Privacy & Data Protection

Data Policy

General information

The following information provides a simple overview of how personal data is processed when you visit our website and as part of our business services. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to the data protection notices listed in the following text.

It goes without saying that the protection of your personal data and fair and transparent data processing are important to us. In the following, we provide you with the information according to Art. 13 and 14 GDPR that you need to review and exercise your rights regarding data protection. We are to be designated as the responsible party within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG),as well as other data protection regulations such as the Telecommunications and Telemedia Data Protection Act (TTDSG) for our website and the associated data processing. Comprehensive information about our organization can be found in the imprint.

The following data protection information is divided into the following sections:

I. Information about the responsible person
II. Data processing on our website
III. Data processing in the context of our business and statutory services
IV. Data subject rights

I. Who to contact

Responsible for data processing:

Spielfeld Digital Hub
Skalitzer Str. 85 - 86
10997 Berlin

Phone: +49 30 66701209
E-mail: info@spielfeld.com

Data Protection Officer:
‍
GFAD Data Protection GmbH
Data Protection Officer
Huttenstrasse 34/35
10553 Berlin
‍
Phone: +49 30 2691111
E-mail: datenschutz@gfad.de

‍

II. Data processing on our website

Data security on our website

To ensure the security of our website, we use a valid state-of-the-art SSL certificate. A website encrypted with SSL transmits personal data to the server in an encrypted form so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognize that a secure connection exists by the display of a lock symbol. By clicking on the lock symbol, you can view our online proof of identity. By encrypting the transmission, you can assume that your entered data is sufficiently protected against unauthorized access during transmission according to the state of the art.

Protection of minors

Our offer is basically directed at adults. Persons under theage of 18 may not transmit any personal data to us without the consent of theirparents or legal guardians.

Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In doing so, we, or our hosting service provider on ourbehalf, process inventory data, contact data, content data, contract data,usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests inan efficient and secure provision of this online offer pursuant to Art. 6 (1)lit. f GDPR. The data processing of our hosting service provider is carried outwithin the framework of a contract processing agreement in accordance with Art.28 GDPR.

Webflow

For the creation and hosting of our website, we use thewebsite construction kit system of Webflow to protect our legitimate interestspursuant to Art. 6 (1) lit. f GDPR. The provider of this service is Webflow,398 11th St, San Francisco, CA 94103, United States, a US software provider.For the provision of the services, an order processing agreement pursuant toArt. 28 GDPR has been concluded with Webflow.

The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy. For data transfers to the USA, the EU standard contractual clauses have been agreed with Webflow. The EU standard contractual clauses represent a guarantee for an adequate EU level of data protection according toArt. 46 (2) lit. c GDPR.

Webflow performs most data processing activities necessary to provide you with the Services in compliance with a https://webflow.com/legal/eu-privacy-policy.

However, Webflow engages third-party service providers to support services, including providers in the following areas:

- Cloud storage providers
- Customer support tools
- Product development tools
- IT and security service providers
- Third-party service providers related to the Spielfeld website include
- DataDog, an infrastructure and application monitoring service: https://www.datadoghq.com/product
- jsdelivr, an open source content delivery network: https://www.jsdelivr.com/about

Each service provider has been vetted and is bound by contractual obligations that are equivalent to or more stringent than the Webflow Privacy Policy: https://webflow.com/legal/eu-privacy-policy.

Amazon Cloudfront

We use the Content Delivery Network (CDN) Amazon CloudFrontfrom Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDNis a network of globally distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by AWS.

AWS is a recipient of your personal data and acts as a processor for us.

The processing of the data provided under this section isnot required by law or contract. The functionality of the website is not guaranteed without the processing.

Your personal data will be stored by AWS for as long asnecessary for the purposes described.

For more information about opting out and opting in with respect to AWS, please visit: https://d1.awsstatic.com/legal

AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EUStandard Contractual Clauses (SCCs). For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Website provision and log files

The entry of personal data is not necessary for the purely informational use, i.e. if you do not otherwise transmit information to us, of our website.

Nevertheless, every time our website is called up, personal data is automatically collected in addition to information from the system of the calling computer or end device of the user, which your browser transmits to our server. The following data, which is technically necessary for us to display our website to you, is collected by us in this context:

- Information about the browser type and version used.
- The user's Internet service provider
- The IP address of the user
- The operating system of the user's terminal device
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- The previous website from which the user accessed our website
- Operating system and its interface
- Language and version of the browser software

The legal basis for the temporary storage of this data inso-called log files are our legitimate interests as the responsible website operator according to Art. 6 para. 1 lit. f. GDPR, to ensure the technical presentation and stability and security of the website.

