RBX GmbH, Neuer Pferdemarkt 1, 20359 Hamburg, is entitled to send an email invitation for the following event: Reeperbahn Festival Opening 2023. You can confirm your attendance / non-attendance and name of one or more companions. To send an email confirmation and to confirm your attendance, it is necessary to approve your email address at the web portal once again. If you confirm your attendance / non-attendance at the web portal, the following information will be protocoled and saved:
Data protection regulations
Introduction and terms
1. INTRODUCTION
The operation of our website www.opening-reeperbahnfestival.com involves the processing of personal data. This data will be confidentially handled by us and processed following the applicable laws, especially the General Data Protection Regulation (GDPR) and Germany's Data Protection Act (BDSG). These data protection regulations are designed to inform you about the personal data we collect from you, what we use it for, the legal basis for the usage, and, where applicable, with whom we share it. They will also inform you of your rights regarding the protection of your data.
2. TERMS
Our data protection regulations contain specialist terms used in GDPR and BDSG (revised). For your better understanding we want to explain these terms in simple words:
2.1 PERSONAL DATA
"Personal data" is all information relating to an identified or identifiable person (art. 4 no. 1 GDPR). Details of an identified person could be their name or email address. However, data can also be described as personal if, even though a person's identity cannot be deduced directly from the data, their identity can nonetheless be deduced by combining the data with other information. A person could for example be identified via their address or bank details, date of birth, username, IP address, or location details. The key point is that any information that can be used in any way to identify a person can be described as personal data.
2.2 PROCESSING
Under art. 4 no. 2 GDPR, "processing" describes any process applied to personal data. This especially includes the collection, capture, administration, classification, recording, amendment, printing out, making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure, or destruction of personal data.
Data controller and data protection officer
3. DATA CONTROLLER
The party responsible for data processing is:
Company: RBX GmbH ("we")
Represented by Alexander Schulz (managing directors)
Address: Neuer Pferdemarkt 1, 20359 Hamburg, Germany
Tel. + 49 (0) 40 43 17 959-17
Email: contact(at)reeperbahnfestival.com
4. DATA PROTECTION Officer
We have appointed an external data protection officer:
Name: HABEWI GmbH & Co. KG
Representative: HABEWI Beteiligungs GmbH represented by Arne Platzbecker (managing director)
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg, Germany
Tel. + 49 (0)40 1818 9800
Fax: + 49 (0)40 1818 98099
E-Mail: datenschutz@habewi.de
Processing parameters
5. PROCESSING PARAMETERS: WEBSITE
As part of the operation of the website at URL www.opening-reeperbahnfestival.com we process the personal data detailed below (nos. 6-9). We process only the data that you provide on our website (e.g. when you complete a form) or that you automatically provide when you use our services.
Insofar as we use external service providers for processing your data, we will do so within the context of a processing agreement under which we as the controller are entitled to instruct the processor. For the operation of our website, in particular, it's hosting, maintenance, servicing, and development, we use external service providers. Should additional external service providers be used for the processing specified under nos 6-9, they will be specified there.
Data is not transferred to non-EU countries and there are currently no plans for any such transfer. Any exceptions to this rule will be detailed in the processing described below.
Specific processing activity
6. PROVISION OF WEBSITE AND SERVER LOG FILES
6.1 DESCRIPTION OF PROCESSING
Every time you access our website, we automatically collect information that your browser transfers to our server. This information is also stored in our system's logfiles and comprises the following data:
- Your IP address
- Your browser software, its version, and language
- Your operating system
- The website you were on before you came to ours (referrer website)
- The pages you visit on our website
- The date and time of your visit to our website
- Data volumes transferred
The temporary storage of your IP address in our system is necessary to ensure that we can deliver our website to your device. For this purpose, your IP address must be recorded for the duration of your session, but it will not be captured in our log files.
6.2 PURPOSE
Your data is processed to facilitate access to our website, to ensure the website's stability and security, and to enable the statistical evaluation and improvement of our online service.
6.3 LEGAL BASIS
The processing is required to protect our overriding legitimate interests (Art. 6 Para. 1 f) GDPR). Our legitimate interest lies in the purpose specified in 6.2.
6.4 DURATION OF STORAGE
Your data will be erased as soon as it is no longer required for the purpose for which it was collected. Where your data has been collected to provide our website, it will no longer be required for this purpose when your session ends. The log files will be deleted after thirty days.
7. RECORDING EMAIL CONTACT
7.1 DESCRIPTION OF PROCESSING
You can contact us via the address from which the confirmation email is sent. If you do so, the personal data transmitted with your email will be processed by us.
7.2 PURPOSE
The data transmitted with your email will be used solely for accreditation purposes for “Reeperbahn Festival Opening 2023”.
7.3 LEGAL BASIS
The processing is required to protect our overriding legitimate interests (Art. 6 Para. 1 f) GDPR). Our legitimate interest lies in the purpose specified in 7.2. Where email contact is for the conclusion or performance of a contract, the purpose of the data processing is contractual performance (Art. 6 Para. 1 b) GDPR).
7.4 DURATION OF STORAGE
Your data will be erased as soon as it is no longer required for the purpose for which it was collected. This is usually the case when the communication with you is finished. The communication will be deemed finished when the circumstances suggest that your query has been definitively resolved. Where statutory retention periods apply, your data will be deleted on the expiry of the periods in question.
