Data Protection Statement

The protection of your data is extremely important to us. We inform you in detail below about the handling of your data. This Data Protection Statement can be retrieved, stored and printed at any time via the URL: http://www.itm-agency.com/PHP/PRIVACY_POLICY_DETAILS.php.


I. Name and address of the Controller

The Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

International Touring and Management GmbH & Co. KG
Talwiesen 9
76698 Ubstadt-Weiher
Phone: +49 (0) 7251 440 48 10
Fax: +49 (0) 7251 440 48 11
Email: fsuepfle@itm-agency.com


II. Information regarding the data processing

1. Scope of the personal data processing
In principle, we only collect and use the personal data of our users insofar as is necessary for the provision of a functional website as well as our content and services. The collection and use of the personal data of our users is conducted on a regular basis only after the consent of the user. An exception applies in such cases in which obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for the processing of personal information, Article 6 paragraph (1) point (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. With the processing of personal data that is necessary to fulfil a contract to which the data subject is a party, Article 6 paragraph (1) point (b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our enterprise is subject to compliance, Article 6 paragraph (1) point (c) of the GDPR serves as the legal basis. In the event that the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 paragraph (1) point (d) of the GDPR serves as the legal basis. If the processing is necessary for the protection of a legitimate interest of our enterprise or a third party and the interests, fundamental rights and fundamental freedoms of the person concerned do not override the first-mentioned interest, Article 6 paragraph (1) point (f) of the GDPR serves as a legal basis for the processing.

3. Data erasure and storage period
The personal data of the data subjects is erased or blocked as soon as the purposes of the storage no longer exist. A storage may also take place if this is provided for through the European or national legislators in Union law and laws or other regulations to which the Controller is subject. The data can also be blocked or erased when a storage period prescribed by the aforementioned norms expires unless there is a necessity for the continued storage of the data toward the conclusion of a contract or the fulfilment of the contract.


III. Provision of the website and creation of log files

Each time our website is accessed, our system automatically records data and information from the accessing computer's computer system. The following data is collected in connection with this:
(1) Date and time of the access
(2) Referrer (previously visited web page)
(3) Amount of data sent
(4) Browser type and version
(5) Operating system
(6) Requested web page or file
(7) Device type used
(8) IP address in anonymised form (used exclusively for the establishment of the location of the access)
The data is stored anonymously. A storage of this data together with other personal data of the user does not take place. The legal basis for the temporary storage of the data and the log files is Article 6 paragraph (1) point (f) of the GDPR. The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the computer of the user. To do this, the user's IP address must be stored for the duration of the session. The storage in log files occurs in order to ensure the effectiveness of the website. In addition, we also use the data to optimise the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. In these purposes, our legitimate interest also lies with the data processing in accordance with Article 6 paragraph (1) point (f) of the GDPR. The data is erased as soon as it is no longer necessary to achieve the purposes of its collection. In the case that the data is collected to provide the website, the data is erased once the relevant session ends. In addition, the data in the log files, including the IP address (which is stored as encrypted) will be erased after thirty days at the latest. The collection of the data for the provision of the website and the storage of the data in log files is necessary for the operation of the Internet site. Consequently, there is no option to object on the part of the user.


IV. Hosting services through a third-party supplier

Within the scope of processing on our behalf, a third-party provider provides us with the services for the hosting and presentation of the website. All data collected within the scope of use of this website or in designated forms as described below will be processed on its servers. Processing on other servers only takes place within the scope described here. This service provider is located in a country within the European Union or the European Economic Area.


V. Contact via email

You may contact us via the email address provided on our website. The data in connection with this will not be transmitted to other third parties. The data is used exclusively for the processing of the conversation. The legal basis for the processing of the data that you transmit via email is Article 6 paragraph (1) point (f) of the GDPR. If the contact is aimed toward the conclusion of a contract, the additional legal basis for the processing is Article 6 paragraph (1) point (b) of the GDPR. The data is erased as soon as it is no longer necessary to achieve the purposes of its collection. For the personal data that is sent via email, this is the case when the respective conversation with you is ended. The conversation ends when it is clear from the circumstances that the matter concerned has been definitively clarified. You may at any time, for reasons arising from your particular situation, object to the processing of the personal data relating to you. In such a case, the conversation cannot continue. You may direct an objection to the processing in writing at the postal address of our contracting partner.

International Touring and Management GmbH & Co. KG
Talwiesen 9
76698 Ubstadt
or via email to the email address: fsuepfle@itm-agency.com

In this case, all personal data that had been stored in the course of the contact will be erased.


VI. Promo material downloads for organisers and partners

Organisers and partners have the option to retrieve the promo materials provided on our site and store these through downloading. Upon request for this by the organiser/partner, we will assign a password for logging in. When logging in for the purpose of retrieving the material, the data listed in Section III above is collected and stored anonymously. A storage of this data together with other personal data of the user does not take place. The legal basis for the temporary storage of the data and the log files is Article 6 paragraph (1) point (f) of the GDPR. The processing of the data is necessary for the provision and downloading of the promo materials as well as for the prevention of misuse of the materials. The data in the log files, including the IP address (which is stored in encrypted form) will be erased in no later than thirty days and apart from this, when it is no longer necessary to achieve the purpose of its collection. Even after the provision of the promo materials, a requirement to store personal data may exist in order to comply with contractual or legal obligations. If the data is necessary for the fulfilment of a contract or for the realisation of pre-contractual measures, a premature erasure of the data is only possible when the contractual or legal obligations of an erasure do not prevent this.


