used by European regu­la­tors and legis­la­tors in issuing the EU General Data Protection Regulation (GDPR). Our Privacy Policy should be easy to read and under­stand for the public as well as for our cli­ents and busi­ness part­ners. To ensu­re this, we would like to explain the terms used in advance. 

Among others, we use the fol­lo­wing terms in this Privacy Policy:

  • (a) Personal data

Personal data means any infor­ma­ti­on rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son (her­ein­af­ter “data sub­ject”). An iden­ti­fia­ble natu­ral per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­ti­cu­lar by refe­rence to an iden­ti­fier such as a name, an iden­ti­fi­ca­ti­on num­ber, loca­ti­on data, an online iden­ti­fier or to one or more fac­tors spe­ci­fic to the phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­ti­ty of that natu­ral person. 

  • (b) Data subject

Data sub­ject means any iden­ti­fied or iden­ti­fia­ble natu­ral per­son who­se per­so­nal data are pro­ces­sed by the controller.

  • © Processing

Processing means any ope­ra­ti­on or set of ope­ra­ti­ons which is per­for­med on per­so­nal data or on sets of per­so­nal data, whe­ther or not by auto­ma­tic means, such as coll­ec­tion, recor­ding, orga­ni­sa­ti­on, struc­tu­ring, sto­rage, adapt­a­ti­on or altera­ti­on, retrie­val, con­sul­ta­ti­on, use, dis­clo­sure by trans­mis­si­on, dis­se­mi­na­ti­on or other­wi­se making available, ali­gnment or com­bi­na­ti­on, rest­ric­tion, era­su­re or destruction.

  • (d) Restriction of processing

Restriction of pro­ces­sing means the mar­king of stored per­so­nal data with the aim of limi­ting their pro­ces­sing in future.

  • (e) Profiling

Profiling means any form of auto­ma­ted pro­ces­sing of per­so­nal data con­sis­ting of the use of per­so­nal data to eva­lua­te cer­tain per­so­nal aspects rela­ting to a natu­ral per­son, in par­ti­cu­lar to ana­ly­se or pre­dict aspects con­cer­ning that natu­ral per­son’s per­for­mance at work, eco­no­mic situa­ti­on, health, per­so­nal pre­fe­ren­ces, inte­rests, relia­bi­li­ty, beha­viour, loca­ti­on or movements.

  • (f) Pseudonymisation

Pseudonymisation means the pro­ces­sing of per­so­nal data in such a man­ner that the per­so­nal data can no lon­ger be attri­bu­ted to a spe­ci­fic data sub­ject wit­hout the use of addi­tio­nal infor­ma­ti­on, pro­vi­ded that such addi­tio­nal infor­ma­ti­on is kept sepa­ra­te­ly and is sub­ject to tech­ni­cal and orga­ni­sa­tio­nal mea­su­res to ensu­re that the per­so­nal data are not attri­bu­ted to an iden­ti­fied or iden­ti­fia­ble natu­ral person.

  • (g) Controller

The con­trol­ler means the natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which, alo­ne or joint­ly with others, deter­mi­nes the pur­po­ses and means of the pro­ces­sing of per­so­nal data. Where the pur­po­ses and means of such pro­ces­sing are deter­mi­ned by Union or Member State law, the con­trol­ler or the spe­ci­fic cri­te­ria for its desi­gna­ti­on may be pro­vi­ded for under Union or Member State law. 

  • (h) Processor

Processor means a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body that pro­ces­ses per­so­nal data on behalf of the controller.

  • (i) Recipient

Recipient means a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body to which the per­so­nal data are dis­c­lo­sed, whe­ther a third par­ty or not. However, public aut­ho­ri­ties which may recei­ve per­so­nal data in the frame­work of a par­ti­cu­lar inquiry in accordance with Union or Member State law shall not be regard­ed as recipients. 

  • (j) Third party

Third par­ty means a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body other than the data sub­ject, con­trol­ler, pro­ces­sor and per­sons who, under the direct aut­ho­ri­ty of the con­trol­ler or pro­ces­sor, are aut­ho­ri­sed to pro­cess per­so­nal data.

  • (k) Consent

Consent of the data sub­ject means any free­ly given, spe­ci­fic, infor­med and unam­bi­guous indi­ca­ti­on of the data sub­jec­t’s wis­hes by which he or she, by a state­ment or by a clear affir­ma­ti­ve action, signi­fies agree­ment to the pro­ces­sing of per­so­nal data rela­ting to him or her.

