Privacy Policy

This English translation is provided for convenience only and is not legally binding. The legally binding version is the German original.

Privacy Policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data, referred to below as “data”, within our online offering and the associated websites, functions and content, as well as external online presences such as our social media profiles, collectively referred to as the “online offering”. With regard to the terminology used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation, referred to as GDPR.

Controller

Munich Maker Lab e.V.
Dachauer Str. 112h
80636 Munich
Germany

Email: info[at]munichmakerlab.de
Legal notice: https://munichmakerlab.de/imprint

Types of Data Processed

• Master data such as names and addresses
• Contact data such as email addresses and phone numbers
• Content data such as text entries, photographs and videos
• Usage data such as visited websites, interest in content and access times
• Meta and communication data such as device information and IP addresses

Categories of Data Subjects

Visitors and users of the online offering, collectively referred to as “users”.

Purpose of Processing

• Provision of the online offering, its functions and content
• Responding to contact inquiries and communicating with users
• Security measures
• Reach measurement and marketing

Definitions

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier such as a cookie, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations performed on personal data, whether or not by automated means. The term covers virtually any handling of data.

Pseudonymization means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures.

Profiling means any form of automated processing of personal data used to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Controller means the natural or legal person, authority, institution or other body which determines the purposes and means of processing personal data.

Processor means a natural or legal person, authority, institution or other body which processes personal data on behalf of the controller.

Legal Basis

In accordance with Article 13 GDPR, we inform you of the legal basis of our data processing. Unless otherwise stated in this privacy policy, the following applies: the legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing for the performance of our services and contractual measures and for responding to inquiries is Article 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR; and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR. In cases where vital interests of the data subject or another natural person require processing, Article 6(1)(d) GDPR serves as the legal basis.

Security Measures

In accordance with Article 32 GDPR, we implement appropriate technical and organizational measures, taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, as well as the likelihood and severity of risks to the rights and freedoms of natural persons.

These measures include ensuring confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure and separation of data. We have also established procedures to ensure data subject rights, data deletion and response to data threats. Furthermore, we consider data protection in the development and selection of hardware, software and procedures, in accordance with the principle of privacy by design and privacy by default pursuant to Article 25 GDPR.

Cooperation with Processors and Third Parties

If we disclose data to other persons or companies, transmit it to them or otherwise grant access, this is done only on the basis of legal permission, your consent, a legal obligation or our legitimate interests. If we commission third parties to process data on the basis of a data processing agreement, this is done in accordance with Article 28 GDPR.

Transfers to Third Countries

If we process data in a third country outside the European Union or the European Economic Area, or if this occurs in the context of using third-party services or disclosing data to third parties, this is done only if it is necessary to fulfill our contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we process data in a third country only if the special requirements of Articles 44 and following of the GDPR are met, for example on the basis of recognized safeguards such as standard contractual clauses.

Rights of Data Subjects

You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about such data in accordance with Article 15 GDPR.

You have the right under Article 16 GDPR to request completion or correction of inaccurate data.

You have the right under Article 17 GDPR to request immediate deletion of data or alternatively restriction of processing under Article 18 GDPR.

You have the right to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to request its transmission to another controller.

You also have the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR.

Right of Withdrawal

You have the right to withdraw consent given pursuant to Article 7(3) GDPR with effect for the future.

Right to Object

You may object at any time to the future processing of your data in accordance with Article 21 GDPR, in particular against processing for direct marketing purposes.

Cookies

Cookies are small files stored on users’ devices. Cookies may store various information. A cookie primarily serves to store information about a user during or after their visit within an online offering.

Temporary cookies, also referred to as session cookies or transient cookies, are deleted after a user leaves the online offering and closes the browser. Persistent cookies remain stored after the browser is closed. Third-party cookies are offered by providers other than the controller operating the online offering.

Users who do not wish cookies to be stored on their device can disable this option in their browser settings. Stored cookies can be deleted in the browser settings. Excluding cookies may result in functional limitations of this online offering.

General objections to online marketing cookies can be declared via http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/.

Deletion of Data

Data processed by us will be deleted or restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated otherwise, stored data will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion. If data is not deleted because it is required for other legally permissible purposes, its processing will be restricted.

Statutory retention periods in Germany generally amount to 10 years for accounting records and 6 years for commercial correspondence. Austrian regulations may require retention for 7 years, 22 years in connection with real estate and 10 years for certain electronically supplied services.

Provision of Our Statutory and Business Services

We process data of our members, supporters, interested parties and other persons in accordance with Article 6(1)(b) GDPR if we offer contractual services or act within an existing relationship. Otherwise, we process data based on our legitimate interests pursuant to Article 6(1)(f) GDPR.

Processed data includes master data, contact data, contract data and payment data where applicable. We delete data when it is no longer required for statutory or business purposes, subject to statutory retention obligations.

Hosting

Hosting services used by us serve to provide infrastructure, platform services, computing capacity, storage, database services, security services and technical maintenance. In doing so, we or our hosting provider process master data, contact data, content data, contract data, usage data and meta data based on our legitimate interests pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR.

Collection of Access Data and Log Files

We or our hosting provider collect data about every access to the server on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR. Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, operating system, referrer URL, IP address and requesting provider.

Log file information is stored for security reasons for a maximum of 7 days and then deleted, unless further retention is required for evidence purposes.

Social Media Presence

We maintain online presences within social networks and platforms to communicate with users active there and inform them about our services. When accessing respective networks, the terms and data processing policies of their operators apply.

Integration of Third-Party Services and Content

Within our online offering, we use content or service offerings from third-party providers based on our legitimate interests pursuant to Article 6(1)(f) GDPR in order to integrate their content and services such as videos or fonts.

This requires that third-party providers perceive users’ IP addresses, as content cannot be delivered without them. Third-party providers may also use pixel tags for statistical or marketing purposes.

Vimeo

We may embed videos from Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA. Privacy policy: https://vimeo.com/privacy. Vimeo may use Google Analytics.

YouTube

We embed videos from YouTube, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/.

Google Fonts

We integrate fonts from Google LLC. Privacy policy: https://www.google.com/policies/privacy/.

OpenStreetMap

We integrate maps from OpenStreetMap, provided by the OpenStreetMap Foundation under the ODbL license. Privacy policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.

According to our knowledge, user data is used solely for displaying map functions and caching selected settings. Data may include IP addresses and location data.

Data may be processed in the United States.

Created with Datenschutz-Generator.de by Attorney Dr. Thomas Schwenke.