1.1 CONTROLLER AND DATA PROTECTION OFFICER
Controller is doo GmbH, Hultschiner Straße 8, 81677 Munich, Germany, phone: +49 (89) 2488 153-0, email: kontakt@doo.net
Data protection officer is Rechtsanwalt Christian Schmoll, Kaiserplatz 2, 80803 Munich, Germany, telephone +49 (89) 4622 7322, email: schmoll@dp.institute
If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly.
1.2 LOGFILES
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device.
We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems.
The following data is logged for this purpose:
IP address of the calling computer
Operating system of the calling computer
Browser version of the calling computer
Name of the retrieved file
Date and time of retrieval
Transferred amount of data
Referring URL
The data will also be used to correct errors on the website.
Our website is hosted by a service provider in the European Economic Area. An agreement on order processing pursuant to Art. 28 GDPR exists.
The legal basis for this data processing is Art. 6 para. 1 f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection objectives of confidentiality, integrity and availability of the data.
1.3 HOW TO CONTACT US AND REQUEST INFORMATION AND OFFERS
If you contact us by email, via contact forms or our live chat, for example to request information or an offer or for other enquiries in connection with the doo Event Management Platform, the information you provide will be stored for the purpose of processing the enquiry. We need the information requested in the contact form on the website in order to process your enquiry, address you correctly and send you an answer.
The legal basis for this data processing is Art. 6 Para. 1 f) GDPR. Our legitimate interest is communication with customers and interested parties.
If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 b) GDPR.
We use an external service provider (Zendesk, Inc.) for our live chat system. Personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. This agreement on order processing contains the EU standard contract clauses. The service provider also holds a Privacy Shield certification. Accordingly, there are appropriate safeguards for data transfer in accordance with Art. 46 GDPR. A copy of the EU standard contract clauses and/or proof of the Privacy Shield certification of the service provider will be made available to you on request at any time. To do so, please contact us using the contact details provided for the Controller.
1.4 CUSTOMER DATABASE AND DIRECT ADVERTISING
Inquiries and orders are usually stored in our CRM system. These data can be used by us for direct marketing measures. You can object to such use for direct advertising at any time. Details about your right of objection can be found below under 'Your rights'.
The CRM system is regularly checked to see whether data can be deleted. If data in the context of a customer or prospective customer relationship is no longer necessary or an opposing interest of the customer outweighs, we will delete the relevant data, unless there are any legal storage obligations.
The legal basis for this storage and processing is Art. 6 para. 1 f) GDPR. Our legitimate interest is the maintenance of our customer relations and the implementation of direct marketing measures.
1.5 NEWSLETTER
1.5.1 NEWSLETTER REGISTRATION
On our website, you can register to receive a newsletter by email. During registration, the data from the input mask, the IP address of the respective computer and the date and time of registration are transmitted to us. Your consent will be obtained for the processing of the data during registration and reference will be made to this data protection information.
In order to check that the actual owner of an email address has registered to receive a newsletter, we use the so-called 'double opt-in' procedure. After registering an email address, a confirmation email is sent to the registered email address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation email is activated. The IP address of the computer and the date and time of activation of the confirmation link are also transmitted to us.
Registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at the contact details provided for the Controller.
Legal basis for the processing of the data after registration for the newsletter is your consent according to art. 6 para. 1 a) GDPR.
1.5.2 EMAIL NEWSLETTER AS PART OF AN EXISTING CUSTOMER RELATIONSHIP
If you register as a user of the doo Event Management Platform and enter your email address, we may subsequently use this to send you an email newsletter, provided that you have not objected to such use. In such a case, only direct advertising for our own similar goods or services will be sent via the email newsletter. You can object to the use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates by using the unsubscribe link contained in each newsletter or by contacting us at the contact details provided for the Controller.
The legal basis for the dispatch of the newsletter as a result of the sale of goods or services is Art. 6 Para. 1 f) GDPR in conjunction with § 7 Para. 3 UWG.
1.5.3 NEWSLETTER ANALYSIS
With our newsletters, a statistical evaluation of usage data can be carried out. For this purpose, we may record both the openings of the email and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the contents of the newsletter more relevant to our target group.
The legal basis for this analysis is Art. 6 para. 1 f) GDPR. Our legitimate interest is the evaluation and optimization of communication with customers and interested parties.
1.5.4 NEWSLETTER SERVICE PROVIDER
We use an external service provider (Mailchimp) for the dispatch and analysis of our newsletter. This involves the transfer of personal data to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. The service provider has a Privacy Shield certification. Accordingly, there are appropriate safeguards for data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the Controller.
1.6 BLOG
You can comment on articles in our blog. We use the comment system of the external provider DISQUS, Inc., 301 Howard St, Floor 3 San Francisco, California- 94105, USA. The DISQUS data protection information can be found here. The service provider has a Privacy Shield certification. Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the responsible office.
