The protection of your data at eco – Association of the Internet Industry
We, the eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, Germany (hereinafter referred to as “eco”), take the protection of your personal data very seriously, and we strictly comply with the regulations of the data protection statutes. The following declaration provides you with an overview of how we ensure this protection. In particular, we would like to explain to you – as a visitor to our website, a subscriber to our newsletter, as a guest at one of our numerous events, as a user of the eco Members+ area, or as an applicant to eco – which types of data we gather, why we collect these types of data, how we use this data, and how you at any and all times can determine how your personal data is treated.
Under the General Data Protection Regulation (GDPR), you have various rights which you can assert in relation to us. This includes, among others, the right to withdraw consent to the processing of data, in particular, data processing for the purposes of marketing. The possibility to withdraw consent is typographically highlighted.
2. Name and contact details of the person responsible for processing and the data protection officer
Our data protection officer, Mr Jan Stumpf, can be contacted via the email address firstname.lastname@example.org, by post to: eco – Association of the Internet Industry, Mr Jan Stumpf, Lichtstrasse 43h, 50825 Cologne, Germany, with the keyword “Data Protection,” or by fax at the number +49 (221) 70 00 48-111.
3. Purpose of data processing, legal basis, and legitimate interests that are pursued by eco or a third party, and categories of recipients
3.1 Surfing on this website
eco gathers and automatically stores on its server log file information that your browser deposited with us while you were surfing.
In brief, here is the key data that we store:
- Type of browser/browser version
- The operating system used
- Referrer URL (the page visited previously)
- URLs / pages on this website that have been accessed
- IP address of the accessing device along with its name
- Time of the server request
- Visitor history
Furthermore, we record the complete Uniform Resource Locator (URL) Clickstream through and from our website, i.e., the sequence of the pages of our website that you visit, including date and time, cookie number, and the content that you viewed or for which you searched.
The legal basis for the processing of the IP address is Article 6 ( 1)(f) GDPR. Our legitimate interest results from the following list of purposes of the data processing. Please note on this point that it is not possible for us to draw any direct conclusions about your identity on the basis of the data collected, nor do we attempt to draw such conclusions.
The IP address of your device and the remaining data listed above is used by us for the following purposes:
- Ensuring a seamless establishment of the connection
- Ensuring the comfortable use of our website
- Assessing the system security and stability
The data is saved for a period of 7 days, after which it is automatically deleted or anonymised. Further, we make use of so-called cookies, tracking tools and social media plug-ins for our website. Exactly what process is undertaken and how your data is used for these is clarified in Section III.15. below.
3.2 Contact Form and Email Contact
On our website, you have the option of getting in contact with us via a contact form or via email. The information you impart via the contact form is usually:
- Family name(s)
- First name(s)
- Phone number
The personal data imparted to us will be used exclusively for the purpose of processing your enquiry and will be deleted after processing your query. The legal basis for this is your consent within the meaning of Article 6 (1)(a) GDPR, as well as Article 6 (1)(f) GDPR. The proper processing of your enquiry is to be regarded as a legitimate interest within the meaning of the GDPR. You can withdraw your consent to the processing of the personal data imparted to us at any time with effect for the future, using the contact information provided under II. From the moment of withdrawal of consent, it will no longer be possible to process your enquiry.
3.3 Registration for events and online events
Registration forms for eco’s numerous events are provided in advance on our website. In the scope of your registration, personal data will generally be collected. This includes:
- Family name(s)
- First name(s)
- Job title
- When necessary, billing and delivery address
- When necessary, billing and payment details
- Email address
- When necessary, phone number.
These details are collected for the purposes of identifying and registering you on the day of the event.
The legal basis for this is Article 6 (1)(b) GDPR, i.e. you make the data available to us on the basis of the contractual relationship between yourself and us. In addition, regarding the processing of your email address, the German Civil Code requires us by law to send an electronic order confirmation (Article 6 (1)(c) GDPR). Insofar as we do not use your contact details for marketing purposes (see Section III.6. below), we store your data collected for the fulfilment of the contract until the expiration of the legal or possible contractual warranty and guarantee rights. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally ten years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.
