Data Privacy Statement

§ 1 Information on the collection of personal data

(1) In the following, we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. In this way, we would like to inform you about our processing operations and at the same time fulfil our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

(2) The controller pursuant to Art. 4 (7) GDPR is 

Publix gGmbH 
Industriestraße 2 
79541 Lörrach
T +49 (0)30 62 72 45 59
hello@publix.de  

If you have any questions about data protection, you can contact our data protection officer Anna Cardillo at any time at ac@cardillo-consulting.com 

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your surname and first name, your company and, if applicable, your telephone number) will be stored by us in order to process your questions and bookings. If the enquiry is assigned to a contract, we delete the data arising in this context after the contract period, or after the storage is no longer required, or we restrict the processing if there are statutory retention obligations.

(4) If we use contracted service providers for individual functions of our offer, we will always carefully select and monitor these service providers and inform you in detail below about the respective processes.  

(5) We initially collect, process and use the data that you provide to us as part of our business relationship. This includes the following data in particular: 

  • Master data of the customer(s), in particular name 
  • Contact data of the customer(s), in particular current address, telephone numbers and e-mail addresses 
  • Contract data such as order and confirmation date, order and customer number 

We collect and process your personal data as part of the initiation of a contractual relationship and to fulfil our contractual obligations towards you (Art. 6(1b) GDPR). The data is deleted after the retention period of ten years.

(6) We use HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing, such as our contact management and the sending of invitation emails, which we use to provide a link to register for our events.

We process the following data

  • email address
  • First name, surname
  • Company/organisation

This information is stored on servers of the provider HubSpot.

HubSpot is a software company from the USA with a branch in Ireland:

HubSpot European Office
Ground Floor, Two Dockland Central
Guild Street, Dublin D01 K2C5, Ireland
Telephone: +353 1 5187500

Since personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.

Furthermore, the Data Privacy Framework (DPF), which came into force on 10 July 2023, allows data to be transferred to the USA if the recipients in the third country are certified and listed in accordance with the DPF.
HubSpot is included in the list as ‘Active’.

The complete list of companies can be found here.

(7) If you register for one of our events on our website, by e-mail or via an invitation link that we send you, we will process your personal data to the extent necessary for the organisation, implementation and follow-up of the event. We collect the following data from you for this purpose: First and last name, company/organisation, address, email address. The legal basis for this results from Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary for participation in the event and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or fulfil the contract. Once the purpose has been achieved (e.g. execution of the contract), the personal data will be blocked for further processing or deleted, unless we are authorised to further processing on the basis of consent given by you (e.g. consent to the processing of the e-mail address for sending electronic advertising mail), a contractual agreement, a legal authorisation (e.g. authorisation to send direct advertising) or on the basis of legitimate interests (e.g. retention for the enforcement of claims). 

For guest management, we use the ‘pretix’ software solution from rami.io GmbH, a company specialising in events, separately for individual events and within our online offering. The service provider may have access to your data in order to analyse technical problems and answer support queries.

When you register with us for events managed via the pretix cloud solution, you enter the following personal data in the registration form

  • Email address
  • First name, surname
  • Company/organisation
  • Address
  • Billing address for chargeable events

When you order a ticket, pretix uses cookies to improve the ordering process and to remember which shopping basket belongs to you. We do not store IP addresses, browser information or other unnecessary metadata beyond the duration of your enquiry.

If you pay for your ticket via a payment provider such as PayPal, Stripe, Mollie or Sofortüberweisung, pretix only transfers the absolutely necessary data to the respective payment service provider. 

The personal data you provide will be stored in pretix and processed solely for the purpose of admission control and invoicing for the respective event. The data is first entered into the guest list. As soon as the guest list has been finalised, you will receive a ticket generated by pretix with your first and last name and a QR code, which you can use to identify yourself at the entrance to the event. In order to be able to grant you admission, we will scan your QR code on site on the day of the event and ask you to identify yourself. You will be granted access as soon as the system reports back that you are on the guest list and that you can identify yourself. The system records that you have checked in and when. Invoicing takes place directly via the online tool.

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in controlling access to our events as part of our domiciliary rights and only granting admission to invited guests.

We store your data for the duration of the organisation (including corresponding preparation and follow-up) of the respective event. Any existing statutory retention obligations remain unaffected by this. Your data will be deleted from pretix within two weeks of the end of the event.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details above.

