Responsible for the processing of your personal data is:
GMR – Global Media Registry gUG (limited liability)
Managing Director: Olaf Steenfadt
Scope of data processing
We process personal data (Art. 4 no. 2 GDPR) in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and observe the provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) when you visit our Website www.mediaregistry.org ("Website") or our Social Media profile ("Social Media Profile") and use the services offered there.
This is data that that you transmit to us yourself or that we receive from third parties (e.g. Social Media provider). This includes the following information in particular:
- a) Device and usage data
We collect (technical) data about the device you use and your use of our Website and our Social Media Profile. This includes the following information in particular:
We receive this information when you access our services and from external third parties whose services you use as part of our online services.
- Information about the device you are using (e.g. model or type of device, operating system and version), your browser (type and settings of the browser), language setting;
- Location data if you share it with us by activating your devices location services; otherwise information we can derive from your IP address, e.g. details of the region you are in when you access the Website or information about the internet provider you use;
- Identification data ("IDs"), such as device ID, to retrieve recently viewed content;
- Access information (e.g. error codes, which pages you access, at what time, how often and how long you stay on a page and links you click on) from which we can deduce possible interests.
b) Identification and contact details
We collect your identification and contact details when you contact us via E-mail or contact form. This data can include for example your surname, first name, E-mail address and telephone number.
c) Location data
We receive approximate location data based on your IP address. This is an anonymised IP address. The IP address is truncated to three digits so that it can be associated with a specific region, internet provider or city, but not a specific device. The collection of this data enables us, for example, to detect fraudulent use.
d) Messages and conversation content
We process the information you provide to us in the course of communications (e.g. via the contact form, by E-mail or via Social Media Profile) and conversations.
e) Social Media data
We operate a Social Media Profile on LinkedIn. If you write to us directly via LinkedIn, the operator of the Social Media platform may provide us with data that identifies you, e.g. the publicly accessible profile information you provide (e.g. LinkedIn name, contact details), details of the type of device you are using and the identification number that LinkedIn has assigned to your profile (e.g. user ID).
- Purposes of data processing and legal basis
We process personal data for the following purposes:
- a) Provision of the Website
We process your personal data in order to provide you our Website.
- aa) Logfiles
When you visit our Website, the browser used on your end device sends information automatically to our website server. This information is temporarily stored in a so-called logfile. The following information is collected without your intervention and stored until automatic deletion: IP address of the requesting computer, date and time of access, name and URL of the accessed file, Website from which the access was made ("Referrer URL"), the search engine you used, if applicable, the browser used and, if applicable, the operating system of your computer as well as the name of your access provider. Logfiles serve as a source of information for error analysis in the event of a system crash, allowing lost data to be reconstructed. They can also be used to analyse user behaviour.
The legal basis for this type of data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
Our legitimate interests follow in particular from the following purposes:
- Ensuring a smooth connection of the Website,
- Ensuring a comfortable use of the Website,
- statistical analysis using a pseudonym in order to optimise our Website,
- Evaluation of system security and stability, and
- other administrative purposes.
- bb) Hosting from Domainfactory
We use the services of the provider Domainfactory GmbH, c/o WeWork, Neuturmstrasse 5, 80331 Munich, Germany ("Domainfactory"), who hosts the Website for us on servers in Germany. Domainfactory is part of the GoDaddy, Inc. group of companies at 2155 E, GoDaddy Way, Tempe, AZ 85284, USA. Your data may therefore be transferred to and stored on servers in the USA or another third country outside the European Union ("EU") and the European Economic Area ("EEA") which does not provide adequate protection for your personal data under EU data protection law. We have concluded a data processing agreement within the meaning of Art. 28 GDPR with Domainfactory, which includes the EU Standard Contractual Clauses ("SCC") to ensure that the processing of your data is carried out by means of appropriate safeguards within the meaning of Art. 46 para. 2 lit. c GDPR. This ensures that Domainfactory only processes your personal data in accordance with our instructions and in compliance with the GDPR. You can find further information on the purpose and scope of data collection and processing by Domainfactory at https://www.df.eu/fileadmin/media/doc/ADV_Kunden_Domainfactory.pdf and https://www.df.eu/de/datenschutz/.