The temporary storage of the user's IP address by our system is technically necessary to enable delivery of the website to the browser used by the user in his terminal device. For this purpose, the user's IP address must necessarily remain stored for the duration of the session. The storage of the above data in the log files is done to ensure the functionality of our website. In addition, we use this data to optimize the website and to ensure the security of our information technology systems (e.g. attack detection). An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when ther espective session has ended. In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this is possible if there are indications of an illegal attack on our systems.

Cookies

When using our website, cookies are stored on your computer. Cookies are small text files that are stored on the end device assigned to the browser used by the user and the respective service provider that sets the cookie receives certain information. Cookies cannot execute programs or transfer viruses to your computer. As a rule, they serve to make the Internet offer as a whole more user-friendly and effective. The legal basis for the use of technically necessary cookies for the operation of the website is Section 25(2) No. 2 TTDSG, if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. For the processing of personal data by technically required cookies, this is done to protect our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR, to design and optimize our website in a user-friendly manner. For all technically unnecessary cookies, Section 25 (1) TTDSG applies, for which consent is obtained. Insofar as personal data is also processed by technically unnecessary cookies, consent under data protection law will be obtained if necessary, inaccordance with Art. 6 (1) lit. a GDPR, if no other legal basis should exist inaccordance with Art. 6 (1) GDPR.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies

These cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. These cookies are technically necessary for the optimization and presentation of the website. Session cookies are deleted when you log out or close the browser. Session cookies are usually technically necessary for the operation of the website and are therefore set on the legal basis of § 25 para2 No. 2 TTDSG.

Persistent cookies

These cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Third-party cookies

For the further development and improvement of our online offer (website optimization), we use third-party services (Google maps, weglot translation software, Google Tag Manager, Google Analytics web analytics service with Double click advertising function, and Google Web Fonts fonts), which also use cookies, on the legal basis of protecting our legitimate interests pursuant to Art. 6 (1) f GDPR. Insofar as the third-party cookies used are not technically necessary for the operation of the website or provision of the service, consent is obtained via a consent banner or consent management platform in accordance with Section 25 (1) TTDSG. Insofar as personal data is also processed by these services and / or cookies, this is done inaccordance with Art. 6 para. 1 lit. a GDPR, unless there is another legal basis for the processing of personal data in accordance with Art. 6 para. 1 GDPR.

Further information on the third-party services we use on our website can be found listed separately below as part of our privacy notice.

Prevention of cookies

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.

Third party services

Google Tag Manager

The Spielfeld website uses Google Tag Manager, a tag management system (TMS) of the US provider Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, as part of an order processing pursuant to Art. 28 GDPR for the protection of legitimate interests pursuant to Art. 6para. 1lit. f GDPR for the optimization of the website. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the provider of the service and the responsible data controller under data protection law since January 22, 2019. For the provision of the service, it may be necessary that the processed information about the use of this website is transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA in the USA and stored there.The EU standard data protection clauses have been agreed for the transfer ofdata to Google LLC in the USA. The EU standard data protection clauses constitute a guarantee of an adequate EU level of data protection pursuant to Art. 46 (2) lit. c GDPR. If consent is obtained, further processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future. If consent is given to use these services, you also consent to the processing of your data in the USA in accordance with Art. 49 (1) lit. a GDPR. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.

Google Tag Manager manages and deploys marketing tags (code snippets or tracking pixels). These allow us to analyze how users interact with the Spielfeld website. In order to monitor and diagnose system stability, performance and installation quality, Google Tag Manager may collect some aggregate data about tags. This data does not include user IP addresses orother measurement identifiers associated with a specific individual. Other than the data in standard HTTP request logs, which is deleted within 14 days of receipt, and the diagnostic data mentioned above, Google Tag Manager does not store or share any information about visitors to our customers' websites, including page URLs visited.

More information about how Google uses Google Tag Manager data can be found here: https://support.google.com/tagmanager

Google Analytics

This website uses functions of the web analytics service Google Analytics for statistical analysis of user behavior for optimization and marketing purposes as part of order processing pursuant to Art. 28 GDPR inorder to protect our legitimate interests pursuant to Art. 6 para. 1lit. f GDPR. If consent is obtained, further processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent given can be revoked at any time with effect for the future. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the provider of the service and the responsible data controller under data protection law since 22.01.2019. Google Analytics usesso-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. Insofar as these cookies are technically necessary, their use is in accordance with Section 25(2) No. 2 TTDSG. For the provision of the service, it may be necessary that the information generated by the cookie about the use of this website is transmitted to and stored by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA on a server in the USA.

