The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Maritimes Cluster Norddeutschland e. V.
Wexstrasse 7
20355 Hamburg,
Germany
Phone: +49 40 227019-499
Email: info@maritimes-cluster.de
Website: https://www.maritimes-cluster.de/en/

Name of the Data Protection Officer

Our Data Protection Officer is:

Dr Uwe Nolte
Email: datenschutzbeauftragter@maritimes-cluster.de

You have the right to receive specific information about how your data is processed (Articles 15–21 of the General Data Protection Regulation (GDPR)). Please direct any enquiries to the contact address provided above. If we are processing your personal data, you have the following rights as the ‘data subject’:

Requesting information

You can request information from us as to whether we are processing any of your personal data. However, this right does not apply if the data is only stored because it cannot be deleted due to legal or statutory retention periods, or if it is used exclusively for data backup or data protection control purposes. This right also does not apply if providing the information would involve a disproportionate effort, and if appropriate technical and organisational measures have been put in place to prevent the processing of the data for any other purposes. 

If we are processing your personal data and the right to access information is not excluded in your case, you may request the following information from us:

• The purposes of the processing
• The categories of personal data relating to you that are being processed
• The recipients or categories of recipients to whom we disclose your personal data, in particular recipients in third countries
• Where possible, the envisaged period for which your personal data will be stored or; if this is not possible, the criteria used to determine that period
• The existence of a right to rectification, erasure or to restrict processing of the personal data concerning you, or a right to object to such processing
• The existence of a right to lodge a complaint with a data protection supervisory authority
• Where the personal data has not been collected from you as the data subject, the available information regarding the source of the data
• Where applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such automated decision-making
• Where personal data is transferred to recipients in third countries where there is no decision by the European Commission on the adequacy of the level of protection pursuant to Article 45(3) GDPR, information on the appropriate safeguards provided for in accordance with Article 46(2) GDPR to protect personal data

Correction and completion

If you discover that we hold inaccurate personal data about you, you can ask us to correct this inaccurate personal data without delay. Similarly, if the personal data we hold about you is incomplete, you may request that it be completed.

Erasure

You have the right to erasure (‘the right to be forgotten’), provided that processing is not necessary for exercising the right to freedom of expression or information, or for complying with a legal obligation or performing a task in the public interest, and one of the following conditions applies:

• The personal data is no longer necessary for the purposes for which it was processed
• The legal basis for processing was solely your consent, which you have withdrawn
• You have objected to us processing your personal data that we have made public
• You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for processing it
• Your personal data has been processed unlawfully
• Erasing the personal data is necessary in order for us to comply with a legal obligation

However, there is no right to erasure if erasure is not possible or would require a disproportionate effort due to the specific nature of the storage, and if your interest in erasure is minimal. In this case, the right to restrict processing takes precedence over the right to erasure.

Restricting processing

You may request that we restrict processing if any of the following grounds apply:

• You contest the accuracy of the personal data. In this case, the restriction may be requested for a period that allows us to verify the accuracy of the data
• The processing is unlawful, but you request restriction of use instead of erasure
• We no longer require your personal data for the purposes of processing it, but you need it to establish, exercise or defend legal claims
• You have lodged an objection pursuant to Article 21(1) GDPR. You may request restriction of processing for as long as it has not yet been established whether our legitimate grounds override yours

Restricting processing means that your personal data will only be processed with your consent or for the purpose of establishing, exercising or defending legal claims, or to protect the rights of another natural or legal person or for reasons of substantial public interest. We are obliged to inform you before we lift the restriction.

Data portability

You have the right to data portability, provided that the processing is based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR), or on a contract to which you are a party, and the processing is carried out by automated means. In this case, your right to data portability includes the right to receive your personal data from us in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller. 

• You may request that we provide you with the personal data you have supplied to us in a structured, commonly used, machine-readable format. 
• You have the right to transmit this data to another controller without hindrance from us. 
• Where technically feasible, you may request that we transmit your personal data directly to another controller.

Withdrawing consent

You have the right to withdraw your consent at any time, which will take effect in the future. You can inform us of this informally by email or post. This will not affect the lawfulness of any data processing carried out prior to the withdrawal being received. Once we have received your withdrawal, we will cease any data processing that was based solely on your consent.

Objections

If processing is based on Article 6(1)(e) GDPR (performance of a task carried out in the public interest or in exercising official authority), or Article 6(1)(f) (legitimate interests pursued by the controller or a third party), you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. This also applies to profiling based on Articles 6(1)(e) or (f) GDPR. Once you have exercised your right to object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. Alternatively, the processing may be necessary for the establishment, exercise or defence of legal claims.

You may object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling associated with such direct marketing. Once you have exercised this right, we will no longer use the personal data in question for direct marketing purposes.

You may inform us of your objection informally by telephone, email or by writing to the postal address listed above.

Existence of automated decision-making

As a responsible company, we do not engage in automated decision-making or profiling within the meaning of the GDPR.

Complaints

If you believe that the processing of your personal data is unlawful, you have the right to lodge a complaint with the relevant data protection supervisory authority for your place of residence or work, or for the place where the alleged infringement occurred. However, we would appreciate it if you would first contact our Data Protection Officer to explain your concerns or complaints.