We work with various service providers to improve the handling and implementation of our events:
We use the Software GoToWebinar from LogMeIn Ireland Limited to carry out webinars. As part of the registration on the infrastructure of the company LogMeIn (10 Hanover Quay, Dublin 2, D02R573 Ireland), personal data is collected. In particular, this includes the family name(s), first name, company, position and email address. The data protection regulations of LogMeIn can be found here: https://www.logmein.com/legal/privacy.
We also use the networking platform talque, from Real Life Interaction GmbH (Choriner Str. 3, 10119 Berlin, Germany) to hold digital events or conferences. When you register for one of our events supported by talque, we pass on the data generated during registration to talque so that talque can send you a personal invitation link to the respective event network. Registration on the platform itself takes place on the talque infrastructure. talque’s data protection provisions can be found at https://web.talque.com/en/privacy-policy.
The processing of the data by the above-mentioned third-party providers takes place on the basis of Article 26 or Article 28 GDPR. The data is processed within the legally permissible framework in Germany, the European Union, and the USA. For data processing in the USA, an appropriate level of protection has been established by agreeing to the EU standard contractual clauses. Our contract processors process the transferred personal data on our behalf in accordance with our specifications. As part of the implementation of events via the talque platform, we use the products of other service providers, e.g., for video streaming, live voting or connecting tools, depending on the design of the event. If we ourselves actively pass on the personal data of participants to these third parties, we do this exclusively within the framework of an order processing contract concluded with the providers in accordance with Article 28 GDPR.
eco ordinarily creates participant lists for events. The purpose of these is to inform the participants, and these lists are attached to the event documents. The lists usually include the family name(s), first name(s), and employer of each of the event’s attendees.
You can withdraw consent to the publication of your personal data in the list of participants at any time, by email to email@example.com by post to: eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, Germany, or by fax to: +49(0)221 - 7000 48-111.
The eco events are also documented on the Internet. This includes the publication of photos or video recordings of the event. Further information can be found in our Privacy Notice Event Participation.
3.4 Membership of eco talque community network
If you would like to become part of one of our eco talque communities, you can send a membership request to eco via eco.de. The following personal data will be collected and stored as part of your request:
- Family name(s)
- First name(s)
- Email address
- Position (optional)
- Company address
This data is required for the assessment of your membership request and, in the case of a positive decision, for the creation of your profile in the network you have chosen. The platform on which our community networks are located is operated by the company talque (see Section 3 for further details). Talque is our service provider and processes your personal data on our behalf. On admission to the network you have chosen, we will pass on the data you generated in the course of your membership application to talque so that talque can send you a personal invitation link to the corresponding community network. Registration on the platform itself takes place on the talque infrastructure. talque’s data protection provisions can be found at https://web.talque.com/en/privacy-policy.
The legal basis for the collection, storage and transfer of your personal data is Article 6 (1) (b) GDPR. The processing of your data by talque is carried out on the basis of Article 26 GDPR.
In the case of a decline of your membership request, your data will be deleted immediately. In the case of an admission to the network, your data will be stored by us for as long as the network remains in existence, unless you withdraw from the network at an earlier point in time. In this case, we will delete your data from that point in time.
3.5 Association Membership
Should you decide to become a member of the eco – Association of the Internet Industry or if you are already a member, we will process data that you provide to us via our application form, including personal data, for the purpose of fulfilling the rights and obligations resulting from the membership and specified in our Articles of Association and in the eco portfolio, for accounting purposes, and in order to be able to contact you. The legal basis for this is Article 6 (1)( b) GDPR.
In addition to our personnel, service providers commissioned by us may also receive data from us for the fulfilment of contractual or legal obligations, e.g., credit reporting agencies, sales partners, credit institutions, IT service providers.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a conclusion of a contract, this is usually the case upon termination of the contractual relationship, provided that there are no legal obligations to retain data. In this case, a longer retention period is required. This period can be up to 10 years. If data is to be retained to ensure the enforcement of legal claims, the limitation period can be up to 30 years, whereby the regular limitation period is three years.
3.6 Data processing for marketing purposes
Insofar as you have concluded a contract with us regarding participation in an event, we will process your postal contact address without a concrete declaration of consent in order to occasionally provide you with news on the association or forthcoming events. We process your email address without a concrete declaration of consent in order to occasionally provide you with other, similar and for you interesting information about webinars, events or talks of eco or subsidiaries of eco. Beyond that, your data will not be used any further without your express consent.
