Privacy policy and information obligation according to Art. 13 & 14 GDPR
1. General privacy policy
Thank you for your interest in our company and for visiting our website. We take the protection of your personal data very seriously and want you to feel safe when visiting our website. We therefore act in accordance with the applicable legislation on the protection of personal data and data security. To ensure that you are fully aware of the collection and use of personal data on our website, please note the following information.
This privacy policy describes how we, Bochumer Veranstaltungs- GmbH store and use information about the users of this website.
Contact details of the data controller
Bochumer Veranstaltungs-GmbH
- represented by the Managing Director Andreas Kuchajda -
Viktoriastraße 10
44787 Bochum
Telephone: +49 (0)234 6103-0
E-mail: info@bochum-veranstaltungen.de
Questions about data protection should be addressed to:
Andreas Reinke
Data Protection Consultant / Data Protection Officer (PersCert TÜV)
reinke@datenschutzbeauftragter.ruhr
This website is visited without registration. However, data is stored for statistical purposes without being directly linked to your person. Personal data is only collected on a voluntary basis. The data is not passed on to third parties without your consent. By using the website, you consent to the collection, processing and use of data in accordance with this privacy policy. The data is stored until the user requests Bochumer Veranstaltungs-GmbH in writing to delete it.
2. Disclosure of personal data
Your personal data may also be passed on to third parties who store this data for us or process it for other legally permissible purposes. These third parties have entered into a contractual obligation with us to only use the personal data for the agreed purposes and within the legally permissible framework, and not to sell or pass it on to other third parties.
3. Links to other Internet sites
Our websites contain links to other websites. We are not responsible for the data protection strategy and content of these other websites.
4. Information/correction/revocation/deletion
When we collect your personal data, we make every effort to ensure that your data is accurate and up to date. However, we give you the opportunity to object to the processing of your personal data at any time if there is no legitimate business purpose under applicable law. You can also contact us free of charge if you have any questions about the collection, processing or use of your personal data at the e-mail address info@bochum-veranstaltungen.de. This also applies to the correction, blocking, deletion or revocation of any consent provided. You also have the right to data portability in accordance with Art. 20 GDPR.
We also point out that you have the right to lodge a complaint with the responsible data protection supervisory authority.
5. Cookies
We use so-called cookies on our site in order to recognize multiple uses of this website. These are small files that your browser stores. We use this information, such as the pages you visit, the website from which you came to our site and your searches, to improve the content of our website and to compile statistics for internal market analyses. The cookies register your domain name, your Internet provider, your operating system, and the date and time of your visit to the website. These cookies do not harm your computer and do not contain viruses. You can also set your browser so that a message on your screen notifies you of the arrival of a cookie, so that only you can decide whether the cookie is installed. In this regard, however, we wish to point out that not all functions of our website can be used to their full extent if cookies are blocked.
6. Server log files
The provider of the websites automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
7. HubSpot API
Type and scope of processing:
we use HubSpot API from HubSpot, Inc., Cambridge, Massachusetts, US, to access other services and data from HubSpot, Inc. This involves transmitting your IP address to HubSpot, Inc. Please note that there is a separate section in this privacy policy for each additional service we use from HubSpot, Inc.
Purpose and legal basis:
the use of HubSpot API is based on our legitimate interests, i.e. interest in optimizing our online offer in accordance with Art. 6 (1) (f) GDPR.
Storage period:
the specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot API privacy policy: legal.hubspot.com/privacy-policy.
8. HubSpot Analytics
Type and scope of processing:
we use HubSpot Analytics from HubSpot, Inc., Cambridge, Massachusetts, US, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offer, sub-pages visited and the length of time visitors spend on our website.
HubSpot Analytics uses cookies and other browser technologies to evaluate user behaviour and recognize users. This information is used, among other things, to compile reports on the activity on the website.
Purpose and legal basis:
the use of HubSpot Analytics is based on your consent in accordance with Art. 6 (1) lit. a. GDPR and Section 25 (1) of the German Teleservices Data Protection Act (TTDSG).
Storage period:
the specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot Analytics privacy policy: legal.hubspot.com/privacy-policy.
9. HubSpot CDN
Type and scope of processing:
we use HubSpot CDN for the proper provision of the content of our website. HubSpot CDN is a service provided by HubSpot, Inc. which acts as a content delivery network (CDN) on our website to ensure the functionality of other HubSpot, Inc. services. You will find a separate section in this privacy policy for these services. This section is only about the use of the CDN.
A CDN helps to provide the contents of our online offer, in particular files such as graphics or scripts, quicker with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of HubSpot, Inc., Cambridge, Massachusetts, US, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the purposes stated above and to maintain the security and functionality of HubSpot CDN.
