Data Protection Declaration

We are pleased that you have visited our website www.willkommen.saarland and that you are interested in our association. Protecting your personal data is an important issue for us. Personal data is information about personal or material circumstances relating to an identified or identifiable natural person. Such information includes, for instance, the real name, address, telephone number and date of birth, together with all other information that can be related to an identifiable person.
Because personal data is subject to special legal protection, we only collect such data to the extent necessary to make our website available and provide our service. Below, we will set out what personal information we record during your visit to our website and how we use it.
Our data protection practices are consistent with the statutory regulations, in particular the German Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and the General Data Protection Regulation of the EU (GDPR). We will only collect, process and store your personal data to the extent necessary to ensure the functional provision of our website, our content and our services and to process enquiries and, where appropriate, process orders/contracts, provided that there is in each case a legitimate interest to do so within the meaning of Art. 6 (1) p. 1 lit. (f) GDPR or other permissory rules. Your data will only be used for further purposes precisely defined in your consent, e.g. for sending you promotional information in the newsletter – if you specifically give your consent in advance.

 

1. Controller within the meaning of Art. (4) no. 7 GDPR

The controller within the meaning of the GDPR and other national data protection legislation of the Member States, together with other data protection provisions is:

saarland.innovation&standort e.V.(saar.is)
Franz-Josef-Röder-Straße 9
66119 Saarbrücken
E-mail: saarlandmarketing@saar-is.de
Tel.: 0681 9520-470
Fax: 0681 5846125

 

2. Name and address of the Data Protection Officer

Name: David Eckstein
Address: Franz-Josef-Röder-Str. 9, 66119 Saarbrücken
E-mail: david.eckstein@saaris.de

 

3. Provision of the website and creation of log files

Each time our website is visited, our system automatically records data and information from the computer used to access the site. The following data is collected:

Scope of data processing

  1. Information about the browser type and the version used
  2. The operating system running on the accessing device
  3. The IP address of the accessing device
  4. The date and time the site is accessed
  5. Websites and resources (images, files, other page content) that have been accessed on our website.
  6. Websites from which the user’s system was led to our website (referrer tracking)

This data is stored in the log files on our system. This data is not stored together with the personal data of a specific user, which means that an individual visitor to the site is not identified.

  • Lawful basis for processing personal data
    Art. 6 (1) lit. (f) GDPR (legitimate interest). Our legitimate interest lies in ensuring that the purpose outlined below is achieved.
  • Purpose of data processing
    Logging takes place for the purpose of ensuring the compatibility of our website for the largest possible majority of users, for combating abuse and for troubleshooting. For this purpose it is necessary to log the technical data of the computer accessing the website in order to be able to react as quickly as possible to display errors, attacks on our IT systems and/or functional errors on our website. Furthermore, the data also helps us to optimise the website and generally ensure the security of our information processing systems.
  • Duration of data storage
    The above-stated technical data is deleted as soon as it is no longer required in order to ensure the compatibility of the website for all visitors, but at the latest 3 months after our site was accessed.
  • Option to object to and remove data
    The options for objecting to and removing data are determined in accordance with the general rules on the right to object to and delete data, as required by data-protection law, that are outlined later in this data protection declaration.

 

4. Special functions of the website

Our website offers various functions which, when used, cause your personal data to be collected, processed and stored by us. Below, we explain what happens to your data:

Contact form(s):

  • Scope of processing of personal data
    The data you enter into our contact form.
  • Lawful basis for processing personal data
    Art. 6 (1) lit. (a) GDPR (implicit consent)
  • Purpose of data processing
    We will only use the data collected via our contact form(s) for processing the specific contact request that is received via the contact form.
  • Duration of data storage
    Once your enquiry has been processed the collected data will be immediately deleted, provided that there is no statutory retention period.
  • Option to object to and remove data
    The options for objecting to and removing data are determined in accordance with the general rules on the right to object to and delete data, as required by data-protection law, that are outlined later in this data protection declaration.

 

5. Statistical evaluation of visits to the website – webtracker

We collect, process and store the following data when our website, or individual web files, is/are accessed: the IP address, the website from which the file was accessed, the name of the file, the data and time of access, the volume of data transferred and message about the success of accessing the website (so-called web log). We only use this access data in non-personally identifiable form for the purpose of continuously improving our website and for statistical purposes.

