Website privacy statement and at the same time information of data subjects pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation

General information

Details of the responsible body:

Economic Development Corporation
City of Chemnitz (CWE)
Innere Klosterstrasse 6/8
09111 Chemnitz

Managing Director: Simone Kalew, Katja Loße

Phone: 0371 – 366 0 200

E-mail address: office@cwe-chemnitz.de

Contact data protection officer:

Dr. Sebastian Kraska, lawyer, IITR Datenschutz GmbH, Marienplatz 2, 80331 Munich, email@iitr.de, Tel.: +49 (0)89 1891 7360

 

General data processing information

Data concerned:

Personal data is only collected if you provide it to us of your own accord. No other personal data is collected. Any processing of your personal data that goes beyond the scope of the legal permissions will only be carried out on the basis of your express consent. We may transfer personal data to other bodies within our organisation or grant them access to such data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and commercial interests or is made where it is necessary for the performance of our contract-related obligations or where we have obtained the consent of the data subjects or legal permission.

 

Purpose of processing:
Contract performance.

Categories of recipients:

Public bodies where there is overriding legislation.
External service providers or other contractors.
Other external bodies insofar as the data subject has given consent or a transfer is permissible for overriding interest.

Third country transfers:
In the context of the execution of the contract, processors outside the European Union may also be used.

Duration of data storage:
The duration of data storage depends on the statutory retention obligations and is usually 10 years.

 

Specific information about the website

Usage data

When you call up our web pages, you transmit data to our web server (out of technical necessity) via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • complete IP address of the requesting computer
  • amount of data transferred.

For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After a short period of time at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a relationship to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other data or passed on to third parties, not even in extracts.

 

Use of own „cookies“ required for website display

This website does not use cookies.

 

Information on further data processing procedures

Specific information on the application procedure

Data concerned:
Application details

Purpose of processing:
Implementation of application procedure.

Categories of recipients:
Public bodies in case of overriding legal provisions. External service providers or other contractors, e.g. for data processing and hosting. Other external bodies insofar as the data subject has given consent or a transfer is permissible for overriding interest, including customers and interested parties in the context of order acquisition.

Third country transfers:
In the context of contract execution, order processors outside the European Union may also be used, including email providers.

Duration of data storage:
Application data is usually deleted within four months after notification of the decision, unless consent to longer data storage has been given in the context of inclusion in the applicant pool.

 

Specific information on the processing of customer data/prospect data

Data concerned:
Data communicated for the performance of the contract; if applicable, data going beyond this for processing on the basis of your express consent.

Purpose of processing:
Contract performance, including quotations, orders, sales and invoicing, quality assurance.

Categories of recipients:

  • Public authorities in case of overriding legal provisions.
  • External service providers or other contractors, including for data processing and hosting, shipping, transport and logistics, service providers for printing and shipping information.
  • Other external bodies insofar as the data subject has given consent or a transfer is permissible for overriding interest.

Third country transfers:
In the context of the execution of the contract, order processors outside the European Union may also be used, including email providers.

Duration of data storage:
The duration of data storage depends on the statutory retention obligations and is usually 10 years.

 

Specific information on the processing of employee data.

Data concerned:
Data communicated for the performance of the contract; if applicable, data going beyond this for processing on the basis of your express consent.

Purpose of processing:
Contract performance in the context of the employment relationship.

Categories of recipients:

  • Public authorities in the event of overriding legal provisions, including the tax office, social insurance institutions, employers‘ liability insurance association.
  • External service providers or other contractors, e.g. for data processing and hosting, payroll accounting, travel expense accounting, insurance services.
  • Other external bodies insofar as the data subject has given consent or a transfer is permissible for predominant interest, including for insurance benefits.

Third country transfers:
In the context of the execution of the contract, processors outside the European Union may also be used, including email providers.

Duration of data storage:
The duration of data storage depends on the statutory retention obligations and is usually 10 years.

 

Specific information on the processing of supplier data.

Data concerned:
Data communicated for the performance of the contract; if applicable, data going beyond this for processing on the basis of your express consent.

Purpose of processing:
Contract performance, including enquiries, purchasing, quality assurance.

Categories of recipients:

  • Public authorities in case of overriding legal provisions, e.g. tax office, customs.
  • External service providers or other contractors, e.g. for data processing and hosting, accounting, payment processing.
  • Other external bodies insofar as the data subject has given consent or a transfer is permissible for overriding interest.

Third country transfers:
In the context of the execution of the contract, processors outside the European Union may also be used, including email providers.

Duration of data storage:
The duration of data storage depends on the statutory retention obligations and is usually 10 years.

 

Specific information on the use of video conferencing/webinar software.

Data concerned:
Data communicated for the use of the video conferencing software or webinar software (esp. first name, last name, e-mail address; optional: sound transmission; optional: image transmission; optional: questions when using chat functions); to the extent technically necessary, processing of data from your system to establish the connection with the provider of the conferencing software.

Purpose of processing:
conducting video conferences or webinars.

Categories of recipients:

  • Public bodies in case of overriding legal provisions.
  • External service providers or other contractors, including for data processing and hosting.
  • Other external bodies insofar as the data subject has given consent or a transfer is permissible for overriding interest.

Third country transfers:
Processors outside the European Union are used (in this case: United States of America); standard contractual clauses have been concluded with the service provider accordingly.

Duration of data storage:
Video conferences are only recorded with the previously documented consent of the participants. The technical data is deleted if it is no longer required. The duration of data storage otherwise depends on the statutory retention obligations and is usually 10 years.

 

Presence in social networks

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for the users because, for example, it could make it more difficult to enforce the rights of the users. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they thereby undertake to comply with EU data protection standards.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users‘ computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of information requests and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users‘ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).

 

Services used and service providers:
Facebook: Social network; Service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Instagram: Social network; Service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; website:https://www.instagram.com; privacy policy:https://instagram.com/about/legal/privacy.

LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Further information and contacts

In addition, you can assert your rights to information, correction or deletion or to restriction of processing or the exercise of your right to object to processing as well as the right to data portability at any time. You have the option of contacting us by e-mail (office@cwe-chemnitz.de ) or letter (Chemnitzer Wirtschaftsförderungs- und Entwicklungsgesellschaft mbH, Innere Klosterstraße 6 – 8, 09111 Chemnitz). You also have the right to contact the data protection supervisory authority in the event of complaints.