1. Introduction

Our clients are our most valuable business asset. That is why we genuinely care about your privacy. Thus, we process your personal data respecting the highest legal standards of the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). The following Privacy Policy will provide you with all required information on how and why we process your data as well as your rights regarding the processing of personal data. Personal data means any information relating to an identified or identifiable natural person.

2. Controller

Controller also referred to as “us” or “we” is:

Ertl-Yang GmbH
Director: Jing Ertl-Yang
Kulmbacher Straße 310777 Berlin
Telefon: + 49 (0)30 28 64 1426
info@ertl-yang.com

If you have any questions regarding our processing of your personal data or if you want to exercise your rights,  please do not hesitate to contact us.  

3. Personal data we collect when using our website

3.1 Processing of Personal Data in Logfiles

The Controller automatically collects and processes certain data regarding the device that accesses the website. This data will automatically be sent from your device to us. The following Data will be collected:

• Your IP-Address
• Date and Time of your access to our website
• Time Difference to Greenwich Mean Time (GMT)
• HTTP-Status code
• Transferred amount of data
• Name of the third-party website if you have been linked to our website
• Your web-Browser including its version and language
• Operation system including its interface

This data will be anonymously saved in logfiles. Personal data in logfiles will not be connected with other personal data processed by us.

Legal basis for the processing of data in logfiles is art. 6 para.1 lit. f GDPR. This processing is necessary to maintain and ensure the safe and sound functionality of the website and the correct display of its content. This data will also be used for statistical purposes and the further improvement of the website. Additionally, this data will be used to protect our website from cyber-threats and to provide law enforcement agencies with the necessary data in case of a cyber-attack and data breaches.

3.2  Data processing when using our contact form or when sending us e-mails

By using the contact form on our website, you can communicate with us directly. Data entered into the contact form, like your name and email address will be transferred and processed by us to answer your request. Furthermore, we will also process the date and time of the request and your IP-address.

Legal basis for the processing of your personal data is art. 6 para. 1 lit. f GDPR. We have a legitimate interest to answer your request. The further processing of your IP-address at the point of request is necessary to ensure a safe and sound functioning of our contact form and to fight cyber-threats.

Alternatively, you can write us an email using our email address which you will find on our website. We will process your personal data to answer your email. Legal basis for the processing is art. 6 para. 1 lit. f GDPR. We have a legitimate interest to answer your email.

If you are using our contact form to communicate with us because you have entered into a contract with us or you want to discuss details with us at a pre-contractual stage, legal basis for the processing of your personal data is art. 6 para.1 lit. b GDPR.

Notwithstanding our personal data deletion policy, we will delete requests sent to us through our contact form or by email if the processing of your personal data is no longer necessary to answer your request or to perform the contract.

3.3  Data processing when subscribing to our newsletter

If you are interested in our events, we highly recommend subscribing to our newsletter. In our newsletter we will inform you about past and future events.

You can subscribe to our newsletter by entering your personal data in the newsletter form or if you tick the newsletter box during the purchase of our event tickets. To subscribe to our newsletter, you have to fill out all fields marked as necessary, in particular provide your email address. All other fields are optional. If you subscribe to our newsletter during a purchase, we will process your name and your email address for the purposes of the newsletter.

To subscribe to our newsletter, we are using the so-called double opt in mechanism. After you have entered your email address into the newsletter form or after you have ticked the “subscribe to our newsletter” box while purchasing event tickets, you will receive an email where we ask you to confirm the subscription by clicking the link provided. If you do not click the provided link within the next 24 hours, your personal data will be restricted and automatically deleted after 1 month.

Legal basis for the processing of personal data for the means of our newsletter is your consent according to art. 6 para. 1lit. a GDPR. You can withdraw your consent at anytime (please refer to 9.6) or and/ or unsubscribe to our newsletter by clicking the un-subscription link provided in the newsletter.

3.4 Data processing when buying event tickets

We are glad that you are interested in our events and that you want to participate. To make sure that your attendance at our events will be successful for you and for a flawless ticketing process we need to process certain personal data necessary for the performance of a contract. Processed personal data includes:

• Your full name
• Your email address
• Your payment details (i.e) your credit card number

Legal basis for the processing of this data is art. 6 para. 1 lit. b GDPR. As this data is necessary for the performance of the contract, we cannot conclude the contract if you do not provide us with this data.

If you have purchased an event ticket from us, we might also use your personal date, in particular your name and email address for direct marketing purposes in full compliance with legal limitations. That means that if you have attended one of our events, we might inform you by email about upcoming events - if upcoming events are similar to the event you have attended and we believe that your presence at the upcoming event is beneficial to you. Of course, you can opt-out of this processing at any time. Additionally, we will remind you about your right to opt-out of this processing in every direct marketing email you will receive from us.
We are so happy to see you soon!

