INFORMATION ON DATA PRIVACY PROTECTION OF BÖRSENVEREIN DES DEUTSCHEN BUCHHANDELS e.V.
(Last revised: 25.05.2018)
When you visit our website, in certain cases we collect data that are or can be related to you. In some cases these data are already visible to us when you access our website, in other cases we collect information if you provide it to us. We wish to inform you below of the purpose for which we collect these data and what we do with them.
What are personal data?
Personal data are all the data that can be related to you personally, e.g. your name, your address, your e-mail address, telephone number and your user behaviour.
When is the processing of personal data legally permitted?
Pursuant to Art. 6 of the EU General Data Protection Regulation (EU GDPR) the processing of personal data is lawful in the following cases among others:
- If you have given us your consent to do so (Art. 6 paragraph 1 sentence 1 letter a EU GDPR).
- If processing is necessary for the performance of a contract to which you are a contracting party or in order to take steps at your request prior to entering into a contract (Art. 6 paragraph 1 sentence 1 letter b EU GDPR).
- If processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 paragraph 1 sentence 1 letter c EU GDPR).
- If processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 paragraph 1 sentence 1 letter f EU GDPR).
In addition to the purposes pursued when we collect data, we will state the legal basis on which we process data in each case below.
I. Responsible body (controller); data protection officer
(1) The controller of the data file according to Art. 4 Abs. 7 EU-GDPR is:
Börsenverein des Deutschen Buchhandels e.V.
60311 Frankfurt am Main
represented by the managing director Peter Kraus vom Cleff
Tel.: +49 69 13 06 0
Fax: +49 69 13 06 20 1
(2) You can reach our data protection officer by email at firstname.lastname@example.org or by post at the address named above adding “Datenschutzbeauftragter (Data Protection Officer)”.
II. Data collection when you visit our website
1. Data collection when you access our website
(1) If you only access our website to obtain information (i.e. if you do not register or provide personal details in any other manner, e.g. by filling in a form), we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect data that we require in technical respects so that we can display our website to you and ensure stability and security. These data are the following:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific site)
- Access status/http status code
- The quantity of data transmitted in each case
- Website from which we receive the request
- Operating system and its user interface
- Language and version of the browser software
The data named above are also stored by us in the logfiles of our system. These are not stored with other data relating to you.
(2) The temporary storage of the IP address by our system is necessary in order to improve the stability and functionality of the website and for troubleshooting where necessary. The legal basis for this is Art. 6 paragraph 1 sentence 1 letter f EU GDPR.
(3) The data named above are deleted as soon as it is no longer necessary to store them to achieve the purpose. For the provision of the website, this is the case once you have finished visiting our site. Logfiles are deleted after 30 days at the latest.
(2) We use transient and persistent cookies.
a) Scope and functionality of transient cookies: Transient cookies are automatically deleted when the browser is closed. In particular, such transient cookies include session cookies that save what is referred to as a session ID which allows various requests of your browser to be allocated to the joint session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you logout or close your browser.
b) Scope and functionality of persistent cookies: Persistent cookies are automatically deleted after a specific period which varies depending on the cookie. You can delete cookies at any time in the security settings of your browser.
(4) You can set your browser so that you are informed when cookies are placed and can decide on whether you will accept them on a case-by-case basis or generally refuse to accept cookies. Cookies that have already stored can be deleted at any time. If you wish to select appropriate settings for your browser, please note that the method of administration for each cookie setting differs from browser to browser. You will find descriptions on how you can change cookie settings in the help menu of any browser. You can find this description for the browsers below under the following links: :
- Internet Explorer: support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari: https://www.apple.com/legal/privacy/de-ww/
- Firefox https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
- Opera : https://www.opera.com/help/tutorials/security/privacy/
- If cookies are not accepted, this can restrict the functionality of our website.
3. Web analysis through Matomo (formerly PIWIK)
(1) We use the open source software tool Matomo (formerly PIWIK) on our website for the analysis of the surfing behaviour of our users. The software places a cookie on the computer of the users (see II.2 above on the functioning of cookies). If individual pages of our website are accessed, the following data are stored:
- two bytes of the IP address of the user’s calling system;
- the website accessed;
- the website from where the user reached the website being accessed (referrer);
- the subpages that are accessed from the accessed website;
- the length of time spent on the website;
- the frequency in which the website is accessed.
The software runs exclusively on the servers of our website. Any storage of the personal data of users takes place only there. Data are not transmitted to third parties. The software is set so that IP addresses are not fully stored. Instead only 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). This ensures that any allocation of the abbreviated IP address to the calling computer is no longer possible.
(2) Processing the personal data of users allows us to analyse the surfing behaviour of our users. The evaluation of the data captured allows us to compile information on the use of the individual components of our website. At the same time, it allows us to continually improve our website and its user friendliness. These are the purposes that create our legitimate interest in processing the data in accordance with Art. 6 paragraph 1 lit. f GDPR. By anonymising the IP address, due consideration is given to the interest of users in the protection of their personal data.
(3) The legal basis for the processing of personal data of users is Art. 6 paragraph 1 sentence 1 letter f EU GDPR.
