Data protection regulations
INTRODUCTION AND TERMS
The operation of our website www.scalehub.com and event.scalehub.com (in the following both also “website”) involves the processing of personal data. This data will be handled by us in a confidential manner and processed in accordance with the applicable laws, especially the General Data Protection Regulation (GDPR) and Germany’s Data Protection Act (BDSG). These data protection regulations are designed to inform you about the personal data we collect from you, what we use it for, the legal basis for the usage and, where applicable, with whom we share it. They will also inform you of your rights in regard to the protection of your data.
Our data protection regulations contain specialist terms used in GDPR and BDSG. For your better understanding we want to explain these terms in simple words:
2.1 Personal data
“Personal data” is all information relating to an identified or identifiable person (art. 4 no. 1 GDPR). Details of an identified person could be their name or email address. However, data can also be described as personal if, despite the fact that a person’s identity cannot be deduced directly from the data, their identity can nonetheless be deduced by combining the data with other information. A person could for example be identified via their address or bank details, date of birth, username, IP address or location details. The key point is that any information that can be used in any way to identify a person can be described as personal data.
Under art. 4 no. 2 GDPR, “processing” describes any process applied to personal data. This especially includes the collection, capture, administration, classification, recording, amendment, printing, making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.
DATA CONTROLLER AND DATA PROTECTION OFFICER
3. Data controller
The party responsible for data processing is:
|Unternehmen:||ScaleHub AG (“wir”)|
|Gesetzlicher Vertreter:||Olaf Malchow (CEO)|
|Anschrift:||Heidbergstr. 100, 22846 Norderstedt|
|Telefon:||+49 (0)40 27814 200|
4. Data protection officer
We have appointed an external data protection officer:
|Anschrift:||HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg|
|Telefon:||+49 ()40 18189800|
|Fax:||+49 ()40 181898099|
5. Processing parameters: website
We will process the personal data listed in detail under Article 6-18 below, when you use the website. In this process, we will only process data from you that you actively enter on our Website (e.g. by completing forms) or that you provide automatically when using our offer.
Your data will exclusively be processed by us and these data will, as a matter of principle, not be sold, leased or provided to any third parties. Insofar as we use external service providers for the processing of your personal data, that will be done in the context of a cooperation with a so-called data processor, where we act as principal and are authorized to give instructions to our contractors. For the operation of our Website, we use external service providers for hosting, and for the maintenance, update and further development. Insofar as other external service providers will be used for individual processing activities that are listed in Article 6-18, they will be specified there.
We do, in general, not transfer any data to any third countries and this is not planned for the future either. Any exemptions from this principle will be explained in the types of processing activities listed below.
THE PROCESSING ACTIVITIES IN DETAIL
6. Provision of website and logfiles
6.1 Description of processing
Whenever anybody visits our Website, we automatically collect information that their browser transfers to our server. These data will also be stored in the so-called log files of our system. This concerns the following data:
- Your IP address
- Your browser software, its version and language
- Your operating system
- The website you were on before you came to ours (referrer website)
- The pages you visit on our website
- The date and time of your visit to our website
- Data volumes transferred
Your IP address is recorded in full in the log files for your protection, because without the collection of your clear IP addresses our data center could not defend against cyber attacks.
Your data is processed in order to facilitate access to our website, to ensure the website’s stability and security and to enable the statistical evaluation and improvement of our online service.
6.3 Legal basis
The processing is required to protect our overriding legitimate interests (art. 6 para. 1 f) GDPR). Our legitimate interest lies in the purpose specified in 6.2.
6.4 Duration of storage
Your data will be erased as soon as it is no longer required for the purpose for which it was collected. Where your data has been collected for the purposes of providing our website, it will no longer be required for this purpose when your session ends. The logfiles will be deleted after thirty-one days.
7. CONTACT FORM; REGISTRATION AND CONTACT BY EMAIL
7.1 Description of processing
For the purpose of registration and registration for events we have provided a contact form on our website event.scalehub.com. In this form you will be asked to enter your first name and surname, your e-mail address, your company and other information voluntarily to make your participation in our events as pleasant as possible (e.g. food intolerances). If you press the “Submit” button, the data will be transmitted to us using SSL encryption (see item 16). The contact form can only be transmitted if you accept our data protection regulations by clicking the corresponding checkbox. You can also contact us via the e-mail addresses given on the website. In this case, the personal data transmitted by e-mail will be processed by us. After the event you will have the opportunity to download accompanying material from our website.