The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly also without any legal remedy.

This data can be stored for up to 24 months before it is automatically deleted, unless the cookies are already deleted by the user beforehand or the cookie settings are changed accordingly. The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Data protection and data security in Google Analytics

The EU standard contractual clauses have been agreed for the transfer of data to Google LLC in the USA. The EU standard contractual clauses constitute a guarantee of an adequate EU level of data protection pursuant to Art. 46 (2) lit. c GDPR. As additional protective measures, the IP anonymization function is activated and Google LLC continues to contractually commit to comply with the requirements from the self-certification of the former US Privacy Shield. If consent is given to use these services, you also consent to the processing of your data in the USA in accordance with Art. 49(1) a GDPR. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.

In addition, Google Analytics and Google Analytics 360 have been certified to the independent security standard ISO 27001. ISO 27001 is one of the most widely recognized standards in the world. The certification applies to the systems provided through Google Analytics and Google Analytics 360.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreementon the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will process this information for the purpose of evaluating your use of the website statistically, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this add-on, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pagesis from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

Browser add-on

You may refuse the use of cookies by selecting theappropriate settings on your browser, however please note that if you do thisyou may not be able to use the full functionality of this website. You can alsoprevent the collection of data generated by the cookie and related to your useof the website (including your IP address) to Google and the processing of thisdata by Google by downloading and installing the browser add-on available atthe following link to disable Google Analytics: https://tools.google.com/dlpage

Objection to data collection

If you do not want your website activity to be available to Google Analytics, you can install the browser add-on to disable Google Analytics via the following link https://tools.google.com/dlpageout. An opt-out cookie will be set that will prevent the collection of your data during future visits to this website by the Java Script executed on websites (gtag.js,ga.js, analytics.js and dc.js) from sharing activity data with Google Analytics. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics

DoubleClick

The Spielfeld website uses DoubleClick, an advertising platform of the US provider Google Inc. 1600 Amphitheater Parkway, MountainView, CA 94043, USA to protect legitimate interests pursuant to Art. 6 (1) fGDPR in order to play out personalized advertising. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the provider of the service and the responsible data controller under data protection law since 22.01.2019. For the provision of the service, it may be necessary that the processed information about the use of this website is transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA in the USA and stored there. The EU standard data protection clauses have been agreed for the transfer of data to Google LLC in the USA. The EU standard data protection clauses constitute aguarantee of an adequate EU level of data protection pursuant to Art. 46 (2)lit. c GDPR.

If consent is obtained, further processing is carried out inaccordance with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at anytime with effect for the future. If consent is given to use these services, youalso consent to the processing of your data in the USA in accordance with Art.49 (1) lit. a GDPR. The USA is assessed by the European Court of Justice as acountry with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without anylegal remedy.

You can find out more about how Google uses DoubleClick Digtal Marketing data here: https://support.google.com/faqs

Google Maps

To make it easier for you to find the location of our organization, we have integrated map material from the Google Maps service of Google LLC into our website via an API for the visual display of geographical information in interactive maps on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. In order to display the content in your browser, Google must receive your IP address, otherwise Google would not be able to show you this embedded content. Google receives this via an interface(API). In addition, through the use of Google maps, to our knowledge, the following additional data is transmitted to Google LLC. Transmitted:

- Date and time of the visit to the website in question
- Internet address or URL of the website called up
- IP address

For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the responsible "data controller" since 22.01.2019. The data is thus processed on servers within the EEA. Nevertheless, it may be necessary for the provision of the service that data is transmitted to the parent company Google LLC.

The transfer of data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA" is based on the EU standard data protection clauses concluded with Google LLC in the context of the Google maps API platform. The EU standard data protection clauses provide a guarantee pursuant to Art. 46 (2) lit. c GDPR for an adequate EU level of data protection.

If consent is obtained, further processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at anytime with effect for the future. If consent is given to use these services, you also consent to the processing of your data in the USA in accordance with Art.49 (1) lit. a GDPR. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out of your Google account before activating Google maps. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of tailored advertising. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use the map display.

The data processing by Google takes place as its own controller within the meaning of Art. 4 No. 7 GDPR. For this purpose, a corresponding agreement has been concluded with Google, which can be viewed at https://cloud.google.com/maps-platform/terms/maps-controller-terms/index-20191031.

