# Privacy Policy

This is the privacy policy for the website at venueless.org. It is not applicable for the events hosted on the venueless platform. The organizer of the respective event is the responsible data controller for these events.

# Controller

Controller in terms of the General Data Protection Regulation (GDPR) as well as other data protection laws applicable in Member states of the European Union is:

Raphael Michel
rami.io Softwareentwicklung
Markgräfler Straße 16
69126 Heidelberg
E-mail: info@rami.io
Phone: +49 (0) 6221 32177-0

Our Data Protection Officer is:

Susanne Kasper
E-mail: datenschutz@rami.io
Phone: +49 (0) 6221 32177-13

# Basics

# Scope of data processing

In principle, we only process personal data of our users if it is neccessary to provide a functional website as well as our other services. Processing personal data only happens after agreement of the user. The only exception to this is when a prior agreement is technically not possible and a processing is allowed by law.

Art. 6(1) lit. a GDPR serves as the legal basis for all processing for which we obtain specific consent. If the processing of personal data is necessary for the performance of a contract to which the data subject is party or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In the rare event that processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, the processing would be based on Art. 6(1) lit. d GDPR. Finally, if processing is necessary for the purposes of the legitimate interests of our company or a third party, operations could be based on Article 6(1) lit. f GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

# Period of storage

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

# Serving our website, creation of log files

# Scope

With every request to our website, our system automatically processes information from the computer system of your device:

  • The browser type, operating system and version used
  • The Internet service provider of the accessing system
  • An Internet Protocol address (IP address)
  • The date and time of access to the Internet site
  • The website from which an accessing system reaches our website (so-called referrers)
  • Sub-websites

Some of this data is persisted to log files on our system. We do not persist IP addresses or other data that allows to draw any conclusions on the data subject. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Legal basis for this processing is Art. 6(1) lit. f GDPR.

# Purposes

We need to process this data to allow serving you the website. We need to store the IP address for the time of the session in order to send the website contents to you. Therefore, we can process this data by Art. 6(1) lit. f GDPR.

# Storage period

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage. In particular, we do not store this data longer than the time of your session on our website.

# Right to object

Processing this data is neccessary for operating the website, therefore you can not opt out from this processing.

# Contact form

# Scope

Our website includes a contact form that allows you to get in touch with us. If you use this form, we will process the following information:

  • Data you entered into the form, usually your name, email address, phone number, as well as additional texts

  • The date and time of your form submission

Legal basis for this processing are Art. 6(1) lit. a and lit. b GDPR.

# Storage period

We store this data until you ask us to delete it.

# Right to object

You can not use our contact form if you do not want us to process this data. If you later want this data to be deleted, please contact us agian.

# Analytics using Matomo

# Scope

On this website, the controller has integrated the Matomo component. Matomo is an open-source software tool for web analysis. Web analysis is the collection, gathering and evaluation of data on the behavior of visitors from Internet sites. A web analysis tool collects, inter alia, data on the website from which a data subject came to a website (so-called referrer), which pages of the website were accessed or how often and for which period of time a sub-page was viewed. A web analysis is mainly used for the optimization of a website. In particular, we store:

  • First bytes of the user's IP address (i.e. 123.234.0.0 instead of 123.234.215.78)
  • The website the user requested
  • The website the user is coming from (so-called referrer)
  • The requested sub-pages
  • The duration of the user's stay on the website
  • The number of requests to the website

The software is operated on the server of the controller, the data protection-sensitive log files are stored exclusively on this server. The software is configured to anonymize any IP addresses by stripping the last half of bytes from them. This way, we cannot trace the data back to an individual device or connection. The purpose of the Matomo component is the analysis of the visitor flows on our website. The controller uses the obtained data and information, inter alia, to evaluate the use of this website in order to compile online reports, which show the activities on our Internet pages.

We do not make use of cookies for this purpose.

Legal basis for this processing is Art. 6(1) lit. f GDPR.

# Purposes

Processing this data allows us to analyze the usage of our website. This allows us to improve the usuability and usefulness of our website constantly. For this reason, we have an interest in processing this data and can do so under Art. 6(1) lit. f GDPR. By anonymizing IP addresses, we comply with the user's interest to protect their data reasonably.

# Storage period

We will delete all individual datasets after 90 days. After this time, we will only archive daily averages and sums, but nothing that can be analyzed for individual visitors.

# Right to object

You have the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by Matomo as well as the processing of these data by Matomo and the chance to preclude any such. For this, the data subject must set an opt-out cookie by clicking on a link in the next paragraph. The opt-out cookie that is set for this purpose is placed on the information technology system used by the data subject. If the cookies are deleted on the system of the data subject, then the data subject must call-up the link again and set a new opt-out cookie.

# Rights of the data subject

If personal data of you is processed, you are a data subject in terms of GDPR.

As such, you have a right to access, erasure, rectification, restriction of processing, objection of processing, and data portability. Of the data processings listed above, only the usage of our contact form stores data that we can later connect to you as a person, therefore we can only execute on those rights for this data. To execute the rights, please send an email to our data protection officer.

# Right to complain

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the terms of the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.