Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
1. Controller and Data Protection Officer
Controller according to Art. 4 para. 7 GDPR is
Our Data Protection Officer is Marcello Genovese (Privacy@vinivia.com)
2. Scope of the data responsibility
We will retain those personal data we process on behalf of our customers for as long as needed to provide our services. Vinivia AG will retain this personal information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
3. Collection of personal data when visiting our website
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server. This information is temporarily stored in a so-called server log file. The following information, which is technically necessary for us, is recorded without your intervention and stored until it is automatically deleted:
- Name of the retrieved file
- Date and time of retrieval
- transferred data volume
- Message whether the retrieval was successful
- Description of the type of web browser used
- Operating system used
- the previously visited page
- Your IP address
We process the data mentioned above for the following purposes:
- To ensure a smooth connection of the website
- Evaluation of the system security and stability of the website
The legal basis for the data processing is Art. 6 para. 1 letter f GDPR. Our legitimate interest is based on the aforementioned purposes and the technical necessity of processing the collected data in order to display our website. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
We use so-called "cookies" and comparable techniques on our website, by which your computer can be identified as a technical unit during your visit to the website, in order to enable you to use our offer.
A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser used when you visit our website. If you visit this website again, we can recognize you in this way, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies").
The user data collected through technically necessary cookies is not used to create user profiles.
Insofar as personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 letter b GDPR either for the execution of the contract or in accordance with Art. 6 Para. 1 letter f GDPR to protect our legitimate interests. The processing is carried out to enable the functioning of our website. It is therefore necessary to protect our legitimate interests.
However, you usually have the option of setting your Internet browser to inform you about the occurrence of cookies so that you can allow or exclude them or delete existing cookies. Most Internet browsers are preset to accept cookies.
Please use the help function of your Internet browser to obtain information on how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of technically necessary cookies.
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Cookies do not allow a server to read private data from your computer or the data stored by another server. They do not damage your computer and do not contain viruses.
4.1 Use of Google Tag Managers
We use the Google Tag Manager. This is only a management system that allows us to integrate the other services shown below on our website. Google Tag Manager itself does not process any personal data. This is only done by the Google services described below in the manner described there.
4.2 Use of Google Analytics
4.3 Use of Google Ads Conversion Tracking
We use the offer of Google Ads Conversion of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to draw attention to our attractive offers by means of advertising material (so-called Google Ads) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We thus pursue the interest to show you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. These advertising materials are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies, through which certain parameters can be measured to measure success, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google Ads will store a cookie on your end device. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an ad client's website and the cookie stored on their computer has not expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each ad client. As a result, cookies cannot be tracked through the websites of ad clients. We ourselves do not collect and process any personal data in the advertising measures mentioned above. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of these tools and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and save your IP address.
You can prevent participation in this tracking procedure in various ways: a) by making appropriate settings in your browser software, in particular by suppressing third-party cookies, so that you do not receive any ads from third-party providers; b) by installing the plug-in provided by Google under the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads" via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin, e) by means of the corresponding cookies setting f) by clicking on this link. An opt-out cookie will then be set to prevent further collection of your data when you visit this website. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
The legal basis for this processing is your consent pursuant to Art. 6 para. 1 letter a GDPR.
4.4 Social Media Widgets
5. Further functions and offers of our website
In addition to the purely informative use of our website, we offer various services which you can use if you are interested. For this purpose, you will usually have to provide additional personal data which we use to provide the respective service.
We collect information from you when you register on our site to host or participate in an event on behalf of our customer, subscribe to a newsletter, fill out a form or enter information on our website.
When using our services, you may provide us with the following personal information:
When you register on our website to use our services, we usually collect your first and last name, name of company, billing address and a valid e-mail address.
We need this information to provide services to you, to maintain and support your customer account and to process payments.
The legal basis for the processing is Art. 6 para. 1 letter b GDPR. The data processing is carried out to fulfill our contractual obligations according to the contractual usage agreement concluded with you.
1.2. Session, location and usage data of events
When you use our services, we also receive data that is automatically logged. The type and scope of the data processed depends on the type of service used, as well as on the information you provide and the functions you use within the scope of the service provided.
As a rule, the following types of data are processed:
- Registration information: First and last name; company name; e-mail address; activation code; conference code; organization ID; "Universal Unique Identifier
- Configuration and communication data: Device Name; Geographic Data; IP Address; User Agent Identifier; Operating System Type and Version; Client Version; Endpoint MAC Addresses; Time Zone; Domain Name; Activity Logs; Hardware Type
- Event information: Title; Description; Date; Time; Duration; Number of participants; Organizer name; Screen resolution; Dial-in method; Diagnostic information
- Shared screen content, presentation materials and other documents used as part of the event
- Text, audio and video data, if applicable: camera and microphone data provided by your end device for displaying video and audio during the event; text entries when using the chat, question or survey functions
- When recording the event (with the consent of the participants): MP4 file of all video, audio and presentation recordings; text file of the event chat
- Other data provided voluntarily in the context of the event
Please note that you can switch off or mute the camera or microphone yourself at any time when conducting and/or participating in an event. In the course of holding events, at least the configuration and communication data listed above are automatically recorded and processed. Text, audio and video data will only be processed if you as a participant have activated your microphone and camera and/or use the chat, question or survey functions.