When visiting our websites

When you visit our websites, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a log file. The following information is collected automatically and stored until it is automatically deleted:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the file accessed
• Website from which access is made (referrer URL)
• Browser used and, where applicable, your computer’s operating system, as well as the name of your internet service provider

We process the aforementioned data for the following purposes:

• To ensure the website connects smoothly
• To ensure a user-friendly experience on our website
• To evaluate system security and stability, and for other administrative purposes

The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in ensuring that the website functions correctly and is optimised.

Contacting us 

If you contact us (e.g. via the contact form, email, post, telephone or in person), we will store the personal data you provide. We will process this data in order to deal with your enquiry. We will not pass on this data without your consent. The processing of the aforementioned personal data is based on your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. An informal notification by email is sufficient for this purpose. The lawfulness of data processing operations carried out up to the point of withdrawal remains unaffected by the withdrawal.

Any data that you provide to us when contacting us will be retained until you request its deletion, withdraw your consent for us to store it, or the purpose for which we are storing it no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions, particularly retention periods, remain unaffected.

Applying for jobs

It is possible to apply for a job with us (preferably using the website form). If you send us an application, we will process the associated personal data (e.g. contact details, communication details and application documents) to the extent necessary to decide whether to establish an employment relationship with you. The legal basis for this processing is Section 26 of the German Federal Data Protection Act (BDSG) and, where applicable, Article 6(1)(a) of the General Data Protection Regulation (GDPR). You can withdraw your consent at any time. Your personal data will only be shared within our company by those involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Article 6(1)(b) GDPR and Section 26 BDSG for the purpose of managing the employment relationship. If we are unable to offer you a position, if you decline a job offer or withdraw your application or consent to data processing, or if you request that we delete the data, the data you have provided, including any remaining physical application documents, will be stored for six months following the conclusion of the application process (the retention period) to enable us to trace the details of the application process in the event of any discrepancies (Art. 6(1)(f) GDPR).

Once the retention period has expired, the data will be deleted, unless there is a statutory retention obligation or another legal basis for further storage. If it becomes apparent that retaining your data will be necessary after the retention period has expired (for example, due to an impending or ongoing legal dispute), the data will only be deleted once it is no longer relevant. Other statutory retention obligations remain unaffected.

Registering on this website

You can register on our website to access additional features. We will only use the data you provide for the purpose of using the offer or service for which you have registered. All mandatory information requested during registration must be provided. Otherwise, we will refuse the registration. We will use the email address provided during registration to inform you of important changes, such as changes to the scope of the service or changes that are technically necessary.

The processing of the data entered during registration is based on your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time. To do so, simply send us an informal email. Withdrawing your consent does not affect the lawfulness of any data processing that has already taken place. We will store the data collected during registration for as long as you are registered with our website. After this time, the data will be deleted. Statutory retention periods remain unaffected.

General information on analytics tools and third-party tools

This website uses analytics and third-party tools. We would therefore like to inform you about the general implications of their use. When you visit our website, your browsing behaviour may be analysed statistically. This is primarily done using cookies and analytics programs. This analysis is generally carried out anonymously, i.e. your browsing behaviour cannot be traced back to you. You can object to this analysis or prevent it from happening by not using certain tools. The following Privacy Policy provides detailed information on this. You can object to this analysis. You can find out about the options for doing so further down in this Privacy Policy.

Routine erasing and blocking of personal data

Personal data is only processed and stored for as long as is necessary to fulfil the relevant purpose, or for as long as is required by the legal provisions to which the controller is subject. Once the processing purpose ceases to apply or the prescribed retention period expires, the personal data is routinely blocked or erased in accordance with legal requirements.

This website is hosted by an external service provider (host). The personal data collected via this website is stored on the host’s servers. In particular this data may include IP addresses, contact enquiries, metadata and communication data, contractual data, contact details, names, details of website visits and other data generated via a website. We use the host to provide our online services securely, quickly and efficiently through a professional provider (Art. 6(1)(f) GDPR).

Our host will only process your data to the extent necessary to fulfil its contractual obligations and will follow our instructions regarding this data. To ensure compliance with data protection regulations, we have entered into a data processing agreement with our hosting provider.

Our hosting provider collects so-called log file data transmitted by your browser: this data includes the IP address, the address of the previously visited website (referrer request header), the date and time of the request, the content of the request, the HTTPS status code, the amount of data transferred, the website from which the request originates, as well as information regarding the browser and operating system. This is necessary to display our website and to ensure stability and security in accordance with our legitimate interest pursuant to Article 6(1)(f) GDPR. No tracking takes place and we have no direct access to this data. The data is deleted as soon as the purpose for processing it no longer applies.

For security reasons, and in particular to protect the transmission of confidential content such as your personal data, this site uses SSL and/or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the padlock symbol in your browser bar. When SSL or TLS encryption is enabled, any data you send us cannot be read by third parties.

Our websites use cookies. These are text files that a website operator stores on the user’s computer and can retrieve when the user visits the site again. This is to facilitate navigation on the internet, enable transactions or gather information about usage behaviour. Cookies do not cause any damage to your computer and do not contain viruses. They serve to make our services more user-friendly, effective and secure. Most of the cookies we use are “session cookies”. These are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser when you visit us again.

