Privacy Policy

This Privacy Policy informs you about the processing of personal data on this website, our social media pages and our event, as described on this website.

Personal data (also referred to as: "data") means any information relating to an identified or identifiable natural person.

"Processing" of data means any operation or set of operations which is performed on personal data or a set of personal data with or without automated means. This includes collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination, or otherwise making available, aligning or combining, restricting, erasing, or destroying data.

The legal basis for data protection can be found, in particular, in the “General Data Protection Regulation” (short: GDPR) (long: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)).

This Privacy Policy can be accessed and printed out on the website at any time. This Privacy Policy may be amended in compliance with the applicable legal provisions.

Controller

The controller (also: “we/us/our” or “HSC”) for data processing is:

Hamburg Sustainability Conference gGmbH, Werner-Otto-Strasse 1-7, 22179 Hamburg

registered with local court (Amtsgericht) Hamburg under HRB 181575
represented by managing directors Dr. Johannes Peter Merck, Michael Peter Keller

email:
office@sustainability-conference.org

phone:
+ 49 (0) 30 4377 3025

A controller is the natural or legal person who, either alone or jointly with others, determines the purposes and means of processing of personal data.

Scope of data processing

Your data will be processed within the scope of this website or for the purposes of providing the additional services described below.

During this process, data may also be processed by third-party providers, such as the website's hosting provider, email services, CRM software, or other applications, as well as social media providers.

Contact information, usage data, or other information that you provide is processed. Further details regarding such processing can be found in this Privacy Policy or additional information provided to you.

*data*	*data processing purpose*	*legal basis*
Contact data, if applicable, other data provided for the contractual relationship (such as an event registration or message)	Response to your inquiries, communication or storage/processing of data in order to establish, implement and/or handle a contractual relationship	Article 6 para. 1 p. 1 lit. b. GDPR
Contact data, possibly other data provided for the contractual relationship (such as an event registration or a message).	Compliance with legal obligations (e.g. commercial or tax retention obligations)	Article 6 para. 1 p. 1 lit. c. GDPR
Contact data, possibly other data provided for the contractual relationship (such as an event registration or a message)	Assertion, exercise and defense of legal claims, whereby the legitimate interest lies, for example, in the assertion of legal claims and defense in legal disputes	Article 6 para. 1 p. 1 lit. f. GDPR
Data that you provide on the basis of consent	with your consent for the purposes stated when giving it; this applies, for example, to the data you provide voluntarily	Article 6 para. 1 p. 1 lit. a. GDPR or Article 9 para. 2 p. 1 lit. a. GDPR for special categories of personal data

You provide data if this is necessary for the stated purposes. Failure to provide data may result in legal disadvantages, such as the loss of legal positions, for example, no response to your request.

Your personal data will generally be processed within the EU/EEA. As soon as your data is processed outside the EU/EEA, compliance with European data protection standards is ensured in each case and you will be informed of this. Detailed information regarding the processing of data by third-party providers that we use can be found in this Privacy Policy or will be provided to you separately.

We have implemented technical and organizational measures to ensure compliance with data protection regulations. For security purposes and to protect the transmission of confidential content that you send to the site operator, this website uses SSL or TLS encryption.

Your rights

You have the following rights:

You have the right to request information at any time about all of your personal data that we are processing.
If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that legally obligated to continue processing your data or if there are legal grounds allowing us to do so.
If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
You have the right to object to the processing insofar as the data processing is based on profiling or for direct marketing purposes.
If processing is carried out based on a balance of interests, you may object to the processing by providing reasons related to your specific situation.If we process your data based on your consent or a contract, you have the right to receive a transfer of the data you provided, as long as this does not adversely affect the rights and freedoms of others.
If we process your data based on your consent, you have the right to withdraw your consent at any time with future effect. Any processing that occurred before the withdrawal will remain unaffected by your withdrawal.

To exercise the rights mentioned above, you can reach out to us using the contact options provided above.

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Storage and deletion of data

In general, your personal data will be retained only for as long as it is necessary for the execution of the contract or the respective purpose for which it is processed. The storage period is kept to an absolute minimum and is determined by various factors. Such factors include, the time it takes to fulfill a request, default settings of third-party providers, and other relevant considerations.

Your data may be retained beyond these periods if it is required by applicable legal retention periods, such as those stipulated in the German Commercial Code (HGB) or Fiscal Code (AO). Further details regarding storage periods can be found in this Privacy Policy or in other information provided to you.

