Privacy Policy | Love Fair

LOVE FAIR is a project by Studio36 GmbH.

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences such as our social media profiles (hereinafter collectively referred to as "Online Offering").

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

Studio36 GmbH Oranienstraße 183 D-10999 Berlin

Tel +49 30 61623610 Fax +49 30 84859200 info@studio36.berlin www.studio36.berlin

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed:

Master data
Payment data
Contact data
Content data
Contract data
Usage data
Meta/communication data

Categories of data subjects:

Communication partners
Users
Members
Business and contractual partners

Purposes of processing:

Provision of contractual services and customer service
Contact requests and communication
Direct marketing
Office and organizational procedures
Management and response to inquiries
Feedback
Marketing
Provision of our online offering and user-friendliness
Information technology infrastructure

Applicable Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence may apply.

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany, including the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to data as well as access, input, disclosure, ensuring availability and separation.

SSL Encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we observe the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services, this only takes place in accordance with legal requirements, subject to express consent or contractually or legally required transmission (Art. 44 to 49 GDPR).

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as their consent permitted for processing is revoked or other permissions cease to apply. If the data is not deleted because it is required for other legally permissible purposes, its processing is limited to these purposes.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from end devices. Cookies can be used for various purposes, e.g., for purposes of functionality, security and comfort of online offerings as well as the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. We obtain prior consent from users, except when this is not legally required. Consent is not necessary in particular when the storage and reading of information is absolutely necessary to provide users with a telemedia service they have expressly requested.

Storage duration:

Temporary cookies (session cookies): Deleted after a user has left the online offering and closed their device.
Permanent cookies: Remain stored even after the device is closed. Storage duration can be up to two years.

General notes on revocation and objection (opt-out): Users can revoke their consent at any time and object to processing in accordance with Art. 21 GDPR. Users can also declare their objection via their browser settings. An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Performance of Tasks According to Articles of Association

We process the data of our members, supporters, interested parties, business partners or other persons (collectively "data subjects") when we are in a membership or other business relationship with them and perform our tasks. We also process data of data subjects on the basis of our legitimate interests, e.g., for administrative tasks or public relations.

We delete data that is no longer required for the fulfilment of our statutory and business purposes. The necessity of data retention is regularly reviewed; statutory retention obligations also apply.

Data types processed: Master data (e.g., names, addresses); payment data (e.g., bank details, invoices); contact data (e.g., email, phone numbers); contract data (e.g., subject matter, duration).
Data subjects: Users; members; business and contractual partners.
Legal bases: Contract performance (Art. 6 para. 1 sentence 1 lit. b GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Provision of Online Offering and Web Hosting

In order to provide our online offering securely and efficiently, we use the services of one or more web hosting providers from whose servers the online offering can be accessed.

The data processed in the context of providing the hosting service may include all data relating to the users of our online offering that arise in the course of use and communication. This regularly includes the IP address and all inputs made within our online offering.

Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, browser type and version, the user's operating system, referrer URL, and typically IP addresses and the requesting provider. Log file information is stored for a maximum of 30 days and then deleted or anonymized.

Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.

Legal bases: Contract performance (Art. 6 para. 1 sentence 1 lit. b GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications (hereinafter "Newsletter") only with the consent of the recipients or a legal permission. We may ask you to provide a name for personalization purposes or other information if necessary for the newsletter.

Double opt-in procedure: Registration for our newsletter is generally done via a double opt-in procedure. You will receive an email after registration asking you to confirm your registration. Registrations are logged to be able to demonstrate the registration process in accordance with legal requirements.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to prove a formerly given consent.

Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Right to object (opt-out): You can cancel receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter.

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

We point out that user data may be processed outside the European Union. Furthermore, user data within social networks is regularly processed for market research and advertising purposes.

For a detailed description of the respective processing forms and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps.

The integration always requires that the third-party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browsers.

Google Fonts: Fonts ("Google Fonts") for user-friendly display of our online offering. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Privacy policy: https://policies.google.com/privacy.

Google Maps: We integrate maps from the "Google Maps" service by Google. The data processed may include IP addresses and location data of users, which however are not collected without their consent. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://cloud.google.com/maps-platform; Privacy policy: https://policies.google.com/privacy.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. If your personal data is processed for direct marketing purposes, you have the right to object to processing at any time.
Right to withdraw consent: You have the right to withdraw consent at any time.
Right of access: You have the right to obtain confirmation as to whether data concerning you is being processed and to information about this data as well as further information and a copy of the data.
Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to erasure and restriction of processing: You have the right to demand that data concerning you be deleted immediately, or alternatively to demand restriction of processing of the data.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to demand its transfer to another controller.
Complaint to supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Definitions

Personal data: Any information relating to an identified or identifiable natural person.
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing: Any operation or set of operations which is performed on personal data, whether or not by automated means.

Source: Datenschutz-Generator Dr. Schwenke