11. Legal or contractual requirements to provide your personal data, information about its necessity for the conclusion of a contract as well as about your obligation to provide personal data and possible consequences of not providing your data
We take the protection of your personal data very seriously. We “process” data in accordance with the applicable statutory data protection regulations, in particular the European General Data Protection Regulation (hereinafter referred to as GDPR) and the country-specific data protection provisions.
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Data controller
As the provider of our events and our Internet services, we are the data controller. Our contact details are as follows:
Company: Miquel Schmuck und Uhren GmbH, Hauptstr. 42, 96358 Teuschnitz
3. Type, scope, purposes and legal basis of the processing of your data
Personal data will only be processed by us if this is permitted by law (e.g.: for the performance of a contract or if there is a legitimate interest) or if you consent to the processing of your personal data.
In this paragraph, we inform you about the type, scope, purposes and legal basis of the processing of your personal data:
a) Processing of personal data when using the services offered by us or for the implementation of necessary pre-contractual measures, which are carried out at your request
If you wish to make use of the services offered by us, it may be necessary for you to provide us with personal data. The mandatory data required by us can be seen from the input mask within the registration process. You may voluntarily provide additional information that is not required for the purposes described above; we mark this information accordingly when collecting data during the registration process.
We process your personal data for the above purposes on the legal basis of Art. 6(1)(b) GDPR in order to perform a contract with you or in order to implement necessary pre-contractual measures, which are carried out at your request. The purpose of processing your personal data is therefore, for example, to process enquiries or to provide the requested service. If you do not provide your personal data, we will not be able to process your request and/or conclude a contract with you and provide the services offered.
In addition, we process your data for the purpose of exercising, asserting or defending any legal claims arising from the contractual relationship and, if necessary, to enable law enforcement authorities to prosecute any misuse of our services. The above data processing is carried out on the legal basis of Art. 6(1)(f) GDPR. Our legitimate interest for data processing on the legal basis of Art. 6(1)(f) GDPR is to be able to exercise, assert or defend legal claims arising from the contractual relationship, if applicable, and to enable law enforcement authorities to prosecute, if applicable.
We also process your personal data for the purpose of complying with our statutory retention obligations. The legal basis for the fulfilment of our legal retention obligations is standardised in Art. 6(1)(c) GDPR.
Your data may be passed on to service providers who support us for the purpose of contract performance or implementing necessary pre-contractual measures, which are carried out at your request, and whom we have of course carefully selected. These may be technical service providers or service providers assisting us with processing payments or accounting.
b) Visiting our website (server log files)
When you visit our website, the server stores data in server log files, which your Internet browser automatically transmits to the server. This information includes:
- Website visited
- Time of access
- Amount of data transferred in bytes
- Source/reference from which you accessed the site
- Browser used
- Operating system used
- IP address used
The data collected are only used for statistical analysis and to improve the website. However, the website operator reserves the right to check the server log files retrospectively if there are concrete indications of illegal use.
The processing of these data is carried out in order to enable the use of the webpages you have accessed, for statistical purposes, to improve our website and for security against illegal cyber-attacks as well as to exercise, assert or defend legal claims. Your IP address is stored only for as long as necessary to defend against possible cyber-attacks and to provide law enforcement authorities with the information necessary to prosecute.
The aforementioned data will be processed separately from all personal data that you provide to us when visiting our website and/or using a service and will not be combined under any circumstances.
This data processing described above has its legal basis in Art. 6 (1) (b) GDPR for the implementation of necessary pre-contractual measures, which are carried out at your request, in order to enable you to use the webpages you have accessed. Insofar as the above data are processed for security against illegal cyber-attacks, or in order to exercise, assert or defend legal claims, this is done on the legal basis of Art. 6(1)(f) GDPR. Our legitimate interest in this data processing is to analyse the data to improve our website, to exercise, assert or defend legal claims, if necessary, and to protect our systems from illegal cyber-attacks.
c) Enquiries via contact forms on our website and via e-mail/messenger
If you send us enquiries via a contact form on our website and/or via e-mail/messenger, your details, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up enquiries until the purpose for processing the data no longer applies. We will not pass on this data without your consent or a legal authorisation.
This data processing described above has its legal basis in Art. 6(1)(b) GDPR for the implementation of necessary pre-contractual measures, which are carried out at your request.
d) Direct marketing
Your name and address may also be processed indefinitely for our own postal marketing purposes on the legal basis of Art. 6(1)(f) GDPR, where our legitimate interest is in direct postal marketing for our own services.
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin, Germany.
Sendinblue is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue's servers in Germany.
If you do not want any analysis by Sendinblue, you must unsubscribe from the newsletter.
Data analysis by Sendinblue
With the help of Sendinblue, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.
In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.
Sendinblue also allows us to subdivide ("cluster") newsletter recipients based on various categories. In doing so, newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.
