Stand: July, 2020

Privacy Policy

I. General / Content of this Privacy Policy Statement

In this privacy policy statement, we, the Factory Works GmbH (“Factory Berlin”), inform you about the processing of personal data when using our website.

Personal data is information that relates to an identified or identifiable person. This includes, above all, information that makes it possible to draw conclusions about your identity, such as your name, telephone number, address or e-mail address. Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term “personal data“.

You may print or save this Privacy Policy by using the usual functionality of your browser.

II. Contact Person

Contact person and so-called person responsible for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (“GDPR”) is

Factory Works GmbH
Rheinsberger Str. 76/77
10115 Berlin

E-Mail: [email protected]

If you have any questions about privacy in connection with our products or the use of our website, you can always contact our data protection officer. Our data protection officer can be reached at the above mentioned postal address as well as at the previously stated e-mail address (keyword: “for the attention of the data protection officer”).

III. Data Processing on our website

1. Access of our website / Access data

Every time we use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:

  • IP address of the requesting device;
  • date and time of request;
  • address of the website and the requesting website;
  • information about the used browser and the operating system;
  • online identifiers (e.g. device IDs, session IDs).

The data processing of this access data is necessary to enable the visit of the website and to ensure the long-term functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above to 14 / 8 provide statistical information on the use of our website in order to further develop our website in terms of the usage habits of our visitors (for example, as the share of mobile devices increases, with which the pages are retrieved) and to maintain our website in general administration. The legal basis of this is Art. 6 para. 1 sentence 1 lit. b GDPR.

The information stored in the log files does not allow any direct inference to your person – in particular, we store the IP addresses only in a shortened, anonymized form. The log files are storedfor thirty (30) days and are archived after subsequent anonymization.

2. Contact/Communication

You have different ways to get in touch with us. This includes the contact form, the registration for events or the possibility to send an e-mail. In this context, we process data solely for the purpose of communicating with you. The legal basis of this is Art. 6 para. 1 sentence 1 lit. b GDPR. The data collected by us when using the contact form will be automatically deleted after full processing of your request, unless we still need your request for the fulfillment of contractual or legal obligations (see section “Storage period“).

3. Registration / Membership

You have the opportunity to apply for a Factory Berlin membership to be able to use the login area and the full functional range of our website. For the processing of the contract, we collect the following mandatory information from you:

  • first and last name;
  • gender identity;
  • nationality;
  • date of birth;
  • full address;
  • e-mail address;
  • password;
  • job and company;
  • skills;
  • interests;
  • objectives;
  • photo;
  • billing and shipping address.

We have highlighted these mandatory data that you are required to enter by marking them as mandatory fields. Without this data, the registration is not possible. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Newsletter

You can subscribe to our newsletters, where we keep you up to date with news about our products, our Factory Berlin membership, events and promotions.

To order our newsletters, we use the so-called double opt-in procedure, d. H. We will only send you newsletters by email if you confirm by clicking on a link in our notification e-mail that you are the owner of the e-mail address provided. If you confirm your email address, we will save your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletter and to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the above or in the newsletter specified contact information (e.g. by e-mail or letter) is of course also sufficient. The legal basis of the processing is your consent acc. Art. 6 para. 1 lit. a GDPR.

In our newsletters, we use commercially available technologies that measure the interaction with the newsletters (e.g. opening the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics that are embedded 14 / 9 in the newsletter (so-called pixels). The data are collected exclusively pseudonymized and are not linked with your other personal information. The legal basis for this is your consent according to Art. 6 para. 1 lit. a GDPR. Through our newsletter, we want to share content relevant to our members and better understand what readers are actually interested in. If you do not want us to analyze the usage behavior, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. The data for the interaction with our newsletters are stored in pseudonymous form for thirty (30) days and are then completely anonymized.

5. Surveys and Raffles

If you participate in one of our surveys, we use your data for market and opinion research. We evaluate the data anonymously for internal purposes. Unless surveys are exceptionally evaluated anonymously, the data will be collected only with your consent. In the case of anonymous surveys, the GDPR is not applicable and in the case of exceptionally personal evaluations, the legal basis is the aforementioned consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

In the context of raffles we use your data for the purpose of the execution of the raffle and the profit notification. Detailed information can be found in the terms and conditions of the respective competition. The legal basis of the processing is the lottery contract, Art. 6 para. 1 sentence 1 lit. b GDPR.

6. Usage of Own Cookies

For some of our services it is necessary that we use so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or to load viruses on your computer. The main purpose of our own cookies is rather to provide you with a tailor-made offer and to make the use of our services as time-saving as possible.

Most browsers are set by default to accept cookies. You can, however, adjust your browser settings to refuse cookies or save them only with prior consent. If you refuse cookies, not all of our offers will work for you smoothly.

We use own cookies in particular

  • for login authentication;
  • for load distribution;
  • to note that you have been shown information placed on our website – so that it will not be displayed again the next time you visit the website.

