Data protection at a glance
General Information and Your Rights
We thank you for your interest in us.
As the operator of this website, we take the protection of your (personal) data very seriously. In the following we inform you about what data from you we process, who exactly is responsible for data processing, to whom you can turn with questions or complaints, and what rights you have as regards your data. In addition to this, we will provide you with further, legally required information on the different types of data processing.
Please read these data protection notices through carefully.
Explanation of the Most Important Terms and Principles
Personal data means particulars concerning personal or factual circumstances of a specific or (with a certain effort) identifiable natural person, which is to say the name, address and telephone number as well as all other data that describes this person or their conduct in more detail in some way. This includes in particular all digital data tracks that all of us leave behind when we use the internet in the world wide web. This person, with their data, is also called data subject.
The processing of your (personal) data comprises all activities from the collection, saving, use, change, transmission or transfer to erasure. It plays no role whether this takes place electronically, which is to say by computer, or in some other way, such as on paper, for example.
Concrete data processing of your personal data is also described as processing activity. Each processing activity pursues a particular processing purpose that is to be named and requires among other things a concrete legal basis, also to be named; otherwise processing is not allowed.
The controller is the person that ultimately decides about the purposes and the means of the processing of your data. It plays no role here whether the controller is a company or other association, public authority or the like. The controller can make the decision about the purposes and means of the processing on their own, together with others or on behalf of a third party.
Your Contact Options
The controller for the data processing of your personal data is:
Mr Thomas Einsfelder
Investment and Marketing Corporation Saxony-Anhalt
Am Alten Theater 6
If you have questions regarding this data protection statement, concerning your data which is processed by us, or the subsequent processing activities, please first contact our named data protection officer by e-mail:
Herr Matthias Kunert
cubeoffice GmbH & Co. KG
Telephone: +49 391 61128-0
In the case of infringements of the laws regarding data protection, you as the data subject are entitled to a statutory right of appeal to the responsible supervisory authority. The responsible supervisory authority for us is the State Data Protection Officer of the State of Saxony-Anhalt:
State Data Protection Officer of Saxony-Anhalt
Dr. Harald von Bose
A list of all the state data protection officers and their contact data can be found on the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Your Rights as the Data Subject
As the data subject you always have the following rights concerning your (personal) data:
- To receive information about the data saved about you
- to rectify incorrect data or have it completed,
- to demand the erasure of data, if it is no longer necessary for the intended purpose or there is no (longer a) legal basis for the processing, for example,
- to demand a (time-limited) restriction of the processing of the data, if e.g. the accuracy of the data is disputed or the processing is supposedly taking place unlawfully,
- to object to further processing of your data by us,
- to demand the handing out of a copy of the data in an electronic format that can continue to be used, in so far as this does not impair the rights and freedoms of other persons,
- to withdraw the consent for use at any time and then to be “forgotten”, if the use of your data is based on previously granted consent.
- to complain to the responsible supervisory authority (see above), if you believe that the processing of your data infringes data protection law or your data protection rights have been violated in some other way.
If you have any questions or a request for information, or for the general exercising of your rights, please send an e-mail to our data protection officer Matthias Kunert (email@example.com).
Please allow us 14 days of processing time for the processing of your enquiry.
Data Processing on Our Website
When you visit our website a variety of data from you will be processed, in order to analyse and improve the use of our information supply, and to detect and rectify possible weak points.
Server Log Files
When you visit our website, information is collected and saved in so-called server log files which your browser transfers to us automatically. These are: Browser type and browser version, operating system used, referrer URL (original website, via which the user has come to our website and/or file), host name of the accessing computer, time of the server request and the
This data is processed on the servers of our internet service provider. This data will not be combined with other data sources. This processing activity is not used as a basis for automated decision making (profiling). We reserve the right to check this data afterwards, if we become aware of concrete indications of illegal use.
The legal basis for the data processing is our justified interest in weighing up all risks (see point (f) of Art. 6(1) GDPR). Our interest in this is: Increasing the public profile of our company, advertising on our account, information about our range of services and support for the initiation of business contacts through publication of suitable contact possibilities for interested parties and business partners, improvement of the user-friendliness of our range of information.
The storage period is one year.
SSL or TLS encryption
For security reasons and in order to protect the transfer of confidential content such as orders or enquiries you send to us as website operator, this website uses SSL and/or TLS encryption. You can recognise an encrypted connection by the address line in the browser changing from “http://” to “https://” and by the lock symbol in the browser line.
