Privacy Policy
Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
1. Controller
Responsible for the collection, processing and use of your personal data within the meaning of Article 4 No. 7 GDPR is:
Dr. Daniel Kliche
Palmstrasse 6
D-80469 Munich
daniel (at) w3muc.de
The Controller alone or together with others decides on the purposes and means of processing personal data (e.g. names, contact data, etc.).
2. Granting consent / Revocation of your consent to data processing
Consent pursuant to Article 6 para. 1 lit. a GDPR is usually obtained by us electronically. This is done by placing a tick in the corresponding field to document the granting of consent; the content of the declaration of consent is logged electronically. Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For the revocation, an informal communication by e-mail to the contact address stated in the imprint is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Please note that once you have given your consent – regardless of whether this is based on Article 6 para. 1 lit. a or Article 9 para. 2 lit. a GDPR – it can be revoked at any time with effect for the future – in full or in part; the lawfulness of the processing carried out on the basis of the consent up to the revocation remains unaffected by this.
3. Right to complain to the competent supervisory authority
As a data subject, you have the right to complain to the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority for our company with regard to data protection issues is the Bavarian State Office for Data Protection Supervision (Bavarian DPA).
4. Right to data portability (Article 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.
5. Right of access, to rectification, erasure (Article 15 – 17 GDPR)
You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of data processing and, if necessary, a right to rectification or erasure of this data at any time within the scope of the applicable legal provisions. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.
6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 para. 1 lit. e GDPR (data processing in the public interest) and/or Article 6 para. 1 lit. f GDPR (data processing in the context of legitimate interests); this also applies to profiling based on this provision within the meaning of Article 4 para. 4 GDPR and to direct marketing as defined in Article 21 para. 2 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate statutory legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In principle, the objection can be made without any formalities. To exercise the right to object, you can contact the Controller as stipulated in section 1. above.
7. Communication via email
7.1. Processing of personal data and general principles
The processing of data is carried out to provide our services within the funding platform or in order to carry out pre-contractual measures which take place upon request. The purposes of the data processing primarily depend on the specific services. We also mright use your personal data for administrative purposes, such as sending invoices and making payments. We also use your personal data to provide and administer our services. The legal basis for processing data in these cases is article 6 para.1 lit. b GDPR.
If processing is carried out to fulfil a legal obligation, Article 6 para. 1 lit. c GDPR is the legal basis.
Beyond the fulfilment of a contract, we also process your data to protect legitimate interests of us or third parties (Article 6 para. 1 lit. f GDPR). This comprises the following cases:
-
Advertising or marketing;
-
Sending non-sales promotional information and press releases;
-
Business management measures and the further development of our services;
-
The execution of business processes and internal management.
Insofar as the processing of personal data is not based on one of the aforementioned legal bases, the processing is permissible on the basis of consent granted by the data subject in accordance with Article 6 para. 1 lit. a GDPR.
If personal data is processed for purposes other than originally planned, the legal basis is Article 6 para. 4 GDPR.
7.2. Categories of Personal Data
We process the data that we have received from you in the course of initiating or processing a business relationship and on the basis of your consent. These are e.g.
Your master/contact data, this includes e.g.
-
First name and surname, address, contact data (e-mail address, telephone number), position, dates of birth, place of birth, nationality, bank details, ID numbers;
-
For visitors to our company, this includes: Name, address and signature.
In addition, we also process the following other personal data:
-
information from your electronic interactions with us (e.g. IP address, log-in data);
-
other data that we have received from you in the course of our business relationship (e.g. in customer meetings or calls for proposals);
-
data that we generate ourselves from master/contact data and other data;
-
the documentation of your declaration of consent for the receipt of e.g. newsletters / advertising as well as
-
photographs taken in the frame of events.
7.3. Processing of Supplier Data / Service Provider Data
We process data of suppliers and/or service providers (hereinafter uniformly referred to as "Suppliers"), who are or employ natural persons and whose services we request and/or use on a contractual basis, exclusively for the purpose of fulfilling or executing the contract. This may involve the data mentioned above. The legal basis for such data processing is Article 6 para. 1 lit. b GDPR (contract performance / implementation of pre-contractual measures). Section 7.1. (data processing for the enforcement of claims / compliance with legal provisions) above applies accordingly.
7.4. Persons Authorised to Access / Possible Recipients of Data
At W3MUC only those persons and bodies have access to personal data who need this access to fulfil the purposes described in this data privacy policy (so-called "need-to-know" principle).
Within the aforementioned limits, we reserve the right to involve third party service providers (e.g. data processing centres, IT service providers, printing service providers, legal advisors) in the contractual relationship with our customers, who act on our behalf and according to instructions within the framework of the provision of services (“Processors”). These service providers may receive personal data or come into contact with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR. In such a case, we ensure that our service providers provide sufficient guarantees that appropriate technical and organisational measures are in place and that processing operations are carried out in such a way that they comply with the requirements of the GDPR and ensure the protection of the rights of the data subject (Article 28 GDPR). Insofar as personal data is transferred to third parties and/or recipients outside of commissioned processing, we ensure that this is done exclusively in accordance with the legal requirements (GDPR, BDSG) and only if there is a corresponding legal basis or if consent is required for this purpose.