8. Registration and profile
8.1 Description of processing
On the online accreditation portal of our website, you have the option of confirming your participation or non-participation in the event and of nominating one or more persons to accompany you. So that we can confirm your participation via email, we need you to confirm your email address on our online portal.
When you confirm your participation/non-participation on our online portal, we record/save the following information:
- Time of registration/de-registration
- Time of sending of the confirmation email
- Content of confirmation email
- Educational status, title, first name, and surname
- Any comments/notes for the event organizer
- For the following processing activities, we have engaged the services of contract processors:
- Data storage: A+M Guestcompany GmbH, Zehlendorfer Damm 7, 14532 Kleinmachnow, Germany
- Guest management: hilife events GmbH, Fruchtallee 19, 20259 Hamburg, Germany
This data is not shared with third parties. Permission for the despatch of invitations can be revoked at any time. Each invitation contains a link to enable you to revoke your permission.
8.2 Purpose
The data is processed to ensure you and your accompanying person(s) have access to our event.
8.3 Legal basis
The data is processed for the conclusion and performance of the usage contract (Art. 6 Para. 1 b) DSGVO). If you do not provide your data on registering, we cannot offer the services we are contractually obliged to provide.
8.4 DURATION OF STORAGE
The data will be erased by us as soon as it is no longer required for the purpose for which it was recorded and in any event within twelve months of its recording. Insofar as statutory retention periods apply, the data will be deleted on the expiry of the periods in question.
9. COOKIES
9.1 DESCRIPTION OF PROCESSING
Our website uses cookies. Cookies are small text files that are saved on your device when you visit a website. Cookies contain information that enables your device to be recognized and that facilitates specific functions. Mostly we use only session cookies, which are automatically deleted when your session ends and you close your browser.
9.2 PURPOSE
We use cookies to make our website more user-friendly and to provide the functions specified under 9.1.
9.3 LEGAL BASIS
The processing is required to protect our overriding legitimate interests (Art. 6 Para. 1 f) GDPR). Our legitimate interest lies in the purpose specified in 9.2.
9.4 DURATION OF STORAGE
Cookies are automatically deleted at the end of your session or on the expiry of the specified duration of storage. As cookies are stored on your device, you as the user have full control over the use of cookies. By adjusting the settings of your web browser, you can deactivate or restrict the transfer of cookies. Cookies already stored can be deleted at any time, including automatically. However, if you deactivate cookies for our website, some of the functions of the website become unavailable or restricted.
SECURITY MEASURES
10. SECURITY MEASURES
To protect your data from third-party access, we use SSL (secure sockets layer) or TLS (transport layer security) technology that encrypts the communication of data between our website and your device. You can identify SSL/TLS encryption via the small padlock logo on the left of the address bar of your browser.
Your rights
11. DATA SUBJECT RIGHTS
Concerning the aforementioned data processing carried out by us, you have the following rights as a data subject:
11.1 Right of access (ART. 15 GDPR)
You have the right to be informed by us if we are processing your data. If we are processing it, you have the right under art. 15 GDPR to be informed as to what data we are processing and the right to additional information as specified in Art. 15 GDPR.
11.2 Rectification (ART. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and where applicable to have incomplete personal data completed, including utilizing providing a supplementary statement.
11.3 erasure (ART. 17 GDPR)
You have the right to obtain from us the erasure of your data concerning without undue delay and we shall have the obligation to erase your data without undue delay where one of the following grounds under art. 17 GDPR applies (e.g. if your data is no longer required for the purpose for which we were using it).
11.4 RESTRICTION OF DATA PROCESSING (ART. 18 GDPR)
You have the right to demand that we restrict the processing of your data, provided that one of the criteria specified under art. 18 GDPR is met (e.g. if you dispute the accuracy of your data, its processing will be restricted for the period necessary for us to check its accuracy).
11.5 DATA PORTABILITY (ART. 20 GDPR)
Subject to the criteria specified under art. 20 GDPR, you have the right to be given your data in a structured, commonly used, and machine-readable format.
11.6 WITHDRAWAL OF CONSENT (ART. 7 PARA. 3 GDPR)
You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have a future effect but no retroactive effect).
11.7 COMPLAINTS (ART. 77 GDPR)
If you believe that the processing of your data is in breach of GDPR, you can complain to a supervisory authority. You can submit your complaint to a supervisory authority in the EU member state where you are habitually resident or work or where the alleged breach took place.
11.8 RESTRAINT ON AUTOMATED DECISION-MAKING/PROFILING (ART. 22 GDPR)
Decisions that have legal consequences for you or that could have a significant detrimental effect on you must not be based solely on the automated processing of personal data, including profiling. We do not apply any such processing or profiling to your data.
11.9 OBJECTION (ART. 21 GDPR)
Where we process your data based on Art. 6 Para. 1 f) GDPR in pursuit of our overriding legitimate interests, you have the right subject to art. 21 GDPR to object, provided your objection is based on grounds relating to your specific situation. Once you have objected, we will no longer process your data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. Regardless of the aforementioned restrictions, and regardless of whether any special circumstances apply, you have the right to object at any time to the processing of your data for direct marketing purposes.
Last amended: June 2023