If the SSL- and/or TLS encryption is enabled, the data you transmit to us cannot be accessed by third parties.
Some of the websites use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve the purpose of making our website more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most of the cookies used by us are so-called “session cookies”. These are deleted automatically at the end of your visit. Other cookies are stored on your end device until you delete them. These cookies allow us to recognise your browser during your next visit to our site.
Cookies that are required for execution of the electronic communication process or for provision of certain features requested by you (e.g. shopping cart feature) are saved based on Art. 6(1) Point (f) of the GDPR. The website operator has a legitimate interest in the storage of cookies for the technically smooth and optimised provision of their services. Where other cookies (e.g. cookies for analysis of your browsing behaviour) are stored, these are addressed separately in this data privacy notice.
Links to Other Websites
This website also contains links to websites of other providers for which our data privacy statement does not apply. We normally have no influence on these providers’ content and adherence to the data protection regulations and therefore ask you to inform yourself about the guidelines that are applicable there when visiting these websites.
Google Web Fonts
This website uses so-called Web Fonts for a uniform presentation of fonts; these web fonts are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When accessing a website, your browser will load the necessary web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser used by you must establish a connection to the Google servers. Thus, Google learns that our website was called by your IP address. Google web fonts are used to ensure uniform and appealing representation of our online offers. This is a legitimate interest in the sense of Art. 6(1) Point (f) of the GDPR.
If your browser does not support web fonts, one of your computer's standard fonts will be used.
This site uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps it is necessary to save your IP address. This information is normally transmitted to a server of Google in the USA and saved there. The provider of this site has no influence on this data transfer.
The use of Google Maps takes place in the interests of an appealing presentation of our online presence and of making the places stated by us on the website easy to find. This represents a justified interest within the meaning of point (f) of Art. 6(1) GDPR (General Data Protection Regulation).
You can find more information on dealing with user data in the data protection statement of Google: www.google.de/intl/de/policies/privacy/.
Matomo (formerly: PIWIK)
We use Matomo (formerly: “PIWIK”) in our internet presence. This is a piece of open-source software with which we can analyse the use of our internet presence. Here your IP address, the website(s) of our internet presence that you visit, the website from which you have changed over to our internet presence (referrer URL), the amount of time you have spent on our internet presence, and the frequency of the calling of one of our websites are processed.
Matomo saves a cookie on your terminal via your internet browser to collect this data. This cookie is valid for a week.
The legal basis is point (f) of Art. 6(1) GDPR. Our justified interest lies in the analysis and optimising of our internet presence.
However, we use Matomo with the anonymization function “Automatically Anonymize Visitor IPs”. This anonymization function shortens your IP address by two bytes, so that it is impossible to trace the information to you and/or to the internet connection that you use.
If you do not consent to this processing, you have the option to prevent the saving of the cookie by making a setting in your internet browser. You can find more detailed information on this above under “cookies”.
In addition to this, you have the option to end the analysis of your usage behaviour by means of the so-called opt-out. By confirming the following link, a cookie is saved on your terminal via your internet browser, which prevents further analysis. Please note, however, that you must click on the link again if you delete the cookies saved on your terminal.
Data Processing in Our Social Networks
We maintain publicly accessible profiles in social networks. You can find the social networks used by us in detail further below.
Social networks like Facebook, Google+ etc. can normally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Numerous processing procedures relevant to data protection are triggered by visiting our social media presences. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. Your personal data can, under certain circumstances, also be collected even if you are not logged in or do not possess an account with the respective social media portal. In this case, the data collection takes place e.g. via cookies that are saved on your terminal or by saving your IP address.
By means of the data collected in this way, the operators of the social media portals can produce user profiles in which your preferences and interests are recorded. In this way, interest-related advertising can be displayed to you inside and outside the respective social media presence. If you possess an account with the respective social network, the interest-related advertising can be displayed on all devices on which you are or have been logged in.
Please also note that we cannot trace all processing on the social media portals. Depending on the provider, it may possibly be the case that further processing is carried out by the operators of the social media portals. You can find details on this in the conditions of use and data protection regulations of the respective social media portals.
Our social media appearances are intended to ensure the most comprehensive possible presence on the internet. This is a justified interest within the meaning of point (f) of Art. 6(1) GDPR. The analysis processes initiated by the social networks may possibly be based on different legal bases which are to be stated by the operators of the social networks (e.g. consent within the meaning of point (a) of Art. 6(1) GDPR).
