Data protection declaration
We appreciate your interest in our company. Data protection is of particular importance to the management of marbet Marion & Bettina Würth GmbH & Co KG. It is possible to use the website without supplying any personal information.
The following information is intended to provide an overview of personal data processing at marbet and of the rights of data subjects under data protection law. Which data is processed in detail and how it is used depends largely on the services agreed or used. Therefore, not all sections of this information will apply equally to all parties concerned.
Who is responsible for data processing and who can I contact?
The data controller under the General Data Protection Regulation, other data protection laws applicable in member states of the European Union and other provisions of a data protection nature is:
marbet Marion & Bettina Würth GmbH & Co. KG
Management: Tobias Rieger
You can contact our company data protection officer:
Würth IT GmbH
Drillberg 6 (Industriepark Würth)
97980 Bad Mergentheim
What sources and data do we use?
We process personal data that we receive from our customers or other interested parties in the course of our business relationship. In addition, to the extent necessary for the provision of our services, we process personal data that we legitimately obtain from publicly accessible sources (e.g. press, internet, social media).
Relevant personal data is personal data (name, address and other contact data, birth date and place as well as nationality), identification data (e.g. ID card data), bank and credit data, travel data (arrival and departure date, place of travel, flight data, hotel data etc.), and other data comparable with the categories mentioned.
In the context of the actual assignment and execution of events we process participants’ personal data (e.g. dress size, shoe size), in exceptional cases and, if necessary for the event, health data as well (allergies, illnesses, disability status), travel data (date of arrival and departure, place of travel, flight data, hotel data, etc.).
Legal basis of processing
What do we process data for?
We process personal data in accordance with the provisions of the EU Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
a) to fulfil contractual obligations (Art. 6 para. 1 b DSGVO)
The processing of data takes place for the provision of our services, the conception, planning and realisation of events, incentives and guest & travel services (private, business and group travel as well as participant handling) within the scope of contract fulfilment as well as pre-contractual measures, which mostly take place on request. The purposes of data processing are primarily based on the specific product or service and may include, among other things, consulting, concept development and implementation of live communication services, travel planning, booking and implementation as well as related additional services such as visa procurement, insurance services, etc. Further details on data processing purposes can be found in the relevant contractual documents.
b) to protect legitimate interests (Art. 6 para. 1 f DSGVO)
Where necessary, we process data to safeguard our legitimate interests, in particular to maintain and, if necessary, to contact business customers, unless the interests or fundamental rights and freedoms of the data subjects prevail or if there is no objection to use of the data.
c) on the basis of consent (Art. 6 para. 1 a DSGVO)
If we have been given permission to process the personal data of data subjects for specific purposes (e.g. CRM customer database, newsletter dispatch, traveller profiles for business and private travel, online registration of participants and participant data management), the legality of this processing is given on the basis of the data subject’s consent. You may revoke your consent at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018.The revocation of consent is only effective for the future and does not affect the legality of the data processed up until revocation.
d) due to legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)
Also, as a service provider in the live communication and travel industry, we are subject to various legal obligations, i.e. legal requirements (such as tax law, commercial law, travel law, copyright, insurance law, labour law, trade association, DGUV – German statutory accident insurance) and regulations (e.g. venue ordinance).The purposes of the processing include, among other things, the fulfilment of fiscal control and reporting obligations.
Who receives the data?
Within marbet, specific departments receive access to personal data which they need to fulfil our contractual services and legal obligations (concluded with customers).Service providers and vicarious agents employed by us may also receive data for this purpose if they are obliged to comply with data protection obligations and the appropriate level of protection is guaranteed.
With regard to the transfer of data to recipients outside marbet, it should be noted that we undertake to maintain confidentiality regarding internal customer information of which we become aware. Further details on confidentiality and secrecy can be found in the relevant contractual documents and marbet’s terms and conditions. We will only pass on information about customers or participants if required to do so by law or if the data subjects or customers or interested parties have given their consent. Recipients of personal data may in these circumstances be:
- Public offices, authorities and institutions (tax and financial authorities, health insurance companies, professional association, DGUV – German statutory accident insurance, for permits, possibly also the building office, district office, road traffic office, public order office)
- Credit and financial services institutions and insurance companies
- Service providers that we use within the scope of order processing relationships (e.g. IT services, logistics and passenger transport, travel services (airlines, hotels, DMCs, car rental companies, visa partners/embassies, booking portals/tour operators), printing services, consulting and project management.
