Data privacy statement

1. Name and contact data of the responsible person for data processing

This data protection information is valid for the data processing by:

Cultural Commons Collecting Society SCE mit beschränkter Haftung (C3S SCE)
Rochusstr. 44
40479 Düsseldorf

Legal representatives:

E-Mail: info@C3S.cc
OpenPGP Public Key: 084A 1D48 A31B C872 DEF5 BB6C D647 F126 4C4E CD7F
Telefon: +49 (0)211 280 10 700
Fax: +49 (0)211 280 10 709

2. Collection and storage of personal data as well as type and purpose of their usage

a) When visiting the website
When accessing our website there are information sent to our webserver automatically by the browser you use on your device. This information is stored temporarily in a so called logfile. The following information is captured without your intervention and stored up to the automated deletion date (within 5 days):

  • IP address of the requesting computer,
  • date and time of the access,
  • name and URL of the accessed file,
  • website from which the access takes place (referrer url),
  • used browser and – if applicable – the operating system of your computer as well as the name of your access provider.

The named data is processed by us for the following purposes:

  • guarantee of a trouble-free website calling,
  • guarantee of a comfortable use of our website,
  • analysis of the system security and stability as well as
  • for other administrative purposes.

The legal basis for the data processing is Art. 6 1(1) lit. f GDPR. Our legitimate interest in data collection results from the purposes listed above. Under no circumstances the collected data will be used for the purpose of drawing conclusions about your individual person.

b) When signing up for our newsletter
If your explicitely agreed according to Art. 6 1(1) lit. a GDPR, we will use your e-mail address for sending you our newsletters periodically. It is sufficient to submit an e-mail address to receive our newsletter. The signup takes place within the so called double-opt-in-procedure. You therefore receive an e-mail for confirmation and authorization, asking you to click the link in it to confirm the newsletter’s subscription. The cancellation is possible at any time by sending an e-mail to info@c3s.cc.

c) When using the contact form
For any questions that may arise, we provide a form on our website for you to contact us. Therefore a valid e-mail-address is required, so we know the request’s origin and are able to answer the request. Further information can be provided optionally. The data processing for the purpose to contact you happens according to Art. 6 1(1) lit. a GDPR based on your voluntarily given approval. The personal data provided to us via the contact form will be deleted automatically after your issue was handled completely.

d) When using the comments function
We provide you a form on our website for discussions of the topic related to blog entries. Therefore a valid email address is required, so we can send you notifications about the comment, e.g. “there was written a new answer to your comment” or “your comment was not published for the following reasons”. You can provide further information optionally. The data processing for the purpose of contacting you happens according to Art. 6 1(1) lit. a GDPR based on your voluntarily given approval. The email address requested on use of the comments field will be deleted from our systems within a period of 3 months.

e) When filing a membership application for the cooperative
When filing a membership application via https://yes.c3s.cc, the data processing happens for the purpose of membership with us according to Art. 6 1(1) lit. b GDPR for preparing a contract with you. The processing of data moreover happens according to the cooperative law and results in direct communication, which arise from the cooperative’s commitments and information obligation, e.g. the invitation to the general meeting. For these purposes the following data will be stored during the membership period and data relevant for posting (e.g. membership fee) will be stored 10 years because of the legal retention requirements:
– first name, last name
– e-mail-address
– street and street number, other address component
– postal code, place, country
– date of birth
– type of membership (regular/investing)
– if you are a member of another collecting society and if so, which one
– number of cooperative shares to purchase

f) When registering for a C3S event
When registering for an event via https://events.c3s.cc the data processing happens for the purpose of event administration and contacting you according to Art. 6 1(1) lit. a GDPR based on your voluntarily given approval and are deleted within one month after the event’s end. This includes first name, last name, e-mail address, which event you want to join and other requests for the event’s preparation. If financial transactions were associated with the event (entry fees, supporter-tickets), the respective data will be deleted after the legal retention period for accounting-relevant data, which is 10 years.

3. Transmission of data

A transmission of your personal data to third parties does not take place for purposes other than listed below.
We will only transmit your personal data to third parties, if

  • you gave us your explicit consent in accordance with Art. 6 1(1) lit. a GDPR,
  • the transmission is required for asserting, practicing or defending legal claims according to Art. 6 1(1) lit. f GDPR and if there is no cause for the assumption, that you have an overriding interest warranting protection relating to the non-disclosure of your data
  • in case there exists a legal obligation for the transmission according to Art. 6 1(1) lit. c GDPR, as well as
  • the transmission is legally permissible and required for the processing of contractual relationships with your according to Art. 6 1(1) lit. b GDPR.