- cc) Web analysis with Matomo (without Cookies)
We use Matomo On-Premise without Cookies for the purpose of web analysis. We host Matomo on servers of our host provider to ensure no data is being transferred to Matomo. Matomo uses config_id a randomly set, time-limited hash of a limited amount of settings and attributes of the visitor. This hash is a string of characters calculated for a visitor based on their operating system, browser, browser plugins, anonymised IP address and browser language. The config_id is only valid for a maximum of 24 hours and then changes, which means that the same visitor receives a different config_id every day. This enables us to analyse anonymised user behaviour on our Website, to optimise our Website and at the same time to protect your privacy. More information about the cookie-less usage of Matomo you can find here: https://matomo.org/faq/new-to-piwik/how-do-i-use-matomo-analytics-without-consent-or-cookie-banner/
The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, our legitimate interest to provide you a user-friendly and Website. If you do not wish anonymised tracking to enhance user-experience, you can Opt-Out here.
Die Tracking opt-out Funktion wird möglicherweise nicht funktionieren, weil diese Seite nicht über HTTPS geladen wurde. Bitte die Seite neu laden um zu prüfen ob der opt out Status geändert hat.
- dd) Simple links to our Social Media Profile and Cooperating Partners
Our Website also contains simple links to our Social Media Profile on LinkedIn and to websites of Cooperating Partners. If you click on these links or buttons, you will leave our Website. The data processing on the Websites of the Social Media provider and Cooperating
Partners is governed by the Privacy Policies available there.
b) Fulfilment of contractual and pre-contractual obligations
We further process personal data for the conclusion and implementation of contracts with Cooperating Partners, including the implementation of pre-contractual measures and the answering of enquiries in connection with our business relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
- c) Based on your consent
If you have given us your consent to process personal data for certain purposes (e.g. passing on data), this processing is lawful based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
- d) Protection of legitimate interests
In addition, we process your data to protect the legitimate interests of us or third parties such as, in particular, in the following cases:
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to further develop our services or to protect ourselves against impairments and dangers and to enforce our claims.
- responding to your enquiries outside of a contract or a pre-contractual measure (in particular if provided via the Website´s contact form),
- assertion of legal claims and defence in legal disputes,
- ensuring IT security and IT operations,
- prevention and investigation of criminal offences, and
- measures for business management and further development of our services.
- e) Compliance with legal requirements
In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. tax laws), which require the processing of data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR.
- No obligation to provide personal data
If we ask you to provide personal data, you can of course refuse to do so. However, we may then not be able to provide certain functions of the Website or to answer your enquiries. This applies in particular if data is necessary for the establishment, implementation and termination of an agreement or if we are legally obliged to collect data.
- Categories of recipients
Within our company those departments or individuals get access to your data that need it to fulfil our contractual and legal obligations.
Furthermore, we share your data with the following categories of recipients if it is necessary for the fulfilment of a contractual relationship existing between you and us or for the implementation of pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR) or for the protection of legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) or due to a legal regulation:
Where processing is necessary to protect legitimate interests, for example when using IT services, our legitimate interest is to outsource functions. In addition, we will only share your personal data with third parties, if required by law (Art. 6 para. 1 sentence 1 lit. c GDPR) or if you have given your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
- liIT service providers, e.g. hosting;
- third parties involved in legal proceedings, provided that they submit a legal order, court order or equivalent legal disposition to us.
