This Privacy Policy applies only to this website. If you are forwarded via links from our pages to other sites, please inform yourself there about the respective handling of your data.

When a page is accessed and loaded by a browser¹, each time data is collected and exchanged on the server² for the page being accessed.

If the website provides a means of entering personal or business data (email addresses, names), the user provides such information on an expressly voluntary basis.

¹ Computer program for displaying websites in the World Wide Web or in general documents and data. (Source: Wikipedia)

² Computer program or computer for accessing a central resource or service on a network. (Source: Wikipedia)

We ensure that your privacy and personal information are protected by implementing and complying with applicable data protection laws. Your trust is the driving force and foundation of our work.

We are governed by the provisions of the German Telemedia Act (TMG) and the German Federal Data Protection Act (BDSG). The necessary technical and organisational measures have accordingly been taken to ensure compliance with data protection regulations. Each time a file or page of this website is accessed, access data is automatically transmitted from your browser to the hoster of this website and saved in a log file. This relates to the following data:

• IP address of your computer (shortened)
• Port number used
• Address of the page you visited last, or from where you followed a link to the current page (referrer URL)
• Browser software (name, version number, set language, operating system)
• Timestamp logging when the webpage was accessed

We evaluate the aforementioned data solely for statistical purposes in order to measure the demand for the website or, in the case of harmful use, to make the attack comprehensible in order to take possible protective measures.

Your IP address will be shortened so that no personal reference can be made. This therefore makes it impossible for us to assign this data to a specific person. This data is also not merged with other data sources.

Via our www.expostock.de website, clients who store their own furniture or materials from events or trade fairs at Zeeh Design can view their own stock of articles with more detailed specifications (type, quantity, description, packaging, weight, etc.).

Access to this platform requires registration with Zeeh Design. To achieve access, clients receive login data ('master account') consisting of a client number and a password ('matchcode').

The data transmitted during log-in is encrypted ("https"). Log-in data will not be saved and will be used purely to restrict access to your personal area. There is no processing of data in third countries.

Clients have more options available to them in the premium version (EXPOSTOCK 'Dispo'). For example, clients can generate additional user accounts by accessing the platform via the 'Masteraccount' with its associated rights. The creation (type of password is freely selectable) and possible forwarding of this access data to internal departments or external partners, thus enabling access to the data there, is the sole decision and responsibility of the respective client.

In addition, the 'Dispo' version enables clients to create 'Events'. The data recorded there consists of the event (name of the event), the period (start and end of the event) as well as the withdrawal and return dates. This allows clients to allocate their stored equipment to individual client-specific events (material management, scheduling), and to add the stored equipment to a wide range of uses by various specialist departments. In an overview there, the respective client can view all events created by it as well as the corresponding contact persons (first name, surname) and, where applicable, the specialist department.

The respective clients are responsible for the nature and extent of their data stored there. Clients disclose this data expressly on a voluntary basis for the sole purpose of scheduling materials and transparency. The data can be viewed by specially authorized Zeeh Design employees. However, this personal data is not further processed or used.

If clients wish to outsource stored equipment, this tool can be used to request a 'Material Request' from Zeeh Design. The material request is sent directly from the tool as an email to Zeeh Design (expostock@zeeh-design.de) and from this point onwards is processed like a normal query with a request for a quotation from Zeeh Design.

Again, it is the respective clients themselves who disclose the data and on an expressly voluntary basis. Zeeh Design processes this data for the sole purpose of handling the transaction. Furthermore, we do not collect any personal data when you visit our website (www.expstock.de). Nor do we use cookies or similar techniques that can be used to track a user's access behaviour.

Zeeh Design uses its own platform (SAAS) for the secure exchange of data. Clients and agencies with whom Zeeh Design is in exchange can exchange encrypted data via the so-called upload or download links via 'https protocol' (end to end).

The data used to generate the upload or download links is limited to the acquisition and use of an email address of the desired recipient. No further data is collected. All data will be deleted immediately after the downloading or uploading has been completed.