The GDPR declares such data processing on the basis of Article 6 (1)(f) as conceivable in principle and to be a legitimate interest. The duration of data storage for marketing purposes does not follow any strict precepts and is oriented around the question of whether the storage is necessary for marketing purposes.
You can withdraw your consent to the data processing for the purposes set out above at any time, without incurring costs, for each channel independently, and with effect for the future. For this, an email or letter to the contact details listed in Section II suffices. There are no costs other than the transmission costs according to the basic tariffs.
Insofar as you withdraw consent, the affected contact addresses will be blocked for further marketing-related data processing. Please note that in exceptional cases, it is possible that further sending of marketing material may take place temporarily, even after receiving your withdrawal of consent. This is technically due to the necessary lead-in time for advertisements and does not mean that we will not comply with your objection. Thank you for your understanding.
3.7 Sending of newsletters
You can subscribe to our numerous newsletters (eco weekly, eco politics digital, dotmagazine etc.) on eco’s website. Within the scope of making a subscription, we will collect personal-related data from you (email address is mandatory). We shall solely use these types of data for the personalisation and implementation of our email mailings. In order to prevent the misuse of email addresses, subscribers must confirm the ordering of our newsletter in an automated process via email (double opt-in). Only after you have clicked on the confirmation link will your email address be added to our mailing list. Your thus declared consent can be withdrawn at any time with effect for the future. This can be done conveniently with the aid of the link that is located in the lower section of each of our mailings, via email to firstname.lastname@example.org, or by means of a message to our office – by mail to: eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, Germany, or by fax to: +49-221-7000-48-11.
Our newsletters are sent via the email marketing service “XCampaign” operated by the Schober Information Group (Schweiz) AG, Theaterstrasse 17, 8400 Winterthur, Switzerland.
When you subscribe to our newsletter, XCampaign stores the data you have entered for the sending and analysis of the newsletter on our behalf. The data is encrypted using the XCrypto service in Switzerland and anonymously hosted on servers of Super Network s.r.o. in Prague, Czech Republic. For each newsletter sent, we receive information on the address file used, the subject, and the number of newsletters sent. In addition, we can see which addresses have not yet received the newsletter, to which address it was sent, and at which addresses it failed to be dispatched. We can also see which addresses have subscribed. We require this data for organisational reasons in order to optimise the dispatch of our newsletter and for statistical analysis of our newsletter. Further analysis of your user behaviour will not take place unless you have given us your consent in accordance with Article 6 (a) GDPR. In this case, we will collect the following additional data: which addresses have opened the newsletter and which links have been clicked. This data helps us to improve our newsletters.
You can withdraw your consent in this additional analysis at any time with effect for the future. By email to: email@example.com, keyword: Revocation of Tracking of Opening and Clicking, or by means of a message to our office – by post to: eco Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, Germany, or by fax to: +49-221 – 7000 48-111.
XCampaign will only share your information with eco-approved subcontractors to fulfil their contractual obligations. Beyond that, no passing on to third parties will take place. XCampaign will also not contact you. XCampaign is our processor and acts solely according to our specifications. Schober’s data protection regulations can be found here: https://www.xcampaign.info/switzerland-de/privacy/
The legal basis for sending our newsletter is Article 6 (1)(a) GDPR as well as Paragraph 7 Section 2 (2) or Section 3 of the German Federal Law on Unfair Competition (UWG). The legal basis for the use of XCampaign, the performance of statistical surveys and analyses, and the recording of the registration procedure is our legitimate interest pursuant to Article 6 (1)(f) GDPR. Our interest is in the deployment of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users. The legal basis for the collection of opening and click rates is the consent you have given us pursuant to Article 6 (a) GDPR.
3.8 Whitepaper download
White papers and studies can be downloaded free of charge from our website. In return we ask you to provide personal data and allow us to use the provided data to occasionally contact you with information related to the or similar topics of the white paper you have requested The personal data we ask you to provide consists of the following:
- First name(s)
- Last name(s)
- Job title
- Email address,
The legal basis for the collection and processing of your data is Article 6 (1) (a) GDPR and § 327 (III) BGB. The data exchange creates an incentive for us to spend time and ressources to provide you with the white papers. This also allows us to grasp the interest for specific subjects and focus our efforts the provide whitepapers concerning the subject accordingly.
