We are delighted by your interest in Koseven.com. Data protection is of particular importance for the management of Kosevent.com . The use of the internet pages of Kosevent.com is possible without any indication of personal data; however, if a data subject wishes to use special company services via our website, the processing of personal data might become necessary. If the processing of personal data is necessary and there is no legal basis for this processing, we generally obtain the consent of the person concerned. The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject must always comply with the General Data Protection Regulations (GDR) and country-specific data protection regulations. regulations applicable to the company name. By means of this data protection declaration, Kosevents.com wishes to inform the general public about the nature, scope and purpose of the personal data we collect, use and process. In addition, the persons concerned are informed, by means of this data protection declaration, of the rights to which they are entitled. As data controller, Kosevent.com has implemented numerous technical and organizational measures to ensure the most comprehensive possible protection of the personal data processed via this website. However, as data transmissions over the Internet may in principle contain security holes, an absolute protection may not be guaranteed. For this reason, each data subject is free to transfer personal data to us by other means, e.g. by telephone.
Kosevent.com data protection declaration must be readable and understandable for the general public as well as for our customers and business partners. In order to do so, we would first like to explain the terminology used. In this data protection declaration we use, among others, the following terms:
- a) Personal data Personal data is any information about an identified or identifiable natural person (“data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the genetic, mental, economic, cultural or social identity of that natural person. physiological, physical and physical factors.
- b) data subject The data subject is any identified or identifiable natural person whose personal data are processed by the controller.
- c) processing Processing Processing is any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, etc. disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(d) Restriction on processing
Limitation of processing is the marking of stored personal data for the purpose of limiting their processing in the future.
- e) Profiling
Profiling refers to any form of automated processing of personal data consisting in using personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects related to the performance of this natural person at work, economic situation, health, personal preferences. The use of personal data may include information about the individual’s interests, interests, reliability, behaviour, location or movements.
- f) Pseudonymization Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that: personal data is not attributed to an identified or identifiable natural person.
- g) Controller or controller The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others
(g) Controller or controller The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the law of the Union or of the Member States, the controller or the specific criteria governing its designation may be defined in the law of the Union or of the Member States.
(h) processor The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(i) recipient The recipient is a natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the course of a particular inquiry in accordance with Union law or Member States shall not be regarded as recipients; the processing of such data by such public authorities must comply with data protection rules applicable according to the purposes of the processing.
(j) third party A third party is a natural or legal person, public authority, body or agency other than the data subject, the controller, the data controller and persons who, under the direct authority of the controller or the data controller, are authorised to process personal data.
(k) Consent The consent of the data subject is a freely given, specific, informed and unambiguous indication of his or her wishes, by which he or she expresses, by means of a declaration or a clear affirmative action, his or her agreement to the processing of personal data concerning him or her .
- Name and address of the controller
For the purposes of the General Data Protection Regulation (GDPR), other applicable data protection laws applicable in the Member States of the European Union and other data protection provisions are:
- Collection of general data and information
The Kosevent.com website collects a series of data and general information when a concerned person or an automated system calls the website. This data and general information is stored in server log files. Collected may be
(1) the browser types and versions used, (2) the operating system used by the access system, (3) the website from which an access system reaches our website (referred to as “referrers”), (4) the sub-websites, (5) the date and time of access to the website, (6) an Internet Protocol (IP) address, (7) the Internet Service Provider of the accessing system, and (8) any other similar data and information that could be used in the event of an attack on our computer systems. When using this data and general information, Kosevent.com does not draw any conclusions about the person concerned. On the contrary, this information is necessary to (1) properly deliver the content of our website, (2) optimize the content of our website and its advertising, (3) ensure the long-term viability of our information technology systems and the technology of our websites, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber attack. Therefore, Kosevent.com statistically analyzes the data and information collected anonymously in order to increase the protection and security of our company’s data and to ensure an optimal level of protection of the personal data we process. Anonymous data from the server log files is stored separately from any personal data provided by a data subject.