International data transfer
For the processing of your personal data, we also use service providers located in third countries outside the European Union (EU) or the European Economic Area (EEA). These countries may have a lower level of data protection than within the European Union. In case of a data transfer to these countries, we will obtain the necessary safeguards to ensure that your data is processed as securely as within the EEA, e.g. by concluding EU Commission standard contractual clauses (SCC) within the meaning of Art. 46 para. 2 sentence 1 lit. c GDPR or by other measures provided for by law. You can request a copy of the measures taken by contacting us at the contact details provided above.
Postal address: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- Social Media Profile
- a) Insights
We are jointly responsible with LinkedIn for the collection of your data and the processing for the provision of the Insights, but not the further processing of this data by LinkedIn. The following agreement specifies which company fulfils which data protection obligations when processing personal data for Insights: https://legal.linkedin.com/pages-joint-controller-addendum.
- b) Contact
If you communicate directly with us via a Social Media Profile or share personal content with us, we are responsible for processing your data. The purpose of the data processing is to communicate with you. Furthermore, we also use the information you share with us for marketing purposes. The legal basis for the data processing is our legitimate interest in the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR to get in contact with enquirers and to further develop our services.
Storage duration and erasure
Rights of the data subject
Insofar as you are affected by the data processing, you have the right of access (Art. 15 GDPR), the right of rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 BDSG apply. You also have the right to object to data processing (Art. 21 GDPR).
Your rights in detail:
- Right of access: You can request the confirmation as to whether and how we process your personal data. In particular, you have a right of access to your personal data and the information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, if possible the envisaged storage period, or, if this is not possible, the criteria for determining this period; the existence of a right to rectification or erasure of your personal data, to restriction of the processing or to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; the source of the data if the personal data has not been collected from you, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing. If we transfer personal data to a third country or an international organisation, you may also request information about the safeguards we have in place to protect your data. Your right to information may be limited in individual cases by national law (Sections 29 para. 1 sentence 2, 34 BDSG) and the rights and freedoms of others.
- Right to rectification: You may request the rectification of inaccurate personal data with undue delay or, taking into account the purposes of the processing, the completion of incomplete personal data – also by means of providing a supplementary declaration.
- Right to erasure: You have a right to immediate erasure of your personal data under certain circumstances, e.g. if your personal data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent and there is no other legal basis for the processing, or if you have objected to the processing of your data for direct marketing purposes. The right does not exist to the extent the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the exercise of a public power vested in us, or for the establishment, exercise or defence of legal claims. Your right to erasure may be limited in individual cases by national law (Section 35 BDSG).
- Right to restriction of processing: You may request the restriction of processing if you contest the accuracy of the personal data for the duration of the verification of the accuracy by us, if the processing is unlawful but you object to the erasure of your personal data, if we no longer need your personal data but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing.
- Right to data portability: You have the right to data portability, i.e. the right to receive and transmit the personal data you have provided to us in a structured, commonly used and machine-readable format, if we process your personal data on the basis of your consent or a contract and the processing is carried out by automated means.
Right of objection according to Art. 21 GDPR You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (public security) or Art. 6 para. 1 sentence 1 lit. e GDPR (legitimate interests); this also applies to profiling based on these provisions. We shall no longer process this data upon the lodging of the objection, unless there are compelling reasons for the processing that merit protection, e.g. processing for the establishment, exercise, or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is associated with such direct marketing. We will no longer process your personal data for direct advertising if you exercise your right to object. If our processing of your personal data is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you may withdraw this consent at any time; the lawfulness of the data processing carried out on the basis of the consent until withdrawal remains unaffected by this. To assert your rights and for further questions on the subject of personal data, you can contact us at any time using our contact details above (see Section 1). Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Section 19 BDSG).
- Data security
We transmit your personal data securely by using encryption. We use the TLS (Transport Layer Security) coding system for this purpose. Furthermore, we secure the Website and other systems through technical and organisational measures against loss as well as destruction, access, modification, or distribution of your data by unauthorised persons.
No automated decision-making in individual cases
For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use this procedure in individual cases, we will inform you of this separately if this is required by law.