Contact (form) and e-mails

If you use the contact form on the website, send an email, or otherwise get in touch with us, the information from your respective request, including the contact data you provide, will be processed for the purpose of handling your request and addressing any follow-up questions.

The data that are processed include:

contact data (e.g. name, email address)
information about the company you work for
other data provided in the inquiry
technical data (such as your IP address)

These data are processed for the purpose of communication or storage/processing of data in order to establish, implement and/or handle a contractual relationship; this may also include the response to your inquiry based on the contractual relationship with you (Article 6 para. 1 sentence 1 lit. b. GDPR) or your consent to respond to the inquiry (Article 6 para. 1 p. 1 lit. a. GDPR).

Mail content is stored in accordance with the relevant legal retention periods, typically ranging from 3 to 10 years. Mail logs for sending emails from the web environment are pseudonymized and retained for 60 days. Mail logs for emails sent via our mail servers are deleted after four weeks. The retention of this data is essential to maintain the functionality of our mail services and to prevent spam.

Visiting the website

We (or the web space provider) collects data about each visit of the website (so-called server log files).

The data that are processed include:

Access logs: IP address, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed host name (IP addresses shortened and stored for 60 days)
Error logs (log faulty page requests, deleted after 7 days)
Accesses via FTP (are logged with shortened information about user name and IP address and kept for 60 days)

These data are processed for the purposes of statistical evaluations for the purpose of optimizing the website as well as ensuring the stability and operational security of the website due to the legitimate interest of fraud prevention and quality assurance (legal basis: Article 6 para. 1 p.1 lit. f GDPR) and fulfillment of legal obligations and for reasons of data security (legal basis: Article 6 para. 1 p. 1 lit. c GDPR).

Cookies on the website

The website partly uses so-called cookies. Cookies serve to make the offer more user-friendly, more effective and safer. Cookies are small text files that are stored on the end device used and saved by the browser.

Various types of cookies are used for different purposes.

Some of the cookies used are so-called "session cookies". These are automatically deleted after the end of your visit. Session cookies are necessary to attribute successive page requests to the respective visitors of the website who access the website simultaneously. Other cookies remain stored on the end device until you delete them. These cookies enable your browser to be recognized during your next visit.

OPT-OUT: You have the option to configure your browser settings to be notified about the placement of cookies and to permit cookies only in specific cases, reject the acceptance of cookies for certain situations, or entirely disable them, as well as activate automatic cookie deletion upon closing your browser. You can manage many online advertising cookies from companies through the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/. Please note that disabling cookies may result in limited functionality of this website.

To the extent that personal data is processed when using technically mandatory cookies, this is based on the legal basis of Article 6 para. 1 p. 1 lit. f. GDPR due to legitimate interests of quality assurance and a technically flawless presentation of the website. If the use of cookies requires consent, the processing of the information or data is based on your consent (legal basis: Article 6 para. 1 p. 1 lit. a GDPR).

On the website a csrf_contao_csrf_token is used for the purpose of the protection from Cross-Site-Request-Forgery-Attacks as technically mandatory cookie.

If you subscribe to a newsletter, we will send you information about us, our events and updates on the selected topics (for example: global sustainability topics).

If we have an existing contractual relationship with you and you did not opt-out, we may send you information about similar products and services. In these cases we process your data for the purpose of sending the newsletter.

The processed data are:

email address
optional: name, gender, job information, interests, newsletter preferences
time of registration and confirmation
HTTP data: This is protocol data that is technically required for opening the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
Web Extend Identifiers. These are pseudonymized identifiers such as external IDs or hashed email addresses.
Opening and reading times, information which links where clicked, reading behavior

If you have subscribed to our newsletter, the legal basis for processing newsletter data is Article 6 para. (1) (a) GDPR (consent). If we have an existing contractual relationship with you and you did not opt-out, the legal basis for processing newsletter data is Article 6 para. (1) (b), (f) GDPR, 7 German Unfair Competition Act (contract with you, legitimate interest of keeping you informed about our products).

We may also process your usage data based on our legitimate interest of improving our newsletters, verifying mailing lists, displaying more relevant content, optimizing the technical delivery and presentation of newsletters, conducting statistical analysis to determine the recipients' countries of origin, and facilitating the adjustment of your interests in a user-friendly way (Article 6 para. (1) (f) GDPR).

