Privacy policy for the app “BMW BERLIN-MARATHON”
The following English version of the Privacy Notice is provided solely to aid in understanding. In the event of any conflicts arising about wording, the German original version shall be exclusively binding for all parties involved.
The purpose of this privacy policy is to inform users of the ‘BMW BERLIN-MARATHON’ app about the processing of their personal data that is collected and processed via this app.
The protection of app users' personal data is important to us. Our data protection practice is in accordance with the legal regulations of the EU's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The following data protection declaration serves to fulfil the information obligations resulting from the GDPR. These can be found, for example, in Article 13 and Article 14 ff. GDPR.
Responsible person
The controller within the meaning of Article 4 No. 7 GDPR is the party who alone or jointly with others determines the purposes and means of the processing of personal data.
With regard to our website, the responsible party is:
SCC EVENTS GmbH
Olympiapark Berlin, Hanns-Braun-Strasse/Adlerplatz
14053 Berlin
Germany
E-mail: impressum@scc-events.com
Tel: +49 3030128810
Fax: +49 3030128840
Contact details of the data protection officer
We have appointed a data protection officer in accordance with Article 37 of the GDPR. You can reach our data protection officer under the following contact details:
Nicole Rosenfeld, c/o SCC EVENTS GmbH, Datenschutz
Olympiapark Berlin, Hanns-Braun-Strasse/Adlerplatz
14053 Berlin
Germany
E-mail: datenschutz@scc-events.com
Provision of the app
When using the app, our system automatically collects data and information from the device accessing the app (e.g. mobile phone, tablet, etc.).
Log data when using the app
Type of data processed
- App version, installation and operating system
- The IP address of the accessing device
- Name of the telephone
- Date and time of access
- Resources (images, files, other page content) that are offered and accessed via the app
- Message as to whether the retrieval was successful
- Amount of data transferred
This data is stored in the system's log files. This data is not stored together with other user data.
Purpose of the data processing
Usage data is stored and processed to maintain the compatibility of our app for as many users of the app as possible, to combat misuse and to rectify faults in order to be able to react as quickly as possible to display errors, attacks on our IT systems and/or errors in the functionality of our app. We also use the data to optimise the app and to generally ensure the security of our IT systems.
If other purposes become relevant with regard to the aforementioned data types (for example, when providing or using certain functions), these are described in the respective chapter of this privacy policy.
Legal basis for data processing
Article 6(1)(f) GDPR (balancing of interests). Our legitimate interest is to ensure the functionality of our app.
Duration of data storage
App usage data is deleted as soon as it is no longer required. This is usually the case 3 months after the last use of the app.
Objection and erasure options
Users of the app can object to the processing at any time on the basis of a balancing of interests in accordance with Article 21 GDPR and request the erasure of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this privacy policy.
Information on in-app browsers and external links
The app contains various additional offers that are either services provided by SCC EVENTS or by third-party providers. All further offers are labelled as links. That ensures that only SCC EVENTS material (such as FAQs for the event, legal texts regarding the app) is provided via in-app browsers, in order to ensure that the app integrates our own offers via the app with only the necessary minimum of data processing activities for the users of the app and their end devices. In-app browser links are visually displayed as hyperlinks.
If an additional offer is not technically provided within the in-app browser function and thus is presented as a hyperlink, the URL of the additional offer is named in full. This ensures that the additional offer is only accessed at the explicit request of the app user and is technically implemented independently of the app with the freely selectable browser of the end device. The data protection declarations of the respective site operator apply to all additional offers from the moment these links are called up.
Type of data processed
- App version, installation and operating system
- The IP address of the accessing device
- Name of the telephone
- Date and time of access
- Resources (images, files, other page content) that are offered and accessed via the app
- Message as to whether the retrieval was successful
- Amount of data transferred
This connection data is not stored together with other usage data.
Purpose of the data processing
The provision of additional offers and information is part of the app's service and the subject of the app's content design. The use of the additional offers by clicking on the labelled links is neither contractually nor legally required and is voluntary.
Legal basis for data processing
Art. 6(1)(a) GDPR (consent) with regard to the decision to use the additional offers. The use of marked links is voluntary and can be cancelled at any time.
Duration of data storage
The connection data is deleted as soon as it is no longer required. This is usually the case after successful retrieval of the additional offers.
The deletion of additional offers in the content of the app is not intended. Marked links remain the subject of the app as long as the app offer exists.
Withdrawal and deletion options
Users of the app can cancel the retrieval and display of additional offers at any time and also request the deletion of data in accordance with Art. 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this Privacy Policy.
