Privacy Policy (according to GDPR)

Data protection has a high priority for us as a public vocational school. The use of our web pages supports the information and communication within our European school partnerships of the "European CNC-Network" and does not involve any commercial interests - it is possible without any indication of personal data. However, if a data subject wants to use our forum for communication via our website, processing of personal data will be become necessary by registration in the forum. Furthermore, interested persons can contact us by e-mail. In this case, the user's personal data transmitted by e-mail will be stored temporarily. In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation required by the request.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the European General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations. By means of this data protection declaration, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

This privacy policy applies to the both websites www.cnc-netzwerk.eu (German version) and www.cnc-network.eu (English version) and all the contents offered there. For contents of third parties, which are referenced for example by hyperlinks and on which we have no influence, the regulations of this third parties apply. In particular, these are responsible for their own content in accordance with § 7 para. 1 Telemedia Act (TMG) or other similar regional legal requirements.

1. Definitions

The data protection declaration is based on the terms used by the European legislator for the adoption of the European General Data Protection Regulation (EU-GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use the following terms:

2. Name and Address of the controller

Controller for the purposes of the European General Data Protection Regulation (EU-GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

BBS TGHS Bad Kreuznach
Ringstraße 49
55543 Bad Kreuznach
Germany
Tel.: +49 (0)671.88777.0
Email: info@cnc-network.eu


This privacy policy applies for the following websites:
www.cnc-netzwerk.eu (German version)
www.cnc-network.eu (English version)

3. Legal basis for processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU data protection regulation (DSGVO) as legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b EU-GDPR as legal basis. This also applies to processing operations required to carry out pre-contractual action.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our administration, Art. 6 para. 1 lit. c EU-GDPR as legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d EU-GDPR as legal basis.
If the processing is necessary for the performance of a task in the public interest or in the exercise of official authority which has been entrusted to the controller, Art. 6 (1) lit. e EU-GDPR as legal basis.

4. Collection of general data and information

The server operator of our website can collect a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files of our server operator. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

We process personal data of website visitors only insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of the website visitors takes place regularly only after their consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Registration on our website

Project members and other interested persons have the possibility to register in our commnication forum with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes.

By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.

The data controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. The entirety of the controller’s employees are available to the data subject in this respect as contact persons.

6. Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

7. Rights of the data subject

8. Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

9. Existence of automated decision-making

We do not use automatic decision-making or profiling.


This Privacy Policy has been generated by the Privacy Policy Generator of the DGD - Your External DPO that was developed in cooperation with German Lawyers from WILDE BEUGER SOLMECKE, Cologne.
The original version was adapted to the individual requirements at relevant points.