Privacy Policy

By means of this Privacy Policy we inform you about the processing of your personal data.

  1. Controller

    Responsible for the processing of your personal data is:
    GMR – Global Media Registry gUG (limited liability)
    Klingholzstrasse 7
    65189 Wiesbaden
    Germany
    Managing Director: Olaf Steenfadt
    E-mail: privacy[at]mediaregistry.org

  2. Scope of data processing

    We process personal data (Art. 4 no. 2 GDPR) in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and observe the provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) when you visit our Website www.mediaregistry.org ("Website") or our Social Media profile ("Social Media Profile") and use the services offered there.

    This is data that that you transmit to us yourself or that we receive from third parties (e.g. Social Media provider). This includes the following information in particular:

    • a) Device and usage data
      We collect (technical) data about the device you use and your use of our Website and our Social Media Profile. This includes the following information in particular:
      • Information about the device you are using (e.g. model or type of device, operating system and version), your browser (type and settings of the browser), language setting;
      • Location data if you share it with us by activating your devices location services; otherwise information we can derive from your IP address, e.g. details of the region you are in when you access the Website or information about the internet provider you use;
      • Identification data ("IDs"), such as device ID, to retrieve recently viewed content;
      • Access information (e.g. error codes, which pages you access, at what time, how often and how long you stay on a page and links you click on) from which we can deduce possible interests.
      We receive this information when you access our services and from external third parties whose services you use as part of our online services.
    • b) Identification and contact details
      We collect your identification and contact details when you contact us via E-mail or contact form. This data can include for example your surname, first name, E-mail address and telephone number.

    • c) Location data
      We receive approximate location data based on your IP address. This is an anonymised IP address. The IP address is truncated to three digits so that it can be associated with a specific region, internet provider or city, but not a specific device. The collection of this data enables us, for example, to detect fraudulent use.

    • d) Messages and conversation content
      We process the information you provide to us in the course of communications (e.g. via the contact form, by E-mail or via Social Media Profile) and conversations.
    • e) Social Media data
      We operate a Social Media Profile on LinkedIn. If you write to us directly via LinkedIn, the operator of the Social Media platform may provide us with data that identifies you, e.g. the publicly accessible profile information you provide (e.g. LinkedIn name, contact details), details of the type of device you are using and the identification number that LinkedIn has assigned to your profile (e.g. user ID).
  3. Purposes of data processing and legal basis
    We process personal data for the following purposes:
    • a) Provision of the Website
      We process your personal data in order to provide you our Website.
      • aa) Logfiles

        When you visit our Website, the browser used on your end device sends information automatically to our website server. This information is temporarily stored in a so-called logfile. The following information is collected without your intervention and stored until automatic deletion: IP address of the requesting computer, date and time of access, name and URL of the accessed file, Website from which the access was made ("Referrer URL"), the search engine you used, if applicable, the browser used and, if applicable, the operating system of your computer as well as the name of your access provider. Logfiles serve as a source of information for error analysis in the event of a system crash, allowing lost data to be reconstructed. They can also be used to analyse user behaviour.
        The legal basis for this type of data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
        Our legitimate interests follow in particular from the following purposes:
        • Ensuring a smooth connection of the Website,
        • Ensuring a comfortable use of the Website,
        • statistical analysis using a pseudonym in order to optimise our Website,
        • Evaluation of system security and stability, and
        • other administrative purposes.
      • bb) Hosting from Domainfactory

        We use the services of the provider Domainfactory GmbH, c/o WeWork, Neuturmstrasse 5, 80331 Munich, Germany ("Domainfactory"), who hosts the Website for us on servers in Germany. Domainfactory is part of the GoDaddy, Inc. group of companies at 2155 E, GoDaddy Way, Tempe, AZ 85284, USA. Your data may therefore be transferred to and stored on servers in the USA or another third country outside the European Union ("EU") and the European Economic Area ("EEA") which does not provide adequate protection for your personal data under EU data protection law. We have concluded a data processing agreement within the meaning of Art. 28 GDPR with Domainfactory, which includes the EU Standard Contractual Clauses ("SCC") to ensure that the processing of your data is carried out by means of appropriate safeguards within the meaning of Art. 46 para. 2 lit. c GDPR. This ensures that Domainfactory only processes your personal data in accordance with our instructions and in compliance with the GDPR. You can find further information on the purpose and scope of data collection and processing by Domainfactory at https://www.df.eu/fileadmin/media/doc/ADV_Kunden_Domainfactory.pdf and https://www.df.eu/de/datenschutz/.
      • cc) Web analysis with Matomo (without Cookies)

        We use Matomo On-Premise without Cookies for the purpose of web analysis. We host Matomo on servers of our host provider to ensure no data is being transferred to Matomo. Matomo uses config_id a randomly set, time-limited hash of a limited amount of settings and attributes of the visitor. This hash is a string of characters calculated for a visitor based on their operating system, browser, browser plugins, anonymised IP address and browser language. The config_id is only valid for a maximum of 24 hours and then changes, which means that the same visitor receives a different config_id every day. This enables us to analyse anonymised user behaviour on our Website, to optimise our Website and at the same time to protect your privacy. More information about the cookie-less usage of Matomo you can find here: https://matomo.org/faq/new-to-piwik/how-do-i-use-matomo-analytics-without-consent-or-cookie-banner/
        The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, our legitimate interest to provide you a user-friendly and Website. If you do not wish anonymised tracking to enhance user-experience, you can Opt-Out here.

