1. Information about the gathering of personal data
The following information relates to the gathering of personal data when using our website.
Personal data is any data that can be assigned to you personally, such as name, address, email addresses and user behaviour.
a) Responsible for the website in accordance with Article 24(7) of the EU General Data Protection Regulation (GDPR) is the Ruhr Regional Association (RVR), Kronprinzenstraße 6, 45128 Essen, email@example.com (see our legal notice).
You can contact our data protection officers by emailing firstname.lastname@example.org or writing to our postal address and marking the correspondence for the attention of ‘the data protection officers’.
b) When you contact us by email or via a contact form, the data you provide (your email address, name and telephone number) will be stored by us to enable us to respond to your enquiry. The data related to this enquiry will be deleted after 14 days. The matter itself will be stored in the company’s internal systems until it has been processed or until any retention periods have expired.
The data and information contained in the contact form are sent to us as well as TAS Emotional Marketing GmbH, the service provider appointed by us to manage the website. A contract exists with the service provider to process data on our behalf in accordance with Article 28(3) GDPR.
c) Furthermore, if we use appointed service providers to manage individual functions of our website or wish to use your data for advertising purposes, we will inform you in detail about the relevant processes involved as set out below. In doing so, we will also state the defined criteria relating to the storage duration.
2. Gathering and storing personal data, the manner in which it will be used and the purposes for which it will be used
When visiting our website www.metropole.ruhr/en, information is automatically sent to our website’s server by the browser used on your end device. This information is temporarily stored in a so-called log file. Among other things, log files store the IP address, the browser used, the date and time and the system used by a visitor to the website. Our service provider Hetzner only stores pseudonymised IP addresses of visitors to the website. At Web server level, instead of storing the actual IP address of the website visitor (e.g. 126.96.36.199), the standard method of doing this is to store an IP address in the form 123.123.123.XXX, with XXX representing a random value between 1 and 254. It is no longer possible to ascribe the IP address to an individual.
The mail server log stores the data for 7 days. Backups are retained in encrypted form for 14 days.
The specified data is processed by us for the following purposes: to ensure the establishment of a smooth connection to the website, to ensure a convenient user experience, to evaluate the security and stability of the system and to perform additional administrative tasks.
Article 6(1)(1)(f) GDPR provides the legal basis for processing data. Our legitimate interest arises from the above-listed purposes of gathering data. Under no circumstance will we use the gathered data for the purposes of identifying you personally.
If you have any questions, we give you the opportunity to get in touch with us using the email address provided in the legal notice (email@example.com). A valid email address must be used to enable us to establish the origin of the enquiry and respond to it. Further information can be provided on a voluntary basis.
Any data processed for the purposes of contacting us is provided by you on a voluntary basis and processed by us in accordance with Article 6(1)(1)(a) GDPR. The personal data gathered for the purposes of contacting us will be deleted no later than 14 days after your enquiry has been dealt with.
3. Sharing data
Your personal data will not be shared with third parties for any purposes other than those set out below.
We will only share your personal data with third parties if:
• You have granted your express consent for us to do so in accordance with Article 6(1)(1)(a) GDPR;
• It is necessary to share the data in accordance with Article 6(1)(1)(f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overwhelming interest in protecting your data by not sharing it;
• There is a legal obligation to share the data in accordance with Article 6(1)(1)(c) GDPR;
• This is legally permissible and necessary for managing our contractual relationship with you in accordance with Article 6(1)(1)(b) GDPR.
We also appoint service providers for the purposes of making the website available along with its functions and services within the meaning of Article 28(3) GDPR (processing). These service providers can access personal data in the course of performing their duties, although such access is governed by contractual regulations and instructions.
Cookies contain information pertaining to the specific end device used. However, this does not mean that we are given any direct knowledge of your identity.
In order to further improve the user-friendliness of our website, we use other kinds of cookies, which are stored on your end device for a certain period of time. When you revisit our website to use our services, our server automatically recognises you as a previous visitor and remembers your settings and preferences so that you do not have to enter them again.
Most browsers accept cookies automatically. However, you are able to configure your browser in such a way that either blocks cookies from being stored on your computer or shows an alert before new cookies are stored. The complete deactivation of cookies, however, may prevent you from using all of the functions on our website.
