1. General information
When you visit our website, various personal data are processed depending on the type and scope of your visit. Personal data is information that relates to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly (e.g. by reference to an online identifier). This includes information such as name, address, telephone number, date of birth or IP addresses.
With this data protection notice, we inform you in accordance with Art. 12 et seq. GDPR about which personal data is processed when you visit and use our website. In particular, you will find information below on what data we collect in connection with your visit and use of our website, what we use the collected data for and for what purposes the data is collected. You will also find information on the rights to which you are entitled in connection with the processing of your personal data.
We reserve the right to adapt this data protection information with effect for the future, in particular in the event of the further development of our website, the use of new technologies or changes to the legal basis or the corresponding case law. This data protection information applies to all pages of our website (www.lingosystems.de). It does not extend to any linked websites or internet sites of other providers.
2. Responsible party
The controller as defined in Art. 4 No. 7 GDPR is
SF Tech GmbH
Tel.: +49 341 238229 10
3. Data protection officer
If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer. You can reach our data protection officer at the e-mail address email@example.com or at the following postal address:
GP Data GmbH
Mädler-Passage, Aufgang B
Grimmaische Str. 2-4
For security reasons and to protect your personal data when it is transmitted to us, we use SSL or TLS encryption to protect your data from being accessed by unauthorized persons. You can recognize an encrypted connection by the character string https:// and the lock symbol in the address bar of your browser.
5. Purposes and legal grounds for processing
Accessing and visiting our website – server log files
For the technical provision of our website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed and used in your browser. This information is automatically collected each time you visit our website and stored in so-called “server log files”. The following information is transmitted by your browser and stored in the server log files:
· IP address
· Date and time of the request
· Time zone difference to Greenwich Mean Time (GMT)
· Content of the request (specific page)
· Access status/HTTP status code
· Amount of data transferred
· Website from which access is made (referrer URL);
· Browser type and browser version;
· Operating system used
The storage of the aforementioned access data is necessary for technical reasons in order to operate our website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an identification of your person. In addition to the aforementioned purposes, we use server log files exclusively for the needs-based design and optimization of our website purely statistically and without drawing any conclusions about your person. This data is not merged with other data sources, nor is it analyzed for marketing purposes.
The access data collected as part of the use of our website is stored for the period for which this data is required to accomplish the aforementioned purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.
If you visit our website to find out about our range of services or to use them, the basis for the temporary storage and processing of access data is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
If you contact us via the contact options provided on our website (e.g. by e-mail or telephone), the content of your inquiry, including all personal data resulting from it, will be processed for the purpose of processing your inquiry, insofar as this is relevant or necessary for responding to your inquiry.
The processing of the personal data provided by you in the context of your request is based on Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is in connection with the creation or execution of a contractual relationship. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or upon your consent (Art. 6 para. 1 lit. a GDPR), insofar as such consent has been obtained.
We will retain the data you provide or transmit in the context of your inquiry until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g. after we have completed processing your inquiry). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.
With your consent, you can subscribe to the newsletter of SF Holding GmbH and its subsidiaries (currently: SF Event GmbH, SF Tech GmbH, SF Agile X GmbH) to receive regular information on events, services and products offered by SF Holding GmbH and its subsidiaries.
Subscribing to our newsletter
We use the so-called double-opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your data.
The only information required for registration is your e-mail address. After confirming your registration, we will save your e-mail address for the purpose of sending you the newsletter.
Sending out of our newsletter
Our newsletter is sent out on our behalf by Cvent Inc, 1765 Greensboro Station Place, Suite 700, Tysons Corner, VA 22102 (hereinafter “Cvent”). The services provided by Cvent can be used to both organize and analyze the sending of newsletters. The e-mail address you provide to receive our newsletter is stored on Cvent’s servers.
Our newsletter sent with the services of Cvent enables us to analyze the behavior of the recipients of our newsletter. In particular, we can analyze how many recipients have opened the newsletter and how often each link within the newsletter was clicked. With the help of so-called “conversion tracking”, it is also possible to define whether a predefined action has occurred on our website following a click on a link in the newsletter.
