PRIVACY

This data protection declaration clarifies the type, scope and purpose of personal data (hereinafter referred to as “pb. data”) within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profiles (hereinafter referred to collectively as “online offer”). With regard to the terms used, such as “processing” or “person responsible”, we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).

This privacy policy applies to the online platforms operated by Medien.Bayern GmbH, Rosenheimer Str. 145e, 81671 Munich (“us”, “we”, “Medien.Bayern”, XR HUB Bavaria) at www.european-creators-lab.com, www.xrhub-bavaria.de, www.xrhub-munich.de, www.medientage.de, www.lokalrundfunktage.de, www.mobilemediaday.de, www.transformingmedia.de, www.medialab-bayern.de, mediennetzwerk-bayern.de (“Website”).

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to take action to cooperate (e.g. to give your consent) or to receive other individual notification.

Responsible Person:
Medien.Bayern GmbH
Rosenheimer Str. 145 e
81671 Munich
hi@xrhub-bavaria.de, info@medien-bayern.de
CEOs: Stefan Sutor (Chair) | Lina Timm
Link to Imprint: https://medientage.de/impressum

Data Protection Officer
If you have any questions or suggestions regarding data protection, please contact our external data protection officer:  datenschutzbeauftragte@blm.de

Types of personal data to be processed that you make available to us within the scope of our offers:

• inventory data (e.g. names, addresses)
• Contact details (e.g. e-mail, telephone numbers)
• Content data (e.g. text entries, photographs, videos)
• Contract data (e.g. object of contract, customer category)
• Payment data (e.g. bank details, payment history)

The following personal data is collected when you visit our website:

• Usage data (e.g. websites visited, interest in content, access times)
• Meta- / communication data (e.g. device information, IP addresses)

Purpose of the processing

• Execution of the contractual agreements
• Provision of the online offer, its functions and contents
• Responding to contact requests and communication with users
• Security measures
• Reach measurement / Marketing

Terms Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); a natural person is deemed to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier comprising a name, an identification number, location data, an online identifier or one or more special features (Art. 4 No. 1 DPA).
“Processing” means any operation or set of operations, whether or not performed by automatic means, relating to pb. data such as the collection, recording, organisation, organisation, filing, storage, adaptation or modification, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, alignment or combination, restriction, deletion or destruction;
“Responsible Person” shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of pb. data (Art. 4 No. 7 1st half sentence DSGVO).

Relevant legal Bases
In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies:

• the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO
• the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 Para. 1 letter b DSGVO
• the legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 letter c DSGVO
• the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 letter f DSGVO
• If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d FADP serves as the legal basis.

Cooperation with third parties and with contract processors
Insofar as we are not able to provide pb. disclose data to other persons and companies (processors or third parties), transfer them to them or otherwise give them access to pb. Data, this is only done on the following basis:

• for the fulfilment of the contract (e.g. if a transmission of the pb. data to third parties, such as to ticket service providers, in accordance with Art. 6 para. 1 lit. b DSGVO)
• with consent (e.g. newsletter registration, pursuant to Art. 6 para. 1 a DSGVO),
• due to a legal obligation (e.g. notification to the social security authorities in case of engagement of artists according to art. 6 para. 1 c DSGVO)
• on the basis of our legitimate interests (e.g. direct advertising in accordance with Art. 6 para. 1 f DSGVO)
• on the basis of a so-called “order processing contract” (in accordance with Art. 28 DSGVO, e.g. web host, shipping service provider).

Transfers to Third Countries
Unless we pb. Process data in a third country (i.e. outside the European Union, EU or EEA) or do so in connection with the use of third-party services or disclosure or transfer of pb. Data to third parties, this will only take place if it is done to fulfil our contractual obligations, based on your consent, a legal obligation or based on our legitimate interests.

Subject to legal or contractual permissions, we process the pb. Data in a third country only if the special conditions of Art. 44 ff. DSGVO. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of individuals concerned
You have the right to ask for a confirmation of whether the pb. data are processed and to receive information about these pb. Data and to receive further information and a copy of the pb. Data according to Art. 15 DSGVO.

According to Art. 16 DSGVO you have the right to request the completion of the pb. data concerning you or the correction of incorrect pb. data.

According to Art. 17 DSGVO, you have the right to demand that pb. Data be deleted immediately or, alternatively, according to Art. 18 DSGVO, a restriction on the processing of pb. data.

According to Art. 20 DSGVO you have the right to demand that the pb. data that you have provided us with and to request that they be communicated to other responsible parties.

Right of withdrawal
You have the right to revoke consents granted (Art. 6 para. 1 a DSGVO) pursuant to Art. 7 para. 3 DSGVO with effect for the future.

Right of objection

You may object to the future processing of the pb. data concerning you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against processing for the purposes of direct advertising (Art. 6 para. 1 f DSGVO).

Right of appeal to the supervisory authority
You have the right to complain to the competent supervisory authority about the processing of your personal data Art. 77 DSGVO.

The Media Data Commissioner is the competent supervisory authority within the meaning of Art. 51 DS-GVO.

Andreas Gummer
Media Data Officer
Bayerische Landeszentrale für neue Medien
Heinrich-Lübke-Str. 27
81737 München
E-Mail: datenschutzaufsicht@blm.de

Cookies
Cookies” are small files that are stored on the user’s computer. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer.

Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. The contents of a shopping cart in an online shop, for example, can be stored in such a cookie.

Cookies are described as “permanent” or “persistent” if they remain stored even after the browser is closed. Thus, the interests of the users can be stored in such a cookie, which is used for coverage measurement or marketing purposes.

A “third party cookie” is a term used to describe cookies offered by providers other than the person responsible for operating the website (otherwise, if it is only their cookies, it is called a “first-party cookie”).