We store cookies that are necessary for executing the electronic communication process or for providing specific functions requested by you (e.g. event registration) on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically flawless and optimised provision of its services. Where other cookies (e.g. cookies used to analyse your browsing behaviour) are stored, these are dealt with separately in this Privacy Policy. You can configure your browser to notify you when cookies are set, allow them on a case-by-case basis, reject them in specific cases or altogether, and set them to be deleted automatically when you close your browser. The legal basis for this is your consent pursuant to Article 6(1)(a) GDPR. Please note that disabling cookies may restrict the functionality of this website.

Storage duration: With regard to storage duration, a distinction is made between the following types of cookies:

• Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest once a user has left an online service and switched off their device (e.g. browser or mobile application)
• Persistent cookies: Persistent cookies remain stored even after the device has been switched off. This allows, for example, the login status to be saved or preferred content to be directly displayed when the user visits a website again. Similarly, user data collected via cookies may be used for audience measurement. Unless we explicitly state the type and storage duration of cookies (e.g. when seeking consent), users should assume that cookies are persistent and that they may be stored for up to two years

General information on withdrawing consent or objecting to the use of cookies (‘opting out’):

Depending on whether the processing is based on consent or legal authorisation, you have the option at any time to withdraw any consent you have given or to object to the processing of your data via cookie technologies (collectively referred to as ‘opting out’). You can initially opt out via your browser settings, for example by disabling the use of cookies (although this may also restrict the functionality of our online service). You can also object to the use of cookies for online marketing purposes, particularly in the case of tracking, via a range of services provided by the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can find further information on how to opt out in the details provided regarding the service providers and cookies used. You can also prevent your data from being collected and processed by disabling the execution of script code in your browser or by installing a script blocker in your browser (you can find these, for example, at www.noscript.net or www.ghostery.com).

Cookiebot cookie consent tool

Our website uses Cookiebot’s consent technology to obtain your consent to store certain cookies or use certain technologies on your device, and to document this in accordance with data protection regulations. This technology is provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”). The legal basis for using Cookiebot’s cookie consent technology is Article 6(1)(f) GDPR. The provider has a legitimate interest in ensuring the website is user-friendly and complies with GDPR requirements.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

When you visit our website, a connection is established with Cookiebot’s servers to obtain your consent and other information relating to the use of cookies. Cookiebot then stores a cookie in your browser to link the consents you have given – or withdrawn – to your account. The data collected in this way is stored until you request its deletion, delete the Cookiebot cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Further information on Cookiebot’s data processing can be found in the Privacy Policy at cookiebot.com: https://www.cookiebot.com/en/privacy-policy/.

We have a social media presence to inform users active on these platforms about our services, and to communicate with them via these platforms where there is interest. Our social media channels can only be accessed via an external link. You can recognise these links by the typical buttons. These buttons do not have a ‘Share’ or ‘Like’ function; they are simply graphics that link to our corresponding social media channels. Clicking on one of these buttons will open the respective social media platform. The social network will then be informed that you have visited our website using your IP address. As soon as you access our social media profile on the relevant network, the terms and conditions and data processing policies of the relevant operator apply.

We have no influence over the collection of data and its further use by the social networks. We have no knowledge of the extent to which, where and for how long the data is stored, the extent to which the networks comply with existing erasure obligations, what analyses and links are made with the data, or to whom the data is passed on. We therefore expressly draw your attention to the fact that the operators of these networks will store your data (e.g. personal information and IP addresses) in accordance with their data usage policies and use it for business purposes. Please refer to the terms of use and privacy policies of the relevant social media platforms for further details.

Legal basis

Our social media presence is intended to maximise our online visibility. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) GDPR).

Data controller and exercising your rights

When you visit one of our social media pages, we are jointly responsible with the operator of the social media platform for the data processing operations triggered by your visit. You can generally exercise your rights (right of access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) with either us or the operator of the relevant social media portal.

Please note that, although we share responsibility with the operators of social media platforms, we do not have full control over the data processing activities carried out by these platforms. Our options largely depend on the respective provider’s corporate policy.

Data retention period

Data collected directly by us via our social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request its erasure, you withdraw your consent to storing it, or the purpose for storing it no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions, particularly retention periods, remain unaffected.

We have no influence over how long the operators of social networks store your data for their own purposes. For further details, please contact the operators of the social networks directly.

Links to LinkedIn 

Links to the LinkedIn social network are integrated into our website. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. You can recognise the link by the LinkedIn logo on our website. 

Please note that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it is used by LinkedIn. If you do not want LinkedIn to link your data, you must log out of your LinkedIn account. Further information on this can be found in LinkedIn’s Privacy Policy at: https://www.linkedin.com/legal/privacy-policy.

Links to Facebook

Links to the Facebook social network are integrated into our website. The provider is Meta Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognise the link by the Facebook logo on our website. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

Please note that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it is used by Facebook. Further information on this can be found in Facebook's Privacy Policy at: https://www.facebook.com/privacy/policy/.

If you do not wish Facebook to link your visit to our website with your Facebook user account, please log out of your Facebook user account.

Links to YouTube

Links to the YouTube social network are integrated into our website. The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. You can recognise the link by the YouTube logo on our website.

Please note that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it is used by YouTube. If you do not wish YouTube to link your data, you must log out of your YouTube account.

Further information on how user data is handled can be found in YouTube’s Privacy Policy at: https://policies.google.com/privacy?hl=en and here: https://support.google.com/youtube/answer/2801895?hl=en.

Links to Xing

Links to the Xing social network are integrated into our website. The provider is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. You can recognise the link by the Xing logo on our website.

