Stand: July, 2020
Personal data is information that relates to an identified or identifiable person. This includes, above all, information that makes it possible to draw conclusions about your identity, such as your name, telephone number, address or e-mail address. Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term “personal data“.
II. Contact Person
Contact person and so-called person responsible for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (“GDPR”) is
Factory Works GmbH
Rheinsberger Str. 76/77
E-Mail: [email protected]
If you have any questions about privacy in connection with our products or the use of our website, you can always contact our data protection officer. Our data protection officer can be reached at the above mentioned postal address as well as at the previously stated e-mail address (keyword: “for the attention of the data protection officer”).
III. Data Processing on our website
1. Access of our website / Access data
Every time we use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:
- IP address of the requesting device;
- date and time of request;
- address of the website and the requesting website;
- information about the used browser and the operating system;
- online identifiers (e.g. device IDs, session IDs).
The data processing of this access data is necessary to enable the visit of the website and to ensure the long-term functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above to 14 / 8 provide statistical information on the use of our website in order to further develop our website in terms of the usage habits of our visitors (for example, as the share of mobile devices increases, with which the pages are retrieved) and to maintain our website in general administration. The legal basis of this is Art. 6 para. 1 sentence 1 lit. b GDPR.
The information stored in the log files does not allow any direct inference to your person – in particular, we store the IP addresses only in a shortened, anonymized form. The log files are storedfor thirty (30) days and are archived after subsequent anonymization.
You have different ways to get in touch with us. This includes the contact form, the registration for events or the possibility to send an e-mail. In this context, we process data solely for the purpose of communicating with you. The legal basis of this is Art. 6 para. 1 sentence 1 lit. b GDPR. The data collected by us when using the contact form will be automatically deleted after full processing of your request, unless we still need your request for the fulfillment of contractual or legal obligations (see section “Storage period“).
3. Registration / Membership
You have the opportunity to apply for a Factory Berlin membership to be able to use the login area and the full functional range of our website. For the processing of the contract, we collect the following mandatory information from you:
- first and last name;
- date of birth;
- E-mail address;
- job and company;
- billing and shipping address.
We have highlighted these mandatory data that you are required to enter by marking them as mandatory fields. Without this data, the registration is not possible. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
You can subscribe to our newsletters, where we keep you up to date with news about our products, our Factory Berlin membership, events and promotions.
To order our newsletters, we use the so-called double opt-in procedure, d. H. We will only send you newsletters by email if you confirm by clicking on a link in our notification e-mail that you are the owner of the e-mail address provided. If you confirm your email address, we will save your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletter and to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the above or in the newsletter specified contact information (e.g. by e-mail or letter) is of course also sufficient. The legal basis of the processing is your consent acc. Art. 6 para. 1 lit. a GDPR.
In our newsletters, we use commercially available technologies that measure the interaction with the newsletters (e.g. opening the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics that are embedded 14 / 9 in the newsletter (so-called pixels). The data are collected exclusively pseudonymized and are not linked with your other personal information. The legal basis for this is your consent according to Art. 6 para. 1 lit. a GDPR. Through our newsletter, we want to share content relevant to our members and better understand what readers are actually interested in. If you do not want us to analyze the usage behavior, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. The data for the interaction with our newsletters are stored in pseudonymous form for thirty (30) days and are then completely anonymized.
5. Surveys and Raffles
If you participate in one of our surveys, we use your data for market and opinion research. We evaluate the data anonymously for internal purposes. Unless surveys are exceptionally evaluated anonymously, the data will be collected only with your consent. In the case of anonymous surveys, the GDPR is not applicable and in the case of exceptionally personal evaluations, the legal basis is the aforementioned consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
In the context of raffles we use your data for the purpose of the execution of the raffle and the profit notification. Detailed information can be found in the terms and conditions of the respective competition. The legal basis of the processing is the lottery contract, Art. 6 para. 1 sentence 1 lit. b GDPR.
6. Usage of Own Cookies
For some of our services it is necessary that we use so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or to load viruses on your computer. The main purpose of our own cookies is rather to provide you with a tailor-made offer and to make the use of our services as time-saving as possible.
We use own cookies in particular
- for login authentication;
- for load distribution;
- to note that you have been shown information placed on our website – so that it will not be displayed again the next time you visit the website.
We want to enable you a more comfortable and individual use of our website. These services are based on our aforementioned legitimate interests. The legal basis of this is Art. 6 para. 1 sentence 1 lit. f GDPR.
