Privacy notice website

We inform you about the processing of your personal data and the rights to which you are entitled under the the European General Data Protection Regulation (GDPR).

This privacy notice informs you about the processing of personal data within our website. The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person (‘data subject’), e.g., name, address, e-mail, order data, user behaviour. Which data is processed in detail and how it is used depends largely on the services used by us.

In our privacy notice, we use various other terms as defined by the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find the corresponding definitions for these terms in Article 4 of the GDPR.

1. Who is responsible for data processing and whom can I contact?

The entity responsible for the processing of personal data is:

VIA Blumenfisch gemeinnützige GmbH
GSG-Hof Geneststr. 5
D-10829 Berlin

Telephone +49 30 7551214-100
Fax +49 30 7551214-111

E-Mail address info@blumenfisch-berlin.de

You can contact our data protection officer at: 

mip Consult GmbH
Asmus Eggert
Wilhelm-Kabus-Str. 9
D-10829 Berlin

Telephone 030 509310-100
www.sofortdatenschutz.de

2. What sources and data do we use?   

We process personal data that we receive from you while using our website and, if applicable, in the course of our business relationship.

In the case of purely informational use of our website, i.e. if you do not register or otherwise submit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to present our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, address, e-mail, telephone number and, if applicable, the data that you send us as a message (hereinafter referred to as "contact data").

5. How long will my data be retained?

IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. the actual IP address 127.0.0.1 becomes 127.0.0.*, for example. IPv6 addresses are also anonymised. The anonymised IP addresses are retained for 60 days. Details of the directory protection user used are anonymised after one day. Error logs, which record faulty page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.

Applicant data will be deleted after 6 months in the event of a rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are six and ten years respectively.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

6. Are data transferred to a third country or to an international organization?

The data provided will be processed within the European Union and in the USA. For countries without an adequacy decision by the Commission according to Article 45 GDPR, as is the case with the USA (Google, Salesforce, Adobe), we generally agree on EU standard contractual clauses with the recipients of your data or obtain your consent for the data transfer.

Note: The protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

7. What are my data subject rights?

Data subject rights:

• In accordance with Art. 15 GDPR, you have the right of access as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data. In this case, we will provide you with the stored personal data. You also have the right to the information specified in detail in Art. 15 para 1 GDPR.
• You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to completion of incomplete personal data in accordance with Art. 16 GDPR.

• You have the right to obtain the erasure of personal data concerning you without undue delay acc. Art. 17 GDPR.
• You have the right, in accordance with Art. 18 GDPR, to request that the processing of your personal data be restricted (you may have the right to request the deletion or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require the continued storage.)
• Pursuant to Art. 20 GDPR, you have a right to data portability. You may request to receive the personal data provided by you, which we process in an automated process on the basis of the contract existing between us or your consent, in a structured, common and machine-readable format. In addition, you may request us to transmit this data directly to another responsible party, insofar as this is technically feasible.

You can withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal only takes effect for the future and does not affect the legality of the processing carried out based on the consent up to the withdrawal.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

In addition, we would like to point out your right to object in accordance with Art 21 GDPR:

Information about your right to object according to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1 lit e GDPR (data processing in the public interest) and Art. 6 para 1 lit f GDPR (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.

VIA Blumenfisch gemeinnützige GmbH
GSG-Hof Genestr. 5
D-10829 Berlin

or via E-mail at: via@sofortdatenschutz.de

8. To what extent do you apply automated individual decision-making, including profiling?

In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Is there an obligation for me to provide data? 

You must provide the personal data that is required for the use of our website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise we will not be able to process your request.

10. Newsletter

With the following information, we inform you about our newsletter as well as the registration, dispatch and evaluation procedure and inform you about your rights of objection. If you subscribe to our newsletter, you agree to receive the newsletter and the described procedures.

Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only on the basis of the consent of the recipient or on the basis of a legal permission. If we specifically describe individual newsletters as part of the registration process, this description is decisive for the consent of a newsletter subscriber. If there is no separate description, you will receive information about our products, offers and promotions as well as information about our company in our newsletters.

Double-Opt-In: The registration for our newsletter takes place in the so-called Double-Opt-In procedure. This means that after registering for the newsletter, we will send you an e-mail in which we ask you to confirm your registration. This confirmation serves to ensure that only persons who have access to the specified e-mail address register for our newsletter. We log the registrations to the newsletter in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.

The newsletter is sent via „sendinblue“, a newsletter distribution platform of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. You can view the privacy policy of the newsletter service provider here: https://de.sendinblue.com/legal/privacypolicy/.

To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name for the purpose of personal address in the newsletter.

The newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from the server of the newsletter service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and your reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The dispatch of the newsletter and the measurement of its success are based on the consent of the recipients in accordance with Art. 6 Para. 1 Sentence 1 lit. a), Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 UWG or on the basis of the legal permission in accordance with § 7 Para. 3 UWG.

The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) GDPR and serves as proof of consent to receive the newsletter.

You can unsubscribe from our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.

11. Cookies

11.1General information

We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user's computer when visiting certain Internet pages.

Some of these cookies are essential for our website to function, while other cookies help us improve our website by giving us insight into how you use the website.

By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.

We only use cookies that are not necessary for the website to function ("non-essential cookies") if you have given your consent via our cookie banner. You can return to our privacy information at any time and withdraw your consent or make changes.