Purpose and legal basis:
the use of the content delivery network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 (1) lit. f. GDPR.
Storage period:
the specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot CDN privacy policy: legal.hubspot.com/de/privacy-policy.
10. Newsletter (administration / dispatch via HubSpot)
When you visit our website, you have the option to subscribe to our newsletter (data protection law: consent according to Art. 6 (1) lit. a GDPR). Based on your selected preferences, we will then inform you about our offers at regular intervals. When you register for our newsletter (double opt-in), your IP address, the date and time of registration are stored to avoid misuse and to document the granting of consent. Your name and e-mail address are also stored to ensure that you receive the newsletter. You can cancel the subscription to the newsletter at any time. This can be done via the link provided for this in the newsletter or by sending us a message to this effect.
The newsletter is sent by means of a suitable tool from HubSpot Inc. This is a provider from the USA, but it also has branches in the European Union. We have concluded an order processing agreement with the provider, which is also based on the standard contractual clauses of the EU Commission. As a further measure to protect your personal data, we have chosen the option of hosting in the EU Data centre.
If your end device (or its operating system) and your browser settings permit it, the tool allows us to track your interest in our newsletter and individual event information in this on a person-specific basis.
Among other things, tools from companies based in the USA are integrated on our website. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We point out that the USA is not a safe third country as defined by EU data protection law. US companies are obliged to disclose personal data to security authorities without you as a data subject being able to take legal action against this. It therefore cannot be ruled out that US authorities (e.g. intelligence agencies) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
11. Publication of job advertisements and online applications
Your application data is collected and processed electronically by us on the basis of Art. 6 (1) lit. f GDPR for the purpose of processing the application procedure. If your job application is rejected, the data you provided will be deleted three months after notification of the rejection. This does not apply if legal requirements (for example, the obligation to provide evidence in accordance with the General Equal Treatment Act) make it necessary to store data for a longer period. We point out that data transmission via the Internet (e.g. communication by e-mail) may have security gaps. Complete protection of the data against access by third parties is not possible. You should therefore encrypt important or confidential information when communicating via the Internet or send us the information by mail.
12. Google Analytics
Type and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offer, sub-pages visited and the length of time visitors spend on our website.
Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognize users.
This information is used, among other things, to compile reports on the activity on the website.
Purpose and legal basis:
the use of Google Analytics is based on your consent in accordance with Art. 6 (1) lit. a. GDPR and Section 25 (1) of the German Teleservices Data Protection Act (TTDSG).
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g. in the USA), we have agreed other suitable safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless stated otherwise, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at eur-lex.europa.eu/legal-content/DE/TXT/HTML/.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We point out that in the case of third country transfers there may be unknown risks in detail (e.g. data processing by security authorities of the third country, where we do not know the exact scope and consequences for you, which we have no influence over and which you may not become aware of).
13. Storage period
The specific storage period of the data processed cannot be influenced by us, but is determined by Google Ireland Limited. For more information, see the Google Analytics privacy policy: policies.google.com/privacy.
14. Matomo
This website uses Matomo, an open source software for statistical analysis of visitor access. Matomo is hosted in an on-premise version, which means that all data is stored locally on our own servers.
Unlike regular Matomo implementations, we do not use cookies.
Matomo collects data provided by your web browser. This includes the following information:
· IP address of the accessing computer (anonymized)
· date and time of access
· operating system
· browser type and version
· source (website from which access was made)
· pages visited within our website
· length of time spent on the individual pages
Matomo cookies are stored indefinitely, unless you delete them manually or change the settings for this website in the cookie banner / consent tool.
We anonymize your IP address before it is stored in our Matomo instance. Only two bytes of the IP address are stored. This ensures that no direct conclusions can be drawn about you personally. Thus, the processing takes place on the basis of our legitimate interest in improving and analyzing our website in accordance with Art. 6 (1) lit. f GDPR. You can object to the collection and processing of your data by Matomo at any time using the following opt-out link:
Clicking on the opt-out link sets a cookie in your browser that prevents Matomo from collecting data. Please note that the opt-out link is deleted when you delete your browser cookies. In this case, you will need to click on the link again to activate the objection to data processing.
15. Google Tag Manager
This website uses the Google Tag Manager. This service makes it possible to manage website tags through one interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager initiates other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been applied at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented using Google Tag Manager.
16. Privacy policy for Facebook
Our website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. When you access our site with a Facebook plug-in, a connection is established between your browser and Facebook. Data is then sent to Facebook. If you have a Facebook account, this data may be linked. If you do not wish to be matched to your Facebook account, you need to log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking a “Like” or “Share” button, are also communicated to Facebook. For more information, see de-de.facebook.com/about/privacy.
