for the creation, storage, and publication of photographs
The protection of personal data is important to us. JUMO GmbH & Co. KG therefore processes personal data in compliance with the applicable legislation on the protection of personal data and data security.
The data controller pursuant to the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
JUMO GmbH & Co. KG
Dipl.-Ing. Dimitrios Charisiadis and Dr. Steffen Hoßfeld
Moritz-Juchheim-Straße 1, 36039 Fulda, Germany
Phone: +49 661 6003-0 | Fax: +49 661 6003-500
Email: mail@jumo.net | Internet: www.jumo.net
We have appointed an external data protection supervisor:
BerIsDa GmbH | Website: www.berisda.de
You can contact the data protection supervisor via mail at JUMO GmbH & Co. KG, Attn: Data Protection Supervisor, Moritz-Juchheim-Straße 1, 36039 Fulda, Germany, or via email at datenschutz@berisda.de
Visual and audio recordings will be made of employees and visitors at this event. We may publicly disseminate these recordings for the purposes of press and public relations work as well as for advertising similar events and our activities, and may also share them with third parties for journalistic purposes.
This data protection information relates to the creation, processing, storage, and publication of photographs taken by JUMO GmbH & Co. KG at the events. JUMO GmbH & Co. KG shall take photographs in order to document the event as well as to carry out public relations work.
If you do not wish to be photographed, please inform us or the photographer directly so that your request can be respected.
You are neither legally nor contractually obligated to provide your personal data. No obligation to provide it exists. Fully automated decision-making (including profiling) pursuant to Art. 22 GDPR is used to process the data you have provided.
The legal basis for the creation, storage, and use of the photographs is Art. 6(1)(1)(f) GDPR as well as Art. 22 and 23 of the German Law on Copyright in Works of Art and Photography (KUG). The photographs will be stored, processed, and published for the purpose of documenting the event and as part of our public relations work.
This includes the production of photos as well as visual and audio recordings of events and the dissemination of these recordings on websites and social media channels as well as the sharing of such for editorial or journalistic use by third parties, for the purposes of press and public relations work and to showcase the activities of the event organizer in order to increase awareness of the event organizer and to promote participation in similar events and activities. These purposes constitute our legitimate interest.
Any objections shall also be stored based on Art. 6(1)(1)(f) GDPR for the purposes of evidence and to defend against liability claims.
Processing of data you have provided shall only take place for as long as necessary to protect our legitimate interests or until you object to our processing. Once our legitimate interests cease to exist, your data will be erased.
The data shall be made available to third parties when it is published on our website and on social media, meaning that we are only able to erase the data to a limited extent after publication. In the event that you submit an objection, we shall remove data from the Internet platforms directly accessible to us (our website, our social media profiles). We have no influence on the storage durations at other third parties who have obtained access to the data due to publication.
If you do not wish to be photographed, please inform us or the photographer directly so that your request can be respected.
Every data subject has the right to submit an objection to processing. The objection can be submitted to the above-mentioned contact details.
Within our company, those departments and units that require access to the photographs for the above-mentioned purposes and are authorized to process this data shall receive access to them. An external photographer shall be commissioned to take the recordings. In the event of publication, recordings may be passed on to affiliated service providers (e.g. editorial offices or agencies).
As part of our service provision, we commission processors. These service providers shall only act in accordance with the instructions of JUMO GmbH & Co. KG and are contractually obliged to comply with the applicable data protection requirements. For this purpose, we shall conclude relevant order processing agreements with these service providers in writing. This is an agreement required by data protection law and ensures that our service providers only process the personal data of our data subjects in accordance with our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).
Co-organizers and representatives of the press and broadcasters which are reporting on the event and the organizer's activities for their own or journalistic/editorial purposes shall also receive access to photographs and video recordings.
The photos shall be published on the Internet on our website (https://www.jumo.de/) and on social media platforms (YouTube, Facebook, Instagram, and Xing).
Publications on online media or information from the Internet are accessible worldwide and can be linked with further information to create personality profiles. It is pointed out that information (including photographs and video recordings) can be accessed on the Internet by anyone. The possibility cannot be ruled out that these people will further use the pictures or photographs or pass them on to other people. There are specialized archiving services with the aim of continuously documenting the state of certain websites at certain times. This may result in information published on the Internet continuing to be accessible elsewhere, even after it is erased on the original page. Publications on JUMO GmbH & Co. KG's social media pages may no longer be erased at all, but rather simply no longer be shown publicly.
The GDPR assumes that the transmission of personal data, whether it is already being processed or it is intended to be processed after its transmission to a third country or an international organization, is only admissible if a level of data protection comparable with the GDPR is ensured. If it is therefore ensured that the provisions of the GDPR are adhered to – the presence of an adequacy decision from the EU Commission pursuant to Art. 45(1)(3) GDPR or the introduction of internal company data protection regulations approved by a supervisory authority (so-called "appropriate safeguards", Art. 46(2) and (3) GDPR) can count toward this, for example.
Facebook and Instagram: Meta Platforms, Inc. is the US parent company of Meta Platforms Ireland Limited. The corporate headquarters of the parent company of Meta is in a third country from a data protection perspective. Meta Platforms, Inc. has a certification according to the "EU-US Data Privacy Framework" (DPF).
LinkedIn: LinkedIn Corporation is a company headquartered in the USA. LinkedIn Corporation has a certification according to the "EU-US Data Privacy Framework" (DPF).
YouTube: YouTube is operated by Google LLC, headquartered in the USA. Google LLC has a certification according to the "EU-US Data Privacy Framework" (DPF).
The DPF is an (individual) agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards during data processing in the USA (existence of an adequacy decision from the EU Commission pursuant to Art. 45(1) and (3) GDPR). Each company certified according to the DPF undertakes to adhere to these data protection standards. The list of certified companies is available at: https://www.dataprivacyframework.gov/list. You can search by provider name and view the certification directly there.
If we process your personal data, you as the data subject have the following rights vis-à-vis us as the data controller:
Within the applicable legal provisions, you have the right at any time to request (free of charge) access to your collected and stored personal data. This also includes access to the purposes of its processing, its origin and recipients, the storage duration, and the existence of various rights.
You have a right to rectification (including to completion) of your data vis-à-vis the data controller if the personal data processed concerning you is incorrect or is incomplete for the purpose of processing. The data controller must make the rectification without delay.
Under the conditions of Art. 17 GDPR, you can request the erasure of your personal data at any time, unless certain circumstances still exist that entitle or obligate the data controller to continue to process your personal data (such as statutory retention requirements).
If the legal requirements are met, you may request restriction of the processing of your personal data within the scope of Art. 18 GDPR.
If you have provided personal data to us and automated processing takes place based on your consent or based on an agreement, you have a right to transmission of the data you provided within the scope of Art. 20 GDPR, as long as this does not affect the rights and freedoms of other persons. It shall be provided in a common, machine-readable format. If you request the direct transmission of the data to another data controller, this shall only take place insofar as this is technically feasible.
Within the scope of Art. 21 GDPR, you have the right to object to the processing of your data insofar as data processing is performed for the purpose of direct marketing or profiling. You may object to processing based on a balancing of interests, by stating reasons arising from your particular situation.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the member state where you are domiciled, the location of your place of work, or the location of the suspected infringement, if you believe that the processing of your personal data breaches the GDPR.
The supervisory authority responsible for us is the Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hessian commissioners for data protection and freedom of information). However, if you are located in a different German federal state or are not in Germany, you can also contact the data protection authority there.