We want to enable you a more comfortable and individual use of our website. These services are based on our aforementioned legitimate interests. The legal basis of this is Art. 6 para. 1 sentence 1 lit. f GDPR.

We also use cookies and similar technologies (such as web beacons) from partners for analysis and marketing purposes. This is described in more detail in the following sections.

7. Usage of Cookies and comparable technologies for analysis purposes

If you have given us your consent via the cookie banner displayed on our website, we use cookies and similar technologies (e.g. web beacons) to statistically collect and analyze general usage behavior based on access data. We also use analytics services to evaluate the use of our various marketing channels.

The legal basis for the data processing described in the following section is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.

 

1. Google Analytics

Our website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies and similar technologies to help us analyze and improve our website based on your user behavior. The data collected in this context can be transferred from the social networks to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, the social networks have submitted to the EU-US Privacy Shield. However, your IP address will be truncated prior to evaluating usage statistics so that no one can identify your identity. For this purpose, Google Analytics has been enhanced on our website with the code “anonymizeIP” to ensure an anonymized collection of IP addresses.

Google will process the information obtained through cookies in order to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage.

You may configure your browser to refuse cookies, as outlined above, or you may prevent the collection of data (including your IP address) generated by cookies and related to your use of this website, as well as the processing of such data by Google by downloading and installing the Google-provided browser add-on. As an alternative to the browser add-on or if you call our website from a mobile device, please use this opt-out link. This will prevent the collection by Google Analytics within this website in the future (the opt-out works only in the browser and only for this domain). If you delete your cookies in this browser, you must click this link again.

For more information, see Google’s Privacy Policy.

 

2. Pixel

For marketing purposes, our website uses so-called conversion and retargeting tags (also “pixels”) of the social networks Facebook, LinkedIn and Twitter.

Facebook is a service offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”) for users outside the United States and Canada and by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”) for all other users. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA (“LinkedIn”). Twitter is a service offered by Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA.

We use pixels to analyze the overall usage of our websites and to track the effectiveness of advertising (“conversion”). We also use pixels to “retarget” your advertising messages based on your interest in our products. The social networks process data that the service collects via cookies, web beacons and comparable storage technologies on our website.

If you are a member of the relevant social network, it may also link the information collected about your visit to us to your member account and use it for targeted advertising.

The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection information of the respective networks:

  • Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (Users from USA and Canda) and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (all other users), Privacy policy and further information about the data processing.
  • LinkedIn Corporation, LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085 USA, Privacy policy.
  • Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA, Privacy policy.

IV. Transfer of Data

A transfer of the data collected by us takes place only if:

  • you are required under Art. 6 para. 1 sentence 1 lit. a GDPR to have given your explicit consent;
  • disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data;
  • in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR you are required by law to disclose; or
  • this is legally permissible and according to Art. 6 para. 1 sentence 1 lit. b GDPR this is required for the execution of contractual relationships with you or for the execution of pre-contractual measures, which are carried out at your request.

Part of the data processing can be done by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, but is not limited to, data centers that maintain our website and databases, IT service providers who maintain our systems, and consulting firms. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures to protect the rights of the persons concerned and are regularly monitored by us.

In addition, it may be disclosed in connection with government inquiries, court orders and legal proceedings if required for the prosecution or enforcement.

Amazon Web Services

Your data will be partially processed on servers provided by Amazon Web Services, a service of Amazon Web Services Inc., 410 Terry Avenue North, Seattle, Washington 98109, USA (“AWS”). AWS servers connect your device to the content on our website. The servers we use are usually located within the European Union. However, for technical reasons, parts of your data may also be processed in countries outside the European Economic Area, especially in the United States. To protect your privacy, AWS participates in the EU-US Privacy Shield. In addition, we have entered into a special contract with AWS that meets the requirements of the standard contractual clauses of the European Commission. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO, based on our legitimate interest in securely and reliably storing the contents of our website by external service providers, while at the same time reducing our own efforts to provide the IT infrastructure of our website.

Google Drive

We use Google Drive to store the work results of our Circles. Google Drive is a cloud storage service of Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; “Google”). In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. When you visit our website, Google receives information that our website has been accessed from the IP address of your terminal device. The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f DSGVO, based on our legitimate interest in providing a cloud storage service as part of the Circles events. If you visit the Google-Drive website while logged into your Google profile, Google may link this event to your Google profile. If you do not wish to be associated with your Google profile, it is necessary for you to log out of Google before calling up the Community Google Drive. Google stores your data and uses it for the purposes of advertising, market research and Google’s personalised presentation. You can object to this data collection by Google. Further information can be found in Google’s privacy policy and in Google Drive’s privacy policy.

V. Storage Period

As a matter of principle, we store personal data only as long as necessary to fulfill the contractual or legal obligations for which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements. For evidence, we must retain contract information for three (3) years from the end of the year in which the business relationship ends with you. Any claims become statute-barred after the legal limitation period at the earliest at this time. Even after that we have to save some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from the German 14 / 12 Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two (2) to ten (10) years.