Data which could be attributed to individual persons is not logged. The data is processed exclusively in Germany. Data is not passed on to third parties.

Our social media website is accessible on XING via https://www.xing.com/companies/zeehdesigngmbh. Personal data is not recorded by Zeeh Design there. Access statistics are not traceable to the user.

Each XING member who lists Zeeh Design GmbH as a text on his or her private profile will be displayed with further personal information on our XING website. This linking is solely at the personal discretion of the respective user, and can be changed by the user at any time and independently. Zeeh Design has no influence on this.

The website refers to the imprint and data policy at www.zeeh-design.de via a link.

Our social media website can be reached on LinkedIn via https://www.linkedin.com/company/1409832/. Personal data is not collected by Zeeh Design there. Access statistics are not traceable to the user.

Each LinkedIn member who lists Zeeh Design GmbH as a text on their private profile will be displayed as a link on our LinkedIn website. This linking is solely at the discretion of the respective user and can be changed by the user independently.

The webpage refers to our homepage at www.zeeh-design.de where further details about our privacy policy can be found.

a. Description and scope of processing
With regard to the operation of our XING company profile, in accordance with Art. 4 No. 7 of the GDPR we are, in part, jointly responsible with New Work SE. XING is a service of New Work SE, Dammtorstrasse 30, 20354 Hamburg. When you visit our company’s XING page, personal data is processed. We operate our company profile on XING to present ourselves externally, in particular to provide users with information about our company, our products, services and vacancies, combined with the possibility for users to interact with us in a targeted manner.

XING employer branding is integrated on our website. In connection with the operation of our XING website, we use the Recruiter Insight function to obtain statistical data on users and the use of our website. In order to statistically evaluate the use of our page, XING stores a cookie on the user’s device. The cookie contains a unique user ID. The information stored in the cookie is processed by XING, in particular when the user visits services provided by XING or other companies that use XING services. The visitor statistics provided to us by XING are only in aggregated form. We do not have access to the data collected by XING. XING does not transmit any data that could be used to identify individuals. You can find more information on measuring and optimizing advertising by XING here.

The agreement on joint responsibility primarily means that users can assert their data subject rights directly with XING and that no personal data about XING members is transmitted to us. We only receive aggregated statistical data from XING. If our assistance is nevertheless required in asserting your individual rights, you can contact us at any time. Further information on data protection can be found in XING’s data protection statement.

b. Purpose of processing
The purpose of processing personal data in connection with our XING page is, firstly, to compile statistics on visitor flows. This enables us to better understand how users interact with our page and the presented products and services. It enables us to design our company page better and to adapt our products and services to the needs of the users. Secondly, we process users’ personal data to be able to communicate with you directly via the media of your choice.

c. Legal basis for data processing
We operate this XING page in order to present ourselves to XING users who visit our company page and to communicate with them directly. Your personal data is processed on the basis of our legitimate interest in an optimized company and product presentation as well as direct communication with XING users (Art. 6 Paragraph 1 lit. f of the GDPR).

When we publish pictures of people, this is done with consent (the legal basis for this is Art. 6 Para. 1 lit. a of the GDPR), on the basis of a contractual agreement (the legal basis for this is Art. 6 Para. 1 lit. b of the GDPR) and in exceptional cases on the basis of legitimate interests (the legal basis for this is Art. 6 Paragraph 1 lit. f of the GDPR) in conjunction with Section 23 Paragraph 1 No. 3 Art Copyright Act).

d. Objection and removal options
In accordance with Art. 21 of the GDPR, you have the right to object to the processing for reasons that arise from your particular situation at any time. You can exercise your right of objection via the XING settings or the form for objecting to XING data processing. As a XING user, you can influence settings for advertising preferences and thereby also provide information on the extent to which your user behaviour may be recorded when you visit our XING page. You can find more information on the right of objection here.

e. Period of retention
Since we, as the operator of a XING page, are not provided with any personal data, the criteria set by XING applies to the period of retention.

a. Description and scope of processing
With regard to the operation of our LinkedIn presence, we are in accordance with Art. 4 No. 7 of the GDPR jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Personal information is collected when you visit our LinkedIn page. We operate our company page on LinkedIn to present ourselves externally, in particular to provide users with information about our company, our products, services and vacancies, combined with the possibility for users to interact with us in a targeted manner.

