Data Privacy

1. Introduction

With the following information, we would like to give you as a "data subject" an overview of the processing of your personal data by us and your rights under data protection laws. In principle, it is possible to use our Internet pages without entering personal data. However, if you want to use special services of our enterprise via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or e-mail address, is always in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the company. By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or by mail.

You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. For this reason, we would like to provide you with some tips on how to handle your data securely:

Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with strong passwords.
Only you should have access to the passwords.
Make sure you only ever use your passwords for one account (login, user or customer account).
Do not use one password for different websites, applications or online services.
Especially when using publicly accessible or shared IT systems, be sure to log out each time you log in to a website, application or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common words from everyday life, your own name or names of relatives, but upper and lower case, numbers and special characters.

2. Person responsible

Responsible person in the sense of the General Data Protection Regulation (GDPR) is:

mg: mannheimer gründungszentren gmbh

Julius-Hatry-Straße 1
68163 Mannheim

Managing Director: Christian Sommer

E-Mail: info@next-mannheim.de

Imprint

3. Data protection commissioner

You can reach the data protection commissioner as follows:

Data protection commissioner
mg:gmbh
Michael Mayer
Julius-Hatry-Strasse 1
68163 Mannheim

E-mail: datenschutz@next-mannheim.de

You can contact our data protection commissioner directly at any time with all questions and suggestions regarding data protection.

4. legal basis of processing

Art. 6 (1) lit. a of the GDPR (in conjunction with Section 25 (1) TTDSG) serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Article 6 (1) lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c DS-GVO.

In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (1) lit. d DS-GVO.

Finally, processing operations could be based on Art. 6(1)(f) DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 DS-GVO).

5. Technology

5.1 SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that there is a "https://" instead of a "http://" in the address line of the browser and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

6. Cookies

6.1 General information about cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site.

In the cookie, information is stored that results in each case from the context of the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimization. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tool used.

6.2 Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) lit. f GDPR.

For all other cookies, it applies that you have given your consent to this via our opt-in cookie banner within the meaning of Art. 6 (1) lit. a GDPR.

6.3 Information on how to avoid cookies in common browsers

Via the settings of the browser you are using, you have the option to delete cookies, to allow only selected cookies or to disable cookies completely at any time. You can find more information on the support pages of the respective providers:

7. Contents of our website

7.1 Contacting us / contact form

Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and the deletion is not contrary to any statutory retention obligations.

7.2 Booking of an event

In order to process the booking of events, we only process data that we use to process the event organization and the associated payment processes. The legal basis for this is Art. 6 para. 1 lit. b GDPR for the initiation or processing of a purchase contract with us.
For this purpose, we primarily use the store system Woocommerce (https://woocommerce.com/) with a GDPR-compliant plug-in as well as the ticket provision and dispatch system Amelia (https://wpamelia.com/de/) on the basis of an order processing contract according to Art. 28 GDPR with integrated EU standard contractual clauses.
For the processing of payments, we have integrated components of PayPal on this website. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not maintain a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments as well. PayPal also assumes trustee functions and offers buyer protection services.
If you select "PayPal" as a payment option during the ordering process in our online store, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal are usually first and last name, address, e-mail address, IP address, phone number, cell phone number or other data necessary for payment processing. Also necessary for the processing of the purchase contract are such personal data that are related to the respective order.
The purpose of transmitting the data is payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest for the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness.
PayPal may share the personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data on behalf.

You have the option to revoke your consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must be processed, used or transmitted mandatory for (contractual) payment processing.
PayPal is used in the interest of proper and smooth payment processing. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The transmission of your personal data takes place exclusively with the granting of explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
The applicable privacy policy of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

8. Newsletter

8.1 Advertising newsletter

On our website, you are given the opportunity to subscribe to our company's newsletter. Which personal data is transmitted to us when ordering the newsletter, results from the input mask used for this purpose.

We inform our customers and business partners at regular intervals by means of a newsletter about our offers. The newsletter of our company can only be received by you if

you have a valid e-mail address and
you have registered to receive the newsletter.

For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether you, as the owner of the e-mail address, have authorized the receipt of the newsletter.

When you register for the newsletter, we also store the IP address of the IT system used by you at the time of registration, as assigned by your Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves our legal protection.

The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by you at any time. The consent to the storage of personal data that you have given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, you will find a corresponding link in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter mailing directly on our website at any time or to inform us of this in another way.

The legal basis for data processing for the purpose of sending the newsletter is Art. 6 (1) lit. a GDPR.

8.2 Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Company may see if and when an e-mail was opened by you and which, if any, links in the e-mail were called up by you.

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimize the newsletter dispatch and to better adapt the content of future newsletters to your interests. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After a revocation, this personal data will be deleted by us. We automatically interpret an unsubscription from the receipt of the newsletter as a revocation.

Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in the insertion of personalized advertising, market research and/or the design of our website in line with requirements.

8.3 Newsletter dispatch service provider

Our email newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to whom we pass on your data provided during the newsletter registration. This transfer takes place within the framework of order processing by MailChimp. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.

MailChimp uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. the time of the retrieval, the IP address, the browser type and the operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data. A direct reference to a person is therefore excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

You can revoke the consent you have given at any time. You can also prevent the processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by setting your web browser accordingly. By deactivating Java Script in your web browser or installing a Java Script blocker (e.g. https://noscript.net or https://www.ghostery.com), you can prevent the storage and transmission of personal data. We would like to point out that these measures may mean that not all functions of our website are available.