The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, can be found in Google's privacy policy at https://accounts.google.com/ and https://policies.google.com/privacy?hl=de.

Google fonts

The Spielfeld website uses Google Fonts, a service for computer and web fonts of the US provider Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, as part of an order processing pursuant to Art. 28 GDPR in order to protect legitimate interests for the optimization of the website pursuant to Art. 6 para. 1lit. f GDPR. For Google services within the EEA and Switzerland, as of January 22, 2019, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the provider of the service and the responsible data controller under data protection law "DataController". For the provision of the service, it may be necessary that the information generated about the use of this website is transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA inthe USA and stored there. The EU standard data protection clauses have been agreed for the transfer of data to Google LLC in the USA. The EU standard data protection clauses constitute a guarantee of an adequate EU level of data protection pursuant to Art. 46 (2) lit. c GDPR.

The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly without redress.

The Google Fonts API is designed to limit the collection, storage and use of end-user data to what is necessary for the efficient delivery of fonts. Use of the Google Fonts API is unauthenticated and the Google Fonts API does not set or log cookies. Requests to the Google Fonts API are directed to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. Font requests are separate from and do not include credentials sent to google.com while using other authenticated Google services such as Gmail.

The Google Fonts API logs HTTP request details, including the timestamp, requested URL, and any HTTP headers (including referrer and user agent string) provided in connection with the use of our CSS API. IP addresses are not logged.

Access to logged data is kept secure. Aggregated usage statistics are used to measure the popularity of font families and are published on the Google Fonts analytics page.

For more information about the information Google collects and how it is used and kept secure, please see Google's privacy policy at https://policies.google.com/privacy.

Provided that the Google fonts are integrated locally on the own web server, no call-up of Google servers takes place.

Google forms

For customer satisfaction surveys and registrations for events, we use the service Google forms of the US provider Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA as part of an order processing pursuant to Art. 28 GDPR. The processing of personal data is carriedout for the purpose of contract initiation and contract fulfillment in accordance with Art. 6 para. 1 lit. b and f GDPR. Participation in customer satisfaction surveys is voluntary and takes place after consent has been given in accordance with Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future. As soon as you click on our survey link, you will be redirected to the Google forms platform. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street,Dublin 4, Ireland has been the provider of the service and the responsible data controller under data protection law since 22.01.2019. For the provision of the service, it may be necessary that the information generated about the use of this website is transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA in the USA and stored there. The EU standard data protection clauses have been agreed for the transfer of data to third countries, in particular to Google LLC in USA. The EU standard data protection clauses represent a suitable guarantee for data transfers to third countries in accordance with Art. 46 Para. 2 lit. c GDPR. As additional safeguards for data transfers to the U.S., Google LLC continues to contractually commit to comply with the requirements from the self-certification of the former EU-US Data protection agreement. In addition, Google has implemented appropriate technical and organizational measures, in particular encryption (TLS, HTTPS; AES-256). The internationally recognized ISO 27001 certification confirms the implementation of appropriate security mechanisms within the framework of information security. If consent is given to use this service in accordance with Art. 6 para. 1 lit. a GDPR, you also consent to the processing of your data in the USA in accordance with Art. 49 para. 1 lit. a GDPR. Consent given can berevoked at any time with effect for the future.

The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly also without any legal remedy.

If you are logged in with your Google account, personal data can be linked by Google. For the purpose and scope of the data collection and the further processing and use of the data by Google, as well asyour rights in this regard and setting options for protecting your privacy, please refer to Google's privacy policy at https://accounts.google.com/and https://policies.google.com/privacy?hl=de.

Weglot

Our website uses Weglot, an EU translation and text management software provided by Weglot, 138, rue Pierre Joigneaux,BOIS-COLOMBE, 92270, Paris, France, for website optimization purposes in order to protect our legitimate interests under Article 6(1)(f) GDPR.

Weglot operates the weglot.com website and provides its users with an API that allows a web application to translate and distribute that application into different languages. This includes, but is not limited to, detecting original content, translating that content into one or more languages selected by the user from a list of available languages on the website, hosting the translations, and distributing them to users of the application. As part of the activities of its business, it is likely that Weglot will collect and process personal data about visitors to the Spielfeld Website.