Your personal data is generally processed within the Federal Republic of Germany. If personal data is processed outside the Federal Republic of Germany in other EU member states or in states of the European Economic Area ("EEA") – e.g. by service providers – this is done in compliance with the relevant provisions of the GDPR and the BDSG.
A data transfer to third countries (countries outside the EEA) only takes place if this is necessary for the execution of the business relationship with a customer or if this is otherwise legally permissible. In this case, we take measures to ensure the protection of your data, for example through contractual regulations. We only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the GDPR for transfers to third countries (Articles 44 to 49 GDPR).
7.5. Data Erasure Principles and Storage Period
Personal data will be erased if the data is no longer required for the purposes mentioned above.
Instead of erasure, the data may be stored under restriction of processing if this is provided for by the European or national legislator in EU regulations, laws or other provisions, in particular, for example, to comply with statutory retention obligations e.g. the German Fiscal Code (AO) or the German Commercial Code (HGB), currently between 2 to 10 years), and/or if there are legitimate interests in storing the data (e.g. during the course of limitation periods for the purpose of a possible legal defence (Sections 195 ff. BGB), currently between 3 to 30 years).
The data will be deleted at the latest when a storage period prescribed by the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion of a contract or for other purposes or you have consented to longer storage (Article 6 para. 1 lit. GDPR).
8. Server log files
In server log files, the web server on which this Internet offer is provided collects and stores information that your browser automatically transmits to us. These are:
-
Visited page on our domain
-
Date and time of the server request
-
Browser type and browser version
-
Operating system used
-
Referrer URL
-
Host name of the accessing computer
-
IP address
This data is not merged with other data sources. Data processing is based on Article 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We will store the data for up to one year.
9. Contact form
Data transmitted via the contact form, including your contact data, will be stored in order to be able to process your inquiry or to be available for follow-up questions. This data will not be passed on without your consent. The data entered in the contact form will be processed exclusively on the basis of your consent (Article 6 para. 1 lit. a GDPR). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The lawfulness of the personal data processing operations carried out up to the revocation remains unaffected by the revocation. Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or until there is no longer any need for data storage. Mandatory statutory provisions – in particular retention periods – remain unaffected.
10. Processing by third parties
In some cases, personal data may also be processed by third parties. Please refer to the following information for details.
11. Cookies
Our website don't uses cookies.
12. Tally
We have integrated Tally on this website. The provider is Tally, Muidepoort 19A, Gent 9000, Belgium (hereinafter “Tally”). Tally enables us to create online forms and integrate them into our website. The data you enter in our Tally forms is stored on Tally’s servers until you ask us to delete it, revoke any consent you have given to store it, or the purpose for storing the data no longer applies (e.g., after we have finished processing your request). Mandatory legal provisions – in particular, retention periods – remain unaffected by this. The use of Tally is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in functioning online forms. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information please see Tally’s Privacy Policy: https://tally.so/help/gdpr.
13. Google Ads und Google Conversion Tracking
Our website uses Google Ads. Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Ads is an online advertising program. As part of the online advertising program, we work with conversion tracking. After a click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your end device. Google Ads cookies expire after 30 days and are not used to personally identify users. The cookie enables Google and us to recognize that you clicked on an ad and were redirected to our website. Each Google Ads customer receives a different cookie. Cookies are not trackable through Ads customer websites. Conversion cookies are used to generate conversion statistics for Ads customers who use conversion tracking. Ads customers can see how many users clicked on their ad and were redirected to pages with a conversion tracking tag. However, Ads customers do not receive any information that enables personal identification of users. If you do not wish to participate in tracking, you can object to its use.
Conversion cookies" are stored on the basis of Article 6 para. 1 lit. f GDPR. We as website operators have a legitimate interest in analyzing user behaviour in order to optimize our website and our advertising. Details on Google Ads and Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en You can use a modern web browser to monitor, restrict or prevent the setting of cookies. Deactivation of cookies may result in limited functionality of our website.
14. Google Web Fonts
Our website uses web fonts from Google. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using these web fonts it is possible to present you the desired presentation of our website, regardless of which fonts are available to you locally. This is done by retrieving the Google Web Fonts from a Google server in the USA and forwarding your data to Google. This is your IP address and which of our pages you have visited. The use of Google Web Fonts is based on Article 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the optimal presentation and transmission of our website. Details about Google Web Fonts can be found at: https://fonts.google.com/#AboutPlace:about and further information in Google’s privacy policy: https://policies.google.com/technologies/partner-sites?hl=en.
15. Links to other websites
Our website contains links to other websites. We have no influence on whether their operators comply with the data protection regulations.
16. Protection of the privacy of persons under 16 on the internet
Personal data of minors (under 16 years of age) is not knowingly collected or used by us in any form. As a rule, we do not learn the age of visitors to our website. However, we have not taken any specific measures to protect such data to any particular extent. No personal data may be transmitted to persons under the age of 16 without the express consent of their parents or guardians.
17. The security of your data
The data you provide to W3MUC is protected by appropriate technical and organisational measures with the aim of securing your data against – whether accidental or intentional – unlawful processing, loss, destruction, access by unauthorised persons or unauthorised disclosure to third parties. Our security measures are continuously monitored and improved in accordance with technological developments and organisational possibilities.