Back to overview

Data Protection

​​​​​​I. Controller’s name and address

The controller, as defined by the General Data Protection Regulation and other national data protection laws of the Member States and other data protection regulations, is:

AUMA
Association of the German Trade Fair Industry 
Littenstrasse 9, 10179 Berlin
PO Box: 021 281
10124 Berlin
Phone 030 24000-0
Fax 030 24000-330
info@auma.de
http://www.auma.de/

II. Data protection officer’s contact Information

The controller’s data protection officer is:
Silvia Bauermeister (solicitor)
Phone 030 24000-103
Fax 030 24000-203
s.bauermeister@auma.de

III. General information regarding data processing

1. Scope of processing of personal data

We process our users’ personal data only if this is necessary for the provision of a functional website and our content and services. We process our users’ data regularly only after obtaining the user’s consent. An exception applies in those cases where, for practical reasons, it is not possible to obtain prior consent and the processing of the data is permitted by legal regulations.
2. Legal basis for processing of personal data

Insofar as we obtain the data subject’s consent for processing personal data, Article 6 Para. 1(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In processing personal data necessary for the performance of a contract to which the data subject is the contractual party, Article 6 Para. 1(b) of the GDPR serves as legal basis. This also applies to processing necessary for executing pre-contractual measures.

If the processing of personal data is necessary to fulfil a legal obligation our company is subject to, Article 6 Para. 1(c) of the GDPR serves as the legal basis.

Where vital interests of the data subject or of another natural person make processing personal data necessary, Article 6 Para. 1(d) of the GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and the interests or fundamental rights and freedoms of the data subject do not override the former interest, Article 6 Para. 1(f) of the GDPR serves as legal basis for the processing.

3. Data erasure and duration of storage

The data subject’s personal data are deleted or made unavailable as soon as the purpose of the storage lapses. The data can also be stored if this has been provided for by the European or national legislator in the Union’s legal directives, laws or other regulations to which the controller is subject. The data will also be made unavailable or erased if a storage deadline set by the above standards expires, unless it remains necessary to continue storing the data for the purpose of entering or performing a contract.

IV. Provision of the website and creation of log files

1. Description and scope of the data processing

Whenever this website is visited our system automatically collects data and information about the visiting computer’s system.
This process involves the collection of the following data:

  • Information about the browser type and the version used 
  • The user’s operating system
  • The user’s IP address
  • The date and time the website was accessed 
  • Websites from which the user’s system arrived at our website

The data are saved in our system’s log files. These data are not stored together with other personal data of the user.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and log files is Article 6 Para. 1(f) of the GDPR.
3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary in order to facilitate delivery of the website to the user’s computer. The user’s IP address must therefore be stored for the duration of the visit.

This is stored in log files to ensure the website’s functionality. In addition, we use the data to ensure the security of our IT systems.

Pursuant to Article 6 Para. 1(f) of the GDPR these aims also constitute our legitimate interest in the data processing.

4. Duration of storage

The data are erased as soon as they are no longer required for the purpose for which they were collected. This happens when data collected for the purpose of providing the website are erased at the end of each visit.

The log files are disassociated after seven days so that they can no longer be allocated to the visiting client.

5. Option to object and of removal

The collection of the data for providing the website and storing the data in log files is absolutely essential for the operation of the website. The user therefore has no option to object.

V. Use of session Cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are text files that are saved on the user’s computer system in the web browser or by the web browser. If a user visits a website, a cookie can be saved on the user’s operating system. This cookie contains a unique character string that allows clear identification of the browser when visiting the site again.

We use cookies to make our website more user friendly. Some elements of our website require that the visiting browser be identifiable even after changing sites.
The data stored and transmitted in the cookies include: Language settings, item in a shopping cart, book/reading list.

2. Legal basis for the data processing

The legal basis for the processing of personal data using cookies is Article 6 Para. 1(f) of the GDPR.
3. Purpose of the data processing

The purpose of using technically necessary cookies is to make it easier for the user to use the website. Some of the functions of our website cannot be offered without the use of cookies. This requires that the browser can be recognised even after switching sites.