Please note that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it is used by Xing. If you do not wish Xing to link your data, you must log out of your Xing account.

Further information on this can be found in Xing’s Privacy Policy at: https://privacy.xing.com/en.

Privacy notice for our Facebook profile

We have a profile on Facebook: https://www.facebook.com/maritimescluster/.

The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement via the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. For further details, please refer to Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/.

Facebook Ireland Ltd (‘Facebook’) provides us, as the operator of a Facebook Fan Page, with so-called ‘Facebook Insights’ (‘Insights’). These consist of various statistics that provide us with information about the use of our Facebook Fan Page. Further details regarding this and the associated data processing can be found at: https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/legal/terms/information_about_page_insights_data.

We process Insights data for our Facebook Fan Page on the basis of our legitimate interest in analysing activity on our fan page and our marketing measures (advertisements, campaigns, posts) pursuant to Article 6(1)(f) GDPR.

The legal bases and purposes of processing by Facebook Ireland can be found here: Facebook Fanpages und InSights – hier die Antworten (in German), https://www.facebook.com/about/privacy/legal_bases and https://www.facebook.com/privacy/policy/.

Facebook Fan Page Insights may be based on personal data collected in connection with a visit to or interaction with our Facebook Fan Page and its content, meaning that personal data may also be processed by Facebook. You are not legally obliged to provide your personal data. However, providing such data may be necessary for the conclusion of a contract or for certain functions of the Facebook Fan Page. If you do not provide such data, a contract or a function on the Facebook Fan Page may therefore not be available.

The key details of the agreement concluded between us and Facebook within the meaning of Article 26 of the General Data Protection Regulation (GDPR) can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.

Jointly responsible for processing

are

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland

and the data controller mentioned above.

With regard to your personal data, you have the right to

• access information, Article 15 GDPR
• rectification, Article 16 GDPR
• erasure, Article 17 GDPR
• restriction of processing, Article 18 GDPR and
• data portability, Article 20 GDPR

You also have the right to object to the processing of personal data pursuant to Article 21 GDPR. The objection may be made in any form. See information below.

If you have given consent to the processing of your personal data, you have the right to withdraw that consent with effect for the future, in accordance with Article 7 GDPR.

In this regard, Facebook Ireland primarily fulfils the information obligations set out in Articles 12 and 13 GDPR, as well as the obligations under Articles 15 to 21 GDPR and the obligations under Articles 33 and 34 GDPR. Data subjects may therefore exercise their rights against Facebook Ireland. Of course, you may also exercise your rights against us.

If you believe that the processing of your personal data infringes data protection law, you always have the right to lodge a complaint with the competent supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority – in particular, the authority in the Member State of your habitual residence, place of work or the place where the alleged infringement occurred – if you believe that the processing of your personal data infringes the General Data Protection Regulation (GDPR). The Irish Data Protection Commission (https://www.dataprotection.ie/) is the supervisory authority responsible for Facebook Ireland.

Using YouTube with enhanced privacy settings

Our website uses plugins from the YouTube online video platform. The operator of the site is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website until they watch a video. However, the enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. YouTube therefore establishes a connection to the Google DoubleClick network, even if you do not watch a video.

As soon as you start playing a YouTube video on our website, a connection is established with YouTube's servers. This informs the YouTube server as to which of our pages you have visited. If you are logged into your YouTube account, you are allowing YouTube to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, once a video has started playing, YouTube may store various cookies on your device. These cookies allow YouTube to obtain information about visitors to our website. This information is used, amongst other things, to collect video statistics, improve user-friendliness and prevent fraud. The cookies remain on your device until you delete them.

Where applicable, further data processing operations may be triggered after a YouTube video has started playing, and we have no control over these.

We use YouTube to present our online services in an appealing manner. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

For further information on data protection at YouTube, please refer to their Privacy Policy at: https://policies.google.com/privacy?hl=en.

Users can subscribe to our newsletter on our website. The personal data that we receive when you subscribe to the newsletter is determined by the input form used for registering; the mandatory fields are marked.

When signing up for the newsletter, we require your email address, as well as information that allows us to verify that you own the provided email address and consent to receiving the newsletter. No further data is collected, unless it is provided on a voluntary basis. We use this data exclusively to send you the requested information and will not pass it on to third parties.

Processing the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw your consent for us to store your data and email address and use it to send you the newsletter at any time. For example, you can do this via an unsubscribe link in the newsletter. Withdrawing your consent does not affect the lawfulness of any data processing operations that have already taken place.

We will store the data you have provided to us for the purpose of subscribing to the newsletter until you unsubscribe, after which it will be deleted within six months. Data stored for other purposes (e.g. email addresses for customer communications) is not affected by this.

You may withdraw your consent to receive the newsletter at any time. A link to do so is included in every newsletter. Alternatively, you can withdraw your consent by sending an email to info@maritimes-cluster.de.

CleverReach

We use CleverReach to send out our newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that facilitates the organisation and analysis of newsletter distribution. Any data you provide when subscribing to the newsletter (e.g. your email address) is stored on CleverReach’s servers in Germany or Ireland.

