Privacy notice
Thank you very much for your interest in our company. Data protection has a particularly high priority for the management of Orgalution GmbH. The use of the Orgalution GmbH website is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Orgalution GmbH. By means of this privacy policy, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects of their rights.
As the controller responsible for processing, Orgalution GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example by telephone.
1. Definitions
This privacy policy of Orgalution GmbH is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the public, our customers, and business partners. To ensure this, we explain the terminology used in advance.
We use the following terms in this privacy policy, among others:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for processing
Controller or controller responsible for processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
2. Name and Address of the Controller Responsible for Processing
The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:
Orgalution GmbH
Am Hawerkamp 1
48155 Münster
Germany
Phone: +49 251 92870230
Email: info@orgalution.de
Website: orgalution.de
3. Cookies
The Orgalution GmbH website does not use cookies.
4. Collection of General Data/Information and Registration Data for Events
a) Collection of General Data/Information
The Orgalution GmbH website collects a series of general data and information each time it is accessed by a data subject or an automated system. These general data and information are stored in the server log files. The following may be recorded:
-
Browser types and versions used
-
The operating system used by the accessing system
-
The website from which an accessing system reaches our website (referrer)
-
The sub-websites accessed on our website
-
The date and time of access
-
An Internet Protocol address (IP address)
-
The Internet service provider of the accessing system
-
Other similar data and information serving to avert danger in the event of attacks on our IT systems
When using these general data and information, Orgalution GmbH does not draw any conclusions about the data subject. Rather, this information is required to:
-
Correctly deliver the content of our website
-
Optimize the content of our website and its advertising
-
Ensure the long-term functionality of our IT systems and website technology
-
Provide law enforcement authorities with information necessary for prosecution in the event of a cyberattack
These anonymously collected data and information are therefore evaluated statistically and with the aim of increasing data protection and data security within our company in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
b) Collection of Registration Data for Events
As part of our event-related services, participant data from the registration form are transmitted to us during the registration process. The data requested are event-specific, but at a minimum include:
-
Email address of the participants
-
Name of the participants
-
Date and time of registration
Consent is obtained during the registration process, and reference is made to this privacy policy.
The data are collected for billing purposes and to ensure that event content is accessible only to registered participants. This also constitutes our legitimate interest pursuant to Art. 6(1)(f) GDPR.
The data collected during registration are forwarded for processing to our technical service provider, Event Information Systems (EVIS) GmbH, Lütke Berg 6, 48341 Altenberge, Germany, Phone: +49 2505 939 20 70, Email: post@evis-solutions.de, Website: evis-solutions.de, as well as to the respective event organizer.
5. Contact via the Website
Due to legal requirements, the Orgalution GmbH website contains information that enables quick electronic contact with our company and direct communication with us, including a general email address. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted voluntarily by a data subject are stored for the purpose of processing or contacting the data subject. These personal data are not passed on to third parties.
6. Routine Erasure and Blocking of Personal Data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or as provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the purpose of storage ceases to apply or a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
7. Rights of the Data Subject
a) Right to confirmation
Each data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them are being processed.
b) Right of access
Each data subject has the right to obtain free information about their stored personal data and a copy thereof, as well as information about purposes, categories, recipients, storage duration, rights, complaints, data origin, automated decision-making, and safeguards for third-country transfers.
c) Right to rectification
Each data subject has the right to request the immediate correction of inaccurate personal data and the completion of incomplete personal data.
d) Right to erasure (right to be forgotten)
Each data subject has the right to request the erasure of personal data without undue delay under the conditions set out in Art. 17 GDPR.
e) Right to restriction of processing
Each data subject has the right to request restriction of processing under the conditions of Art. 18 GDPR.
f) Right to data portability
Each data subject has the right to receive their personal data in a structured, commonly used, machine-readable format and to transmit those data to another controller pursuant to Art. 20 GDPR.
g) Right to object
Each data subject has the right to object at any time to processing based on Art. 6(1)(e) or (f) GDPR.
h) Automated individual decision-making, including profiling
Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, pursuant to Art. 22 GDPR.
i) Right to withdraw consent
Each data subject has the right to withdraw consent to the processing of personal data at any time.
8. Online Presences in Social Media
We maintain online presences within social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. The terms and data processing policies of the respective operators apply.
9. Data Protection Provisions Regarding the Use of Vimeo
This website integrates components of Vimeo, operated by Vimeo LLC, 555 West 18th St, Floor 4, New York, NY 10011, USA. When accessing a page containing a Vimeo video, data may be transmitted to Vimeo. Logging out of Vimeo prevents this transmission.
Vimeo’s privacy policy is available at: https://vimeo.com/privacy
10. Legal Basis for Processing
Processing is based on Art. 6(1)(a–f) GDPR depending on consent, contractual necessity, legal obligation, vital interests, or legitimate interests.
11. Legitimate Interests
Our legitimate interest pursuant to Art. 6(1)(f) GDPR is the conduct of our business activities for the benefit of our employees and shareholders.
12. Duration of Storage
Personal data are stored for the duration of statutory retention periods and then routinely deleted.
13. Legal or Contractual Requirements
The provision of personal data may be legally or contractually required. Failure to provide such data may prevent contract conclusion.
14. Existence of Automated Decision-Making
As a responsible company, we do not use automated decision-making or profiling.