Functions and authorisations of the app
When using the app, further personal data is processed via the app depending on the use of individual functions.
Language settings
Purpose of the data processing
After downloading the app, content (menu navigation, information, legal texts) is displayed in either German or English. The language display depends on the available information from the operating system of the end device. As soon as the settings in the operating system are changed, this may affect the language display.
Type of data processed
To display the language, the app uses information from the settings in the operating system of the respective end device.
Legal basis for data processing
Article 6(1)(f) GDPR (balancing of interests): The automatic selection of the language display makes it easier for users of the app to interact with the content provided and enables uncomplicated, immediate use of the app.
Duration of data storage
The language display data is not deleted as long as the app is installed on the end device and remains stored locally in the app. The data used to determine the display language can be changed at any time (e.g., through the operating system settings of the end device). Uninstalling the app terminates access to the operating system settings of the end device.
Objection and deletion options
Users of the app can object to the processing at any time on the basis of a weighing of interests in accordance with Article 21 GDPR and request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this privacy policy.
Share function
Purpose of the data processing
The ‘share’ function is available for some selected content in the app. The share function can be used to share links and information from the app via other applications installed on the end device.
Type of data processed
To provide the sharing function, the app uses information from the settings in the operating system of the respective end device. The app does not access other applications on the end device. The app's sharing function cannot be used without access to the operating system settings.
Legal basis for data processing
Article 6(1)(b) GDPR (fulfilment of contract): Using the ‘share’ function involves accessing the app's operating system settings on the end device.
Duration of data storage
The data is deleted as soon as it is no longer required. This is usually the case after the ‘share’ function has been made available. Use of the share function is not stored in the app. Terminating the app, closing the app and/or cancelling the sharing function and uninstalling the app will terminate access to the operating system settings of the end device.
Deletion option
Users of the app can request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this privacy policy.
GPS tracking and location data
GPS (Global Positioning System) makes it possible to locate the position (coordinates) and determine the speed of individual persons via the change in position resulting from the movement.
GPS positioning is based on satellite technology and can only take place if the GPS signal availability at the respective location of the end device is sufficient and the app has been granted the corresponding authorisation. GPS tracking via the app takes place from the start of the function.
Purpose of the data processing
The GPS data forms the basis for determining the current locations of the respective app users. Both participants and visitors to the BMW BERLIN-MARATHON event can use the GPS tracking function to query and display their current location in connection with the map material provided in the app.
For participants of the BMW BERLIN-MARATHON who are logged into the app, the data of their exact location determined by GPS tracking will be synchronised with the SCC EVENTS servers and displayed in the live results services (e.g. app users, website visitors). A prerequisite for the synchronisation and display of the location data is the individual pre-setting of the tracking release in the SCC EVENTS booking portal. The GPS tracking function for logged-in participants is limited in time to the duration of the BMW BERLIN-MARATHON event and in space to the event area. The GPS location data is no longer displayed in the live results services after reaching the finish line.
Users of the app who are not logged in have the option of having their location displayed in the app via ‘locate me’. This location data is neither synchronised with the SCC EVENTS servers nor published. The ‘locate me’ function is limited to the use of the app and the location data is stored exclusively in the app. The ‘locate me’ function for non-logged-in users of the app is available for an unlimited time and space.
Location data will not be used to create movement profiles beyond the current location and will not be logged or stored by us. The location data from the GPS tracking will not be processed to determine the result times of the participants of the BMW BERLIN-MARATHON.
Type of data processed
- Altitude
- Network operator
- Connection type
- Battery level
- Horizontal accuracy
- Latitude/longitude
- Timestamp
- Vertical accuracy
For logged-in participants, the location data is merged, synchronised and published in conjunction with the personal data as long as tracking has been approved. Details on the scope of personal data are described in the ‘Participant display and map material’ section of this Privacy Policy. The storage of this data together with the personal data of BMW BERLIN-MARATHON participants is necessary in order to be able to fully utilise the GPS tracking functions. Without the granting of authorisation for GPS tracking, the determination of the location and the display in the map material cannot be used / can only be used to a limited extent.
For users who are not logged in to the app, the location data will not be merged, synchronised or published with other data.
Legal basis for data processing
Article 6(1)(a) GDPR (consent): The use of the functions ‘Locate-Me’ (for all users of the app) and ‘Start Tracking’ (for logged-in participants of the BMW BERLIN-MARATHON with tracking approval) includes the activation of GPS-based location data determination to provide the requested function.