3.5 Data processing of speakers at our events

If you are a speaker we would be happy to upload certain data like your name, your picture, your position in a company organisation or government and a short self-description on our website. That is provided you consent to this processing of your personal data and you provide us with the necessary information. Additionally, we will also ask you to share this information including your personal data in our newsletter. Again this processing depends on your consent according to art. 6 para 1 lit. a GDPR.Your Data will remain visible on our website for a maximum of three weeks after the event has ended and will then be deleted.

4. Cookies

Our website uses cookies. Cookies are small text files which will be saved on your device. Cookies transfer certain data, including personal data to us or to third-parties. Depending on the cookie and its purpose, cookies are necessary to display and access our website, to use the services offered on our website or to increase the attractivity of our website and to help us to improve our website even further.

Below we will provide you with information about our cookies and the reason for their implementation and their data processing. We are convinced that the cookies used by our website offer a genuine benefit for the visitors to our website while fully respecting your privacy at the same time. However, you may reject the data processing of cookies used on our website at any time. In this case, please reject data processing by cookies in your web browser settings. Please refer to the manual of your web browser if you want to deactivate the data processing of cookies.

If you reject the processing of data by cookies, our website will still be accessible for you, but certain functions will not be available to you like purchasing event tickets.

Our website uses the following cookies:

• Google Analytics
Our Website uses Google Analytics.The Google Analytics Cookie is provided by Google Inc., 1600 AmphitheaterParkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics is a web analytics service provider that collects and processes data for statistical and analytical purposes helping us to optimize and enhance our website. This cookie processes statistical data like your IP-address, date and time of the access to our website, duration of your visit to our website. This data cannot be used to identify a certain natural person visiting our website. We are using Google Analytics with its IP anonymisation feature enabled. Thus, if you access our website from a member state of the European Economic Area, from Switzerland or from a third-country which is subject to the GDPR, your IP-address will generally be anonymised before this data will be transferred to the USA. Only in exceptional cases your IP-address will be anonymised after its transfer to the USA. Data processed by Google Analytics will not be merged with other data processed by Google and will be deleted after 26 months after its processing.

Legal ground for the processing of personal data by Google Analytics is art. 6 para. 1 lit. f GDPR. We are pursuing a legitimate interest in analysing the behaviour of our website-visitors helping us to optimize and enhance our website even further.

If you want to reject the processing of data by Google Analytics you can either reject the data processing by cookies in your web-browser or by downloading and installing the browser plugin provided by Google under: https://tools.google.com/dlpage/
gaoptout?hl=en


For those exceptional cases, where your IP-address is anonymised after its transfer into the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework


• Stripe
Our website uses Stripe. The Stripe Cookie is provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe is a payment processing service helping us to verify and receive payments and thus to settle a contract. The Stripe Cookie is necessary for the usage of the Stripe payment processing service. Stripe processes payments without storing any credit card information on your servers. Additionally, the Stripe Cookie will also remember who you are.

Legal ground for personal data processed by the Stripe Cookie is art. 6 para. 1 lit. b GDPR. The processing of your payment data is necessary for the performance of a contract, or when the contract has not yet been concluded, at a pre-contractual stage.

If you want to reject the processing of data by the Stripe Cookie please reject the data processing by cookies in your web-browser. Then however, you will not be able to buy event tickets anymore as your payment cannot be processed. In those cases, please contact the controller.

Stripe will also transfer your personal data into the USA. Stripe is subject to the EU-US Privacy Shield,, https://www.privacyshield.gov/EU-US-Framework

5. Links to social media networks

We believe that everyone should make their own decisions about what data is processed by social-media-networks. As we genuinely care about your privacy, we do not use social media network cookies or plug-ins on our website. We soly place links to social media content on our website. These links do not transfer data to the social media network already by accessing our website, as a cookie or a plug-in would do. Only when clicking the link, you will be redirected to the social-media-network and logged into your social media account at this time, the social media content will be visible for you. If you are not logged into your social-media-account at the time of clicking the link, the social-media-network will ask you to log into your account. From there on, you will be on the website of the social network.

Legal basis for the implementation of social media network links is art. 6 para. 1 lit. f GDPR. Links to social media content makes our website more attractive to visitors and thus, we pursue a legitimate interest by implementing social media links. The social media network will process your personal data in accordance with their privacy policy in particular, for advertising, market research, the further improvement of their social media networks and to inform other social media users about your activities on our website. We do not have any influence on the processing of personal data by the social network.

Our website places links to social media content of the following social media platforms:

• Facebook

Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, (“Facebook”).Please refer to Facebook’s privacy policy under: http://www.facebook.com/policy.php.
Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Twitter
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;(„Twitter”). Please refer to Twitter’s privacy policy under: https://twitter.com/privacy. Twitter is subject to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.