VII. Integration of YouTube videos

We have integrated YouTube videos into our website that are stored on www.youtube.com and are directly playable from our website. The YouTube platform service that is offered by the YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066 USA is an enterprise of Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA). The videos integrated in our website are integrated in the "enhanced data protection mode", i.e. that no data about you as a user will be transmitted to YouTube if you do not play the videos. Data will only be transmitted to YouTube when you play the videos. We have no influence on this data transfer. The integration of YouTube videos occurs in the interest of a customer-friendly, illustrative representation of our enterprise and our online offers. The legal basis for this is Article 6 paragraph (1) point (f) of the GDPR. Google LLC has their headquarters in the USA and is certificated under the EU-US Privacy Shield. A current certificate can be viewed here: https://www.privacyshield.gov/list. On the basis of this agreement between the USA and the European Commission, the latter has established a reasonable level of data protection for enterprises certified under the Privacy Shield. You can find further information about data protection in YouTube, a Google service, as well as further information about your rights and setting possibilities for the protection of your privacy in their data protection explanation under: https://policies.google.com/privacy?hl=en&gl=us.


VIII. Your rights as a data subject

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and this entitles you to the following rights toward the Controller:

1. Right of access
You can require a confirmation from the Controller as to whether or not the personal data that concerns you is processed by us. If such a processing exists, you can request the following information from the Controller:

(1) the purposes for which the personal data are processed;
(2) the categories of the personal data which are processed;
(3) the recipients or the categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed;
(4) the envisaged storage period of the personal data concerning you or, if no concrete in-formation regarding this is possible, the criteria used to determine storage period; (5) regarding the existence of the right to request the rectification or erasure of the personal data concerning you, a right to the restriction of the processing by the Controller and a right to object to this processing;
(6) regarding the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information regarding the origin of the data if the personal data is not collected from the data subject;
(8) regarding the existence of an automated decision-making including profiling according to Article 22 paragraphs (1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subjects.
You are entitled to the right to require access to information as to whether the personal data concerning you is transmitted to a third country or to an international organisation. In this context, you can ask to be informed about the appropriate safeguards in connection with the transmission pursuant to Article 46 GDPR.
2. Right to rectification
You have the right to a rectification and/or supplement without delay by the Controller provided that the processed personal data that concerns you is false or incomplete.

3. Right to erasure
a) Erasure obligation
You can require from the Controller that the personal data concerning you is erased without delay and the Controller is obligated to erase this data without delay provided that one of the following reasons applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing according to Article 6 paragraph (1) point (a) or Article 9 paragraph (2) point (a) of the GDPR is based and there is no other sufficient legal basis for the processing.
(3) You object to the processing pursuant to Article 21 paragraph (1) of the GDPR and no overriding legitimate grounds for the processing exist.
(4) The personal data concerning you was unlawfully processed.
(5) The erasure of the personal data concerning you is necessary for the performance of a legal obligation within the Union law or Member State law to which the Controller is subject to.
b) Exceptions
The right to erasure does not exist insofar as the processing is necessary
(1) for the exercise of the right on freedom of speech and information;
(2) for the performance of a legal obligation that requires the processing in accordance with the Union law or Member State law to which the Controller is subject to or for the performance of a task to be carried out in the public interest or in the exercise of official authority to which the Controller is subject to;
(3) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph (1) of the GDPR insofar as such rights under point (a) are likely to render impossible or seriously impair the realisation of the purpose of this processing, or
(4) for the assertion, exercise or defence of legal claims.

4. Right to restriction of processing
You can require the restriction of the processing of personal data concerning you under the following conditions:
(1) if you have contested the accuracy of the personal data relating to you for a period of time that enables the Controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and instead require the restriction of the use of the personal data;
(3) the Controller no longer requires the personal data for the purposes of processing, but you nevertheless require it for the assertion, exercise or defence of legal claims, or
(4) if you have lodged an objection to the processing in accordance with Article 21 paragraph (1) of the GDPR and have not yet established whether the legitimate grounds of the Controller override your grounds.
If the processing of the personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of a vital public interest of the Union or of a Member State. If the restriction of processing has been restricted pursuant to the above-mentioned conditions, the Controller will inform you before the restriction is removed.

5. Right to information
If you have asserted the right to rectification, erasure or restriction of the processing toward the Controller, the latter is obligated to undertake this correction or erasure of the data or restriction of the processing with each recipient of the personal data concerning you unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed by the Controller about these recipients.

6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit this data to another Controller without hindrance by the Controllers to which the personal data has been provided insofar as:
(1) the processing is based on a consent in accordance with Article 6 paragraph (1) point (a) of the GDPR or Article 9 paragraph (2) point (a) of the GDPR or on a contract according to Article 6 paragraph (1) point (b) of the GDPR and
(2) the processing is carried out with the aid of automated means.
In exercising this right, you also have the right to have the personal data concerning you directly transmitted from one Controller to another insofar as this is technically feasible. The freedoms and rights of other persons may not be adversely affected by this. The right to data portability does not apply to a processing of personal data that is necessary for the performance of a task that lies in the public interest or occurs in the exercise of official authority that has been transferred to the Controller.

7. Right to object
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of the personal data concerning you on the legal basis of Article 6 paragraph (1) point (e) or (f) of the GDPR. The Controller will no longer process the personal data concerning you unless they are able to demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.

8. Right to withdraw of the data protection consent statement
You have the right to withdraw your data protection consent statement at any time. The withdrawal of consent will not affect the lawfulness of the processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right according to Article 77 of the GDPR to lodge a complaint with a supervisory authority if you consider that the processing of the personal data concerning you is an infringement of the GDPR.


IX. Currency and changes to this Data Protection Statement

This Data Protection Statement is the August 2018 version. Through the further development of our website and the offers therein or due to changes in legal or regulatory requirements, it may be necessary to change this Data Protection Statement. You can retrieve and print the respective current Data Protection Statement at any time via the website under: http://www.itm-agency.com/PHP/PRIVACY_POLICY_DETAILS.php.