You may object to the collection and processing ouf your data with effect for the future by sending an email to firstname.lastname@example.org, via post to: eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, Germany or by fax to: +49 (221) 7000 48-11 and request to have the data deleted.
As part of the whitepaper download form, you also have the possibility to subscribe to the various eco newsletters. More information on the newsletter ordering process can be found under III.6.
3.9 Use of the eco members area
You have the possibility to use our members’ area “members +” on our website. There we offer exclusive content for registered users. Only members of our association can register for the members’ area. Each member receives from us, as required, the registration data for the registration. To use the members’ area, you must log in using your user name and your individual password. As soon as you log in to the members’ area, we save a session cookie on your device. This cookie is only stored on your device for the duration of your use of the members’ area. After you have logged out, the session cookie will also be deleted. Data processing is based on Article 6 (1)(b) GDPR. The registration is part of our service offer for our members. If your membership is terminated, access to the members’ area is automatically blocked.
3.10 Regulations for CSA Customers
If you have been certified as a sender with the Certified Senders Alliance (CSA), an eco service, we will collect and process various data from you, including personal data, that you provide to us via the CSA online form or other forms required for the certification process. We use this data in the context of the contract initiation, e.g., to assess whether you are eligible for CSA certification. When a contract is concluded, we use this data, for example, to fulfil the contract concluded between you and us, for accounting purposes, or in order to be able to contact you. The legal basis for this is Article 6 (1)(b) GDPR.
Within our company group, personnel who need the data to fulfil the contractual or legal obligations are given access to the data. In addition, service providers commissioned by us may also receive data from us for these purposes, e.g., credit reporting agencies, sales partners, credit institutions, IT service providers.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a conclusion of a contract, this is usually the case upon termination of the contractual relationship, provided that there are no legal obligations to retain data. In this case, a longer retention period is required. This period can be up to 10 years. If data is to be retained to ensure the enforcement of legal claims, the limitation period can be up to 30 years, whereby the regular limitation period is three years.
3.10.2 CSA Certification Monitor
On the CSA website (https://certified-senders.org/) customers can register for the CSA Certification Monitor by providing personal data. The data is entered into an input mask and transmitted to us. A transfer of data to third parties does not take place. The following data is collected during the registration process:
- User name
- Family name(s)
- First name(s)
- Customer number
- Email address
- Telephone number
- Mobile phone number
- Fax number
- Company website
- Position/role in the company
- IP address and host name
The legal basis for the processing of the data is the contractual relationship existing between you and us pursuant to Art. 6 (1) lit. b GDPR.
Registration is required for ordering and provision of CSA services through the CSA Certification Monitor.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case when the data for the implementation of the contract is no longer required. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.
3.11 Applications to eco
We collect and process the information you provide us through your online application via e-mail exclusively to process your application. The legal basis for this is § 1 (V) and § 26 (VIII) of the federal data protection act (BDSG). Your data will be handled strictly confidentially. Personal data will exclusively be made accessible to staff involved in the application process. Your data will be deleted six months after notification of a rejection if it does not lead to the beginning of a work or training relationship and the deletion does not conflict with any other legitimate interests (e.g., the obligation to provide evidence in a process according to the German General Act on Equal Treatment (AGG)). You also have the option to apply using the application tool onlyfy. You may find the tool under https://de-cix.jobbase.io/. The information submitted through the tool is provided to us by the operator of the tool, the New Work SE, Am Strandkai 1, 20457 Hamburg on our behalf. We are therefore to be considered as the controller in accordance with Article 4 Nr. 7 of the GDPR. New Work SE is to be considered as processor in accordance with Article 4 Nr. 8 GDPR.The information provided to us through onlyfy will also be used exclusively to process your application.
You may object to the collection and processing of your data with effect for the future by sending an email to email@example.com, via post to: eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, Germany or by fax to: +49 (221) 7000 48-11 and request to have the data deleted.
We will then delete all data transmitted to us in the context of the application process, insofar as we are not entitled to or required to retain them in accordance with legal regulations.
3.12 Online Presence on Social Media
In addition to this website, we also maintain an online presence on the social media channels Facebook, Twitter, Xing, Linked-in, Youtube, and Flickr. You can access these by clicking on the corresponding menu items on our website. As the operator of the respective online presence, we do not collect or process any data from your use of the corresponding social media channel.