(4) The data are deleted as soon as they are no longer required for recording purposes. In our case, this is 3 months afterwards.
(6) We offer users on our website the option of selecting to opt-out of the analytical procedure. You must follow an appropriate link for this purpose. By doing so, another cookie is placed on your system that signalises to our system that the user data may not be stored. If the user deletes this cookie from his own system at some stage, he must again place the opt-out cookie.
(7) Further information on the private sphere settings of the Matomo software is provided under the following link: https://matomo.org/docs/privacy/.
4. Integration of YouTube videos
(1) We integrate YouTube videos in several places on our website. These are stored on the YouTube.com portal and can be played immediately via our website.
(2) When you visit our website, YouTube is informed that you have accessed the respective subpage of our website. The data named above under II.1 and 2. of this Information on Data Privacy Protection are also transmitted. This is carried out irrespective of whether YouTube has provided a user account that you have logged into or whether you have no user account. When you are logged into Google, your data are allocated to your account directly. If you do not wish any allocation to your profile on YouTube, you must logout before activating the respective button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Any such evaluation is carried out particularly (also for users not logged in) to provide needs-based advertising and to inform other users of the social network of your activities on our website. You have a right to object to the creation of these user profiles, although you must contact YouTube to exercise this right.
(3) If you wish to receive further information on the purpose of data collection and the extent thereof, you can obtain this directly from the privacy statement of YouTube. This also provides further information on your rights and setting options to protect your private sphere: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
5. Integration of Google Maps
(1) We integrate Google maps in several places on our website. This allows us to show you interactive maps directly on the website and enables you to use the map function.
(2) When you visit the website, Google is informed that you have accessed the respective subpage of our website. The data named above under II.1 and 2. of this Information on Data Privacy Protection are also transmitted. This is carried out irrespective of whether Google has provided a user account that you have logged into or whether you have no user account. When you are logged into Google, your data are allocated to your account directly. If you do not wish any allocation to your profile with Google, you must logout before activating the respective button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Any such evaluation is carried out particularly (also for users not logged in) to provide needs-based advertising and to inform other users of the social network of your activities on our website. You have a right to object to the creation of these user profiles, although you must contact Google to exercise this right.
(3) You can obtain further information on the purpose and extent of data collection and the processing thereof by the plugin provider in the privacy statements of the provider. This also provides further information on your rights and setting options to protect your private sphere: http://www.google.de/intl/de/policies/privacy. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
III. Data collection when you contact us
(1) When you contact us by email or via a contact form we have provided for this purpose, we store the data you give us in this connection (your email address and if applicable, your name, your address and your telephone number) in order to deal with your request and if applicable, to answer the questions you have asked.
(2) The legal basis for this is Art. 6 paragraph 1 sentence 1 letter f EU GDPR. If by contacting us, you intend to enter into a contract with us, the legal basis is also Art. 6 paragraph 1 sentence 1 letter b EU GDPR.
(3) We delete the data arising after it is no longer necessary to store them or we restrict processing if statutory retention periods apply.
IV. Data collection if you order a newsletter or if newsletters are sent following newsletter subscription
(1) You may subscribe to a free newsletter via our website through which we inform you of our offers, the latest news and our ongoing activities. The individual contents of the newsletter are named in the respective declaration of consent.
(2) During your registration, your email address is sent to us (mandatory field). If you provide further personal details to us, this is done voluntarily and serves the purpose of addressing you personally.
(3) After we have received your registration, we send an email to the email address you have provided in which we request you to confirm that you wish to receive the newsletter (referred to as the double opt-in procedure). If you do not confirm your registration within 48 hours, we block your information and automatically delete it after one month. We also store your IP addresses and the times of your registration as well as your confirmation. Our purpose in collecting this information is to be able to furnish proof of your registration in order to investigate any misuse of your personal data.
(4) After you have confirmed your subscription to the newsletter, we store your email address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 paragraph 1 sentence 1 letter a EU GDPR.
(5) You can revoke your consent to receiving the newsletter at any time with effect for the future and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided for this purpose in every newsletter or by sending us an email at email@example.com.
(6) If you order goods or a service from us and we receive your email address in this connection, we also use this email address to offer you similar goods or services (Section 7 paragraph 3 of the Act Against Unfair Competition). The legal basis for this is Art. 6 paragraph 1 sentence 1 letter f EU GDPR.
(7) We store your email address for the period in which you have not objected to our using it for the purpose of newsletter dispatch and we send you our newsletter on a regular basis.
V. Right of objection
(1) You have the right to object to the processing of your personal data for the purposes of direct advertising or data analysis.
(2) When we process your data to safeguard legitimate interests, you can object to such processing if there are reasons in your particular situation for not processing the data.
VI. Use of blog functions
(1) In the blog functions we offer you can comment on the topics we publish. These comments can be seen by everyone. Your respective comment will be published showing your name with the contribution. Your name and your email address must be provided, any other particulars are supplied voluntarily.
