DaTA PROTECTION NOTICE FOR DATA PROCESSING BY BRANDFOLKS
Brandfolks (owner Oliver Heimburger / “Brandfolks”) informs you in this data protection notice how personal data is collected, processed and used when you contact us and what rights data subjects are entitled to. In any event we only collect, process and use your personal data insofar as this is permissible under the German Data Protection Act (Bundesdatenschutzgesetz), the General Data Protection Regulation (GDPR) and the country-specific data protection laws.
§ 1 NAME AND CONTACT DETAILS OF THE DATA CONTROLLER; NO COMPANY DATA PROTECTION OFFICER
The controller under Article 4 No. 7 of the EU General Data Protection Regulation (GDPR) is the owner of brandfolks, Mr Oliver Heimburger, Rellinger Str. 1, 20257 Hamburg (see our legal notice – Link). A data protection officer has not been appointed and Brandfolks is not legally obliged to appoint one.
§ 2 COLLECTION AND STORAGE OF PERSONAL DATA AND THE TYPE AND PURPOSE OF THE USE THEREOF
When you contact us by e-mail or via our contact form, we collect from you by web form the necessary personal data (surname, first name, address, e-mail address, telephone number (fixed-line network and/or mobile phone)). That data is collected and stored so that you as the customer can be identified, to answer your questions and possibly for the purposes of the conclusion or performance of a contract. The data processing for the purpose of contacting us occurs upon your contact request and is necessary under Article 6(1) sentence 1 point (b) GDPR for the above-mentioned purposes, for the appropriate processing of your non-binding request or your contract enquiry and for the fulfilment of reciprocal obligations under a contract.
The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller and for our own purposes. The data controller may cause the data to be passed on to one or more contract processors, which will also use the personal data exclusively for internal use attributable to the data controller.
As a result of registration on the data controller’s website, the IP address assigned by the data subject’s Internet service provider (ISP), the date and the time of registration will also be stored (only in this way can misuse of our services be prevented, and if necessary that data also enables committed criminal offences to be clarified). The storage of that data is therefore necessary to protect the data controller. As a rule, that data will not be passed on to third parties, unless there is a statutory obligation to disclose it or the disclosure serves the purpose of criminal prosecution.
The registration of the data subject with voluntary provision of personal data enables the data controller to offer the data subject content or services which due to their nature can only be offered to registered users. Registered persons are free to change the personal data provided upon registration at any time or have it completely erased from the data controller’s database.
The data controller will provide any data subject at any time on request with information on what personal data concerning the data subject is stored. The data controller will also rectify or erase personal data at the request or upon a notice of the data subject, unless statutory retention requirements are opposed to this. The data protection officer named in this data protection notice and all the employees of the data controller are available as a contact for the data subject in this context, at e-mail address firstname.lastname@example.org.
This data received from you is collected, processed and used by us to enable you to use our online service (usage data) and insofar as this is necessary for establishing, implementing or terminating the contract (performance of the contract) and for customer care. That data will not be passed on to any third parties without your explicit consent.
§ 3 ERASURE OF DATA AND STORAGE PERIOD
All personal data will only be stored as long as this is necessary for the specified purpose (processing of your enquiry or carrying out and handling your travel booking) and the performance of the contract. We will erase that data once storage is no longer necessary or restrict the processing if statutory retention requirements exist. The criterion for the storage period for personal data is the respective statutory retention period (e.g. 10 years for tax-related retention). After the end of that period, the data in question will be erased as a matter of routine, provided that it is no longer required for the performance or initiation of a contract.
You may object to the use or processing of your data for the purposes of advertising, marketing research or opinion polling by sending a message to email@example.com.
If we make use of commissioned service providers for individual functions of our service or would like to use your data for advertising purposes, we inform you below in § 4 et seq. of the respective processes. We also specify the established criteria for the storage period.
If there is no legal basis for the processing of your personal data, we obtain consent from the data subject.
§ 4 YOUR RIGHTS AS A DATA SUBJECT
You have the following right under Article 7(3) GDPR:
– the right to withdraw any consent that you have granted us at any time, whereupon we will not be permitted to continue the data processing which is based on that consent in the future.
You have the following rights under Article 15 GDPR:
– the right to receive information on the personal data processed by us and the purposes of the processing, the category of the personal data, the recipients or categories of recipients to which that data has been or will be disclosed, the planned storage period, or on
– the right to rectification or erasure (“right to be forgotten”),
– the right to restriction of the processing,
– the right to object to the processing,
– the right to data portability,
– the right to learn the origin of your data insofar as it was not collected by us,
– the right to request information on the existence of automated decision-making including profiling and where appropriate meaningful information on the details thereof.
You have the following right under Article 16 GDPR:
– the right to request prompt rectification of incorrect or incomplete personal data concerning you which is stored by us.
You have the following right under Article 17 GDPR:
– the right to request the erasure of your personal data stored by us if the processing is not necessary for exercising the right of freedom of expression and information, compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
You have the following right under Article 18 GDPR:
– the right to request the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful and you oppose its erasure and we no longer need the data but you need it for the establishment, exercise or defence of legal claims or you have objected to the processing under Article 21 GDPR.
You have the following right under Article 20 GDPR:
– the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or request its transmission to another controller; and
You have the following right under Article 77 GDPR:
– the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. As a rule, you may contact the supervisory authority of your place of habitual residence or place of work or at the location of our registered office.
RIGHT TO OBJECT:
If your personal data is processed on the basis of legitimate interests in accordance with Article 6(1) sentence 1 point (f) GDPR, you have the right under Article 21 GDPR to object to the processing of your personal data, provided that there are grounds for this relating to your particular situation. You can exercise your revocation right or your right to object at the address firstname.lastname@example.org.
Please also feel free to contact us at the above-mentioned address or at email@example.com for the purpose of exercising the above rights or to obtain information, inform us of your wishes or submit suggestions on the subject of data protection.
§ 5 PASSING ON DATA TO THIRD PARTIES
We will not pass your personal data on to any third parties for any purposes other than those specified below. We will only pass your personal data on to third parties, if:
– you have explicitly consented to this in accordance with Article 6(1) sentence 1 point (a) GDPR;
– the disclosure is necessary under Article 6(1) sentence 1 point (f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest which requires protection in your data not being passed on;
– if a legal obligation exists for disclosure under Article 6(1) sentence 1 point (c) GDPR; and
– if this is legally permitted and necessary under Article 6(1) sentence 1 point (b) GDPR for the purpose of implementing contractual relationships with you.