隐私政策

Name and contact details of the controller pursuant to Article 4(7) GDPR

Company details

designaffairs GmH
Balanstraße 73 | Haus 32
81541 Munich
Germany

fon: 089 442 329 0
fax: 089 442 329 200
info@designaffairs.com
www.designaffairs.com

Data protection officer

Kristin Lewitzka
designaffairs GmbH
Balanstraße 73 | Haus 32
81541 Munich
Germany

kristin.lewitzka@designaffairs.com

 

Security and Protection of your Personal Data

Keeping your personal data confidential and protecting them from unauthorised access is of the utmost importance to us. We are therefore applying both due diligence and technological standards at the highest level to guarantee maximum protection of your personal data.

As a company under German private law we are subject to the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act. As such, we have implemented technical and organisational measures to ensure compliance with all applicable data protection provisions by us and our third-party service providers.

 

Definitions

Applicable legislation provides for a lawful and fair processing of personal data to make it transparent for every data subject (“lawfulness, fairness and transparency”). In order to comply with this principle, we have listed the legal definitions of terms that you will find in the present privacy statement:

1. Personal Data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Restriction of Processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

4. Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

5. Pseudonymisation
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. Filing System
“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

7. Controller
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

10. Third Party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Lawfulness of Processing

(1) Below we have compiled information on the collection of personal data during your use of our website. Personal data inter alia include name, address, e mail address and user behaviour.

(2) Upon contacting us by e mail any data you submit to us (e.g. e mail address and, if applicable, name and phone number) will be stored in order to respond to your request and answer your questions. Any so-submitted data will be erased when no longer required or their processing will be restricted if law requires them to be further maintained.

Collection of Personal Data Upon Visiting our Website
During any visit to our website for strictly informational purposes, i.e. without you registering or otherwise submitting information to us, we exclusively collect those data that are transmitted to our server by your browser. However, if you wish to view our website, we will collect the following data as they are technically required to display our website correctly and to ensure its stability and security (legal basis pursuant to Article 6(1), first sentence, point (f) GDPR):

– IP address
– Data and time of access
– Greenwich Mean Time Zone (GMT)
– Content of the request (specific webpage)
– Access status/HTTP status code
– Amount of transferred data
– Originating website of the request
– Browser
– Operating system and interface
– Language and version of browser software.

Cookies
(1) In addition to the data collection referred to above, cookies will be stored on your device as you use our website. Cookies are small text files that will be associated with your browser and stored on your hard drive to submit certain information back to the sender. However, cookies cannot run programmes or load viruses to your computer. Cookies have been designed to increase user friendliness and effectiveness of website services.

(2) This website uses the following types of cookies:

– Transient cookies (refer to point a.)
– Persistent cookies (refer to point b.).

a. Transient cookies will be deleted automatically after you close your browser window. They include session cookies which will contain a so-called session ID which allows for different requests by your browser to be associated with a common session, thereby enabling your computer to be recognised upon your return to our website. Session cookies will be deleted automatically after you log out or close your browser window.

b. Persistent cookies will be deleted automatically after a pre-determined period of time which may differ from cookie to cookie. However, your browser’s settings will allow you to delete these cookies manually at any time.

c. You may change your browser settings according to your preferences, e.g. you can disable acceptance of third-party and other cookies. Third-party cookies are cookies sent by a third party who is not the operator of the website you are visiting. However, please be advised that by disabling cookies you may not be able to make full use of all website functions.

d. We use cookies to remember you from your previous visit, provided, however, you have an account with us. However, if you choose to disable cookies, you will have to login upon every new visit to our website.

e. Flash cookies will not be stored by your browser but your flash plug-in. Moreover, we will store HTML5 storage objects on your device. These objects will store data independently from your browser and do not expire automatically. To disable these flash cookies, please install the corresponding add-on for your browser, such as the “Privacy Badger” plug-in for Mozilla Firefox (https://addons.mozilla.org/en/firefox/addon/privacy-badger17) or the “Adobe Flash Killer” cookie for Google Chrome. You may disable the use of HTML5 storage objects by enabling private browsing. Furthermore, we recommend to delete your cookie and browser history in regular intervals.

Other Functions and Services on our Website
(1) You are free to use our website for purely informational purposes or to make use of the other services available on our website. However, the provision of these services to you will require you to submit personal data to us. However, we shall process your personal data in accordance with the provisions above only.

(2) We will occasionally rely on third-party service providers for the processing of your personal data. However, these service providers have been selected and engaged using due diligence. They will be bound by our instructions and are subject to regular controls and audits.

(3) Should you wish to participate in special events organised by us together with third parties, e.g. promotions, raffles, conclusion of contracts etc., please be advised that we may transmit your personal data to the respective third party as well. Further information will be provided to you prior to the submission of your personal data or in the description of any such special event.

(4) We will furthermore inform you about any of our service providers and partners whose registered seat is located outside the European Economic Area (EEA).

Children

As a rule, our services are provided to adults only. Personal data of minors under the age of 18 shall not be submitted to us without the consent of either parents or legal guardians.

Rights of Data Subjects

(1) Withdrawal of Consent
Where your consent is required by law for the processing of your personal data, you shall be entitled to withdraw your consent at any time. However, the lawfulness of any processing activity prior to your withdrawal shall remain unaffected.

Please contact us directly if you wish to withdraw your consent.

(2) Right of Information
You shall be entitled to request information on whether or not we are processing your personal data. Please contact us directly if you wish to enquire whether or not we are processing your personal data.

(3) Right of Access
Where your personal data is processed, you shall have the right to access your personal data and the following information at any time:

a. the purposes of the processing;
b. the categories of personal data concerned;
c. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f. the right to lodge a complaint with a supervisory authority;
g. where the personal data are not collected from the data subject, any available information as to their source;
h. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data is transferred to a third country or an international organisation, you shall have the right to request information on appropriate safeguards pursuant to Article 46 GDPR. We will then provide a copy of the relevant personal data to you free of charge. However, any further copies you may request may be subject to a fee to compensate us for our administrative efforts. Where you choose to submit your request by electronic means, we shall provide the requested information in a common electronic format, unless requested otherwise. However, rights and freedoms of other persons shall remain unaffected by the right of access pursuant to this paragraph (3).

(4) Right to Rectification
You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

(5) Right to Erasure (“Right to be Forgotten”)
You shall have the right to obtain from us the erasure of personal data without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

a. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b. The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
c. The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
d. The personal data have been unlawfully processed.
e. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
f. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The right to erasure (“right to be forgotten”) shall not apply to the extent that processing is necessary:

– for exercising the right of freedom of expression and information;
– for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
– for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
– for the establishment, exercise or defence of legal claims.

(6) Right to Restriction of Processing
You shall have the right to obtain from us restriction of processing where one of the following applies:

a. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
d. the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under the conditions referred to above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Please direct any request to exercise your right to restriction of processing to the above-mentioned contact details.

(7) Right to Data Portability
You shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and you further have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

a. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and

b. the processing is carried out by automated means.

In exercising your right to data portability pursuant to Article 20(1) GDPR, you shall have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right to data portability shall be without prejudice to the right to erasure (“right to be forgotten”). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(8) Right to Object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for the purposes of direct marketing, you have the right to object to such processing, including profiling to the extent that it is related to such direct marketing. Where you object to the processing of your personal data for direct marketing purposes, your personal data shall not be processed for these particular purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of your personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Please contact us directly if you choose to exercise your right to object.

(9) Automated Individual Decision-Making, Including Profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. However, this shall not apply if the decision:

a. is necessary for entering into, or performance of, a contract between the data subject and a data controller;

b. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

c. is based on the data subject’s explicit consent.

The controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Please contact us directly if you choose to exercise any of your rights under this paragraph (9).

(10) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation.

(11) Right to an Effective Judicial Remedy
Without prejudice to any available administrative or non judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you shall have the right to an effective judicial remedy where you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non compliance with this Regulation.

Use of Google Analytics

(1) Our website uses Google Analytics, a web analysing service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”. Cookies are text files that will be stored on your computer to allow for analysing your use of our website. The information collected by such cookies will be sent for storage to one of Google’s servers in the United States of America. However, if IP anonymisation is enabled, Google will shorten your IP address within the European Union’s Member States or in other countries that are parties to the European Economic Area Agreement before transmitting it. Your full IP address will be transmitted and shortened on a Google server in the United States in exceptional cases only. Google will use such information on our behalf to analyse your use of our website, to compile reports on website activities and to provide further online services to the operator of this website.

(2) Google will not associate your IP address with any other data held by Google.

(3) You may disable cookies in your browser settings, however, please be advised that you may not be able to make full use of all website functions. Furthermore, you can prevent Google from collecting and processing any data transmitted by their cookie (including your IP address) by downloading and installing the following plug-in for your browser: https://tools.google.com/dlpage/gaoptout?hl=en.

(4) This website uses the Google Analytics feature “_anonymizeIp()” to anonymise and shorten IP addresses so they cannot be used to identify specific individuals, i.e. your personal data will be erased instantly and therefore cannot be used to identify you.

(5) We are using Google Analytics to analyse and continuously improve the user friendliness of our website. These statistics will help us to improve our services and to adapt them to your preferences. Where Google transmits personal data to the United States of America, it shall be subject to the EU U.S. Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The applicable legal basis for our use of Google Analytics shall be Article 6(1), first sentence, point (f) GDPR.

(6) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. Terms of use:

https://www.google.com/analytics/terms/us.html
data security and privacy: https://support.google.com/analytics/answer/6004245?hl=en
privacy statement: https://policies.google.com/privacy?hl=en&gl=en

(7) Furthermore, this website uses Google Analytics to analyse series of visits by assigning user IDs across multiple devices. Under your account you may disable this analysis by going to “my data” and then “personal data”.

Use of Google Maps

(1) This website uses Google Maps to provide you with an interactive map which you can directly and easily use on our website.

(2) Upon your visit, Google will receive the information that you have accessed the corresponding page of our website. Furthermore, the information pursuant to Section 3 of this statement will be transmitted. The transmission of this information does not require you to have a Google account or to be logged in. However, if you are logged in, the information will be associated with your account. If you do not wish this information to be associated with your account, please log out before activating the respective button. Google will create a user profile based on your personal data for the purposes of marketing, market research and customising their website in order to show personalised advertisement (also for users who are not logged in to their accounts) and inform other users about your activities on our website. However, you have the right to object to the creation of a user profile. Please contact Google directly to exercise your rights.

(3) For further information on purpose and scope of each social media provider’s collection and processing of personal data please refer to their respective privacy statements and policies listed below where you will also find more information on your rights and available privacy settings: https://policies.google.com/privacy?hl=en&gl=en. Google processes your personal data inter alia within the territory of the United States of America and is subject to the EU US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.