17. Privacy policy for Instagram
Our website uses functions of Instagram, 1601 Willow Road, Menlo Park, CA, 94025, USA. When you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This enables Instagram to associate your visit to our pages with your user account. For more information, see instagram.com\about\legal\privacy\.
18. Privacy policy LinkedIn
Our website uses functions of LinkedIn LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. When you access our site with a LinkeIn plug-in, a connection is established between your browser and LinkeIn. Data is then sent to LinkeIn. If you have a LinkeIn account, this data may be linked. If you do not wish to be matched to your LinkeIn account, you need to log out of LinkeIn before visiting our site. Interactions, in particular the use of a comment function or clicking a “Like” or “Share” button, are also communicated to LinkeIn. For more information, see https://de.linkedin.com/legal/privacy-policy?#choices-oblig.
19. Flockler
Type and scope of processing:
we operate a so-called social media wall in which the content of our social media channels (Instagram and Facebook) or postings with hashtags about our company or events in our facilities are shown in bundles.
Interacting with the respective content establishes a connection to Flockler’s servers. Your IP address is transmitted for this. When the content is loaded, data is also passed on to the respective social media providers. This also applies if you are not logged in to the respective social media provider or do not have an account with them. We point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or its use by the social media provider. For more information on the data processed by social media users, see: help.flockler.com/en/articles/3803928-what-data-does-flockler-store-from-users
Purpose and legal basis:
the use of Flockler is based on your consent in accordance with Art. 6 (1) lit. a. GDPR and Section 25 (1) of the German Teleservices Data Protection Act (TTDSG).
Storage period:
the specific storage period of the data processed cannot be influenced by us, but is determined by the company Flockler Oy Rautatienkatu 26 B 32, 33100 Tampere, Finland. The privacy policy and further information about this service provider can be found at: flockler.com/privacy-policy.
20. Spotify
Type and scope of processing:
we use plug-ins from “Spotify”, an audio streaming platform, in order to integrate playable audio files or playlists from Spotify on our website. An overview of the Spotify plugins can be found at: developer.spotify.com. We use Spotify by embedding individual audio files, albums or playlists from the platform on our website as a so-called iFrame, so they can be played directly on our website as a stream. When you visit a subpage of our website on which a Spotify plugin is embedded, a connection is established to the Spotify servers and the plugin is displayed within our website. This informs Spotify which website you have visited. Your IP address may also be transmitted to Spotify. When you play an embedded audio file, album, or playlist, this information is also shared with Spotify. If you are logged in as a Spotify user, Spotify links this data to your user account. Spotify also processes this data on servers outside the EU.
Purpose and legal basis:
the use of Spotify is based on your consent in accordance with Art. 6 (1) lit. a. GDPR and Section 25 (1) of the German Teleservices Data Protection Act (TTDSG).
Storage period:
the specific storage period of the data processed cannot be influenced by us, but is determined by the company Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You have the option to inform yourself at Spotify about the data stored by you and to make settings: support.spotify.com/de/article/data-rights-and-privacy-settings/
21. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send us while visiting the site. An encrypted connection can be recognized by the browser address bar changing from http:// to https:// and by the lock symbol in your browser bar.
When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
22. Processing of business cards and memos
If you provide us with a business card in the context of our mutual cooperation or when initiating a business contact, we assume that, by handing the business card over to us (clear affirmative act in the sense of recital 32 GDPR), you consent to the data on the card being entered in BoVG’s official contact databases and to its use for individual electronic or telephone contact. The databases are a document management system (with text recognition) and / or our CRM (app enables business card scan and creates a new contact / lead using text recognition). The contacts and, if applicable, memos are stored for as long as we consider them to be relevant or it is, in our view, sufficiently likely that they will be needed in the future. You can, of course, request the deletion of the business card scan, your contact data and any memos at any time - without prejudice to your other rights as a data subject.
23. Number plate recognition and video surveillance at the location of the RuhrCongress Bochum underground multi-storey carpark
a. Purpose of the data processing
The number plates are recorded for the regulation of the parking process and used for the purpose of the payment and exit procedure.
The video data is processed for the purpose of exercising our property rights, preventing criminal offenses and fraud and enforcing our contractual and hiring conditions.
b. Legal basis of the data processing
The legal basis of the data processing for number plate recognition is the performance of a contract according to Art. 6 (1) lit. b) GDPR (long-term parkers) or Art. 6 (1) lit. f) GDPR (short-term parkers).