Your data processed for the purpose of subscribing to our newsletter will be stored by us or by Cvent until you unsubscribe from the newsletter and will be deleted from our newsletter distribution list once you unsubscribe from the newsletter.
After unsubscribing from our newsletter, your e-mail address may be stored by us or by Cvent in a so-called “blacklist” to prevent you from receiving further e-mails after unsubscribing from our newsletter. The e-mail addresses stored in the blacklist are used exclusively for this purpose and are not merged with other data. The storage of your e-mail address within the blacklist serves both your interest and our interest in complying with legal requirements when sending newsletters. The processing is therefore carried out on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
We use so-called “cookies” on our website. Cookies are small text files that are stored on the hard disk of the device you use to access our website. The characteristic character strings contained in the cookies can be used to identify the browser you are using when you access our website. Cookies cannot execute programs or transmit viruses to the device you are using. They serve to make our website more user-friendly, effective and secure as well as to enable the availability of certain functions of our website.
Cookies may contain data that enables the device you are using to be recognized. In some cases, cookies only contain information on certain settings (e.g. language settings) that are not personally identifiable.
Most browsers are preset to accept cookies automatically. You can change this default setting by activating the “Do not accept cookies” setting in your browser. For more information, please contact your browser provider.
Cookies that have already been saved can be deleted at any time. For more information on deleting cookies, please contact your browser provider.
If you activate the “do not accept cookies” function in your browser, it is possible that not all functions of our website will be available to you, or that some functions will only be available to a limited extent.
A distinction is made between so-called “session cookies”, which are deleted as soon as you close your browser, and so-called “permanent cookies”, which are stored beyond the individual session and are only deleted after a defined period of time. With regard to their functions, we have divided the cookies used on our website into the following categories:
· Technically required cookies
Scripts, cookies and other elements that are required for the operation of the website.
· Analytical and statistical cookies
Analytical and statistical cookies collect information anonymously. This information helps us to understand how our visitors use our website.
· Cookies used
Below you will find further information about the cookies used on our website:
The legal basis for the storage of technically required cookies is § 25 para. 2 no. 2 TTDSG. We store analytical and statistical cookies exclusively on the basis of your explicit and active consent in accordance with § 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR.
If your consent is required for the storage of cookies on your end device, the cookie consent technology “CCM19” from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany is used on this website to obtain your consent and document it in accordance with data protection regulations.
In connection with the use of CCM19, information is stored in the local memory of your browser and a technically required cookie (ccm_consent) is stored in your browser to manage and store the consents you have given.
If you wish to withdraw the consent you have given or change your selection, simply delete the information stored by CCM19 in your browser’s local memory. As soon as you visit our website again, you will be asked again for your cookie selection (consent). Alternatively, you can revoke the consent you have given or change your selection by selecting the button at the bottom left.
The legal basis for storing information on your end device and accessing it in connection with the use of CCM19 is Section 25 (2) No. 2 TTDSG. The associated processing of your data is performed in order to fulfill our legal obligations in accordance with Art. 6 para. 1 lit. c GDPR.
Provided you have given your consent, this website uses the open source web analysis service Matomo. Matomo uses technologies that enable the cross-page recognition of users in order to analyze user behavior. The information collected by Matomo about the use of this website is stored on our server. The IP address is rendered anonymous before it is saved.
With the help of Matomo, we are able to collect and analyze data about the use of our website by the users of our website. This enables us, along with other things, to recognize when which pages were accessed and from which region the respective user comes. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether visitors to our website perform certain actions (e.g. clicks, purchases, etc.).
For online registration for our events, we use a software solution from Cvent Inc, 1765 Greensboro Station Place, Suite 700, Tysons Corner, VA 22102 (hereinafter “Cvent“).
In connection with the online registration, Cvent processes the data provided by you in connection with the event registration (see Section 5.5). In this context, Cvent shall obtain knowledge of the data collected in connection with the event registration, insofar as this is stipulated in our order processing contract with Cvent. Cvent is a service offered by a provider based in the USA. It can therefore not be ruled out that personal data will be processed in the USA and therefore in a third country. However, we have entered into an order processing agreement with Cvent that meets the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed firstly by the conclusion of the so-called EU standard contractual clauses.