We would like to point out that your use of these pages and their functions lies within your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).
When visiting such a page, personal data may be transferred to the provider of the social media channel. The social media provider collects and processes your IP address, the type of processor and browser version used, including plug-ins and, where applicable, other information.
The data collected about you in this context will be processed by the provider of the social media channel and, in some instances, may be transferred to countries outside of the European Union.
If you are logged in with your personal user account of the respective channel during your visit to such a website, this channel can assign the visit to your account.
If you wish to avoid this, you should log out of the social media channel before visiting our online presence or deactivate the “remain logged in” function, delete the cookies present on your device, and exit and restart your browser. In this way, information that could be used to directly identify you is deleted.
3.13 Online presence and website optimisation
Insofar as these cookies are those that are necessary to ensure the proper functioning of our website, the use of these takes place on the basis of Article 6 (1)(a) GDPR. Our interest in optimising is thereby to be seen as legitimate in the sense of the aforementioned regulation. In all other cases, we ask you for your consent, which allows us to set further cookies (analysis cookies, marketing cookies). No cookies are set (except required/essential cookies) without giving consent. Further information can be found in our “Individual Cookie Settings”.
You can withdraw or change your consent at any time in the “Individual Cookie Settings” or via the button “Change Cookie Settings” on our website.
These cookies are automatically deleted after a respectively defined period of time. You can, however, configure your browser so that no cookies are stored on your device or so that a warning always appears before a new cookie is created. However, the complete deactivation of cookies can result in your not being able to use all functions on our website. The storage duration of the cookies is dependent on their purpose and is not the same for all.
3.13.2. Google Analytics
For the purposes of needs-oriented design and continual optimisation of our web pages, we use Google Analytics, a web analytics service from Google Inc (“Google”) on the basis of Article 6 (1)(a) GDPR. In conjunction with this, anonymised usage profiles are generated and cookies are used. The information generated through the cookie about your use of this website, such as
- Browser type/version,
- Operating system in use,
- Referrer URL (the previously visited website),
- Host name of the device accessing the site (IP address),
- Time of the service request,
is transferred to and stored on a Google server in the USA. The information is used in order to analyse the use of the website, create reports on website activities, and deliver further services in connection with the use of the Internet for the purposes of market research and the needs-oriented design of these web pages. This information is also, if necessary, forwarded to third parties, insofar as this is required by law or data processing is outsourced to said third party. Under no circumstances will your IP address be merged with any other data from Google. The IP addresses are anonymised so that correlation is not possible (so-called IP masking). You can prevent cookies from being saved by using the corresponding settings in your browser software or at any time via the cookie settings.
Further information regarding data protection in connection with Google Analytics can be found on the Google Analytics website.
3.13.4. Social Media Plug-ins
On the basis of Article 6 (1)(a) GDPR, we place plug-ins for the social networks Facebook, Twitter, Xing, and LinkedIn on our website in order to increase awareness of our association. The responsibility for the data protection compliant operation is to be guaranteed by each provider respectively. Our integration of these plug-ins takes place through the so-called Shariff method in order to protect visitors to our website in the best way possible. In order to best protect visitors to our website, our integration of these plug-ins is achieved using the “Shariff” method. At the point of loading a website on which they are integrated, the buttons offered directly by social network operators are already transmitting personal data such as your IP address or entire cookies without permission and thus pass on precise details of your surfing behaviour to the social providers without any request. For this to happen, you do not need to be logged in or be a member of the respective network. A Shariff button, on the other hand, only establishes direct contact between the social network and the visitor when the latter actively clicks on the Share button. Shariff thereby prevents you from leaving a digital track on every page you visit and improves data protection. By using Shariff, we can protect your personal data and still integrate buttons for social sharing. Further information on Shariff can be found on the website of the provider, Heise Medien GmbH & Co. KG, at https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html (in German, English here https://github.com/hofff/contao-shariff).
