Data Protection Declaration Regarding the Accreditation of Press Representatives in Addition to the Data Protection Declaration Regarding the Website www.rock-am-ring.com
The Controller – as defined by the GDPR – and the service provider – as defined by the German Telemedia Act – is Marek Lieberberg Konzertagentur GmbH & Co. KG, TaunusTurm, Taunustor 1, D-60310 Frankfurt am Main, Germany, email address: [email protected] (hereinafter referred to as “we” and “us”).
2. Purpose and legal basis of data processing
We process your data for the purpose of handling your accreditation for the event you have requested. The legal basis for the handling of your data is Article 6(1)(b) of the GDPR.
If you have given your consent during accreditation, your data will be used to send you press releases via e-mail. For this purpose, your data will be stored in our database beyond the duration of the event. The legal basis for this handling of your data is Article 6(1)(f) of the GDPR.
3. Information in the event of data collection via third parties
If we collect your personal data via third parties, this may involve the following categories of personal data: name, contact details, and information about your occupation (e.g. photographer).
If we do not receive this contact information directly from you, we will receive it from the third party whom you work for and/or those who we are in contact with. This may likely be, for example, a publishing house or another cooperation partner.
4. Recipients of your data
In some cases, we use external service providers to process personal data. These service providers are carefully selected by us and are bound by our directives. Categories of data recipients may be as follows:
• service providers, e.g. IT services;
• festival organisation services.
If we disclose your personal data to a third party from the above list, we ensure by means of contractual regulations that the third party:
• does not use your personal data for purposes other than those specified by us, and in accordance with the purposes set out in this Data Protection Declaration, and;
• has implemented appropriate security measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
5. Data transfer to a third country
It is possible that employees of a service provider in a country outside the European Union may become aware of your personal data as a result of collaborative labour partnerships, e.g. in the area of maintenance, repair and security of IT systems.
If there is no level of data protection in this country which is comparable to that of the European Union, and accordingly if no so-called adequacy decision of the European Commission with regard to this country exists, we will protect your interests in data protection by concluding so-called EU standard data protection clauses issued by the European Commission and agreed with the recipient or in other appropriate ways. You can request a copy of the EU standard data protection clauses and any other guarantees from us via the contact details provided in Section 1.
There is no intention to transfer any of your personal data to other countries outside the European Union, however – as far as this is legal – it cannot be ruled out.
6. Duration of data storage
We store your personal data for as long and as far as it is necessary for the purposes (Section 2) for which it is processed.
As soon as the data is no longer required for the purposes stated in Section 2, we store your personal data for the period in which you can assert claims against us or we against you (statutory limitation period usually of three years, beginning at the end of the year in which the claim arises).
In addition, we store your personal data for as long as and insofar as we are legally obliged to do so. Corresponding proof and storage obligations result, inter alia, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act (e.g. Section 257 HGB; 147 AO). The retention period is up to ten years.
7. Necessity of providing your data
The provision of the data by you and the collection of the data by us is necessary for accreditation, otherwise your accreditation is not possible.
8. Automated individual case decisions or profiling measures
There is no automated decision-making and no profiling for the justification and implementation of accreditation.
9. Your rights
If the legal requirements according to Articles 15 - 22 of the GDPR are met, you have the right of access, rectification, erasure, restriction of processing as well as the right to data portability. We would be happy to inform you if and which personal data we have stored about you upon request. Furthermore, if the storage is not permissible or no longer necessary within the meaning of the GDPR, we will rectify or erase incorrect data.
You may object to the processing if we use Article 6(1)(f) of the GDPR as the basis for processing your personal data. If you wish to make such an objection, we would request you to provide us with a reason why we should not process your personal data. We will weigh your reasons against our interest in continuing data processing and subsequently either stop, adapt the data processing, or point out to you our compelling reasons worthy of protection on the basis of which we shall continue the processing. Please note that we also process your data if this is necessary for asserting, exercising or defending any legal claims.
10. Competent supervisory authority
If you are of the opinion that the processing of your personal data is in breach of the GDPR, you have the right to lodge a complaint to the supervisory authority. The address of the competent supervisory authority responsible for us is: Der Hessische Datenschutzbeauftragte, Professor Dr Michael Ronellenfitsch, Gustav-Stresemann-Ring 1, D-65189 Wiesbaden, Germany.
11. Data Protection Officer
You can reach our Data Protection Officer at Marek Lieberberg Konzertagentur GmbH & Co. KG, Datenschutzbeauftragter, TaunusTurm, Taunustor 1, D-60310 Frankfurt, Germany, [email protected]
12. Right of amendment
We reserve the right to amend, modify and adapt the contents of this Data Protection Declaration at any time. The updated Data Protection Declaration is valid from the time at which it is published on our website.