        Die Tracking opt-out Funktion wird möglicherweise nicht funktionieren, weil diese Seite nicht über HTTPS geladen wurde. Bitte die Seite neu laden um zu prüfen ob der opt out Status geändert hat.

      • dd) Simple links to our Social Media Profile and Cooperating Partners

        Our Website also contains simple links to our Social Media Profile on LinkedIn and to websites of Cooperating Partners. If you click on these links or buttons, you will leave our Website. The data processing on the Websites of the Social Media provider and Cooperating
        Partners is governed by the Privacy Policies available there.
    • b) Fulfilment of contractual and pre-contractual obligations
      We further process personal data for the conclusion and implementation of contracts with Cooperating Partners, including the implementation of pre-contractual measures and the answering of enquiries in connection with our business relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
    • c) Based on your consent
      If you have given us your consent to process personal data for certain purposes (e.g. passing on data), this processing is lawful based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
    • d) Protection of legitimate interests
      In addition, we process your data to protect the legitimate interests of us or third parties such as, in particular, in the following cases:
      • responding to your enquiries outside of a contract or a pre-contractual measure (in particular if provided via the Website´s contact form),
      • assertion of legal claims and defence in legal disputes,
      • ensuring IT security and IT operations,
      • prevention and investigation of criminal offences, and
      • measures for business management and further development of our services.
      The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to further develop our services or to protect ourselves against impairments and dangers and to enforce our claims.
    • e) Compliance with legal requirements
      In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. tax laws), which require the processing of data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR.
  4. No obligation to provide personal data

    If we ask you to provide personal data, you can of course refuse to do so. However, we may then not be able to provide certain functions of the Website or to answer your enquiries. This applies in particular if data is necessary for the establishment, implementation and termination of an agreement or if we are legally obliged to collect data.

  5. Categories of recipients

    Within our company those departments or individuals get access to your data that need it to fulfil our contractual and legal obligations.

    We pass on your data to the recipients expressly named in this Privacy Policy. In doing so, we observe the legal requirements and, if necessary, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

    Furthermore, we share your data with the following categories of recipients if it is necessary for the fulfilment of a contractual relationship existing between you and us or for the implementation of pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR) or for the protection of legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) or due to a legal regulation:

    • liIT service providers, e.g. hosting;
    • third parties involved in legal proceedings, provided that they submit a legal order, court order or equivalent legal disposition to us.
    Where processing is necessary to protect legitimate interests, for example when using IT services, our legitimate interest is to outsource functions. In addition, we will only share your personal data with third parties, if required by law (Art. 6 para. 1 sentence 1 lit. c GDPR) or if you have given your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
  6. International data transfer

    For the processing of your personal data, we also use service providers located in third countries outside the European Union (EU) or the European Economic Area (EEA). These countries may have a lower level of data protection than within the European Union. In case of a data transfer to these countries, we will obtain the necessary safeguards to ensure that your data is processed as securely as within the EEA, e.g. by concluding EU Commission standard contractual clauses (SCC) within the meaning of Art. 46 para. 2 sentence 1 lit. c GDPR or by other measures provided for by law. You can request a copy of the measures taken by contacting us at the contact details provided above.

    Platform: LinkedIn

    Postal address: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

    Link to the Privacy Policy: https://www.linkedin.com/legal/privacy-polic

  7. Social Media Profile

    We operate a Social Media Profile on LinkedIn where we publish and share recommendations, content and news about projects. When you visit our Social Media Profile, LinkedIn processes information about you. You can find more detailed information on data processing in LinkedIns Privacy Policy listed below. Please note that user data is also processed in the USA or other third countries.

    • a) Insights

      LinkedIn uses Cookies and similar technologies to record your user behaviour when visiting the Social Media Profile and make the information available to us in anonymised form as statistics (so-called Insights). This gives us insights into how our Social Media Profile is used, which topics are particularly popular and what interests our Social Media Profile visitors have. This enables us to optimise our Social Media Profile and better respond to the interests of our audience. We do not have access to the personal data used by LinkedIn to create this information. LinkedIn selects the insights data independently of us and processes it accordingly.