Weglot is responsible for these various data processing operations within the meaning of the GDPR. These various data processing operations are described in detail in Weglot's privacy policy: https://weglot.com/privacy/

Use of social media buttons

We currently use the following social media buttons: Facebook, Linkedin, Twitter and Instagram. We use the so-called two-click solution for this. This means that when you visit our site, no personal data is initially passed on to the providers of the buttons. You can recognize the provider of the social media button via the logo. We give you the opportunity to communicate directly with the provider of the button. Only if you click on the marked field and thereby activate it, the provider receives the informationt hat you have called up the corresponding website of our online offer. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the button, personal data from you is therefore transmitted to the respective provider and stored there (in the case of US providers, in the USA). Since the social media provider collects the data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser.

We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider. The data processing is carried out by the respective social media provider as its own controller within the meaning of Art. 4 No. 7 GDPR.

The social media provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to in form other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective social media provider to exercise this right. Via the buttons, we offer you the opportunity to interact with the social networks and other users, so that wecan improve our offer and make it more interesting for you as a user. The legal basis for the use of the buttons is Art. 6 para. 1 p. 1 lit. f GDPR.

The data transfer takes place regardless of whether you have an account with the social media provider and are logged in there. If you are logged in to the social media provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the social media provider.

For further information on the purpose and scope of datac ollection and its processing by the social media provider, please refer to the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

Addresses of the respective social media providers and URL with their privacy notices:

Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA;

‍http://www.facebook.com/policy.php;
further information on data collection: http://www.facebook.com/help ‍

http://www.facebook.com/about/ and http://www.facebook.com/about/privacy

Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

Newsletter

You can sign up for our newsletter on our website. When you sign up for the Spielfeld newsletter, we collect the following data:

- First and last name
- E-mail address
- Company name

The following data is collected when you sign up:

- IP address of the computer called up
- Date and time of registration

Mailchimp

The newsletter is sent as part of an order processing pursuant to Art. 28 GDPR with "MailChimp", a newsletter sending platform of the US provider The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE Suite 5000, Atlanta, GA 30308, USA.

Information about newsletter recipients (as described above), is stored on MailChimp's servers in the USA. MailChimp processes this information to send and evaluate the newsletter on behalf of Spielfeld. In addition, MailChimp may process this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of newsletters, for economic purposes and to determine the location of newsletter recipients. However, MailChimp does not use the data of our newsletter recipients tocontact the recipients of the Spielfeld newsletter. The data will not be shared with third parties.

You can read Mailchimp's privacy policy here: https://mailchimp.com/legal/privacy

Newsletter and e-mail marketing

The Spielfeld newsletters contain a "web beacon". This is a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. With this retrieval, Mailchip collects technical information such as browser and system information, your IP address and the time of the retrieval. This technical data is used to improve the services, identify target groups and analyze reading behavior based on retrieval locations and access times. This is done on the basis of your IP address.

The statistical surveys also measure whether newsletters are opened, when they are opened and which links are clicked. For technical reasons (including to ensure that you can unsubscribe), this information can be assigned to individual newsletter recipients. Neither Spielfeld nor Mailchimp use this information to monitor individual users. The analytics are used to monitor the reading habits of our users with the goal of adjusting content across newsletters and ensuring that our content remains relevant to our audience.

After you have signed up for the newsletter and given the appropriate consent, Spielfeld and Mailchimp process data in accordance withArt. 6 (1) lit.a GDPR. We collect your email address so that we can send you our newsletter. Your company name and professional position are used to personalize the content of the newsletter. The collection of further personal data (first and last name, IP address, etc.) is used to prevent misuse of the services or the e-mail address used and to process unsubscribe requests. This data is deleted as soon as the purpose of its collection has been achieved. In principle, this data is stored as long as the subscription to the newsletter is active. All other data collected during subscription will be deleted after a period of 7 days. You can unsubscribe from the newsletter at any time via the link provided in the newsletter and revoke your given consent at any time with effect for the future.

Contact by e-mail

We can be contacted via the e-mail addresses provided. In this case, the personal data of the sender, i.e. the user, transmitted with the inquiry will be stored. In this context, we would like to point out that transmission as an unencrypted e-mail involves certain security risks, as it is not possible to exclude the possibility of reading or unauthorized access. Theprocessing of this data, which is transmitted in the course of sending arequest, is carried out on the legal basis of Art. 6 para. 1 lit. f. GDPR ofour legitimate interests to answer your request satisfactorily. If the request is aimed at the fulfillment of an existing contract or the conclusion of a newcontract, the additional legal basis for the processing is Art. 6 para. 1 lit.b. GDPR for the initiation/fulfillment of a contract. The processing of this personal data serves us solely to process the contact. Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the respective request is answered and the conversation with the user has ended. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified and no contract has been concluded. Inquiries about the rental relationship and membership are stored for the duration of the existingrental relationship and membership.