Person Responsible and Exercising of Rights
If you visit one of our social media presences (e.g. Facebook), we, together with the operator of the social media platform, are responsible for the data processing processes triggered by this visit. You can always exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both towards us and towards the operator of the
respective social media portal (e.g. towards Facebook).
Please be aware that, despite the responsibility shared with the social media portal operators, we do not have comprehensive influence on the data processing processes of the social media portals. Our options are decisively determined by the company policy of the respective provider.
The data directly collected by us via the social media presence is deleted by our systems as soon as the reason for its storage no longer applies, you request that we erase it, or you withdraw your consent to its storage. Saved cookies remain on your terminal until you delete them. Compelling legal provisions - esp. retention periods - remain unaffected.
We have no influence on the storage duration of your data that is saved by the operators of the social networks for their own purposes. For details on this, please turn directly to the operators of the social networks (e.g. in their data protection statements, see below).
Social Networks in Detail
We have a Facebook profile. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook possesses certification in accordance with the EU-US Privacy Shield.
You can adjust your advertising settings independently in your user account. To do this, click on the following link and log into: www.facebook.com/settings
You can find the details on this in the data protection statement of Facebook: https://www.facebook.com/about/privacy/
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter possesses certification in accordance with the EU-US Privacy Shield.
You can adjust your Twitter data protection settings independently in your user account. To do this, click on the following link and log into: https://twitter.com/personalization
Details can be found in the data protection statement of Twitter: https://twitter.com/de/privacy
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on its handling of your personal data, refer to the data protection statement of Instagram: https://help.instagram.com/519522125107875
We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on its handling of your personal data, refer to the data protection statement of XING: https://privacy.xing.com/de/datenschutzerklaerung
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn possesses certification in accordance with the EU-US Privacy Shield. LinkedIn uses advertising cookies.
If you would like to deactivate LinkedIn advertising cookies please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
For details on its handling of your personal data, refer to the data protection statement of LinkedIn: https://www.linkedin.com/legal/privacy-policy
We maintain a channel on the video platform Youtube. The provider is Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google possesses certification in accordance with the EU-US Privacy Shield.
You can adjust your advertising settings independently in your user account. To do this, click on the following link and log into: https://adssettings.google.com/authenticated
For details, refer to the data protection statement of Google: https://policies.google.com/privacy
Your Contact Options or Your Visit
Your Letter Mail Contact Details
If you send us a letter, we save the sender information stated in your letter and possibly other personal data that you have sent to us with this correspondence.
We process your personal data for the respective purpose of your request and save this data in accordance with one of the following categories:
- We dispose of undesired advertising or spam immediately after detection as far as possible.
- We keep desired advertising and other information (e.g. newsletters) for an unlimited period to carry out research or to trace historic developments.
- Applications: see section “Information for Applicants”.
- We keep commercial letters (e.g. enquiries, offers or delivery notes) for six full calendar years, starting from the next beginning of a year, because of legal regulations (tax code, German Commercial Code, and other regulations).
- We keep financial letters (e.g. invoices) for ten full years, starting with the next beginning of a year, because of legal regulations (tax code and the German Commercial Code).
Your E-Mail Contact Details
If you contact us by e-mail, we save your sender e-mail address, the e-mail servers involved in the communication and the times of sending. Depending on the type of information sent to us, we save data in separate function mailboxes and for different lengths of time:
- We delete undesired advertising or spam immediately after detection as far as possible.
- We save desired advertising and other information (e.g. newsletters) for an unlimited period to carry out research or to trace historic developments.
- Applications: see section “Information for Applicants”.
- We save commercial letters (e.g. enquiries, offers, or delivery notes) because of legal regulations (tax code and German Commercial Code) for six full calendar years starting from the next start of a year.
- We save financial letters (e.g. invoices) for ten full years, starting with the next beginning of a year, because of legal regulations (tax code and the German Commercial Code).
Your Telephone Contact Details
If you call us, we save your caller number, the time of the call and how long it took for someone to answer the call. If you leave a message on our answering machine, we also save this of course. Calls are not automatically recorded by us.
We process your call data for the purposes of quality assurance and improvement for callbacks in the case of missed telephone calls and for statistical analyses. Saved messages on our answering machine are deleted without delay after they have been processed. We delete the other caller data after one year.
