Data protection notification of bvitg Service GmbH for program participation
General information on data protection
In this Data Protection Notification, we (bvitg Service GmbH, hereinafter referred to as "bsg" oder "we") inform you about the processing of personal data in the context of your program participation in the DMEA and the associated use of an external registration portal (hereinafter referred to as "portal").
The contact person and responsible party for the processing of your personal data when visiting this portal within the meaning of the General Data Protection Regulation (DSGVO) is the
bvitg Service GmbH
For all questions regarding data protection in relation to our events and services or the use of this portal, you are always welcome to contact our data protection officer. He or she can be reached at the above postal address and at the e-mail address indicated above (Attn. "Data Protection Officer"). We expressly point out that if you use this e-mail address, the contents will not be exclusively disclosed to our data protection officer. If you wish to exchange confidential information, please first contact us directly via this e-mail address.
|Art. 6 (1) lit. f DSGVO
|Art. 6 (1) lit. f DSGVO
|Art. 6 (1) lit. f DSGVO
4. Disclosure of data
Disclosure of the data collected by us will only take place in principle only if:
- you have given your express consent to this in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO,
- the disclosure is necessary for the assertion, execution or defense of legal claims pursuant to Art. 6 (1) sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest in not having your data disclosed,
- we are legally obligated to disclose your data in accordance with Art. 6 Para. 1 Sentence 1 lit. c DSGVO, or
- this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.
Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this data protection notification, these may include, in particular, data centers that store our portal sites and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group enterprises and consulting firms. Where we disclose data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.
In addition, data may be disclosed in connection with official inquiries, court decisions and legal proceedings if this is necessary for legal prosecution or enforcement.
5. Data transfer to third countries
With regard to the operation of the portal, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we base the data transfer on exceptions of Art. 49 DSGVO, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.
If a transfer to a third country is provided for and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g.,intelligence services) may gain access to the transferred data in order to record and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie banner, you will also be informed of this.
6. Storage period
In principle, we store personal data only as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we delete the data promptly, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims or due to statutory retention obligations.
For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at the earliest on this date in accordance with the statutory period of limitation. Even after this date, we may still need to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.
7. Your rights, in particular revocation and objection
You are entitled to the data subject rights formulated in Art. 15 - 21, Art. 77 DSGVO at any time:
- Right to revoke your consent;
- Right to object to the processing of your personal data (Art. 21 DSGVO);
- Right to information about your personal data processed by us (Art. 15 DSGVO);
- Right to rectify your personal data stored by us that is incorrect (Art. 16 DSGVO);
- Right to erasure of your personal data (Art. 17 DSGVO);
- Right to restrict the processing of your personal data (Art. 18 DSGVO);
- Right to data portability of your personal data (Art. 20 GDPR);
- Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO).
To exercise your rights described here, you can contact us at any time using the contact details above. This also applies if you would like to receive copies of guarantees to prove an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.
Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, execution or defence of legal claims even longer. The legal basis is Art. 6 (1) p. 1 lit. f DSGVO, based on our interest in defending against any civil claims under Art. 82 DSGVO, avoiding fines under Art. 83 DSGVO and fulfilling our accountability obligations under Art. 5 (2) DSGVO.
You have the right to revoke your consent to us at any time. As a result, we will no longer continue the data processing based on this consent for the future. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data based on legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to exercise your right of revocation or objection, an informal noticification to the above contact details is sufficient.
Finally, you have the right to complain to a data protection supervisory authority. You can exercise this right, for example, a supervisory authority in the Member State of your residence, your workplace or the location of the alleged infringement. In Berlin, our headquarters, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
8. Changes to the data protection notification
We occasionally update this data protection notification, for example when we adapt the data processing or when legal or regulatory requirements change.
Version: 1.2 / Status: October 2023