Thank you for your interest in our company. Data protection is a top priority for the management of marbet Marion & Bettina Würth GmbH & Co. KG. In general, this website can be used without supplying any personal data.
The following information is designed to provide an overview of the processing of personal data at marbet, as well as the rights of data subjects under data protection law. The data that we process in each individual case and how it is used depends largely on the services agreed/used. As a result, not all parts of this information will apply to all data subjects in the same way.
Contact I Who is responsible for data processing and who is my point of contact?
The “controller” within the meaning of the General Data Protection Regulation, other data protection laws that apply in the member states of the European Union and other data protection provisions is
marbet Marion & Bettina Würth GmbH & Co. KG
74523 Schwäbisch Hall
Management: Tobias Rieger
You can contact our company data protection officer
Mr Martin Goebes
on behalf of DSS-connect GmbH
74177 Bad Friedrichshall
Which sources and data do we use?
We process personal data that we receive from our customers or other data subjects in the course of our business relationship. In addition, we process – to the extent necessary for the provision of our service – personal data that we permissibly obtain from publicly accessible sources (e.g. press, Internet, social media).
Relevant personal data includes personal details (name, address and other contact details, date and place of birth, as well as nationality), identification data (e.g. ID card data), bank and credit data, travel details (date of arrival and departure, travel destination, flight details, hotel details, etc.), as well as other data comparable to the above categories.
In the context of the specific commissioning and implementation of events, we process personal data concerning participants (e.g. dress size, shoe size), in exceptional cases and, if necessary for the implementation of the event, possibly also health data (allergies, illnesses, disability status), travel details (date of arrival and departure, travel destination, flight details, hotel details, etc.).
Legal basis of processing I What do we process data for?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
- a) to fulfil contractual obligations (Article 6(1a) GDPR)
Data is processed so that we can provide our services, to facilitate the development, planning and realisation of events, incentives and guest & travel services (private, business and group travel, as well as participant handling) within the context of the performance of the agreement as well as pre-contractual measures, which are mostly carried out upon request. The purposes of the data processing depend primarily on the specific product/service and may include consultancy, conceptual development and implementation of live communication services, travel planning, booking and implementation, as well as related additional services such as obtaining visas, insurance services, etc. Further details on the data processing purposes can be found in the relevant contractual documents.
- b) to safeguard legitimate interests (Article 6(1f) GDPR)
To the extent necessary, we process data to safeguard our legitimate interests, in particular to maintain contact with business customers and, if necessary, to address them, to provide hospitality and accommodation for guests and service providers, to ensure IT security and IT operations, to keep internal data confidential, to assert legal claims and to defend ourselves in legal disputes, except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects or the use of the data is objected to.
- c) based on your consent (Article 6(1a) GDPR)
Insofar as we have been granted consent to process the personal data concerning data subjects for specific purposes (e.g. CRM customer database, newsletter dispatch, traveller profiles for business and private trips, online registration of participants, as well as participant data management), the lawfulness of this processing is based on the consent of the data subject. Consent granted can be revoked at any time. This also applies to the revocation of declarations of consent that you submitted to us before the GDPR came into force, i.e. before 25 May 2018. The revocation of consent is only effective for the future and does not affect the legality of the data processed up until the revocation.
- d) on the basis of statutory requirements (Article 6(1c) GDPR) or in the public interest (Article 6(1e) GDPR)
In addition, as a service provider in the live communication and travel industry, we are subject to various legal obligations, i.e. statutory requirements (such as tax law, commercial law, travel law, copyright law, insurance law, labour law, employers’ liability insurance association, DGUV – German statutory accident insurance) and regulations (e.g. German Regulation on Places of Assembly (Versammlungsstättenverordnung)). The purposes of the processing include, among others, the fulfilment of control and reporting obligations under tax law.
Recipient categories I Who receives the data?
Within marbet, the departments that gain access to personal data are those departments that need the data to fulfil our contractual services (as agreed with our customers) and statutory obligations. Service providers and vicarious agents commissioned by us may also receive data for this purpose if they have been obligated to comply with the obligations under data protection law and an appropriate level of protection is ensured.