In order to comment on an article in the blog, you must register. DISQUS enables you to register either via a DISQUS account or via an account on Facebook, Twitter or Google Plus ('Social Media Networks'). If you register your account with a social media network for the comment function, the social media network will also collect and process information about your use of the DISQUS function. For detailed information on this data collection and processing, please refer to the data protection information of the respective social media network.
When you register for the comment function of DISQUS, we receive your email address and your IP address, which was used during the entry of a comment. We need and process this information solely for the purpose of contacting you in connection with your use of DISQUS, for example if we have questions about your user comment and for security reasons in the event that a comment violates the rights of third parties or illegal content is posted.
If you comment on an article in our blog, we will save and publish not only your comment but also information about the time of the comment and, if applicable, your chosen user name (pseudonym).
The legal basis for data collection within the commentary function is Art. 6 para. 1 f) GDPR. Our legitimate interest is on the one hand the evaluation and optimization of communication with customers and interested parties within the context of the blog and on the other hand the protection of our rights and the facilitation of our legal defense in the event of an abusive or illegal use of the commentary function.
1.7 REGISTRATION CUSTOMER SERVICE
You can register at our customer service portal. You will then be able to access your customer service enquiries at any time and check their status. The data provided during registration will be used for the purpose of using the customer service portal. The mandatory information requested during registration must be provided in full; all other information in your profile, for example the upload of a profile picture, is optional and voluntary. Your email address provided during registration will be verified by sending a confirmation email in which you must confirm your email address by clicking on a link.
The legal basis for this storage and processing is Art. 6 para. 1 f) GDPR. Our legitimate interest is the maintenance of our customer relations. If the establishment of contact is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the additional legal basis for the processing is Art. 6 Para. 1 b) GDPR.
You can have the data you entered when registering for the customer service portal deleted at any time. If you delete your registration, the data will be deleted with regard to the respective account, subject to their retention is necessary for commercial or tax reasons. Please contact us for the deletion of your account under the contact data specified for the Controller.
1.8 COOKIES
Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
We use so-called session cookies, which are only stored for the duration of the respective visit to our website (e.g. to enable the storage of your shopping basket contents). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online service and log out or close your browser.
You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.
You can object to the use of cookies, which are used for range measurement and advertising purposes, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 f) GDPR. Our legitimate interest is the operation, analysis and optimization of our website and our customer interactions.
1.9 RETARGETING/REMARKETING SERVICES
Retargeting/remarketing services allow us to target advertisements on our site and on our site to only show you ads that potentially match your interests. A cookie is used in your browser to indicate which websites on which such marketing services are active have visited you and what content you have been interested in. In addition, additional information such as IP address, browser, operating system time stamp, referring website are collected. If you subsequently visit other websites on which such marketing services are active, advertisements tailored to your interests may be displayed.
The legal basis for this data processing within the scope of marketing services is Art. 6 Para. 1 f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
1.9.1 LINKEDIN ADS
We use the retargeting service LinkedIn Ads of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn uses cookies.
For more information about LinkedIn's privacy policy, please see the LinkedIn Privacy Policy here: https://www.linkedin.com/legal/privacy-policy
You can prevent the storage of cookies by setting your browser accordingly. You can object to LinkedIn's analysis of your usage behaviour and the display of interest-based recommendations here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
When using the service provider LinkedIn Ads, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. The service provider has a Privacy Shield certification. Accordingly, there are suitable guarantees for data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the Controller.
1.9.2 FACEBOOK CUSTOM AUDIENCE
We also use the retargeting service Facebook Custom Audiences of Facebook, Inc. in the USA. Facebook Custom Audiences uses a so-called tracking pixel. This pixel is retrieved from a Facebook URL with certain parameters when you visit our website and transmits information to Facebook, which uses Facebook for targeted advertising. However, this does not address individual persons, but only groups of users who exhibit similar behavior. Facebook uses a so-called hashing process, in which personal data is encrypted in such a way that Facebook can no longer assign it to individual users.
Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy
We use the LinkedIn Ads retargeting service of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn uses cookies.
For more information about LinkedIn's privacy practices, please see the LinkedIn Privacy Policy here: https://www.linkedin.com/legal/privacy-policy
1.9.3 GOOGLE MARKETING SERVICES
We also use marketing services from Google Ireland Limited, such as AdWords Conversion Tracking, AdSense and DoubleClick. Google uses cookies and web beacons.
You can prevent cookies from being saved by changing the settings on your browser. If you wish to opt out of receiving interest-based advertising through Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences
Further information on the use of data by Google, setting and opposition possibilities can be found here:
Privacy policy of Google: https://www.google.com/policies/privacy
Google's use of data when you use the websites or apps of our partners: https://www.google.com/intl/de/policies/privacy/partners
Use of data for advertising purposes: http://www.google.com/policies/technologies/ads
Manage information Google uses to display advertisements to you: http://www.google.de/settings/ads
When Google Marketing Services are used, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR.
