This privacy policy applies to data processing by us as the responsible party pursuant to. Art. 4 para. 7 of the Basic Data Protection Regulation (DSGVO). Our contact details are:
connactz GmbH
Nelkenstraße 23
94447 Plattling.
| Registergericht: | |
|---|---|
| Register number: | HRB 5333 |
| Managing directors: | Dr. Maximilian Blaschke |
| Contact: | Email: support@connactz.com |
When you access our Website, meaning when you transmit information to us by any other means, we — or the host provider acting on our behalf — only collect the personal data that your browser transmits to our server. If you wish to view our Website, we collect the following data:
This data is technically necessary for us to display and provide our Website. The legal basis for this processing is Art. 6 (1) sentence 1 lit. f GDPR. For security reasons (e.g., to clarify cases of misuse or fraudulent activities), this data is stored for a maximum duration of 7 days and is then deleted. Data that must be retained further for evidentiary purposes is exempt from deletion until the respective incident is fully clarified. The hosting service provider we employ processes personal data on our behalf and in accordance with our instructions as a so-called processor pursuant to Art. 28 GDPR.
We use technology from Google ReCaptcha to ensure that the publicly accessible part of our website is not misused for automated requests (e.g., spam). When you are not logged in as a registered user and interact with our website (e.g., via the contact form or when submitting a review), Google checks whether the data input on our websites (e.g., in a contact form) is made by a human or by an automated program. To do this, ReCaptcha analyzes the behavior of the website visitor based on various criteria. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, ReCaptcha evaluates various pieces of information (e.g., IP address, duration of the website visit, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The ReCaptcha analyses run entirely in the background. This query is used to distinguish whether the input is made by a human or is misused through automated, machine processing. Therefore, we transmit the following data to Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland):
Google evaluates the data to detect an automated request in order to ensure that the contact form is not misused. Cookies are used for this purpose, which enable recognition of your internet browser. The legal basis for the processing is Art. 6 (1) sentence 1 lit. f GDPR. In the context of using Google ReCaptcha, data is also transmitted from Google to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to and stored in the USA. The data protection level in the USA is deemed inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE, alternatively you can also request these documents from us using the contact details provided in Section 2.
Our website optionally uses Google Analytics so that we can further improve future websites. You can consent to the use of Google Analytics when you access the website. You may withdraw your consent to the use of Google Analytics at any time. If you grant us your consent, we analyze your usage of the website. To do this, we process the following personal data from you:
Therefore, we transmit the aforementioned data to Google for analytical purposes. On our behalf, Google analyzes the data regarding the manner in which you use the website, as this data is necessary for us to ensure the stability and security of the website and to further develop it in accordance with our interests. The data collected in this way is not merged with your other profile information but is included in anonymous statistics that help us better understand our users and tailor the website more closely to their needs. As mentioned above, we process this data solely with your consent. The legal basis for this is Art. 6 (1) sentence 1 lit. a GDPR.
In the context of using the services of Google Analytics, data is also transmitted from Google to group companies and/or subprocessors. In this context, the aforementioned data may be transferred to and stored in the USA. The data protection level in the USA is deemed inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE, alternatively you can also request these documents from us using the contact details provided in Section 2.
We have embedded videos from the platform YouTube on our website. YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for data protection regarding the operation of the YouTube platform. You can find YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.
In this context, to the best of our knowledge, YouTube processes the following personal data from you:
The integration of YouTube videos is carried out in our interest to present you with high-quality content directly on our website. Instead of merely providing you with a link to an interesting video, you can watch the video directly on our site. This enhances our service and makes it easier for you to access engaging content. The legal basis for processing personal data in connection with the integration of YouTube videos and the associated transfer of personal data to Google LLC is Art. 6 (1) sentence 1 lit. f GDPR.
In the context of using YouTube's services, data is also transmitted by Google to group companies and/or subprocessors. In this context, the above-mentioned data may be transferred to and stored in the USA. The level of data protection in the USA is considered inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE, alternatively you can also request these documents from us using the contact details provided in Section 2.
E-mails that you transmit to us and that we transmit to you are processed using the services of our e-mail provider. In the context of e-mail communication, our e-mail provider processes your personal data (i.e., your e-mail address and the information you provide in the e-mail) on our behalf, in order to enable e-mail communication with you or, if you are our customer, for contract processing. The processing of your personal data is based on Art. 6 (1) sentence 1 lit. f and/or Art. 6 (1) sentence 1 lit. b GDPR. We delete the data once it is no longer required and provided that no legal obligations prevent us from doing so. We review the necessity of retention every six months.
When you contact us by telephone, we require your personal data (e.g., name, telephone number, address, or e-mail address) in order to process your inquiry or concern. This data processing is necessary for us to be able to communicate with you or, if you are our customer, for contract processing. The processing of your personal data is based on Art. 6 (1) sentence 1 lit. f and/or Art. 6 (1) sentence 1 lit. b GDPR. We delete this data once it is no longer required and provided that no legal obligations prevent us from doing so. We review the necessity of retention every six months.
When you contact us via the contact form, we require your personal data (e.g., name, contact details, etc.) in order to process your inquiry or concern. This data processing is necessary for us to be able to communicate with you or, if you are our customer, for contract processing. The processing of your personal data is based on Art. 6 (1) sentence 1 lit. f and/or Art. 6 (1) sentence 1 lit. b GDPR. We delete the data once it is no longer required and provided that no legal obligations prevent us from doing so. We review the necessity of retention every six months.
When you are a registered user, you automatically receive our newsletter, through which we inform you about our current interesting offers. In addition, our newsletters contain information about our products, promotions, and our company. They also reflect our interests pursued through the data processing. For the purpose of sending the newsletter and addressing you personally therein, we process your e-mail address and your name. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR. We process your data in this context as long as you are our user or until you object to this data processing.
The newsletter service provider we use processes personal data on our behalf and in accordance with our instructions as a so-called processor pursuant to Art. 28 GDPR.
When you register on our platform, you must provide certain mandatory information about yourself. We therefore process the following personal data from you:
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store your data until you cancel your user account. Afterwards, your data will be deleted in relation to the user account, unless its retention is necessary for commercial or tax reasons pursuant to Art. 6 (1) sentence 1 lit. c GDPR.
In addition to the required mandatory information, you can provide additional details that make it easier for other users to get to know you better and, for example, to book you as a project. We may therefore process personal data that you voluntarily add to your profile, such as
Other users can view, share, or link to this data. Certain information about you may be accessible by default to other users of our platform (e.g., your username, your profile picture, content added to your profile). In addition, we will inform you via e-mail if there are details missing in your profile or if your profile is incomplete. For this purpose, we use your e-mail address and your name (to be able to address you personally).
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. The deletion of this data occurs either selectively for specific details when you remove them from our platform, or completely when you delete your account on our platform.
We use Hubspot (hubspot.com) for the easy management of user and customer data (CRM) and especially for capturing process data (e.g., e-mails, notes from conversations, etc.). This provides us with an overview of previous communications and enables us to offer you more comprehensive and better support. In addition, we use Hubspot for lead generation via our blog (blog.connactz.com) and for the automated sending of e-mails. In doing so, we sometimes transfer data from sections 5.1 and 5.2 as well as usage statistics and usage-relevant information, such as the number of new event inquiries, to Hubspot’s servers in order to make the e-mails with personalized content more relevant to you.
The European subsidiary of Hubspot Inc. is located at 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. The legal basis for processing personal data in connection with the use of Hubspot and the associated transfer of personal data to Hubspot Inc. is Art. 6 (1) sentence 1 lit. f GDPR. In the context of using Hubspot’s services, data may also be transmitted to group companies and/or subprocessors. In this context, the aforementioned data may be transferred to and stored in the USA. The level of data protection in the USA is deemed inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE; alternatively, you can also request these documents from us using the contact details provided in Section 2.
We send you e-mails when a message is received in your connactz inbox or when an appointment is approaching. This is to ensure that you do not overlook a message sent to you by another user and that you do not miss an appointment. The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR. We delete this data once it is no longer required for the purpose for which it was collected, i.e., for the personalization of your profile. Typically, this is the case when you delete your profile with us. We review the necessity every six months.
We also process your data to suggest to you, if you are an organizer, those projects/artists or, if you are a project/artist, those organizers and events as well as other projects/artists that best match you. This requires a user-specific evaluation of the relevance of products and content, i.e., personalization. Only with such personalization can we present you with results that truly match you. In doing so, your profile information and your previous use of our platform are analyzed and compared using an algorithm with the anonymized profiles of other users with similar characteristics. This is intended to ensure that the suggestions presented to you better match you. Of course, you have access to all profiles despite the personalization. The personalization merely serves to draw your attention earlier to the profiles that are more relevant to you.
