General Part

Introduction

The protection of your personal data is important to us. It is an essential part of our operations. With the following privacy policy, we would like to inform you about what types of personal data („data“) we process, for what purposes, and to what extent.

Person in charge

SAM share and manage e.V.
Siebachstr. 101
50733 Cologne

Represented by the board:
Hannah Greiner, Bianca Fischer & Benedikt Breuer
Contact: info@hello-sam.eu

Processing overview

Below you will first find an overview of the types of data processed and the persons affected by the processing.

Types of data processed

We divide the processed data into the following types:

Usage Data: This includes, in particular, visited websites and content interests.
Metadata: This refers to the data generated during the communication process, such as IP addresses, browser identifiers, and device details.
Content data: This refers to data that is provided when using our services (texts, images, forms).
Contact details: This includes email addresses, phone numbers, and postal addresses.
Categories of affected persons

We categorise the data subjects into the following categories:

Visitors to our websites and online services.
Interested parties: Individuals who are interested in our services and contact us about them.
Communications partners: Persons who initiate communication with us.
Customers: Individuals who use our services as clients.
Contractual partners: Individuals with whom we have contractual relationships, without them being customers.
Purposes for which the processing takes place

In general, personal data is processed for the following purposes:

Contact: In order for us to check if a collaboration is possible, we will process your data to get in touch with you.
Contract Processing: In the event of initiating, processing, or terminating a contractual relationship with us, we will necessarily process your data for these purposes as well.
Provision of our website: In order for us to deliver our website, including its content, and to present ourselves, we process your communication and, if applicable, metadata for these purposes.
Overview and explanation of the legal basis

The following explains the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. In addition to the provisions of the GDPR, national regulations of the user's country of residence or registered office may also apply.

Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Consent (Art. 6(1)(a) GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b GDPR): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
Protection of vital interests (Art. 6(1)(1)(d) GDPR): Processing is necessary to protect the vital interests of the data subject or of another natural person.
Safety measures

In accordance with the statutory provisions, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing as well as the differing likelihoods and severity of the risk to the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, Art. 32 GDPR. The security measures we have implemented include, in particular, the following.

Secure Sockets Layer | Transport Layer Security (SSL): We use SSL/TLS for the encrypted transmission of data between our visitors' end devices and our server. This significantly reduces the risk of unauthorised access to the transmitted data.
HTTP Strict Transport Security (HSTS): Our server sends an instruction in the header of its response to our users' end devices, requesting them to only use encrypted communication via SSL/TLS. This prevents so-called HTTP downgrade attacks.
Transmission and disclosure of personal data to third parties

In the course of processing personal data, it may be necessary to transfer or disclose data to other bodies, companies, legally independent organisational units, or individuals. Recipients of this data may include, in particular, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such cases, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to adequately protect the data. We carefully and conscientiously select third parties to whom we disclose data. Where we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms shall apply to the relationship between the users and the providers.

Data processing in third countries

Where we process data in a third country, meaning a country outside the European Union or the European Economic Area, or where processing is carried out by third parties outside this area, this processing shall only take place in accordance with the applicable legal provisions. Subject to the explicit consent of the data subjects or legally required transfers, we will only process or have data processed in third countries with an adequate level of protection. This includes, in particular, countries that process data on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).

General note on data deletion

The data we process will be deleted in accordance with legal requirements as soon as the consent to process it has been revoked or other permissions (e.g., legitimate interests, legal obligations, etc.) are no longer applicable. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data will be provided, if necessary, under the individual points of this privacy policy.

Use of Cookies

A „cookie“ is a small text file that is stored on the visitor's computer at the request of our systems, provided their browser settings allow it. It has a key and a value and serves to identify the end device beyond a request-response cycle (session perpetuation). The key and value of the cookie are processed with each request by the system setting it. Below you will find a list of the cookies we use and their associated information.

We are currently not using any tracking cookies, third-party cookies or similar on our website.

Contact form

On our website, we have a contact form where you can enter your query and your contact details. We will then contact you by email.

Vimeo

We have implemented videos on our website to visualise our services.

Your browser will contact Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA to deliver this content. We are not responsible for data processing by Vimeo. Further information on data processing by Vimeo LLC can be found at: vimeo.com/features/video-privacy.

Rights of data subjects

The affected individuals are entitled to rights, about which we will inform you.

Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling in so far as it is connected with such direct marketing.
Right of withdrawal from consents (Art. 21 GDPR): You have the right to withdraw consents given at any time.
Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you are being processed, and to access that data, as well as further information and a copy of the data in accordance with the statutory provisions.
Right to rectification (Article 16 GDPR): In accordance with the legal requirements, you have the right to request that incomplete personal data concerning you be completed or that inaccurate personal data concerning you be rectified.
Right to erasure and restriction of processing (Art. 17, 18 GDPR): In accordance with the statutory requirements, you have the right to demand the immediate erasure of data concerning you, or alternatively, in accordance with the statutory requirements, to demand a restriction on the processing of your data.
Right to data portability (Art. 20 GDPR): You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with the statutory provisions, or to request its transmission to another controller.
Complaint to a supervisory authority (Art. 77 GDPR): You also have the right, in accordance with the statutory provisions, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.
To exercise your rights in relation to us, please contact us using the contact details provided above.

Glossary

Below is a list of explanations for the terms most commonly used in this context.

Personal data

„Personal data“ means any information relating to an identified or identifiable natural person (hereinafter „data subject“); a natural person is deemed identifiable who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (see Article 4(1) GDPR)

Processing

„Processing“ means any operation or set of operations carried out, whether or not by automated means, in connection with personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).

Person in charge

“Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (see Article 4(7) GDPR).

Data processor

„A “processor" is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (see Art. 4(8) GDPR).