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
7.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6 (1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Article 7.2. Insofar as the contact by email is aimed at concluding or performing a contract, the data will be processed to perform a contract (Article 6 (1) point b) of the GDPR).
We will delete the data as soon as they are no longer necessary to achieve the purpose for which they were collected. This is usually the case when the respective communication with you is finished. Communication is terminated when it can be inferred from the circumstances that your request has been finally clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after the statutory retention period has expired.
8.1 Description of processing
We send a newsletter in irregular intervals. In the newsletter, we will inform you about our products, services and events. You will only receive our newsletter if you actively register for our distribution list. You may subscribe to our newsletter by completing and sending a newsletter subscription form on our website.
If you decide to subscribe to our newsletter, you only need to provide us with your email address. All other data (such as e.g. your first name and name) can be given voluntarily and will only be used to personalize the email.
In order to perform and verify newsletter registrations, we use the so-called double opt-in process. A registration involves several steps. First, you subscribe to our newsletter on our Website. Then, you will receive an email from us to the email address you specified. In this email, we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. You confirm your subscription by clicking on a confirmation link in the email. We will only include you in our newsletter distribution list after your successful confirmation and only then will you receive emails in the future. We will store date, time and your IP address in the double opt-in process, both during registration and upon confirmation.
The processing will be done to offer the newsletter function and to be able to send newsletter emails to subscribers. The collection and storage of date, time and IP address during the registration for the newsletter serves to document that the consent was granted and to protect against the abusive registration of email addresses.
8.3 Legal basis
The processing for our subscriber newsletter will be done on the basis on your consent pursuant to Article 6 (1) point a) of the GDPR. You can ask us for the declaration of consent at any time. Your consent is voluntary. Collecting and storing of date, time and IP address during the registration for our newsletter is necessary for the purposes of the legitimate interests pursued by the controller (Article 6 (1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Article 8.2.
8.4 Storage duration and withdrawal of consent
If you fail to confirm your registration to our newsletter within 24 hours after receipt of the relevant subscription email, your data will automatically be deleted. We will process your personal data for the period in which you subscribe to our newsletter. You may terminate the receipt of the newsletter, at any time, by withdrawing your consent. A simple statement will suffice (by e-mail to email@example.com). You may also unsubscribe to the newsletter by clicking on the unsubscribe link which is provided in each newsletter email. When you have withdrawn your consent, we will no longer send you any newsletters and your personal data will be removed from our active distribution list. We will take over your email address, in a restricted manner, to our so-called black list, in order to enforce your withdrawal. That enables us to ensure that you will not receive any newsletter from us in the future and that your email address will not be abused by any third parties.
8.5 Recipient and transfer to third countries
We use the services of the newsletter provider Mailchimp to manage our newsletter distribution list and to send e-mails. This takes place within the framework of order processing. Mailchimp is a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318, USA (hereinafter “Mailchimp”). With your newsletter subscription, the data provided during the registration process is transferred to Mailchimp and processed on Mailchimp servers in the USA. Mailchimp has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework. Further information on data protection at Mailchimp can be found in the service provider’s data protection declaration at http://mailchimp.com/legal/privacy/.
9.1 Description of processing
9.3 Legal basis
The processing is required to protect our overriding legitimate interests (art. 6 para. 1 f) GDPR). Our legitimate interest lies in the purpose specified in 9.2.
9.4 Duration of storage
Below we have compiled the links that will guide you to instructions on how to change the settings in the most popular browsers. Further information can be found in the support menu of your browser:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent.