For detailed information on the Sendinblue functions, please refer to the following link: https://de.sendinblue.com/funktionen/e-mail-marketing/.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are text files that the provider of a website stores on the computer of the user of the website and can be retrieved when the user accesses the website again, in order to facilitate Internet navigation and transactions or to obtain information about user behaviour.
You can also determine whether cookies can be set and retrieved through the settings in your browser. You can, for example, deactivate the storage of cookies altogether in your browser, restrict it to certain websites or configure your browser so that it automatically informs you as soon as a cookie is to be set and asks you for permission to do so. You can also set your browser so that cookies are automatically deleted when you close the browser. Finally, you may be able to enable a Do-Not-Track (“DNT”) feature in your browser so that you are not automatically tracked by any web analytics tool that may be used. Information on how to configure your browser settings can be found in the help function of your respective Internet browser.
5. Storage and deletion periods for personal data
If the purpose for processing your required personal data no longer applies, your personal data processed by us will be routinely deleted or blocked, unless you have consented to permanent storage of your personal data.
If individual data must be retained after the purposes for processing no longer apply due to statutory retention periods (e.g. retention requirements under tax and commercial law), the data shall be blocked instead of being deleted. The data to be retained may then be processed on the legal basis of Art. 6(1)(c) GDPR exclusively for the aforementioned purposes.
6. Rights as a data subject
- You may exercise the rights described below at any time:
- Right to access and obtain confirmation as to the personal data processed by us in accordance with Art. 15 GDPR
- Right to obtain rectification of your personal data in accordance with Art. 16 GDPR
- Right to obtain the erasure of your personal data (“right to be forgotten”) in accordance with Art. 17 GDPR
- Right to obtain restriction of processing of your personal data in accordance with Art. 18 GDPR
- Right to data portability of your personal data in accordance with Art. 20 GDPR
- In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
7. Right to object
You have the right, for reasons arising from your specific situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6(1)(e) or (f) GDPR.
In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. In this case, we will no longer use your personal data for direct marketing purposes.
8. Right to revoke consent
You may revoke any consent expressly given to us under data protection law at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.
9. Lodging a complaint regarding an infringement of data protection law with the supervisory authorities
If you believe that your data protection rights are being infringed, you can contact the supervisory authority of your federal state or the federal state of our registered office. If a complaint concerns a company that has its registered office in another federal state, the supervisory authority shall forward the complaint to the supervisory authority responsible there.
The supervisory authority of our registered office is as follows:
Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA)
Telephone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
10. Obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing
We will notify all recipients to whom personal data have been disclosed of any rectification or erasure of personal data or restriction of processing in accordance with Art. 16, 17(1) and 18 GDPR, unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you so request.
11. Legal or contractual requirements to provide your personal data, information about its necessity for the conclusion of a contract as well as about your obligation to provide personal data and possible consequences of not providing your data:
As described above, we collect and process your personal data in particular for the performance of a contract with you or for the implementation of pre-contractual measures which are carried out at your request. In some cases, the provision of personal data when concluding contracts (e.g. for invoices) is required by law due to tax and/or commercial regulations; otherwise, it is a contractual or pre-contractual obligation. If you do not provide us with personal data, this will mean that we will not be able to conclude a contract with you and/or answer your enquiries.
Insofar as we process your personal data on the basis of a legitimate interest in accordance with Art. 6(1)(f) GDPR, the provision of your data for these purposes is neither contractually nor legally required. The details of data processing on the basis of a legitimate interest can be found in the above information in the respective places. If you do not provide us with personal data for these purposes, this may result in you not being able to use our website and services, or not being able to use them to their full extent.
12. Automated decisions in individual cases including profiling
We do not use any automated decision-making, including profiling, in accordance with Art. 22(1) and (4) GDPR.
13. Data security
We use technical and organisational security measures to protect the processing of personal data, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorised persons. Our security measures are continuously improved in line with technological developments.
14. Questions / Comments
15. Use of third-party tools on our website
The USA is currently assessed as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes without you being informed about this data processing and without you having the possibility of a legal remedy against this data processing by the U.S. authorities.
If you consent to the use of Google Analytics below, this personal data will be processed by Google in the USA. If you do not consent to the use of Google Analytics, the tool will not be started and the transmission and processing of your data by Google described above will not take place.
It is important to us to design our website in the best way possible and thus make it attractive to our visitors. To do this, we need to know which parts of our website are resonating with our visitors.
For this purpose, we use Google Analytics on our website, a web analytics service provided by Google Inc. (“Google”), provided that you actively consent to the use of Google Analytics.
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website is transferred to a Google server in the United States, where it is stored and analysed. Google uses the following cookies for the operation of Google Analytics:
Used to distinguish users.
Used to distnguish users.
Used to throttle the request rate.
We use Google Analytics on this website with IP anonymisation activated, i.e. your IP address is truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet use.
The use of Google Analytics described above is carried out for the analysis and improvement of our website on the legal basis of your consent in accordance with Art. 6(1)a) GDPR.