We also use the following webtracker for evaluating visits to this website:

Matomo (formerly Piwik)

  • Scope of processing of personal data
    Our website contains a tracking code from Matomo (formerly Piwik), an open source web analysis tool (https://matomo.org). We solely perform web tracking ourselves without relating data to individuals in any way. No data is transferred to third parties. We host Matomo ourselves. In so doing, we only collect, process and store usage data about the way in which our site is used, e.g.: referrer links, the session length at certain URLs, the clickstream data and also data about your browser settings such as the manufacturer of the browser and its version, the screen resolution and the operating system used. Where appropriate, we also collect and store parts of your IP address and information about the speed with which our website loads. From this data we can extract anonymous usage profiles and statistical information. We also use cookies in line with web tracking using Matomo in order to differentiate repeat visitors to the site from first time users. Cookies are small text files that are stored locally in the cache of your web browser and which contain a specific ID. Where applicable, they also contain further technical information. The data collected in this connection is not merged with other personal data which we may have available without your explicit consent. The data is therefore not deanonymized.
  • Lawful basis for processing personal data
    Data is not related to individuals. Matomo does not render the behaviour of data subjects on the internet trackable. If it is still possible for data to be related to individuals, e.g. if a user should log into our website, we will obtain explicit consent before relating data to individuals in accordance with Art. 6 (1) lit. (a) GDPR (consent).
  • Purpose of data processing
    Carrying out web tracking serves to analyse user flows in order to enable us to anonymously monitor the functionality and user-friendliness of our website and to continuously improve it. It serves solely to collect statistical, non-personal data.
  • Duration of data storage
    We store all of the web tracking data collected using Matomo for an indefinite period, because this data is only available to us in anonymized form.
  • Option to object to and remove data
    You can prevent the aforementioned data from being collected and processed by installing a JavaScript Blocker such as www.noscript.net or, to prevent the collection of other website analytics data, www.ghostery.com. Furthermore, you can also click the following opt-out button to disable web tracking via Matomo
    If it is possible for data to be related to individuals (e.g. following a log in), you can withdraw your consent at any time in accordance with the rules outlined later in this data protection declaration.

6. Integration of external web services and processing of data outside the EU

On our website we use active JavaScript content from external providers, otherwise known as web services. By accessing our website, these external providers may receive personal information about your visit to our website. This means that data may be processed outside the EU. You can prevent this by installing a JavaScript Blocker such as the ‘NoScript’ browser plugin (www.noscript.net) or by deactivating JavaScript in your browser. This may cause functional restrictions on the websites that you visit.

We use the following external web services:

  • Doubleclick

A web service provided by the company Google LLC, 1600 Amphitheatre Parkway in 94043 Mountain View, USA (hereinafter: Doubleclick) is used on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to Doubleclick. The lawful basis for data processing is Art. 6 (1) lit. (f) GDPR. The legitimate interest lies in the error-free function of the website. Doubleclick has self-certified itself in line with the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). The data is deleted as soon as the purpose for which it was collected has been fulfilled. Further information on how the transferred data is handled can be found in Doubleclick’s data protection declaration: https://www.google.com/intl/de/policies/privacy/. You can prevent the collection and processing of your data by Doubleclick by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these for instance at www.noscript.net or www.ghostery.com).

  • Google

A web service provided by the company Google LLC, 1600 Amphitheatre Parkway in 94043 Mountain View, USA (hereinafter: Google) is used on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to Google. The lawful basis for data processing is Art. 6 (1) lit. (f) GDPR. The legitimate interest lies in the error-free function of the website. Google has self-certified itself in line with the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). The data is deleted as soon as the purpose for which it was collected has been fulfilled. Further information on how the transferred data is handled can be found in Google’s data protection declaration: https://www.google.com/intl/de/policies/privacy/. You can prevent the collection and processing of your data by Google by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these for instance at www.noscript.net or www.ghostery.com).

  • gstatic

A web service provided by the company Google LLC, 1600 Amphitheatre Parkway in 94043 Mountain View, USA (hereinafter: gstatic) is used on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to gstatic. The lawful basis for data processing is Art. 6 (1) lit. (f) GDPR. The legitimate interest lies in the error-free function of the website. gstatic has self-certified itself in line with the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). The data is deleted as soon as the purpose for which it was collected has been fulfilled. Further information on how the transferred data is handled can be found in gstatic’s data protection declaration: https://www.google.com/intl/de/policies/privacy/. You can prevent the collection and processing of your data by gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these for instance at www.noscript.net or www.ghostery.com).