10. Google Web Fonts
10.1 Description of processing
Our website uses “Google Web Fonts”, a font replacement service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). With Google Web Fonts, the standard fonts on your device are replaced with fonts from the Google catalogue when displaying our website. If your browser does not allow the integration of Google Web Fonts, the text of our website will be displayed in the standard fonts of your device. The Google fonts are loaded directly from a Google server. To do this, your browser sends a request to a Google server. As a result, your IP address in connection with the address of our website may also be transmitted to Google. However, Google Web Fonts does not store cookies on your end device. According to Google, data processed through the Google Web Fonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be related to the use of other Google services such as the search engine of the same name or Gmail. Further information on data protection at Google Web Fonts can be found at https://developers.google.com/fonts/faq?hl=en-DE&csw=1. General information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.
It is processed to make the text on our website more legible and aesthetically pleasing to you.
10.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in Section 10.2.
10.4 Recipient and transfer to third countries
Through the use of Google Web Fonts, personal data may be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
11. Adobe Typekit
11.1 Description of processing
It is processed to make the text on our website more legible and aesthetically pleasing to you.
11.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in Section 11.2.
11.4 Recipient and transfer to third countries
Personal information may be transferred to Adobe through the use of Adobe Typekit. Adobe may also process your personal information in the United States through Adobe Systems Incorporated, San Francisco, 345 Park Avenue, San Jose, California 95110, USA, which has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.
12. Font Awesome
Our website uses Font Awesome, an icon display and integration service developed by Fonticons, Inc. We operate Font Awesome exclusively as an installation on our own server. Therefore, the use and display of icons does not involve the transmission of data by Fonticons, Inc.
13.1 Description of processing
Our website uses services of “YouTube”, a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as “Youtube”). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website so that they can be played directly on our website. The videos are integrated in the “extended privacy mode” offered on YouTube, i.e. no personal data will be transferred from you to Google until you play the videos. Only by playing a video a data transfer to Google takes place, on which we have no influence. If you play an embedded video on a subpage of our website, Google will know which subpage you visited and which video you watched. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google assigns this information to your user account. Google stores your data as usage profiles and uses them for advertising purposes, market research and/or for the design of the Google website according to your needs. You have a right of objection to the creation of these user profiles, for the exercise of which you must contact Google directly. Further information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.
The processing takes place in order to be able to show you videos on our website.
13.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 13.2.
13.4 Recipient and transfer to third countries
Through the integration of YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
14. Vimeo Videos
14.1 Description of processing
Our website uses services of “Vimeo”, a video platform operated by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”). We use Vimeo by embedding individual videos from the platform on our website as so-called iFrame, so that they can be played directly on our website. When you visit a page of our website on which a video is embedded, a connection to the Vimeo servers is established and the video is displayed within our website. This will tell Vimeo which website you have visited. Your IP address may also be transmitted to Vimeo. When you play an embedded video, this information is also passed on to Vimeo. If you are logged in as a Vimeo user, Vimeo assigns this data to your user account. Further information on data protection at Vimeo can be found at http://vimeo.com/privacy.
The processing takes place in order to be able to show you videos on our website.
14.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 14.2.
14.4 Recipient and transfer to third countries
Vimeo processes personal data also in the USA.
15. Google Maps
15.1 Description of processing
Our Website uses “Google Maps,“ a service for displaying maps provided by the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google“). We use Google Maps for embedding a map that displays our business address in our Website. The map will be loaded directly from a Google server. In order to do this, your browser will send a request to a Google server. Your IP address might also be transferred to Google together with the address of our Website. Google Maps will, however, not store any cookies on your device. If you are logged in to Google when you visit our Website, Google Maps will associate this information to your Google user account. Google will store your data as user profiles and will use them for marketing purposes, for market research and/or the customized configuration of the Google websites. You have a right to object against the creation of user profiles; please directly contact Google to exercise such right. For more information on data privacy at Google, please refer to http://www.google.com/intl/de-DE/policies/privacy/.
The processing is done to be able to display an interactive map on our Website.
15.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in Section 15.2.
15.4 Recipient and transfer to third countries
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
16. Google Analytics
16.1 Description of processing
The processing is done to be able to evaluate the use of our Website. The information gained in the process serve to improve our online presentation and to design it according to demand.
16.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Article 16.2.
16.4 Storage period and right to object
For information on the storage period and an explanation of your control and setting options for cookies, please refer to Art. 9. You may object to the data processing by Google Analytics, at any time, by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=en.