(2) If you make any comment, we will continue to store your IP address, which we will delete after six months. We need to store this information so that we can defend ourselves against liability claims in the event of the possible publication of unlawful contents. We require your email address so that we can contact you if a third party believes your comments are unlawful and objects to these. The legal bases for these are Art. 6 paragraph 1 sentence 1 letter b and letter f EU GDPR.
(3) If you wish to be informed when another user has commented on a contribution, you can activate the tick box in our email service when you write your comment. You will receive an email from us for this purpose in which you confirm that you are the owner of the email address and wish to receive the notification (referred to as the double opt-in procedure). You can unsubscribe from the notifications by clicking on the link shown in the email. We store your personal data, including your email address, the times at which you registered for the notifications and your IP address until you cancel your registration for the notification service. The legal basis is Art. 6 paragraph 1 sentence 1 letter b EU GDPR.
VII. Data collection if you order from our web shop
(1) For orders placed via our web shop, we ask you to provide specific personal details. Several fields in the order form are marked as mandatory fields which must be filled in to complete the order and to implement a contract. Mandatory information as such includes your first name and surname, your address (and if applicable, any invoicing or delivery address where these differ), your email address, possibly the position you hold in your company and data that arise in connection with the method of payment you have selected (banking details). All other particulars are voluntary and serve the purpose of personalising our communication with you.
(2) If you open a customer account, you can place further orders using this customer account. In that case you do not need to keep re-entering your data as we will store them until your revocation thereof.
(3) To execute your order, we disclose your name and your address (or your delivery address) to the company that we engage to deliver the goods.
(4) The purpose of data collection is to execute your order. The legal basis is Art. 6 paragraph 1 sentence 1 letter b EU GDPR.
VIII. Processing of data by external service providers
In some cases we use external service providers to process your data. These were carefully selected and engaged by us, are bound to our instructions and are checked on a regular basis.
IX. Data processing in the corporate group
(1) Areas of the Börsenverein corporate group, the German book-trade association, perform specific centralised data processing tasks for the affiliated companies in the group. To the extent that there are contractual relations between you and us or between you and one or several companies in our group, your data might be centrally processed. This is carried out, for example, for the central administration of address data, for contract and service processing, for debt collections and disbursements or in order to generally deal with post. Further information on the affiliated companies in the group is available here: https://www.boersenverein.de/boersenverein/ueber-uns/wirtschaftstoechter/
(2) The legal basis for this is Art. 6 paragraph 1 sentence 1 letter f EU GDPR.
X. Recipients of data for actions, events and similar with partners
(1) We can disclose your personal data to third parties if we offer and/or carry out actions, events, competitions, the conclusion of contracts or similar services together with partners. You will receive further information on these when you provide your personal data.
(2) Insofar as our partner is domiciled in a country outside the European Economic Area, we will inform you of the consequences of this fact in the description of the respective offer.
XI. Further recipients of personal data
We can transmit your personal data to further recipients, such as to authorities to meet legal reporting obligations (e.g. fiscal authorities, social insurance agencies or prosecution authorities).
XII. Credit checks
To the extent necessary to safeguard our legitimate interests, we request information from CRIF Bürgel GmbH, Radlkoferstrasse 2, 81373 Munich, Germany (https://www.crifbuergel.de/) to assess your general payment behaviour. The legal basis for this is Art. 6 paragraph 1 sentence 1 letter f EU GDPR.
XIII. Your data protection rights
(1) You can obtain information on the data stored on you under the address named above under I. In addition, you may demand that data are corrected if we have stored incorrect data on you. Taking the processing purposes into account, you also have the right to demand that your personal data are completed if the data we have stored on you are incomplete. Furthermore, you may demand the deletion of your data under certain conditions. You may also have the right to limit the processing of your data and the right to the surrender of the data you have provided in a structured, common and machine-readable format.
(2) You have the right to contact a data protection authority with any complaint. The supervisory authority responsible for us is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit,Prof. Dr. Michael Ronellenfitsch, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.
XIV. Duration of data storage: Reference to retention obligations under tax and commercial law
(1) Unless otherwise stated in this Information on Data Privacy Protection, we delete your personal data as soon as they are no longer necessary for the purposes named.
(2) We might store personal data for the period in which claims can be asserted against us (statutory limitation period of up to three years). The legal basis for this is Art. 6 paragraph 1 sentence 1 letter f EU GDPR.
(3) We also store your personal data if we are legally obliged to do so. Among other things, such obligations to furnish proof and retain documentation arise from the German Commercial Code or tax regulations and specify periods of up to ten years. The legal basis for this is Art. 6 paragraph 1 sentence 1 letter c EU GDPR.
XV. Declarations of consent
You expressly gave us the following declaration(s) of consent and we recorded your consent. Under the Telemedia Act, we are obliged to make the content of consents available upon request at any time. You may revoke your consent(s) at any time with effect for the future.
“I consent to receiving the newsletter of Börsenverein des Deutschen Buchhandels e.V. I can revoke my consent at any time with effect for the future by sending a message to firstname.lastname@example.org (or: by clicking on the “Unsubscribe” link at the end of the newsletter). I have read the Information on Data Privacy Protection.”