This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and associated websites, functions and content as well as external online presences, e.g. our social media profile (hereinafter jointly referred to as “online offering”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in art. 4 of the Basic Ordinance on Data Protection (RGPD).
Ville d’Ettelbruck « Foire Agricole »
Fax: +352 81 91 81 585
Email : email@example.com
Michel Santer Jeff Boonen
+352 81 85 25-702 +352 81 85 25-704
TYPES OF DATA PROCESSED :
CATEGORIES OF PEOPLE CONCERNED
Visitors and users of the online offer (hereinafter referred to as “users”).
PURPOSE OF PROCESSING
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by attribution to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more particular characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“processing”: any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data. The term goes very far, covering virtually all data manipulation.
“pseudonymization”: the processing of personal data in such a way that the personal data can no longer be attributed to a given person without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures designed to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to an individual, in particular to analyze or predict aspects concerning the individual’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation.
Controller”: the natural or legal person, authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data.
“processor”: a natural or legal person, authority, institution or other body processing personal data on behalf of the controller.
APPLICABLE LEGAL BASES
In accordance with art. 13 RGPD, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following provisions apply: the legal basis for obtaining authorizations is art. 6 para. 1 lit. a and art. 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures as well as to respond to requests is art. 6 para. 1 lit. b RGPD, the legal basis for processing to fulfil our legal obligations is art. 6 para. 1 lit. c GDPR, and the legal basis for processing for the protection of our legitimate interests is art. 6 para. 1 lit. f GDPR. If the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, extent, circumstances and purposes of the processing, as well as the different likelihood of occurrence and the seriousness of the risk to the rights and freedoms of natural persons, in accordance with art. 32 GDPR.
These measures include guaranteeing data confidentiality, integrity and availability by controlling physical access to data, as well as access, capture, transmission, security of availability and its separation. In addition, we have established procedures to guarantee the exercise of data subjects’ rights, the erasure of data and the response in the event of data endangerment. In addition, we already take personal data protection into account when developing or selecting hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presets (art. 25 GDPR).
COOPERATION WITH CONTRACT SERVICE PROVIDERS AND THIRD PARTIES
If we disclose data to other persons and companies (subcontractors or third parties) as part of our processing, pass on the data to them or give them access to the data, this may only be done on the basis of a legal authorization (for example, if a transfer of data to third parties, such as payment service providers, in accordance with Art. 6, al. 1, let. b GDPR for the performance of the contract is necessary), if you have consented, if a legal obligation so provides or on the basis of our legitimate interests (for example, when we work with agencies, website hosts, etc.).
If we entrust third parties with data processing on the basis of a “data processing contract”, we do so on the basis of art. 28 GDPR.
TRANSFERS TO THIRD COUNTRIES
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, this only occurs if it occurs for the performance of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorizations, we process data in a third country only if the specific requirements of Article 44 et seq. are met. GDPR process. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the USA, by the “Privacy Shield”) or compliance with officially recognized special contractual obligations (“standard contractual clauses”).
RIGHTS OF PERSONS CONCERNED
You have the right to request confirmation of the processing of the data concerned and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 RGPD.
In accordance with Article 16 of the GDPR Regulation, you have the right to request the processing of data concerning you or the rectification of inaccurate data concerning you.
In accordance with art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand a restriction on data processing in accordance with Art. 18 RGPD.
You have the right to request that the data concerning you, which you have provided to us, be received in accordance with art. 20 GDPR and request their transmission to other responsible persons.
In accordance with art. 77 GDPR, they also have the right to lodge a complaint with the competent supervisory authority.
RIGHT OF REVOCATION
You have the right to revoke authorizations granted in accordance with art. 7 al. 3 GDPR with future effect.
RIGHT OF OBJECTION
You may object at any time to future processing of your data in accordance with art. 21 GDPR. Opposition may be lodged in particular against processing for direct marketing purposes.