 

  1. Name and address of the controller

The per­son respon­si­ble within the mea­ning of the General Data Protection Regulation, other data pro­tec­tion laws appli­ca­ble in the Member States of the European Union and other pro­vi­si­ons of a data pro­tec­tion natu­re is:

Maike Grabowski
Wilhelmstraße 121a
10963 Berlin
Germany

Phone: +49 30 8540 7965
Email: m.grabowski@berlin-communication.de
Website: https://www.berlin-communication.de/

 

  1. Collection of gene­ral data and information

The ber­lin-com­mu­ni­ca­ti­on web­site coll­ects a series of gene­ral data and infor­ma­ti­on every time a data sub­ject or auto­ma­ted sys­tem calls up the web­site. These gene­ral data and infor­ma­ti­on are stored in the ser­ver­’s log files. The fol­lo­wing data may be coll­ec­ted: (1) the brow­ser types and ver­si­ons used, (2) the ope­ra­ting sys­tem used by the acces­sing sys­tem, (3) the web­site from which an acces­sing sys­tem acces­ses our web­site (so-cal­led refer­rer), (4) the sub-web­sites that are acces­sed via an acces­sing sys­tem on our web­site, (5) the date and time of access to the web­site, (6) an Internet pro­to­col address (IP address), (7) the Internet ser­vice pro­vi­der of the acces­sing sys­tem and (8) other simi­lar data and infor­ma­ti­on that ser­ve to avert dan­ger in the event of attacks on our infor­ma­ti­on tech­no­lo­gy systems. 

When using the­se gene­ral data and infor­ma­ti­on, ber­lin-com­mu­ni­ca­ti­on does not draw any con­clu­si­ons about the data sub­ject. Rather, this infor­ma­ti­on is requi­red in order to (1) deli­ver the con­tent of our web­site cor­rect­ly, (2) opti­mi­se the con­tent of our web­site as well the adver­ti­se­ment of it, (3) ensu­re the con­tin­ued func­tion­a­li­ty of our infor­ma­ti­on tech­no­lo­gy sys­tems and the tech­no­lo­gy used for our web­site as well as (4) pro­vi­de law enforce­ment aut­ho­ri­ties with the infor­ma­ti­on neces­sa­ry for pro­se­cu­ti­on in the event of a cyber-attack. The data and infor­ma­ti­on coll­ec­ted anony­mously are the­r­e­fo­re eva­lua­ted by ber­lin-com­mu­ni­ca­ti­on both for sta­tis­ti­cal reasons as well as for the pur­po­se of incre­asing data pro­tec­tion and data secu­ri­ty in our net­work in order to ulti­m­ate­ly ensu­re an opti­mal level of pro­tec­tion for per­so­nal data pro­ces­sed by us. The anony­mous data in the ser­ver log files are stored sepa­ra­te­ly from any per­so­nal data pro­vi­ded by a data subject. 

Cookies

The Internet pages of ber­lin-com­mu­ni­ca­ti­on some­ti­mes use so-cal­led coo­kies. Cookies are text files that are stored on a com­pu­ter sys­tem via an inter­net browser. 

Many web­sites and ser­vers use coo­kies. Many coo­kies con­tain a so-cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a string of cha­rac­ters by which inter­net pages and ser­vers can be assi­gned to the spe­ci­fic inter­net brow­ser in which the coo­kie was stored. This enables the web­sites and ser­vers visi­ted to distin­gu­ish the indi­vi­du­al brow­ser of the data sub­ject from other inter­net brow­sers that con­tain other coo­kies. A spe­ci­fic inter­net brow­ser can be reco­g­nis­ed and iden­ti­fied via the uni­que coo­kie ID. 

Through the use of coo­kies, ber­lin-com­mu­ni­ca­ti­on can pro­vi­de the users of this web­site with more user-fri­end­ly ser­vices that would not be pos­si­ble wit­hout the coo­kie setting.

By means of a coo­kie, the infor­ma­ti­on and offers on this web­site can be opti­mi­sed in the inte­rests of the user. Cookies enable ber­lin-com­mu­ni­ca­ti­on, as alre­a­dy men­tio­ned, to reco­g­ni­se the users of this web­site. The pur­po­se of this reco­gni­ti­on is to make it easier for users to use our web­site. For exam­p­le, the user of a web­site that uses coo­kies does not have to re-enter his or her access data each time he or she visits the web­site becau­se this is done by the web­site and the coo­kie stored on the user’s com­pu­ter sys­tem. Another exam­p­le is the coo­kie used for a shop­ping cart in an online shop. The online shop remem­bers the items that a cus­to­mer has pla­ced in the vir­tu­al shop­ping cart via a cookie. 