We use the “Google reCAPTCHA” service (hereinafter “reCAPTCHA”) on our website, which is provided for the European area by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).
The use of reCAPTCHA verifies whether data is entered on our website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the user accesses a page of our website on which reCAPTCHA is integrated. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent r on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. You will not be notified that an analysis is taking place.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from abusive automated spying and SPAM. If a relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Insofar as personal data is transferred to the USA when using reCAPTCHA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.
Event registration and ticket purchase
· Data processing upon registration
We provide the option of registering for one of our events through our website. In order to process the event registration, we process the personal data you provide during the registration process. In particular, this involves the personal information provided during the registration process (first name, surname, email address, telephone number, department/position (optional), company) and the billing address provided (street, country, city, state (optional), postal code).
Please also let us know whether your name may be displayed on the list of participants so that it is visible to other participants and whether you would like other participants to be able to contact you by e-mail via the list of participants.
If the data provided during the ordering process is the personal data of a third party (e.g. a colleague), you are obliged to ensure that the third party has been sufficiently informed by you about the processing of their personal data by us and that you are authorized to provide the data.
The personal data provided during the registration process is processed in order to identify the registered persons as participants in our event and to enable the registered participants to take part in our event. The legal basis for the aforementioned processing is Art. 6 para. 1 lit. b GDPR.
If you have given your consent during the registration process, we will process the contact details you provided during the registration process on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of regular mailing and communication of information on events, other products as well as customer information and surveys on current topics. You can withdraw your consent at any time with immediate effect. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by sending an e-mail to firstname.lastname@example.org or by sending a message to the contact details provided in the legal notice.
We delete the data collected in connection with the event registration once storage is no longer required and there is no statutory retention period to prevent deletion. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and registration data for a period of 10 years.
· Data processing during payment
As part of payment processing, we pass on your payment data to payment service providers commissioned by us. The type and scope of the data passed on depends on the payment method you have selected:
· Credit card
If you wish to pay for your ticket – where possible – by credit card, we require the data marked as necessary on the payment page with an (*), in particular the credit card number, name of the credit card holder and the period of validity of the credit card, in order to process the payment. We check the data entered along with the data of your order so that we can recognize any misuse of the credit card or the credit card payment option at an early stage and use the data to process the agreed payment by credit card after successful verification.
The legal basis for the corresponding data processing is Art. 6 para. 1 lit. b GDPR, as the processing of the aforementioned data is necessary in order to fulfill the agreement on the payment of your purchase by credit card.
The above data will be stored by us for a maximum period of 24 months in order to be able to compare it with other credit card payments in order to combat fraud and abuse and will then be deleted.
If you wish to pay for your ticket by invoice, we will process the data provided by you during the ordering process to create and send a proper invoice and to monitor the receipt of payment.
Participation at online events
We use the services of Cvent Inc, 1765 Greensboro Station Place, Suite 700, Tysons Corner, VA 22102 (hereinafter “Cvent”) to organize online events. When you are invited to and participate in an online event using the services of Cvent, the following personal data is processed:
· First name, last name, e-mail address, personal link for participation
· Event metadata: Topic, description (optional), participant IP addresses, device/hardware information
· Text, audio and video data if you use the chat, question or survey functions, the “share screen” function or switch on the microphone and/or camera during the event.
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR, insofar as your participation in the event is based on a contractual relationship with us. If there is no contractual relationship, the processing is based on our legitimate interest in the effective implementation of online events in accordance with Art. 6 para. 1 lit. f GDPR.
Cvent shall obtain knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Cvent. Cvent is a service provided by a provider based in the USA. It can therefore not be ruled out that personal data will be processed in the USA and therefore in a third country. However, we have entered into an order processing agreement with Cvent that meets the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed firstly by the conclusion of the so-called EU standard contractual clauses.
