menu

DATA PROTECTION

BBE UG > DATA PROTECTION

DATA PROTECTION

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter briefly “data”) in the context of providing our services as well as within our online offer and the associated websites, functions, and content, as well as external online presences such as our social media profiles (hereinafter collectively referred to as “online offer”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller:

Áron Canyko, M.Eng, LL.M

Stresemannstraße 23,

10963 Berlin

info@berliner-entwicklung.de

Business Owner: Áron Canyko, M.Eng, LL.M

www.berliner-entwicklung.de

Types of processed data

– Inventory data (e.g., personal master data, names, or addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of affected persons

Visitors and users of the online offer (hereinafter, we collectively refer to the affected persons as “users”).

Purpose of processing

– Provision of the online offer, its functions, and content.
– Responding to contact inquiries and communication with users.
– Security measures.
– Reach measurement/marketing

Terminology used

“Personal data” means all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assigning a unique identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific features that are an expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” is any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes practically any handling of data.

“Pseudonymization” means the processing of personal data in a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

A “controller” is the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor” is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. For users from the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the EEA, if the legal basis is not mentioned in the privacy policy, the following applies:
The legal basis for obtaining consents is Art. 6 (1) lit. a and Art. 7 GDPR;
The legal basis for processing to fulfill our services and execute contractual measures as well as responding to inquiries is Art. 6 (1) lit. b GDPR;
The legal basis for processing to fulfill our legal obligations is Art. 6 (1) lit. c GDPR;
In cases where processing of personal data is necessary to protect vital interests of the data subject or another natural person, Art. 6 (1) lit. d GDPR serves as the legal basis.
The legal basis for necessary processing to perform a task that is in the public interest or in the exercise of official authority vested in the controller is Art. 6 (1) lit. e GDPR.
The legal basis for processing to safeguard our legitimate interests is Art. 6 (1) lit. f GDPR.
Processing data for purposes other than those for which they were collected is determined according to the provisions of Art. 6 (4) GDPR.
Processing special categories of data (according to Art. 9 (1) GDPR) is determined according to the provisions of Art. 9 (2) GDPR.

Security measures

We take appropriate technical and organizational measures to ensure an adequate level of protection, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transfer, security of availability, and separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data, and response to data breaches. We also consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and by default.

Collaboration with processors, joint controllers, and third parties

If we disclose data to other persons and companies (processors, joint controllers, or third parties) as part of our processing, transfer data to them, or otherwise grant them access to the data, this only occurs based on a legal permission (e.g., if data transfer to third parties, such as payment service providers, is necessary for contract fulfillment), users have consented, a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we disclose data to other companies within our corporate group, transfer data to them, or otherwise grant them access, this is particularly for administrative purposes as a legitimate interest and furthermore based on a legally compliant basis.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or this happens as part of using third-party services or disclosing or transferring data to other persons or companies, this only occurs if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to express consent or necessary contractual transfer, we only process or have the data processed in third countries with an adequate level of data protection, which includes US processors certified under the “Privacy Shield” or based on special guarantees such as contractual obligations through so-called standard contractual clauses of the EU Commission, the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission).

Rights of data subjects

You have the right to request confirmation of whether relevant data is being processed and to obtain information about this data, as well as further information and copies of the data in accordance with legal requirements.

You have the right to request the completion of incomplete data concerning you or the correction of inaccurate data concerning you in accordance with