Data Privacy Statement

This Data Privacy Statement explains the type, extent and purpose of processing personal data (henceforth "data") that will be done in on our website and connected websites, functions and content as well as external online content, as for example Social Media Profile (henceforth called summarily "website content"). For definitions of the terms used, like "processing" and "controller", we relegate you to the definitions of Article 4 of the EU regulation 2016/679 "General Data Protection Regulation" (GDPR).

 

Controller

 

Type of processed data:

  • Master data (e. g. names, addresses)
  • Contact data (e. g. e-mail addresses, phone numbers)
  • Content data (e. g. text, images, videos)
  • Usage-related data (e. g. websites visited, content preferences, time of access)
  • Meta and communication data (e. g. machine information, IP adresses)

 

Data subject categories

Visitors and users (henceforth summarily called "users").

 

Purpose of data processing

  • Provision of the website, including its functions and content
  • Answering user inquiries and communication with the users
  • Security precautions
  • Coverage determination, marketing

 

Terms used

  • "Personal data" means means any information relating to an identified or identifiable natural person ((henceforth summarily called "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e. g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data. This is a wide definition that covers almost any data handling.
  • "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

Legitimate basis
As required by Art. 13 GDPR we inform you about the legitimate basis of our data processing. If this data privacy statement does not name a legitimate basis explicitly, it is: Art. 6 clause 1 lit. a and art. 7 GDPR for obtaining permissions; Art. 6 clause 1 lit. b GDPR for processing required to fulfill services, to conduct measures required by contracts and to answer inquiries; Art. 6 clause 1 lit. c GDPR for processing data to fulfill legal obligations; Art. 6 clause 1 lit. f GDPR for protecting our legitimate interests. If processing data is required by an interest that is essential for the life of the data subject or another natural person, the legitimate basis is Art. 6 clause 1 lit. d GDPR.

 

Cooperation with processors and third parties
If, in the course of processing data, we disclose, transmit or othewise give access to data to other persons or enterprises (processors and third parties) this will exclusively be done based on legal authorization (for example if data transfer to third parties like payment service providers is required to fulfil contracts pursuant to Art. 6 Abs. 1 lit. b GDPR), if the user has agreed, if a legal provision requires it or if our legitimate interest requires it (for example if appointing agents, web service providers etc.).
If we appoint third parties as processors based on a "data processing agreement" this will be done by the regulations laid down in Art. 28 GDPR.

 

Transmission to third countries
Insofar as we process data in a third country (e. g. outside of the European Union (EU) or the European Economic Area (EEA)), whether directly or as part of using third party services or by transmitting data to third parties or granting data access to third parties, this will only occur if it is necessary to fulfill our contractual and precedent obligations, with the user's consent, based on a legitimate obligation or in pursuit of our legitimate interest. Subject to legitimate or contractual consent we will only process data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that this type of data processing will be based on special guarantees (like an official statement of a level of data privacy equivalent to that inside the EU, e. g. the "privacy shield" policy of the USA), or by observing officially accepted special contractual duties (so-called "standard form contract clauses").

 

Rights of data subjects

  • You are entitled to request a confirmation if such data are processed, about their content, about additional information concerning the data and to get a copy of this data, according to Art. 15 GDPR.
  • You are entitled to request that your incomplete personal data are completed and your wrong personal data are corrected, according to Art. 16 GDPR.
  • You are entitled to request that your personal data be erased or, alternatively, that processing of this data be restricted, according to Art. 17 resp. Art. 18 GDPR.
  • You are entitled to request that you receive the personal data you have submitted to us, or to transmit this data to another controller, according to Art. 20 GDPR.
  • You are entitled to lodge a complaint with a supervisory authority, according to Art. 77 GDPR.

 

Right of rescission
You are entitled to withdraw, effective for futurity, your consent according to Art. 7 clause 3 GDPR.

 

Right of objection
You are entitled to object to the processing of your data at any time, according to Art. 21 GDPR. In particular you can file such an objection against processing your data for direct advertising purposes.

 

Cookies and right of objection for direct advertising
"Cookies" are small files stored on the user's computer; they can store a variety of data. Their primary task is to store information about a user (or about the computer on which the cookie is stored) during and/or after using the online service. Temporary (also called session or transient) cookies will be erased when the user has left the online service and quitted the web browser software; such cookies would, for example, be used to store a login status or the contents of a "shopping cart". Permanent (also called persistent) cookies will remain stored even after quitting the browser software; they could, for example, store a login status for a future visit that may be sometime in the future. Such cookies may also be used to store user's interests with the target of using this information for audience measurement or advertising purposes. Third-party cookies are cookies that are stored by providers other than the controller of the web service; in contrast, the cookies placed by the controller's service are called first-party cookies.

 

We are entitled to use temporary or permanent cookies. We state this in our data privacy statement.

 

If you do not want cookies to be stored on your computer we ask you to de-activate the corresponding option in the preferences of your web browser software. You can also delete existing cookies in the preferences. Please note that not allowing storage of cookies may lead to restrictions in the use and content of this website.

 

There are several web services available that allow you to file a general, cross-service objection against cookies used for online advertising, in particular for tracking; examples for such sites are the US-American site http://www.aboutads.info/choices/ and the EU-based site http://www.youronlinechoices.com/.

 

Data erasure
The data processed by us will be erased or their processing restricted according to the stipulations of Art. 17 and 18 GDPR. If not explicitly stated in this data privacy statement the stored data will be erased as soon as they are no longer required for their stated purpose and no legitimate obligations require that they be kept. If data is not erased for one of these reasons, their use and processing will be restricted. In particular they will be locked and will not be processed for other purposes. For example, this is true for data that must be kept because commercial or tax legislation requires it.