Our newsletters, sent via CleverReach, allow us to analyse the behaviour of newsletter recipients. This allows us to analyse how many recipients opened the newsletter and which links were clicked. With the help of conversion tracking, we can also analyse whether a predefined action (e.g. event registration) took place after clicking on a link in the newsletter. Further information on the newsletter data analysed and tracked by CleverReach Reporting can be found at: www.cleverreach.com/en/newsletter-tool/newsletter-reporting/.

Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter Withdrawing your consent does not affect the lawfulness of any data processing operations that have already taken place.

Once you have unsubscribed from the newsletter mailing list, your email address may be stored in a blacklist to prevent future mailings. Data from the blacklist is used solely for this purpose and is not combined with other data. This serves your interests as well as our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) GDPR). There is no time limit on retaining data in the blacklist. You can object to your data being stored if your interests override our legitimate interests.

If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter. 

We have entered into a data processing agreement with CleverReach, and we comply fully with the strict requirements of the German data protection authorities when using CleverReach. Further details can be found in CleverReach’s Privacy Policy at: www.cleverreach.com/en/privacy-policy/.

Plug-ins are small add-on programs that extend the functionality of web applications. Installing a plug-in typically adds a new feature to the relevant website or software that it did not previously have. One advantage of plug-ins is that they enable new features to be easily added to programs and applications without significantly increasing their size or altering their source code. The code containing the new features is moved to the plug-in, so uninstalling the extension automatically restores the original state.

Content Delivery Network (CDN) Gstatic

We use the Gstatic service, which is provided by Google Ireland Limited (Gordon House, Barrow Street, 4 Dublin, Ireland), on our website. Gstatic is a Google Content Delivery Network (CDN) that delivers static content such as images, JavaScript files and style sheets. Specifically, the service loads background data for Google Fonts, Google Maps, Google Analytics, YouTube and various Google APIs.

The legal basis for processing personal data is our legitimate interest, as defined in Article 6(1)(f) GDPR. Using Gstatic helps us improve loading speeds and optimise the performance of websites that integrate these services.

This involves transferring personal data to the USA. Regarding the transfer of personal data to the USA, an adequacy decision has been made concerning the EU-US Data Privacy Framework within the meaning of Article 45 GDPR. You can view the provider’s EU-US Data Privacy Framework certification at: https://www.dataprivacyframework.gov/list.

We have entered into a data processing agreement with Google. As part of this processing, your personal data may be transferred to Google LLC’s servers at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. You can withdraw your consent at any time via the Cookie Consent Tool. 

Further information on how the transferred data is handled can be found in the provider’s Privacy Policy at: https://policies.google.com/privacy?hl=en. The provider also offers an opt-out option at: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en.

DFN Scheduler V6

DFN Scheduler 6 is a scheduling and booking platform. It is provided by the Association for the Promotion of a German Research Network (Verein zur Förderung eines Deutschen Forschungsnetzes e. V.), which is based at the DFN Office, Alexanderplatz 1, 10178 Berlin, Germany. We use the platform based on our legitimate interest in creating modern, efficient and user-friendly meeting polls and bookings, as well as for optimising our operational processes in accordance with Article 6(1)(f) GDPR.

The service can be used without registering. It is not necessary to create a user account. However, our polls for scheduling meetings are password-protected and only accessible to those who have received the password from us. Disclosure is only permitted within the invited administration. 

Data processing takes place exclusively within the territory of the Federal Republic of Germany. More detailed information on data protection at DFN can be found here: https://terminplaner6.dfn.de/en/datenschutz.

Doodle

We use the Doodle online scheduling tool on our website. The service is provided by Doodle AG, a Swiss company located at Werdstrasse 21, P.O. Box, 8021 Zurich, Switzerland. The use of the online scheduling and booking tool is based on our legitimate interest in providing a modern, efficient and user-friendly appointment booking service, as well as in optimising our operational processes in accordance with Article 6(1)(f) GDPR, as this meets users’ desire for a quick and easy booking option. 

The European Commission has determined that Switzerland, as a third country, offers an adequate level of protection relative to the scope of the GDPR, by means of an adequacy decision pursuant to Article 45 GDPR. You can find out more about the data processed through Doodle’s use in its Privacy Policy at: https://doodle.com/en/privacy-policy/.

We use marketing and tracking mechanisms for analytical purposes. Using marketing cookies and tracking mechanisms enables us and our partners to show you personalised offerings based on an analysis of your interests and how you use our website. The following section explains which mechanisms and tools we use on this website:

• Statistics: We use statistical tools to measure things such as how many web pages you view.
• Conversion tracking: If you arrive at our website via an advert from one of our conversion tracking partners, they place a cookie (‘conversion cookie’) on your computer. These cookies usually expire after 30 days. If you then visit certain web pages on our website and the cookie has not yet expired, both we and the relevant conversion tracking partner can recognise that a specific user clicked on the advert and was thus redirected to our website. This can also occur across devices. Information collected via the conversion cookie is used to compile conversion statistics and track the total number of users who click on a relevant advert and are redirected to a conversion-tagged web page.
• Retargeting: These tools use advertising cookies, third-party advertising cookies or web beacons (invisible graphics also known as pixels or tracking pixels), as well as similar technologies to create user profiles. These profiles are used for interest-based advertising and to control how often users see specific adverts. The providers of these tools may also share information with third parties for the aforementioned purposes. Please refer to the privacy policy of the respective provider in this context.

Please note that, when using these tools, your data may be transferred to recipients outside the European Economic Area (e.g. the USA). Further details can be found in the description of the individual marketing tools below.

