We take the protection of your personal data very seriously. Your privacy is an important concern for us.
The following provisions serve to inform you about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR). In particular, taking into account the duties to provide information in accordance with Art. 12 to 14 GDPR as well as to inform you about the rights of data subjects in accordance with Art. 15 to 22 and Art. 34 GDPR.
Information on the responsible authority
The following party is responsible for processing your personal data:
SGF International e.V.
Am Hahnenbusch 14 b
Tel.: +49 (0) 61 36 - 92 28 0
Fax: +49 (0) 61 36 - 92 28 10
This data protection policy applies to all pages of our online network which are linked to this policy. The overarching information can be found on our main data protection page.
Purpose of the data collection
The purpose of the data collection is to optimise our website(s), analyse errors, customise our website(s) to your needs, provide you the opportunity to get in touch with us and, if applicable, to sell goods and services.
General Data Processing
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is only carried out after the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of their data:
- Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) of the EU General Data Protection Regulation (EU-GDPR) serves as the legal basis.
- In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
- Insofar as it is necessary to process personal data in order to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
- In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR is used as the legal basis.
- If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interest, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR applies as the legal basis for the processing.
Legitimate interests can be in particular:
- the answering of inquiries;
- the performance of direct marketing activities;
- the provision of services and/or information intended for you;
- the processing and transfer of personal data for internal or administrative purposes;
- the operation and administration of our website;
- the technical support of the users;
- the prevention and detection of fraud and criminal offences;
- the protection against non-payment when obtaining creditworthiness information in connection with the requests for goods and services; and/or
- the protection of network and data security, insofar as these interests are in accordance with the applicable law and with the rights of the user
Categories of recipients:
- Service providers for the optimization of websites, online marketing service providers and tools, service companies for information and communication technology, companies for software and equipment maintenance, some of them are described in detail below;
- Social networks and communities;
- Internal recipients according to the “need to know” principle.
User data / Server log files
Whenever you visit our website, our systems automatically collect data and information from the computer system of the calling computer. The following types of data are collected: Browser type, version used, operating system of the user, internet service provider, IP address of the user, date and time of retrieval, websites from which the user’s system has come to our website or to which the user of our website accesses. The legal basis for the temporary storage of data and logfiles is Art. 6 para. 1) lit. f) GDPR with the above mentioned legitimate interests. The temporary storage of the IP address by the system is necessary to enable the website to the computer of the user. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended. The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Furthermore, we reserve the right to check the files if, based on concrete evidence, there is a legitimate suspicion of illegal use or a concrete attack on the pages. In this case, our legitimate interest is the processing for the purpose of clarification and criminal prosecution of such attacks and illegal use.
Technical cookies: Some elements of our website require that the calling browser can be identified even after a page change. The purpose of this use is to enable the function of the website in the first place. Examples of technically necessary cookies are the provision of a shopping cart or the login as a registered user. The processing is therefore based on Art. 6 para. 1 lit. b) or f) GDPR.
Functional cookies: There may be functions which are not technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the memorization of search terms, etc. Processing is also carried out on the basis of Art. 6 para. 1 lit. b) or f) GDPR.
Change cookie settings here.
General statements about web beacons / tracking pixel
Web beacons are invisible graphics with the size of a pixel. They are used by partner companies, for the purpose of tracking a user via various web pages to create a profile for use in advertising tailored to the user (targeting). A pixel integrated into the web page is loaded from the partner’s server when the web page is accessed. In this way, the partner receives your IP address, as well as information about your browser and its version, browser plug-ins used (browser fingerprint), your operating system and your network operator. For the integration of external services through web beacons / tracking pixels or other scripts, the specifications for advertising cookies apply accordingly.
Content of external providers
Some of our web pages integrate third party content within the offer, such as videos from YouTube, map material from Google Maps, images, texts and multi-media files, RSS feeds or other services from other websites. This always requires the transmission of your IP address to the providers of these contents. We cannot make any statement about the use of your data by these providers and have no influence on further processing. We do not know whether the data will be used for other purposes, such as profile building. Please refer to the corresponding data protection information of the respective third-party providers.
You can protect yourself against further persecution by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings.
The legal basis for the transmission of personal data when integrating third party providers is Art. 6 para. 1 lit. a) GDPR if the user has given his consent to this – e.g. by selection in a cookie opt-in banner – otherwise Art. 6 para. 1 lit. f) GDPR in conjunction with recital 47.
