LIGAPRODUCTION GmbH & Co. KG Herdweg 59 70174 Stuttgart, Germany E-mail address: firstname.lastname@example.org Managing Director/ Owner: Timo Schönauer Link to Legal Information: www.ligaproduction.com/en/imprint/ Data Protection Officer contact address: Datenschutz@zeitgeist.group
Types of data processed:
- User data (e.g. name and address) - Contact data (e.g. e-mail address, telephone numbers) - Content data (e.g. text input, photographs, videos) - Usage data (e.g. websites visited, interest in content, times of visits). - Metadata/Communication data (e.g. information about devices used, IP addresses).
Purpose of processing
- Provision of the online service, its functions and its content - To respond to contact requests and for communication with users - Security measures - Audience reach measurement/Marketing.
“Personal data” are all information that relates to an identified or identifiable natural person (hereinafter the “data subject”); a natural person will be considered identifiable if they can be identified directly or indirectly particularly through association with a designation such as a name, an ID number, location data, online identification (e.g. a cookie) or one or more specific features that indicate the physical, physiological, genetic, mental, economic, cultural or social identify of this natural person. “Processing” is any automated or non-automated process or sequence effected in connection with personal data. The term is far-reaching and covers virtually every use of data. The “data controller” is the natural or legal person, authority, establishment or other body that alone or with others decides on how and for what purpose personal data are processed.
Applicable legal provisions
Collaboration with data processors and third parties
Insofar as we disclose data to other individuals and businesses (data processors and third parties), transfer data to them or otherwise give them access to the data within the scope of our processing, this is effected only where this is legally permissible (e.g. where transfer of the data to a third party such as payment service providers is necessary for contract performance in accordance with Art. 6 (1) b) GDPR), where you have given your consent, where a legal obligation exists, or where it is on the basis of our legitimate interests (e.g. in the event that agents, web hosters, etc. are used). Insofar as we instruct third parties to process data on the basis of a data processing contract, this is done on the basis of Art. 28 GDPR.
Transfer to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so by using the services of a third party and/or disclose and/or transfer data to third parties, this is only done in order to fulfill our precontractual and/or contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we process data or have data processed in a third country only where the special conditions set out in Art. 44 ff. GDPR exist. This means that processing is effected on the basis of special guarantees such as the officially recognized establishment of a EU-compliant level of data protection (e.g. the Privacy Shield in the USA) or observation of officially recognized special contractual obligations (what are known as “standard contractual clauses”).
Rights of the data subject
Under the provisions of Art. 15 GDPR you have the right to request information about which data are being processed, and the right to information about these data as well as to further information and a copy of the data. Under the provisions of Art. 16 GDPR you have the right to request the completion of your personal data and/or rectification of incorrect personal data. Under the provisions of Art. 17 GDPR you have the right to request the immediate erasure of your personal data and/or to request that the processing of your personal data be restricted under the provisions of Art. 18 GDPR. Under the provisions of Art. 20 GDPR you have the right to receive the personal data that you have provided to us, and the right to have that data transferred to another data controller. Furthermore, Art. 77 GDPR gives you the right to lodge a complaint with the competent supervisory authority.
Right to withdraw consent
Under the provisions of Art. 7 (3) GDPR you have the right to withdraw any consents you have given with future effect.
Right to object
Under the provisions of Art. 21 GDPR you may object at any time to the future processing of your personal data. This objection may most notably be exercised against processing for the purposes of direct advertising.
Cookies and the right to object to direct advertising
Erasure of data
We also process - contractual data (e.g. subject matter of the contract, contract term, customer category) - payment data (e.g. bank details, payment history) of our customers, leads and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.
The hosting services we use serve the provision of the following services: infrastructure and platform services, computing capacity, storage and database services, security services, and technical maintenance services that we use for the purpose of operating this online service. In doing so we process, for example, our hosting provider’s user data, contact data, content data, contractual data, usage data, meta data and communication data of customers, leads, and visitors to this online service on the basis of our legitimate interests in an efficient and secure provision of this online service in accordance with Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR (conclusion of a processing contract).
Collection of access data and log files
We and/or our hosting provider collect data in what are known as log files every time the server on which this service is located is accessed, on the basis of our legitimate interest in the sense of Art. 6 (1) f) GDPR. These access data include the name of the web page visited, file, date and time of the visit, transferred data volume, report on successful retrieval, browser type and version, the user’s operating system, the referrer URL (the previously visited page), IP address and the name of the internet services provider. Log file information is stored for a maximum 7 days for security reasons (e.g. to establish misuse or fraudulent acts) and then erased. Data which need to be retained for longer for evidence are not erased until the respective incident has been finalized.