Matomo

This website uses Matomo, an open-source web analytics service provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Our use of Matomo is based on Article 6(1)(a) GDPR. Matomo is open-source software that we have installed on our own server.

This website uses the ‘no cookies’ version of Matomo as self-hosted software to collect anonymous usage data. The service provider is InnoCraft Ltd, a New Zealand company located at 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

No cookies are stored on your device when using Matomo ‘without cookies’. Your IP address is processed anonymously by removing the last two bytes. The pseudo-anonymised location (based on the anonymised IP address) is recorded. No data is passed on to third parties, in particular to InnoCraft Ltd. Your IP address is only recorded in a truncated form, so it cannot be traced back to you (so-called IP masking). Matomo cookies remain on your devices until you delete them.

Matomo generates statistics that track how many users visit our website, the country or location from which the website is accessed, which subpages are viewed and how visitors arrive at our website, e.g. via which links or search terms. The information collected is transmitted to and stored on our server. You can withdraw your consent regarding Matomo at any time in the consent tool settings, with effect for the future.

You can also prevent cookies from being stored by adjusting your browser settings; however, please note that you may not be able to use all of this website’s functions to their full extent in this case. You can find out more about Matomo’s data processing at: https://matomo.org/privacy-policy/.

Matomo opt-out

We process your personal data for the following purposes:

• Networking and advising companies and institutions on relevant topics within the maritime sector in northern Germany
• Facilitating contacts
• Organising events
• Coordinating specialist and working groups
• Supporting business start-ups and providing information on funding programmes
• Initiating and supporting projects
• Compiling and sending out current information (in print and electronically)
• Acting as a point of contact for authorities and ministries in the five northern German federal states
• Contract execution and invoicing

In addition to personal contact, we also receive your data from others through recommendations or networking activities. If you do not consent to us storing and processing your data, we will unfortunately be unable to enter into a (contractual) relationship with you.

We receive data from applicants for positions within our company either directly from the applicants themselves or via job portals or recruitment agencies.

Depending on the individual case, we process your data based on one of the following legal grounds:

• Art. 6(1)(a) to (c) GDPR (consent, performance of a contract, legal obligations)
• Art. 6(1)(e) GDPR (public interest)
• Art. 6(1)(f) GDPR (website, marketing purposes)
• We process applicants’ data on the basis of pre-contractual cooperation pursuant to Art. 6(1)(b) GDPR in accordance with Section 26 of the German Federal Data Protection Act (BDSG)

Right to withdraw consent

Consent is always voluntary. No disadvantages will arise if consent is not given. You may withdraw or amend your consent at any time with future effect without giving reasons. Data processing that has already taken place remains unaffected. Please send your withdrawal of consent either to our postal address or email address given above.

Processing of personal data for marketing purposes

You have the right to object to the processing of your personal data for marketing purposes at any time. To do so, please use the postal or email address provided above.

Under Section 7(3) of Germany’s Unfair Competition Act (UWG), we are entitled to use the email addresses provided by members when the contract was concluded for the direct marketing of similar services.

If you do not wish to receive advertising emails from us, you can opt out at any time. Sending an email to is sufficient for this purpose.

We do not carry out automated profiling.

Recipients of data

All services are provided by Maritimes Cluster Norddeutschland e. V. Personal data may be transferred to third parties in accordance with legal requirements (e.g. supervisory authorities or the tax office), or in connection with recommendations or contact enquiries, or through collaboration with other service providers.

Other recipients of data may include bodies to which you have given us consent to transfer data, or bodies to which we are authorised to transfer personal data following a balancing of interests.

Transferring data to third countries

We do not plan to transfer your data to third countries, nor do we currently do so. In individual cases, a transfer will only take place on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards or your explicit consent.

Retention period and criteria for determining this period

Maritimes Cluster Norddeutschland e. V. will store your data for the duration of our business relationship and for up to four years after it ends, in accordance with Section 195 (statute of limitations) of the German Civil Code (BGB).

This retention period begins with each new contractual relationship. Individual data may be subject to longer retention obligations for legal, tax or commercial law reasons and may only be deleted once these legal obligations have expired (e.g. payment data is retained for 10 years).

Photographs are taken at our events. These photos are subsequently published across various channels and media. These channels include our own website, our social media profiles on LinkedIn, Facebook and Xing, third-party websites (e.g. online magazines), newsletters and emails, as well as print media such as magazines and leaflets.

You may be visible and recognisable in some of the photos. If you notice that photographs are being or have been taken of you and you do not wish this to happen, please speak to the photographer directly. They will then delete the photos and not use them.

The legal basis for processing is Article 6(1)(f) GDPR. We have a legitimate interest in taking and publishing photos for marketing, documenting and reporting events. In accordance with Articles 6(1)(a) and 8 GDPR, we only process photos of individuals under the age of 18 on the condition that we have received consent from their legal guardians.

By publishing them, we make selected photos publicly available. This makes the photos available to internet and social media users, as well as readers of print media.

Unless a specific, one-off purpose is intended for individual photos, we process the photos for an indefinite period. Deletion is not envisaged in this case. We delete the photos if there is a legal obligation to do so. Use on the internet and social media constitutes permanent use that is not limited to the act of publication. We delete photos intended for one-off use, such as a single print run of an anniversary booklet, after they have been used and the transition period has expired. This period is based on the standard limitation period for claims arising from the use of the photos, and lasts three years from the end of the year in which they were used.