The data sub­ject can pre­vent the set­ting of coo­kies by this web­site at any time by means of an appro­pria­te set­ting of the Internet brow­ser used and thus per­ma­nent­ly object to the set­ting of coo­kies. Furthermore, coo­kies that have alre­a­dy been set can be dele­ted at any time via an inter­net brow­ser or other soft­ware pro­gram­mes. This is pos­si­ble in all com­mon inter­net brow­sers. If the data sub­ject deac­ti­va­tes the set­ting of coo­kies in the Internet brow­ser used, not all func­tions of this web­site may be ful­ly usable. 

Cookies that are requi­red to car­ry out the elec­tro­nic com­mu­ni­ca­ti­on pro­cess or to pro­vi­de cer­tain func­tions desi­red by the user (e.g. shop­ping cart func­tion) are stored on the basis of Article 6(1) lit. f GDPR. The web­site ope­ra­tor has a legi­ti­ma­te inte­rest in sto­ring coo­kies for the tech­ni­cal­ly error-free and opti­mi­sed pro­vi­si­on of its ser­vices. Insofar as other coo­kies (e.g. coo­kies for ana­ly­sing the visi­tor’s sur­fing beha­viour) are stored, the­se are dealt with sepa­ra­te­ly in this Privacy Policy. 

 

  1. Routine era­su­re and blo­cking of per­so­nal data

The con­trol­ler shall pro­cess and store per­so­nal data about the data sub­ject only for the time neces­sa­ry to achie­ve the pur­po­se of sto­rage or whe­re pro­vi­ded for by European regu­la­tors and legis­la­tors or ano­ther legis­la­tor in laws or regu­la­ti­ons to which the con­trol­ler is subject.

If the pur­po­se of sto­rage no lon­ger appli­es, or if a sto­rage peri­od pre­scri­bed by European regu­la­tors and legis­la­tors or ano­ther com­pe­tent legis­la­tor expi­res, the per­so­nal data will be rou­ti­ne­ly blo­cked or era­sed in accordance with the sta­tu­to­ry provisions.

 

  1. Rights of the data subject
  • a) Right to confirmation

Every data sub­ject has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to obtain from the con­trol­ler con­fir­ma­ti­on as to whe­ther per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to exer­cise this right of con­fir­ma­ti­on, he or she may, at any time, cont­act a mem­ber of the ber­lin-com­mu­ni­ca­ti­on net­work respon­si­ble for pro­ces­sing the per­so­nal data (con­trol­ler).

  • b) Right of access

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to obtain from the con­trol­ler free infor­ma­ti­on at any time about the per­so­nal data stored about him or her and a copy of this infor­ma­ti­on. Furthermore, the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties have gran­ted the data sub­ject access to the fol­lo­wing information: 

    • The pur­po­se of the processing
    • The cate­go­ries of per­so­nal data concerned
    • The reci­pi­ents or cate­go­ries of reci­pi­ents to whom the per­so­nal data have been or will be dis­c­lo­sed, in par­ti­cu­lar reci­pi­ents in third count­ries or inter­na­tio­nal organisations
    • Where pos­si­ble, the envi­sa­ged peri­od for which the per­so­nal data will be stored, or, if not pos­si­ble, the cri­te­ria used to deter­mi­ne that period
    • The exis­tence of the right to request from the con­trol­ler rec­ti­fi­ca­ti­on or era­su­re of per­so­nal data or rest­ric­tion of pro­ces­sing of per­so­nal data con­cer­ning the data sub­ject or to object to such processing
    • The right to lodge a com­plaint with a super­vi­so­ry authority
    • Where the per­so­nal data are not coll­ec­ted from the data sub­ject, any available infor­ma­ti­on as to their source
    • The exis­tence of auto­ma­ted decis­i­on-making, inclu­ding pro­fil­ing, pur­su­ant to Article 22(1) and (4) of the GDPR and, at least in tho­se cases, meaningful infor­ma­ti­on about the logic invol­ved, as well as the signi­fi­can­ce and the envi­sa­ged con­se­quen­ces of such pro­ces­sing for the data subject

Furthermore, the data sub­ject has the right to be infor­med whe­ther per­so­nal data have been trans­fer­red to a third coun­try or to an inter­na­tio­nal orga­ni­sa­ti­on. If this is the case, the data sub­ject also has the right to be infor­med of the appro­pria­te safe­guards rela­ting to the transfer. 

