Privacy Policy
In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
1. Introduction
Controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR):
Spiele-Autoren-Zunft e.V. (SAZ)
represented by the Board of Directors Hartmut Kommerell, Markus Hagenauer and Rita Modl and by the Managing Director Hans-Peter Stoll
SAZ office
Friedhofstr. 1
68623 Lampertheim
Lampertheim, Germany
Phone: +49 6206 - 912 3192
E-mail: office |<at>| spieleautorenzunft.de
Further information can be found in our legal notice.
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.
In the following, we explain how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you really understand what happens to your data.
2 General information
2.1 Processing of personal data and other terms
Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.
2.2 Applicable regulations/laws - GDPR, BDSG and TDDDG
The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.
In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.
2.3 The controller
The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
You can contact the controller at
Spiele-Autoren-Zunft e.V. (SAZ)
SAZ office
Friedhofstr. 1
68623 Lampertheim
Lampertheim, Germany
office |<at>| spieleautorenzunft.de
2.4 How data is generally processed on this website
As we have already established, some data (e.g. IP address) is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this or ask for your consent.
You provide us with other personal data deliberately.
You will find detailed information on this below.
2.5 Your rights
The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can withdraw your consent at any time.
The details of these rights and how to exercise them can be found in the last section of this privacy policy.
2.6 Data protection - our view
Data protection is more than just a chore for us! Personal data is of great value and careful handling of this data should be a matter of course in our digitalized world. As a website visitor, you should also be able to decide for yourself what "happens" to your data, when and by whom. We therefore undertake to comply with all legal provisions, collect only the data that is necessary for us and, of course, treat it confidentially.
2.7 Disclosure and deletion
The transfer and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this.
Data is only passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if we are dealing with a so-called processor and an order processing contract has been concluded in accordance with Art. 28 GDPR.
We delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a 'good' overview of this.
For further information, please refer to this privacy policy and contact the controller if you have any specific questions.
2.8 Hosting
This website is hosted externally. The personal data collected on this website is stored on the hoster's servers. This includes the automatically collected and stored log files (see below for more details), as well as all other data provided by website visitors.
External hosting is carried out for the purpose of secure, fast and reliable provision of our website and in this context serves to fulfill the contract with our potential and existing customers.
The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user within the meaning of the TDDDG.
Our hoster only processes data that is necessary to fulfill its performance obligation and acts as our processor, i.e. it is subject to our instructions. We have concluded a corresponding contract for order processing with our hoster.
We use the following hoster:
netCup
netCup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany
https://www.netcup.eu/kontakt/datenschutzerklaerung.php.
2.9 Legal bases
The processing of personal data always requires a legal basis. The GDPR provides the following options in Art. 6 para. 1 sentence 1:
a) The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
c) processing is necessary for compliance with a legal obligation to which the controller is subject
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In the following sections, we will provide you with the specific legal basis for the respective processing.
3 What happens on our website
When you visit our website, we process your personal data.
We use SSL or TLS encryption to protect this data in the best possible way against unauthorized access by third parties. You can recognize this encrypted connection by the https:// or lock symbol in the address bar of your browser.
Below you can find out what data is collected when you visit our website, for what purpose this is done and on what legal basis.
3.1 Data collection when accessing the website
When you visit the website, information is automatically stored in so-called server log files. This is the following information:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is temporarily required in order to be able to display our website to you permanently and without problems. In particular, this data is used for the following purposes
- System security of the website
- System stability of the website
- Troubleshooting on the website
- Establishing a connection to the website
- Display of the website
Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular our interest in the functionality of the website and its security.
Where possible, this data is stored in pseudonymized form and deleted once the respective purpose has been achieved.
If the server log files make it possible to identify the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified.
Otherwise, no merging with other data takes place.
3.2 Data processing through user input
3.2.1 Own data collection
We offer the following (services) on our website: Registration and ticket purchase.
We collect the following data for this purpose:
Name
e-mail address
Your address
telephone number
Date of birth
Name, email, address
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
3.2.2 Making contact
a) E-mail
If you contact us by email, we will process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
b) Telephone
If you contact us by telephone, the call data may be stored in pseudonymized form on the respective end device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to process your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
c) Contact form
We offer a contact form. This is used to contact our company.
In this form, we generally process your first and last name, your telephone number, your email address, a postal address and the content of the message. The data is stored on our web server and forwarded internally to the relevant e-mail addresses.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in responding to your request and in an uncomplicated way of contacting you. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
We delete this data no later than 3 months after receipt, unless it is required for a contractual relationship that has arisen.
