DATA PROTECTION DECLARATION
This text version is a translation of the original German text which is the only legally binding version.
ICA Institutional Capital Associates GmbH (ICA) attaches great importance to the responsible handling of personal data. We would like users to know when certain data is collected and used by ICA. ICA operates a website under the domain www.ic-icf.com. The activities of ICA are announced and archived on this website. It is also possible to register for ICA events via this website. We only process personal data to the necessary extent. The basis on which different data is processed depends on the purpose for which the data is required.
1. WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO CAN I CONTACT?
ICA is responsible for processing your data in line with Article 4(7) GDPR. You can find our contact details below:
ICA Institutional Capital Associates GmbH,
represented by is managing director Mr. Hans-Peter Dohr
Setzbergstrasse 8,
83624 Otterfing,
Germany
Tel.: +49 89 125 01 80 30
E-Mail: hp.dohr@ic-ica.com
2. WHAT IS THE LEGAL BASIS FOR US TO PROCESS YOUR PERSONAL DATA?
At ICA, personal data is processed in accordance with the European General Data Protection Regulation (GDPR), the German Telemedia Act (TMG) and the Federal Data Protection Act (BDSG). Provided ICA obtains consent from the data subject to process their personal data, Article 6(1)(a) GDPR shall serve as the legal basis. Any consent granted can be revoked at any time with effect for the future. This shall also apply to revoking any declarations of consent that were given to us before the GDPR came into effect, i.e. before 25 May 2018. If personal data required to fulfil a contract is processed where the contracting party is the data subject, Article 6(1)(b) GDPR shall serve as the legal basis in the individual case. This shall also apply to processing that is required to perform pre-contractual measures. If personal data needs to be processed in an individual case in order to fulfil a legal obligation, Article 6(1)(c) GDPR shall also serve as the legal basis in conjunction with the relevant legislation from which the legal obligation arises. In the rare event that the vital interests of the data subject or another natural person necessitates the processing of personal data, Article 6(1)(d) GDPR shall serve as the legal basis. Where necessary, we shall also process your data for the protection of our own legitimate interests or those of third parties. Examples may include: Asserting legal claims and pleas in legal disputes, verifying the IT security and IT operations of ICA, ICA public relations or preventing criminal offences (and others). In such cases, Article 6(1)(f) GDPR shall serve as the legal basis.
3. WHAT PERSONAL DATA IS PROCESSED IN CONJUNCTION WITH A VISIT TO OUR WEBSITE?
3.1 Data collection
Each time a user accesses our web pages and each time a file is retrieved, data on this process is temporarily processed in a log file on the web server. Amongst this stored data is the name of the page accessed, date and time of the request, the IP address, the volume of data transferred and the requesting provider. The legal basis for temporarily storing the data shall be Article 6(1)(e) and (f) GDPR. Other personal data relating to the user shall not be combined. When using this information, ICA shall not draw conclusions about the data subject.
Rather, this information is required to
- correctly deliver the content of our website
- optimise the content of our website
- guarantee the functionality of our IT systems and the technology of our website
3.2 Cookies
Our website uses cookies which store the session data during a visit (session cookies). Cookies simplify your visit to our website. Cookies are small text files that are automatically stored by your web browser on the hard drive of your computer when you visit our website. The use of our cookies does not mean that we obtain new personal data about you. The cookies used by our website generally lose their validity after one hour. Most internet browsers automatically accept cookies. You can configure your browser in such a way that no cookies are stored on your computer or a notification appears if you receive a new cookie. Deactivating cookies may mean that you are unable to use all of the functions on our website.
3.3 What personal data is processed within the course of establishing contact?
Personal data is processed depending on the means of contact.
3.3.1 Contact via email
Contact with ICA via email can be made via the individual work email addresses of the employees or the email address for the specific office, for example events@ic-icf.com.
Provided that you use one of the above-mentioned means of contact, the data submitted by you (e.g.: surname, first name, address, or similar), however no less than the email address and the information contained in the email (including, where applicable, the personal data submitted by you) will be processed for the purposes of establishing contact and handling your request. We advise you that data processing takes place on the basis of Article 6(1)(e) GDPR in conjunction with Article 3 BDSG. It is necessary to process the personal data submitted by you for the purpose of handling your request.
3.3.2 Registration on the website
Data is collected on the basis of Article 6(1)(b) GDPR, performance of contract. Mandatory information when registering on the website is:
- institution
- salutation
- name (first name, surname)
- role
- department
- email address
- telephone number
Mandatory information is collected and stored to provide information on who our contracting party is, that is, to whom we are providing services and invoicing, for processing an order, for transmitting the order confirmation, and to contact with you with any queries.
Without registration, we are unfortunately unable to provide you with services such as online advance sale or simplified repeated ticket purchase, match-making, or other
3.3.3 Ordering and registration for events
You can register yourself and other participants for an event. Confirmation is automatically sent to the email address linked to the registered user account. Data is processed on the basis of Article 6(1)(b) GDPR, performance of contract.
Obligatory information when ordering and registering for an event (see section 3.3.2) and where applicable, your involvement in other parts of the programme, such as the evening event and your affiliation to an ICA target group.
Mandatory information is collected for the purpose of organising the event including special programmes, preparing event materials, arranging meeting spaces and greeting and registering you at the event. We print name badges and compile and store various participant lists on which the event title, event date, amount paid, your certifications and your involvement in particular programmes, such as evening events, are visible. We store your association to a ICA target group – if specified by you – for statistical evaluations and for the opportunity to invite you to further events. We also may create participation lists with names and institutions and display this list at the corresponding event.
3.3.4. Payment
The relevant payment data (billing address, the amount to be paid, type of payment, credit card or bank details) is used or passed on to payment service providers solely for the purpose of executing the payment process. The basis for data collection is Article 6(1)(b) GDPR, performance of contract.
4. FORWARDING PERSONAL DATA TO THIRD PARTIES
Personal data of those registered for events will be passed on to the relevant event co-organising institutions, should the situation arise. Co-organising institutions are specified in the description of the relevant event. The responsible party and your point of contact for any queries concerning the processing of your data for events you registered for at www.ic-icf.com shall be ICA (see Section 1. Who is responsible for data processing and who can I contact?). Data is processed on the basis of Article 6(1)(b) GDPR, performance of contract. Personal data is passed on to payment service providers as a part of the payment process (see Section 3.3.4. Payment). We will not sell or otherwise pass on your data to third parties. An alternative shall only apply in the event of a legal obligation or if this is required to exercise our rights, in particular to assert claims from the contractual relationship with you.
5. WHAT DATA PROTECTION RIGHTS DO I HAVE?
You have the following rights towards ICA with regard to your personal data:
- the right of access in accordance with Article 15 GDPR
- the right to rectification in accordance with Article 16 GDPR
- the right to erasure in accordance with Article 17 GDPR
- the right to restriction of processing in accordance with Article 18 GDPR
- the right to object from Article 21 GDPR
- the right to data portability from Article 20 GDPR
The restrictions in accordance with Articles 34 and 35 BDSG apply to the rights of access and to erasure. You can revoke consent given to us to process personal data at any time with future effect. This shall also apply to revoking any declarations of consent that were given to us before the GDPR came into effect, i.e. before 25 May 2018. You may assert the aforementioned rights by post using the ICA address stated at the beginning of this data protection declaration. Furthermore, you have the right to lodge a complaint with the supervisory authority for data protection (German Federal Commissioner for Data Protection and Freedom of Information), cf. Article 77 GDPR in conjunction with Article 19 BDSG. You can also contact the Data Protection Officer at ICA with any queries and complaints.
6. AMENDMENTS TO THE DATA PROTECTION DECLARATION
ICA reserves the right to modify this data protection declaration so that it always adheres to current legal requirements. We recommend that you read our data protection declaration regularly in order to stay up to date regarding the protection of the personal data that we collect.
This text version is a translation of the original German text which is the only legally binding version.