If a data sub­ject wis­hes to exer­cise this right of access, he or she may, at any time, cont­act a mem­ber of the ber­lin-com­mu­ni­ca­ti­on net­work respon­si­ble for pro­ces­sing the per­so­nal data (con­trol­ler).

  • c) Right to rectification

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to demand the rec­ti­fi­ca­ti­on wit­hout undue delay of inac­cu­ra­te per­so­nal data con­cer­ning him or her. Furthermore, taking into account the pur­po­ses of the pro­ces­sing, the data sub­ject has the right to have incom­ple­te per­so­nal data com­ple­ted, inclu­ding by means of pro­vi­ding a sup­ple­men­ta­ry statement. 

If a data sub­ject wis­hes to exer­cise the right to rec­ti­fi­ca­ti­on, he or she may, at any time, cont­act any mem­ber of the ber­lin-com­mu­ni­ca­ti­on net­work respon­si­ble for pro­ces­sing the per­so­nal data (con­trol­ler).

  • d) Right to era­su­re (right to be forgotten)

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to obtain from the con­trol­ler the era­su­re of per­so­nal data con­cer­ning him or her wit­hout undue delay, whe­re one of the fol­lo­wing grounds appli­es and inso­far as the pro­ces­sing is not necessary:

    • The per­so­nal data are no lon­ger neces­sa­ry in rela­ti­on to the pur­po­ses for which they were coll­ec­ted or other­wi­se processed
    • The data sub­ject with­draws con­sent on which the pro­ces­sing is based accor­ding to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, and whe­re the­re is no other legal ground for the processing 
    • The data sub­ject objects to the pro­ces­sing pur­su­ant to Article 21(1) GDPR and the­re are no over­ri­ding legi­ti­ma­te grounds for the pro­ces­sing, or the data sub­ject objects to the pro­ces­sing pur­su­ant to Article 21(2) GDPR 
    • The per­so­nal data have been unlawful­ly processed
    • The per­so­nal data have to be era­sed for com­pli­ance with a legal obli­ga­ti­on in Union or Member State law to which the con­trol­ler is subject
    • The per­so­nal data have been coll­ec­ted in rela­ti­on to the offer of infor­ma­ti­on socie­ty ser­vices refer­red to in Article 8(1) GDPR 

If one of the afo­re­men­tio­ned reasons appli­es, and a data sub­ject wis­hes to arran­ge for the era­su­re of per­so­nal data stored by ber­lin-com­mu­ni­ca­ti­on, he or she may, at any time, cont­act any mem­ber of the ber­lin-com­mu­ni­ca­ti­on net­work respon­si­ble for pro­ces­sing the per­so­nal data (con­trol­ler). The net­work mem­ber from ber­lin-com­mu­ni­ca­ti­on will arran­ge for the era­su­re request to be com­pli­ed with immediately. 

Where the per­so­nal data have been made public by mem­bers of ber­lin-com­mu­ni­ca­ti­on and our net­work, as the con­trol­ler, is obli­ged to era­se the per­so­nal data pur­su­ant to Article 17(1) GDPR, ber­lin-com­mu­ni­ca­ti­on shall, taking into account available tech­no­lo­gy and the cost of imple­men­ta­ti­on, take reasonable steps, inclu­ding tech­ni­cal mea­su­res, to inform con­trol­lers which are pro­ces­sing the per­so­nal data that the data sub­ject has reques­ted the era­su­re by such con­trol­lers of any links to, or copy or repli­ca­ti­on of, tho­se per­so­nal data. The net­work mem­ber from ber­lin-com­mu­ni­ca­ti­on will arran­ge for the neces­sa­ry action to be taken in indi­vi­du­al cases. 