COOKIES AND THE RIGHT TO OBJECT IN DIRECT ADVERTISING
Cookies” are small files stored on the user’s computer. Various data can be stored in cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transitory cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. In such a cookie, for example, the contents of a shopping cart in an online store or a connection status can be stored.
So-called “permanent” or “persistent” cookies are cookies that remain stored even after the browser has been closed. For example, connection status can be saved when users visit the site after several days. Similarly, user interests used for distance measurement or marketing purposes may be stored in such a cookie. Third-party cookies” are cookies used by suppliers other than the party responsible for operating the online offering (otherwise known as “first-party cookies”).
We may use temporary and permanent cookies and clarify this in our data protection declaration.
If you do not wish cookies to be stored on your computer, please deactivate the corresponding option in your browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional restrictions of this online offer.
The data we process will be erased or its processing will be restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this data protection declaration, data stored by us will be deleted as soon as it is no longer required for its intended purpose and deletion does not conflict with legal storage obligations. If the data is not deleted because it is required for other legally authorized purposes, its processing is restricted. This means that the data is blocked and not processed for any other purpose. This applies, for example, to data that must be retained for commercial or tax reasons.
In accordance with legal requirements, data is kept for 10 years (books, registers, management reports, accounting records, trade books, tax documents, etc.).
With the following information, we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right to object. By subscribing to our newsletter, you agree to the receipt and procedures described.
Newsletter content: We only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) with the consent of the recipients or with legal authorization. If the content of a newsletter is expressly described as part of a registration, this is decisive for the user’s agreement. In addition, our newsletters contain information about our services and about us.
Double opt-in and logging: Subscribing to our newsletter is a double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Newsletter subscriptions are recorded in order to be able to prove the registration process in accordance with legal requirements. This includes storage of connection and confirmation times, as well as IP address. Changes to your data stored with the shipping service provider are also recorded.
Credentials: To subscribe to our newsletter, simply enter your e-mail address. If you wish, we will ask you to enter a name in the newsletter so that we can address you personally.
The sending of the newsletter and the associated performance measurement are based on the consent of the recipient in accordance with art. 6 al. 1 let. a, art. 7 GDPR in conjunction with § 7 al. 2 no. 3 or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with art. 6 para. 1 lt. f. f. GDPR in conjunction with Section 7, paragraph 3.
The registration procedure is registered on the basis of our legitimate interests in accordance with Art. 6 al. 1 let. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our operational interests and the expectations of users, and that also allows us to provide proof of consent.
Cancellation/revocation – You can cancel receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may retain unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to prove prior consent. The processing of this data is limited to the purpose of defending against any claims. An individual request for cancellation is possible at any time, provided that the previous existence of consent is confirmed.
NEWSLETTER – MAILCHIMP
The newsletter is sent by the service provider “MailChimp”, a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The shipping service provider’s data protection rules can be viewed here: https://mailchimp.com/legal/privacy/. Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt000000000TO6hAAG&status=Active). The dispatch service provider is operated on the basis of our legitimate interests in accordance with Art. 6, para. 1, let. f. f. RGPD and an order processing contract in accordance with art. 28 al. 3 sentence 1 GDPR.
The dispatch service provider may use the recipient’s data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, for example to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the shipping service does not use our recipients’ data to write them down or pass them on to third parties.
BULLETIN – PERFORMANCE MEASUREMENT
Newsletters contain a “web-beacon”, i.e. a pixel-sized file that is downloaded from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information such as browser and system information, as well as your IP address and the time of retrieval, is initially collected.
This information is used to technically improve services based on technical data or target groups and their reading behavior according to their location (which can be determined using the IP address) or access times. Statistical surveys can also be used to determine whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information may be allocated to individual newsletter recipients. However, neither we nor the MailChimp service provider make any effort to observe individual users. Instead, we use evaluations to recognize our users’ reading habits and to adapt our content or send different content according to our users’ interests.