Our website use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Due to the fact that we have activated the IP anonymisation your IP address will be shortened by Google. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser within the scope of Google Analytics may be combined with other data from Google. The legal basis for the processing of personal data of users is Art. 6 para. 1 lit. a GDPR. We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “personal data”.
You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As mentioned above, this website uses Google Analytics with the extension “_anonymizeIp()”. This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is therefore deleted immediately. For the exceptional cases in which personal data is transferred to the USA, suitable guarantees will be given in future through standard contractual clauses.
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, or Google Analytics of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
You have the right to revoke your consent granted pursuant to Art. 6 para. 1 lit. a GDPR at any time. To do so, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can set an opt-out cookie to prevent detection by Google Analytics across devices. Opt-out cookies prevent the future collection of your data when you visit this website. You must opt-out on all systems and devices in order for this to be fully effective. Click here to set the opt-out cookie: Disable Google Analytics
We use the pretix service from Raphael Michel, rami.io Softwareentwicklung, Markgräfler Straße 16, 69126 Heidelberg, Germany, to manage events via our website. The purposes of processing can include the provision of a ticket shop system with a connected payment gateway, event evaluations and the handling of the check-in process. The application is displayed on our site using iFrame. The legal basis for the transmission of your personal, technical data is the simplification of the event management as a legitimate interest according to Art. 6 Para. 1 lit. f) GDPR.
Your data will only be stored for as long as necessary. In the case of ticket booking data, the statutory retention periods, among other things, are decisive. You can view further data protection provisions at the technical provider at https://pretix.eu/about/de/privacy.
We use the Userlike service from Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, to provide a web-based live chat system on our website. From the moment you start visiting our website, you have the opportunity to contact one of our employees. The legal basis for processing is our legitimate interest in accordance with Art. 6 Paragraph 1 lit. f) GDPR, which is in direct communication with you. We do not use the data to carry out tracking or retargeting measures. The data will only be stored for as long as is technically necessary or as long as these are subject to statutory retention periods. You can view further data protection provisions at the technical provider at https://www.userlike.com/de/terms#privacy-policy.
Contact form and e-mail contact
On our website is a contact form available, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. These data are: Name, address, e-mail address, telephone number, etc.. Not all of these data must be mandatory. At the time the message is sent, the following data is also stored: The IP address, date and time. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
The legal basis for the processing is:
- For the receipt of the data based on the sending of the contact form as consent in accordance with Art. 6 para. 1 lit. a) in connection with Art. 5 (expected processing) GDPR or alternatively on the basis of the legitimate interest of answering your contact request according to Art. 6 para. 1 lit. f) GDPR.
- For the processing of data transmitted in the context of sending an e-mail, Art. 6 para. 1 letter f) GDPR with the above-mentioned legitimate interests.
- If the e-mail contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. Retention periods under commercial and tax law may exist.
The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
On our website you have the possibility to subscribe to a free newsletter with promotional content. Our newsletters contain information about our service offers, promotions, events, competitions, job offers, contributions / articles. Newsletters, on the other hand, do not include news without advertising information that is sent within the framework of our contractual or other business relationship. This includes, for example, the sending of service e-mails with technical information and queries about orders, events, notifications of competitions or similar messages. When registering for the newsletter, the data from the input mask is transmitted to us. In addition, the IP address of the calling computer and the time of the call are collected. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. In case you purchase goods on our website via our online shop and enter your e-mail address, we reserve the right to send you newsletters with direct advertising for similar goods. In connection with the data processing for the dispatch of newsletters, the data will not be passed on to third parties. The data will be used exclusively for the dispatch of the newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a) GDPR and for the dispatch of the newsletter as a result of the sale of goods in accordance with § 7 para. 3 UCA or Art. 6 para. 1 lit. f) (dispatch based on our legitimate business interest).
The collection of the user’s e-mail address is used to send the newsletter. The collection of other personal data in the course of the registration process serves to prevent misuse of the services or the e-mail address used. The subscription to the newsletter can be revoked by the user at any time. For this purpose there is a corresponding link in every newsletter.
A statistical evaluation of the reading behavior only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. This is a function that we use, however, only to check the user activities and to be able to make corresponding optimizations. For this purpose, the newsletter contains a so-called “web beacon”, a pixel-sized file that is retrieved from our server when the newsletter is opened. This web-beacon can be personalized, so that personal data is collected. Clicks are tracked via personalized links to the respective website. If personalized data are collected, the legal basis is Art. 6 para. 1 lit. a) GDPR.