All personal data stored in the course of contacting us will be deleted in this case, provided that there are no legal retention periods to the contrary.

Application for our job offers

If you are interested in one of our job offers and would like to apply, please send us your complete application documents in PDF format by e-mail to the e-mail address provided or by post to our postal address. This includes a cover letter, curriculum vitae and your existing references. If your application documents contain photographs, we consider this to be implied consent to the processing of the photograph. In accordance with Art. 7 (3) sentence 1 GDPR, you are entitled to revoke this consent at any time.

We would also like to point out that certain security risks (such as unauthorized reading, unauthorized access, infection with malware, loss of data, etc.) exist if your documents are transmitted by e-mail without encryption and cannot be ruled out. Your application documents will only be forwarded to the relevant employees within our cooperative for processing. The review of your application documents is carried out for the purpose of initiating an employment relationship on the legal basis of Art. 6 Para. 1 lit.b) GDPR in conjunction with § 26 BDSG.

Should an employee relationship be established after the application process has been completed, we will require your personal data to implement the employee contract on the legal basis of Art. 6 (1) (b) GDPR. If the outcome of the application process is negative, we will delete the application documents 6 months after the end of the application process, unless you have given us permission to store your data for a longer period of time and there are no legal retention periods to the contrary.

Unsolicited application

If there are no suitable vacancies available at the moment, you are also welcome to send us an unsolicited application. Your application will be processed on the basis of your consent pursuant to Art. 6 (1) a) GDPR for the establishment and implementation of an employment relationship pursuant to Art. 6 (1) b) GDPR. Due to our legitimate interest in defending or asserting legal claims according to Art. 6 para. 1 lit. f) GDPR, we store your application documents for up to 6 months, unless you give us your consent to store your application documents for a longer period.

HeavenHR

The careers page of the Spielfeld website is hosted by HeavenHR, a human resources management platform of HeavenHR GmbH, Mittenwalder Straße 6 10961 Berlin, Germany as part of an order processing pursuant to Art.28 GDPR.

For more information on data protection on the HeavenHR website, please refer to their privacy policy at http://heavenhr.com/web/DE/

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfill contractual and legal obligations.

External service providers (order processors)

Your data will be shared with our IT and software service providers for the maintenance and support of IT systems and software to assist us in providing our services.

Processing of your personal data by contracted service providers takes place within the framework of order processing pursuant to Art.28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing, or transferring data to third parties, this is only done if it is done to fulfill our (pre-)contractual obligations, due to a legal obligation, to protect our legitimate interests, consent is granted or another legal basis allows it. Subject to legal or contractual permissions, we transfer data to third countries only if the special requirements of Art. 44 et seq. GDPR. A transfer is then only made on the basis of an EU adequacy decision pursuant to Art. 45 GDPR or subject to appropriate safeguards pursuant to Art. 46 (2) GDPR, such as EU standard data protection clauses or binding internal data protection rules, so-called Binding Corporate Rules (BCR). In addition, data may be transferred to third countries for certain exceptional cases, e.g. for the fulfillment of a contract or a granted consent in accordance with Art. 49 GDPR.

Data transfer to the USA

Among other things, services of companies based in the USA are integrated on our website. If these services are active, your personal data could be transferred to the US servers of the respective companies. We inform that the USA is currently not a safe third country in the sense of EU data protection law according to the case law of the ECJ. Due to the surveillance laws in the USA, US service providers may be obliged to hand over personal data to security authorities without data subjects being able to appeal against this. It can therefore not be ruled out that US authorities, such as intelligenc eagencies, may process, evaluate and permanently store your data located onservers of US service providers for surveillance purposes. We have no influence on these processing activities.

Storage of data

To the extent necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and processing of a contract. For the duration of the existence of warranty and guarantee claims, the personal data required for this purpose are stored. In addition, we store personal data insofar as we are legally obligated to do so. Corresponding obligations to provide proof and to store data result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage or documentation generally range from six to ten years in accordance with commercial and tax law requirements under § 257HGB and § 147 AO. We delete personal data of the person concerned as soon as the purpose of the storage no longer applies and legal retention periods do not prevent a deletion.