  • Vimeo

A web service provided by the company Vimeo, Inc., 555 West 18th Street in 10011 New York, USA (hereinafter: Vimeo) is used on our website. If you have activated JavaScript in your browser but have not installed a JavaScript blocker, your browser may transfer personal data to Vimeo. Further information on how the transferred data is handled can be found in Vimeo’s data protection declaration: https://vimeo.com/privacy. You can prevent the collection and processing of your data by Vimeo by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these for instance at www.noscript.net or www.ghostery.com).

  • Youtube

A web service provided by the company Google LLC, 1600 Amphitheatre Parkway in 94043 Mountain View, USA (hereinafter: YouTube) is used on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to YouTube. The lawful basis for data processing is Art. 6 (1) lit. (f) GDPR. The legitimate interest lies in the error-free function of the website. YouTube has self-certified itself in line with the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). The data is deleted as soon as the purpose for which it was collected has been fulfilled. Further information on how the transferred data is handled can be found in YouTube’s data protection declaration: https://www.google.de/intl/de/policies/privacy/. You can prevent the collection and processing of your data by YouTube by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these for instance at www.noscript.net or www.ghostery.com).

  • ytimg

A web service provided by the company Google LLC, 1600 Amphitheatre Parkway in 94043 Mountain View, USA (hereinafter: ytimg) is used on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to ytimg. The lawful basis for data processing is Art. 6 (1) lit. (f) GDPR. The legitimate interest lies in the error-free function of the website. ytimg has self-certified itself in line with the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). The data is deleted as soon as the purpose for which it was collected has been fulfilled. Further information on how the transferred data is handled can be found in ytimg’s data protection declaration: https://www.google.de/intl/de/policies/privacy/. You can prevent the collection and processing of your data by ytimg by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these for instance at www.noscript.net or www.ghostery.com).

  • website-check.de

A web service provided by the company Website-Check GmbH, Beethovenstraße 24 in 66111 Saarbrücken, DE (hereinafter: website-check.de) is used on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to website-check.de. The lawful basis for data processing is Art. 6 (1) lit. (f) GDPR (legitimate interest). The legitimate interest lies in the error-free function of the website. The data is deleted as soon as the purpose for which it was collected has been fulfilled. Further information on how the transferred data is handled can be found in the data protection declaration of website-check.de: https://www.website-check.de/datenschutzerklaerung/. You can prevent the collection and processing of your data by website-check.de by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these for instance at www.noscript.net or www.ghostery.com).

 

7. Data protection notice for the “Ihr krien ebbes” (“you’ll get something”) summer promotion

Scope of processing of personal data:
The data you enter during registration.

Lawful basis for processing personal data:
Art. 6 (1) lit (b) GDPR (fulfilment of contract and initiation).

Purpose of data processing:
We only use the data collected via the registration screen for the “Saarland Discoverer” competition for the purpose of administering the competition and distributing the prizes. In addition to sending individual notifications, announcements about the “Saarland Hosts” who have won will be published, stating their first name and place of residence, on the promotion website and other Saarland marketing channels (social media). Following registration we will send you a confirmation e-mail that contains a link that you must click in order to complete your registration for participation in the promotion (double opt-in).
If you make a selfie video of your Saarland experiences available to us, this video will also be used for further purposes that are precisely defined in your consent in accordance with Art. 6 (1) (a) GDPR. If you have checked the corresponding field when you uploaded the video or have given your Saarland host corresponding consent, we will process the video in accordance with Art. 6 (1) (a) GDPR for the purpose of advertising the summer promotion. This involves us publishing the individual videos during the period of the promotion on the Saarland Marketing channels (websites, social media channels of saaris, IHK and the State Chancellery) and edit them at the end of the promotion into a commercial that will be published on the same channels. Consent to publish the video is given on a voluntary basis and has no effect on the competition.

Duration of data storage:
The processed data will be deleted once the competition has ended after the statutory retention period has expired. In the event of an uncompleted registration we will also delete your data after the promotion has ended. We reserve the right to delete data without giving reasons and without informing you in advance or afterwards.

Data transfer:
The participants’ processed data will be transferred to cooperating partners in order to facilitate participation in the reception and in the promotion as a whole. Data transfers over and above this will not be made without the specific consent of the participant.