Duration of data storage
The data is deleted as soon as it is no longer required. This is usually the case after the GPS location data has been delivered. As long as the GPS tracking function is activated, the GPS data is updated at intervals of approx. 30 seconds. Revoking the app authorisation for GPS tracking in the operating system settings or in the app and uninstalling the app will stop the processing of location data. The display of GPS location data is also automatically deactivated by the app at the end of the BMW BERLIN-MARATHON event. The GPS tracking function will then no longer be available to app users and all associated data processing activities will be automatically terminated.
Cancellation and deletion options
Users of the GPS tracking functions can revoke their consent at any time (directly in the menu navigation of the app or via the device settings) and also request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this Privacy Policy.
#berlinlegend CAM
Purpose of the data processing
The ‘berlinlegend CAM’ function involves taking photos with a selectable camera on the end device. The respective photo is then given a BMW BERLIN-MARATHON photo frame, which is provided in the app. The photo created is generated and saved locally on the respective end device.
Type of data processed
To use the function, the app requires access to the camera settings and the file folders (media or photos) of the end device. Without these app authorisations, the #berlinlegend CAM function of the app cannot be used / can only be used to a limited extent.
Legal basis for data processing
Article 6(1)(b) GDPR (fulfilment of contract): The use of the ‘#berlinlegend CAM’ function includes the app's access to the aforementioned data of the end device.
Duration of data storage
The data is deleted as soon as it is no longer required. This is usually the case after the generated photo has been provided with the BMW BERLIN-MARATHON photo frame. The generated photos are not stored in the app. Revoking the authorisations in the settings of the operating system or directly in the app as well as uninstalling the app will terminate the access permissions to the camera and the files of the end device.
Deletion option
Users of the app can request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert these rights are described at the bottom of this Privacy Policy.
‘Search for participants’ and ‘mark favourites’ functions
Purpose of the data processing
The ‘search for participants’ and ‘mark favourites’ functions are available to all users of the app. After using the ‘search for participants’ function, up to 25 participants of the event can be clearly displayed in a list using the ‘mark favourites’ function. Marked favourites are saved locally in the app in the ‘favourites’ menu item.
Type of data processed
To use the ‘search for participants’ functions, the data of the person being searched is processed after the user enters it in the search field provided. This is the surname, first name or start number or the club name of the participants. Depending on which individual tracking settings the person being searched has made, it may also be necessary to enter a personalised tracking code. This code is made available to the BMW BERLIN-MARATHON participant being searched.
The app does not require any authorisations to use the ‘mark favourites’ function; a favourite ID is stored in the app for each marking.
Legal basis for data processing
Article 6(1)(b) GDPR (fulfilment of contract): The search function for participants and the storage of marked favourites is an offer of the app. It is up to the user to decide which people are searched for and marked as favourites.
Duration of data storage
The data is deleted as soon as it is no longer required. Favourites can be unmarked at any time in the app. Uninstalling the app also ends the storage of marked favourites.
Deletion option
Users of the app can request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert these rights are described at the bottom of this Privacy Policy.
Participant display and map settings
Purpose of the data processing
The use of the ‘participant search’ and ‘mark favourites’ functions generates the provision of information about participants in the BMW BERLIN-MARATHON event in the app. The scope of the displayed data for app users depends on the individual data protection settings of the participants, which were made in the SCC EVENTS booking portal under the tracking release settings.
Type of data processed
The following data is used to display information about participants who have granted tracking authorisation: bib number, first name, surname, gender, age group, nationality, club name and type of participation (runner, skater, etc.). The data is supplemented by the timing data to create information regarding the estimated position on the course, which is based on the intermediate times and the resulting calculated times for the respective person. The estimated position can be supplemented by the location data determined by GPS tracking, provided the person in question has activated the ‘GPS tracking’ function.
Individual user settings are processed in the app to display the map material. Distances can be displayed either in ‘miles’ or ‘kilometres’. The map view can be adjusted at any time.
Legal basis for data processing
Article 6(1)(a) GDPR (consent): The display of participants in the app is based on the explicit consent of participants who have activated the ‘tracking approval’ function in the SCC EVENTS booking portal. Tracking approval can be deactivated at any time.
Duration of data storage
The data will be deleted as soon as it is no longer required. This is usually the case after the end of the event. As soon as the information displayed is no longer required and delivery of the participant display is no longer desired, the data in the display is deleted. Exception: If a favourite has been marked (see the ‘participant search’ and ‘mark favourite’ section of this privacy policy) the favourite marking must first be removed. The displayed data will also be deleted if the respective person has ended their tracking approval and has not been marked as a favourite by app users at that time. The person you are searching will then no longer be displayed.