In connection with the operation of our LinkedIn page, we use the Page Insight function to obtain statistical data on users and the use of our page. In order to statistically evaluate usage, LinkedIn stores a cookie on the user’s device. The cookie contains a unique user ID. The information stored in the cookie is processed by LinkedIn, in particular when the user visits services provided by LinkedIn or other companies that use LinkedIn services. The visitor statistics provided to us by LinkedIn are only in aggregated form. We do not have access to the data collected by LinkedIn. LinkedIn does not transmit any data that could be used to identify individuals. You can find more information on the use of cookies by LinkedIn in their Cookie Policy. 

The agreement on joint responsibility primarily means that users can assert their data subject rights directly with LinkedIn and that no personal data about LinkedIn members is transmitted to us. We only receive aggregated statistical data from LinkedIn. If our assistance is nevertheless required in asserting your individual rights, you can contact us at any time. Further information on data protection can be found in LinkedIn’s data protection statement.

It is possible that your data will also be processed outside the European Union by the LinkedIn Corporation in the USA. LinkedIn Corporation is certified under the US-EU- Privacy Shield and thereby undertakes to comply with European data protection regulations We do not pass on any personal data.

b. Purpose of processing
The purpose of processing personal data in connection with our LinkedIn page is, firstly, to compile statistics on visitor flows. This enables us to better understand how users interact with our page and the presented products and services. It enables us to design our company page better and to adapt our products and services to the needs of the users. Secondly, we process users’ personal data to be able to communicate with you directly via the media of your choice.

c. Legal basis for data processing
We operate this LinkedIn page in order to present ourselves to LinkedIn users who visit our company page and to communicate with them directly. Your personal data is processed on the basis of our legitimate interest in an optimized company and product presentation as well as direct communication with LinkedIn users (Art. 6 Paragraph 1 lit. f of the GDPR).

When we publish pictures of people, this is done with consent (legal basis: Art. 6 Para. 1 lit. a of the GDPR), on the basis of a contractual agreement (legal basis: Art. 6 Para. 1 lit. b of the GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6 Paragraph 1 lit. f of the GDPR) in conjunction with Section 23 Paragraph 1 No. 3 Art Copyright Act).

d. Objection and removal options
In accordance with Art. 21 of the GDPR, you have the right to object to the processing for reasons that arise from your particular situation at any time. You can exercise your right of objection via the LinkedIn settings or the form for objecting to LinkedIn data processing. As a LinkedIn user, you can influence settings for advertising preferences and thereby also provide information on the extent to which your user behaviour may be recorded when you visit our LinkedIn page. You can find more information on the right of objection here.

e. Period of retention
Since we, as the operator of a LinkedIn page, are not provided with any personal data, the criteria set by LinkedIn applies to the period of retention.

This section covers information about the processing of personal data in connection with online meetings.

Responsible organisation
Zeeh Design GmbH is the responsible organisation for data processing directly related to the implementation of online meetings.

Note
If you visit the internet sites of our software tool suppliers, the provider of the respective software tool is responsible for data processing. For the purposes of using the tool, visiting the supplier’s website is only necessary for downloading the software.

You can use the tools by entering the respective meeting ID and any other meeting access data directly in the tool app.

If you do not want to or cannot use the tool apps, the basic functions can also be used via a browser version, which can also be found on the respective tool supplier’s website.

Subject of the data protection
The subject of the data protection is personal data. According to Art. 4 Para. 1 of the GDPR, this is any information that relates to an identified or identifiable person. This includes, for example, information such as first and last name, email addresses, as well as usage data such as the IP address.

Purpose of processing
We use the zoom service for telephone conferences, online meetings, video conferences and / or webinars (hereinafter: "Online Meetings").  Zoom is a service from Zoom Video Communications, Inc., based in the United States.