  • e) Right to rest­ric­tion of processing

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to obtain from the con­trol­ler rest­ric­tion of pro­ces­sing whe­re one of the fol­lo­wing con­di­ti­ons applies:

    • The accu­ra­cy of the per­so­nal data is con­tes­ted by the data sub­ject, for a peri­od enab­ling the con­trol­ler to veri­fy the accu­ra­cy of the per­so­nal data
    • The pro­ces­sing is unlawful and the data sub­ject oppo­ses the era­su­re of the per­so­nal data and requests the rest­ric­tion of their use instead
    • The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of the pro­ces­sing, but they are requi­red by the data sub­ject for the estab­lish­ment, exer­cise or defence of legal claims
    • The data sub­ject has objec­ted to pro­ces­sing pur­su­ant to Article 21(1) GDPR pen­ding the veri­fi­ca­ti­on whe­ther the legi­ti­ma­te grounds of the con­trol­ler over­ri­de tho­se of the data subject 

If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to request the rest­ric­tion of per­so­nal data stored by ber­lin-com­mu­ni­ca­ti­on, he or she may, at any time, cont­act the ber­lin-com­mu­ni­ca­ti­on net­work mem­ber respon­si­ble for pro­ces­sing. The net­work mem­ber from ber­lin-com­mu­ni­ca­ti­on will arran­ge the rest­ric­tion of the processing. 

  • f) Right to data portability

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to recei­ve the per­so­nal data con­cer­ning him or her, which the data sub­ject has pro­vi­ded to a con­trol­ler, in a struc­tu­red, com­mon­ly used and machi­ne-rea­da­ble for­mat. He/she also has the right to trans­mit tho­se data to ano­ther con­trol­ler wit­hout hin­drance from the con­trol­ler to which the per­so­nal data have been pro­vi­ded, pro­vi­ded that the pro­ces­sing is based on con­sent pur­su­ant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a con­tract pur­su­ant to point (b) of Article 6(1) GDPR and the pro­ces­sing is car­ri­ed out by auto­ma­ted means, unless the pro­ces­sing is neces­sa­ry for the per­for­mance of a task car­ri­ed out in the public inte­rest or in the exer­cise of offi­ci­al aut­ho­ri­ty ves­ted in the controller. 

Furthermore, in exer­cis­ing his or her right to data por­ta­bi­li­ty pur­su­ant to Article 20(1) GDPR, the data sub­ject has the right to have the per­so­nal data trans­fer­red direct­ly from one con­trol­ler to ano­ther, to the ext­ent that this is tech­ni­cal­ly fea­si­ble and pro­vi­ded that this does not adver­se­ly affect the rights and free­doms of others. 

In order to assert the right to data por­ta­bi­li­ty, the data sub­ject may at any time cont­act the net­work mem­ber of ber­lin-com­mu­ni­ca­ti­on with whom the data sub­ject has a busi­ness relationship.

  • g) Right to object

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to object, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, at any time to pro­ces­sing of per­so­nal data con­cer­ning him or her which is based on point (e) or (f) of Article (1) GDPR. This also appli­es to pro­fil­ing based on the­se provisions. 

The mem­bers of ber­lin-com­mu­ni­ca­ti­on shall no lon­ger pro­cess the per­so­nal data in the event of the objec­tion, unless we can demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject, or for the estab­lish­ment, exer­cise or defence of legal claims.

If ber­lin-com­mu­ni­ca­ti­on pro­ces­ses per­so­nal data for direct mar­ke­ting pur­po­ses, the data sub­ject has the right to object at any time to pro­ces­sing of per­so­nal data con­cer­ning him or her for such mar­ke­ting. This also appli­es to pro­fil­ing to the ext­ent that it is rela­ted to such direct mar­ke­ting. If the data sub­ject objects to pro­ces­sing for direct mar­ke­ting pur­po­ses by ber­lin-com­mu­ni­ca­ti­on, ber­lin-com­mu­ni­ca­ti­on will no lon­ger pro­cess the per­so­nal data for such purposes. 

In addi­ti­on, the data sub­ject has the right, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, to object to pro­ces­sing of per­so­nal data con­cer­ning him or her which is car­ri­ed out by ber­lin-com­mu­ni­ca­ti­on for sci­en­ti­fic or his­to­ri­cal rese­arch pur­po­ses or sta­tis­ti­cal pur­po­ses pur­su­ant to Article 89(1) GDPR, unless the pro­ces­sing is neces­sa­ry for the per­for­mance of a task car­ri­ed out for reasons of public interest. 

In order to exer­cise the right to object, the data sub­ject may direct­ly cont­act the mem­ber of ber­lin-com­mu­ni­ca­ti­on with whom the busi­ness rela­ti­onship exists. In the con­text of the use of infor­ma­ti­on socie­ty ser­vices, and not­wi­th­stan­ding Directive 2002/58/EC, the data sub­ject may exer­cise his or her right to object by auto­ma­ted means using tech­ni­cal specifications. 