7. Usage of Cookies and comparable technologies for analysis purposes
The legal basis for the data processing described in the following section is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
1. Google Analytics
Google will process the information obtained through cookies in order to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage.
For marketing purposes, our website uses so-called conversion and retargeting tags (also “pixels”) of the social networks Facebook, LinkedIn and Twitter.
Facebook is a service offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”) for users outside the United States and Canada and by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”) for all other users. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA (“LinkedIn”). Twitter is a service offered by Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA.
We use pixels to analyze the overall usage of our websites and to track the effectiveness of advertising (“conversion”). We also use pixels to “retarget” your advertising messages based on your interest in our products. The social networks process data that the service collects via cookies, web beacons and comparable storage technologies on our website.
If you are a member of the relevant social network, it may also link the information collected about your visit to us to your member account and use it for targeted advertising.
The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection information of the respective networks:
IV. Transfer of Data
A transfer of the data collected by us takes place only if:
- you are required under Art. 6 para. 1 sentence 1 lit. a GDPR to have given your explicit consent;
- disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data;
- in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR you are required by law to disclose; or
- this is legally permissible and according to Art. 6 para. 1 sentence 1 lit. b GDPR this is required for the execution of contractual relationships with you or for the execution of pre-contractual measures, which are carried out at your request.
In addition, it may be disclosed in connection with government inquiries, court orders and legal proceedings if required for the prosecution or enforcement.
Amazon Web Services
Your data will be partially processed on servers provided by Amazon Web Services, a service of Amazon Web Services Inc., 410 Terry Avenue North, Seattle, Washington 98109, USA (“AWS”). AWS servers connect your device to the content on our website. The servers we use are usually located within the European Union. However, for technical reasons, parts of your data may also be processed in countries outside the European Economic Area, especially in the United States. To protect your privacy, AWS participates in the EU-US Privacy Shield. In addition, we have entered into a special contract with AWS that meets the requirements of the standard contractual clauses of the European Commission. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO, based on our legitimate interest in securely and reliably storing the contents of our website by external service providers, while at the same time reducing our own efforts to provide the IT infrastructure of our website.
V. Storage Period
As a matter of principle, we store personal data only as long as necessary to fulfill the contractual or legal obligations for which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements. For evidence, we must retain contract information for three (3) years from the end of the year in which the business relationship ends with you. Any claims become statute-barred after the legal limitation period at the earliest at this time. Even after that we have to save some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from the German 14 / 12 Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two (2) to ten (10) years.
VI. Your Rights
You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing to you as part of the provision of information and provide an overview of the data stored about your person. If data stored by us should be incorrect or out-of-date, you have the right to have this information corrected. You can also request the deletion of your data. If deletion is not possible by way of exception due to other regulations, the data will be blocked so that they are only available for this legal purpose. You can also restrict the processing of your data, for example, if you believe that the information we hold is incorrect. You are also entitled to data portability. D. h. we will send you a digital copy of the personal information you provide on request.
To exercise your rights as described here, you can always contact the above contact information. This also applies if you wish to receive copies of warranties to prove adequate data protection.
In addition, you have the right to object to data processing, which is based on Art. 6 para. 1 lit. e or f GDPR. Finally, you have the right to complain to the Data Protection Inspectorate responsible for us. You may assert this right with a regulatory authority in the Member State of your residence, your place of work or the place of alleged infringement. In Berlin, the headquarters of Factory Works GmbH, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
VII. Video Surveillance
At the Factory Berlin campuses there is a need for video surveillance for the purpose of theft and vandalism prevention as well as protection of property and domiciliary right. For this reason, cameras have been installed at various locations. In particular, the building entrances, the stairwells, the inner courtyards and the elevator entrances are recorded. This serves to avert danger situations for members and employees of Factory Berlin and to clarify fraudulent acts or property offences. The recorded areas are marked with a corresponding information sign. The workspace and community areas are not recorded. The recordings are soundless. The recorded data is overwritten regularly and will be deleted immediately after attaining the defined purpose.
VIII. Revocation and Opposition Right
In accordance with Article 7 para. 2 GDPR, you have the right to revoke a consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
As far as we use your data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your data and to give us reasons that arise from your particular situation and that in your opinion speak in favor of your legitimate interests. If it concerns a contradiction against the data processing for purposes of the direct advertisement you have a general right of objection, which is implemented also without the indication of reasons by us.
If you would like to make use of your right of revocation or objection, you will need to send an informal message to the above contact details.
IX. Data Security
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as prior knowledge of third parties. These are adjusted according to the current state of the art. To secure the personal information you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you provide.