The map material does not get deleted. Individual settings for the map display remain saved in the app until they are changed or the app is uninstalled.
Withdrawal and deletion option
Participants of the BMW BERLIN-MARATHON can revoke their consent to the visibility and the associated display of their data at any time (settings for tracking release in the SCC EVENTS booking portal) and also request the deletion of data in accordance with Article 17 GDPR. Users of the app can cancel the participant display at any time and request the deletion of the data displayed in the app.
The rights to which users are entitled and how they can assert these rights are described at the bottom of this Privacy Policy.
Log-in area for participants
Purpose of the data processing
In the log-in area, participants of the BMW BERLIN-MARATHON can view their individual information about their participation in the BMW BERLIN-MARATHON, for example start group, start time, result list data, timing data.
The log-in area for BMW BERLIN-MARATHON participants also includes the function to manage their own GPS tracking settings. GPS tracking can only be authorised using the app and depending on the visibility of the personal tracking authorisation. Further information can be found in the ‘GPS tracking and location data’ section of this Privacy Policy.
For these aforementioned purposes, log-in data is requested and compared with the user account data of the online booking portal before a participant can use the log-in area.
Type of data processed
To use the log-in area, selected data must be provided by the participant in the app: Registration ID and date of birth.
This data is compared with the systems of SCC EVENTS (user account of the online booking portal) in order to verify the identity and participation in the BMW BERLIN-MARATHON of the requesting person. If the data matches the information in the user account and for participation in the BMW BERLIN-MARATHON, the log-in area can be used. If the data does not match the information in the user account, the log-in area cannot be used and the request for access will be answered with an error message in the app.
After successful log-in, the following user account data is provided locally in the app and used for the above-mentioned purposes: Start number, First name, Surname, Gender, Age group, Nationality, Club name
This data will be clearly displayed before the start of the BMW BERLIN-MARATHON event: Start group and start time
At the end of your participation in the BMW BERLIN-MARATHON, this data will also be clearly displayed: Timing data: split times and finish time
The scope of the data is supplemented by individual settings in the booking portal on the subject of ‘tracking approval’ and/or the activation of the app's GPS tracking function.
Legal basis for data processing
Article 6(1)(b) GDPR (fulfilment of contract): The provision and use of the ‘log-in area’ function is an offer of the app.
Article 6(1)(f) GDPR (balancing of interests): Access authorisation is verified on the basis of log-in data to protect the user accounts of all participants. The provision of user account data after successful log-in is carried out to achieve the above-mentioned purposes and to provide further offers of the app.
Article 6(1)(a) GDPR (consent): The GPS tracking function is based on the explicit consent of the participants who activate this function. Deactivation is possible at any time.
It is not possible to use the content protected by the login area without entering personal data. If participants wish to use the login area, they must complete the fields marked as mandatory. The entry of data requires the existence of a user account in the SCC EVENTS booking portal. Registration is not possible if the data entered is incorrect. If the data is entered incorrectly or not at all, the protected area cannot be used.
Duration of data storage
The data entered to compare access authorisation is deleted as soon as it is no longer required. This is usually the case after a successful log-out or after the error message. After a successful log-in, the log-out function is available to participants and causes the log-in data to be deleted and the transferred user account data to be deleted in the app. The log-in data will also be deleted without the need for an active log-out at the latest two weeks after the end of the BMW BERLIN-MARATHON event when the app is accessed again. The log-in function is only available for the duration of the organisation and execution of the event. Uninstalling the app terminates the processing of the log-in data and the associated locally stored data from the user account.
The app can also be used without the log-in function.
Withdrawal, objection and deletion options
Users of the log-in function can object to the processing at any time on the basis of a weighing of interests in accordance with Article 21 GDPR. Users of the ‘GPS tracking’ function can revoke their consent at any time in accordance with Article 7 GDPR (directly in the menu navigation of the app or via the device settings). Users can request the deletion of data in accordance with Article 17 GDPR. The other rights to which users of the log-in function are entitled and how they can assert them are described at the bottom of this Privacy Policy.
Push notifications
Purpose of the data processing
The ‘push notifications’ function enables users of the app to receive selected information as an instant message on their device. The scope of the messages depends on the settings offered in the app for push messages. Push notifications are only delivered/displayed with the active consent of the user.