You provide your contact details yourself when you enter into a contractual relationship with us or subscribe to the newsletter; additional data for analysis is automatically transmitted by your browser and email client.

If you wish to change your preferences regarding the content you receive through our newsletters, you can do so by clicking the corresponding button in a newsletter and selecting your new preferences applicable for the sending of newsletters to your email address.

For the provision and improvement of services, especially for the provision, maintenance, and upkeep of IT systems, we use service providers as data processors within the scope of data processing agreements with them. In particular, we use activecampaign.com (software provided by ActiveCampaign). The web beacons contained in the newsletter are retrieved from the ActiveCampaign server in the USA when you open the newsletter. We have entered into EU Standard Contractual Clauses with ActiveCampaign, and ActiveCampaign is only allowed to process your data for our purposes.

Data related to newsletters will be deleted when you unsubscribe from the newsletters (for example via using the unsubscribe button in a newsletter). Data regarding opening and reading times, as well as user behavior, are typically deleted or anonymized after 12 months. The remaining data will also be deleted after 12 months, unless we are obligated to retain your data for legitimate interests (such as follow-up inquiries) or due to compliance with legal retention obligations.

The data is necessary for receiving newsletters. You can withdraw your consent at any time. Please use the unsubscribe function in the newsletter.

Registering for HSC Conference

If you register for the HSC conference you are asked to provide us with certain data that are necessary for registering for the HSC conference and communicating with you. The kind of data you are asked to provide depend on the role at the conference you are registering for, as participant, speaker, press, crew or partner.

These data are: contact data, address data, date and place of birth, data about your organization

You are also asked for optional non-mandatory data, that will allow us to make the interaction with you more specific and improve the conference expirience. These data include: gender, title, interests, participation in the conference, job title, industry, consent to sending newsletters.

These data are processed for the purpose of communication or storage/processing of data in order to establish, implement and/or handle a contractual relationship with you related to the conference event, like sending the ticket, printing the badge, accreditation (legal basis: Article 6 para. 1 sentence 1 lit. b. GDPR) and to comply with our legal obligations (for example: commercial or tax retention obligations) (legal basis: Article 6 para. 1 p. 1 lit. c. GDPR).

The data are processed based on our legitimate interest of quality management of the HSC conference and the assertion, exercise and defense of legal claims, whereby the legitimate interest lies, for example, in the assertion of legal claims and defense in legal disputes or for providing and checking certain safety documents for the conference (legal basis: Article 6 para. 1 p. 1 lit. f. GDPR).

If we have an existing contractual relationship with you and you did not opt-out, we may process your contact data for approaching you about upcoming HSC conferences or similar events (legal basis: Article 6 para. (1) (b), (f) GDPR, 7 German Unfair Competition Act (contract with you, legitimate interest of keeping you informed about our products)).

If indicated as non-mandatory data, the data are processed based on your consent (legal basis: Article 6 para. 1 p. 1 lit. a. GDPR). You can withdraw your consent any time with effect for the future (for example via email to: info@sustainability-conference.org).

For the purpose of event communication and ticket management we use service providers as data processors within the scope of data processing agreements with them. In particular, we use activecampaign.com (software provided by ActiveCampaign) for event communication. ActiveCampaign may process your data outside the EU/EEA (USA). We have entered into EU Standard Contractual Clauses with ActiveCampaign, and ActiveCampaign is only allowed to process your data for our purposes.

Your registration data are stored in accordance with the relevant legal retention periods, typically ranging from 3 to 15 years.

Attending HSC Conference, Photos at HSC conference

When you attend the HSC conference we will process certain conference attendance data. These data include: status of attending the HSC conference, status of providing your consent for the publication of photos/film

We will also take photos and film at the HSC conference. If you as a HSC conference participant have given your explicit consent, these photos or films may be published on the HSC website and social media. You can withdraw your consent any time with effect for the future (for example via email to info@sustainability-conference.org).

These data are processed for the purpose of communication or storage/processing of data in order to handle a contractual relationship with you related to the conference event (legal basis: Article 6 para. 1 sentence 1 lit. b. GDPR) or, if indicated as non-mandatory, based on your explicit consent (Article 6 para. 1 p. 1 lit. a. GDPR).