Which data are processed?
Different types of data are processed during use. The scope of the data also depends on the data you provide before or while participating in an online meeting. The following personal data are processed:

• To take part in an online meeting or to enter the meeting room, you as a guest must, as a minimum, provide information about your name.
• Information on registered users of the apps: First name, last name, e-mail address and password (also depending on the use of "single sign-on"), telephone, profile picture and department can be specified optionally.
• Meeting metadata: Topic, participant IP addresses, device and hardware information, the description of the meeting and the topic are optional.
• For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
• When dialing in by phone: Information on the incoming and outgoing phone number, country, start and end time. Possibly, further connection data, such as the IP address of the device, can be saved.
• Text, audio and video data: Where necessary, options to use chat, question or survey functions in an online meetings are available. In this respect, the text you enter is processed in order to display it in the online meeting and, if necessary, to record it. For display of video and playback of audio, the data from your device’s microphone and any video camera on the device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the tool apps.

Scope of processing
We use the tools mentioned to hold online meetings. If we want to record online meetings, we will inform you transparently in advance and – if necessary – ask for your consent. When recording is taking place, this fact will be displayed in the respective tool app.

We will log the chat content where necessary for the purpose of logging the results of an online meeting. However, this will usually not be the case.

In the case of webinars, we may also process questions asked by participants for the purpose of recording and post-processing webinars.

Automated decision-making within the meaning of Art. 22 of the GDPR is not used.

Legal basis for data processing
Insofar as personal data is processed by employees of Zeeh Design GmbH, Section 26 (1) S. 1 of the GDPR or Article 6 (1) lit. f of the GDPR provide the legal basis for data processing. If, in connection with the use of the respective tool, personal data is not required for the implementation, establishment or termination of the employment relationship, but is an elementary part of the use of the tool, Art. 6 Para. 1 lit. f of the GDPR provides the legal basis for data processing. Our interest in these instances relates to the efficient implementation of online meetings.

The legal basis for data processing in the implementation of online meetings is Art. 6 Para. 1 lit. b of the GDPR, insofar as the meetings are held in the context of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 Para. 1 lit. f of the GDPR. Our interest in these instances also relates to the efficient implementation of online meetings.

Recipient / transfer of data
Personal data processed as a result of participation in online meetings are generally not passed on to third parties unless they are specifically intended to be.

Other recipients: the above-mentioned data is shared with the respective tool provider where it is required as part of our contractual agreement with them.

Data processing outside the European Union
The services are provided by tool providers based in the USA. Processing of personal data also takes place in a third country. Our data processing contracts with these providers meet the requirements of Art. 28 GDPR.

An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.

The provisions of the German Telemedia Act apply to this website. Subject to special statutory provisions, the German Federal Data Protection Act also applies insofar as personal data is processed on this website. From 25 May 2018, the General Data Protection Regulation (GDPR) and the new version of the German Federal Data Protection Act (BDSG n.F.) also apply.

You have the right at any time to obtain specific information about the data stored about you, to view this data and to demand that incorrect data about you be corrected or that the stored data be completely or partially deleted.

If the processing of your personal data is based on your consent, you may revoke your consent to processing at any time with future effect. The relevant data will then be deleted or blocked immediately, in accordance with legal storage periods.

You can send your revocation of consent, stating your full name and email address, to the following postal or email address:

Zeeh Design GmbH
– Datenschutz –
Boschstraße 16
82178 Puchheim
Germany
Tel. +49 (0) 89 / 89 01 33 - 0
datenschutz[at]zeeh-design.de

If you have any questions about data privacy aspects, you can reach us at the following email address:

datenschutz[at]zeeh-design.de

If you have any questions about the collection, processing or use of your personal data on this website, please write to:

Zeeh Design GmbH
– Datenschutz –
Boschstraße 16
82178 Puchheim
Germany
Tel. +49 (0) 89 / 89 01 33 - 0
Fax +49 (0) 89 / 89 01 33 - 10