The user data collected by technically necessary cookies are not used to create user profiles.

4. Duration of storage, option to object and of removal

Cookies are stored on the user’s computer and transmitted from this computer to our site. As user you therefore also have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the website’s functions in full.

The session cookies are automatically deleted at the end of a visit.

VI. Newsletter

1. Description and scope of the data processing
It is possible to subscribe to a free newsletter at auma.de. The email address entered by the customer when registering for the newsletter is sent to us.
The date and time of registration is also collected on registration. Your consent for the processing of the data is collected as part of the registration process and reference is made to this privacy policy.
2. Legal basis for the data processing
The legal basis for processing the data after registration for the newsletter by the user, where the user has submitted his or her consent, is Article 6 Para. 1(a) of the GDPR.
3. Purpose of the data processing
The user’s email address is collected in order to send the newsletter.    
4. Duration of storage
The data are erased as soon as they are no longer required for the purpose for which they were collected. The user’s email address will be stored for as long as the subscription to the newsletter remains active.    
5. Option to object and of removal

The newsletter subscription can be cancelled at any time by the user concerned. Every email with which the newsletter is sent will contain a corresponding link for this purpose.

This also allows revocation of consent for storage of the personal data collected during the registration process.

VII. Order form and email contact

1. Description and scope of the data processing

We can be contacted electronically on our website via an order form in the Publications and Trade Fair Library area. If the user makes use of this option, the data entered into the order form are sent to us and stored.

Alternatively, we can be contacted via the email addresses provided. In this case, the user’s personal data sent with the email are stored.

The data are not shared with third parties in this process. The data are used exclusively for processing the conversation.

2. Legal basis for the data processing

The legal basis for processing the data transmitted when using order forms is Article 6 Para. 1(b) of the GDPR.

The legal basis for processing the data transmitted when sending an email is Article 6 Para. 1(f) of the GDPR. If the email communication is for the purpose of entering into a contract, the additional legal basis for processing is Article 6 Para. 1(b) of the GDPR.

3. Purpose of the data processing
The personal data from the order forms is processed exclusively for the purpose of handling the communication. If the communication is via email, this also constitutes the necessary legitimate interest in processing the data.
4. Duration of storage
The data are erased as soon as they are no longer required for the purpose for which they were collected.
5. Option to object and of removal

The user may at any time revoke his or her consent to the processing of his or her personal data. If the user contacts us via email, he or she can object to the storage of his or her personal data at any time. In this case, the conversation cannot be continued.

All personal data stored during the communication are erased in this case.

VIII. Comments and contributions

1. Description and scope of the data processing
If users leave comments or other contributions on blog.auma.de, their IP addresses and email addresses are stored.
2. Legal basis for the data processing
The legal basis for processing the data transmitted when commenting on blog contributions is Article 6 Para. 1(f) of the GDPR.
3. Purpose of the data processing
The processing of personal data is carried out for the security of AUMA e.V., in the case that illegal content is published in comments and contributions (insults, prohibited political propaganda; see in this context also comments guidelines). In this case, AUMA e.V. can itself be prosecuted and therefore has an interest in knowing the identity of the author.
4. Duration of storage
The data are erased as soon as they are no longer required for the purpose for which they were collected.

IX. Web analysis by etracker

1. Scope of processing of personal data
We use the services of etracker GmbH, Hamburg, Germany (http://www.etracker.com/), on www.auma.de to analyse usage data. Cookies are therefore used that allow a statistical analysis of the use of this website by its visitors. Cookies are small text files that are stored on the user’s device by the web browser. etracker cookies do not contain any information that would allow a user to be identified. The data generated with etracker are processed and stored on our behalf by etracker exclusively in Germany and are therefore subject to the strictest German and European data protection laws and standards. etracker has in this regard been independently audited, certified and awarded the ePrivacyseal data protection seal of quality.    
2. Legal basis for processing personal data
The legal basis for processing the user’s personal data is Article 6 Para. 1(f) of the GDPR. Our legitimate interest consists in optimising our online service and our online presence. This data is not used for any other purpose, combined with other data or forwarded to third parties by etracker.
3.Purpose of data processing
The purpose of the data processing is a statistical analysis of the use of our website.
4. Duration of storage
Because the privacy of our visitors is particularly important to us, their IP address is immediately anonymized by etracker after it is collected, and login or device identifications are converted into a unique key that is not assigned to a person.    
5. Option to object and of removal
You may object at any time to the data processing described above if it involves personal data. Your objection will not lead to any disadvantageous consequences for you. 