(8) We take photos and video recordings at events and publish these afterwards. The recordings are used for public relations work on the publix website, in social media (Instagram, LinkedIn), press releases and to document the event online and offline.

The processing serves to safeguard publix's legitimate interest in public relations and documentation within the meaning of Art. 6 para. 1 f) GDPR. You have the right to object to the processing in justified cases.

A selection of the images will be sent to supporters, sponsors and partners, co-organisers and representatives of the press for journalistic and editorial purposes.

If the data subject objects to published photos and there are no overriding reasons on the part of Publix for further processing of the photos, they will be deleted immediately. Otherwise, the photos will be deleted as soon as they are no longer needed for the purposes for which they were taken.

§ 2 Your rights 

(1) You have the following rights with respect to a controller with regard to the personal data concerning you: 

  • Right of access 
  • Right to rectification or erasure 
  • Right to restriction of processing 
  • Right to object to processing 
  • Right to data portability

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 Processing of personal data when visiting our website

Preamble

The Publix building, operated by Publix gGmbH, was built by the Schöpflin Foundation, which has been dedicated to promoting democracy in Germany for a decade. As part of this commitment and with the aim of strengthening independent journalism and preserving democratic discourse spaces, especially online, this building was created.

From May 2024, about 200 people will be working in the building, including journalists and employees of civil society organizations advocating for human rights and press freedom. These individuals work daily with sensitive information and vulnerable individuals, particularly from countries where journalism is politically suppressed.

To provide these individuals with a quiet and safe working environment, we have decided to equip the Publix building with video surveillance. We strictly adhere to applicable data protection regulations. The cameras in the outdoor areas record only entrances, facades, and window areas of the building – pedestrians on the street are not captured. Encrypted recording of video images is done exclusively locally in the building, without the use of cloud services or external service providers.

Type of data

We assure you that the protection of your privacy and your data is our top priority. If you have any further questions about the privacy policy or our security measures, please do not hesitate to contact us.

When using the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 (1)(1f) GDPR: 

  • IP address 
  • Date and time of the request 
  • Time zone difference to Greenwich Mean Time (GMT) 
  • Content of the request (page visited)
  • Access status/HTTP status code 
  • amount of data transferred in each case 
  • previously visited page 
  • browser 
  • operating system 
  • Language and version of the browser software

§ 4 WLAN network

The WLAN network in the building includes access points from the manufacturer Huawei. 
This does not pose any relevant security risks compared to other possible suppliers, who also manufacture all their hardware in China or often only sell Chinese hardware under their own name. 

The WLAN access points act as converters from wireless to wired networks. The network traffic of the residents is encrypted by VPNs, so that even in the worst case no unencrypted data could be tapped at the access points.  

The hardware manufacturer has no remote access to the components. The network management systems are isolated from the Internet by an open source-based firewall and cannot be accessed from the user networks thanks to the in-house network segmentation. The configuration and management of the network is carried out by a German company with extensive experience in this field, commissioned by the operator of the building. Firmware updates to the network components are carried out manually only (no auto-update)

§ 5 If you wish to receive our newsletter 

If you expressly consent to this in accordance with Art. 6 (1)(1a) GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.

Further data is collected in this context when you open the email and click on individual links. We use the newsletter service provider The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce De Leon Ave NE, Atlanta, Georgia 30308, US. The above-mentioned data is transmitted to this provider for the purpose of evaluation (the applicable data protection regulations can be found here: https://mailchimp.com/de/gdpr/). You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time to hello@publix.de by email.

§ 6 Booking 

For bookings, we process personal data on the legal basis of Art. 6(b) (1) GDPR. This includes your surname, first name, company, email address, telephone number if applicable and the booking period. The accounting data is archived for ten years in accordance with the German Fiscal Code.

§ 7 Third-party transmission 

We run our booking system in collaboration with HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA, e-mail: hubspotgermany@hubspot.com, telephone: +1 888 HUBSPOT. (+1 888 482 7768), Fax: +1 617 812 5820. The applicable data protection provisions can be accessed here: https://www.hubspot.de/data-privacy/gdpr

We also work with The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce De Leon Ave NE, Atlanta, Georgia 30308, US to send our newsletter. The applicable data protection provisions can be found here: https://mailchimp.com/de/help/mailchimp-european-data-transfers 

Subscribe to our newsletter!