Privacy statement Instagram
1) Information on collecting personal data and contact details of the responsible person
1.1 Below we inform you about the handling of your personal data. Personal data is all data with which you can be personally identified.
Please check carefully which personal data you share with us through Instagram. Instagram is part of the Facebook group of companies and shares the infrastructure, systems and technology with Facebook and other Facebook companies (https://www.facebook.com/help/111814505650678?ref=dp). We expressly point out that Facebook stores the data of those using its services (e.g. personal information, IP address, etc.) and may also use them for business purposes. For more information about Facebook data processing at Instagram, see Instagram’s privacy policy at https://help.instagram.com/519522125107875?helpref=page_content.
We have no influence on the data collection and further processing by Facebook. Furthermore, it is not clear to us to what extent, at what location and for how long the data will be stored, to what extent Facebook will comply with existing deletion obligations, which evaluations and links will be made with the data and to whom the data will be forwarded. If you would like to avoid Facebook processing any personal information you provide to us, please contact us by other means. You can find our complete contact details on our legal notice on Instagram.
1.2 Data processor under the General Data Protection Regulation (GDPR):
Berlin Tourismus & Kongress GmbH
Schöneberger Straße 15
10963 Berlin (Germany)
Tel.: 030/ 25 00 23 33 Fax: 030/ 25 00 24 24
Email: hallo@visitBerlin.de,
insofar as we process the data you transmit to us via Instagram exclusively ourselves. Insofar as the data you send us via Instagram is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also responsible for data processing as laid down in the General Data Protection Regulation (GDPR) in addition to us.
The data processor is the natural or legal person that determines alone or jointly with others the purposes, conditions and means of the processing of personal data.
2) Data protection officer
You can reach our data protection officer as follows:
AMD TÜV Arbeitsmedizinische Dienste GmbH
Herr Oliver Gröger
Alboinstraße 56
12103 Berlin
datenschutz@visitBerlin.de
You can contact the Facebook data protection officer via the online contact form provided by Facebook at https://www.facebook.com/help/contact/540977946302970.
3) Data processing when contacting us
We ourselves collect personal data when you contact us, e.g. via contact form or messenger. You can see which data we collect when you contact us via the contact form from the relevant contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f GDPR. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request, unless there are any legal obligations to store it. We assume that the matter will be dealt with conclusively if it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
4) Dirico / Talkwalker
On our website, we use active page elements from Dirico, 274GRAD Labs GmbH, Universitätsstraße 3, 56070 Koblenz with your consent. Through the application of Dirico, current content published on Instagram is displayed. The processing of cookies through the provision of Dirico is the sole responsibility of Dirico. More information is available here: https://dirico.io/en/imprint/.
As far as social media content from Instagram is provided via Dirico, Instagram is responsible for this content: Instagram is a service operated by Facebook Ireland Ltd. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the processing of personal data processed in the context of interaction with Instagram content. Facebook's privacy policy is available at: https://www.facebook.com/about/privacy/. Instagram's separate privacy policy is available at: https://help.instagram.com/519522125107875?helpref=page_content and the cookie policy at: https://help.instagram.com/1896641480634370?ref=ig.
When you enable page content provided through Dirico, your IP address is processed and cookies are stored on your device.
We use your personal data, in particular your IP address, your browser data and cookies, to provide the Dirico application. We include Dirico here to be able to report on Facebook and Instagram campaigns, and provide you with social media content and interactions just seconds after they are published. Dirico’s integration also enables real-time posting interaction with social media content directly from our website.
We also use the provider Talkwalker for these services: Talkwalker GmbH, Taunusanlage 8, 60329 Frankfurt am Main.
As far as legally required, we have obtained your consent in accordance with Art. 6 para. 1 lit. a of the GDPR for the processing of your data as described above. You can revoke your consent at any time with future effect. To exercise your right of revocation, deactivate this service in the Cookie Consent Tool provided on the website or alternatively follow the option described above to make an objection.
The service provider Dirico is based in Germany and Facebook Inc. are based in the USA. The USA is a third country without an adequate level of data protection. However, the adequate level of protection for the transfer of personal data to the USA is guaranteed by an adequacy decision of the Commission in accordance with Art. 45 para. 9 of the GDPR. The adequacy decision (EU-US Privacy Shield) requires a self-certification of the US companies submitting to this decision. Facebook Inc. has submitted to this decision.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
5) Rights of data subjects
5.1 The applicable data protection law grants you comprehensive data subject rights with respect to the entity responsible for processing your personal data (rights of access and intervention) about which we inform you below:
- Right to information as per Article 15 GDPR;
- Right to rectification as per Article 16 GDPR;
- Right to erasure as per Article 17 GDPR;
- Right to restriction of processing as per Article 18 GDPR;
- Right to notification as per Article 19 GDPR;
- Right to data portability as per Article 20 GDPR;
- Right to withdraw consents granted as per Article 7 para. 3 GDPR;
- Right to lodge a complaint as per Article 77 GDPR.
5.2 RIGHT TO OBJECT
IF AS PART OF THE BALANCING OF INTERESTS WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREVAILING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO SUBMIT AN OBJECTION TO SUCH PROCESSING WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR SPECIFIC SITUATION.
IF YOU MAKE USE OF YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING GROUNDS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US IN ORDER TO CONDUCT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR THE PURPOSE OF DIRECT ADVERTISING.
6) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the processing purpose and - if relevant - also on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When personal data is processed on the basis of express consent in accordance with Art. 6 para. 1 lit. a of the GDPR, this data is stored until the person concerned revokes his or her consent.
If there are statutory retention periods for data that is processed within the scope of legal obligations or similar obligations on the basis of Art. 6 para. 1 lit. b of the GDPR, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the performance of the contract or the initiation of the contract and/or there is no legitimate interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6 para. 1 lit. f of the GDPR, this data is stored until the data subject exercises his or her right to object in accordance with Art. 21 para. 1 of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f of the GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Art. 21 para. 2 of the GDPR.
Unless stated otherwise in the other information in this statement about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or processed.
Copyright © 2021, IT-Recht-Kanzlei, Alter Messeplatz 2, 80339 Munich, Germany Phone: +49 (0)89 / 130 1433 0 Fax: +49 (0)89 / 130 1433 - 60
Version: February 2024