  • h) Automated indi­vi­du­al decis­i­on-making, inclu­ding profiling

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, not to be sub­ject to a decis­i­on based sole­ly on auto­ma­ted pro­ces­sing, inclu­ding pro­fil­ing, which pro­du­ces legal effects con­cer­ning him or her or simi­lar­ly signi­fi­cant­ly affects him or her, pro­vi­ded that the decis­i­on (1) is not neces­sa­ry for ente­ring into, or per­for­mance of, a con­tract bet­ween the data sub­ject and the con­trol­ler, or (2) is aut­ho­ri­sed by Union or Member State law to which the con­trol­ler is sub­ject and which always lays down sui­ta­ble mea­su­res to safe­guard the data sub­jec­t’s rights and free­doms and legi­ti­ma­te inte­rests, or (3) is based on the data sub­jec­t’s expli­cit consent.

If the decis­i­on (1) is neces­sa­ry for ente­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and the data con­trol­ler, or (2) it is made with the data sub­jec­t’s expli­cit con­sent, ber­lin-com­mu­ni­ca­ti­on shall imple­ment sui­ta­ble mea­su­res to safe­guard the data sub­jec­t’s rights and free­doms and legi­ti­ma­te inte­rests, at least the right to obtain human inter­ven­ti­on on the part of the con­trol­ler, to express his or her point of view and to con­test the decision.

If the data sub­ject wis­hes to exer­cise the rights con­cer­ning auto­ma­ted decis­i­ons, he or she may, at any time, cont­act the mem­ber from the ber­lin-com­mu­ni­ca­ti­on net­work respon­si­ble for pro­ces­sing (con­trol­ler)

  • i) Right to revo­ke con­sent under data pro­tec­tion law

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right, gran­ted by the European legis­la­ti­ve and regu­la­to­ry aut­ho­ri­ties, to with­draw con­sent to the pro­ces­sing of per­so­nal data at any time.

If the data sub­ject wis­hes to exer­cise the right to with­draw con­sent, he or she may, at any time, cont­act the mem­ber from the ber­lin-com­mu­ni­ca­ti­on net­work respon­si­ble for pro­ces­sing (con­trol­ler)

 

  1. Data pro­tec­tion in job appli­ca­ti­ons and in the job appli­ca­ti­on process

The con­trol­ler coll­ects and pro­ces­ses the per­so­nal data of job appli­cants for the pur­po­se of mana­ging the job appli­ca­ti­on pro­ce­du­re. The pro­ces­sing may also be car­ri­ed out elec­tro­ni­cal­ly. This is par­ti­cu­lar­ly the case if a job appli­cant sends the rele­vant appli­ca­ti­on docu­ments to the con­trol­ler elec­tro­ni­cal­ly, for exam­p­le by email or via a web form on the web­site. If the con­trol­ler con­cludes an employ­ment con­tract with a job appli­cant, the trans­mit­ted data will be stored for the pur­po­se of pro­ces­sing the employ­ment rela­ti­onship in com­pli­ance with sta­tu­to­ry pro­vi­si­ons. If the con­trol­ler does not con­clude an employ­ment con­tract with the job appli­cant, the appli­ca­ti­on docu­ments shall be auto­ma­ti­cal­ly era­sed two months after pro­vi­ding noti­fi­ca­ti­on of the rejec­tion decis­i­on, pro­vi­ded that era­su­re does not con­flict with any other legi­ti­ma­te inte­rests of the con­trol­ler. Other legi­ti­ma­te inte­rests in this sen­se include, for exam­p­le, a duty to pro­vi­de evi­dence in pro­cee­dings under the German General Equal Treatment Act (AGG).

 

  1. Privacy poli­cy on the use and appli­ca­ti­on of Google AdWords

The con­trol­ler has inte­gra­ted Google AdWords on this web­site. Google AdWords is an inter­net adver­ti­sing ser­vice that enables adver­ti­sers to place ads both in Google’s search engi­ne results and in the Google adver­ti­sing net­work. Google AdWords allows an adver­ti­ser to pre­de­fi­ne spe­ci­fic key­words in advan­ce, by means of which an ad is dis­play­ed in Google’s search engi­ne results exclu­si­ve­ly when the user retrie­ves a key­word-rele­vant search result with the search engi­ne. In the Google adver­ti­sing net­work, the ads are dis­tri­bu­ted on topic-rele­vant web­sites using an auto­ma­tic algo­rithm and in com­pli­ance with the pre­de­fi­ned keywords. 