On our website, we use plug-ins for the social network Facebook that are offered by Facebook Inc. The Facebook plug-ins are denoted through a Facebook logo or with the addition “Like” or “Share”. An overview of the Facebook plug-ins and their appearance can be found at https://developers.facebook.com/docs/plugins/?locale=en_EN
When you activate such a plug-in (first click), your browser establishes a direct connection to the Facebook servers. The content of the plug-in is directly transmitted to your browser and is integrated into the page. Through this integration, Facebook obtains the information that your browser has accessed the specific page of our web presence, even if you do not possess a Facebook profile or are not currently logged in at Facebook. This information (including the IP address) is transferred directly from your browser to a Facebook server in the USA and is stored there. If you are logged in at Facebook, Facebook can directly relate the visit to our website with your Facebook profile. If you interact with the plug-ins, for example, by pressing the “Like” button, this information is also directly transmitted to and stored in a Facebook server. The information will also be published on your Facebook profile and shown to your Facebook friends.
The purpose and the extent of data collection and the further processing and use of the data by Facebook, as well as your rights and possible settings for the protection of your privacy, can be found in Facebook’s data protection information at https://facebook.com/policy.php. If you do not wish Facebook to relate information gathered through your visit to our website directly with your Facebook profile, you need to log out of Facebook before visiting our website. You can also completely prevent the loading of the Facebook plug-ins using add-ons for your browser, e.g. with the “Facebook Blocker” or with the Facebook Container Add-On (for Firefox).
Our website has integrated plug-ins for the micro-blogging network Twitter Inc. The Twitter plug-ins (“Tweet” button) are denoted by the Twitter logo (a white bird on a blue background) and the addition “Tweet”. When you activate such a plug-in by clicking on it, a direct connection is established between your browser and the Twitter server. Through this, Twitter obtains the information that you, with your IP address, have visited our website. If you click the Twitter button while you are logged in to your Twitter account, you can link the content on our site with your Twitter profile. Through this, Twitter can relate the visit to our web pages with your user account. Please note that we obtain no information from Twitter about the content of the data transmitted or its use. Further information on this can be found here: https://twitter.com/privacy?lang=en. If you do not wish Twitter to attribute the visit to our website to you, please log out of your Twitter account.
Our website has integrated plug-ins for the social media network LinkedIn. LinkedIn is an Internet-based social network that enables a connection between the user and existing business contacts, as well as the creation of new business contacts. When you activate such a plug-in by clicking on it, a direct connection is established between your browser and the LinkedIn server. Through this, LinkedIn obtains the information that you, with your IP address, have visited our website. If you click the LinkedIn button while you are logged in to your LinkedIn account, you can link the content on our site with your LinkedIn profile. Through this, LinkedIn can relate the visit to our web pages with your user account. Please note that we, as the provider of the website, obtain no information from LinkedIn about the content of the data transmitted or its use. If you do not wish LinkedIn to attribute the visit to our website to you, please log out of your LinkedIn account.
Our website has integrated plug-ins for the social media network Xing. Xing is an Internet-based social network that enables a connection between the user and existing business contacts, as well as the creation of new business contacts. When you activate such a plug-in by clicking on it, a direct connection is established between your browser and the Xing server. Through this, Xing obtains the information that you, with your IP address, have visited our website. Further information about Xing plug-ins can be found at https://dev.xing.com/plugins. If you click the Xing button while you are logged in to your Xing account, you can link the content on our site with your Xing profile. Through this, Xing can relate the visit to our web pages with your user account. Please note that we, as the provider of the website, obtain no information from Xing about the content of the data transmitted or its use. If you do not wish Xing to attribute the visit to our website to you, please log out of your Xing account.
3.13.5. Use of hCaptcha
To secure our contact form against unwanted usage, we use the service hCaptcha of the company Intuition Machines Inc., 350 Alabama St, San Francisco, CA 94110, USA . This service enables the differentiation between input by a human and abusive and automated input by a machine (spambot). Further information can be found under: https://www.hcaptcha.com/privacy.
3.13.6. Adobe Typekit
For the unified presentation of texts types (fonts), the sites www.eco.de, www.international.eco.de and www.siwecos.de use the Adobe Typekit service. Adobe Typekit is a service that enables access to a font library and is made available by the company Adobe Systems Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA (“Adobe”). When accessing a site, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.