‍

III. Data processing within the scope of our business services

Data processing of natural persons as contractual and business partners, external service providers, interested parties and contact persons

We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship. The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. mail addresses and telephone numbers) as well as contractual data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). As a matter of principle, we do not process special categories of personal data, unless these are components of a commissioned or contractual processing. We process data that are required for the justification and fulfillment of contractual services and point out the necessity of their disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client as well as the legal requirements.

In the context of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests of the user to protect against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims pursuant to Art. 6 para. 1 lit. f. GDPR or there is a legal obligation to do so pursuantto Art. 6 para. 1 lit. c. GDPR.

The deletion of the data takes place when the data is nolonger required for the fulfillment of contractual or legal duties of care aswell as dealing with any warranty and comparable obligations. In all otherrespects, the statutory retention obligations apply.

Direct advertising

If we receive your e-mail address and postal address in the course of concluding a contract, we may process this data in order to inform you about our own similar product and service offers by e-mail and post from now on. If you do not wish to receive any further advertising information bye-mail or post, you can object to the use of your contact data for advertising purposes at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates. You can send your objection by mail or e-mail to the following contact addresses.

Spielfeld Digital Hub GmbH
Skalitzer Str. 85 - 86
10997 Berlin
Phone: +49 30 66701209
E-mail: info@spielfeld.com

Customer satisfaction surveys

Within the framework of a business relationship, weconduct customer satisfaction surveys by e-mail after participation in ourevents in accordance with Art. 6 Para. 1lit. b and f GDPR in conjunction with §7 Para. 3 UWG. If consent has been given, this is done in accordance with Art.6 para. 1 lit. a GDPR. For this purpose, you will receive a link to an onlineform. For this purpose, we use the Google Forms service as part of an orderprocessing pursuant to Art. 28 GDPR. Participation in our surveys is basicallyvoluntary. The processing of personal data in the context of the customersatisfaction survey is carried out in accordance with Art. 6 para. 1lit. a GDPR.Any consent given can be revoked at any time with effect for the future. Withinthe scope of our customer satisfaction surveys, communication data such as thebusiness e-mail address and telephone number of our contact persons at therespective companies may be processed. The information you provide as part ofthe customer satisfaction surveys is processed for statistical evaluations. Theevaluation is carried out by internal employees of Spielfeld Digital GmbH. Thestatistical evaluations are only carried out with aggregated data. Personaldata is anonymized or deleted within 3 months after participation in thesurvey.

To participate in our customer satisfaction survey,you can log in with your Google account. Google may use cookies to display theform. If these are technically necessary, this is done in accordance withSection 25 (2) No. 2 TTDSG. For cookies that are not technically necessary,consent may be obtained by Google in accordance with Section 25 (1) TTDSG. Anyconsent given can be revoked at any time with effect for the future. Thepurpose and scope of the data collection and the further processing and use ofthe data by Google, as well as your rights in this regard and setting optionsfor protecting your privacy, can be found in Google's privacy policy at https://accounts.google.com/ and https://policies.google.com/privacy?hl=de

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfill contractual and legal obligations.

External service providers (order processors)

Your data is shared with service partners, e.g. IT and software service providers for maintenance and support, to assist us in providing our services.

Processing of your personal data by contracted service providers takes place within the framework of order processing pursuant to Art.28 GDPR.

Other service providers, partners and third parties

We may cooperate with other partners if it is necessary to fulfill our service offerings or if we are legally obligated to disclose data. These may be the following partners or third parties:

- Credit institutions and payment service providers
- Credit agencies
- Disclosure to public authorities or by court order
- Advertising agencies
- Document shredding companies, logistics
- Advice and consulting, auditors
- Insurance companies
- Law firms and competent jurisdiction
- Craft enterprises, architecture offices, service companies

It is important to us to process your data within the EU. However, it may happen that we use service providers operating outside the EU. In these cases, we ensure that an adequate level of data protection is established before transferring your personal data. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard data protection contracts or an EU adequacy decision.

Origin of personal data

We process personal data that we receive in the course ofour business relationship. In addition, to the extent necessary for the provision of our services and for the performance of contracts, we process personal data that we have permissibly received from third parties (e.g. credit agencies) (e.g. for the execution of orders, for the performance of contractsor on the basis of consent given by you). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. commercial and association registers, press, media) and are permitted toprocess.

Categories of personal data

We process the following categories of personal data about you:

Personnel master data (name, address and other contact data, date of birth), if applicable order and contract data (e.g. delivery order), payment data, data from the fulfillment of our contractual obligations, advertising and sales data, documentation data (data from consulting and service discussions) and comparable data.