The “Saarland Host” will be informed by e-mail regarding whether you wish to accept or decline their invitation.

8. Information on the use of cookies

  • Scope of processing of personal data
    We use cookies on various pages of our website in order to facilitate the use of certain functions. These so-called ‘cookies’ are small text files which your browser can store on your computer. These text files contain a characteristic character string that allows your browser to be uniquely identified when you next visit our website. The process of storing a cookie file on a computer is also known as ‘setting a cookie’.
  • Lawful basis for processing personal data
    Art. 6 (1) lit. (f) GDPR (legitimate interest). Our legitimate interest lies in maintaining the full functionality of our website, improving its usability and facilitating the individual addressing of customers. We are only able to identify individual website visitors using cookie technology if the website visitor entrusts us with the corresponding personal data in advance and on the basis of specific consent.
  • Purpose of data processing
    Our website sets cookies in order to maintain its full functionality and improve its usability. Cookie technology also allows us to recognise individual site visitors by their pseudonyms, e.g. an individual, personalised user-defined ID, which makes it possible for us to offer more individualised services.
  • Duration of data storage
    Our cookies are stored until they are deleted from your browser or if the cookie is a session cookie, which expires at the end of the session.
  • Option to object to and remove data
    You can configure your browser yourself to generally prevent the setting of cookies, to only be informed that cookies are being set or to decide whether to accept cookies on a case-by-case basis. Alternatively, you can accept cookies by default. Cookies can be used for different purposes, e.g. to identify whether your PC has already connected to our website in the past (persistent cookies) or to save products that you most recently viewed (session cookies). We use cookies to provide you with increased user convenience. To enable you to use our convenience functions we recommend that you allow our website to set cookies.

The options for objecting to and removing data are determined in accordance with the general rules on the right to object to and delete data, as required by data-protection law, that are outlined later in this data protection declaration.

 

9. Data security and data protection, communication by e-mail

Your personal data is protected by technical and organisational measures such that it is not accessible to third parties during collection, storage and processing. In the case of unencrypted communications by e-mail we cannot ensure the complete security of data during the course of its transmission to our IT systems. Therefore, for information for which a high-level of confidentiality is required, we recommend encrypted communication or delivery by post.

 

10. Withdrawal of consent – information about data and change requests – deletion & blocking of data

Pursuant to the German Federal Data Protection Act you are entitled, free of charge, to obtain information about your stored data and, where applicable, have the right to correct, block or delete such data. Your data will then be deleted, unless this is prevented by statutory regulations. You can withdraw consent that you have granted to us to use your personal data at any time. You can, at any time, send requests for disclosure, deletion or correction of your data – and we would also be pleased to receive your suggestions – to the following address:

saarland.innovation&standort e.V.(saar.is)
Franz-Josef-Röder-Straße 9
66119 Saarbrücken
E-mail: saarlandmarketing@saar-is.de
Tel.: 0681 9520-470
Fax: 0681 5846125

 

11. Right to data portability

You are entitled to request from us – in a structured, common and machine-readable format – your personal data that you have provided to us. You may also request us, upon your initial instruction, to immediately transfer this data to a third party, provided that processing is based on consent in accordance with Art. 6 (1) lit. (a) GDPR or Art. 9 (2) lit. (a) GDPR or on a contract in accordance with Art. 6 (1) lit. (b) GDPR and that processing is carried out by us in the course of automated data processing.

When exercising this right to data portability you are furthermore entitled to invoke your right to have your personal data transferred directly from one controller to another, provided this is technically feasible. This may not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data for the purpose of performing a task carried out in the public interest or in the exercising of official authority vested in the controller.

 

12. Right to lodge a complaint with the supervisory authority pursuant to Art. 77 (1) GDPR

If you suspect that your data is being processing unlawfully on our website you can, of course, seek legal clarification of the problem at any time. Irrespective of this, you are also entitled to contact a supervisory authority for assistance. You have the right to complain in the EU Member State where you reside, work or where the supposed infringement took place, i.e. you can choose which supervisory authority to contact from the aforestated places. The supervisory authority to which the complaint was submitted will then inform you of the status and the results of your submission, including the option for judicial redress in accordance with Art. 78 GDPR.

 

Prepared by:
© IT-Recht-Kanzlei DURY – www.dury.de
© Website-Check GmbH – www.website-check.de