If you subscribe to our newsletter, we will keep you regularly informed (generally monthly) about the latest news on our ‘City of Cities’ campaign in the form of text, image and video articles.
a) We use the so-called double opt-in procedure for our newsletter registration process. This means that after your registration we will send an email to the specified email address in which we ask you to confirm that you would like to subscribe to the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted. In addition, we store your IP addresses and the date and time of registration and confirmation. This is for the purposes of documenting your registration and investigating any potential misuse of your personal data.
b) The only mandatory information required for sending the newsletter is your email address. Once we have received your confirmation, we will store your email address for the purposes of sending the newsletter. Article 6(1)(1)(a) GDPR provides the legal basis for this.
c) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can cancel the subscription by clicking on the link provided in every newsletter email, by sending an email to firstname.lastname@example.org or by sending a message to the contact details provided in the legal notice.
d) Our newsletter is delivered by MailChimp, a newsletter service provided by the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp is certified by the Privacy Shield agreement between the USA and the EU. We have also signed a data protection agreement with the company.
e) We wish to point out that we evaluate your user behaviour when sending the newsletter. We record the open rate, click rate, bounce rate, reader source and instances of logging on or off. To enable us to perform this evaluation, the sent emails contain Web beacons or tracking pixels – single-pixel image files – that are stored on our website. For evaluation purposes, we link data and the Web beacons with your email address and individual ID. The data specified in the previous sentence includes the IP address, the data and time of the request, the time zone difference to Greenwich Mean Time, the content of the request (specific page), the access status / HTTP status code, the amount of data transferred in each instance, the website from where the request originates, the browser, the operating system and its interface and the language and version of the browser software.
6. Analytics tools
The tracking measures detailed below are used by us on the basis of Article 6(1)(1)(f) GDPR. We wish to use the tracking measures to continuously optimise our website and ensure that its design is based on need. We also use tracking measures to gather statistical data about how our website is used and for the purposes of evaluating and optimising our website. These interests must be viewed as legitimate within the terms of the aforementioned provision.
Refer to the relevant tracking tools for information on the corresponding data categories and the purposes of processing the data.
We use Google Analytics, a web analytics service provided by Google Inc. (https://marketingplatform.google.com/about/analytics/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as ‘Google’) for the purposes of ensuring the needs-based design and continuous optimisation of our website. Google Analytics uses so-called ‘cookies’, text files that are stored on your computer and make it possible to analyse how you use the website. The information generated by the cookies relating to how you use the website is generally transmitted to a Google server in the USA where it is stored. In the event that IP anonymisation has been activated on this website, however, your IP address will be shortened beforehand within the member states of the European Union or other signatory states to the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate how you use the website, to compile reports on website activity and to offer the website operator further services related to the use of the website and Internet.
• We use Google Analytics in order to be able to analyse how our website is used and regularly improve it. The statistics acquired in this way allow us to improve our website and make it more interesting for you as a user. For the exceptional cases when personal data is transmitted to the USA, Google has signed up to the EU-US Privacy Shield agreement: https://www.privacyshield.gov/EU-US-Framework. Article 6(1)(1)(f) GDPR provides the legal basis for the use of Google Analytics.
• The IP address transmitted from your browser within the scope of Google Analytics will not be merged with other data by Google.
• This website uses the Google Analytics ‘Demographics and Interests’ function. This allows reports to be generated containing statements about the age, gender and interests of website visitors. This data comes from interest-based advertising from Google and third-party visitor data and cannot be attributed to any specific individual person.
• Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (0)1 436 1001.
User terms: https://www.google.com/analytics/terms/gb.html
Privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html
You can deactivate Google Analytics by clicking on the following link: Opt out of Google Analytics
7. Social media links
By clicking on the corresponding links, our website gives you the option to be redirected to our corporate pages on the following social media platforms: Facebook, Instagram, YouTube, Xing and LinkedIn. These are simple links.
a) Joint responsibility and legal basis
As the company responsible for maintaining these pages, we process personal data together with the respective social media platforms (joint responsibility in accordance with Article 26 GDPR). By creating and publishing our pages, we have accepted the various social media platforms’ terms and conditions that govern the use of the pages and the resulting processing of data.
The legal basis for processing the data is our legitimate interest (Article 6(1)(f) GDPR) in presenting our company on commonly used communication media platforms and offering applicants, interested parties and other individuals a way of communicating with our company that is both preferred by them and generally used nowadays.
We wish to point out that you are solely responsible for your activity on social media platforms, particularly when posting and sharing content. As an alternative, you can contact us by email (email@example.com).
b) Processing data when visiting one of our pages on social media platforms
To the best of our knowledge, we wish to inform you about how data is processed when visiting our pages on social media platforms.
You have the option of giving us your feedback, making a complaint or contacting us about other matters via the social media platforms. If you include more detailed information such as invoice numbers or personal addresses in public posts and comments, we will delete them and reply to you via a private message.