1.10 WEBANALYTICS
We use web analytics services on our website or parts of our website to understand how our website is used by its visitors and to improve the overall look and feel of the website.
The legal basis for this data processing when using web analytics is Art. 6 Para. 1 f) DSGVO. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
1.10.1 GOOGLE ANALYTICS
We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited. Google Analytics sets cookies. Within the framework of IP anonymisation, the IP address collected by Google from users within the European Economic Area is shortened before it is transmitted to the USA. Only in exceptional cases will the unabridged IP address be transmitted to Google in the USA and abbreviated there. The transmitted IP addresses are not combined with other data from Google.
You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plugin available at the following link, which Google Analytics uses JavaScript to notify Google Analytics that no data and information relating to visits to Internet pages may be transmitted to Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=en
When Google Analytics is used, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR.
1.10.2 LINKEDIN ANALYTICS
We also use the LinkedIn Analytics web analytics service of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn Analytics uses cookies.
For more information about LinkedIn's privacy practices, please see the LinkedIn Privacy Policy here: https://www.linkedin.com/legal/privacy-policy. It also describes how you can opt out of LinkedIn's collection and storage of data for the purpose of web analytics at any time in the future. You may also refuse the use of cookies by selecting the appropriate settings on your browser.
When using the LinkedIn Analytics service, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. The service provider has a Privacy Shield certification. Accordingly, there are appropriate safeguards for data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the Controller.
1.11 SOCIAL MEDIA BUTTONS
On our website social media buttons of the social media networks Facebook, Twitter, LinkedIn and Xing are integrated.
If you click on one of these social media buttons, you will be redirected to our pages at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective data protection information of the providers of the social media networks.
The legal basis for the integration and use of the social media buttons is Art. 6 Para. 1 lit. f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.
1.12 SOCIAL MEDIA PAGES
We maintain a publicly accessible profile on the social media networks Facebook, Twitter, LinkedIn and Xing („Social Media Pages“).
If you visit one of our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account at the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of the social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network websites and on other websites.
If you visit one of our social media pages, we are jointly responsible with the social media network provider for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information in this respect.
We will be happy to provide you with information on appropriate safeguards for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.
You can assert your rights of data subjects in accordance with Chapter III of GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 Para. 1 lit. f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.
1.13 SOCIAL SHARING
Social sharing buttons enable you to publish a link to certain content on our website, for example an article in our blog, directly on your respective page on the social media networks (Facebook, Twitter, LinkedIn, Xing). The social sharing buttons are provided by the provider of the respective social media network. Each time you visit a website where such a social sharing button is integrated, the social sharing button is downloaded by the provider of the respective social media network. By integrating the plugins, the providers receive the information that your browser has called the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider.
If you click on a social sharing button and are either logged in to the respective social media network or then log in to the opening window, the transmitted information can be assigned to your account at the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the data protection information of the providers of the social media networks:
Facebook: http://www.facebook.com/policy.php
Twitter: https://twitter.com/privacy
The legal basis for this data processing in the integration and use of the social sharing buttons is Art. 6 para. 1 f) GDPR. Our legitimate interest is the marketing of our offers and our website.
1.14 FONTS
In order to display the contents of our website correctly and graphically appealing across browsers, we use font and script libraries on this website, e.g. the font library of MyFonts, Inc. The call of font and font libraries automatically triggers a connection to the operator of the respective library. It is possible that your personal data, in particular your IP address, will be collected.
You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).
Due to the license terms of MyFonts, Inc. we use the MyFonts Counter, a web analysis service that performs page view tracking, in which the number of visits to the website is counted for statistical purposes and transmitted to MyFonts. For more information about MyFonts Counter, please see the MyFonts Privacy Notice: http://www.myfonts.com/info/terms-and-conditions/#Privacy.
The legal basis for this data processing when using such libraries is Art. 6 para. 1 f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
1.15 RECAPTCHA
We use the reCAPTCHA service of Google Ireland Limited. This service is used to differentiate whether the input into a form is made by a natural person or is abused by mechanical and automated processing. As part of the reCAPTCHA process, your IP address and other data required by Google for the reCAPTCHA service will be transmitted to Google. For more information about Google Inc.'s privacy policy, please visit https://www.google.com/intl/de/policies/privacy/.
The legal basis for this data processing when using reCAPTCHA is Art. 6 para. 1 f) GDPR. Our legitimate interest is the security of our website and protection against spam.
When using reCAPTCHA, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 DSGVO.
1.16 APPLICATIONS
We collect and process personal data of applicants for the purpose of processing the application process. If an applicant submits his or her application documents to us electronically, they are processed electronically.
If we conclude an employment contract with an applicant, the data transmitted will be processed in order to carry out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, unless a deletion is opposed by a legitimate interest, such as the defense of claims or a preservation of evidence under the General Equal Treatment Act (AGG).