VI. Your Rights

You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing to you as part of the provision of information and provide an overview of the data stored about your person. If data stored by us should be incorrect or out-of-date, you have the right to have this information corrected. You can also request the deletion of your data. If deletion is not possible by way of exception due to other regulations, the data will be blocked so that they are only available for this legal purpose. You can also restrict the processing of your data, for example, if you believe that the information we hold is incorrect. You are also entitled to data portability. D. h. we will send you a digital copy of the personal information you provide on request.

To exercise your rights as described here, you can always contact the above contact information. This also applies if you wish to receive copies of warranties to prove adequate data protection.

In addition, you have the right to object to data processing, which is based on Art. 6 para. 1 lit. e or f GDPR. Finally, you have the right to complain to the Data Protection Inspectorate responsible for us. You may assert this right with a regulatory authority in the Member State of your residence, your place of work or the place of alleged infringement. In Berlin, the headquarters of Factory Works GmbH, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

VII. Video Surveillance

At the Factory Berlin campuses there is a need for video surveillance for the purpose of theft and vandalism prevention as well as protection of property and domiciliary right. For this reason, cameras have been installed at various locations. In particular, the building entrances, the stairwells, the inner courtyards and the elevator entrances are recorded. This serves to avert danger situations for members and employees of Factory Berlin and to clarify fraudulent acts or property offences. The recorded areas are marked with a corresponding information sign. The workspace and community areas are not recorded. The recordings are soundless. The recorded data is overwritten regularly and will be deleted immediately after attaining the defined purpose.

 

Identity of the controller and, where applicable, of the controller’s representative:

Factory Works GmbH
Rheinsberger Str. 76/77

10115 Berlin

e-mail: [email protected] 

You can contact our data protection officer at the above postal address and at the e-mail address given above (keyword: attn. data protection officer).

Purpose(s) and legal basis of the video surveillance:

Art. 6 para. 1 lit. f GDPR legitimate interests

Legitimate interests pursued:

the safeguarding of house rights, the detection and prosecution of criminal offenses, and the enforcement of civil claims

Retention period time:

In principle, the deletion of the recordings takes place after 72 hours. In case of suspicion of a criminal offense, relevant data is stored until the conclusion of the criminal and civil proceedings

Transmission of video footage to third parties:

The recordings are only analysed in the event of a suspected violation of house rules or a suspected criminal offense. In these cases, the relevant data may be transmitted to law enforcement agencies, courts, and lawyers. 

A transfer to a third country (outside the EU/EEA) is not intended.

Data subjects rights:

You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.

Pursuant to Article 21 para. 1 GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para.1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. 

Furthermore, there is a right to lodge a complaint to the responsible data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). You may assert this right before a supervisory authority in the Member State of your place of residence, place of work or place of the alleged infringement. In Berlin, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219 in 10969 Berlin.

 

1. Creation of image, video and sound recordings at events

In the context of Factory Berlin events, video, image or sound recordings are regularly made for promotional external presentation.

The legal basis for the processing of your personal data is basically our legitimate interest (Art. 6 para.1 p.1 lit. f, 85 GDPR in conjunction with §§ 22, 23 KUG) in the production and publication of photos of this event for public relations and image building. Your rights will be appropriately considered in the production and publication of the photos. Therefore, we limit ourselves to the production of photos of larger groups of people and refrain from taking portrait photos of individual event participants without prior consultation. Before publication, the photos will be checked. Pictures that could be defamatory will not be published.

Only in individual cases do we obtain explicit consent in advance in accordance with Art 6 (1) p. 1 lit. a GDPR, insofar as this is necessary under data protection law.

If you do not agree to the production of a photo in individual cases, a short note to the photographer is sufficient. After publication, you can object to the further publication of photos in which you are depicted at any time. To do so, please contact at II. Contact named contacts. The photos will then be immediately removed from the relevant platform(s) and deleted.

The specific purpose and place of publication will be announced at the respective event.

In principle, the images will not be passed on to third parties. However, we reserve the right to carry out the provision on the Internet using a corresponding order processor. In addition, we point out that in the provision of information on the Internet cannot be excluded that the images are stored by third parties and used elsewhere. Should you become aware of such third-party use, we will gladly support you with the information available to us in any legal action.

Regarding your rights, we refer you to the chapters VI. Your rights and VIII. Right of withdrawal and objection.

VIII. Revocation and Opposition Right

In accordance with Article 7 para. 2 GDPR, you have the right to revoke a consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

As far as we use your data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your data and to give us reasons that arise from your particular situation and that in your opinion speak in favor of your legitimate interests. If it concerns a contradiction against the data processing for purposes of the direct advertisement you have a general right of objection, which is implemented also without the indication of reasons by us.

If you would like to make use of your right of revocation or objection, you will need to send an informal message to the above contact details.

IX. Data Security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as prior knowledge of third parties. These are adjusted according to the current state of the art. To secure the personal information you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you provide.

X. Amendments to Privacy Policy

From time to time, we may update this privacy policy, for example, when we adapt our website or change the legal or regulatory requirements.