Data protection policy

Data protection policy

Data protection policy

 

 

I. NAME AND ADRESS OF THE CONTROLLER

The Controller according to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:

Kontextur
Katharina Benjamin
Fregestr. 27
04105 Leipzig
Germany

www.kontextur.info
E-Mail: hello[at]kontextur.info

II. GENERAL INFORMATION ABOUT DATA PROCESSING 

Kontextur is a digital magazine spinning around architecture. Offered through the website is the possibility to list individual offices or companies. Job ads in the field of architecture are also collected. The subdomain maps.kontextur.info contains a business listing with the possibility of rating your experience there.

The data provided and entered in the rating system of the subdomain maps.kontextur.info are anonymized and statistically processed for scientific and economic evaluations.

With this privacy policy, we would like to inform you about how we process your personal data when you use our main domain kontextur.info and our subdomain maps.kontextur.info as the data controller and what rights you have in this regard.

Personal data regarding you will only be processed by us insofar as it is necessary for the provision of our functional services and our content, for the fulfillment of our contracts and services as well as due to legal obligations or insofar as you consent to the data processing. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, your behavior on the website or one of the sub-pages or device data. Company data or data of legal persons are generally not covered by the regulatory content of data protection law – unless they relate to natural persons, such as employees and users. 

III. PERSONAL DATA THAT IS PROCESSED THROUGH THE USE OF OUR WEBSITES

III.B. MAIN DOMAIN: WWW.KONTEXTUR.INFO

When visiting the website www.kontextur.info we process the personal data described below.

(1) VISIT OF THE WEBSITE

When you visit our web pages, the web servers of our web pages temporarily store each access of your end device in a log file. The following data is collected and stored until automated deletion:

  • IP addresses (default)
  • Date and time of access
  • Name and URL of the retrieved data
  • Amount of data transferred
  • Message whether the retrieval was successful
  • Browser used and browser settings
  • Operating system
  • Name of the Internet access provider
  • Website from which the access was made (referrer URL)

This data is processed to enable the use of the web pages (connection establishment) and to ensure user-friendliness of use.

Notes on legal basis: 
The legal basis for the processing of personal data when providing the website is Art. 6 (1) lit. f GDPR.

In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations of this in the sections in clauses V. and VI. of this privacy policy.


(2) NEWSLETTER (SUBSCRIBE)

We send our news and other electronic notifications via e-mail only with your consent. 

To sign up for our newsletter, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of personal address or in the course also other personal information. You also have the option to respond to the messages you receive. 

During the registration process, you will be asked for consent to receive newsletters and asked to give this consent by clicking on the link in the confirmation email, which you can revoke at any time with effect for the future (for more information on revoking consent, see section X.).

Deletion and restriction of processing: 
We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent formerly given. The processing of this data will be limited to the purpose of possible exercise, defense or enforcement of legal claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone.

The recording of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course.

Notes on legal basis: 
The messages are sent on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR.

III.B. SUBDOMAIN: WWW.MAPS.KONTEXTUR.INFO

When you visit the website www.maps.kontextur.info, we process the data already mentioned above and additionally the personal data described below:

(1) SUBMIT YOUR EXPERIENCE 

On our website we offer you the opportunity to register and send information on your experience with offices or companies by providing personal data. Anyhow you are only obligated to give an email adress while registrating. The registration is confirmed by clicking on the confirmation mail by way of the so-called double-opt-in. Further data entries are optional. You can decide for yourself which data you want to provide.

The collection of data is used to build a business listing with ratings.

The collection of data is used to build a business directory with ratings. 

The data will be entered into an input form, which will be sent to you by e-mail. The data will not be passed on to third parties. The following data is collected during the registration process:

  • E-mail address (mandatory)
  • Personal data (such as name, year of birth, profession, company affiliation, gender) (optional)
  • Experience at the registered company (salary, working hours, etc.) (optional)
  • IP address (automatic)
  • Date and time of registration (automatic)

Deletion and restriction of processing:
The data will be deleted or anonymized as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for data collected during the registration process when you ask us to delete it.

You can change or delete the data stored via the input form at any time. To do so, please contact us by e-mail at maps@kontextur.de.

Notes on legal basis:
The legal basis for the processing of data is your consent according to Art. 6 (1) lit. a GDPR.


(2) GOOGLE MAPS EMBEDDING

On this website we use the service of Google Maps. This allows us to show you interactive maps directly in the website and enables you to use the map function comfortably. At the beginning of the use of our subdomain maps.kontextur.info we ask you in a pop-up for the consent of data processing by possibly Google LLC via the service Google Maps. If you do not give the consent, we do not use your data and do not share it. In this case, you will accordingly not be able to use all the functions of our website maps.kontextur.info. You can consent to the processing later or revoke the consent. To delete your consent, you must clear the cache memory of your device or browser.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The information collected is stored on Google servers, also in the USA. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.

Notes on legal basis:
The legal basis for the processing of the data is your consent according to Art. 6 (1) lit. a GDPR and the terminal interaction is based on section 25 (2) No. 2 TTDSG.