4. Cookies

We use cookies at our webpage. These are small files, which are automatically created by your browser and are stored on your device (laptop, tablet, smartphone or similar) if you visit our website. Cookies don’t do any harm on your device. They don’t contain viruses, trojans, or other malware. There is information stored in the cookie, which result from the specifically used device – in this case the country setting for the website’s language. This does not mean, however, that we gain any knowledge about your identity by this. The use of cookies enables us to provide a more comfotable website experience for you. Therefore we use temporary cookies for usability optimization, which are stored for a predefined time period on your device. If you visit our website again, it will be recognized automatically and restore the previously made settings – in this case the langauge setting – so you don’t need to adjust this setting again.

Most browsers accept cookies automatically. But you can configure your browser not to store cookies on your computer or to always show a notice before a new cookie is created. The complete deactivation of cookies can lead to the circumstance, that you have to reenter settings, you already did before – in this case the language setting.

5. Rights of persons affected

You have the right to

  • request information about the personal data processed by us about you according to Art. 15 GDPR. In particular you can request information about the processing’s purposes, the category of the personal data, the categories of recipients which your data were or will be disclosed to, the planned storage period, the existence of a right of correction, deletion, processing’s limitation or objection, the existence of a right to appeal, the origin of your data, if not requested by us, as well as about the existence of an automated decision making which includes profiling and about its meaningful detailed information, if applicable.
  • request immediate correction of incorrect data or completion of your personal data stored by us according to Art. 16 GDPR.
  • request deletion of your personal data stored by us according to Art. 17 GDPR, so far as
    the its processing won’t be necessary for the freedom of expression’s and information’s practice, for the fulfilment of legal reasons, for reasons of public interest or for assertion, practice or defence of legal claims.
  • request a processing’s limitation concerning your personal data according to Art. 18 GDPR, so far as the data’s correctness is denied by you, the processing is unlawful, but you deny their deletion while we don’t need these data, but you will need these for assertion, practice or defence of legal claims or you entered an objection against the processing according to Art. 21 GDPR.
  • request the reception of your personal data, you provided to us, in a structured, common and machine-readable format or the transmission of these to another responsible person according to Art. 20 GDPR.
  • revoke your once given approval to us at any time according to Art. 7 section 3 GDPR. This means that we won’t be allowed to continue the data processing based on the approval, in the future and
  • complain at a supervisory authority according to Art. 77 GDPR. Usually you can contact the supervisory authority of your residence or place of work or the authority supervising us.

6. Right of objection

If your personal data is processed on the basis of legitimate interests according to Art. 6 section 1 clause 1 lit. f GDPR, you have the right to appeal against your personal data’s processing according to Art. 2 GDPR, so far as there exist reasons, which result from your special situation or if the objection is directed against direct advertising. In the latter case you have a general right of objection, which will be implemented by us without needing a statement about a special situation.

If you wish to make use of your right of revocation or objection, a mail to info@c3s.cc will be sufficient.

7. Data security

We use the popular SSL-procedure (Secure Sockets Layer) with the highest encryption, as amended, which is supported by your browser. This is usually 256 bit encryption. If your browser does not support 256 bit encryption, we instead use 128 bit v3 technology. You can identify, whether a single page of your website is encrypted by the key symbol or closed lock symbol in the lower statusbar of your browser. We point out, that a 100 percent security does not exists when transferring data via the internet because of possibly undetected vulnerabilities and thus a 100 percent protection of the data against access by third parties does not exist. But to avoid risks, we take technical and organizational security measures in accordance with the respective state of the art, to protect your data against accidental or intentional manipulation, partial or full loss, destruction or against the unauthorized access by third parties.

8. Relevance and changes of this data privacy statement

This data privacy statement is currently valid and is made as of May 2018.

Due to our website’s advancement and its services or because of changed legal or rather regulatory requirements it may become necessary to change this data privacy statement. The most recent data privacy statement can be retrieved and printed at any time by you on our website’s link “data privacy”.