Data protection page
1) GENERAL INFORMATION AND PRINCIPLES OF DATA PROCESSING
Thank you for visiting our website. The protection of your privacy and the protection of your personal data, the so-called personal data, when using our website is an important concern for us.
According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your e-mail address, but also your IP address. Data that cannot be linked to your person, such as anonymization, is not personal data. The processing of personal data (e.g. collection, storage, retrieval, consultation, use, transmission, erasure or destruction) pursuant to Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be erased as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be observed.
Here you will find information about the handling of your personal data when you visit our website. In order to provide the features and services of our website, it is necessary for us to collect personal data about you. We also explain the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.
This privacy policy applies only to this website. It does not apply to other third-party websites to which we merely refer by means of a hyperlink. We cannot be responsible for the confidentiality of your personal data on these third-party websites, as we have no control over whether these companies comply with data protection regulations. You can find out more about the handling of your personal data by these companies directly on these websites.
For project applications and application enquiries, we keep separate data protection information, which can also be accessed on our website under the contact link.
Below you will find the contact details of the responsible body and the data protection officer.
2) RESPONSIBLE BODY
Responsible for the processing of personal data on this website is (see imprint):
MicroBubbles GmbH
Lagerhofstraße 4
04103 Leipzig
Management:
Roland Damann
Christian Henning
E-Mail: info@microbubbles.org
3) COLLECTION OF GENERAL DATA AND INFORMATION
a) TYPE AND SCOPE OF DATA PROCESSING
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to ensure its stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
- the browser types and versions used;
- the operating system used by the accessing system;
- the website from which an accessing system accesses our website (so-called referrers);
- the sub-websites, which are accessed via an accessing system on our website;
- the date and time of access to the website,
- an Internet Protocol (IP) address;
- the Internet service provider of the accessing system;
- other similar data and information used to avert danger in the event of attacks on our information technology systems.
(b) PURPOSE AND LEGAL BASIS
In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:
- Art. 6 para. 1 sentence 1 lit. a GDPR (“consent”): If the data subject has voluntarily, in an informed manner and unequivocally indicated by a statement or other unambiguous affirmative act that he or she consents to the processing of personal data concerning him or her for one or more specific purposes;
- Art. 6 para. 1 sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject;
- Art. 6 para. 1 sentence 1 lit. c GDPR: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a statutory retention obligation);
- Art. 6 para. 1 sentence 1 lit. d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
- Art. 6 para. 1 sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
- Art. 6 para. 1 sentence 1 lit. f GDPR (“Legitimate interests”): If the processing is necessary for the protection of legitimate (in particular legal or economic) interests of the controller or a third party, provided that the conflicting interests or rights of the data subject do not prevail (in particular if the data subject is a minor).
Furthermore, the storage of information in the terminal equipment by you as the end user as well as access to information that is already stored in your terminal equipment takes place exclusively after the submission of consent in accordance with § 25 (1) TTDSG, unless this is dispensable according to § 25 (2) TTDSG.
In the following, we indicate the applicable legal basis for the processing operations carried out by us. Processing may also be based on several legal bases.
c) STORAGE PERIOD
Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. As a matter of principle, your data will only be stored on our servers in Germany, subject to any disclosure in accordance with the regulations in No. 7.
However, storage may take place beyond the specified time in the event of an (imminent) legal dispute with you or other legal proceedings or if the storage is provided for by legal regulations to which we as the controller are subject (e.g. § 257 HGB, § 147 AO). When the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.
4) TRANSFER OF DATA PROTECTION TO THIRD PARTIES
As with any larger company, we also use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to handle our business transactions. They only act in accordance with our instructions and are contractually obliged to comply with the provisions of data protection law within the meaning of Art. 28 GDPR.
5) TRANSFER OF DATA TO A THIRD COUNTRY
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. The European Commission certifies that some third countries have data protection that is comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
However, in other third countries, to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. To the extent that this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. With regard to the individual services, we will inform you at the appropriate point (see no. 6) about the requirements for the transfer of data to third countries. Please contact our data protection officer (see No. 3 below) if you would like more information.
6) COOKIES
The website of MicroBubbles GmbH uses cookies. Cookies are text files that are stored on a computer system via an internet browser.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific internet browser in which the cookie was stored. This allows the websites and servers visited to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified by the unique cookie ID. Through the use of cookies, we can provide you with more user-friendly services on our website that would not be possible without the use of cookies.
As already mentioned, cookies allow us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of a website that use cookies do not have to re-enter their login details every time they visit the website, because this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items that customers have placed in the virtual shopping cart via a cookie.
You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies, you may not be able to use all functions of our website to their full extent.
7) YOUR RIGHTS
You have the right at any time to:
- in accordance with Art. 15 GDPR, to request information about the personal data processed concerning you. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of the data, if it was not collected by the .dem controller, as well as the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details;
- pursuant to Art. 16 GDPR, to demand without undue delay the correction of incorrect or completion of the personal data stored by the .dem controller;
- pursuant to Art. 17 GDPR, to request the deletion of the stored personal data, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you oppose its deletion and the controller no longer needs the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive the personal data you have provided in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
- to object to the processing in accordance with Art. 21 GDPR, provided that the processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case where the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, we ask you to explain the reasons why we should not process your data as we do. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we continue the processing; To exercise the right to object, it is sufficient to send an e-mail to info@microbubbles.org
- pursuant to Art. 7 para. 3 GDPR, to revoke your consent at any time (even before the GDPR came into force, i.e. before 25.5.2018) – i.e. your voluntary will, made clear in an informed manner and unambiguously by means of a declaration or other unambiguous affirmative action, that you consent to the processing of the personal data concerned for one or more specific purposes, if you have given one. As a result, we are no longer allowed to continue the data processing that was based on this consent in the future and
- pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters.