Privacy & Cookies Policy
C.A.R.M.E.N. e.V. takes the protection of your data very seriously!
For questions or other concerns regarding data protection at C.A.R.M.E.N. e.V., please contact the contact details listed below.
The protection of personal data is very important to us. The use of our website is basically possible without providing personal data. However, if you wish to avail yourself of the offer on our website, the processing of personal data may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the current Federal Data Protection Act (BDSG), effective from 25.05.2018 effective EU Data Protection Regulation (GDPR) and the Telemedia Act (TMG).
Our association has implemented numerous technical and organizational measures to ensure the most complete possible protection of the processed personal data. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection can not be guaranteed.
1. Personal data
Personal data means „any information relating to an identified or identifiable natural person (“ the data subject „); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person „(Article 4 (1) GDPR).
2. Affected person
Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any process or series of operations related to personal data, such as collecting, capturing, organizing, arranging, storing, adapting or modifying, reading out, querying, using, with or without the aid of automated procedures; the disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction (Article 4 (2) GDPR).
4. Restriction of processing
Limitation of the processing is the marking of stored personal data with the aim to limit their future processing (kind 4 No. 3 GDPR).
Profiling is any kind of automated processing of personal data, which involves using that personal information to evaluate certain personal aspects pertaining to a natural person, in particular aspects related to job performance, economic condition, health, personal preferences to analyze or predict interests, reliability, behavior, whereabouts or change of location of this natural person (Art. 4 No. 4 GDPR).
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the need for additional information (Article 4 (5) GDPR). This additional information will be kept separate, subject to technical and organizational measures, thus ensuring that the personal data are not assigned to an identified or identifiable natural person.
The person responsible is the natural or legal person, public authority, body or other body which, alone or in concert with others, decides on the purposes and means of processing personal data. (Art. 4 No. 7 GDPR)
The processor is a natural or legal person, public authority, body or body that processes personal data on behalf of the controller (Article 4 (8) GDPR)
Recipient is a natural or legal person, institution, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under a specific investigation mandate under Union or national law may not be considered as beneficiaries (Article 4 (9) GDPR).
10. Third person
Third is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons empowered under the direct responsibility of the controller or processor to process the personal data (Article 4 No. 10 DSGVO).
Consent is any expression of will voluntarily and unequivocally made by the data subject in the form of a statement or other unambiguous confirmatory act expressing to the data subject that they consent to the processing of the personal data concerning them is (Art. 4 No. 11 GDPR).
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Centrales Agrar-Rohstoff Marketing- und Energie-Netzwerk e.V.
Geschäftsführer Edmund Langer
Tel.: +49 (0) 9421 960-300
III. Provision of the website
1. Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:
• The operating system of the user
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the system of the user comes to our website
• Web sites that are accessed by the user’s system through our website
• retrieved file(s)
• Amount of data sent
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f DSGVO.
2. The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session. For these purposes, our legitimate interest lies in Art. 6 para. 1 lit. f DSGVO.
3. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
4. The collection of the data for the provision of the website is mandatory for the operation of the website, therefore there is no contradiction on the part of the user.
1. The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place. The legal basis for the application of log files is Art. 6 para. 1 lit. f DSGVO.
2. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO.
3. Personal data in the log files are always deleted, storage of the IP address is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the calling client is no longer possible. The other non-personal information is stored for further analysis.
4. The storage of the data in log files is essential for the operation of the website. There is therefore no right of objection on the part of the user.
We use so-called session cookies, which are deleted again from the user’s hard disk at the end of the session. In addition, we also use persistent cookies, which remain on the user’s device and allow us to recognize the user’s browser on the next visit.
2. The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO
VI. Email contact
1. On our website e-mail addresses are specified, which can be used for electronic contact. If the user contacts us by e-mail, the personal data transmitted by e-mail will be stored by us.
There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.
2. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
3. The processing of personal data, which are processed in the case of e-mail contact, serves us only to process your contact. This is our legitimate interest in the processing of the data within the meaning of Art. 6 para. 1 lit. f DSGVO.
4. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data sent to us by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts are finally clarified.
If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.
5. If a user contacts us by e-mail, they will be asked to give their consent in the course of responding to the request that we include their e-mail address and the corresponding contact data in our database as part of our network work Third parties may pass on and transmit to the test centers of our sponsor. If the user then gives the corresponding consent, his e-mail address along with the associated contact information will be stored in our database. A transmission of the data to third parties takes place only in the context of the given consent for the purpose of the network work as well as to the test centers of our funding agencies, as far as this is absolutely necessary for the fulfillment of the legal proof duties.
In the event of disclosure as part of our network work, the person concerned will be informed in each case about the disclosure of the contact data.
Purpose of the storage is the fulfillment of various proof obligations, which result in connection with the state support of our association as well as the networking of actors.
The legal basis for data storage in our database is Art. 6 para. 1 lit. a GDPR. The data will be deleted every 6 years, unless statutory retention requirements require longer storage. Furthermore, the data stored in the database will be deleted immediately as soon as the user revokes his consent.
VII. Registration and log-in
1. On our website, users can register to download the software Sophena. In the course of the registration, the following personal data of the user are collected: first name, last name, address and e-mail address. In the course of sending the registration form further personal data, in particular your IP address will be recorded. This information is used to provide the Software and to alert users to news regarding the Software (such as updates, new versions, or training offerings).
In the course of the registration the user is informed about the use of his personal data separately. An explicit consent of the user is obtained that the e-mail address of the user and the associated contact data are stored in our database and, if necessary, may be transmitted to the testing center of our sponsor.
For users who have participated in one of our events, it is still possible to log in to our website by providing provided usernames and passwords. The indication of the name of the user or other personal data is not required. Also in the course of the operation of the log-in button personal data is processed, in particular, in turn, the IP address of the user.
All data collected during the registration process and during a log-in will generally not be passed on to third parties. This does not apply if the user has expressly consented to the data storage and transfer to our sponsor. The data processing takes place exclusively for the purpose of the registration to the download of the software Sophena as well as to the information of the user over the software or to the Log-in of the registered user. If the user has given his consent to the storage of his personal data in our database, the data processing also takes place for the purpose of fulfilling our legal obligation to provide proof.
2. The legal basis for the processing of the data, which is processed during the registration for the acquisition of the software Sophena and for information about the software, is Art. 6 para. 1 lit. b DSGVO or, in the case of consent for further storage, Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data processed in the course of sending the registration form and using the log-in button is Art. 6 para. 1 lit. f DSGVO.
3. The processing of the personal data from the input mask of the registration form serves us to carry out the registration and for the purpose of providing the software Sophena as well as for information about the software. If the user has given his consent, the e-mail address entered in the input mask as well as the contact data of the user also serve us for the purpose of fulfilling our obligation to provide evidence to our sponsors, if the disclosure of personal data is required for this purpose.
The other personal data processed during the sending process of the registration form or the activation of the log-in button serve to prevent misuse of the functions and to ensure the security of our information technology systems. This also includes our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
4. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input mask of the registration form, this is the case when the use of the software Sophena is abandoned by the user, the contractual relationship is terminated and no further information requirements exist, unless statutory retention periods preclude deletion. This does not apply if the user has expressly consented to a longer storage of his personal data in our database by granting consent; In this case, the data will be deleted every six years and immediately if the user revokes his consent.
The additional personal data collected during the sending process will be deleted immediately.
VIII. registration form
1. On our website we offer the possibility to register for different events. To do this, the user must complete the provided registration form. In the course of completing the registration form, the following personal data will be processed: Company, first name, last name, address, e-mail address and telephone and / or fax number as well as country origin and title.
In the course of sending the registration form further personal data of the user, in particular its IP address will be processed.
In the course of the registration, the user is separately informed about the use of his personal data. An explicit consent of the user is obtained that the e-mail address of the user and the associated contact data are stored in our database and, if necessary, may be transmitted to the testing center of our sponsor.
All personal data collected in the course of registering for an event will be collected solely for the purpose of carrying out the registration and the following event. A transfer of the data to third parties does not take place. This does not apply if the user has expressly consented to the data storage and transfer to our sponsor; In this case, the personal data will be stored in our database and, if necessary, passed on to our sponsor to fulfill the proof obligations.
2. The legal basis for the personal data processed in the course of the application is Article 6 (1) lit. b DSGVO, as the processing for entering into and carrying out a contractual relationship takes place. In the case of consent for further storage, the legal basis is Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of data processed in the course of sending the registration form is Article 6 (1) lit. f DSGVO. The processing of the personal data in the course of sending the registration form serves to prevent misuse of the functions and to ensure the security of our information technology systems. This also includes our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
3. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. The data entered into the registration form will be deleted as soon as the booked event has been carried out and the contractual relationship has ended, unless statutory periods of retention preclude deletion. This does not apply if the user has expressly consented to a longer storage of his personal data in our database by granting consent. In this case, the data will be deleted immediately if the user revokes his consent.
The additional personal data collected during the sending process will be deleted immediately.
IX. Information about the rights of the persons concerned
If personal data is processed by you, you are a victim in the sense of the GDPR and you have the following rights to the person responsible:
1. Informative very
You may ask for confirmation as to whether personal information concerning you is being processed by us.
If such processing is available, you can request information from the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether the personal data relating to you are transferred to a third country or an international organization. In this regard, you can request the appropriate warranties in accordance with. Art. 46 GDPR to be informed in connection with the transfer.
2. Right to rectification
You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The person in charge must make the correction without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the limitation of the processing according to the o.g. If conditions are restricted, you will be informed by the person in charge before the restriction is lifted.
4. Right to delete
a) Obligation to delete
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3) According to. Art. 21 para. 1 DSGVO objection to the processing and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 DSGVO objection to processing.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
b) Information to third parties
If the person responsible has made the personal data relating to you public and is in accordance with. Article 17 (1) of the GDPR, it shall take appropriate measures, including technical ones, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs. Person requested by them to delete all links to such personal data or to make copies or replicas of such personal data.
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task of public interest or in the exercise of official authority conferring on the controller has been;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data concerning you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
6. Right to data portability
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. You also have the right to submit this information to another person without hindrance by the controller to whom the personal information has been provided, provided that
(1) the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract acc. Art. 6 para. 1 lit. b DSGVO is based and
(2) the processing is done by automated means.
In exercising this right, you also have the right to obtain that personal data relating to you be transmitted directly from one controller to another controller, as far as technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Contradictory legal
You have the right at any time, for reasons that arise from your particular situation, to prevent the processing of your personal data, which, pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.
You also have the right, for reasons arising from your particular situation, to object to the processing of your personal data concerning you for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR Unless the processing is necessary to fulfill a public interest task.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g, and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is against the DSGVO violates.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Straubing, November 04, 2018