FORUM HOLZBAU (hereinafter "we") respects your privacy and personal data. In this data protection notice, we provide information about the collection, processing and use (hereinafter all together also referred to as "processing") of your personal data, if and to the extent that they occur during the use of our websites www.forum-holzbau.com, www.forum-holzkarriere.com and www.forum-holzbranche.com. In addition, all persons affected by the data processing are informed about the rights to which they are entitled.
1. responsible party
The following company is responsible for the processing of your personal data described in this data protection notice:
FORUM HOLZBAU (Association)
2502 Biel/Bienne, Switzerland
The data protection notice contains the following terms of the EU General Data Protection Regulation 2016/679 ("GDPR"):
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "you"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pseudonymization is the processing of personal data in a way in which the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Consent is any expression of will in the form of a declaration or other unambiguous affirmative action, given voluntarily by the data subject for the specific case in an informed manner and in an unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
3. data collection on our websites
On our websites, we process the following types of personal data:
- Inventory data (e.g. names, addresses)
- Contact data (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses).
4. purposes and legal basis of processing
On the one hand, your data is collected by you providing it to us. This may, for example, be data that you enter in a contact form. Other data is collected automatically by our IT systems when you visit the websites. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you visit our websites. We collect your personal data primarily to fulfill our obligations arising from your orders on our websites. Some of the data is collected to ensure error-free provision of the websites. Other data may be used to analyze your user behavior or for marketing purposes. Data is also processed for the purpose of registration for the Congress and in the context of applying for published job offers.
4.2 Processing for the performance of our services
We process your personal data if and insofar as this is necessary for the establishment, implementation or termination of a contractual or quasi-contractual relationship.
The contractual relationship comes into existence, for example, when you purchase the services offered by us on our websites.
The legal basis for the processing of personal data that is related to a contractual or quasi-contractual relationship is, for the EU and EEA, Art. 6 (1) sentence 1 b DSGVO. This also applies to processing that is necessary for the implementation of pre-contractual measures.
The personal data will be deleted after the termination of the contractual or quasi-contractual relationship in compliance with the statutory retention obligations.
In other respects, we process your personal data if and insofar as you have given us your consent to do so. In doing so, this data will only be used for the purpose and to the extent stated in the consent, e.g. we will only inform you about our products and services in accordance with the consent you have given.
The legal basis for data processing based on your consent is in the EU and EEA Art. 6 para. 1 sentence 1 a DSGVO, in which case you have the right of revocation for the future. You can send the revocation by letter or by e-mail to the contact details of the responsible body mentioned under point 1. The lawfulness of the data processing carried out until the assertion of your rights remains unaffected.
The personal data will be deleted after completion of the purpose pursued with the consent in compliance with the statutory retention obligations.
Within the scope of the consent, your personal data may be transferred to third parties, who process this data exclusively within the scope of their consent.
4.4 Automatically generated data
Every time our websites are called up, data is automatically processed in log files that originate from your terminal device and may also include personal data. This applies to the following data:
- The operating system of your terminal device
- The type of browser you use
- The name of your provider
- Your IP address
- Date and time of the call
- The websites visited, including any search terms
- The websites from which you have accessed our websites.
We do not process this data together with other personal data of yours, i.e. we do not assign the aforementioned data to your person. The legal basis for processing the automatically generated data in the EU and EEA is Art. 6 (1) sentence 1 f DSGVO. The processing is necessary to ensure the functionality of the websites as well as to optimize and correctly deliver the content of our websites and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This is also the legitimate interest for the data processing.
The automatically generated data is deleted as soon as it is no longer required to achieve the aforementioned purposes, i.e. when the respective website visits have ended. In the case of processing your IP address, the deletion takes place after 7 days at the latest.
The processing of the aforementioned data for the provision of the websites and any storage in log files is absolutely necessary for the operation of the websites. Consequently, there is no possibility to object.