Further recipients of data may be those bodies for which the data subjects have given us their consent to the transfer of data or to which we are authorised to transfer personal data on the basis of a weighing of interests.
Is data transferred to a third country or to an international organisation?
Data is transmitted to offices in countries outside the European Union (so-called third countries) if
- it is necessary for the execution of the order/inquiry or fulfilment of the contractual services (e.g. for travel or events abroad > transmission to hotels, airlines, visa partners/embassies, rental car providers, booking portals/tour operators, local service providers e.g. DMCs)
- it is prescribed by law (e.g. tax control and reporting obligations) or
- the data subjects have given us their consent
How do we handle job applications?
marbet collects and processes the personal data of job applicants for the purpose of handling the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits such documents electronically, e.g. by e-mail or via a form on a standard website. If marbet concludes an employment contract with the applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the legal regulations. If no contractual relationship is concluded, the application documents will be deleted two months after notification of the rejection decision, provided that no other of marbet’s legitimate interests stand in the way of deletion. Other legitimate interests in this sense are, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).
How long is data stored?
We process and store personal data as long as this is necessary for the fulfilment of our contractual and legal obligations as well as for the duration of a possible service provision (e.g. during consultation, offer preparation etc.).
If the data is no longer required for the fulfilment of contractual or statutory obligations it is regularly deleted, unless its – limited – further processing is necessary for the fulfilment of obligations under commercial and tax law. The periods for storage and documentation specified are generally two to ten years.
Rights of data subjects
Which data protection rights do data subjects have?
Every data subject has the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to cancellation according to Art. 17 GDPR, the right to limitation of processing according to Art. 18 GDPR, the right to data transfer according to Art. 20 GDPR and the right to object according to Art. 21 GDPR. The restrictions according to §§ 34 and 35 of the BDSG (German Federal Data Protection Act) apply to the right of information and the right to cancellation. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Para. 19 BDSG).
The right to be informed:
The right of access gives the data subject a comprehensive insight into the data concerned and certain other important criteria such as the purposes of processing or the duration of storage. The exceptions to this right, regulated in § 34 BDSG, apply.
The right of rectification:
The right to rectification includes the possibility for the data subject to have incorrect personal data that concerns him/her corrected.
Right to deletion:
The right to deletion includes the possibility for the data subject to have data deleted by the data controller. However, this is only possible if the personal data concerning him/her is no longer necessary, is being processed illegally or if consent to this has been revoked. The exceptions to this right, regulated in § 35 BDSG, apply.
The right to restriction of processing:
The right to restriction of processing includes the possibility for the data subject to prevent further processing of the personal data concerned for the time being. Restriction occurs above all in the examination phase of other rights exercised by the data subject.
The right to data portability:
The right to data portability includes the possibility for the data subject to receive the personal data concerned in a common, machine-readable format from the data controller in order to have it forwarded to another data controller if necessary.
Right to object:
Given consent to the processing of personal data may be revoked at any time, even for declarations of consent that were given before the validity of the GDPR, i.e. before 25 May 2018.Please note that such revocation is only with future effect. Processing operations that are performed prior to the revocation are not affected.
Corrections, information or objections can be sent form-free to the following address or e-mail:
marbet Marion & Bettina Würth GmbH & Co. KG
Is there an obligation for those affected to provide data?
Within the scope of a business relationship, personal data must be provided by the data subjects or customers / interested parties which is required for the commencement, implementation and termination of the business relationship and for the fulfilment of the associated obligations and contractual services or which we are legally obliged to collect. Without this information, we will usually not be able to enter into, execute and terminate a contract.
Is there automated decision making including profiling?
No automated decision making or profiling takes place.
When you visit marbet’s Facebook page (www.facebook.com/marbet.Events), we do not collect any personal information from you unless you post to our Facebook page, post comments to our Facebook page, use the Like feature, write us a Facebook message or use other Facebook services to interactively connect to our Facebook page. In such cases, you will provide us with your username, your profile photo and any other information that is made public on your Facebook profile. We do not store any of these data unless you submit requests to us that require storage for further processing. As soon as this purpose and possible legal retention periods cease to apply, we will delete your data.
How we handle our cookies?
For a better overview, read more about it here.