Data collection during registration and registered use
Some of our websites require or offer registration. The data collected in the process is used for the purpose of using the respective websites and services, unless otherwise described and explicitly agreed upon during registration. The data collected is derived from the input mask in the context of registration, processing is based on Art. 6 para. 1 lit. b) GDPR. All other data that you can enter at a later date to complete your profile are optional and voluntary and are based on the legal basis of Art. 6 para. 1 lit. a) GDPR. After registration, we may inform you about relevant circumstances related to our offer for which you have registered by means of the deposited e-mail address.
Data transmission via the internet
Data transmission via the internet is generally associated with certain risks. A special encryption of the data is not carried out, especially messages from the contact form of our website and messages in the service chat are transmitted unencrypted.
Please bear this in mind when transmitting data. If you wish to communicate with us by means of encrypted e-mail, this is possible by using SMIME encryption. Please inform us of your wish to use encryption, as we regularly send unencrypted e-mails due to the current low market penetration of e-mail encryption methods.
If you provide us with personal data, this data will only be passed on to third parties if this is necessary for the processing of the contractual agreement or if another legal reason legitimises this passing on. However, we provide certain services with the cooperation of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
Information on your rights
You have the right
- to request confirmation from us as to whether your personal information is being processed; if this is the case, you are entitled to obtain details about this personal data; you may also receive the information specified in Art. 15 of the GDPR.
- to request that we correct your data if it is deemed to be incorrect, inapplicable and/or incomplete. Such rectification of data also covers duties of completion through explanation or notification.
- to request that we delete personal data relevant to you without delay if one of the reasons specified in Art. 17 of the GDPR applies. Unfortunately, we may not delete data that is subject to a legal retention period. If you would prefer that we never collect data from you or never contact you again in the future, we shall store such relevant contact details in a blacklist.
- to revoke any consent given by you with future effect and without any negative consequences for you.
- to request from us that processing be restricted if one of the prerequisites listed in Art. 18 of the GDPR is provided.
- to object at any time to the processing of personal data relevant to you on grounds relating to your particular situation. We shall no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds to do so, which override your interests, rights and freedoms, or such processing is required for the establishment, exercise or defense of legal claims (Art. 21 of the GDPR). to request that the data relevant to you be issued in a commonly used electronic and machine-readable format. This also covers the issuance (if possible) to another responsible party specified by you directly. (Art. 20 of the GDPR)
- without prejudice to another administrative or judicial remedy and if you believe that the processing of your personal data is in breach of the GDPR, to file a complaint with our data protection officer: datenschutz(at)sgf.org or by post (see imprint) or to assert claims vis-à-vis the supervisory authority in the member state of your place of stay, your place of work or the location where the alleged violation took place.
Deletion of your data
Unless otherwise regulated in the more detailed data protection declarations, we will delete your personal data once the contractual relationship with you has ended, you have exercised your right to deletion, all mutual claims have been met and there are no other legal storage obligations or legal justifications for storage. As a rule, storage periods under commercial law for financially relevant data are up to 10 years. We may also store data for as long as is necessary to protect ourselves from claims that may be asserted against us. These periods can be up to 30 years.
For the purposes of this general information concerning employees, the following definitions apply:
1. personal data – any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Examples are contact data, communication data, billing data.
2. Controller – the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or national law, provision may be made for the controller or for the specific criteria for his or her identification in accordance with Union or national law.
3. Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
4. Recipient – a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party.
5. Employees – employees, including temporary workers in relation to the hirer, persons employed in relation to their vocational training, participants in benefits for participation in working life as well as in clarifications of occupational aptitude or work trials (rehabilitation candidates), persons employed in recognised workshops for disabled persons, volunteers performing a service in accordance with the Youth Voluntary Service Act or the Federal Voluntary Service Act, persons who are to be regarded as persons similar to employees on account of their economic dependence. These also include homeworkers and their equals, federal civil servants, federal judges, soldiers and persons performing community service. As well as applicants for employment and persons whose employment is terminated.
6. Third party – a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
7. Profiling – any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyse or predict aspects relating to the job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person.
8. Restriction of processing – marking of stored personal data with the aim of restricting your future processing.