Order handling at the online store; customer account
We process your data when you place an order in our online store so that we can enable you to select and order your chosen products and services, and to enable payment and delivery and/or execution. The data processed includes user data, communication data, contractual data, payment data and the data subjects include our customers, leads and other business partners. Processing is effected for the purpose of providing contractual services within the scope of operating an online store, invoicing, delivery, and customer service. In doing so, we use session cookies to store the contents of shopping carts, and permanent cookies to store the user’s login status. Processing is effected on the basis of Art. 6 (1) b) (handling order processes) and c) (legally obligatory processing) GDPR whereby the details designated as mandatory are required for the establishment and performance of the contract. We only disclose the data to third parties within the scope of delivery, payment or within the scope of legal permissions and obligations to legal consultants and authorities. The data are only processed in third countries where this is necessary for contract performance (e.g. for delivery or payment at the customer’s request). If you wish, you may if create a user account where, most notably, you can view your orders. During registration, you are notified about mandatory information. User accounts are not public and cannot be indexed by search engines. If you cancel your account, your data are erased in terms of the user account subject to their retention being required under commercial or fiscal law as set out in Art. 6 (1) c) GDPR. Data in the customer account are retained until the account is deleted and subsequently archived in the event of a legal obligation. You are obliged to secure your data when you close your account prior to the end of the contract. Within the scope of first registration and subsequent registrations, and the use of our online services, we store your IP address and the time of your respective user activity. Storage is on the basis of our and your legitimate interest in protection against misuse or other unauthorized use. These data are not disclosed to third parties save where this is necessary to pursue our claims or where a legal obligation exists as set out in Art. 6 (1) c) GDPR. Data are erased after any statutory warranty and similar retention periods have elapsed. The necessity of retaining data is checked every three years; in the event of statutory archiving obligations, erasure is effected once they have lapsed (6-year obligatory retention period under commercial law and 10 years under fiscal law).
We process our customers’ data within the scope of our contractual services which include conceptual and strategic consultancy, campaign planning, software and design development/consultancy or maintenance, implementation of campaigns and processes/handling, server administration, data analysis / consultancy services and training services. In doing so we process user data (e.g. customer user data such as names or addresses), contact data (e.g. e-mail addresses, telephone numbers), content data (e.g. text input, photographs, videos), contractual data (e.g. subject matter of the contract, contract term), payment data (e.g. bank details, payment history), usage and meta data (e.g. within the scope of analyzing and measuring the success of marketing measures). We do not process special categories of personal data save where these form part of a contracted processing. The data subjects include our customers, leads, and their customers, users, website visitors or employees, and third parties. The purpose of processing lies in the provision of contractual services, invoicing, and our customer service. Art. 6 (1) b) GDPR (contractual services) and Art. 6 (1) f) GDPR (analysis, statistics, optimization, security measures) form the legal basis for processing. We process data that are necessary to establish and provide contractual services and we draw attention to the need to provide these data. They are only disclosed to third parties where this is necessary within the scope of a contract. When processing data within the scope of a contract, we act on the instruction of the client and we comply with the statutory requirements for contracted processing as set out in Art. 28 GDPR, and we do not process the data for any purpose other than that specified in the contract. We erase the data once statutory warranty and similar retention obligations have lapsed. The necessity of retaining data is checked every three years; in the event of statutory archiving obligations, erasure is effected once they have lapsed (6-year obligatory retention period under the provisions of Art. 257 (1) of the German Commercial Code; 10 years under the provisions of Art. 147 (1) of the German Tax Code). In the case of data that are disclosed to us by the client within the scope of a contract, we erase the data in accordance with the terms of the contract, and always once the contract has ended.
Administration, accounting, office organization, contact management
We process data within the scope of administrative duties and the organization of our business, accounting, and complying with legal obligations such as archiving. In doing so we process the same data that we process within the scope of providing our contractual services. Art. 6 (1) c) GDPR and Art. 6 (1) f) GDPR form the legal basis for processing. This processing affects customers, leads, business partners and website visitors. The purpose of and our interest in processing lies in administration, accounting, office organization, and archiving of data. In other words, tasks that serve the maintenance of our business activities, administration of our duties, and provision of our services. The erasure of the data with regard to contractual services and contractual communication corresponds with the details specified for these processing activities. In the course of processing we disclose or transfer data to financial authorities, consultants such as tax consultants or auditors, and other billing centers and payment service providers. On the basis of our commercial interests we furthermore store data about suppliers, event organizers and other business partners for the purpose of, say, making contact in future. We permanently store these data, the majority of which are business-related.