The video surveillance of women’s parking spaces and the staircases leading to them is carried out on the basis of a legal obligation (Art. 6 (1) lit. c GDPR). The further video surveillance of the multi-storey carpark is carried out on the legal basis of the legitimate interest of the data controller (Art. 6 (1) lit. f GDPR in conjunction with Section 4 (1) of the German Federal Data Protection Act (BDSG)). When deterring violent individuals and solving criminal offenses, the carpark users (data subjects) and the data controller have similar interests.
c. Data acquisition
When you enter and exit, your number plate is recorded by an HD camera and registered with the date and entry/exit time as the start/end of your parking. When paying at the pay machine, the data from the number plate recognition and the payment process are processed anonymously (no link is made between payment method data and number plate).
Furthermore, the entrance and exit as well as the women’s parking spaces are video-controlled. The recordings are regularly overwritten; deletion takes place at the latest after 48 hours, provided no further storage is necessary to secure evidence.
d. Data processing and recipient
As the operator of the multi-storey carpark, Bochumer Veranstaltungs-GmbH processes your data using the parking processing system of the company Scheidt & Bachmann GmbH. Your number plate data can be seen by the company Scheidt & Bachmann GmbH (Breite Straße 132, 41238 Mönchengladbach) within the context of maintenance of the technical systems.
Video recordings are only released at the request of police authorities, public prosecutors, by court order, if required as evidence in the context of legal proceedings or out-of-court requests by lawyers.
e. Storage locations
Your data is stored on servers in Germany. Transfer to third countries (non-EU countries) is not provided for.
f. Storage period
The number plates are stored for the purpose of parking processing, used for the payment and exit process, and deleted 48 hours after the payment has been made and the vehicle has left the carpark. If you leave the multi-storey carpark immediately within 10 minutes and without incurring any costs, the data relating to your number plate is deleted from the system after 6 hours. Subsequent reconstruction of the data sets and image files is not possible.
Due to legal retention periods, information about the payment remains stored until the retention periods expire, however, this information is completely anonymized.
The storage period for video recordings is a maximum of 48 hours, video data is automatically overwritten after the period has expired. If video recordings are requested as evidence for criminal and/or civil prosecution, they may be stored separately. Deletion is carried out in accordance with the statute of limitations.
g. Information on the rights of the data subject
Data subjects have the right to obtain information from the data controller (Art. 15 GDPR) about their personal data, to request erasure (Art. 17 GDPR) or rectification/completion (Art. 16 GDPR) of their data, to request restriction of processing (Art. 18 GDPR) or transfer of their data to a third party.
The data subject has the right to object at any time to the processing of personal data concerning him or her by the controller on grounds relating to his or her particular situation.
The controller will then no longer process the personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims ( Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Article 77 GDPR). Complaints can be addressed to the company data protection officer at any time. Furthermore, it is possible to file a complaint with the supervisory authority for data protection (State Commissioner for Data Protection, LDI NRW).
24. Image, sound and video recording in our premises
At some events, it is possible that sound, image and/or video recordings are made on site either by BoVG employees, employees of companies commissioned by BoVG or representatives of the press*. If this is the case and is known in advance, information about the recordings is provided in the invitation, in the event information on our website and/or in the entrance area.
We use the images/videos on our website, in our social media channels (servers of the services are sometimes outside the EU) and, if appropriate, for further advertising measures in connection with the respective event, the RuhrCongress Bochum or Bochumer Veranstaltungs-GmbH. The production of the image, sound and/or video recordings is carried out in the legitimate interest of Bochumer Veranstaltungs-GmbH (address: Viktoriastr. 10, D-44787 Bochum). In this respect, we refer to Section 23 (2) nos. 2 and 3 of the German Art Copyright Act (Kunsturhebergesetz). According to Section 23 (1) no. 2 and no. 3 of the law on copyright in works of fine art and photography (KunstUrhG), recordings where the persons only appear as an accessory next to a landscape or other location, as well as recordings of gatherings, processions and similar events which the persons depicted have taken part in, do not require the consent of the persons depicted. We only make recordings that show individuals specifically or at a non-public event with their consent. In case of public events or occasions where obtaining written consent would require a disproportionate effort, the situation may justify that consent to use the recordings is given orally or implicitly. Recordings of individual children are only made with the written consent of a parent or guardian.
Please send any request for deletion, objection or revocation of consent to the above address, stating your name, place and date of the event and, if applicable, a description or link to the recording.
Please direct any inquiries regarding data protection to the above-mentioned data protection officer.
25. Contact
If you have any further questions or complaints regarding compliance with our privacy policy, please contact us at info@bochum-veranstaltungen.de.
26. Amendment of the data protection information
We reserve the right to amend this data protection information at any time in compliance with the applicable data protection regulations.
This website uses the Google Tag Manager. This service makes it possible to manage website tags through one interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager initiates other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been applied at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented using Google Tag Manager.