WeTransfer

We use WeTransfer to transfer large amounts of data. The provider is WeTransfer B.V., Oostelijke Handelskade 751, 1019 BW Amsterdam, Netherlands – a company that offers tools and services for transferring large amounts of data. WeTransfer is used exclusively for securely transferring data to service providers and business partners where this is required by the nature of the assignment. Data is generally transferred in encrypted form to EU-based servers and stored there in an encrypted format. Using this function will redirect you to the website https://agentur22.wetransfer.com. Data processing is carried out on the basis of Article 6(1)(f) GDPR. We and our customers have a legitimate interest in having an efficient means of transferring large amounts of data securely. Privacy policies and other legal information can be found at https://wetransfer.com/explore/legal/privacy and in the sources listed there.

Mentimeter

We use the Mentimeter software application to conduct surveys and polls. The provider is Mentimeter AB, Alströmergatan 22, 112 47 Stockholm, Sweden. Personal data (IP address) is processed when the survey is conducted. This data is collected exclusively for the purposes of the surveys. The legal basis for collecting this data is your consent to participate, as set out in Article 6(1)(a) GDPR. 

Your IP address is processed to enable you to participate in online surveys and polls. In addition, free-text entries may be processed and linked to you personally. Any other information provided in surveys and polls is not personal. No data is disclosed to third parties. Further information, including details on data protection at Mentimeter, can be found here: https://help.mentimeter.com/en/articles/1937769-terms-of-use-gdpr-and-personal-data-protection-in-mentimeter.

SurveyMonkey

From time to time, we may ask you to take part in surveys to provide us with feedback on our work. We process these surveys using SurveyMonkey, a service provided by SurveyMonkey Inc., which is based in San Mateo, California, USA. The data collected is used exclusively for the purpose of the association. The legal basis for collecting this data is your consent to participate, as set out in Article 6(1)(a) GDPR.

We do not ask you for personal data in the surveys and cannot link your answers to you personally. In some surveys, you can optionally provide contact details. In such cases, it would be possible to link the data to a specific person. However, please note that SurveyMonkey collects certain data on its own behalf and uses tracking services, for example, to statistically record the use of its services. Further details can be found in SurveyMonkey’s Privacy Notice, which can be accessed here: https://www.surveymonkey.com/mp/legal/privacy/.

You can register for our events on our website. We use the eveeno event software to manage and run events. The provider is Andreas Bothe (eveeno), Ellenbogen 8, 91056 Erlangen, Germany. The legal basis for processing the data submitted via the event registration form is Article 6 (1)(b) GDPR, as the processing is carried out in the context of a pre-contractual or contractual relationship. 

Any personal data submitted via the input form is processed solely for the purpose of completing your registration for the event. Any other personal data processed during the submission process is used to prevent the misuse of the registration form and to ensure the security of our IT systems.

eveeno is a German company, whereby the data is stored on the servers of netcup, an ISO-certified hosting provider based in Germany. Further information about the provider and its certifications can be found at https://www.netcup.com/en/about-netcup and https://www.netcup.com/en/about-netcup/certifications.

Further information on data protection at eveeno can be found at: https://eveeno.com/en/privacy.

We use various video communication services to conduct telephone conferences, online meetings, video conferences and customer webinars.

Legal basis for data processing

Where personal data relating to MCN employees is processed, the legal basis for such processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR) and Section 26 of the German Federal Data Protection Act (BDSG). If personal data is not required for establishing, performing or terminating the employment relationship, but is nevertheless essential for using video services, Article 6(1)(f) GDPR provides the legal basis for processing the data. In such cases, our interest lies in the effective conduct of online meetings. The legal basis for processing data when conducting online meetings is also Article 6(1)(b) GDPR, provided the meetings are held within the framework of contractual relationships. If no such relationship exists, the legal basis is Article 6(1)(f) GDPR. Here too, our aim is to ensure that online meetings are conducted effectively.

MCN regularly requires your data in order to compile lists of participants and, where applicable, minutes. MCN also requires your email address in order to send you the minutes and presentations. The legal basis for processing your data is Article 6(1)(b) GDPR. Your data will be deleted when it is no longer required for the purposes for which it was collected.

Automated decision-making within the meaning of Article 22 GDPR is not used.

Disclosure of data

As a rule, personal data processed in connection with participation in online meetings will not be disclosed to third parties unless it is specifically intended for disclosure. Please note that, as with face-to-face meetings, content from online meetings may be used to communicate information to third parties, meaning it is intended for disclosure.

Recordings/transcripts

We will inform you in the invitation itself if we are going to record a meeting. Once the recording or transcription has started, we will actively seek verbal consent from all present participants and document this within the recording or transcription.

If the person concerned is aware of the recording in advance and nevertheless continues to speak of their own accord without having been subjected to any significant pressure, tacit consent (continuing to speak despite being aware of the recording) may be sufficient. In extreme cases, a participant may simply remain silent and listen during the conversation. Withdrawal of consent will result in the transcription being terminated immediately.

Where necessary for recording the outcomes of an online meeting, chat content will be recorded by MCN.  However, this will not generally be the case.

