Data protection information
Mandatory information according to Art. 13 GDPR
for the creation, storage and publication of photographs
The protection of personal data is an important concern for us. For this reason, VOTRONICElektronik-Systeme GmbH processes personal data in accordance with the applicable legal provisions for the protection of personal data and data security.
1. name & address of the controller responsible for processing
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is
VOTRONIC Elektronik-Systeme GmbH
Johann-Friedrich-Diehm-Str. 2
36341 Lauterbach
Germany
Tel.: +49 6641 91173-0
Email: info@votronic.de
2. contact details of the (external) data protection officer
The data protection officer of the controller is
BerIsDa GmbH
Petersberger Str. 57a
36037 Fulda
Germany
Tel.: +49 661 29698090
Email: datenschutz@berisda.de
Web: www.berisda.de
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
3. description of the processing
a) Description and scope of data processing
This mandatory information relates to the creation, processing, storage and publication of photographs taken at the controller’s events. The controller takes photographs to document the event and to carry out public relations work.
If you do not wish to be photographed, please contact us or the photographer directly so that your request can be honoured.
The provision of your personal data is neither legally nor contractually required. There is no obligation to provide it. No fully automated decision-making (including profiling) pursuant to Art. 22 GDPR is used to process the data provided by you.
b) Legal basis and purpose of processing
The legal basis for the creation, storage and use of the photographs is Art. 6 para. 1 sentence 1 lit. f GDPR. The photos are stored, processed and published for the purpose of documenting the event and as part of our public relations work. Our legitimate interest lies in these purposes. The storage of any objection is also carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR for verification purposes and defence against liability claims.
c) Duration and storage, objection and removal options
The data you provide will be processed for as long as it is necessary to safeguard our legitimate interests or you object to processing by us. Your data will be deleted once our legitimate interests no longer apply. Publication on our website and in social media makes the data accessible to third parties, meaning that we can only delete the data to a limited extent after publication. If you object, we will remove the data from the internet platforms directly accessible to us (our website, our social media profiles). We cannot influence the storage period for other third parties who have gained access to the data through publication. If you do not wish to be photographed, please contact us or the photographer directly so that your request can be taken into account.
d) Recipients of the data and transfer to a third country or an international organisation
Within our company, access to the photographs is granted to those departments and areas that require them to fulfil the above-mentioned purposes and that are authorised to process these data. An external photographer may be commissioned to take the photographs. In the event of publication, photographs may be passed on to involved service providers (e.g. editorial offices or agencies).
As part of our service provision, we commission processors. These service providers only act on the instructions of the controller and are contractually obliged to comply with the applicable data protection requirements. To this end, we conclude corresponding order processing contracts with these service providers in writing. This is a contract prescribed by data protection law, which ensures that our service providers only process the personal data of our data subjects in accordance with our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).
The photos are published on our website (www.votronic.de ) and on social media (Facebook, Instagram, LinkedIn).
Publications in online media or information from the Internet are accessible worldwide and can be linked to other information in order to create personality profiles. It should be noted that information (including photographs and moving images) can be accessed on the Internet by anyone. It cannot be ruled out that such persons will continue to use the images or photos or pass them on to other persons. There are specialised archiving services whose aim is to permanently document the status of certain websites on certain dates. This can mean that information published on the Internet can still be found elsewhere even after it has been deleted from the original site. Publications on the controller’s social media pages may no longer be able to be deleted at all, but may only no longer be shown publicly.
The European General Data Protection Regulation (GDPR) requires that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organisation is only permitted if a level of data protection comparable to the requirements of the GDPR is guaranteed. In other words, if it is ensured that the provisions of the GDPR are complied with – this may include, for example, the existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR or the introduction of internal company data protection regulations approved by a supervisory authority (so-called “appropriate safeguards”, Art. 46 para. 2, 3 GDPR).
Facebook and Instagram:
Meta Platforms, Inc is the US parent company of Meta Platforms Ireland Limited. The headquarters of Meta’s parent company is located in a third country from a data protection perspective. Meta Platforms, Inc is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an (individual) agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA (existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR). Every DPF-certified company undertakes to comply with these data protection standards. The list of certified companies can be found at: https://www.dataprivacyframework.gov/list. There you can search for the provider name and view the certification directly.
Linkedin:
LinkedIn Corporation is a company based in the USA, so that a transfer of your personal data to a third country is not excluded.
The transfer and further processing of users’ personal data to third countries, such as the USA, and the associated potential risks for users cannot be ruled out by us as the operator of the site. The level of data protection in the USA is not comparable with the requirements of the GDPR. An effective enforcement of your rights is probably not possible. It is also possible that government agencies may access the personal data provided without us or you being informed.
4. rights of the data subjects
If we process your personal data, you as the data subject have the following rights vis-à-vis us as the controller
a) Right to information, Art. 15 GDPR
You have the right to (free) information about your collected and stored personal data at any time within the framework of the applicable legal provisions. This includes, among other things, information about the purposes of processing, its origin and recipients, the storage period and the existence of various rights.
b) Right to rectification, Art. 16 GDPR
You have a right to rectification (also in the sense of completion) of your data vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete for the purpose of the processing. The controller must carry out the rectification without undue delay.
c) Right to erasure, Art. 17 GDPR
You can request the erasure of your personal data at any time under the conditions of Art. 17 GDPR, unless there are still circumstances that authorise or oblige the controller to continue processing your personal data (e.g. statutory retention obligations).
d) Right to restriction of processing, Art. 18 GDPR
If the legal requirements are met, you can request a restriction of the processing of your personal data within the scope of Art. 18 GDPR
e) Right to data portability, Art. 20 GDPR
If you have provided us with personal data and automated processing is based on your consent or on a contract, you have the right to transfer the data provided by you within the scope of Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of other persons. The data will be provided in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
f) Right to object, Art. 21 GDPR
You have the right to object to processing within the scope of Art. 21 GDPR if the data processing is carried out for the purposes of direct marketing or profiling. You can object to processing on the basis of a balancing of interests by stating reasons that arise from your particular situation.
g) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. However, if you are in another federal state or not in Germany, you can also contact the data protection authority there.