16.5 Recipient and transfer to third countries
Google Analytics works for us as a service provider within the scope of an order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
17. Google Remarketing
17.1 Description of processing
The processing takes place in order to carry out targeted online advertising for our own offers and to be able to evaluate their effectiveness and reach.
17.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 17.2.
17.4 Storage period and right to object
We have explained the duration of storage as well as your control and setting options for cookies in section 9. You can object to the data processing by Google Remarketing at any time via the following website: http://www.google.com/ads/preferences.
17.5 recipient and transfer to third countries
Through the integration of Google Remarketing, personal data may be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
18. Content Delivery Networks (CDN)
18.1 Description of processing
Our website uses various CDN (Content Delivery Network), namely “Amazon Cloudfront”, a CDN from Amazon Inc. “(“Amazon”), “Fastly” by Fastly Inc. “(“Fastly”) and “CDN77” from DataCamp Ltd. “(“DataCamp”) A CDN shortens in particular the loading time of the website or certain contents, e.g. by sending files from a very fast server that is as close to your location as possible. Amazon operates numerous servers in Europe (including Frankfurt and Milan) to send our files to you as quickly as possible.
The processing is done to shorten the loading time of our website.
18.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 18.2.
18.4 Recipient and transfer to third countries
However, it is technically possible that your browser (e.g. because you access this website from outside the EU or for any other reason) may access a server from outside the EU. In such a case, data is sent directly from your browser to the respective country (North and South America, Asia, Australia). In this case you agree to the transfer of your data to the USA and/or the country in which the respective server is located.
19. Security measures
In order to protect your personal data from third-party access, we use SSL (secure sockets layer) or TLS (transport layer security) technology that encrypts the communication of data between our website and your device. You can identify SSL/TLS encryption via the small padlock logo on the left of the address bar of your browser.
20. Data subject rights
With regard to the aforementioned data processing carried out by us, you have the following rights as a data subject:
20.1 Right of access (Art. 15 DSGVO)
You have the right to be informed by us if we are processing your personal data. If we are processing it, you have the right under art. 15 GDPR to be informed as to what data we are processing and the right to additional information as specified in art. 15 GDPR.
20.2 Rectification (Art. 16 DSGVO)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and were applicable to have incomplete personal data completed, including by means of providing a supplementary statement.
20.3 Erasure (Art. 17 DSGVO)
You have the right to obtain from us the erasure of your personal data concerning without undue delay and we shall have the obligation to erase your personal data without undue delay where one of the following grounds under art. 17 GDPR applies (e.g. if your data is no longer required for the purpose for which we were using it).
20.4 Restriction of processing (Art. 18 DSGVO)
You have the right to demand that we restrict the processing of your personal data, provided that one of the criteria specified under art. 18 GDPR is met (e.g. if you dispute the accuracy of your personal data, its processing will be restricted for the period necessary for us to check its accuracy).
20.5 Data portability (Art. 20 DSGVO)
Subject to the criteria specified under art. 20 GDPR, you have the right to be given your data in a structured, commonly used and machine-readable format.
20.6 Withdrawal of consent (Art. 7 Abs. 3 DSGVO)
You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have future effect but no retrospective affect).
20.7 Complaints (Art. 77 DSGVO)
If you believe that the processing of your personal data is in breach of GDPR, you can complain to a supervisory authority. You can submit your complaint to a supervisory authority in the EU member state where you are habitually resident or work or where the alleged breach took place.
20.8 Restraint on automated decision making/ profiling (Art. 22 DSGVO)
Decisions that have legal consequences for you or that could have a significant detrimental affect on you must not be based solely on the automated processing of personal data, including profiling. We do not apply any such processing or profiling to your personal data.
20.9 Objection (Art. 21 DSGVO)
Where we process your personal data on the basis of art. 6 para. 1 f) GDPR in pursuit of our overriding legitimate interests, you have the right subject to art. 21 GDPR to object, provided your objection is based on grounds relating to your specific situation. Once you have objected, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Regardless of the aforementioned restrictions, and regardless of whether any special circumstances apply, you have the right to object at any time to the processing of your personal data for direct marketing purposes.
Last amended: September 2018