These data are also processed to comply with our legal obligations (for example: commercial or tax retention obligations) (legal basis: Article 6 para. 1 p. 1 lit. c. GDPR) and the assertion, exercise and defense of legal claims, whereby the legitimate interest lies, for example, in the assertion of legal claims and defense in legal disputes (legal basis: Article 6 para. 1 p. 1 lit. f. GDPR).

If we have an existing contractual relationship with you and you did not opt-out, we may process your contact and attendance data for approaching you about upcoming HSC conferences or similar events (legal basis: Article 6 para. (1) (b), (f) GDPR, 7 German Unfair Competition Act (contract with you, legitimate interest of keeping you informed about our products)).

The event attendance data is stored in accordance with the relevant legal retention periods, typically ranging from 3 to 15 years.

Social Media

We operate social media sites. Social media pages are managed by service providers who process data for providing such sites.

The purpose for data processing on our social media sites is to provide you with interesting content and to interact with you on social media platforms. Depending on the social media service, usage data may also be analyzed to improve our social media presence.

The processed data consist of content and usage data on such social media sites.

Information and data displayed or shared on HSC social media sites may be accessible to the respective provider of the social media platform, its users and HSC (or contracted service providers).

Further details regarding data processing on the respective social media sites can be found on the respective social media pages and this Privacy Policy.

Facebook:
We and Facebook (for users in the EU/EEA: Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the HSC Facebook page. The agreement on joint controllership is available under: https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Facebook is responsible to inform data subjects about the processing activities. Facebook’s Privacy Policy is available under: https://www.facebook.com/privacy/explanation. Data subjects may exercise their rights in respect of and against each of the controllers, HSC and/or Facebook. For more information on the data Facebook shares with HSC please visit https://www.facebook.com/business/learn/facebook-page-insights-basics. The legal basis for the processing of data by HSC is the legitimate interest in the analysis of usage data to improve the Facebook Page (Article 6 para. (1) (f) GDPR).

Instagram:
We and Instagram (for users in the EU/EEA provided by Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the HSC Instagram page. The agreement on joint controllership is available under: https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Instagram (provided by Facebook) is responsible to inform data subjects about the processing activities. Instagram’s Privacy Policy is available under: https://help.instagram.com/519522125107875 Data subjects may exercise their rights in respect of and against each of the controllers, HSC and/or Instagram (provided by Facebook). For more information on the data Instagram shares with HSC please visit https://de-de.facebook.com/help/instagram/788388387972460?helpref=related. The legal basis for the processing of data by HSC is the legitimate interest in the analysis of usage data to improve the Instagram Page (Article 6 para. (1) (f) GDPR).

Youtube:
We operate a social media page on the Youtube platform. The collection and processing of this data is the sole responsibility of Google (for EU/EEA Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider). We have no knowledge of further details of the processing of personal data in data controllership of Google or a possible data processing in the USA. HSC has no influence on the data processing of Google. For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy As applicable, the legal basis for the processing of data by HSC is the legitimate interest in the analysis of usage data in to improve the Youtube Page (Article 6 para. (1) (f) GDPR).

X (former: Twitter):
We operate a social media page on X (for EU/EEA by Twitter International Unlimited Company (company number 503351, USt-Nr. IE9803175Q), One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland). For users in the EU/EEA the controller-to-controller data protection addendum between X and HSC applies: https://gdpr.twitter.com/en/controller-to-controller-transfers.html According to the agreement the collection and processing of this data is the sole responsibility of X. X’s Privacy Policy is available under: https://twitter.com/en/privacy. As applicable, the legal basis for the processing of data by HSC is the legitimate interest in the analysis of usage data to improve the X Page (Article 6 para. (1) (f) GDPR).

LinkedIn:
We and LinkedIn (for users in the EU/EEA: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) are joint controllers of the processing of personal data via the HSC LinkedIn page. The agreement on joint controllership is available under: https://legal.linkedin.com/pages-joint-controller-addendum. According to the agreement, LinkedIn is responsible to inform data subjects about the processing activities. LinkedIn’s Privacy Policy is available under: https://www.linkedin.com/legal/privacy-policy Data subjects may exercise their rights in respect of and against each of the controllers, HSC and/or LinkedIn. For more information on the data LinkedIn shares with HSC please visit https://www.linkedin.com/help/linkedin/answer/4499/viewing-company-page-analytics?lang=en. The legal basis for the processing of data by HSC is the legitimate interest in the analysis of usage data to improve the LinkedIn Page (Article 6 para. (1) (f) GDPR).

(November 15, 2023)