- Registration on our website
The data subject has the possibility to register on the website of the data controller with the indication of personal data. The personal data that is transmitted to the controller is determined by the respective input mask used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller and for its own purposes. The controller may request the transfer to one or more processors (e.g. parcel service) which also use personal data for internal purposes attributable to the controller. By registering on the controller’s website, the IP address, assigned by the Internet Service Provider (ISP) and used by the data subject, is also stored. The date and time of registration is also stored. The storage of this data takes place in order to prevent the misuse of our services and, if necessary, to enable the investigation of any offences committed. As far as possible, the storage of this data is necessary to secure the controller. This data is not passed on to third parties, unless there is a legal obligation to do so or if the transfer serves the purpose of criminal prosecution. The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the content or services of the data subject that can only be offered to registered users due to the nature of the problem in question. Registered users are free to change the personal data specified during registration at any time or to delete them completely from the data controller’s data stock. The data controller must, at any time, provide information on the personal data stored about each data subject upon request. In addition, the data controller shall correct or delete personal data at the request or on the indication of the data subject, insofar as there is no legal obligation to store such data. All employees of the controller are available to the data subject in this respect as contact persons.
- Subscription to our newsletters
On the Kosevent.com website, users have the possibility to subscribe to our company newsletter. The input mask used for this purpose determines the personal data transmitted, as well as the time of ordering the newsletter from the data controller. Kosevent.com regularly informs its customers and business partners by means of a newsletter about the offers of Kosevent.com. The newsletter of Koseven.com can be received by the concerned person only if (1) the concerned person has a valid e-mail address and (2) the concerned person registers for the sending of the newsletter. A confirmation e-mail will be sent for the first time to the e-mail address registered by a data subject for sending the newsletter, for legal reasons, according to the double opt-in procedure. This confirmation e-mail serves to prove that the owner of the e-mail address as the data subject is entitled to receive the newsletter. When registering for the newsletter, we also record the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the person concerned at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand later (possible) misuse of the e-mail address of a data subject, and therefore serves the purpose of legal protection of the data controller. Personal data collected in the context of newsletter registration will only be used for the purpose of sending our newsletter. In addition, newsletter subscribers may be informed by e-mail, insofar as this is necessary for the operation of the newsletter service or for the registration in question, as may be the case in the event of changes to the newsletter offer, or in the event of changed technical circumstances. Personal data collected by the newsletter service will not be passed on to third parties under any circumstances. The subscription to our newsletter can be terminated at any time by the person concerned. Consent to the storage of personal data given by the person concerned for the sending of the newsletter can be revoked at any time. For the purpose of revoking consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the Kosevent.com website, or to communicate it to Kosevent.com in a different way.
- Follow-up of the newsletter
The Kosevent.com newsletter contains tracking pixels. A tracking pixel is a thumbnail graphic embedded in such e-mails, which are sent in HTML format to allow log files to be saved and analyzed. This allows statistical analysis of the success or failure of online marketing campaigns. On the basis of the embedded tracking pixel, Kosevent.com can see if and when an e-mail was opened by a data subject and which links were called by the data subjects. This personal data collected in the tracking pixels contained in the newsletters is stored and analyzed by the data controller in order to optimize the sending of the newsletter and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects have the right to revoke the separate declaration of consent issued by means of the double opt-in procedure at any time. After revocation, the personal data will be deleted by the data controller. Kosevent.com automatically considers a withdrawal from receiving the newsletter as a revocation.
- Possibility of contact via the website
The Kosevent.com website contains information that allows quick electronic contact with our company, as well as direct communication with us, which also includes a general e-mail address (email address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. This personal data voluntarily transmitted by a data subject to the data controller is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
- Routine deletion and blocking of personal data
The data controller shall only process and store the personal data of the data subject for the period necessary to achieve the conservation objective, or to the extent permitted by European or other legislators in laws or regulations to which the data controller is subject. to. If the storage purpose is not applicable or if a storage period prescribed by the European or other competent legislator expires, the personal data will be systematically blocked or deleted in accordance with legal requirements.