​More information on data protection with etracker can be found here.

X. Web analysis by Matomo (formerly PIWIK)

1. Scope of processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on auma.blog.de to analyse our users’ surfing habits. The software places a cookie on the user’s computer (see above for cookies). When individual pages of our website are accessed, the following data are stored: 

  • Two bytes of the IP address of the user’s system
  • The accessed website
  • The website from which the user came to the accessed website (referrer)
  • The subpages browsed from this website 
  • The duration on this website 
  • The frequency of visiting the website

The software only runs on the servers of our website. Users’ personal data is only stored there. The data will not be disclosed to third parties.

2. Legal basis for processing personal data
The legal basis for processing the user’s personal data is Article 6 Para. 1(f) of the GDPR. 
3. Purpose of the data processing
The processing of users’ personal data allows us to analyse our users’ surfing habits. Analysing the acquired data enables us to compile information about the use of individual components of our website. This helps us to continuously improve the website and to make it more user-friendly. Pursuant to Article 6 Para. 1(f) of the GDPR these aims also constitute our legitimate interest in the data processing. By anonymizing IP-addresses we take due account of the justified interest of data subjects regarding the protection of their personal data.
4. Duration of storage

The data will be erased as soon as they are no longer required for our purposes. This is the case after 30 days. 
5. Option to object and of removal
Cookies are stored on the user’s computer and transmitted from this computer to our site. As user you therefore also have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the website’s functions in full. You will find more detailed information about privacy settings in the Matomo software under the following link: https://matomo.org/docs/privacy/.

XI. Social media buttons

1. Facebook
blog.auma.de includes a Facebook share button for the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. You will recognise the button by the Facebook logo on this page. The Facebook share button is designed in compliance with data protection regulations. A direct connection between your browser and the Facebook server is not created until you click on the Facebook share button on this page (and only then). In this way Facebook is informed that you have visited this website with your IP address. If you click on the Facebook share button whilst logged on to your Facebook account, you can link the contents of our webpages on your Facebook profile. In this way Facebook is able to assign the visitor to these webpages to your user account. As the website provider AUMA e.V. does not acquire any knowledge about the content of the transferred data or its use by Facebook. You will find further information about this in the Facebook privacy policy at http://de-de.facebook.com/policy.php
2. Twitter

Twitter buttons are used on http://blog.auma.de/. These buttons are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. These buttons allow you to share an AUMA blog post on Twitter or to follow the provider on Twitter.
When a user calls up a page of this website which contains one of these buttons, their browser will create a direct connection with the Twitter servers. The content of the Twitter button will be transferred by Twitter direct to the user’s browser. Consequently, AUMA e.V. has no influence on the scope of data gathered by Twitter with the help of this plugin.

You will find further information about this in the Twitter privacy policy at http://twitter.com/privacy.

XII. Rights of the data subject

When your personal data is processed, you are the data subject as defined by the GDPR, and you have the following rights in relation to the controller:

1. Right to information

You may demand from the controller confirmation as to whether personal data relating to you is processed by us. 
If such processing takes place, you may demand the following information from the controller:

  1. the purposes for which personal data is processed;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  4. the planned duration of storage of your personal data or, if it is not possible to provide any concrete information about this, criteria for determining the duration of storage;
  5. the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to this processing; 
  6. the existence of the right to lodge a complaint with a supervisory authority;
  7. all available information about the origin of the data if personal data is not obtained from the data subject;
  8. the existence of automated decision-making including profiling pursuant to Article 22 Para. 1 and 4 of the GDPR and – at least in these cases – conclusive information about the logic involved as well as the implications and the intended effects of such processing for the data subject.

You have the right to demand information concerning whether your personal data is transferred to a third country or an international organisation. In this connection you may demand to be informed about suitable guarantees pursuant to Article 46 of the GDPR in connection with the transfer.

