For the terms used (e.g. “personal data”, “processing”, “person responsible” and “processor”) we refer to the definitions of the GDPR in Art. 4 GDPR.
I. Name and contact details of the Data Controller and our Data Protection Officer
The person responsible for the processing of your personal data in the context of this website (Data Controller), if not specified otherwise, is: Lightcurve GmbH, represented by Maximilian Kordek & Oliver Beddows, Köpenicker Straße 126, 10179 Berlin, Email: firstname.lastname@example.org.
Our Data Protection Officer is Frederic Hannesen, Köpenicker Straße 126, 10179 Berlin, Email: email@example.com.
II. Personal data we are processing, the purpose and legal basis for that processing and storage periods for the data
1. Visiting our website
|Personal and additional data:||The provider of the pages collects and stores information in so-called server log-files, which your browser automatically transmits. The following data is temporarily stored by the web server when you visit the provider's website:
|Cookies:||We are using only session cookies. These cookies are used for activities that are strictly necessary to operate our website in a reliable manner, therefore, do not require you to consent.|
|Purposes of processing:||
2. Registration on our website
|Cookies:||We are using only necessary/session cookies. These cookies are used for activities that are strictly necessary to operate our website in a reliable manner, therefore, do not require you to consent.|
|Purpose of processing:||
You may, however, visit our site without registering.
III. Recipients of your personal data and where it is stored
Insofar as we disclose data to other persons and companies (Data Processors) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this only takes place on the following legal basis: performance of a contract Art. 6 para. 1 letter b GDPR, a legal obligation Art. 6 para. 1 letter c GDPR, our legitimate interests Art. 6 para. 1 letter f GDPR.
1. Data processors
The following categories of third-party providers (Data Processors) are used to enable the work of our websites and to communicate with you:
- Email notification provider.
- CRM software provider.
- Cloud storage providers.
If you wish to receive a complete and exhaustive list of all companies to which your personal data is transferred to, please contact our Data Protection Officer at firstname.lastname@example.org or our legal counsel at email@example.com.
2. Data storage location
Switzerland was found to have an adequate level of protection for personal data under European Commission Decision 2000/518/EC of 26 July 2000.
If we transfer data to a third party located outside of the EEA which is not in a White Listed Country, as data exporters, we enter into the European Commission’s model contracts (“SCCs”) for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) with the relevant data importer. Prior to entering into SCCs we assess, on a case-by-case basis, as outlined in the CJEU decision in Case C‑311/18 [also known as Schrems II] on 16.07.2020, whether an adequate level of data protection, comparably to the level of data protection within the EU is given in the country where the data will be transferred to. If the appropriate level of protection is not given, additional protection provisions and measures will be contractually agreed and/or implemented by us to ensure the protection of personal data.
IV. Rights of data subjects (your rights)
You have the following rights under the statutory provisions:
- Right to withdraw consent (Art. 7 (3) GDPR).
- Right of access to information (Art. 15 GDPR).
- Right to have incorrect personal data concerning you corrected (“Right to rectification”) (Art. 16 GDPR).
- Right to erasure (“Right to be forgotten”) (Art. 17 GDPR).
- Right to restriction of processing (Art. 18 GDPR).
- Right to data portability (Art. 20 GDPR).
- Right to object against the processing of personal data concerning yourself (Art. 21 GDPR).
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found here (site in German).
Please note that for each of the rights above, we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.