Logo : MicroBubbles

Privacy Policy

1) General information an principles of data processing

We are delighted that you are visiting our website. Protecting your privacy and your personal data when you use our website is very important to us.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address. Data that cannot be linked to your person, for example through anonymisation, is not personal data. The processing of personal data (e.g. collection, storage, retrieval, retrieval, use, transmission, deletion or destruction) in accordance with Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be observed.

Here you will find information about how we handle your personal data when you visit our website. In order to provide the functions and services of our website, we need to collect personal data about you. We also explain the type and scope of the respective data processing, the purpose and corresponding legal basis, and the respective storage period.

This privacy policy applies only to this website. It does not apply to other third-party websites to which we merely refer via hyperlink. We cannot accept any responsibility for the confidential treatment of your personal data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about how these companies handle your personal data directly on these websites.

We maintain separate data protection information for project applications and application inquiries, which is also available on our website under the contact link.

Below you will find the contact details of the responsible body and the data protection officer.

2) Responsible authority

Responsible for the processing of personal data on this website is (see imprint):

MicroBubbles GmbH
Lagerhofstraße 4
04103 Leipzig

Management

Roland Damann
Christian Henning

E-Mail: info@microbubbles.org

3) Collection of general data and information

a) TYPE AND SCOPE OF DATA PROCESSING

If you use the website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and ensure stability and security (the legal basis is Art. 6 (1) (f) GDPR):

  • the browser types and versions used;
  • the operating system used by the accessing system;
  • the website from which an accessing system reaches our website (so-called referrers);
  • the sub-websites accessed via an accessing system on our website;
  • the date and time of access to the website;
  • an Internet protocol address (IP address);
  • the Internet service provider of accessing system;
  • other similar data and information used to avert dangers in the event of attacks on our information technology systems.

b) PURPOSE AND LEGAL BASIS

By law, any processing of personal data is in principle prohibited and is only permitted if the data processing falls under one of the following justifications:

  • Art. 6 (1) (a) GDPR (“consent”): If the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous confirmatory act that he or she agrees to the processing of personal data concerning him or her for one or more specific purposes;
  • Art. 6 (1) (b) GDPR: If the processing is necessary to fulfill a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
  • Art. 6 (1) (c) GDPR: If processing is necessary to fulfil a legal obligation to which the controller is subject (e.g. a statutory retention period);
  • Art. 6 (1) (d) GDPR: If processing is necessary to protect the vital interests of the data subject or of another natural person;
  • Art. 6 (1) (e) GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
  • Art. 6 (1) (f) GDPR (“Legitimate interests”): If processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject prevail (in particular if the data subject is a minor).

Furthermore, the storage of information in the terminal equipment of you as the end user as well as access to information that is already stored in your terminal equipment will only take place after you have given your consent in accordance with § 25 (1) TTDSG, unless this is dispensable according to § 25 (2) TTDSG.

For each of the processing operations we carry out, we specify the applicable legal basis below. Processing may also be based on multiple legal bases.

c) STORAGE PERIOD

Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data is generally stored only on our servers in Germany, subject to possible transfer in accordance with the provisions in Section 7.

However, storage may extend beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings, or if storage is required by legal regulations to which we as the controller are subject (e.g., Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO). If the storage period prescribed by law expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for doing so.

4) Data protection transfer to third parties

As with any larger company, we also use external domestic and foreign service providers to handle our business transactions (e.g., in the areas of IT, logistics, telecommunications, sales, and marketing). These providers operate solely on our instructions and are contractually obligated to comply with data protection regulations within the meaning of Art. 28 GDPR.

5) Data transfer to a third country

If we process data in a third country (i.e., outside the European Union (EU)) or the European Economic Area (EEA), or if this occurs in the context of using third-party services or disclosing or transmitting data to third parties, this will only occur if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the specific requirements of Art. 44 et seq. GDPR are met. The European Commission certifies that some third countries provide data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

In other third countries to which personal data may be transferred, a consistently high level of data protection may not exist due to a lack of legal regulations. Where this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates, or recognized codes of conduct. With regard to the individual services, we will inform you at the appropriate point (see Section 5) about the requirements for data transfer to third countries. Please contact our data protection officer (see Section 2) if you would like further information on this.

6) Cookies

The MicroBubbles GmbH website uses cookies. Cookies are text files that are stored on a computer system via an internet browser.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that allows websites and servers to associate the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID. By using cookies, we can provide you with more user-friendly services on our website that would not be possible without the setting of cookies.

As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of a website that uses cookies do not have to enter their login details every time they visit the website because this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie for a shopping cart in an online shop. The online shop uses a cookie to remember the items that customers have placed in the virtual shopping cart.

7) Your rights

You have the right at any time,

  • and in accordance with Art. 15 GDPR, to request information about the personal data concerning you that is being processed. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom the data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of the data if it was not collected from the controller, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details.
  • in accordance with Art. 16 GDPR, to request the immediate rectification of inaccurate or incomplete personal data stored by the controller;
  • to request the erasure of stored personal data at any time in accordance with Art. 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to request the restriction of processing of personal data at any time in accordance with Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and the controller no longer needs the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive the personal data you have provided in a structured, common and machine-readable format or to request that it be transmitted to another controller;
  • to object to processing at any time in accordance with Art. 21 GDPR, provided that the processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we do when exercising such an objection. In the event of your justified objection, we will examine the situation and will either stop or adapt the data processing or explain to you our compelling legitimate reasons on the basis of which we continue the processing. To exercise the right of objection, an email to info@microbubbles.org
  • in accordance with Art. 7 (3) GDPR, to revoke your consent (even before the GDPR came into force, i.e., before May 25, 2018) at any time, if you have given it to us – that is, your voluntary, informed, and unambiguous consent, expressed by a statement or other unambiguous affirmative action, that you agree to the processing of your personal data for one or more specific purposes. This means that we may no longer continue the data processing based on this consent in the future and
  • to lodge a complaint with a supervisory authority at any time, in accordance with Art. 77 GDPR. Usually, you can contact the supervisory authority at your usual place of residence or work, or at our company headquarters.