IV. DISCLOSURE OF PERSONAL DATA TO SERVICE PROVIDERS

We cooperate with various external service providers for the technical provision of the websites and their functions. Insofar as there is no independent responsibility of the service providers, order processing contracts are concluded with them, which also ensure data protection at our service providers.

IV.A. MAIN DOMAIN: WWW.KONTEXTUR.INFO

We use the following external service providers who may come into contact with your personal data:

[1]  External Service Provider 
[2] Processing location 
[3] Type of service 
[4] Type of data

[1]  Google LLC
[2] USA
[3] YouTube embedding
[4] Technical information (information about physical specifications and sensor feed of your device, e.g. inertial measurement unit)

[1]  WordPress
[2] USA
[3] Website service provider
[4] Technical information

[1]  Vimeo
[2] USA
[3] Video embedding
[4] Technical information

[1]  Asana Inc.
[2] USA
[3] Internal coordination and communication
[4] Contact information

[1]  Meta Platforms Inc.
[2] USA
[3] Message function
[4] Contact information

[1]  Signal
[2] USA
[3] Internal coordination and communication
[4] Contact information

[1]  Intuit Inc. (mailchimp)
[2] USA
[3] Newsletter
[4] E-mail adress

[1]  Matomo
[2] Germany
[3] Analysis tool
[4] Technical information

IV.B. SUBDOMAIN: MAPS.KONTEXTUR.INFO

On our subdomain maps.kontextur.info we cooperate with the following additional external service providers:

[1]  External Service Provider 
[2] Processing location 
[3] Type of service 
[4] Type of data

[1]  Google LLC
[2] USA
[3] API Google Maps
[4] Location information, Technical information (information about physical specifications and the sensor feed of your device, e.g. the inertial measurement unit)

 

The subdomain maps.kontextur.info uses Google interfaces to provide the Maps services. Google's privacy policy applies. Google processes certain data in order to provide functions in the application that implement maps and for analysis purposes (e.g. usage data). Insofar as this involves a transfer to third countries such as the USA, we transfer the data on the basis of your consent in accordance with Art. 49 (1) a GDPR. Please note that these so-called third countries such as the USA may not have the same data protection standards as the EU/EEA countries, so that in particular the enforcement of the law is more difficult and access by authorities cannot be excluded. You can revoke your consent for the future at any time by deleting the cache memory of your device or browser

V. USE OF COOKIES

Our website and corresponding subdomains use different cookies. Cookies are small files that are stored on your terminal device when you access the website. These cookies contain a characteristic character string that enables unique identification when the website is called up again.

Cookies are stored on your terminal device and information is transmitted from it to us. Therefore, you also have full control over the use of cookies. Cookies that have already been stored can be deleted from the browser at any time.

TECHNICALLY NECESSARY COOKIES
We use cookies to make our services user-friendly. The purpose of using technically necessary cookies is to simplify the use of the website. Certain functions of our website cannot be offered without the use of cookies. For these, it is necessary that we can recognize you even after a page change. The data collected by these technically necessary cookies are not used to create usage profiles.

Notes on legal basis
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR. In the aforementioned purposes also lies our legitimate interest in the processing of personal data according to Art. 6 (1) lit. f GDPR. The setting and evaluation of technically necessary cookies is based on Section 25 (2) No. 2 TTDSG.

COOKIES REQUIRING CONSENT
We also use cookies to analyze and improve our services and to enable targeted marketing. However, this is only done if you have consented via our cookie settings when you access the page.

Notes on legal basis
The legal basis for the processing of personal data using non-required cookies is your consent pursuant to Art. 6 (1) lit. a GDPR. The setting and evaluation of these cookies is based on your consent in accordance with Section 25 (1) TTDSG. You can revoke your consent at any time with effect for the future, for example via our cookie settings (for more details on revoking consent, see clause XI.).

VI. USE OF (1) MATOMO (TRACKING OF USER BEHAVIOR) + (2) REAL COOKIE BANNER

(1) MATOMO

On this website, we use the web analytics service Matomo to analyze and review the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user.

We operate Matomo in a version that does not require cookies. Thus, no Matomo cookies are stored on your computer for the purpose of web analysis. For the analysis of website usage, your IP address and information such as timestamp, web pages visited and your language settings are collected. We store the information collected in this way on our server.

You will be asked for consent for the use of the Matomo tracker when you access our websites. If you give this consent in the pop-up that appears and later want to revoke it, simply delete the cache memory of your terminal device or browser.

Matomo is an open-source project. Privacy information are provided on matomo.org/privacy-policy

Notes on legal basis
Matomo is only used after you have given your consent in accordance with Art. 6 (1) lit. a GDPR, the end device interaction is based on § 25 (2) No. 2 TTDSG

(2) REAL COOKIE BANNER

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool "Real Cookie Banner". Details on how "Real Cookie Banner" works can be found at https://devowl.io/rcb/data-processing

The legal bases for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of the personal data is not yet contractually required and is also not necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

VII. COMPONENTS / PLUG INS

(1) EMBEDDING OF YOUTUBE VIDEOS

We have integrated YouTube videos into our online offer, which are stored on YouTube.com and can be played directly from our website. 