A separate cancellation of the success measure is unfortunately not possible, in which case the newsletter subscription must be cancelled.
HOSTING AND E-MAILING
The hosting services we use are used to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail delivery, security services and technical maintenance services that we use to operate this online offering.
We or our hosting provider process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6, para. 1, let. f RGPD in conjunction with. Art. 28 RGPD (conclusion of order processing contract).
COLLECTION OF ACCESS DATA AND LOG FILES
We or our host collect the following data on the basis of our legitimate interests within the meaning of Art. 6, para. 1, let. f. 1, let. f. RGPD data on each access to the server on which this service is located (server log files). Access data includes the name of the website accessed, the file, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, the reference URL (the page previously visited), the IP address and the requesting provider.
Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate abuse or fraud) and then deleted. Data whose subsequent retention is necessary for evidentiary purposes is excluded from deletion until the incident in question has been definitively resolved.
CONTENT DELIVERY NETWORK AND SUCURI FIREWALL
We use a content delivery network (CDN) and firewall provided by Sucuri, Media Temple, Inc. d/b/a Sucuri, 6060 Center Dr. Suite 500, Los Angeles CA 90045. Sucuri’s parent company, Go Daddy Operating Company, LLC (GoDaddy.com) is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000TN9xAAG&status=Active).
A CDN is a service that enables the content of our online offering, especially large multimedia files such as graphics or scripts, to be delivered more quickly by regional servers connected via the Internet. User data is processed solely for the above-mentioned purposes and to maintain the security and functionality of the CDN.
Sucuri Firewall combines the best of a WAF (Web Application Firewall) and an IDS (Intrusion Detection System) to provide the protection needed against today’s computer threats and attacks.
Use is based on our legitimate interests, i.e. the interest in safe and efficient provision, analysis and optimization of our online offering in accordance with Art. 6 al. 1 let. f. f. GDPR.
Matomo is a software used for web analysis and audience measurement. When using Matomo, cookies are generated and stored on the user’s terminal. User data collected in connection with the use of Matomo is processed solely by us and is not shared with third parties. Cookies are stored for a maximum of 13 months: https://matomo.org/faq/general/faq_146/ ; legal bases: consent (art. 6, par. 1, p. 1, letter a) of the RGPD); deletion of data: Cookies are stored for a maximum of 13 months.
ONLINE PRESENCE IN SOCIAL MEDIA
We maintain online presences within social networks and platforms to communicate with active customers, stakeholders and users and inform them about our services.
Please note that user data may be processed outside the European Union. This can pose risks for users because, for example, the enforcement of user rights could be made more difficult. As far as US suppliers certified under the Privacy Shield are concerned, we would like to stress that they are committed to complying with EU data protection standards.
In addition, user data is generally processed for market research and advertising purposes. So, for example, user profiles can be created based on user behavior and interests. Usage profiles can in turn be used, for example, to place advertisements inside and outside platforms that are likely to match users’ interests. For these purposes, cookies are generally stored on the user’s computer, in which the user’s usage behavior and interests are stored. In addition, data can also be stored in user profiles independently of the devices used by users (particularly if users are members of the respective platforms and are logged in to them).
The processing of users’ personal data is carried out on the basis of our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 let. f. f. GDPR. If users are invited by the respective providers to give their consent to data processing (e.g. by ticking a checkbox or confirming a button), the legal basis for processing is art. 6 para. 1 lit. a. a., art. 7 GDPR.
For a detailed description of the respective processing and opt-out possibilities, we refer you to the information provided by the linked providers below.
Also in the case of information requests and the assertion of user rights, we emphasize that these can be asserted most effectively with suppliers. Only suppliers have access to user data and can directly take appropriate action and provide information. If you still need help, please contact us.
We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “Content”) based on users’ potential interests and the measurement of their effectiveness.