We bind the contact form of
Contao
Contao Association, 3250 Lyss, Switzerland
https://contao.org/en/privacy-notice.
on our website.
3.3 Third-party content
3.3.1 Friendly Captcha
We use Google Friendly Captcha on this website. Friendly Captcha is a plugin offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
The service makes it possible to determine whether a data entry is made by a human or by an automated program. This analysis begins automatically in the background as soon as the website is accessed. Various information is collected for this purpose.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Further details:
https://friendlycaptcha.com/legal/privacy-end-users/.
3.4 Audio and video conferences
3.4.1 Zoom
We use Zoom to communicate with customers. Zoom is an online conferencing tool. This service is offered by Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.
When communicating with this tool via video or audio conferencing, personal data is processed by us and the provider of the tool. The data collected includes all information that you provide when using the tool. Metadata relating to the conference is also processed. Furthermore, technical information required for the function of online communication is processed. Furthermore, all files that are shared within the tool are stored on the tool provider's servers.
Zoom can also set cookies. These cookies are only set with consent. Consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
Otherwise, the legal basis for the processing of data by Zoom is Art. 6 para. 1 lit. b GDPR. The communication is related to the performance of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to simplify communication with our company. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
This data is stored until the data subject requests deletion, the consent to storage is revoked or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory statutory provisions on retention periods remain unaffected.
The EU Commission's Standard Contractual Clauses (SCC) apply to data transfers to the USA.
Further information:
https://zoom.us/de-de/privacy.html.
3.5 Payment services
3.5.1 PayPal
We use PayPal on our website. PayPal is a payment service provider. This service is offered by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.
The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.
In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.
The EU Commission's standard contractual clauses (SCC) apply to data transfers to the USA.
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
3.5.2 Prepayment
We offer the option of paying in advance on our website. After the order is placed, we create an invoice that contains all the relevant information required for the transfer. This includes the amount to be paid, our bank details and a reason for payment.
We store personal data as part of the prepayment process. This includes transaction details (date, time and invoice amount), IP address, e-mail address, first and last name, address data (street, house number, city and zip code) and account data (IBAN, BIC, account holder and bank name).
The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.
4. what else is important
Finally, we would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.
4.1 Your rights in detail
4.1.1 Right to information in accordance with Art. 15 GDPR
You can request information about whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.
4.1.2 Right to rectification in accordance with Art. 16 GDPR
This right includes the rectification of inaccurate data and the completion of incomplete personal data.
4.1.3 Right to erasure in accordance with Art. 17 GDPR
This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the erasure of your personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This "right to be forgotten" also corresponds to the controller's obligation under Art. 17 para. 2 GDPR to take reasonable measures to bring about the general erasure of data.
4.1.4 Right to restriction of processing pursuant to Art. 18 GDPR
This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d.
4.1.5 Right to data portability pursuant to Art. 20 GDPR
This regulates the basic right to receive your own data in a commonly used form and to transmit it to another controller. However, this only applies to data processed on the basis of consent or a contract in accordance with Art. 20 (1) (a) and (b) and insofar as this is technically feasible.
4.1.6 Right to object pursuant to Art. 21 GDPR
In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.
4.1.7 Right to "individual decision-making" in accordance with Art. 22 GDPR
In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also restricted and supplemented by Art. 22 (2) and (4) GDPR.
4.1.8 Further rights
The GDPR contains comprehensive rights to inform third parties whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this is only possible or feasible with reasonable effort.
At this point, we would like to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.
We would also like to draw your attention to your rights under Sections 32 et seq. BDSG, which, however, are largely congruent with the rights just described.
4.1.9 Right to lodge a complaint pursuant to Art. 77 GDPR
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates this regulation.
Disclaimer
We constantly check and update the information on this website. In spite of our desire for the highest degree of accuracy, data may have changed over time. For this reason, we cannot guarantee that the information provided is up-to-date, correct and complete. The responsibility for the content on the game designers profiles each member contributes itself.
Please inform us immediately if you have any reason for complaints. It is assured that contents which are rightly rejected are immediately deleted. This is expressly done without the need for the intervention of a legal advisor on your part.
Copyright
Contents and works published on these pages are subject to German intellectual property (copyright) law. Contributions by third persons are credited as such. Reproduction, editing, distribution and any kind of use beyond the limits of copyright require the consent in writing from the Spiele-Autoren-Zunft e.V. (Game Designers Association) or the respective author. Downloads and copies of this website are permitted only for private, not for commercial use. Press texts are, as a matter of course, excluded from this regulation.
© 2020