 

In particular, due to legitimate requirements in Germany data will be kept stored for 6 years according to § 257 clause 1 Handelsgesetzbuch (HGB) (like trading books, inventories, opening balance sheets, year-end accounts, business letters,  accounting supporting records, etc.) or for 10 years accordin g to § 147 clause 1 Abgabenordnung (AO, tax law) (like books, notes, statements of financial condition, receipts, commercial and business letters and records relevant to tax purposes, etc.).

 

Due to legitimate requirements in Austria data will be kept stored for 7 years according to § 132 clause 1 BAO (accounting records, receipts/invoices, bank accounts, buy and sell records, business documents, compilation of earnings and expenditures, etc.) or for 22 years for the same in connection with real estate, or for 10 years for documents and records in connection to services performed electronically, telecommunikation services, sound and image broadcasting services provided for non-corporate users inside the EU for which the Mini-One-Stop-Shop (MOSS) regulations are claimed.

 

Hosting
The hosting services used by us serve to provide the following purposes, as far as we use them to provide this website: infrastructure and platform services, data processing capacity, data storage capacity, database services, security services and services fro technical maintenance.

 

In order to fulfill these tasks and services we or our hosting provider process the following data: stock data, contact information, content data, data concerning contracts, usage data and meta and communication data of users, customers and interested persons of this website, based on our legitimate interest in providing an efficient and secure access to or online services according to Art. 6 clause 1 lit. f GDPR in connection with Art. 28 GDPR (conclusion of a data processing agreement).

 

Collection of access data and logfiles
We or our hosting provider will collect data about each access to the server on which our online service is hosted (so-called server logfiles), in based on our legitimate interest as defined inArt. 6 clause 1 lit. f. GDPR. This data may consist of the name of the requested web page, filename, date and time of the request, data volume sent, message about the sucessful fulfillment, browser software type and version, user's operating system, referrer URL (the web page previously visited), IP address and requesting provider.

 

Logfile information will be stored for security reasons (e. g. to investigate improper use and fraud) for up to 7 days and then erased. Data required as legal proof in an incident will not be erased until the incident is finally closed.

 

Registration function
Users can (optionally) create a user account. In the course of the registration the user will be informed which of the sign-up data are mandatory. The data entered during registration will be used for purposes connected to using the online service. Users may be informed by e-mail about circumstances concerning the service or their registration, like changes in the online service content or technical changes and requirements. When a user terminates their account data connected with that account will be erased if there is no legal requirement (e. g. commerce or tax law) to keep them, according to Art. 6 clause 1 lit. c GDPR. It is the user's responsibility to copy their data, if they wish, before the end of contract after terminating the account. We are entitled to erase irretriavably all user data stored over the time of the contract.

 

When the user accesses the registration and login functions and if they use their user account we will store the IP address and the date and time of the user action of the action. We do this based on our legitimate interest, as well as that of the user, in providing protection from abuse and other unauthorized use. This data will not be transmitted to third parties if that is not required in pursuit of legal claims or is required by law, according to Art. 6 clause 1 lit. c GDPR. The IP addresses will be rendered anonymous or erased after a maximum of 7 days.

 

Contacting users
When a user contacts us (e. g. through a contact form, by e-mail, by phone or through social media) the user data will be processed in order to handle and answer the request, according to Art. 6 clause 1 lit. b) GDPR. For processing the data may be stored in a Customer Relationship Management System (CRM) or a software system of similar purpose.

 

We will erase this data if they are not needed any more, subject to legitimate requirements about archiving data. We will check every 2 years if the data is still required for processing.

 

Comments and contributions
When a user submits comments or other contributions we will store their IP address for 7 days, based on our legitimate interest as defined in Art. 6 clause 1 lit. f. GDPR. We do this to protect ourselves in case someone submits illegal or improper contributions (like slander, forbidden propaganda etc.). In such cases we as the controller could be prosecuted for the comment or contribution and therefore we have an interest to know who submitted the contribution in question.

 

Embedding services and content of third parties
Based on our legitimate interest (d.h. Interesse an der Analyse, Optimierung und wirtschaftlichem Betrieb unseres Onlineangebotes im Sinne des Art. 6 Abs. 1 lit. f. GDPR) we use, in providing our online service, content and services provided by third parties (henceforth calld "3rd-party content"). Examples for embedded 3rd-party content are videos and web fonts.

 

This requires that the third party providing the content knows the user's IP address, because otherwise it cannot send the content to the requesting web browser. Hence, the IP address is a requirement to provide that service. We make an effort to use only 3rd-party content from providers that use these IP addresses exclusively for sending requested data. It is possible that third party providers use so-called "pixel tags" (invisible graphics, also known as "web beacons") for statistical or advertising purposes. Pixel tags can serve to monitor user traffic on the pages of this online service. The pseudonymous information can also be stored in cookies on the user's computer, together with additional information like technical information about the user's browser software and operating system, referrer URLs, timestamp of visit and other information about the use of our online service. It is also possible that such data will be evaluated in connection with information from other sources.

 

Google Maps
We embed maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

 

The original (German) version of this page has been created through Datenschutz-Generator.de of RA (attorney) Dr. Thomas Schwenke.


 

 

Logo AGK

AGK Homepage and card model database
Copyright © AGK & Heiko Schinke, 2006-2018 === version 8.3 dated 2018-03-11
Problems? Please send an email to Heiko Schinke (schinkekartonmodellbau.org)
or call by phone +49/341/9959 - 692 (office) +49/3461/4415494 (private)

 

Member of International List of Scale Model Related Web Sites
Arbeitskreis Geschichte des Kartonmodellbaus (AGK) e.V.