4.5 Legal obligation and legitimate interests of the responsible party.
The basis for the processing of personal data may also lie in the necessity for the fulfillment of legally justified obligations (for the EU and EEA countries: Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO). Customers, interested parties, business partners and website visitors may be affected by processing.
The purpose and our legitimate interest in the processing of personal data lie predominantly in the maintenance of our business activities, performance of our tasks and provision of our services, e.g. in the context of general administration, financial accounting, office organization or archiving of data. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities. In this context, we disclose or transmit data to the financial administration, consultants, such as, for example, tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information on suppliers, event organizers and other business partners, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.
Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
In this way, the website recognizes on subsequent visits by the user whether or that it has already been called up once with this browser. This allows the website to be adapted to the user's needs when called up again, in particular, and the use of the website can be statistically evaluated and the presentation of the displayed content varied.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our websites may be limited.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis in the EU and EEA Art. 6 para. 1 lit. f DSGVO. As a website operator, we have a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are collected and used on the basis of your consent, the legal basis in the UE and EEA is Art. 6 para. 1 sentence a DSGVO. You have the right to revoke your consent at any time.
Under the links below you can find out how to manage (including disable) cookies on the main browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und refuse
6. registration and login and contact
Our websites may provide the option of registering or subscribing (e.g. to the newsletter) by entering personal data. The personal data that is transmitted to us in this process can be seen from the respective registration mask. The data you enter will be processed exclusively for the purposes stated in connection with the registration.
If you contact us by e-mail, via a contact form or in a comparable form (e.g. inquiries about our products or services), the personal data you provide will also be processed. However, this data processing is limited to the purposes of processing the inquiries or contacting you.
In the context of registration and login, the IP address assigned to you at the time of registration, login or contact will be processed, as well as the date and time. This data processing is necessary in order to prevent the misuse of our services, as crimes committed could be solved by means of this data. This results in the legitimate interests in the data processing.
The legal basis for this processing, if consent has been given, is Art. 6 (1) sentence 1 a DSGVO (applies to the EU and EEA), in which case you have the right of revocation for the future. You can send the revocation by letter or by e-mail to the contact details of the responsible body mentioned under point 1. The lawfulness of the data processing carried out until the assertion of your rights remains unaffected.
The personal data will be deleted after revocation or achievement of the legitimate interests or upon objection in compliance with the statutory retention obligations. In the case of contact, your data will be deleted as soon as the respective request is completed or you object to the data processing, in which case the correspondence will be discontinued.
7. social plugins
Data processing is carried out in the EU and EEA on the basis of Art. 6 (1) lit. f DSGVO from the legitimate interest in the demand-oriented and targeted design of our websites. You have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation. Insofar as other data is used, it is collected and stored with your consent, which was indicated on our websites. The legal basis in the EU and EEA is Article 6 (1) DSGVO. You have the right to revoke your consent at any time.
7.2 Facebook plugin
Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the "Like button" ("Like") on our page. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
7.3 Plugins from YouTube
We use the YouTube video embedding function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "YouTube") on our websites. YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
The function displays videos deposited with YouTube in an iFrame on the websites. In doing so, the option "Extended data protection mode" is activated. As a result, YouTube does not store any information about visitors to the websites. Only when you watch a video is information about it transmitted to YouTube and stored there.
7.4 Plugins from GoogleMaps
We use the function for embedding GoogleMaps maps of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our websites.
The function enables the visual display of geographical information and interactive maps. In doing so, Google also collects, processes and uses data of the visitors of the websites when calling up the pages in which GoogleMaps maps are integrated.
There you also have the option in the Privacy Center to change your settings so that you can manage and protect your data processed by Google.
7.5 Plugins from Instagram
On our pages, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA integrated.
7.6 Google Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. Through this, Google obtains knowledge that our websites have been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font will be used by your computer.
We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York 10011.