The com­pa­ny ope­ra­ting the Google AdWords ser­vices is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043–1351, USA.

The pur­po­se of Google AdWords is to adver­ti­se our web­site by dis­play­ing inte­rest-rele­vant adver­ti­sing on the web­sites of third-par­ty com­pa­nies and in the search engi­ne results of the Google search engi­ne, and to dis­play third-par­ty adver­ti­sing on our website.

If a data sub­ject acces­ses our web­site via a Google adver­ti­se­ment, a so-cal­led con­ver­si­on coo­kie will be stored by Google on the data sub­jec­t’s infor­ma­ti­on tech­no­lo­gy sys­tem. What coo­kies are has alre­a­dy been explai­ned abo­ve. A con­ver­si­on coo­kie loses its vali­di­ty after thir­ty days and is not used to iden­ti­fy the data sub­ject. If the coo­kie has not yet expi­red, the con­ver­si­on coo­kie is used to track whe­ther cer­tain sub-pages, for exam­p­le the shop­ping cart from an online shop sys­tem, have been cal­led up on our web­site. The con­ver­si­on coo­kie enables both us and Google to track whe­ther a data sub­ject who has acces­sed our web­site via an AdWords ad has gene­ra­ted a sale, i.e. has com­ple­ted or can­cel­led a purchase. 

The data and infor­ma­ti­on coll­ec­ted through using the con­ver­si­on coo­kie are used by Google to com­pi­le visit sta­tis­tics for our web­site. These visit sta­tis­tics are in turn used by us to deter­mi­ne the total num­ber of users who were refer­red to us via AdWords ads, i.e. to ascer­tain the suc­cess or fail­ure of the respec­ti­ve AdWords ad and to opti­mi­se our AdWords ads for the future. Neither our net­work nor other Google AdWords adver­ti­sers recei­ve infor­ma­ti­on from Google that could iden­ti­fy the data subject. 

The con­ver­si­on coo­kie stores per­so­nal infor­ma­ti­on, for exam­p­le the web pages visi­ted by the data sub­ject. Each time our web­site is visi­ted, per­so­nal data, inclu­ding the IP address of the Internet con­nec­tion used by the data sub­ject, is trans­mit­ted to Google in the United States of America. This per­so­nal data is stored by Google in the United States of America. Google may share this per­so­nal data coll­ec­ted through the tech­ni­cal pro­cess with third parties. 

The data sub­ject can pre­vent our web­site from set­ting coo­kies, as descri­bed abo­ve, at any time by appro­pria­te­ly adjus­ting the set­tings on the Internet brow­ser used and thus per­ma­nent­ly pre­ven­ting the set­ting of coo­kies. Such a set­ting of the inter­net brow­ser used would also pre­vent Google from set­ting a con­ver­si­on coo­kie on the infor­ma­ti­on tech­no­lo­gy sys­tem used by the data sub­ject. In addi­ti­on, a coo­kie alre­a­dy set by Google AdWords can be dele­ted at any time using the inter­net brow­ser or other soft­ware programs. 

Furthermore, the data sub­ject can object to inte­rest-based adver­ti­sing by Google. To do this, the data sub­ject must call up the link www.google.de/settings/ads from any of the inter­net brow­sers he or she uses and make the desi­red set­tings there. 

Further infor­ma­ti­on and Google’s appli­ca­ble pri­va­cy poli­cy can be found at https://www.google.de/intl/de/policies/privacy/.

 