With regard to the transfer of data to recipients outside marbet, it is important to note that we undertake to maintain confidentiality regarding internal customer information of which we become aware. Further details on confidentiality and non-disclosure can be found in the relevant contractual documents and the marbet terms and conditions of business. As a matter of principle, we only pass on information about customers/participants if this is required under statutory provisions or if consent has been obtained from the data subject/customer/interested party. Recipients of personal data in such cases may include:
- Public bodies, authorities and institutions (tax and financial authorities, health insurance companies, employers’ liability insurance association, DGUV – German statutory accident insurance, for permits – where appropriate also building authorities, district council, road traffic authorities, law and order authorities (Ordnungsamt))
- Credit and financial services institutions, as well as insurance companies
- Service providers that we use in the context of contract processing relationships (e.g. IT services, logistics and passenger transport, travel services (airlines, hotels, DMCs, car rental providers, visa partners/embassies, booking portals/tour operators), printing services, consultancy and project management
Other data recipients can include those bodies for which the data subjects have granted us their consent for the transfer of data, or to which we are authorised to transfer personal data based on the weighing up of interests.
We will send you regular product recommendations by e-mail independently of the newsletter. This means that we will send you information about products from our range that you may be interested in based on your recent purchases of goods or services from us. We strictly comply with the statutory requirements in this regard. You can opt to object to receiving these recommendations at any time without incurring any costs other than the transmission costs charged at the basic rate. Notification in written or electronic form (e.g. e-mail, fax, letter) sent to the contact details set out in section 1 shall be sufficient in this respect. You will also, of course, find our contact details in every e-mail. The legal basis in this regard is the statutory permission according to Article 6(1) sentence 1f GDPR in conjunction with section 7 (3) of the German Act Against Unfair Competition (UWG).
If you contact us (e.g. using our contact form or by e-mail), we will process your information to process the enquiry and in the event that any follow-up questions arise. If the data processing is carried out for the implementation of pre-contractual measures which are carried out upon your request, or, if you are already our customer, for the performance of the agreement, the legal basis for this data processing is Article 6(1) sentence 1b GDPR. We only process further personal data if you consent to this (Article 6(1) sentence 1a GDPR) or if we have a legitimate interest in processing your data (Article 6(1) sentence 1f GDPR). Responding to your e-mail, for example, is a legitimate interest.
We maintain publicly accessible profiles on social networks.
- Facebook Inc.
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Facebook pages based on an agreement on the joint processing of personal data
https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
- Google My Business (GMB)/Google My Places:
Reviews widget, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy statement:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
XING AG, Dammtorstraße 30, 20354 Hamburg
Facebook Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Facebook pages based on an agreement on the joint processing of personal data
Will data be transmitted to a third country or an international organisation?
Data is transferred to bodies in countries outside the European Union (known as third countries), insofar as
- this is necessary for the execution of the order/enquiry or the fulfilment of the contractual services (e.g. in the case of travel or events/events abroad > transmission to hotels, airlines, visa partners/embassies, car rental providers, booking portals/tour operators, local service providers, e.g. DMCs)
- this is required by law (e.g. control and reporting obligations under tax law) or
- the data subjects have given us their consent
In the event that we outsource certain parts of data processing (“contract data processing”), we subject the contract data processors we commission to the obligation to use personal data only in accordance with the requirements of data protection law and to ensure the protection of the data subject’s rights.
How do we handle applications?
marbet collects and processes personal data concerning applicants for the purpose of executing the job application procedure.
The legal basis for the processing of your personal data for the purposes of the employment relationship is Article 88 GDPR in conjunction with section 26 of the German Federal Data Protection Act in the version dated 25 May 2018 (BDSG new).
The data may also be processed electronically. This is the case in particular if an applicant submits the relevant documents, for example by e-mail, via our applicant tool on our website or via a form located on third-party websites.
Data is only collected and processed for this purpose insofar as this is required by law for the application procedure or the initiation of an employment relationship. Insofar as any further data is not required directly for the implementation of the application procedure, the processing is based on a legitimate interest of the company pursuant to Article 6(1f) GDPR.