Instagram
Instagram is a product of Facebook Ireland Limited, 4 Grand Canal Square,Dublin 2, Ireland, https://help.instagram.com/
519522125107875.

LinkedIn
LinkedIn Ireland UnlimitedCompany, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com/legal/privacy-policy. LinkedIn is subject to theEU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework 

6. Third Party Processors

We want your personal data to be processed by specialists. Therefore, we outsource certain complex data processing which requires particular expertise to a specialised service provider as this data cannot be processed in-house to the same standards as a specialised service provider processes them. This outsourcing of certain processing is necessary to maintain the functionality of our website or for the performance of the contract. We will not transfer personal data to third-parties if not strictly necessary. All third-party processors have been selected very carefully and are constantly monitored by us and are subject to the GDPR. Thorough contractual obligations ensure that third party processors respect your personal data to the same standards as we do.

We transfer your personal data to the following recipients:

• Technical, IT and communication Service Provider:
To ensure a flawless functionality of our website as well as an easy and yet safe communication with our global clients, technical, IT and communication service providers are processing your personal data on our behalf. These service providers include web hosting services, telecommunication providers like internet providers as well as cloud-based data processing solutions.

• Online payment systems providers:
Data processing by online payment system providers allows us to verify the payment of your purchase on our website to receive the purchase price and thus to settle a contract. All data transfer to online payment system providers is SSL encrypted. Credit Card data is processed in accordance with PCI DSS. We do not store any credit card information on our servers.

• Lawyers, tax advisors and bookkeepers:
To fulfil our legal obligations we will also transfer your personal data to lawyers, tax advisors and bookkeepers if necessary.

• Third Party cookies:
Please refer to Section 3 of the privacy policy.

7. Place of data processing

Generally, all of our data including your personal data will be stored and processed within the EU. However, some of our third-party processors process and store your personal data outside the EU, in particular in the USA. In these cases, the transfer of personal data to a third country is based on an adequacy decision (i.e. the EU-US Privacy Shield) or on standard data protection clauses adopted by the European Commission.  

8. Deletion of your personal data

Notwithstanding your right to erasure - we delete your personal data in regular intervals depending on the kind of processed personal data and the legal basis of its processing.

If the processing of your personal data is based on your consent, we will generally delete your personal data within 6 months after you have withdrawn your consent and there are no other legal grounds for the further processing of your personal data. If the processing of your personal data is necessary for the performance of a contract, we generally delete your data within 12 months after the contract has been sufficiently settled. If we process your data in pursuit of a legitimate interest, we will delete your data within 6 months after our legitimate interest no longer persists

However, we are subject to various provisions of law requiring us to retain certain documents which can contain your personal data. The applicable timeframe of the retention period depends on the document, its data and the provisions of law and can range from 6 years according to the German Commerce Code and 10 years according to the German Taxation Code. If we retain documents containing your personal data to enforce a judicially determined claim, your data will be deleted after a maximum of 30 years. If your personal data will only be stored further because of legal retention periods, we will restrict the processing of your personal data during the retention period.

9. Your rights regarding our data processing

9.1  Right of acces

You can always seek a confirmation from us if we process your personal data, and if we do what categories of personal data are processed, the purpose of the data processing, the recipients of your personal data, the storage period of your data or the criteria determining the storage period as well as the existence of the right rectification, erasure, restriction of processing or to object such processing.  

9.2  Right to rectification

Of course, we only want to process accurate and up to data. At any time, you are able to update or rectify your personal data.

9.3 Right to erasure

Of course, we only want to process accurate and up to data. At any time, you are able to update or rectify your personal data.

9.4 Right to restriction of processing

You have the right to restrict the processing of your personal data. If we restrict the processing of your personal data, your data will be stored by us but only processed in specific cases determined by the GDPR.

9.5 Right to object

If we profess your personal data in pursuit of our legitimate interests, you can object to the processing of your personal data. In such cases, we will no longer process your personal data if we cannot demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the data processing serves the establishment exercise or defence of legal claims.  

9.6 Right to withdraw your consent

If the processing of your personal data is based on your consent, you can withdraw your consent at all times with future effect in accordance with art.7 para. 3 GDPR. We will not process your data anymore if we cannot justify the further processing of your personal data on other legal grounds.

9.7 Right to data portability

If the processing is based on consent or is necessary for the performance of a contract you have the right to receive your personal data in a structured commonly used and machine-readable format.

9.8 Right to file a complain

You can file a complain to the data protection authorities at the place of your usual residence or at the place of the alleged breach of your privacy.

9.9 Subject to change

We reserve the right to change and update this privacy policy from time to time. Updates and changes of this privacy policy will be uploaded on our website and will be effective immediately after its complete upload. Thus, we advise you regularly check our website if our privacy policy was subject to changes or updates. (latest reversion May, 2019)