  1. Legal basis of the processing

Article 6 I lit. a GDPR pro­vi­des our net­work with the legal basis for pro­ces­sing ope­ra­ti­ons in which we obtain con­sent for a spe­ci­fic pro­ces­sing pur­po­se. If the pro­ces­sing of per­so­nal data is neces­sa­ry for the per­for­mance of a con­tract to which the data sub­ject is a par­ty, as is the case, for exam­p­le, with pro­ces­sing ope­ra­ti­ons that are neces­sa­ry for the deli­very of goods or the pro­vi­si­on of ano­ther ser­vice or con­side­ra­ti­on, the pro­ces­sing is based on Article 6 I lit. b GDPR. The same appli­es to pro­ces­sing ope­ra­ti­ons that are neces­sa­ry for the imple­men­ta­ti­on of pre-con­trac­tu­al mea­su­res, for exam­p­le in the case of enqui­ries about our pro­ducts or ser­vices. If our net­work is sub­ject to a legal obli­ga­ti­on through which the pro­ces­sing of per­so­nal data beco­mes neces­sa­ry, such as for the ful­film­ent of tax obli­ga­ti­ons, the pro­ces­sing is based on Article 6 I lit. c GDPR. In rare cases, the pro­ces­sing of per­so­nal data might beco­me neces­sa­ry to pro­tect vital inte­rests of the data sub­ject or ano­ther natu­ral per­son. This would be the case, for exam­p­le, if a visi­tor were to be inju­red on our pre­mi­ses and, as a result, their name, age, health insu­rance details or other vital infor­ma­ti­on would need to be pas­sed on to a doc­tor, hos­pi­tal or other third par­ty. Then the pro­ces­sing would be based on Article 6 I lit. d GDPR. Ultimately, pro­ces­sing ope­ra­ti­ons could be based on Article 6 I lit. f GDPR. Processing ope­ra­ti­ons that are not cover­ed by any of the afo­re­men­tio­ned legal bases are based on this legal basis if the pro­ces­sing is neces­sa­ry to safe­guard a legi­ti­ma­te inte­rest of our net­work or a third par­ty, pro­vi­ded that the inte­rests or the fun­da­men­tal rights and free­doms of the data sub­ject are not over­ri­ding. We are, in par­ti­cu­lar, per­mit­ted to car­ry out such pro­ces­sing ope­ra­ti­ons becau­se they have been spe­ci­fi­cal­ly men­tio­ned by the European legis­la­tor. In this respect, it took the view that a legi­ti­ma­te inte­rest could be assu­med if the data sub­ject is a cli­ent of the con­trol­ler (Recital 47, second sen­tence GDPR). 

 

  1. Legitimate inte­rests in the pro­ces­sing pur­sued by the con­trol­ler or a third party

If the pro­ces­sing of per­so­nal data is based on Article 6 I lit. f GDPR, the legi­ti­ma­te inte­rest of the respec­ti­ve net­work mem­ber is the per­for­mance of the net­wor­k’s busi­ness acti­vi­ties to bene­fit the well-being of all mem­bers in the network. 

 

  1. Duration for which the per­so­nal data are stored

The cri­ter­ion for the dura­ti­on for sto­ring per­so­nal data is the respec­ti­ve sta­tu­to­ry reten­ti­on peri­od. Once this peri­od has expi­red, the cor­re­spon­ding data are rou­ti­ne­ly era­sed if they are no lon­ger requi­red for the ful­film­ent or initia­ti­on of the contract. 

 

  1. Legal or con­trac­tu­al requi­re­ments to pro­vi­de the per­so­nal data; neces­si­ty for the con­clu­si­on of the con­tract; obli­ga­ti­on of the data sub­ject to pro­vi­de the per­so­nal data; pos­si­ble con­se­quen­ces of non-provision

We would like to inform you that the pro­vi­si­on of per­so­nal data is part­ly requi­red by law (e.g. tax regu­la­ti­ons) or may also result from con­trac­tu­al regu­la­ti­ons (e.g. infor­ma­ti­on on the con­trac­tu­al part­ner). In order to con­clude a con­tract, it may some­ti­mes be neces­sa­ry for a data sub­ject to pro­vi­de us with per­so­nal data that must sub­se­quent­ly be pro­ces­sed by us. For exam­p­le, the data sub­ject is obli­ged to pro­vi­de us with per­so­nal data when a mem­ber of our net­work con­cludes a con­tract with him or her. Failure to pro­vi­de the per­so­nal data would mean that the con­tract with the data sub­ject could not be con­cluded. Before the data sub­ject pro­vi­des the per­so­nal data, the data sub­ject must cont­act the net­work mem­ber with whom the busi­ness rela­ti­onship exists. The net­work mem­ber shall inform the data sub­ject on a case-by-case basis whe­ther the pro­vi­si­on of per­so­nal data is legal­ly or con­trac­tual­ly requi­red, or is neces­sa­ry for the con­clu­si­on of the con­tract, whe­ther the­re is an obli­ga­ti­on to pro­vi­de the per­so­nal data, and what the con­se­quen­ces of not pro­vi­ding the per­so­nal data would be. 

 

  1. Existence of auto­ma­ted decision-making

As a respon­si­ble net­work, we do not use auto­ma­tic decis­i­on-making or profiling.

This Privacy Policy was crea­ted by the pri­va­cy poli­cy gene­ra­tor from DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the External Data Protection Commissioner Munich, in coope­ra­ti­on with Christian Solmecke, lawy­er for data pro­tec­tion law.