Data protection
Data protection information according to Art. 13 GDPR for the website of the Munich Conference Center
General information
The Conference Center Munich appreciates your visit to our website and your interest in our company and our services. We take the protection of your personal data seriously and we want you to feel secure when visiting our website. We process personal data that is collected when you visit our website in accordance with the statutory provisions, in particular the European General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Data Protection Act. The website of the Munich Conference Center may contain links to websites of other providers to which this data protection information does not extend.
The following information provides a simple overview of what happens to your personal data (all data with which you can be personally identified) when you visit our website.
Controller
The controller for data processing within the meaning of the General Data Protection Regulation is:
Conference Center Munich
Lazarettstraße 33
80636 Munich
Availability of our data protection officer
You can reach our data protection officer at:
Hanns-Seidel-Stiftung e. V.
Data protection
Lazarettstraße 33
80636 Munich
Purposes of data processing and legal basis
We only process your personal data if this is necessary for the functional provision of our website and our content and services. Data processing can therefore either be based on a legal authorization or legitimized by your consent.
Specifically, we process your personal data for the following purposes and on the following legal bases.
Provision of the website
Each time our website is accessed, our system automatically records protocols (so-called log files) for certain services. All log files are rotated daily. The logs from the previous day are archived and are available for the specified retention period. These are purely internal log files to which you as a customer have or can have no access.
The following data and information from your computer system is collected:
Web server log file
Contains: Domain, IP, requests, user agent, timestamp, status code
Retention period: 7 days
FTP log file
Contains: FTP user, IP, downloaded/uploaded files
Retention period: 24 hours
SSH log file
Contains: SSH user, IP
Retention period: 3 days
E-mail log file
Contains: Meta data (sender, recipient, time, IP, size)
Retention period: 3 days
Mail logs for sending via our mail servers are deleted after 3 days. This retention period is necessary to ensure the functionality of the mail services and to combat spam.
The aforementioned data is not stored together with other personal data. It is not possible to individually determine the storage period.
However, we reserve the right to check the data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. Data processing is carried out on the basis of Article 6 (1) (c) of the GDPR in conjunction with Article 25 and 32 of the GDPR.
The storage of data in log files serves to ensure the functionality of the website. We also use this data to optimize our website and secure our information technology systems. The data is not used for marketing purposes in this context. The legal basis for this temporary storage of data and log files is Article 6 (1) (f) of the GDPR. Our legitimate interest is to be able to make our website available to you in a functional manner.
Use of cookies
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website functional. Technically necessary cookies are stored for this purpose. Some elements of our website require that the accessing browser can be identified even after a page change. These functions could not be offered without the use of cookies.
The following data is stored and transmitted in the cookies:
- Language setting
- Session ID
- Cookie setting
You have full control over the use of cookies. These are stored on your computer and the data is transmitted from it to our website. Most browsers are set to accept cookies by default, but you can deactivate or restrict the transmission of cookies by changing your browser settings. Cookies that have already been saved can be deleted by you at any time. This can also be done automatically by changing your browser settings accordingly.
If cookies are generally deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
In the case of technically necessary cookies, your personal data is processed within the meaning of Article 25 (2) Telecommunications Digital Services Data Protection Act and to safeguard our legitimate interests in accordance with Article 6 (1) (f) of the GDPR. Our legitimate interest lies in ensuring the functionality of our website. The data collected by technically necessary cookies is not used to create user profiles.
The technically necessary cookies used, so-called “session cookies”, are automatically deleted when the browser is closed.
Matomo
Our website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before it is stored.
This analysis tool is used on the basis of Article 6 (1) (f) of the GDPR. The website visitor has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6 (1) (a) of the GDPR and Article 25 (1) Telecommunications Digital Services Data Protection Act, insofar as the consent includes the storage of cookies within the meaning of the Telecommunications Digital Services Data Protection Act. Consent can be revoked at any time.
Deactivate Matomo
You have the option of preventing the actions you take here from being analyzed and linked. Although this protects your privacy, it prevents the website operator from learning from your actions and improving usability for you and other users.
You can manage the setting as to whether or not your visit to this website is recorded by Matomo Web Analytics in the cookie settings.
Processing of personal data when contacting us
Inquiry form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
We process your personal data in order to process your inquiry:
Obligatory information:
- first name
- surname
- e-mail address
- your message
Voluntary information:
- telephone number
Legal basis for the processing of your personal data Article 6 (1) (b) and (f) of the GDPR. We need to process your personal data in order to be able to respond to your inquiries.
We delete your data as soon as it is no longer required to achieve the purpose for which it was collected or you request us to delete it. Mandatory statutory provisions – in particular retention periods – remain unaffected.
Inquiries by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data resulting from it (e.g. name, request) for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) of the GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Article 6 (1) (f) of the GDPR) or on your consent (Article 6 (1) (a) of the GDPR) if this has been requested; consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Transfer of personal data to third parties
We do not pass on your data to third parties unless you have given your consent to do so, or it is a necessary data transfer, such as when using external service providers.
Web hosting
For the hosting and maintenance of our website, we rely on the use of external service providers, which we oblige to comply with the legal requirements via an order processing agreement. We have concluded a data processing agreement (DPA) with the service providers listed below. This is a contract prescribed by data protection law (in accordance with Article 28 of the GDPR), which ensures that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access (for detailed information, please refer to “Provision of the website” above) and other data generated via a website.
We host our website with the following provider:
DomainFactory GmbH
Managing Directors Mr. Thomas Rosenkranz and Mr. Nicholas A. Daddario
Neuturmstrasse 5
80331 Munich
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Article 6 (1) (b) of the GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Article 6 (1) (f) of the GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6 (1) (a) of the GDPR and Article 25 (1) Telecommunications Digital Services Data Protection Act, insofar as the consent includes the storage of cookies within the meaning of the Telecommunications Digital Services Data Protection Act. Consent can be revoked at any time.
SSL or TLS encryption
This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.
Your rights
Below you will find information on the rights to which you are entitled under the GDPR.
Information, rectification, erasure, restriction of processing, data portability
Data subjects have the right of access (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR) and the right to data portability (Article 20 of the GDPR).
To exercise the aforementioned rights, you can contact the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (f) of the GDPR (data processing on the basis of legitimate interest).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
The objection can be made informally and should be addressed to the responsible bodies.
Withdrawal of consent
If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time in accordance with Article 7 (3) of the GDPR The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Complaint to the supervisory authority
In accordance with Article 77 (1) of the GDPR GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful, in particular if it violates the GDPR.
The address and contact details of the supervisory authority responsible for the Hanns-Seidel-Foundation are as follows
Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach/Deutschland