Furthermore, MailChimp may use this data itself in accordance with Art. 6 (1) lit. f GDPR on the basis of its own legitimate interest in the needs-based design and optimization of the service, as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

To protect your data in the USA, we have concluded a data processing agreement ("Data Processing Agreement") with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. This data processing agreement can be viewed at the following internet address if you are interested: https://mailchimp.com/legal/forms/data-processing-agreement/.

You can view the privacy policy of MailChimp here: https://mailchimp.com/legal/privacy/

9. Our activities in social networks

So that we can also communicate with you in social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible for the processing operations triggered by this, within the meaning of Art. 26 GDPR, with the provider of the respective social media platform.

We are not the original provider of these pages, but merely use them within the scope of the possibilities offered to us by the respective providers.

As a precaution, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as safeguarding your rights, e.g. to information, deletion, objection, etc., could be more difficult and processing in the social networks often takes place directly for advertising purposes or for the analysis of user behavior by the providers, without this being able to be influenced by us. If usage profiles are created by the provider, this often involves the use of cookies or the assignment of usage behavior to your own member profile of the social networks.

The described processing operations of personal data are carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a GDPR in conjunction with. Art. 7 GDPR.

Since we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks and the possibility of exercising your right of objection or revocation (so-called opt-out), we have listed below the respective provider of social networks used by us:

9.1 Facebook

(Co-)responsible for data processing in Europe:

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

https://www.facebook.com/about/privacy

9.2 Instagram

(Co-)responsible for data processing in Germany:

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

https://instagram.com/legal/privacy/

9.3 LinkedIn

(Co-)responsible for data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

https://www.linkedin.com/legal/privacy-policy

9.4 Twitter

(Co-)responsible for data processing in Europe:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

https://twitter.com/de/privacy

Information about your data:

https://twitter.com/settings/your_twitter_data

9.5 YouTube

(Co-)responsible for data processing in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

https://policies.google.com/privacy

9.6 XING (New Work SE).

(Co-)responsible for data processing in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

https://privacy.xing.com/de/datenschutzerklaerung

Information requests for XING members:

https://www.xing.com/settings/privacy/data/disclosure

10. Web Analytics

10.1 eTracker

Our website uses the etracker analysis service. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. Usage profiles can be created from the data under a pseudonym. Cookies can be used for this purpose. The data collected using etracker technologies will not be used to personally identify visitors to our website without your separate consent and will not be merged with personal data about the bearer of the pseudonym.

etracker cookies remain on your terminal device until you delete them.

These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a GDPR.

You can object to the data collection and storage at any time with effect for the future.

You can view the privacy policy of eTracker at: https://www.etracker.com/de/datenschutz.html.

We have concluded an order data processing contract with etracker and fully implement the strict requirements of the German data protection authorities when using etracker.

11. plugins and other services

11.1 Google Maps

We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, our location can be displayed to you, for example, and a possible journey can be made easier.

After clicking on "Show map" on the pages in which the Google Maps service is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely disabling the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a GDPR.

You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.

You can view the privacy policy of Google Maps at: ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/.

11.2 Vimeo (videos)

Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated on our website. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Vimeo. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted by your browser directly to a Vimeo server in the USA and stored there.

If you are logged in to Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. If you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.

If you do not want Vimeo to assign the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website.

For videos from Vimeo that are embedded on our site, the tracking tool Google Analytics is automatically integrated. This is Vimeo's own tracking, to which we have no access and which cannot be influenced by our site. Google Analytics uses so-called "cookies" for tracking, which are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

These processing operations are carried out exclusively when express consent is given in accordance with Art. 6 (1) lit. a GDPR.

You can view the privacy policy of Vimeo at: https://vimeo.com/privacy.

11.3 YouTube (videos)

We have integrated components from YouTube on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you are logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting when you call up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as calling up our website; this takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website.

These processing operations are only carried out if you have given your express consent in accordance with Art. 6 (1) lit. a GDPR.

You can view YouTube's privacy policy at.
https://www.google.de/intl/de/policies/privacy/.

12. your rights as a data subject

12.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

12.2 Right to information Art. 15 GDPR

You have the right to receive from us at any time, free of charge, information about the personal data stored about you, as well as a copy of this data in accordance with the legal provisions.

12.3 Right to rectification Art. 16 GDPR

You have the right to demand that incorrect personal data concerning you be corrected. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

12.4 Deletion Art. 17 GDPR

You have the right to demand that we delete the personal data concerning you without undue delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

12.5 Restriction of processing Art. 18 GDPR

You have the right to demand that we restrict processing if one of the legal requirements applies.

12.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.

12.7 Objection Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or insofar as the processing serves the assertion, exercise or defense of legal claims.

In individual cases, we process personal data to conduct direct marketing. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

12.8 Revocation of consent under data protection law

You have the right to revoke consent to the processing of personal data at any time with effect for the future.

12.9 Complaint to a supervisory authority

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

13. up-to-dateness and modification of the privacy policy

This privacy policy is currently valid and has the status: March 2022.

Due to the further development of our internet pages and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at "https://next-mannheim.de/datenschutz"