Type of data processed
To use the ‘push messages’ function, the time of registration (date, time), the desired scope of push messages (sorted by topics provided in the app) and a push token or device ID are stored in our systems. This data is used on the one hand to send the push messages to the user and on the other hand to provide proof of registration.
Legal basis for data processing
Article 6(1)(a) GDPR (consent): Push notifications are only provided if users have actively confirmed that they wish to receive push notifications from the app.
Duration of data storage
The data is deleted as soon as it is no longer required, i.e. it is stored for as long as the function for receiving push notifications is active. This is usually the case once the function for receiving push notifications has been deactivated. The delivery of push notifications can be cancelled in the operating system settings or in the app. Uninstalling the app also ends the processing of data for the fulfilment of the ‘push messages’ function.
Withdrawal and deletion options
Users of the ‘push notifications’ function can revoke their consent in accordance with Article 7 GDPR at any time (directly in the menu navigation of the app or via the device settings). Users can request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this privacy policy.
Statistical analysis of app usage
When the app is used, log data about the app is processed. Details on the log data are described in the section ‘Provision of the app’. We use this log data exclusively and after approval of the app users in a non-personalised form for the continuous improvement of our app offerings and for statistical purposes. We use the following analysis services to evaluate the use of this app:
Usage behaviour with Firebase Analytics
We use the Firebase Analytics service of Google Ireland Ltd, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: www.google.com for the following purposes in this app. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Article 45 GDPR (hereinafter: DPF - commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer. The provider's certification under the EU-US Data Privacy Framework can be found at www.dataprivacyframework.gov/list. Further information on data protection can be found in the Firebase Analytics privacy policy: support.google.com/firebase/answer/6318039.
Purpose of the data processing
Firebase Analytics is an app tracker that is provided by Google via the ‘Firebase’ programming platform and analyses the behaviour of app users and their interactions with our app and provides us with evaluations (so-called tracking). We have integrated Google Analytics so that the service can compile an analysis of the usage behaviour of app users. For this purpose, Google collects the interactions of app users with our app and, if applicable, existing information resulting from the reading of other authorisations of the respective end device and prepares it statistically for us. Google uses data processing technologies that enable the traceability of individual app users and their interaction with other Google services. Data from other Google services is also used to close data gaps and create comprehensive statistics on the content of our app using machine learning technologies, modelled statistics and forecasting functions. If Firebase Analytics is activated by the app user, the data collected by Google is transferred to servers of Google Ireland Limited. As part of order processing, personal data may also be transferred to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, CA United States. We carry out the analysis using Firebase Analytics in order to constantly optimise our app offering and make it more readily available. This is a so-called reach measurement.
Type of data processed
For the processing itself, either we or the Firebase Analytics service collect the following data: number of users and sessions, session duration, operating systems, device models, region, first-time starts, app executions, app updates. This data is not supplemented by further information from users or their end devices (such as advertising ID or IDFA or manufacturer ID). This is technically ensured by the developer settings in our app.
Legal basis for data processing
Article 6(1)(a) GDPR (consent): The evaluation of usage behaviour using Firebase Analytics only takes place if users of the app have actively given their consent to this.
Duration of data storage
Firebase Analytics will store the data relevant for the evaluation of user behaviour for as long as it is necessary to fulfil the booked service. Data collection and storage is anonymised. Insofar as individual interactions by app users make it possible to subsequently establish a personal reference to specific actions, we will delete the collected data once the purpose has been achieved. As a rule, we will delete the data after 12 months at the latest.
Withdrawal and deletion options
Users who have given their consent to the evaluation of usage behaviour can revoke their consent at any time in accordance with Article 7 GDPR (directly in the menu navigation of the app or via the device settings). Users can request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this privacy policy.
Crash reports with Firebase Crashlytics
We use the Firebase Crashlytics service of Google Ireland Ltd, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: www.google.com for the following purposes in this app. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF - commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer. The provider's certification under the EU-US Data Privacy Framework can be found at www.dataprivacyframework.gov/list. Further information on data protection can be found in Firebase Crashlytics' privacy policy at firebase.google.com/support/privacy.
Purpose of the data processing
The Firebase Crashlytics service is used to transfer anonymous information to Google's servers in the event of a crash or malfunction of our app and to analyse it statistically. This information does not contain any personal data. It is a so-called crash report. We use the information from the crash reports to improve the functionality of our app.
Type of data processed
For the processing itself, either we or the Firebase Crashlytics service collect the following data: state of the app at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the end device, last log messages.