The social media platform uses the personal information gathered in this way to generate statistics about the usage and user structure of the platform and run interest-based advertising on the platform and elsewhere. The social media platforms’ advertising models also allow for the sharing of information about your usage behaviour with third parties (advertising partners) outside the platform and the acquisition of data about your surfing/usage behaviour from outside the platform.
Facebook’s ‘Insights’ tool supplies advertisers with anonymised statistical data, such as information on page views, activities, male/female ratio and much more besides (see https://en-gb.facebook.com/iq/tools-resources/audience-insights). We have no influence over how the data is processed for this purpose. We are also unable to prevent it and have no access to the data on which it is based.
We use Facebook Insights to better understand the structure of our users and their interests and design our page accordingly. Furthermore, both we and the operator of the social media platform can better manage the advertising in this way, because we get information such as the demographic and geographic distribution of users as well as their gender. We can thus identify our users’ tendencies from the statistics and show them more relevant content.
Data is transmitted to the USA when using the services of Facebook, Instagram, Twitter and LinkedIn. These operators are certified by the Privacy Shield agreement and are obliged to comply with EU data protection standards.
c) Your rights as an affected individual
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
YouTube (YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA)
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Xing (XING AG, Dammtorstraße 29–32, 20354 Hamburg, Germany)
8. Integration of YouTube videos
a) We have integrated YouTube videos on our website, which are stored at www.youtube.com and can be played directly from our website. YouTube is used to help us create a more appealing website. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR. [They are all integrated in ‘enhanced data protection mode’, which means that no data about you as a user is sent to YouTube if you do not play the videos. Only once you play the videos will the data detailed in the following paragraph be sent. We have no influence over the sending of this data.]
Google also processes your personal data in the USA and has undertaken to comply with the provisions of the EU-US Privacy Shield agreement: https://www.privacyshield.gov/EU-US-Framework.
9. Integration of Google Maps
We use the services of Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR.
Google also processes your personal data in the USA and has undertaken to comply with the provisions of the EU-US Privacy Shield agreement: https://www.privacyshield.gov/EU-US-Framework.
10. Your rights
a) You have the following rights with regard to the personal data we store about you:
• The right of access
• The right to have data rectified or erased
• The right to restrict the processing of data
• The right to object to the processing of data
• The right to data portability
The right of access (Article 15 GDPR)
We must provide you with information as to whether or not we are processing your personal data. If such data is being processed, we must state (among other things) the purposes for which it is being processed, the categories of personal data being processed, the potential recipients of such data and the envisaged period for which the personal data will be stored.
The right to rectification (Article 16 GDPR), the right to object (Article 21 GDPR), the right to restrict the processing of data (Article 18 GDPR)
If you notice that we are processing personal data that is incorrect or incomplete, then you can of course demand rectification. You can also object to the processing of your data for exceptional reasons and demand that restrictions are placed on the processing of your data, as long as this is justifiable.
The right to erasure (Article 17 GDPR) and data portability (Article 20 GDPR)
In the event that personal data is processed by us, among other things, without justification or when there is no longer a purpose for doing so, you can demand its erasure. Furthermore, you have the right to receive from us all information that you have sent to us in a structured, standard and machine-readable format.
Revocation of consent (Article 7(3) GDPR)
You also have the right at any time to revoke the consent granted to us to gather and use your personal data. To exercise your right of revocation, please send an email to the following address: firstname.lastname@example.org.
We have summarised the rights of the individual in parts here in order to make them more understandable and easier to read. If necessary, please refer to the original text (link to https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679) or contact our data protection officer directly.
You can exercise your rights in relation to data protection at any time and at no cost to you. Our data protection officer will review each matter individually before responding. If you wish to make an enquiry regarding data protection, please contact: email@example.com.
b) You also have the right to lodge a complaint with a data protection regulatory authority about the way in which we process your personal data. The regulatory authority responsible for dealing with us is the North-Rhine Westphalia State Commission for Data Protection and Freedom of Information; Postfach 20 04 44; 40102 Düsseldorf; firstname.lastname@example.org; https://www.ldi.nrw.de.
11. The right to object
If your personal data is processed on the basis of legitimate interests in accordance with Article 6(1)(1)(f) GDPR, you have the right in accordance with Article 21 GDPR to object to the processing of your personal data, provided this is for reasons that relate to your particular situation or your objection to direct advertising. In the case of the latter, you have a general right to object, which we will accept without the need for you to provide details of your particular situation.
If you wish to exercise your right to object or revoke your consent, you simply need to send an email to email@example.com.
12. Data security
We use appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction and unauthorised access by third parties. Our security measures are continuously improved to keep pace with technological developments.