I. Name and address of the Controller
The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Organic Cities Network Europe
Avenue du Prince de Ligne 14
II. Name and address of the Data Protection Officer
The Data Protection Officer of the Controller is:
Organic Cities Network Europe
Avenue du Prince de Ligne 14
Tel.: +32 478 71 06 08
1. Online content
We accept no liability for the timeliness, accuracy, completeness or quality of the information provided on this website. We shall not be liable for claims asserted against the author for pecuniary or non-pecuniary damages arising from the use or non-use of the information provided, or from the use of inaccurate or incomplete information, unless intentional or gross negligence on the part of the author is proven.
We author expressly reserve the right to amend, supplement or delete parts of the pages or the entire website without providing special notification or to temporarily or permanently discontinue publication.
2. References and links
Where direct or indirect references to third party websites (“hyperlinks”) are provided, it is understood that the author has no control over such references or links. Should such content later be proved to be illegal, we would only incur liability if it is proven that we were aware of the content at the time of linking to such sites and if it would have been technically feasible and reasonable for us to prevent the use of content in the first place.
We hereby expressly declare that, at the time of placing such links, no illegal contents were discernible on the linked websites. We have no influence on the present and future design, content or authorship of the linked sites. We therefore distance ourselves expressly from all contents of all linked websites which are changed after linking. This applies to all links and references contained on our own website as well as to third party entries in visitor books, discussion forums, link directories, mailing lists and all other manner of databases set up by us enabling external writing access to the contents thereof. Illegal, erroneous or incomplete content and in particular damages arising from the use or non-use of information offered in such forms is the sole liability of the provider of the website referenced and not of the party merely referencing the published information in question via links.
3. Copyright and trademark law
We make every effort to respect the copyright of the images, graphics, audio files, video clips and texts used in all publications, to use images, graphics, audio files, video clips and texts which we have generated ourselves or to use purchased/royalty-free images, graphics, audio files, video clips and texts.
All brands and trademarks referenced in the website which may be protected by third parties are subject without restriction to the provisions of the applicable trademark law and the ownership rights of the registered owners. The mere fact that such trademarks are named should not be deemed to indicate that they are not protected by third party rights.
The copyright to published items rests exclusively with the author of the web pages. It is not permitted to reproduce or use such graphics, audio files, video clips and texts in other electronic or print publications without the explicit consent of the author.
This website contains videos hosted with Vimeo. Vimeo (Vimeo, Inc., 555 West 18th Street, New York, New York 10011, U.S.A.) is an Internet video portal that provides online video hosting, sharing and related services through the websites it owns and operate, including Vimeo.com and Livestream.com, branded applications for mobile and connected devices, and embeddable video players.
Vimeo states that it is its policy to comply with the General Data Protection Regulation (GDPR). In accordance with the GDPR, it may transfer your personal information from your home country to the U.S. (or other countries) on the following legal bases:
- Legitimate business interests: It would not be able to provide its services or comply with its legal obligations without transferring your personal information to the U.S.
- Its use of Standard Contractual Clauses (also known as “Model Clauses”) where appropriate.
For more information, see Vimeo’s information on privacy.
Vimeo’s embeddable video player uses first-party cookies that it considers essential to the video player experience. It does not use third-party analytics or advertising cookies when its video player appears on our website, unless you are logged into your own Vimeo account. In addition, we have implemented Vimeo’s DNT (Do Not Track) parameter to instruct Vimeo not to track visitors. This has the same effect as if you change the settings in your browser to disable tracking.
This website contains videos hosted with YouTube. YouTube is an Internet video portal that enables video publishers and other users to upload video clips free of charge, and also enables free viewing, rating and commenting. YouTube permits the publishing of all manner of videos, enabling access to both full-length movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time one of the individual pages of this website containing a YouTube video is accessed, the Internet browser on the IT system of the Data Subject is automatically prompted to download and display the corresponding YouTube video. Further information about YouTube may be obtained at https://www.youtube.com/yt/about/en/. Through this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the Data Subject.