For the purpose of personalization, we use the following data that we collect as part of your use of our platform:
The legal basis for the processing is Art. 6 (1) sentence 1 lit. f GDPR. We delete this data once it is no longer required for the purpose for which it was collected – in this case, the personalization of your profile. Typically, this is the case when you delete your profile with us. We review the necessity every six months.
When you, as an organizer, create a call for artists on our platform, we collect various pieces of information from you that may include personal data. These include:
With the exception of your contact data (i.e., your e-mail address and telephone number) and the budget, these details are visible to other users of our platform. If another user contacts you and you initiate contact with another user, the entire communication takes place via the chat function on our platform, so that your communication partner does not automatically receive your contact details. However, you can optionally activate the publication of your contact data. In that case, they will be visible to other users of our platform.
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store your data until you cancel your user account.
If you reach an agreement with an artist/project, that artist/project has the option to generate a contract and invoices using our contract and invoice generator (see also Section 5.7 of this Privacy Policy). These documents will be enriched with the contact data stored in your profile. This data transfer only occurs with your explicit consent and only if you reach an agreement with an artist/project.
When you, as an artist/project, submit an offer for a call for artists on our platform, we collect various pieces of information from you that may include personal data and transmit them to the respective organizer for whose event you are submitting an offer. These include:
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store your data until you cancel your user account. Afterwards, your data in relation to the user account is deleted.
We offer our users the option to display their private calendars by connecting with the Google Calendar API or by sharing their iCloud (Apple) calendars on our website, to check for scheduling conflicts, and to make the availability of team members (members of the same projects) visible. Members of the same projects can view the availability of their team members, but not the reasons for scheduling conflicts. Only the user themselves can view the details of the events and the reasons behind the scheduling conflicts. connactz does not store data from the Google Calendar API or the iCloud calendars. The information is reloaded via the connection each time it is used and kept up to date.
To enable this, you will be prompted to provide your Google account login credentials and allow the API integration or, for iCloud (Apple) calendars, to provide an app-specific password for the connection. By using the Google Calendar API or the iCloud connection (Apple), we can access your calendar events and display them on our website. We take appropriate measures to ensure that your calendar events are treated confidentially and processed in accordance with applicable data protection laws. Please note that we do not have access to your Google account login credentials and that the integration can be deactivated and deleted at any time by removing these connections in connactz or from your Google account settings, or by changing or removing the app-specific password with Apple.
The use or further transmission of information obtained from Google APIs to other apps is subject to the Google API Services User Data Policy (accessible via https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes) as well as the Limited Use requirements.
When you, as an artist/project, use our contract and invoice generator, we create contracts and invoices for you with organizers or other artists/projects with whom you have reached an agreement. In this context, we process the following data which may include personal data:
In addition, you have the possibility, within your project, to make an internal division of your fee and to create corresponding invoices and receipts. For this, we process the following data:
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store this data until you cancel your user account. Afterwards, your data is deleted in relation to the user account. Please remember, however, that you must archive these documents in compliance with tax regulations at all times.
You have the option to get in touch with other users of our platform. As part of this communication, we generally process all data that you provide within this context and transmit it to the recipient you have selected. This data includes, in particular:
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. The deletion of this data occurs either selectively for specific details when you remove them from our platform or completely for all data when you delete your account on our platform.
If you are or become our customer, we process data from you that may include personal data in the context of processing your order and fulfilling our contractual obligations. The data processed includes master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons) as well as payment data (e.g., your bank details, payment history). We require this data to fulfill the contract. If this includes personal data, the processing is based on Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this data.
All data processed for contractual purposes is processed by us for at least the duration of the contractual relationship plus the applicable warranty period. Afterwards, the data is deleted if it is no longer required for the purpose stated and no retention obligations prevail.
We process certain personal data from you in order to regularly send you status e-mails as well as advertising for our own similar products and services or surveys for our own market research purposes. This includes the following personal data from you:
This processing is carried out in our interest in direct marketing and maintaining customer relationships. The legal basis for this is Art. 6 (1) sentence 1 lit. f GDPR. The deletion of this data occurs either selectively for specific details when you remove them from our platform or completely when you delete your account on our platform.