- Rights of the data subject
- a) Right of confirmation Every data subject has the right granted by the European legislator to obtain confirmation from the controller of the processing of personal data concerning him/her. If a data subject wishes to avail himself of this right of confirmation, he may at any time contact any employee of the controller.
- b) Right of access Each data subject has the right granted by the European legislator to obtain from the controller free information on his stored personal data at any time, as well as a copy of this information. In addition, European directives and regulations grant the data subject access to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients located in third countries or international organizations; as far as possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period; the existence of a right to ask the controller to rectify or erase personal data or to restrict or oppose the processing of personal data relating to the data subject; the existence of the right to complain to a supervisory authority; where the personal data are not obtained from the data subject, any available information as to their source; the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) of the PGRD and, at least in those cases, relevant information on the logic involved and the importance and envisaged consequences of such processing for the data subject. In addition, the data subject has the right to obtain information on the transfer of personal data to a third country or an international organization. In such cases, the data subject has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to avail himself of this right of access, he may, at any time, contact one of the employees of the controller.
- c) Right of rectification
Each data subject has the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject has the right to supplement personal data, including by providing an additional declaration. If a data subject wishes to exercise this right of rectification, he or she may at any time contact any employee of the controller.
- d) Right of erasure (right to be forgotten)
Each data subject has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him/her without delay, and the controller has the obligation to erase personal data without undue delay if one of the following reasons applies, as long as the processing is not necessary: The personal data are no longer necessary for the purposes for which they were collected or processed. The data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) of the PGRD or Article 9(2)(a) of the PGRD and in the absence of any other legal grounds for the processing. The data subject objects to the processing under Article 21(1) of the GPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) of the GPR. The personal data have been processed unlawfully. Personal data must be erased to comply with a legal obligation under the law of the Union or a Member State to which the controller is subject. The personal data have been collected in the context of the provision of information society services referred to in Article 8(1) of the RGP. If one of the above-mentioned reasons applies and a data subject wishes to request the deletion of the personal data stored by Kosevent.com, he/she may, at any time, contact any employee of the data controller. An employee of Kosevent.com must immediately ensure that the request for deletion is satisfied immediately. When the data controller has made public personal data and is obliged, in accordance with article 17, paragraph 1, to erase them, taking into account the available technology and the cost of implementation, it takes reasonable measures, including technical measures, to inform the controllers processing the personal data that the data subject has requested erase from their part any link with these data, their copy or reproduction, as far as their processing is not necessary. An employee of Kosevent.com will organize the necessary measures in individual cases.
- e) Right of restriction of processing
Each data subject has the right granted by the European legislator to obtain from the data controller a restriction of processing in one of the following cases: The accuracy of the personal data is contested by the data subject, for a period of time allowing the controller to verify the accuracy of the personal data. The processing is unlawful and the data subject objects to the deletion of the personal data and instead requests the restriction of its use.
The data controller no longer needs the personal data for the purpose of processing, but the data subject requires the data for the establishment, exercise or defence of legal rights. The data subject has objected to the processing under Article 21(1) of the DPMR pending verification whether the legitimate grounds of the controller prevail over those of the data subject. If one of the above mentioned conditions is fulfilled and a data subject wishes to request the limitation of the processing of personal data stored by Kosevent.com, he/she may at any time contact any employee of the data controller. The employee of Kosevent.com will organize the restriction of the processing.
- f) Right to data portability Every data subject has the right granted by the European legislator to receive personal data concerning him/her, which has been provided to a data controller, in a structured, commonly used and machine-readable format. He shall have the right to transfer such data to another controller without hindrance from the controller to whom the personal data have been supplied, provided that the processing is based on the consent referred to in Article 6(1)(a). the DPMR or Article 9(2)(a) of the DPMR or a contract concluded pursuant to Article 6(1)(b) of the DPMR and the processing is carried out by automatic means, the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in the exercise of his right to data portability under Article 20(1) of the GDPR, the data subject has the right to transmit personal data directly from one controller to another, where this is technically feasible or not. infringe the rights and freedoms of others. In order to assert the right of data transferability, the person concerned may at any time contact any Kosevent.com employee.