Legal basis for data processing
Article 6(1)(a) GDPR (consent): The (automated) sending of report-relevant data using Firebase Crashlytics only takes place if users of the app have actively given their consent to this.
Duration of data storage
Sent crash reports are not deleted. The function for sending crash reports using Firebase Crashlytics can be deactivated at any time. Data will then no longer be stored or transmitted.
Cancellation and deletion options
Users who have given their consent to the transmission of crash reports can revoke their consent at any time in accordance with Article 7 GDPR (directly in the menu navigation of the app or via the device settings). Users can request the deletion of data in accordance with Article 17 GDPR. The rights to which users are entitled and how they can assert them are described at the bottom of this privacy policy.
Data security and data protection when communicating by email
When using email addresses from our contact information provided in the app, we use technical and organisational measures to protect personal data during collection, storage, and processing so that it is not accessible to third parties. In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.
Data security and data protection when communicating by review via the app stores
When using the ‘Review’ function via the app stores, personal data is published and can also be rated by other app store users. SCC EVENTS is not responsible for data processing in the app stores but will provide responses to support requests via the ‘Review’ function. We cannot guarantee the confidentiality of data and information in the case of public communication via the ‘Review’ function, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.
Your rights
Right to information
You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you have the right to be informed about the information named in Article 15(1) GDPR, insofar as the rights and freedoms of other persons are not affected (cf. Article 15(4) GDPR). We will also be happy to provide you with a copy of the data.
Right of rectification
In accordance with Article 16 GDPR, you have the right to have any incorrect personal data stored with us (e.g. address, name, etc.) corrected at any time. You can also request that the data stored with us be completed at any time. A corresponding adjustment will be made immediately.
Right to erasure
Pursuant to Article 17(1) GDPR, you have the right to demand that we delete the personal data we have collected about you if:
- the data is either no longer required;
- the legal basis for the processing has ceased to exist without replacement due to the withdrawal of your consent;
- you have objected to the processing and there are no legitimate grounds for processing;
- your data is processed unlawfully;
- a legal obligation requires this or a collection pursuant to Article 8(1) GDPR has taken place.
Pursuant to Article 17(3) GDPR, this right does not exist if:
- processing is necessary for the exercise of the right to freedom of expression and information;
- your data have been collected on the basis of a legal obligation;
- processing is necessary for reasons of public interest;
- the data are necessary for the assertion, exercise or defence of legal claims.
Right to restriction of processing
According to Article 18(1) GDPR, you have the right in individual cases to demand the restriction of the processing of your personal data. This is the case when:
- the accuracy of the personal data is disputed by you;
- the processing is unlawful and you do not consent to its deletion;
- the data is no longer needed for the purpose of processing, but the collected data is used for the assertion, exercise or defence of legal claims;
- an objection to the processing has been lodged pursuant to Article 21(1) GDPR and it is still unclear which interests prevail.
Right to data portability
Pursuant to Article 20 GDPR, you have a right to the transfer of personal data relating to you. We will provide the data in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.
We provide you with the following data upon request pursuant to Article 20(1) GDPR:
- Data collected on the basis of explicit consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR;
- Data that we have received from you in accordance with Article 6(1)(b) GDPR within the scope of existing contracts;
- Data that has been processed within the scope of an automated procedure.
We will transfer the personal data directly to a data controller of your choice as far as this is technically feasible. Please note that we are not permitted to transfer data that interferes with the freedoms and rights of other persons pursuant to Article 20(4) GDPR.
Right of withdrawal
If you have given us express consent to process your personal data (Article 6(1)(a) GDPR or Article 9(2)(a) GDPR), you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
Right to object
In accordance with Article 21 GDPR, you have the right to object at any time to the processing of personal data relating to you that has been collected on the basis of Article 6(1)(f) (in the context of a legitimate interest). You only have this right if there are special circumstances against the storage and processing.
How do you exercise your rights?
You can exercise your rights at any time by contacting us using the contact details below:
SCC EVENTS GmbH
Olympiapark Berlin, Hanns-Braun-Strasse/Adlerplatz
14053 Berlin
Germany
E-mail: impressum@scc-events.com
Tel: +49 3030128810
Fax: +49 3030128840
Right of appeal to the supervisory authority
If you suspect that your data is being processed illegally on our site, you can of course have the issue clarified by the courts at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Article 77(1) GDPR. The right of complaint pursuant to Article 77 GDPR is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the above-mentioned places. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Article 78 GDPR.