In the course of providing the Typekit service, no cookies are placed or used to supply the fonts. To provide the Typekit service, Adobe can collect information about the font, which serves to identify the website itself and the associated Typekit account. Adobe Typekit is used in the interest of enabling a unified and appropriate presentation of our online offer. This represents a legitimate interest as defined in Article 6 (1)( f) GDPR. If your browser does not support web fonts, a standard font from your device is used.
More information about the Typekit can be found at https://helpx.adobe.com/typekit/using/what-is-typekit.html and generally about Adobe at https://www.adobe.com/en/privacy.html.
3.13.7. Google Maps
We use the map service Google Maps via an interface to visually display geographical information. The provider of this service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Data about the use of the map function by visitors is collected, processed and used by Google when Google Maps is used. This information is, as a rule, transferred to a Google server in the USA and stored there.
Google Maps is used in the interest of enabling a unified and appropriate presentation of our online offer and easy findability of our locations listed on the website. The legal foundation for this is your consent as defined in Article 6 (1)(a) GDPR.
You can withdraw or change your consent at any time in the “Individual Cookie Settings” or via the button “Change Cookie Settings” on our website.
3.14 Joint controllers pursuant to Article 26 Para. 2 (2) GDPR
In order to spare resources and use them more effectively, eco – Association of the Internet Industry and the deutsche medienakademie GmbH (“dma”, German Media Academy), as a 100 per cent subsidiary of eco, as well as eco and the EuroCloud Deutschland_eco e.V., as affiliated associations, use a joint database to manage their address databases.
As part of their joint data protection responsibility, eco and dma have agreed on which of them fulfils which obligations under the GDPR. To this end, eco and dma have each assigned the individual data files to a company responsible for processing the personal data. This applies in particular to the observation of the rights of the data subjects and the fulfilment of the information obligations pursuant to Articles 13 and 14 of the GDPR. The same agreement stands between eco and eco and EuroCloud Deutschland_eco e.V.
As part of our cooperation with talque, eco and talque also process personal data together. This concerns the use of personal data that is saved when registering on the talque web platform for an eco event/network. You can assert your data protection rights centrally at: firstname.lastname@example.org.
4. Your rights
Alongside the right to withdraw the consent given to us, you also have the following rights when the respective legal conditions are extant:
- Right of information regarding your personal data stored by us in accordance with Article 15 GDPR; in particular, you can obtain information about the purpose of processing, the category of personal data, the category of recipient for whom your data is or has been made available, the planned period of retention, the origin of your data, insofar as it was not collected directly from you,
- Right of rectification of erroneous or to completion of correct data in accordance with Article 16 GDPR,
- Right to deletion of your data stored by us in accordance with Article 17 GDPR, insofar as there are no legal or contractual requirements to retain the data or other legal obligations or rights to the continued retention of the data,
- Right to limit the processing of your data in accordance with Article 18 GDPR, insofar as you dispute the correctness of the data, the processing is illegal, but you oppose the deletion of said data; the data controller no longer requires the data, but you require said data for the assertion, exercise or defence of legal claims, or you have filed an objection to the processing in accordance with Article 21 GDPR,
- Right to data portability in accordance with Article 20 GDPR, i.e. the right to receive selected data about you stored by us in a standard, machine-readable format, or to have this transmitted to another data controller,
- Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your normal place of residence or work, or of our association headquarters to do this.
4.2 Right to object
Under the conditions of Article 21 (1) GDPR, the data processing can be objected to on grounds arising out of the special situation of the person affected.
5. Forwarding to third parties
The data collected by us is not sold. We share the information that we obtain to third parties exclusively to the extent described in the following:
5.1 Affiliated companies
5.2 Service providers
5.3 Protection of eco and third parties
We disclose personal data when we are legally obliged to do so or when such disclosure is necessary to protect our rights and those of third parties.
5.4 Recipients outside of the EU
Your data will generally be processed in Germany and in other European countries. If, in exceptional cases, your data is also processed in countries outside the European Union (i.e. in so-called third countries), this is done insofar as you have expressly consented to this or it is necessary for our provision of services to you, or it is provided for by law (Article 49 GDPR). Furthermore, your data will only be processed in third countries if certain measures ensure that an adequate level of data protection exists (e.g. adequacy decision of the EU Commission; EU standard contractual clauses or so-called suitable guarantees, Article 44ff. of the GDPR).
6. Further information and notes
V16 Cologne, Updated: April 2023