By visiting the website, YouTube receives the information that you have called up the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

The information collected is stored on Google servers, including in the USA. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.

For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

Notes on legal basis
The legal basis for the display of the videos and thus the transfer of personal data to Google LLC is Art. 6 (1) lit. a GDPR, which means that the integration only takes place after your consent by clicking in the window that appears. This consent can be withdrawn at any time by clearing the cache memory of your terminal device or browser.

(2) VIMEO EMBEDDING 

We use the provider Vimeo for the integration of videos. 

If you call up the Internet pages of our Internet presence provided with such a plugin and consent to the data transmission by clicking in the window that appears, a connection is established to the Vimeo servers and the plugin is displayed in the process. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

For the purpose and scope of the data collection and the further processing and use of the data by Vimeo, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policy of Vimeo: https://vimeo.com/privacy.

Notes on legal basis
The legal basis for the display of the videos and thus the transfer of personal data to VIMEO is Art. 6 (1) lit. a GDPR, which means that the integration only takes place after your consent by clicking in the window that appears. This consent can be withdrawn at any time by clearing the cache memory of your terminal device or browser.

(3) OTHER PLUG-INS

We do not use any other plug-ins on our websites. If our websites contain icons from social media providers or other providers (e.g. Steady or Facebook), we only use these for passive linking to the pages of the respective providers.

VIII. STORAGE PERIOD

As a matter of principle, we process the data for as long as it is required for the respective purpose. Subsequently, the data is deleted unless there is a legal reason, in particular the assertion, exercise or defense of legal claims or statutory retention periods. Insofar as a statutory retention period exists, for example for reasons of tax law or commercial law, we retain the data until the expiry of these periods.

IX. RECEIVING PARTY OF THE DATA / PROCESSING IN THIRD COUNTRIES

We partially cooperate with common external service providers (e.g. IT service providers) and external services for communication, if it is necessary for data transfer and communication related to our services. Otherwise, only persons within our company have access to personal data that they need for their internal tasks.

Processing of your personal data in countries outside the European Economic Area (so-called third countries) only takes place if this is necessary for the provision of an agreed service. 

Some third countries are certified by the European Commission through so-called adequacy decisions to have a level of data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. In principle, we conclude standard contractual clauses in the case of transfers to third countries, unless there is an adequacy decision or other suitable guarantees in individual cases as well as exceptions according to Art. 49 GDPR.

X. RIGHTS OF THE DATA SUBJECT

If personal data concerning you is processed, you are the data subject within the meaning of the GDPR, i.e. the person who is in any case identifiable from the data. You are entitled to the following rights towards us:

1. RIGHT OF ACCESS (ART. 15 GDPR)

You may request confirmation from us as to whether personal data relating to you is being processed by us. If such processing exists, you may request information from us about the following:

  • The purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information about the origin of the data, if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
  • You also have the right to request information about whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. RIGHT OF RECTIFICATION (ART. 16 GDPR)

You have a right against us to rectification and / or completion, if the personal data processed concerning you are inaccurate or incomplete. We shall carry out the rectification without undue delay.

3. RIGHT TO ERASURE (ART. 17 GDPR)

Obligation to delete

You may request that we delete personal data concerning you without undue delay. We are obliged to delete this data without delay if one of the following reasons applies:

  • Personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You revoke your consent on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data concerning you have been processed unlawfully.
  • The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
  • If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

Exceptions

  • The right to erasure does not exist insofar as the processing is necessary:
  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to under erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  • for the assertion, exercise or defense of legal claims.

4. RIGHT TO RESTRICTION OF PROCESSING (ART. 18 GDPR) 

  • You may request the restriction of the processing of personal data concerning you under the following conditions:
  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims; or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.
  • If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
    If the restriction of processing is lifted according to the above conditions, you will be informed by the controller before the restriction is lifted.

5. RIGHT TO DATA PORTABILITY (ART. 20 GDPR)

You have the right to receive personal data relating to you that you have provided to us based on consent in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

6. RIGHT OF OBJECTION (ART. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, in particular where the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

7. RIGHT TO REVOKE YOUR DATA PROTECTION CONSENT (ART. 7 ABS. 3 GDPR)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8. RIGHT OF COMPLAINT TO A SUPERVISORY AUTHORITY (ART. 77 GDPR)

You have the right to complain to a supervisory authority. For this purpose, you can contact the supervisory authority of your place of residence or workplace or the supervisory authority responsible for us.

XI. UPDATING THE DATA PROTECTION DECLARATION

We update our data protection declaration from time to time and therefore ask you to inform yourself about the current status of the data protection declaration. In the event of significant changes to the purposes of the processing, we will inform you, provided that you are connected to us by contract or through your consent and we have your contact details.