If the Data Subject is logged in to YouTube, YouTube recognizes through each access of a sub-page containing a YouTube video which specific sub-page of our website was visited by the Data Subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the Data Subject.
YouTube and Google receive information through the YouTube component that the Data Subject has visited our website, if, at the time of accessing our website, the Data Subject is logged in to YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If the Data Subject does not want such information to be transmitted to YouTube, he or she may prevent this by logging off from his or her YouTube account before accessing our website.
YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
IV. General information on data processing
1. Scope of processing of personal data
As a matter of principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website as well as to provide our content and services. The personal data of our users is generally only processed with the consent of the user. Exceptions apply in such cases where there are genuine reasons that make it impossible to obtain prior consent and the processing of the data is permitted by statutory provisions.
2. Legal basis for the processing of personal data
Where we obtain the consent of the Data Subject for the processing of personal data, the legal basis for such processing is Article 6(1) point (a) of the EU General Data Protection Regulation (GDPR).
Where the processing of personal data is necessary for the performance of a contract to which the Data Subject is a party, the legal basis shall be Article 6(1) point (b) GDPR. The same applies to such processing operations which are necessary to conduct steps prior to entering into a contract.
If our company is subject to a legal obligation that requires the processing of personal data, the legal basis for such processing shall be Article 6(1) point (c) GDPR.
In such cases where it may be necessary to process personal data to protect the vital interests of the Data Subject or of another natural person, the legal basis for such processing shall be Article 6(1) point (d) GDPR.
If processing is necessary to safeguard the legitimate interests of our company or a third-party, and the aforementioned interests override the interests or fundamental rights and freedoms of the Data Subject, the legal basis therefor shall be Article 6(1) point (f) GDPR.
3. Deletion of data and storage period
We observe the principles of privacy by design. The personal data of the Data Subject are deleted or blocked as soon as the purpose for storing such data no longer applies. Data may also be stored if this has been stipulated by European or national legislators in ordinances, laws or other regulations to which the Controller is subject. After expiration of such period, the corresponding data is routinely deleted, as data is also blocked or deleted if a storage period prescribed under the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.
V. Provision of the website and generation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the computer accessing our website.
In the process, the following data are collected:
- The browser type and version used
- The visitor’s operating system
- The IP address of the visitor, shortened by two octets
- The date and time of access
- The URL accessed and the URL of the linked page
The data are also stored in the log files of our system. These data are stored separately from all personal data provided by a Data Subject.
2. Legal basis for processing
Article 6(1) point (f) GDPR serves as the legal basis for the temporary storage of the data and the log files.
3. Purpose of processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. To do so, the IP address of the user must be stored for the duration of the session.
The data are stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data are not evaluated for marketing purposes.
These purposes also serve our legitimate interest in data processing in accordance with Article 6(1) point (f) GDPR.
4. Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case where data collection is needed to make the website available, the data are deleted when the respective session has ended.
Where data are stored in log files, the data are deleted at the latest after seven days. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or sanitized, so that it is no longer possible to identify the client accessing the site.
5. Possibilities for objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary to operate the website. Consequently, the user has no possibility to object.
VI. Contact form and email contact
1. Description and scope of data processing
Our website contains a contact form which can be used to establish contact electronically. If a user takes advantage of this option, the data entered in the input mask are transmitted to us and stored. These data are:
- Email address
- Company name, if applicable
- Address, if applicable
The following data are also stored at the time of sending the message:
- The IP address of the user
- Date and time of registration
Your consent to the processing of the data is obtained during the submission process and reference is made to this Privacy Notice.
Alternatively, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted along with the email are stored.
No data are disclosed to third parties during the transmission process. The data are used solely for handling the dialog with the user.
2. Legal basis for processing
Where the user has given his or her consent, the legal basis for the processing of data is Article 6(1) point (a) GDPR.
The legal basis for the processing of data transmitted in the course of submitting an email is Article 6(1) point (f) GDPR. If the objective of the email contact is to enter into a contract, the additional legal basis for processing is Article 6(1) point (b) GDPR.
3. Purpose of processing
The personal data entered in the form is solely processed for the purpose of processing the request for contact. Where contact is established via email, this also constitutes the necessary legitimate interest for processing the data.
The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. With regard to the personal data entered in the contact form and the data sent by email, the data are deleted when the respective correspondence with the user ends. The correspondence ends when the circumstances indicate that the respective matter has been definitively resolved.
The additional personal data collected during the submission process are deleted at the latest after a period of seven days.
5. Possibilities for objection and removal
The user has the option to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such a case, the correspondence cannot be continued.
Withdrawal of consent is to be directed to Organic Cities Network Europe via the contact options described in Section I.
Where this occurs, all personal data stored in the course of contacting us will be deleted.
VII. Rights of the Data Subject
Where your personal data are processed, you are a Data Subject within the meaning of the GDPR and you have the following rights in relation to the Controller:
1. Right of access to information
You have the right to obtain confirmation from the Controller as to whether or not personal data concerning you are being processed.
If data are being processed, you have the right to request the following information from the Controller:
- The purpose(s) for which the personal data are being processed;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom your personal data have been disclosed or are being disclosed;
- The envisaged period for which your personal data will be stored, or, if it is not possible to provide concrete information in this regard, the criteria used to determine that period;
- The existence of the right to request from the Controller rectification or erasure of your personal data, or restriction of processing of personal data by the Controller, or to object to such processing;
- The existence of the right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from the Data Subject, any available information as to their source;
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
You have the right to request information as to whether your personal data are transferred to a third country or to an international organization. Where this is the case, Article 46 GDPR grants you the right to be informed of the appropriate safeguards that have been put in place with regard to such transfer.
2. Right to rectification
Where data concerning you are inaccurate or incomplete, you have the right to obtain from the Controller the rectification and/or completion of such inaccurate personal data. The Controller shall perform the rectification without undue delay.
3. Right to restriction of processing
You have the right to request that the Controller restrict processing of your personal data, where one of the following applies:
- When you contest the accuracy of your personal data for a period enabling the Controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- The Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or
- You have objected to processing pursuant to Article 21(1) pending verification whether the legitimate grounds of the Controller override your grounds.
Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If one of the aforementioned conditions for restriction is met, you shall be informed by the Controller before the restriction of processing is lifted.
4. Right to erasure
a) Obligation to erase
You have the right to demand that the Controller erase your personal data without undue delay, and the Controller shall bear the obligation to erase personal data without undue delay, where one of the following grounds applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based according to Article 6(1), or point (a) of Article 9(2) point (a) GDPR, and where there is no other legal ground for the processing;
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- Your personal data have been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
- Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Information for third-parties
Where the Controller has made your personal data public and is obliged under Article 17(1) GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that you as Data Subject have requested erasure by such Controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defense of legal claims.
5. Right to be informed
If you have exercised the right to rectification, erasure or restriction of processing against the Controller, the Controller is obliged to communicate the rectification or erasure of the data or restriction of processing to all recipients to whom your personal data have been disclosed, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the Controller.
6. Right to data portability
You have the right to receive the personal data that you have provided to a Controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to arrange for such data to be transmitted to another Controller without hindrance from the Controller to which the personal data have been provided, where
- the processing is based on consent pursuant to Article 6(1) point (a) GDPR or Article 9(2) point (a) GDPR or to a contract pursuant to Article 6(1) point (b) of Article 6(1) GDPR, and
- the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have your personal data transmitted directly from one Controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time, to processing of your personal data, which has been conducted on the basis of Article 6(1) point (e) or (f) GDPR. This also applies to profiling based on these provisions.
The Controller shall no longer process your personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
- is necessary for entering into, or the performance of, a contract between you and the Controller,
- is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- is taken with your explicit consent.
However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2) point (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the Controller shall put suitable measures in place to safeguard your rights and freedoms and legitimate interests, which shall include at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data is in violation of the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.