The execution and thus the collection, processing, and storage of electronic payment transaction data is carried out by our payment service provider, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland ("Stripe"). Through Stripe, it is possible to offer various payment methods, such as credit card payments or direct debit.
With every payment transaction, Stripe receives data for processing the electronic payment transaction, such as the information you provided during the order process along with the details of your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number). The processing of your data by Stripe is necessary for the payment processing and thus for the fulfillment of the contract. The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR. This data is deleted after the statutory retention periods have expired. Stripe processes your personal data on our behalf and in accordance with our instructions as a so-called processor pursuant to Art. 28 GDPR.
The service provider we use in this context, Stripe, which processes personal data for us on our behalf and in accordance with our instructions as a so-called processor pursuant to Art. 28 GDPR, transfers data to group companies in the USA. The level of data protection in the USA is considered inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE; alternatively, you can also request these documents from us using the contact details provided in Section 2.
We store master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) of customers, prospects, suppliers, and other business partners for later contact purposes. These personal data may be stored in a CRM system ("Customer Relationship Management System") or comparable systems for managing inquiries. This enables us to efficiently organize incoming contacts. The processing of your personal data is carried out on the basis of Art. 6 (1) lit. f GDPR. All data processed in this context is stored by us for at least the duration of the contractual relationship plus an additional period of three years.
In addition, we process your data, in particular your master, contract, and payment data, for accounting purposes. This processing is carried out in part on the basis of legal obligations pursuant to Art. 6 (1) lit. c GDPR.
Under legal requirements in Germany, we are further obliged to retain or store certain data, so that we may not delete or destroy it even after the intended purpose has been achieved; see Art. 17 (3) lit. b GDPR. This applies to master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history). In particular, the retention or storage of books, records, inventories, annual financial statements, management reports, opening balances, as well as the work instructions and other organizational documents necessary for their understanding, the received and sent commercial or business letters, the accounting documents, and other documents, insofar as they are relevant for taxation, is prescribed for ten years in accordance with § 147 (1) of the Fiscal Code (AO). This also applies to any personal data of the data subjects contained in the documents mentioned above. The legal basis for this retention or storage is Art. 6 (1) lit. c GDPR.
In addition, we may sometimes transfer your personal data to advisors such as tax consultants, lawyers, auditors, or accountants. This is done in our interest in legally compliant business operations or for financial accounting purposes. The legal basis for this is Art. 6 (1) sentence 1 lit. f GDPR or § 24 (1) no. 2 of the new BDSG.
The data processed by us is deleted in accordance with Art. 17 GDPR or restricted in its processing in accordance with Art. 18 GDPR.
Unless otherwise provided for in this Privacy Policy, the data processed by us will be deleted as soon as it is no longer required for its intended purpose and provided that no legal retention obligations prevent deletion. We review the necessity every six months.
You have the right:
If we process your personal data on the basis of a consent provided by you pursuant to Art. 9 (2) lit. a or Art. 6 (1) lit. a GDPR, you have the right to revoke any consent you may have given pursuant to Art. 7 (3) GDPR with effect for the future.
If you wish to exercise your right of withdrawal, you may notify us by e-mail at support@connactz.com. Alternatively, you may also use the contact details provided above in Section 2.
If we process your personal data on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are reasons arising from your particular situation or if the objection relates to direct marketing. In the latter case, you have a general right to object, which we implement without the need for a specific explanation.
If you wish to exercise your right to object, you may notify us by e-mail at support@connactz.com. Alternatively, you may also use the contact details provided above in Section 2.
We reserve the right to change our Privacy Policy if this should become necessary due to new technologies or changes in our data processing procedures, or to adapt it to changes in the legal situation relevant to us. However, this only concerns this Privacy Policy. If we process your personal data on the basis of a consent provided by you or if parts of the Privacy Policy contain provisions of the contractual relationship with you, any changes will only be made with your consent.
The current version of our Privacy Policy can be viewed at https://www.connactz.com/en/privacy.
As a service provider, we are responsible for our own content on these pages in accordance with the general laws pursuant to § 7 para. 1 TMG. According to §§ 8 to 10 TMG, we are not obligated to monitor transmitted or stored information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under the general laws remain unaffected. However, liability in this regard is only possible from the point in time at which a concrete infringement of the law becomes known. If we become aware of any such infringements, we will remove the relevant content immediately. In case of doubt the German version of this legal notice shall be binding.