If no contractual relationship is concluded, the application documents will be deleted four months after notification of the rejection decision, provided that there are no other legitimate interests for marbet arguing against their deletion.
A legitimate interest may arise, for example, for internal organisational and administrative purposes, to protect the company’s facilities, equipment and assets, in the context of the duty to provide evidence in proceedings under the German General Act on Equal Treatment (AGG) and with regard to data processing equipment and data. Processing of your data is permitted in such cases if the protection of your interests, fundamental rights and freedoms does not outweigh our interests.
In some cases, we ask for your consent to the processing or transfer of your data (e.g. for the inclusion of your data in our applicant pool). In such cases, your consent is voluntary and you can revoke it at any time with effect for the future. You will not suffer any disadvantages as a result of opting not to grant consent or possibly revoking your consent later on.
If marbet concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in accordance with the statutory provisions.
marbet uses an online survey tool for quality assurance as part of its activities as an event organiser.
This online survey tool is operated on the computer systems of a contract data processor (external hosting). We only, however, process personal data in connection with surveys if it is absolutely necessary for the implementation of the survey (e.g. to check eligibility to participate in a survey for a restricted group of users). This means that data such as IP address, referrer URL, timing of voting behaviour, etc. is not collected in connection with surveys. Unless we specifically state otherwise, the surveys are anonymous.
The legal basis for the processing of personal data in the context of the online surveys described is our legitimate interest in optimising our processes and quality assurance (Article 6(1f) GDPR).
Duration of storage I How long is data stored for?
We process and store personal data as long as this is necessary for the fulfilment of our contractual and statutory obligations, as well as for the duration of potential service provision (e.g. in cases involving consultancy, the preparation of offers, etc.).
If the data is no longer required in order to fulfil contractual or statutory obligations, it will be erased at regular intervals, unless its – temporary – further processing is required to comply with
- commercial and tax law retention periods. The retention/documentation periods specified in these pieces of legislation generally amount to between two to ten years.
Data subjects’ rights I What data protection rights do data subjects have?
All data subjects have the right to receive information in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to data portability pursuant to Article 20 GDPR and the right to object pursuant to Article 21 GDPR. The right to information and erasure are subject to the limitations set out in sections 34 and 35 of the German Federal Data Protection Act (BDSG). In addition, there is a right to lodge a complaint with a responsible supervisory authority (Article 77 GDPR in conjunction with section 19 BDSG).
Right to information: The right to receive information gives the data subject a comprehensive insight into the data concerning him/her and a number of other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right set out in section 34 BDSG apply.
Right to rectification: The right to rectification includes the possibility for the data subject to have inaccurate personal data concerning him/her corrected.
Right to erasure: The right to erasure includes the possibility for the data subject to have data erased by the controller. This is only possible, however, if the personal data concerning him/her is no longer required, is being processed unlawfully or if consent in this regard has been revoked. The exceptions to this right set out in section 35 BDSG apply.
Right to restriction of processing: The right to restriction of processing includes the possibility for the data subject to prevent the further processing of the personal data concerning him/her for the time being. Processing is restricted, in particular, when the other scenarios involving the exercise of rights by the data subject are being evaluated.
Right to data portability: The right to data portability includes the possibility for the data subject to receive the personal data concerning him/her from the controller in a commonly used, machine-readable format in order to have it forwarded to another controller where appropriate.
Right to object: Consent granted for the processing of personal data can be revoked at any time, including for declarations of consent issued before the GDPR came into force, i.e. before 25 May 2018. Please note that revocation is only effective for the future. Processing operations performed before the revocation are not affected.
Requests of rectification, information or objections can be sent informally to the following address/e-mail:
marbet Marion & Bettina Würth GmbH & Co. KG
74523 Schwäbisch Hall
Are data subjects obliged to provide data?
Within the context of a business relationship, the data subjects/customers/interested parties must provide the personal data that is required for the establishment, implementation and termination of the business relationship and for the fulfilment of the associated obligations and contractual services, or which we are obliged to collect by law. Without this data, we will generally not be able to conclude, execute and terminate an agreement.
Is automated decision-making incl. profiling used?
No automated decision-making or profiling is used.