Data Protection Statement on
The Creation of Photographs and Video Recordings at CID Events and The Usage Thereof
1. Introduction
1.1 Party responsible (“Controller”)
CID GmbH
Gewerbepark Birkenhain 1
63579 Freigericht
Germany
Tel.: +49 (0)6051 8846-0
Fax: +49 (0)6051 8846-480
Email: info@cid.com (hereinafter: “CID” or “We”)
1.2 Contact details of the Data Protection Officer
Thomas Kolb LL.M.
kolbcom GmbH
P7, 22
68161 Mannheim
Germany
Fax: +49 (0)621 121829-32
Email: info@kolbcom.com
In accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, “GDPR”) and in accordance with any associated national jurisdiction of a Member State and together with any additional national data protection regulations (collectively “Data Protection Regulations”), this data protection statement (“Data Protection Statement”) summarises the recording, storage, usage, passing on and publication of the personal data (as defined under Article 4, No. (1) GDPR) that CID collects in the form of photographs and video recordings of CID employees and event visitors, the processing of these data for public-relations and marketing purposes and for company-internal processes, the purpose of the processing, and your rights as an affected party (“data subject”).
2. Nature, scope and purpose of the processing of personal data
2.1 Categories of data subjects
This Data Protection Statement relates to data that CID collects and processes in relation to employees of CID and CID Group companies, and to event visitors.
2.2 Categories of affected data
This Data Protection Statement relates to personal data from photographs and video recordings of you that are produced, stored or otherwise processed by CID itself or through a third party. In particular, the following categories of data may be processed:
- last name
- first name
- image
- speech
- professional activity, if applicable.
2.3 Origin of the personal data
We collect this data directly from you as the data subject.
2.4 Purpose of the processing of personal data
CID processes the data for public-relations and marketing purposes as well as for company-internal processes (such as birthday cards, anniversary publications, telephone lists, employee portals, WebEx meetings, internal archiving and documentation, etc.). The specific purpose is described in the declaration of consent concerned.
2.5 Legal basis
a) Consent
The legal basis for the processing is your consent pursuant to Section 26 (2) of the German Data Protection Act (BDSG) in conjunction with point (a) of the first sentence of Article 6 (1) GDPR.
You give your consent to the collection and processing of personal data and can withdraw it at any time with effect for the future; you will be in no way disadvantaged if you refuse to give your consent. Without your consent, photographs or video recordings of you will neither be produced nor be stored or processed in any other way. Your consent also extends to the transfer of these data to a third country, pursuant to point (a) of Article 49 (1) GDPR, insofar as your data are processed on social media platforms, for example, or transferred to other CID Group companies.
b) Legitimate interest
The processing may also be based on a legitimate interest, depending on the specific purpose. In this case, we process your personal data insofar as this is necessary to safeguard our own legitimate interests or those of third parties, and it does not unjustifiably impair your own rights and interests. The legal basis for such processing is point (f) of the first sentence of Article 6 (1) GDPR. Legitimate interests on the basis of which we process your personal data include, in particular, the documentation of events, the company-internal exchange of information and the archiving of event photographs.
3. Passing on data to third parties, cross-border data processing
3.1 Passing on data to third parties
We only pass on your personal data within our company to those areas and persons who need these data to fulfil contractual and legal obligations or to safeguard our legitimate interests. We may transfer your personal data to companies affiliated with us, provided that this is permissible within the context of the purposes set out in Section 2.4 of this Data Protection Statement or you have given us your consent to the transfer. The consent to passing on your personal data extends to the following CID Group companies:
- CID Italia Srl, Piazza Walther-von-der-Vogelweide 8, 39100 Bolzano, Italy
- CID Slovakia, s.r.o., Zuckermandel, budova CA, Žižkova 9. 811 02 Bratislava, Slovakia
- UAB “CID Lietuva”, Raudondvario pl. 101, 47184 Kaunas, Lithuania
- CID Ukraine TOV, Mykoly Pymonenka Str. 13, Building 1B, Office 31, Kyiv, 04050, Ukraine
- CID Digital Services, d.o.o., Trg republike 3, 1000 Ljubljana, Slovenia
- CID Digital Services Ltd., 41 Church Street, Birmingham, B3 2RT, UK
- CID Digital Services S.L. Sociedad Unipersonal, Calle Maria de Molina, 39, 8°, 28006 Madrid, Spain
- CID Digital Services LLC, 1500 Broadway, Suite 1902, New York, NY 10036, USA
- CID Austria GmbH, Zaunergasse 4, 1030 Vienna, Austria
In some cases, your personal data may also be processed by the service providers we engage. The categories of recipients in this case are IT service providers, operators of social media platforms, print shops, etc.