On some of our websites, we use plugins from the provider Vimeo. When you call up the websites of our Internet presence that are provided with such a plugin, a connection is established to the Vimeo servers and the plugin is displayed. This transmits to the Vimeo server which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our websites and deleting the corresponding cookies from Vimeo.
Further information on data processing and notes on data protection by Vimeo can be found at: https://vimeo.com/privacy.
Our websites use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the "Recommend button" of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data and its use by LinkedIn.
The use of the LinkedIn plugin is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media.
8. analytics tools and advertising
8.1 Google Analytics
Our websites use functions of the web analytics service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the websites. The information generated by the cookie about your use of these websites is usually transmitted to a Google server in the USA and stored there.
The data processing, in particular the setting of cookies, is carried out with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Google Analytics cookies may also be stored based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize its website.
By subscribing to our newsletter, you agree to receive it and to the described procedures. Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.
Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.
Registration data: To register for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to enter a name for the purpose of a personal address in the newsletter.
The dispatch of the newsletter and the associated performance measurement are based on the consent of the recipients (For EU and EEA: according to Art. 6 para. 1 lit. a, Art. 7 DSGVO) or if consent is not required, based on our legitimate interests in direct marketing according to Art. 6 para. 1 lt. f. DSGVO. The logging of the registration process is based on our legitimate interests pursuant to Art. 6 (1) lt. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and further allows us to prove consent. Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
9.2 Newsletter - dispatch service provider
The dispatch of the newsletter is carried out by means of the dispatch service provider sendingblue.com. You can view the data protection provisions of the sending service provider here: https://de.sendinblue.com/legal/privacypolicy/.
The dispatch service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO and an order processing contract pursuant to Art. 28 para. 3 p. 1 DSGVO. The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
9.3 Newsletter - performance measurement
The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or if we use a dispatch service provider, from their server. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected.
This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. Unfortunately, a separate revocation of the performance measurement is not possible, in which case the entire newsletter subscription must be cancelled.
10. access of third parties to your personal data
The data processing is carried out by ourselves and, unless we have expressly excluded this, by service providers commissioned by us as well as, in the case of your corresponding consent or in the context of contractual relationships or if pseudonymized, also by other third parties if there are legitimate interests for this. The scope of the data transfer is limited to a minimum.
Apart from that, no third party has access to your personal data. In particular, we will not sell or otherwise exploit them. We will only process the data in response to official or legal requirements and in the case of legal notification obligations, in particular we will transfer the data to government agencies.
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of your permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 DSGVO. This applies in particular to payment services for the purpose of fulfilling your payment obligations. The data is also forwarded to our units in Austria, Germany and France.
11. information on third country transfers
In the event that your personal data is transferred to entities in third countries outside Switzerland, the EU or the EEA, this will only be done if the EU Commission has decided that the third country, territory or several specific sectors in that third country offer an adequate level of protection. If we process data in such a third country or if this is done in the context of using third-party services or disclosing, or transferring data to third parties, this is only done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.
12. storage period as well as deletion and restriction/blocking
We process your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by relevant legal regulations. If the legal basis for data storage is a contract, the data will be stored for no longer than 10 years in accordance with administrative requirements. If the purpose for storing the data no longer applies or if a storage period prescribed by the relevant legal regulations expires, the personal data will be routinely deleted or restricted/blocked in accordance with the legal requirements. In the case of contractual relationships, this applies accordingly until the expiry of statutory limitation periods.
13. your rights
You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to demand the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in point 1 of this data protection declaration. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
14. right of appeal to a supervisory authority
Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for the EU and EEA states is an independent state body established by a member state in accordance with Article 51 of the GDPR. The supervisory authority for data protection in Switzerland, where we are based, is the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Bern, phone +41 58 464 94 10.
15. changes to this data protection notice
We always keep this data protection notice up to date. Therefore, it may be necessary to adapt the data protection notice to changed conditions of a factual or legal nature. These adjustments are accepted with the use of our websites.
Status: March 1, 2020