Deletion of personal data

The pb. we processed Data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the pb. data stored by us will be deleted or limited in their processing. Data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the pb. Data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. I.e. the pb. Data will be blocked and not processed for other purposes. This applies, for example, to pb. data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, trading books, documents relevant for taxation, etc.) and 6 years according to § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

Hosting
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services that we use for the purpose of operating this online offer. For these services, we have used carefully selected contract processors with whom we have concluded contract processing agreements.

Collection of access data and log files
We, or our hosting provider, on the basis of our legitimate interests as defined in Art. 6 Par. 1 lit. f. DSGVO data about every access to the server on which this service is located (so-called server log files). The access data includes:

• Target URL,
• File,
• Date and time of the retrieval,
• Transferred data volume,
• Message about successful retrieval,
• Browser type and version, the operating system of the user,
• Referrer URL (the previously visited page)
• Source IP address

For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum period of 30 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Economic analyses and market research
In order to run our business economically and to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, inquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer.

The analyses are carried out for the purpose of business management evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information on e.g. their purchase transactions. The analyses produced are used internally only. The overall business management analyses and general tendency determinations are, if possible, prepared anonymously. If these are not prepared anonymously, we will take technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the security of the processing, i.e. after taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons (Art. 32 DSGVO).

If we forward analyses to third parties, these are only anonymous, summarized values.

We use carefully selected contract processors for these analyses.

Contact
When contacting us (e.g. via contact form, e-mail, telephone or social media), your data will only be processed for the purpose of handling your contact request and, if applicable, its contractual handling in accordance with Art. 6 Para. 1 lit. b) DSGVO. Your details may then be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation. In this case, we use a carefully selected CRM service provider as the processor of the order.
We will delete the enquiries if they are no longer required. We check the necessity every two years; furthermore, the statutory archiving obligations apply.

Events subject to charge

European Creators’ Lab
We organize the European Creators’ Lab. For contract processing, we process your pb. data (title, first name, surname, city, country, e-mail address), your payment data and all information provided voluntarily during application (such as title, company, position), Art. 6 para. 1 lit. b DSGVO. These pb.data will be deleted after 10 years according to the legal retention periods of the German Commercial Code and the German Fiscal Code.

Since the European Creators’ Lab is an event for networking in the XR sector with a large number of partners (participlant, mentors, partners, sponsors, etc.), it has a high degree of media impact. During the European Creators’ Lab, we will produce image and (sound) recordings for our public relations work (Art. 6 para. 1 lit. f DSGVO), which can be published on the Internet and on television without any restrictions in terms of location, time or content. We will inform the participants before the production of images or (sound) recordings. Not all sessions will be used to produce media material, but some might be used for that purpose. If you do not wish this, please do not register.

If your application is accepted you will receive information from us by e-mail, which will inform you about details and changes to the program of the European Creators_ as part of our contract processing (Art. 6 Para. 1 lit. b DSGVO). We will also use this e-mail distribution list to ask you about your customer satisfaction after our event. You can object to receiving e-mail information at any time using the link at the end of the e-mail.

Events and Workshops free of charge
Medien.Bayern GmbH also organizes free events such as meetings of the Media Network, Media Lab Bayern and XR HUB Bavaria. For planning and handling (e.g. creating guest lists and enabling access controls) we process your pb. data (title, first name, surname, street/no., postcode/city, country, e-mail address) as well as all voluntary details provided in the context of the registration (such as title, company, position). We will keep these pb. data for a period of six months and delete them afterwards.

In addition to the events, we also run free workshops. Here we also ask for professional competence (e.g. editor, moderator, …) so that the lecturers can prepare themselves especially for the requirement profile of the group.

Depending on the type of event or workshop, there may be cooperation partners that we can name. In this case, the cooperation partner or possibly the external service providers will receive your pb. In this case your pb. data will be transmitted to the cooperation partner or possibly also to the external service providers, whereby the data may also only be used for the proper execution of the event. The data will be deleted when they are no longer required for processing (possibly as proof of use).

Social media online presence
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to be able to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the pb. Users’ data, insofar as they communicate with us within social networks and platforms, e.g. write articles on our online presences or send us news.

Integration of third-party services and content
Within our online offer, we set within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 Par. 1 lit. f. DSGVO), we use content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always assumes that the third party providers of this content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required to display this content. We endeavour to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visiting time and other details about the use of our online offer, as well as being linked to such information from other sources.

Google Maps
We integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, cannot be collected without their consent (usually in the context of the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Twitter
Within our online offer, functions and contents of the service Twitter, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated. This may include content such as images, videos or text and buttons that users can use to communicate their favors regarding the content, the authors of the content or to subscribe to our posts. If the users are members of the platform Twitter, Twitter can assign the call of the above mentioned contents and functions to the profiles of the users there. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

Instagram
Within our online offer, functions and contents of the service Instagram, offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This may include, for example, content such as images, videos, or text and buttons that allow users to express their favorites regarding the content, the authors of the content, or to subscribe to our posts. If users are members of the Instagram platform, Instagram may associate the access to the above content and functions with the user’s profile. Instagram Privacy Policy: http://instagram.com/about/legal/privacy/.

Xing
Within our online offering, functions and content of the Xing service offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated. This can include, for example, content such as images, videos or texts and buttons with which users can express their favor regarding the content, the authors of the content or subscribe to our contributions. If the users are members of the Xing platform, Xing can assign the call of the above-mentioned contents and functions to the user profiles there. Privacy policy of Xing: https://www.xing.com/app/share?op=data_protection.

LinkedIn
Within our online offer, functions and contents of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated. If the users are members of the LinkedIn platform, LinkedIn can assign the access to the above-mentioned contents and functions to the user profiles there. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.