- g) Right of objection
Each data subject has the right granted by the European legislator to object, at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on points e) or f). ) of Article 6(1) of the PGRD. This also applies to profiling based on these provisions. Kosevent.com will no longer process personal data in case of objection, unless we can demonstrate legitimate and compelling reasons for the processing, which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of rights. claims. If Kosevent.com processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her for marketing purposes. This applies to profiling insofar as it is related to such direct marketing. If the data subject objects to Kosevent.com for processing for direct marketing purposes, Kosevent.com will no longer process personal data for these purposes. In addition, the data subject has the right, for reasons related to his or her particular situation, to object to the processing of personal data concerning him or her by Kosevent.com for the purposes of scientific or historical research, or for statistical purposes pursuant to Article 89. (1) of the RGPD, unless the processing is necessary for the performance of a task carried out for reasons of public interest. To exercise his right of opposition, the person concerned can contact any employee of Kosevent.com. Moreover, the person concerned is free, within the framework of the use of Kosevent.com services and notwithstanding the directive 2002/58 / EC, to make use of his right to object by automated means using technical specifications.
- h) Automated individual decision making, including profiling
Each data subject has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which also significantly affects him or her, provided that the decision (1) is not necessary to conclude or perform a contract between the data subject and a controller, or (2) is not authorised by the law of the Union or of a Member State to which the controller is subject and which also provides for appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, or (3) is not based on the explicit consent of the data subject. If the decision (1) is necessary to conclude or execute a contract between the data subject and the controller, or (2) is based on the explicit consent of the data subject, Kosevent.com implements appropriate measures to: protect the rights and freedoms and legitimate interests of the data subject, at least the right to ask the controller to carry out a human intervention, to express its point of view and to contest the decision. If the data subject wishes to exercise the rights related to the automated individual decision making, he can at any time contact any employee of Kosevent.com.
- i) Right to withdraw consent in the field of data protection The European legislator has granted each person concerned the right to withdraw his consent to the processing of his personal data at any time. If the person concerned wishes to exercise the right to withdraw his consent, he can at any time contact any employee of Kosevent.com.
- Legal basis of the processing
Art. 6 (1) lit. a GDR serves as the legal basis for processing for which we obtain consent for a specific purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, where processing operations are necessary for the supply of goods or the provision of any other service, the processing is: on the basis of Article 6(1) lit. b GDPR. The same applies to processing operations necessary for the performance of pre-contractual measures, for example in the case of requests for our products or services. Is Kosevent.com subject to a legal obligation according to which the processing of personal data is required, for example for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the treatment would be based on Art. 6 (1) lit. d GDPR. Finally, the processing could be based on Art. 6 (1) lit. f GDPR. This legal basis is used for processing operations that are not covered by one of the above-mentioned legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless those interests are overridden by them. or of the fundamental rights and freedoms of the data subject that require the protection of personal data. Such processing is particularly permitted because it has been specifically mentioned by the European legislator. It considered that a legitimate interest could be taken into account if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).
- Legitimate interests pursued by the data controller or by a third party
Where the processing of personal data is based on Article 6, paragraph 1, lit. f GDPR, our legitimate interest is to conduct our activities for the well-being of all our employees and shareholders.
- Period during which personal data will be stored
The criteria used to determine the storage period of personal data are the respective legal retention period. Once this period has elapsed, the corresponding data is systematically deleted, insofar as it is no longer required for the execution of the contract or the conclusion of a contract.
- Provision of personal data as a legal or contractual requirement;
Requirement to conclude a contract; Obligation of the data subject to provide personal data; Possible consequences of failure to provide personal data We point out that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). It may sometimes be necessary to enter into a contract whereby the data subject provides us with personal data, which is then processed by us. For example, the person concerned is obliged to provide us with personal data when Kosevent.com signs a contract with him/her. Failure to provide personal data would result in the contract with the data subject not being concluded. Before the personal data is provided by the person concerned, the person concerned must contact any employee. The employee shall inform the data subject whether the provision of personal data is required by law or by a contract or whether it is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-disclosure of the data.
- Existence of automated decision making