Click https://via-berlin.de/footer/datenschutzer-1/#datenschutz-1, for information about the cookies we use:

The following additional options exist with regard to cookies:

- If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. Please note that the deactivation of cookies can lead to functional restrictions of this website.

- You can object to the use of cookies used for website tracking and advertising purposes via the network advertising initiative http://optout.networkadvertising.org/ or the American website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices/.

11.2 Third party providers that use cookies - Integration of YouTube videos

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and can be played directly from our website. The legal basis for the use of YouTube is your consent in accordance with Art. 6 (1) p. 1 lit. a) and Art. 49 (1) p. 1 lit. a GDPR.

The videos are integrated in such a way that data about you as a user is only transmitted to YouTube when you play the videos. We have no influence on the data transmission to Google that then takes place.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website and data on location (GPS data), IP address and devices used, including information on objects in the vicinity of your device, such as WLAN access points, radio masts and Bluetooth-enabled devices, as well as sensor data from your device (see YouTube privacy information of the provider). This is done regardless of whether you are logged in to Google or YouTube. If you are logged in, however, your data may be assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before activating a video. YouTube stores your data in case you are logged in as user profiles and uses them for purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transferred to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.

For more information about the purpose and scope of data collection and processing by YouTube, please see the privacy information. There you will also find further information about your rights and setting options to protect your privacy:

YouTube's privacy information can be found at https://policies.google.com/privacy and opting out of personalized advertising is possible at https://adssettings.google.com/authenticated.

12. Third-party services that do not set cookies

12.1 My Fonts Counter (online integration)

MyFonts Counter, an offer of external fonts from Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, MA 01801 USA ("MyFonts"). The integration of the web fonts takes place by means of a server call at MyFonts (usually in the USA). Due to the licence conditions, MyFonts performs page view tracking. As part of this tracking, MyFonts collects the IP address of each visitor to our website and stores it for 30 days in order to count page views and prevent unauthorised use of the web font software. The data collected is encrypted by MyFonts. To prevent the execution of Java Script code from MyFonts altogether, you can install a Java Script blocker (e.g. www.noscript.net). You can find Monotype's privacy statement at

https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/.

12.2 Google Maps

On this website we use the offer of Google Maps of Google LLC , 1600 Amphitheatre Parkway Mountain View, CA 94043, United States. The legal basis for the use of Google Maps is your consent Art. 6 para. 1 p. 1 lit. a) and Art. 49 para. 1 p. 1 lit. a GDPR.

This allows us to show you interactive maps directly in the website and enables you to use the map function comfortably.

Google Maps is integrated in such a way that data about you as a user is only transmitted to Google when you have activated Google Maps by clicking on it. We have no influence on the data transmission to Google that then takes place.   

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website as well as the date and time of your visit to the website in question and your IP address. This takes place regardless of whether you are logged in to Google. If you are logged in, however, your data will be assigned to your account. If you do not wish to be associated with your Google profile, you must log out before activating a map.

If you are logged in to Google, Google may store your data as usage profiles and use it for the purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. This data processing is then governed by the usage agreement concluded between you and Google as part of your Google account.

The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transmitted to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the Google privacy notice. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://policies.google.com/technologies/partner-sites and an opt-out from personalized advertising is possible at https://www.google.com/settings/ads/.

12.3 Use of ReadSpeaker

ReadSpeaker, a service of ReadSpeaker Holding B.V., Dolderseweg 2A, Huis ter Heide 3712 BP, The Netherlands, which reads aloud the content of our website. When the user clicks on the "Read aloud" button, the selected text is transferred via the user's IP to the ReadSpeaker server, where an audio file is generated and sent back to the user's IP address as a stream. Immediately after delivery of the audio file, the process and the user's IP address are deleted from the ReadSpeaker server. ReadSpeaker does not store any personal data. The data is only realised in the European Union (Sweden and Ireland). When using the ReadSpeaker function, technically necessary cookies are stored on your terminal device in order to retain the settings selected by the user (highlighting setting, text size, etc.) and deleted again after the session or, depending on the function, an appropriate period of time (maximum 30 days). If the ReadSpeaker function is not activated, no cookies are stored on the end device when the website is visited. To use this service, you must select the text to be read aloud and click on the speaker symbol that appears. The privacy policy of ReadSpeaker can be found at https://www.readspeaker.com/de/erklarung-zum-datenschutz/.

13. Our social media pages

You can find us on social networks and platforms, so that we can also communicate with you there and inform you about our services.

We point out that your data may be processed outside the European Union / European Economic Area and that the data is usually processed for market research and advertising purposes. Profiles can be created from the usage behaviour and resulting interests of the users. These profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the computers of the users, in which the usage behaviour and the interests of the users are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.

The processing of your personal data is generally based on your consent in accordance with Art. 6 para 1 sentence 1 lit. a GDPR.

For information on the respective processing and the objection options, we refer to the privacy notice of the networks linked below:

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), We operate our Facebook page on the basis of a shared personal data processing agreement with Facebook - Privacy Information: https://www.facebook.com/about/privacy/ , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.

In the case of assertion of data subject rights, we recommend that these are asserted with the providers, as the providers have direct access to the data. However, if you would like our support, please feel free to contact us using the contact details above.