To this end, user profiles are created and stored in a file (called a “cookie”) or similar procedures are used, by means of which user data relating to the presentation of the aforementioned content is stored. This information may include, for example, the content consulted, the web pages visited, the online networks used, but also the communication partners and technical details such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this data may also be processed.
Users’ IP addresses are also stored. However, we use available IP masking procedures (i.e. pseudonymization by IP address shortening) to protect users. As a rule, it is not clear-cut user data (such as e-mail addresses or names) that is stored as part of the online marketing process, but pseudonyms. This means that we, and the providers of online marketing procedures, do not know the real identity of users, but only the information stored in their profiles.
As a general rule, profile information is stored in cookies or similar procedures. These cookies can be read and analyzed at a later date in order to present the content of other websites that use the same online marketing procedure, and can also be supplemented with additional data and stored on the server of the provider of the online marketing procedure.
In exceptional cases, clear data can be assigned to profiles. This is the case, for example, if users are members of a social network whose online marketing procedure we use, and the network links users’ profiles to the aforementioned data. Please note that users may enter into additional agreements with suppliers, for example by giving their consent when registering.
As a matter of principle, we only have access to summary information on the success of our advertisements. However, as part of the so-called conversion measures, we can check which of our online marketing procedures have led to a conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is only used to analyze the success of our marketing measures.
Unless otherwise indicated, we ask you to consider that the cookies used are stored for a period of two years.
Facebook pixel: On the one hand, the Facebook pixel enables Facebook to identify visitors to our online offer as a target group for the presentation of advertisements (so-called “Facebook ads”). Therefore, we use the Facebook pixel to display the Facebook ads we have placed only to users of Facebook and the services of partners cooperating with Facebook (called “Audience Network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (for example, interest in certain topics or products visible on the websites visited) that we transmit to Facebook (called “Custom Audiences”). With the help of the Facebook pixel, we also want to make sure that our Facebook ads match users’ potential interest and aren’t annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by checking whether users have been redirected to our website after clicking on a Facebook ad (a so-called “conversion” measure).
Types of data processed: Usage data (e.g. web pages visited, interest in content, access time), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s device).
Persons concerned: Users (e.g. website visitors, users of online services).
Security measures: IP-Masking (IP address pseudonymization).
Legal basis: Consent (art. 6 al. 1 sentence 1 lit. a DSGVO), legitimate interests (art. 6 al. 1 sentence 1 lit. f. DSGVO).
Opt-out: We refer to the data protection information of the respective suppliers and to the opposition possibilities indicated for the suppliers (so-called “opt-out”). If you have not specified an explicit refusal option, you can deactivate cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore recommend the following additional opt-out options, which are offered in summary form for the respective zones: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) United States: https://www.aboutads.info/choices. d) Interregional: https://optout.aboutads.info.
Services and service providers used :
We use our own sales platform to sell tickets for the Ettelbruck Agricultural Show. During the process, we ask for the e-mail address and telephone number so that we can deliver the e-tickets to the customer, after verification of the online credit card payment by the WordLine credit card company. We use electronic ticket scanners for on-site check-in. When scanning, the visitor’s name appears on the scanner screen, but not their telephone number or e-mail address.
INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT
We make no representations or warranties of any kind with respect to our online offering based on our legitimate interests (i.e. the interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 let. f. f.). RGPD) third-party content or service offerings to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content perceive the user’s IP address, since without the IP address they would not be able to send the content to the user’s browser. The IP address is therefore required to display this content. We endeavor to use only content whose respective providers use the IP address only for content delivery. Third-party suppliers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” may be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offering, as well as links to such information from other sources.
STREAMING FAE TV
Freecaster is a live video streaming platform used to broadcast FAE TV live. Freecaster is a subsidiary of Broadcasting Center Europe (BCE).
Youbora is a real-time business intelligence and analysis platform that provides information on audience behavior and the consumption of FAE TV.
This note has been translated on the basis of a model text by Maître Dr. Thomas Schwenke:
Translated with DeepL.com and WPML: