Data Security

We take data protection seriously

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalized evaluation of this data.

If you send us data via the contact form, this data will be stored on our servers as part of the data backup process. Your data will only be used by us to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.

Table of contents

1. Who is responsible for data processing and who can you contact?. 2
2. Personal data.. 2
3. Visit the website. 2

3.1.     General use. 2

3.2.     Automatically stored data. 3

3.3.     Making contact. 3

3.4.     Cookies. 3

3.5.     Consent management. 4

3.6.     Hosting. 4

4. Service optimization.. 5

4.1.     Newsletter. 5

5. Tools and services for analysis, statistics and marketing.. 5

5.1.     Analysis and statistics. 5

6. Security. 6
7. What other data is processed and from which sources does this data originate?. 7
8. What data protection rights do I have?. 8
9. Changes to this privacy policy. 10

1.       Who is responsible for data processing and who can you contact?

Responsible person:

EXPOOTEL
Storchengrund 1, 23738 Lensahn
Phone: +49-157-37519149
E-mail: s.kaiser@expootel.de

 The company data protection officer is

 Mr. Christian Volkmer
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg

E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2.       Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to be able to offer you the requested service.

The same applies if we supply you with information material on request or if we answer your inquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

3.    Visit the website

3.1.   General use

When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. The processing of this information is absolutely necessary for the technical transmission of the web pages, the convenient use of our services and secure server operation. Our legitimate interest arises from Art. 6 para. 1 lit. f GDPR.

It is not possible to draw any direct conclusions about your identity from the information and we will not do so. The information is stored and automatically deleted once the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

3.2.   Automatically saved data

 Server log files

 The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• Web browser and operating system used
• Complete IP address of the requesting computer
• Amount of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts.

3.3.   Contact us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

The response to contact requests in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of the legitimate interests in responding to the inquiries.

• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
• Affected persons: Communication partner.
• Purposes of processing: Contact requests and communication.
• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

3.4.   Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without the use of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily consent to tracking or analysis via the cookie banner that appears. Your data may be passed on to partners or third-party providers. These cookies are only stored if you explicitly consent to this; the legal basis is then your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can change your settings for the use of cookies here at any time:

XXXXX.  Link to call up the consent banner again.    XXXXX

3.5.   Consent Management

Usercentrics

Our website uses the consent technology of Usercentrics to obtain your consent to the storage of your data.

of certain cookies on your end device or for the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics).

When you enter our website, a connection is established to the Usercentrics servers in order to obtain your consent and other declarations regarding the use of cookies. Usercentrics then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3.6.   Hosting

Bluehost

We host our website with Bluehost. The provider is Bluehost Inc. a company of Newfold Digital, Inc, 5335 Gate Pkwy, 32256 Jacksonville, FL, www.bluehost.com, USA (hereinafter referred to as Bluehost). When you visit our website, Bluehost collects various log files including your IP addresses.

Bluehost is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are required to display the page, to provide certain website functions and to ensure security (necessary cookies).

Details can be found in Bluehost’s privacy policy: https://newfold.com/privacy-center

The use of Bluehost is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission:

https://newfold.com/privacy-center/addendum-ch-gdpr

https://assets.web.com/legal/English/DataProcessingAddendum.pdf

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4.       Service optimization

4.1.   Newsletter

We use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you a newsletter by email if you have expressly confirmed to us beforehand that we should activate the newsletter service. The legal basis is therefore Art. 6 para. 1 lit. a GDPR. We will then send you a notification email and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in this email. When you register for our newsletter, we store your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses your e-mail address to subscribe you to the newsletter without your knowledge or authorization. Alternatively, you may also receive mail from us as an existing customer on the basis of our legitimate interest in the same or similar services in accordance with Section 7 (3) of the German Act Against Unfair Competition (UWG). If you no longer wish to receive newsletters from us at a later date, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates.

5.       Tools and services for analysis, statistics and marketing

5.1.   Analysis and statistics

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that we use to implement tracking or statistics tools and other

technologies on our website. The Google Tag Manager itself does not create

user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR.

Google Analytics (4)

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the Data Privacy Framework between the USA and the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

6.       Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

7.       What other data is processed and from which sources does this data originate?

We process the data that we have received from you in the context of contract initiation or processing, on the basis of consent or in the context of your application to us or in the context of your employment with us.

Personal data includes the following

• Customers: First name and surname, address, contact details (e-mail address, telephone number, fax), bank details.
• Applicants and employees: e.g. first name and surname, address, contact details (e-mail address, telephone number, fax), date of birth, data from CV and references, bank details, religious affiliation, photographs.
• Business partners: e.g. the name of their legal representatives, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.

In addition, we also process the following other personal data:

• Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
• Advertising and sales data,
• other data that we have received from you in the course of our business relationship (e.g. in discussions with customers),
• Data that we generate ourselves from master / contact data and other data, e.g. by means of customer demand and customer potential analyses,
• the documentation of your declaration of consent for the receipt of e.g. newsletters.
• Photographs taken as part of events.

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:

–              for the fulfillment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data is processed online or at our company location for the purpose of processing contracts with your employees in our company. The data is processed in particular when initiating business and when executing contracts with you.

–              for the fulfillment of legal obligations (Art. 6 para. 1 lit.c GDPR):

The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.

–              to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):

Based on a balancing of interests, data may be processed beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place in the following cases, for example:

• Advertising or marketing
• Measures for business management and further development of services and products;
• in the context of legal prosecution
• Sending of non-sales-promoting information and press releases.

–              within the scope of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us your consent to process your data, e.g. to send you our newsletter, publish photos, competitions, etc., we will not process your data.

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Under the legal requirements of Section 7 (3) UWG, we are entitled to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, every e-mail always contains an unsubscribe link.

Who receives my data?

If we use a service provider in the sense of commissioned processing, we nevertheless remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data if they require the data to perform their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of contract initiation and fulfillment.

How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code or the Working Hours Act); in addition, until the termination of any legal disputes in which the data is required as evidence.

8.       What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to complain in accordance with the requirements of data protection law.

Right to information:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:

You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

Right to restriction of processing:

You can request that we restrict the processing of your data if

-you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.

-the       processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,

-we        no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or

-you have objected to the processing of the data.

Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

-we        process this data on the basis of your revocable consent or for the performance of a contract between us, and

-this       processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

Right of objection:

If we process your data for legitimate interests, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right of appeal:

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfillment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfillment of the contract.

9.       Changes to this privacy policy

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.