The Bavarian Data Protection Authority (BayLDA), which is responsible for overseeing data protection law in the non-public sector³ in Bavaria, can be reached at the following address:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
91522 Ansbach
Germany
Tel. +49 (0) 981 / 53 12 - 28
www.lda.bayern.de

³ In regard to private business enterprises, self-employed persons, associations and organisations as well as on the Internet

We link to information videos on our website. Videos are a good way of conveying content better. Local hosting does not have the capacity necessary for the display of the videos, so we use YouTube as an external provider. By default, only non-active images of the YouTube video are embedded to ensure there is no automatic connection to the provider's servers. This prevents your data being transmitted to YouTube and its operator Google while you are visiting our website. Only if you click on a video, is a connection to YouTube established in order to integrate the video for you on our site. With the connection to the video, a connection to the provider’s server is made for technical reasons. Regarding the use of data from your browser or end device associated with this, we refer you to the data protection information from YouTube, as it is responsible for the corresponding data processing. You can download YouTube’s data protection information from here.

As a further protective measure against tracking, we generally incorporate the videos in "extended data protection mode" so that only a minimum of personal data is transmitted to YouTube.

The legal basis for the integration of YouTube videos and the associated transmission of the technically required data to Google Ireland Limited, based in Gordon House, Barrow Street Dublin 4. in Ireland is Art. 6 Para. 1 lit. f) GDPR.

Our videos are integrated via a 2-click solution that provides the user the option to give consent. By clicking to play the videos, you give your consent that the data required for the video integration (including the Internet address of the current page and your IP address) will be transmitted to Google. You can revoke this consent at any time by deleting the cookies that were set by our website via the settings of your browser.

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. Further information about handling user data, can be found in the data protection declaration of Google at: https://www.google.de/intl/de/policies/privacy/.

Our website uses cookie consent technology from Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser and to document them in compliance with data protection regulations. The provider of this technology is Borlabs - Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).

When you access our website, a Borlabs cookie is saved in your browser, in which the consent you have given or the revocation of this consent is saved. This data is not passed on to the Borlabs Cookie provider. The recorded data is stored until you ask us to delete it or delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://borlabs.io/kb/what-information-does-borlabs-cookie-store/

The Borlabs cookie consent technologies are used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 Paragraph 1 Sentence 1 lit. C of the GDPR.

Description and scope of the data processing 
Google Analytics (with an anonymisation function) is integrated on our website. Google Analytics is a web analytics service. Web analysis refers to the capturing, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to our website (so-called referrers), which subpages of the website were accessed or how often, and for how long the subpage was viewed. We use web analytics primarily for optimising our website and for conducting cost-benefit analyses of the internet advertising.

The operator for the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. The controller uses the application "_gat._anonymizeIp" for web analytics through Google Analytics. By means of this application, the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our website from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.

Google Analytics sets a cookie on the data subject's information technology system. Setting this cookie enables Google to analyse the usage of our website. Each time one of the webpages is accessed on this website, which is operated by the controller and in which a Google Analytics component has been integrated, the Internet browser on the data subject's information technology system is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google is provided with personal data, such as the IP address of the data subject, which among other things help Google to track the origin of the visitors and clicks, and subsequently enable the settlement of commissions.

The cookie stores personal information, such as the access time, the location from where the access was made, and the frequency with which our website is visited by the data subject. Each time you visit our website, your personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.

Purpose of the data processing
The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.

Legal basis for data processing
The legal basis for the web analysis by Google Analytics is the consent pursuant to Article 6(1) point (a) GDPR.

Duration of storage
The data stored by tracking is erased as soon as it is no longer needed for recording purposes. In our case, this is the case after 12 months.

Means of objection and termination
As described above, the data subject can prevent our website from setting cookies at any time by accordingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Such an adjustment of the Internet browser settings would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, you can prevent Google from logging the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to installing the browser plugin, especially on Internet browsers on mobile devices, you can prevent your data from being collected by Google Analytics by clicking on the following link: (https://tools.google.com/dlpage/gaoptout?hl=en)

Disable Google Analytics
This stores a so-called opt-out cookie on your device which prevents the future collection of your data by Google Analytics when visiting this website. Please note that if you delete cookies in your browser settings, the opt-out cookie from Google Analytics could also be deleted, which would then have to be re-enabled by you.