2. Right to rectification
You have the right in relation to the controller to rectification and/or completion insofar as personal data relating to you is incorrect or incomplete. The controller must make the correction without undue delay.
3. Right to restriction of processing

Under the following conditions you may demand restriction of processing of personal data relating to you:

  1. if you dispute the correctness of the personal data relating to you for a duration that allows the controller to check the correctness of the personal data;
  2. the processing is illegal and you refuse to allow erasure of the personal data and instead demand restriction of use of the personal data;
  3. the controller no longer needs the personal data for the purposes of processing but you nevertheless require it for assertion, exercise or defence of legal claims;
  4. if you have lodged an objection against processing pursuant to Article 21 Para. 1 of the GDPR and it is not yet established whether the controller’s justified interests outweigh your reasons.

If processing of the personal data relating to you has been restricted, this data may – apart from storage – be processed only with your consent or for assertion, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or for reasons of an important public interest of the European Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restrictions are lifted.

4. Right to erasure

a) Duty of erasure

You may demand from the controller that personal data relating to you be erased immediately, whereupon the controller is required to erase these data without undue delay insofar as one of the following reasons applies:

  1. The personal data relating to you are no longer needed for the purposes for which they were obtained or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Article 6 Para. 1(a) or Article 9 Para. 2(a) of the GDPR, and there is no other legal basis for the processing. 
  3. You lodge an objection pursuant to Article 21 Para. 1 of the GDPR against the processing and there are no overriding justified grounds for the processing, or you lodge an objection against the processing pursuant to Article 21 Para. 2 of the GDPR. 
  4. The personal data relating to you have been processed illegally. 
  5. Erasure of the personal data relating to you is required for fulfilment of a legal obligation in accordance with EU law or the law of Member States to which the controller is subject. 
  6. The personal data relating to you were obtained in relation to the services offered by the information society pursuant to Article 8 Para. 1 of the GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Article 17 Para. 1 of the GDPR to erase the personal data, the controller must take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested erasure by such controllers of any links to, or copy or replication of, these personal data. 

c) Exceptions

The right to erasure does not exist insofar as the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the sphere of public health pursuant to Article 9 Para. 2(h) and (i) as well as Article 9 Para. 3 of the GDPR;
  4. for archiving purposes in the public interest, scientific or historic research purposes or for statistical purposes pursuant to Article 89 Para. 1 of the GDPR insofar as the right stated under Section a) is expected to make realisation of the objectives impossible or seriously impede them or
  5. for the establishment, exercise or defence of legal claims.
5. Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing in relation to the controller, the latter is required to notify all recipients, to whom the personal data relating to you have been disclosed, about this rectification or erasure of data or restriction of processing unless it proves to be impossible or entails disproportionate effort.

You have the right in relation to the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another controller, without hindrance by the controller to whom you have provided the personal data, insofar as

  1. the processing is based on consent pursuant to Article 6 Para. 1(a) of the GDPR or Article 9 Para. 2(a) of the GDPR or on a contract pursuant to Article 6 Para. 1(b) of the GDPR and
  2. the processing is carried out by automated means.

When exercising this right you also have the right to arrange, where this is technically feasible, to have the personal data relating to you transmitted directly from one controller to another controller. Rights and freedoms of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data required to carry out a task in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right, for reasons arising from your particular situation, to lodge an objection at any time to processing of personal data relating to you which takes place on the basis of Article 6 Para. 1(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data relating to you unless he can prove compelling reasons for the processing that warrant protection that outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data relating to you are processed for the purpose of direct advertising, you have the right at any time to lodge an objection against the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is directly connected with such direct advertising.

If you object to processing for the purposes of direct advertising, the personal data relating to you will no longer be used for these purposes.

You have the option in connection with the use of services of the information society – notwithstanding Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.

8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.
9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. 

The supervisory authority with which the complaint has been lodged will inform the complainant about the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

25.05.2018

​​

We have placed cookies on your device to give you the best experience and to improve our website.
If you continue to browse on this site, we’ll assume you’re OK to proceed. More information