      We are jointly responsible with LinkedIn for the collection of your data and the processing for the provision of the Insights, but not the further processing of this data by LinkedIn. The following agreement specifies which company fulfils which data protection obligations when processing personal data for Insights: https://legal.linkedin.com/pages-joint-controller-addendum.

      Under this agreement, LinkedIn agrees to comply with users´ requests regarding your data protection rights. This means that you can contact LinkedIn directly for information and deletion requests. Information regarding your data subject rights can be found in LinkedIns privacy policy: https://de.linkedin.com/legal/privacy-policy.

    • b) Contact

      If you communicate directly with us via a Social Media Profile or share personal content with us, we are responsible for processing your data. The purpose of the data processing is to communicate with you. Furthermore, we also use the information you share with us for marketing purposes. The legal basis for the data processing is our legitimate interest in the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR to get in contact with enquirers and to further develop our services.

  8. Storage duration and erasure

    We and our service providers will process and store your personal data in accordance with applicable data protection law to the extent and for the duration necessary for the processing purposes set out in this Privacy Policy. For the duration of a contractual relationship, this may also include, for example, the initiation and processing of a contract. It should be noted that, depending on the individual case, our contractual relationship may be a continuing obligation that lasts for years. Logfiles are generally deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful. If we process your personal data based on your consent, we store your data for the period required to process your personal data in accordance with your consent. In the case of contractual relationships, but also in the case of other claims under civil law, the storage period is also based on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code ("BGB"), are generally three years, but in certain cases can be up to thirty years. In addition, we are subject to various retention and documentation obligations, which result from the German Commercial Code ("HGB") and the German Fiscal Code ("AO"), among other things. The retention and documentation periods specified there are six years for correspondence in connection with the conclusion of a contract and ten years for accounting vouchers and business letters (Sections 238, 257 para. 1 and 4 HGB, Section 147 para. 1 and 3 AO).

  9. Rights of the data subject

    Insofar as you are affected by the data processing, you have the right of access (Art. 15 GDPR), the right of rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 BDSG apply. You also have the right to object to data processing (Art. 21 GDPR).

    Your rights in detail:

    • Right of access: You can request the confirmation as to whether and how we process your personal data. In particular, you have a right of access to your personal data and the information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, if possible the envisaged storage period, or, if this is not possible, the criteria for determining this period; the existence of a right to rectification or erasure of your personal data, to restriction of the processing or to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; the source of the data if the personal data has not been collected from you, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing. If we transfer personal data to a third country or an international organisation, you may also request information about the safeguards we have in place to protect your data. Your right to information may be limited in individual cases by national law (Sections 29 para. 1 sentence 2, 34 BDSG) and the rights and freedoms of others.
    • Right to rectification: You may request the rectification of inaccurate personal data with undue delay or, taking into account the purposes of the processing, the completion of incomplete personal data – also by means of providing a supplementary declaration.
    • Right to erasure: You have a right to immediate erasure of your personal data under certain circumstances, e.g. if your personal data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent and there is no other legal basis for the processing, or if you have objected to the processing of your data for direct marketing purposes. The right does not exist to the extent the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the exercise of a public power vested in us, or for the establishment, exercise or defence of legal claims. Your right to erasure may be limited in individual cases by national law (Section 35 BDSG).
    • Right to restriction of processing: You may request the restriction of processing if you contest the accuracy of the personal data for the duration of the verification of the accuracy by us, if the processing is unlawful but you object to the erasure of your personal data, if we no longer need your personal data but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing.
    • Right to data portability: You have the right to data portability, i.e. the right to receive and transmit the personal data you have provided to us in a structured, commonly used and machine-readable format, if we process your personal data on the basis of your consent or a contract and the processing is carried out by automated means.

    Right of objection according to Art. 21 GDPR You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (public security) or Art. 6 para. 1 sentence 1 lit. e GDPR (legitimate interests); this also applies to profiling based on these provisions. We shall no longer process this data upon the lodging of the objection, unless there are compelling reasons for the processing that merit protection, e.g. processing for the establishment, exercise, or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is associated with such direct marketing. We will no longer process your personal data for direct advertising if you exercise your right to object. If our processing of your personal data is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you may withdraw this consent at any time; the lawfulness of the data processing carried out on the basis of the consent until withdrawal remains unaffected by this. To assert your rights and for further questions on the subject of personal data, you can contact us at any time using our contact details above (see Section 1). Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Section 19 BDSG).

  10. Data security

    We transmit your personal data securely by using encryption. We use the TLS (Transport Layer Security) coding system for this purpose. Furthermore, we secure the Website and other systems through technical and organisational measures against loss as well as destruction, access, modification, or distribution of your data by unauthorised persons.

  11. No automated decision-making in individual cases

    For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use this procedure in individual cases, we will inform you of this separately if this is required by law.

Status: May 2023