Dear ladies and gentlemen, from November 10 to 16, 2019, Convex International GmbH invites you…
Convex International GmbH
265 Koelner St.
Managers: Pavel Golovenko, Siarhei Golovenko
Output Data (Link)
Types of data processed:
Categories of Data Subjects
Purpose of Processing
“Personal Data” means any information relating to an identified or identifiable individual (hereinafter referred to as the “Data Subject”). An individual is considered identifiable when they can be identified directly or indirectly, in particular by assigning an identifier, such as a name, identification number, location data, an online identifier (for example, cookies), or one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
“Processing” means any process performed with or without the aid of automated procedures or any sequence of such processes associated with personal data. The term goes far and includes virtually every handling of data.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable individual.
“Profiling” means any kind of automated processing of personal data that involves the use of such personal data to evaluate, analyse or predict certain personal aspects relating to an individual, in particular, aspects relating to the job, economic status, health, personal preferences, reliability, behaviour, location or movement of that individual.
“Responsible Person” is an individual or a legal entity, a state body, institution or another body that independently or jointly with others determines the purposes and means of processing personal data.
“Data Processor” means an individual or a legal entity, a state body, institution or another body that processes personal data on behalf of the responsible person.
Relevant Legal Framework
We take appropriate technical and organisational measures in accordance with Art. 32 of the GDPR, taking into account the state of the art, the implementation costs as well as the nature, scope, circumstances and purposes of processing as well as different likelihood and severity of the risk to the rights and freedom of individuals in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring data confidentiality, integrity and availability by controlling physical access to the data, as well as their related input, disclosure, availability and separation. We have also set up procedures to ensure the compliance with the data subject rights, data deletion and data vulnerability. Furthermore, we consider the protection of personal data starting from the development or selection of hardware, software and procedures according to the principle of data protection through technology design and privacy-friendly default settings (Art. 25 of the GDRP).
Collaboration with Data Processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit data to them or otherwise grant access to the data, it takes place only on the basis of the legal permission (e.g. if data transmission to third parties is required by payment service providers pursuant to Art. 6 (1) (b) of the GDPR to fulfil the contract) you have consented to, or on the basis of our legitimate interests (e.g. the use of agents, webhosts, etc.).
If we contract third parties to process data on the basis of a so-called “data processing contract”, it takes place on the basis of Art. 28 of the GDPR.
Data Transmission to Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure, or transmission of data to third parties, it will take place only if it is to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 ff. of the GDRP. It means that data are processed e.g. on the basis of specific guarantees, such as the officially recognised level of data protection (e.g. for the USA through the Privacy Shield) or compliance with the officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of Data Subjects
You are entitled to ask for confirmation as to whether the data in question are processed and for information about these data as well as for further information and a copy of the data in accordance with Art. 15 of the GDPR.
You are entitled to demand the completion or correction of the incorrect data concerning you in accordance with Art. 16 of the GDPR.
In accordance with Art. 17 of the GDPR, you are entitled to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of the relevant data in accordance with Art. 18 of the GDPR.
You are entitled to demand that the relevant data, which you have provided to us, be obtained in accordance with Art. 20 of the GDPR and request their transmission to other responsible persons.
You are entitled to file a complaint with a competent supervisory authority in accordance with Art. 77 of the GDPR.
You are entitled to withdraw the consent given in accordance with Art. 7 (3) of the GDPR with effect for the future.
You are entitled to object to the further processing of your data at any time in accordance with Art. 21 of the GDRP. In particular, an objection may be raised against processing for direct marketing purposes.
Cookies and Right of Objection
“Cookies” are small files that are stored on users’ computers. A cookie may store various information. A cookie is primarily used to store information about a user (or the device, on which the cookie is stored) during or after visiting the online offer. Temporary cookies, or “session cookies,” are cookies that are deleted after the user leaves the online offer and closes their browser. Such a cookie stores, for example, the contents of the basket in the online store or a login status. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status will be saved if users use it in a few days. Similarly, the interests of users can be stored in such a cookie, which are used to study the reach or for marketing purposes. “Third-party cookies” refer to cookies that are offered by providers other than the person who manages the online offer (otherwise, if it is only their cookies, this is called “first-party cookies”).
If users do not want cookies to be stored on their computer, they will be asked to turn off this option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may result in functional restrictions of this online offer.
This website uses Google Analytics web analytics service. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics cookies are stored under Art. 6 (1) (f) of the GDRP. The website operator has a legitimate interest in analysing user behaviour in order to optimise both their website and advertising.
In accordance with the requirements of the German law, data are stored, in particular, for 10 years in accordance with §§ 147 (1) AO, 257 (1) (1) (4), (4) of the German Commercial Code (account ledgers, accounting, management reports, taxation documents, etc.) and for 6 years in accordance with § 257 (1) (2) (3), (4) of the German Commercial Code (commercial letters).
In accordance with the requirements of the Austrian law, data are stored, in particular, for 7 years in accordance with § 132 (1) BAO (accounting documents, receipts/invoices, receipts, business papers, statement of income and expenses, etc.) and for 22 years in case of land property related documents, and for 10 years in case of documents relating to services provided in electronic form, telecommunications, broadcasting and television services provided to non-companies in the EU, for which Mini-One-Stop-Shop (MOSS) is used.
Administration, Financial Accounting, Office Management, Contact Management
We process data in the context of the administrative tasks and organisation of our business, financial accounting and compliance with legal obligations, such as archiving. While doing so, we process the same data that we process in the course of rendering our contractual services. Principles of processing – according to Art. 6 (1) (c) of the GDRP, Art. 6 (1) (f) of the GDRP. Processing affects customers, potential customers, business partners and website visitors. The purpose and our interest in processing lies in administration, financial accounting, office management, data archiving, i.e. tasks that serve to maintain our business, perform our duties and render our services. Data deletion in terms of contractual performance and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the financial authorities, consultants such as tax accountants or auditors, and other payment agents and payment service providers.
Furthermore, relying on our business interests, we store information about suppliers, promoters and other business partners, e.g. for later contact. We generally store this majority of company-related data permanently.
Hosting and E-mailing
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mailing, security, and technical maintenance services we use to operate this online offer.
While doing so, we or our hosting provider process login data, contact data, content data, contract data, usage data, metadata and communication data of customers, parties involved and visitors of this online offer based on our legitimate interest in providing this online-offer effectively and securely in accordance with Art. 6 (1) (f) of the GDRP and Art. 28 of the GDRP (conclusion of a data processing agreement).
Collection of Access Data and Log Files
Our hosting provider and we collect information based on our legitimate interests within the meaning of Art. 6 (1) (f) of the GDRP for the protection of data on each access to the server, on which this service is located (the so-called server log files). The access data include the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about the successful retrieval, type and version of the browser, type of the user’s operating system, referrer URL (previously visited page), IP address and name of the requesting provider.
Information from log files is stored for security reasons (for example, to investigate abuse or fraud) for no more than 7 days and then deleted. The data, the further storage of which is required for evidential purposes, are not deleted until the final clarification of the incident.
Generated through Datenschutz-Generator.de von RA Dr. Thomas Schwenke