Data processing outside the European Union

As a general rule, data is not processed outside the EU, since MCN restricts its data storage to centres within the EU. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. Microsoft and other services collect telemetry data, which is processed in the USA. This data is used to maintain the functionality of communication software solutions. This data is encrypted during transmission over the internet, however, so it is protected against unauthorised access by third parties.

GoToWebinar and GoToMeeting

We use the GoToWebinar and GoToMeeting software applications to host telephone conferences, online meetings, video conferences, webinars and webcasts. These solutions are provided by GoTo Technologies Ireland Unlimited Company, 77 Sir John Rogerson’s Quay, Block C, Suite 207, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland. Clicking on ‘Register’ will redirect you to a GoToWebinar or GoToMeeting page where you can enter your details. Your personal data will then be processed there. This will usually include your name, company affiliation, address and email address. The data you provide is given voluntarily (consent, Art. 6(1)(a) GDPR). We use the portal based on our legitimate interest in offering you online communication services, and the legal basis for this data processing is Art. 6(1)(f) GDPR.

GoTo, acting as a data processor, processes data in accordance with Article 28 GDPR. Data is processed within the limits permitted by the laws of Germany, the European Union and the USA. An adequate level of protection for data processing in the USA has been established through the EU Standard Contractual Clauses (https://www.goto.com/company/legal/data-processing-addendum). Please also refer to GoTo’s Privacy Policy at: https://www.goto.com/company/legal/privacy.

Microsoft Teams

We use Microsoft Teams to conduct telephone conferences, online meetings, video conferences and online seminars (hereafter referred to as ‘online meetings’). Microsoft Teams is a product of the Microsoft Corporation. MCN is the data controller for any data processing directly related to the organisation of these meetings.

Various types of data are processed when using Microsoft Teams. The scope of the data processed also depends on the information provided prior to or during participation in an online meeting. The following personal data is subject to processing:

• User details, e.g. display name, email address (if applicable), profile picture (optional) and preferred language
• Meeting metadata, e.g. date, time, meeting ID, telephone numbers and location
• Text, audio and video data: It is possible to use the chat function during an online meeting. In this respect, text entries made by the respective user are processed in order to display them in the meeting. To enable video display and audio playback, data from your device’s microphone and video camera will be processed for the duration of the meeting. You can switch the camera or microphone on or off, or mute them, at any time via the Microsoft Teams application

MCN has entered into a data processing agreement with Microsoft that complies with the requirements of Article 28 GDPR. Your personal data will be stored until the purpose of the data processing ceases to apply, or until any statutory or regulatory retention obligations expire.

Webex

We use Webex by Cisco to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter referred to as web meetings). The provider is Cisco Systems, San José, California, USA.

Various types of personal data are processed when using Webex. The extent of this data processing also depends on the information you provide before or during your participation in a web meeting and on the settings you configure. The following personal data is subject to processing.

• User details: Surname, first name, email address
• Meeting metadata: Subject, description (optional), participants’ IP addresses, device/hardware information
• For recordings: MP4 file comprising all video, audio and presentation recordings, M4A file comprising all audio recordings, text file of the online meeting chat
• When dialling in by telephone: Details of the incoming and outgoing telephone numbers, country name, start and end times. Where applicable, further connection data, such as the device’s IP address, may be stored
• Text, audio and video data: You may be given the option of using the chat, question or poll functions during a web meeting. In this regard, any text you enter will be processed in order to display it during the meeting and, where applicable, record it. To enable video display and audio playback, data from your device’s microphone and video camera will be processed for the duration of the meeting. You can switch the camera or microphone off or mute them yourself at any time via the Cisco Webex applications.
  MCN configures the default settings in such a way that no text, audio or video data relating to you is processed unless you initiate this processing yourself

MCN has entered into a data processing agreement with Cisco Systems that complies with Article 28 GDPR. Your personal data will be stored until the purpose of the data processing ceases to apply, or until any statutory or regulatory retention obligations expire.

Zoom

We use the Zoom.us service for webinars and video conferences, both for groups and in one-to-one settings. Zoom is provided by Zoom Video Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. When you participate in a Zoom meeting, your login details are transmitted to Zoom and may be used to send you reminders about the event. Furthermore, during a Zoom meeting, depending on how and in what capacity you participate in the meeting, personal data may be accessible to MCN as the organiser and/or other participants.

During a Zoom webinar, your questions or comments may be visible to MCM as the organiser and/or other participants, and you may be visible and/or audible yourself. Please refer to the relevant instructions in this regard.

Further information can be found in Zoom’s Privacy Statement (https://www.zoom.com/en/trust/privacy/privacy-statement/) and in its GDPR-specific provisions (https://www.zoom.com/en/trust/gdpr/).

QRCode Monkey

Within our company, we use QRCode Monkey to easily create links to websites, participant lists, etc. The provider is QRCode Monkey GmbH, c/o BK Wirtschaftstreuhand GmbH, Spichernstraße 1, 10777 Berlin, Germany. QR codes have no expiry date or scanning restrictions and work indefinitely.

Provided that no personal data is stored within the QR code itself, QR codes do not raise any data protection concerns. When a QR code is opened in an app, the controller processes information about which QR code and its content is accessed, in the same way as with normal website usage. According to its own statements, QRCode Monkey does not store any personal data. For performance reasons, all generated QR code image files are stored for 24 hours and then erased. Information on data protection can be found here: https://www.qr-code-generator.com/company/privacy-policy/.