Further information and Google's currently applicable Privacy Policy can be found at https://www.google.com/intl/en/policies/privacy/ and at https://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail at https://www.google.com/intl/en_en/analytics/.

We use service providers for the provision of services, in particular for the provision, maintenance and care of IT systems and for the operation of cloud-based applications. Our service providers process your personal data on our behalf and according to our instructions within the European Union, unless otherwise specifically stated in this data protection notice (in particular XING and LinkedIn).

We have concluded the EU standard contractual clauses with our US providers. Please note that these providers undertake to comply with the EU data protection standards, thereby ensuring an appropriate level of protection for your personal data under the data protection law.

As a result of the dynamic development of our Internet presence, it may be necessary for us to make adjustments to our Privacy Policy from time to time. Please therefore refer to the latest version of our Privacy Policy. (Current version: V009_ 2020_09_28_EN).

The corporate purpose of the company is the conception, planning, design, distribution, rental and set up of trade fair and advertising constructions, displays, audiovisual communication systems, event services, and the design of interior and exterior spaces.

a. Point of contact
Zeeh Design GmbH
Boschstraße 16
82178 Puchheim
Germany
Tel.  +49 (0) 89 / 89 01 33 - 0
Fax  +49 (0) 89 / 89 01 33 - 10
Executive Directors: Julian Hauser, Tobias Müller
datenschutz[at]zeeh-design.de
www.zeeh-design.de

b. Contact data protection officer
datenschutz@zeeh-design.de

c. Recipients
Zeeh Design transmits your personal data if required to service providers contracted by Zeeh Design GmbH, who carry out so-called order processing activities (payroll, IT service providers, telecommunication providers, electronic invoice processing and archiving, file sharing, web hosting, task management and collaboration).

Data may also be transmitted to other recipients, such as authorities for the fulfilment of legal reporting obligations, or persons who are under obligation to observe professional secrecy (accountants, tax consultants, lawyers).

d. Transfer of personal data to third countries
Zeeh Design GmbH does not transmit your personal data to third countries.

e. Retention period
At Zeeh Design, we generally erase your personal data once the purpose for processing the data has been fulfilled, or once the legally required evidence retention and data retention periods have expired.

You can find more details in the sections for customers, suppliers, prospective customers and applicants.

f. Your rights as a 'data subject' (customers, suppliers, prospective customers, applicants, etc.)
If your personal data is processed by Zeeh Design GmbH, you have the following rights with regard to the processing of your personal data, according to the GDPR:

• Right to information (Article 15 General Data Protection Regulation, GDPR)
• Right to rectification (Article 16 General Data Protection Regulation, GDPR)
• Right to erasure/right to be forgotten (Article 17 General Data Protection Regulation, GDPR)
• Right to restriction of processing (Article 18 General Data Protection Regulation, GDPR)
• Right to data portability (Article 20 General Data Protection Regulation, GDPR)
• Right to object (Article 21 General Data Protection Regulation, GDPR)

g. Revoking consent
If you have provided your consent for your data to be processed, you may revoke your consent at any time with future effect. The respective data is then immediately blocked or erased, in accordance with legal data retention periods.

You may revoke your consent in the same way you provided it. Alternatively, you can contact us on the following postal or email address, providing your full name and email address.

Zeeh Design GmbH
– Datenschutz –
Boschstraße 16
82178 Puchheim
Germany
Tel. +49 (0) 89 / 89 01 33 - 0

h. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority if you have any concerns about your privacy. The supervisory authority for the private sector in Bavaria can be contacted at the following address:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Germany
Tel. +49 (0) 981 53 12 - 28
www.lda.bayern.de

i. Automated decision-making, including profiling
Zeeh Design does not carry out any automated decision-making or profiling based on the processing of your data.

a. Purposes and legal basis of data processing
At Zeeh Design GmbH, we collect our customers' personal data for the purposes of maintaining business operations. The corporate purpose of the company is the conception, planning, design, distribution, rental and set up of trade fair and advertising constructions, displays, audiovisual communication systems, event services, and the design of interior and exterior spaces.