If you participate in our event with spoken contributions and/or use the video function, the other participants in the event will hear your contributions or see your image. Consequently, the other event participants will also be recipients of your data.
Our website is hosted by an external service provider, Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. The data collected when you use our website is stored on our host’s servers. This data includes, in particular, IP addresses, contact requests, meta and communication data, contact data, website access and other data that is collected when a website is used.
Our hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR).
In order to ensure data protection-compliant processing, we have entered into an order processing contract with the hoster we use.
Further processing purposes
Compliance with legal regulations
We additionally process your personal data in order to fulfill other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. We process your personal data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR in order to comply with a legal obligation that we are subject to.
We may process your personal data in order to assert our rights and enforce our legal claims. We may also process your personal data in order to defend ourselves against legal claims. Finally, we may process your personal data if necessary for the prevention or prosecution of criminal offenses. We may process your personal data to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or prevent or investigate criminal offenses (legitimate interest).
6. Data recipients
Within our company, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and subcontractors used by us (e.g. technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. We limit the transfer of your personal data to what is necessary in accordance with data protection regulations. In some cases, the recipients receive your personal data as contracted processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own responsibility under data protection law and are also obliged to comply with the requirements of the GDPR and other data protection regulations.
Finally, in individual cases we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.
7. Duration of data storage
We will initially process and store your personal data for the duration of the relevant purpose of use (see above for the individual processing purposes). This may also include the time required for the initiation of a contract (pre-contractual legal relationship) and the completion of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:
· – Fulfillment of statutory retention obligations arising, for example, from the German Commercial Code (Sections 238, 257 (4) HGB) and the German Fiscal Code (Section 147 (3), (4) AO). The retention and documentation periods specified therein are up to ten years.
· Preservation of evidence, taking into account the statute of limitation. According to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
8. Your rights
As a person who is affected by processing, you are entitled to the following rights in accordance with the legal regulations:
Right of access
You are entitled to request confirmation from us at any time in accordance with Art. 15 GDPR as to whether we are processing personal data concerning you; if this is the case, you are also entitled in accordance with Art. 15 GDPR to receive information about this personal data and certain other information (in particular processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data. The restrictions of § 34 BDSG apply.
Right to rectification
In accordance with Art. 16 GDPR, you are entitled to demand that we rectify personal data stored about you if it is inaccurate or incorrect.
Right to deletion
You are entitled, under the conditions of Art. 17 GDPR, to demand that we delete personal data concerning you immediately. The right to deletion does not exist, for example, if the processing of your personal data is necessary, e.g. to fulfill a legal obligation (e.g. statutory retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of § 35 BDSG apply.
Right to restriction of processing
You are entitled, under the conditions of Art. 18 GDPR, to demand that we restrict the processing of your personal data.
Right to data transferability
Under the conditions of Art. 20 GDPR, you are entitled to demand that we provide you with the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format.
Right of revocation
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by the revocation of consent. An informal notification, e.g. by email, is sufficient to declare your revocation.
Right of objection
You are entitled to object to the processing of your personal data under the conditions set out in Art. 21 GDPR, which means that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, meaning that we are entitled to process your personal data despite your objection. We will respond to an objection to any direct marketing measures immediately and without reassessing the existing interests.
Information about your right to object in accordance with Art. 21 GDPR
You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests) or Art. 7 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) if there are grounds for doing so that arise from your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds to do so which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
The objection can be made informally and should preferably be addressed to:
SF Tech GmbH
Phone: +49 341 238229 10
Right of appeal to a supervisory authority
Subject to the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. Specifically, you can lodge a complaint with the supervisory authority responsible for us (Saxon Data Protection and Transparency Officer; https://www.datenschutz.sachsen.de/kontakt.html) or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found under the following link
For further questions and concerns regarding data protection, please contact our data protection officer using the contact details above.
9. Obligation to provide data
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website available to you without restrictions or answer your inquiries. Personal data that we do not necessarily require for the above-mentioned processing purposes is marked accordingly as voluntary information.
10 Automated decision making/profiling
We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).