In particular, we work together with the following companies:
- Cisco Systems GmbH, Legal Department, Parkring 20, 85748 Garching, Germany
- Workvivo Ltd., Exham House, The Fingerpost, Douglas, Co Cork T12 PDD2, Ireland.
Data are passed on exclusively on the basis of a legal standard or an appropriate contract in accordance with Article 26 or 28 GDPR which ensures compliance with all data protection requirements. In this way, it can be ensured that our service providers, too, always process personal data in compliance with the provisions of GDPR.
3.2 Cross-border data processing
Where photographs and video recordings are used for CID’s social media presence, these data are routinely transferred to a third country. This transfer occurs on the basis of your given consent. The categories of recipients in this case are operators of social media platforms, and include:
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Meta Platform Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
- Twitter, Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA
- LinkedIn Inc, 1000 W Maude, Sunnyvale, CA 94085, USA.
Furthermore, photographs and video recordings may be transferred to third countries as part of the transnational cooperation of the CID Group. This concerns in particular the following CID Group companies:
- CID Ukraine TOV, Mykoly Pymonenka Str. 13, Building 1B, Office 31, Kyiv, 04050, Ukraine
- CID Digital Services Ltd., 41 Church Street, Birmingham, B3 2RT, UK
- CID Digital Services LLC, 1500 Broadway, Suite 1902, New York, NY 10036, USA
Where data are transferred to a third country on the basis of consent without an adequacy decision or other suitable guarantees simultaneously being in place (currently the USA and Ukraine), the associated heightened risk of data processing in the context of the transfer must be pointed out on the basis of point (a) of the first sentence of Article 49 (1) GDPR. We would, however, like to assure you that, thanks to careful selection and constant review of the standards of our contractual partners, potential risks are successfully minimised.
4. Duration of data storage
Your data will cease to be published as soon as the associated purpose can no longer be pursued or you withdraw your previously given consent. Furthermore, the data will simultaneously be erased from CID’s systems, unless CID is legally entitled or obliged to further process the data.
5. Your data protection rights
5.1 Your rights as a data subject
You have the right to information on how we process your personal data (Article 15 GDPR), the right to rectification or erasure of your data (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to notification (Article 19 GDPR), and the right to data portability (Article 20 GDPR).
Where we process your personal data on the basis of your consent in accordance with Section 26 (2) BDSG in conjunction with point (a) of the first sentence of Article 6 (1) GDPR, you have the right to withdraw this consent at any time (Article 7 GDPR).
We would like to point out that a withdrawal of consent is only effective for the future. Processing that occurred before you withdrew your consent is not affected by this withdrawal and remains lawful. Please note that despite a withdrawal of consent, we may be legally obliged to retain and document certain data (see Section 4 of this Data Protection Statement).
Where processing is based on a legitimate interest, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. We will then cease to process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims (Article 21 GDPR).
To exercise your rights, it suffices to communicate this in text form to the above address or by email to “info@kolbcom.com”.
5.2 Right to lodge a complaint
You have the right to lodge a complaint with the competent data supervisory authority.
In the regional state of Hesse, Germany, the competent supervisory authority is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Tel.: +49 (0)611 1408-0
E-Mail: poststelle@datenschutz-hessen.de
Further information is also available at:
https://datenschutz.hessen.de/ (Available in German only)
Should you have any questions regarding the processing of your personal data, please do not hesitate to contact us.