Your data is not passed on to other recipients unless you take part in a telephone conference. An automatic exchange of the necessary caller data occurs here between the involved telephone systems.
Other Meetings with Exchange of Information (Business Card)
If you meet us at any events (e.g. trade fairs) and you give us your contact data (e.g. as a business card), then we will save this in our address books and use it for future communication. If you subsequently no longer wish to be contacted by us, please notify us of this with a short e-mail, so that we can delete you from the address book or - if this is not possible or permitted - can mark your contact details with a blocking notice. In the case of an existing business relationship, the retention requirements are determined by the German Commercial Code, the tax code, and other laws. Also see the section “Your Letter Mail Contact Details”.
We never pass received contact data on to third parties, unless there is a legal or contractual obligation.
Newsletter / Report INVEST
For information and marketing purposes and to improve and support our cultural and service offerings, we provide media representatives, analysts, politicians, tour operators, government employees and representatives, as well as other interested parties, with event-related information on tourism and on Saxony-Anhalt as a location for business and science, as well as information on events and campaigns, through our newsletter.
We use Evalanche for the delivery of our newsletters. This service is provided by Tripicchio – a brand of port-neo Freiburg GmbH i.Gr., Engesserstr. 4a, 79108 Freiburg. Evalanche is a service which can be used, among others, to organise and analyse the delivery of newsletters. If you enter data in order to subscribe to the newsletter, it will be stored on the servers of Evalanche. For further information, please refer to the data protection information of Tripicchio: https://www.tripicchio.de/datenschutz
Evalanche helps us to analyse our newsletter campaigns. If you open an email sent to you using Evalanche, a file contained in the email (known as a web beacon) connects with the servers of Evalanche. This makes it possible to ascertain whether a newsletter notification was opened and, if so, which links were clicked on. In addition to this, technical information is collected (e.g. the time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It exclusively serves to statistically analyse newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the recipients’ interests.
If you do not want analysis to be carried out by Evalanche, you must cancel your subscription to the newsletter.
The compulsory information required for subscribing to the newsletter is your email address. We may also collect additional data for the purpose of addressing you personally in our newsletter emails. This data is voluntary, however.
For our newsletter registrations, we use what is known as the double opt-in procedure. If your email address is used to register for the newsletter, you will receive an email with a confirmation link. If you have reconsidered and decided you do not wish to subscribe for our newsletter, you can simply delete this email. Your subscription will only be activated when you confirm the link. Otherwise, it loses its validity after 24 hours have elapsed. For the purposes of traceability, your data will be blocked and automatically erased after one month.
The data is processed on the basis of your consent. You can withdraw this consent at any time by cancelling your subscription to the newsletter by clicking on the unsubscribe link which is provided in each newsletter email. The lawfulness of data processing prior to the withdrawal of consent remains unaffected.
Data regarding your person which is stored with us for the purpose of the newsletter will be saved by us until you have cancelled your subscription to the newsletter and, after the newsletter has been cancelled, will be erased from our servers and from servers of Evalanche. Data which is saved by us for other purposes remains unaffected by this.
Competitions and Other Closed Events
We regularly carry out competitions and closed events in different areas.
As the organiser we collect and use personal data of the participants in the framework of the justified interest of the holding and handling of the events. The following information is processed for this: Name and address of the participant, e-mail address of the participant, name and address of the business partner. The data is deleted as soon as the purpose of its processing no longer applies or the
participant requests its deletion. Compelling legal provisions - especially retention periods - remain unaffected.
Information for Applicants
We collect and process your data when you apply to us. The processing can be carried out by electronic channels, usually by e-mail. If your application then leads to an employment contract or similar contract, the transferred data and subsequently other data is saved for the purposes of handling the employment relationship, taking into consideration the statutory provisions. If no contract comes about, then we automatically delete the application documents six months after the rejection and/or destroy these according to data protection requirements, unless we have a justified interest contrary to its deletion or destruction. Justified interests of this kind would include, for example, a burden of proof in proceedings in accordance with the General Equal Treatment Act (AGG).
Future Change of Our Data Privacy Statement
In order to ensure that our data privacy statement always corresponds to the current statutory provisions, we reserve the right to make changes at any time. This also applies in the event that the data privacy statement has to be adapted due to new or revised performances, for example new services, products or functions on the website or other processing activities. In such a case,
the new data privacy statement applies to your next visit.
Thank you for your understanding.