IV. Rights of data subjects

Rights of the data subjects

If personal data of a user is processed, he is a "data subject" within the meaning of the GDPR. He or she is entitled to thefollowing rights vis-à-vis us as the data controller:

- Right to information
- Right to rectification
- Right to restriction of processing
- Right to deletion
- Right to information
- Right to data portability
- Right to object
- Right to revoke the declaration of consent under data protection law
- Right to complain to a data protection supervisory authority

Information, blocking, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if the legal requirements are met, a right to correction, blocking or deletion of this data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing existsin the following cases:

- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

- If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of deletion.

- If we no longer need your personal data, but you need itto exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

- If you have lodged an objection pursuant to Art. 21 (1)GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consentor for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR).

If data processing is carried out on the basis of Art.6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1)GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing ofpersonal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Article 21 (2) GDPR).

Right of complaint to a supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies.

Rights in case of data processing according to thelegitimate interest

Pursuant to Article 21(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) or on the basis of Article 6(1)(f) GDPR (data processing for the purposes of a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Rights in case of direct marketing

If we process your personal data for the purpose of direct marketing, you have the right pursuant to Article 21 (2) GDPR to object at anytime to the processing of personal data concerning you for the purpose of such marketing, this also applies to profiling, insofar as it is related to such direct marketing.

In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. The objection can be made form-free and should preferably be addressed to:

Spielfeld Digital Hub GmbH
Skalitzer Str. 85 - 86
10997 Berlin
Phone: +49 30 66701209
E-mail: info@spielfeld.com

Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of notproviding the data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). For the conclusion of a contract it is necessary that you provide us with personal data. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. Before providing personal data by the data subject, the data subject may contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

Automated decision-making, performance of profiling

For the establishment and implementation of a contractual relationship, we generally do not use exclusively automated decision-making within the meaning of Article 22 GDPR.

Objection to advertising e-mails

We hereby object to the use of contact data published withinthe scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Changes to the data protection declaration

This data protection declaration is continuously adapted in the course of the further development of the Internet or our offer. We will announce any changes on this page in good time. In order to be informed about the current status of our data usage regulations, this page should be called up regularly. (Current status: 30.09.2022)

‍

Data Policy

General information

The following information provides a simple overview of how personal data is processed when you visit our website and as part of our business services. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to the data protection notices listed in the following text.

It goes without saying that the protection of your personal data and fair and transparent data processing are important to us. In the following, we provide you with the information according to Art. 13 and 14 GDPR that you need to review and exercise your rights regarding data protection. We are to be designated as the responsible party within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG),as well as other data protection regulations such as the Telecommunications and Telemedia Data Protection Act (TTDSG) for our website and the associated data processing. Comprehensive information about our organization can be found in the imprint.

The following data protection information is divided into the following sections:

I. Information about the responsible person
II. Data processing on our website
III. Data processing in the context of our business and statutory services
IV. Data subject rights

I. Who to contact

Responsible for data processing:

Spielfeld Digital Hub
Skalitzer Str. 85 - 86
10997 Berlin

Phone: +49 30 66701209
E-mail: info@spielfeld.com

Data Protection Officer:
‍
GFAD Data Protection GmbH
Data Protection Officer
Huttenstrasse 34/35
10553 Berlin
‍
Phone: +49 30 2691111
E-mail: datenschutz@gfad.de

‍

II. Data processing on our website

Data security on our website

To ensure the security of our website, we use a valid state-of-the-art SSL certificate. A website encrypted with SSL transmits personal data to the server in an encrypted form so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognize that a secure connection exists by the display of a lock symbol. By clicking on the lock symbol, you can view our online proof of identity. By encrypting the transmission, you can assume that your entered data is sufficiently protected against unauthorized access during transmission according to the state of the art.

Protection of minors

Our offer is basically directed at adults. Persons under theage of 18 may not transmit any personal data to us without the consent of theirparents or legal guardians.

Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In doing so, we, or our hosting service provider on ourbehalf, process inventory data, contact data, content data, contract data,usage data, meta data and communication data of customers, interested partiesand visitors of this online offer on the basis of our legitimate interests inan efficient and secure provision of this online offer pursuant to Art. 6 (1)lit. f GDPR. The data processing of our hosting service provider is carried outwithin the framework of a contract processing agreement in accordance with Art.28 GDPR.