The legal basis for the processing of our customers' personal data is the performance of a contract, to which the customer is a party, or for the performance of pre-contractual measures, at the customer's request (article 6, (1) b) of the GDPR).

In addition to the purposes of the performance of a contract, Zeeh Design GmbH processes personal data on the basis of legitimate interest (article 6 (1) f) of the GDPR).

b. Legitimate interests of Zeeh Design
The successful processing of orders constitutes a legitimate interest on the part of Zeeh Design GmbH. Given that the exchange of e.g. contact information or other personal data with persons involved is necessary for the fulfilment of the contract, the processing of data for the successful processing of the order lies within the reasonable expectations of the data subject.

c. Retention period
Once data has been processed, contact information is maintained in an ERP solution (Microsoft Dynamics NAV) on an ongoing basis, and is erased, for example, if the dissolution of the business becomes known. For contact information that has been collected on the basis of a business relationship where the data subject is a debtor or creditor, the relevant retention periods and obligations apply.

d. Obligations regarding the provision of personal data
Any personal data we process, provided this is processed in accordance with the legal requirements outlined in article 6 (1) b) c) or d) of the GDPR, is required, for example to ensure the proper conclusion/performance of a contract.

a. Purposes and legal basis of data processing
At Zeeh Design GmbH, we collect our suppliers' personal data for the purposes of maintaining business operations. The corporate purpose of the company is the conception, planning, design, distribution, rental and set up of trade fair and advertising constructions, displays, audiovisual communication systems, event services, and the design of interior and exterior spaces.

The legal basis for the processing of our suppliers' personal data is the performance of a contract, to which the customer is a party, or the performance of pre-contractual measures at the customer's request (article 6, (1) b) of the GDPR).

In addition to the purposes of the performance of a contract, Zeeh Design GmbH processes personal data on the basis of legitimate interest (article 6 (1) f) of the GDPR).

b. Legitimate interests of Zeeh Design
The required exchange of e.g. contact information with persons involved in the fulfilment of the contract with a view to successfully processing the order constitutes a legitimate interest of Zeeh Design GmbH.

c. Retention period
Contact details of our suppliers' points of contact are identified during the course of purchasing services and products. These persons are contacted by telephone or in writing for the submission of offers. The contact information is collected within the same scope as customer data. If a business relationship is established, the contact will be qualified as a 'creditor' in our ERP solution. As part of the ongoing maintenance of our database, contacts who qualify as 'creditors' are maintained, updated, corrected, and stored/erased within the statutory retention periods.

a. Purposes and legal basis of data processing
At Zeeh Design GmbH, we collect the personal data of potential customers for the purposes of securing and maintaining any future business operations.

The legal basis for processing the personal data of our potential customers may be the performance of pre-contractual measures, which are carried out at the request of the respective data subject (article 6 (1) b) of the GDPR).

In addition to the purposes of the performance of a contract, Zeeh Design GmbH may process personal data on the basis of legitimate interest (article 6 (1) f) of the GDPR).

b. Legitimate interest of the data controller
Maintaining future business operations based on acquisitions constitutes a legitimate interest on the part of Zeeh Design GmbH. Given that the processing (storage) of e.g. contact information is necessary for the fulfilment of the contract, the processing of data for the successful processing of the order lies within the reasonable expectations of the data subject.

c. Retention period
Zeeh Design GmbH will erase the personal data of potential customers after a period of approx. 2 years, provided no contractual relationship has been established with Zeeh Design GmbH.

If a contractual relationship is established, data is stored as outlined in section 1e.

a. Purposes and legal basis of data processing
We process the personal data of our applicants to establish employment relationships. The legal basis for the processing of applicants' personal data can be found in article 88 of the GDPR and article 26 of the German Data Protection Act (BSDG-neu).

b. Retention period
Your application data will be erased or returned to you by Zeeh Design GmbH after a period of 4 months from the end of the application process.