We display personal testimonials of satisfied customers on our Website in addition to other endorsements. With your consent, we may post your testimonial along with your name.
The legal basis is Art. 6 para. 1 letter a GDPR.
If you wish to update or delete your testimonial or want to withdraw your consent, you can contact us at Privacy@vinivia.com
6. Data transfer
Unless expressly stated below or in the previous sections, your data will not be disclosed to third parties or other recipients.
We also only pass on your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 para. letter a GDPR,
- the disclosure pursuant to Art. 6 para. letter f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that there is a legal obligation to pass on the data pursuant to Art. 6 para. 1 letter c GDPR, and
- this is legally permissible and, in accordance with Art. 6 para. 1 letter b GDPR, necessary for the processing of contractual relationships with you.
Any personally identifiable information you elect to make publicly available on our Website, such as posting comments, will be available to others. If you remove information that you have made public on our Websites or the Vinivia AG Service, copies may remain viewable in cached and archived pages of our Websites or the Vinivia AG Service, or if other users have copied or saved that information.
Our users comments are managed by a third party application that may require you to register to post a comment. We do not have access or control of the information posted in the comments.
On our website we offer the possibility to execute payments by use of our integrated payment services. The payment is therefore processed by Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order. The passing on of your data takes place exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as they are necessary for this purpose is required. Stripe Payments Europe Ltd will act for us within the framework of a contract processing agreement in accordance with Art. 28 para. 3 sentence 1 GDPR. Further information on data protection by "Stripe" can be found at the following Internet address: https://stripe.com/de/privacy#translation.
7. Change of control
We may buy or sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Your information such as customer names and email addresses, and other User information related to the Vinivia AG Service may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
8. No third country transmission
Your personal data is stored and processed in data centers in Europe so that no personal data is transferred to a third country.
9. Data security
Vinivia AG is concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any information you transmit to Vinivia AG or guarantee that your information may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards.
When you enter sensitive information (such as log in credentials) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). No method of transmission over the Internet or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Website, you can contact us at Privacy@vinivia.com.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We do not use Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
Vinivia AG’ payment processor Stripe Payments (http://www.stripe.com) has been certified as a Level 1 Service Provider of Payment Card Industry (PCI) Data Security Standards (DSS), which is the highest possible level. For verification of iATS Payments’ Report on Compliance (ROC) please see Visa’s Global Registry of PCI Validated Service Providers: http://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe. Service providers on this list were validated as PCI DSS compliant by a QSA and are required to re-validate their compliance on an annual basis.
In the event that personal information is compromised as a breach of security, Vinivia AG will promptly notify our customers in compliance with applicable law.
10. Storage period
The data processed by us will be deleted or limited in their processing in accordance with articles 17 and 18 GDPR.
Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as you revoke any consent you may have given or if the data is no longer required for its intended purpose and no legitimate interests or statutory storage obligations stand in the way of deletion.
If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
In accordance with legal requirements, data is stored for 6 years in accordance with § 257 Paragraph 1 HGB (e.g. commercial letters, accounting records, etc.) and for 10 years in accordance with § 147 Paragraph 1 AO (e.g. commercial and business letters, tax-relevant documents).
11. Rights of the data subject
You are entitled to the following rights:
11.1. Right to access
You have the right to ask us to confirm whether personal data concerning you is being processed.
11.2. Right to rectification/erasure/restriction of processing
Furthermore, you have the right to demand that
- incorrect personal data concerning you are corrected without delay (right torectification)
- personal data concerning you are deleted without delay (right to erasure) and
- the processing is restricted (right to restriction of processing).
11.3. Right to data portability
You have the right to receive personal data concerning you, which you have provided us with, in a structured, commonly used and machine-readable format and to transfer this data to another controller.
11.4. Right to withdraw
You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until withdrawal.
11.5. Right to object
If the processing of your personal data is necessary to protect our legitimate interests (Art. 6 para. 1 letter f GDPR), you have the right to object.
11.6. Right to lodge a complaint
If you believe that the processing of personal data relating to you is in breach of the GDPR, you have the right to lodge a complaint with the competent supervisory authority, without prejudice to other legal remedies.
We reserve the right to adapt this data protection declaration in the event of any changes to the legal situation, the services offered on the website and data processing. However, this only applies with regard to statements on data processing. If your consent is required or if parts of the data protection declaration contain regulations of the contractual relationship with you, the changes will only be made with your consent.
You can inform yourself regularly about any changes in this data protection declaration.
Status: September 2020