Privacy with regard to job application processes
Within the scope of application, we offer candidates the opportunity to be listed in our “Talent Pool” for a period of two years on the basis of their consent in the sense of Art. 6 (1) b) and Art. 7 GDPR. The application documentation contained in the Talent Pool is solely processed in connection with future job vacancies and sourcing candidates, and is erased at latest on expiry of the retention deadline. Candidates are informed that their consent to inclusion in the Talent Pool is voluntary, that it has no influence on the ongoing job application process, that their consent may be withdrawn at any time with future effect, and that they may object in the sense of Art. 21 GDPR.
When you make contact with us (e.g. by contact form, e-mail, telephone, or via social media) your data are processed for the purpose of dealing with the contact request and resolving it in accordance with Art. 6 (1) b) GDPR. Your data may be stored in a customer relationship management system (CRM system) or some similar request organization system. We erase queries once they are no longer required. We examine their necessity every two years. The statutory archiving retention periods also apply.
The following informs you about the content of our newsletter, subscription, dispatch, and statistical analysis procedures, and your rights to object. By subscribing to our newsletter you consent to receiving the newsletter and to the procedures described. Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipient or on the basis of legal permission. Where, in the course of subscription to the newsletter, its contents are concretely outlined, those contents shall be material to the user’s consent. Otherwise our newsletter contains information about us and our services. Double opt-in and logging: A double opt-in procedure is used for subscription to our newsletter. This means that after you subscribe, you will receive an e-mail in which you will be asked to confirm your subscription. This confirmation is necessary to ensure that nobody can subscribe using someone else’s e-mail address. Subscription to the newsletter is logged in order to prove that the subscription process has been effected in accordance with legal requirements. This logging includes storage of the time of the subscription and confirmation and your IP address. The changes to your data stored with the dispatch service provider will also be logged. Subscription data: In order to subscribe to the newsletter you only need to provide your e-mail address. So that we can address you by name in the newsletter, we may ask you to optionally state your name. Germany: The dispatch of the newsletter and the success measurement associated with it are effected on the basis of the recipient’s consent in accordance with Art. 6 (1) a) and Art. 7 GDPR in conjunction with Art. 7 (2) 3) UWG (Act against Unfair Competition) and/or on the basis of legal permission in accordance with Art. 7 (3) UWG. The logging of the subscription process is effected on the basis of our legitimate interests under the provisions of Art. 6 (1) f) GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that both serves our business interests and meets users’ expectations, and furthermore provides us with proof of consent. Unsubscribing/Withdrawal: You may unsubscribe from our newsletter at any time, i.e. you may withdraw your consent. You will find a link to unsubscribe from the newsletter at the end of every newsletter. We may store removed e-mail addresses for up to three years on the basis of our legitimate interests before we erase them so that we can prove that consent has previously been granted. The processing of these data is restricted to possible defense against claims. An individual application for erasure may be made at any time provided that the existence of a previous consent is confirmed at the same time.
Newsletter – E-mail marketing service provider
Newsletter – Measuring success
Our newsletters contain what is known as a web beacon. This is a pixel-size file that is accessed by our server and/or insofar as we use an e-mail marketing service provider, the latter’s server when you open the newsletter. This retrieval initially results in the collection of technical information such as details about the browser and system you are using, as well as your IP address and the time you opened the newsletter. This information is used for the technical improvement of the service on the basis of the technical data or the target groups and their reading behavior on the basis of the places in which they opened the newsletter (that can be identified with the help of the IP address) or their access times. Statistical data collected also includes details of whether the newsletter is opened, when it is opened and which links are clicked. Although, for technical reasons, this information can be associated with the individual newsletter recipient, neither we nor the e-mail marketing service provider if we use one, has any interest in observing individual users. Rather, these evaluations serve to help us identify our users’ reading habits, and to modify our content or to send users different content related to their interests.
Facebook Pixel, Custom Audiences and Facebook conversion
Online presence on social media
Integration of the services and content of third parties
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and cost-effective operation of our online service in the sense of Art. 6 (1) f) GDPR) within our online service we use the content or services of third-party providers in order to integrate their content and services such as videos or fonts (hereinafter “content”). Such integration presupposes that the third-party provider of this content recognizes the your IP address as they cannot send their content to your browser without your IP address. This means that the IP address is necessary in order to display that content. We endeavor to use only content whose respective providers only use the IP address to deliver that content. Third-party providers may also use what are known as pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags allow information such as visitor traffic to a website’s pages to be analyzed. This pseudonymized information can also be stored on cookies on your device and may include technical information about your browser and operating system, the referring websites, time of the visit and other details, and may also be associated with such information from other sources.
Use of Facebook Social Plugins