§ 1 Information on the Processing of Personal Data
1. The Honorary Consulate of the Principality of Monaco in Düsseldorf is primarily a contact point for the support of Monegasque citizens living in North Rhine-Westphalia (NRW). This support is provided in particular through assistance with consular services, the granting of consular assistance and the provision of information.
2. The following information concerns the processing of personal data as part of consular business in the context of all postal or fax correspondence, e-mails or other messages, irrespective of the specific communication channel, received in connection with incoming messages, replies to inquiries on this side, information or other types of contact by persons concerned in the sense of data protection law who contact the Honorary Consulate or by the Honorary Consulate itself.
a) Summarised below as "communication", the Honorary Consulate's field of activity includes the transmission of information and assistance with questions regarding entry regulations (of a business and tourist nature). The Honorary Consulate also supports foreign companies in their activities in the Principality of Monaco and is the first point of contact for all other concerns of Monegasque citizens in NRW. The provision of information and the answering of questions is always carried out in coordination with the Embassy of the Principality of Monaco in Berlin. Furthermore, the Honorary Consulate reports to the Embassy on its activities.
b) The following information also concerns the processing of personal data of data subjects as users of the website www.consul-monaco-dus.com . Internet pages and other electronic information and communication services are referred to in detail as "telemedium" by the German Telemedia Act (TMG).
3. Name and contact details of the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (hereinafter referred to as "GDPR"):
the Honorary Consular Mission of the Principality of Monaco
The processing of personal data by the data controller is carried out for the purposes listed below and on the basis of the legal bases specified in each case:
1. Purpose: To carry out communications within the meaning of Section 1(2)(a) of this Privacy Information:
a) Legal basis: Art. 6 para. 1 p. 1 lit. c) GDPR "compliance with a legal obligation":
Legal obligations of the responsible person can result among other things from § 147 of the German Fiscal Code ("Abgabenordnung" – AO).
b) Legal basis: Art. 6 para. 1 p. 1 lit. b) GDPR "performance of contract or steps prior to entering into a contract":
In so far as the data subject approaches the data controller on his/her own initiative in order to conclude a contract with him/her and – where applicable – subsequently, both parties communicate in order to execute a concluded contract.
c) Legal basis: Art. 6 para. 1 p. 1 lit f) GDPR "pursuance of legitimate interests after balancing of interests":
In doing so, the responsible party pursues its legitimate interest or the legitimate interest of a third party (e.g. the Embassy of the Principality of Monaco in Berlin) in carrying out the communication.
In this context, special reference should be made to the right of the data subject to object, see below (§ 6 para. 1 lit (f) of this Privacy Information) in the list of data subjects' rights.
2. Purpose: Provision of the Telemedia Service within the Meaning of Section 1(2)(b). (b) of this Privacy Information:
a) Legal basis: Art. 6 para. 1 p. 1 lit. a) GDPR.
Further information on the cookies used in the context of the provision of the Telemedia Service can be viewed on the website www.consul-monaco-dus.com in the cookie banner there. Reference is made to this. Apart from that – with the exception of the processing listed under (b) below – no further processing of personal data takes place when using the Telemedia Service provided by the responsible party.
b) Legal basis: Art. 6 para. 1 p. 1 lit. c) GDPR. Corresponding legal obligations of the responsible party result from, among other things, Art. 32 (1) GDPR, § 19 (4) TTDSG.
The controller processes personal data to ensure the confidentiality, integrity, availability and resilience of the Telemedia Service and the systems used to provide it, including measures to detect, mitigate, prevent and correct malfunctions or errors of the Telemedia Service.
§ 3 Categories of Personal Data, if not collected from the Data Subject
To the extent that the data controller does not collect data from the data subject directly from the communication with the data subject and the data subject therefore knows what data is involved, it should be noted that the data controller regularly processes the following categories of personal data:
a) Master data, such as first and last name, professional qualification
b) Contact details, such as address, telephone and fax numbers, e-mail address
c) Contents of the communicationta
§ 4 Categories of Recipients of Personal Data
1. Personal data processed by the data controller are disclosed to the following categories of recipients:
a) Processors, i.e. companies which, on the basis of contractual obligations, handle the user's data exclusively in accordance with the instructions of the controller:
For example, providers of technical services, especially data centre services.
b) Third parties, i.e. companies that handle the user's data under their own responsibility:
For example, providers of telecommunications, postal and payment services as well as the embassy of the Principality of Monaco in Berlin.
2. In principle, the controller does not intend to disclose personal data to recipients in a third country.
§ 5 Storage Period and Deletion
1. As regards indications as to storage duration, it should be generally noted that personal data are stored by the data controller only for the time necessary to pursue the purposes for which they are processed.
2. For the aforementioned purposes, personal data processed by the data controller will be stored until the respective processing purpose has ceased to exist. Thus, as far as the storage of personal data is no longer necessary for the fulfilment of contractual or legal obligations as well as for the pursuit of legitimate interests, i.e. for the preservation of evidence or proof within the framework of the legal statute of limitations, these are regularly deleted.
§ 6 The Rights of the Data Subject
1. In principle, i.e. subject to legal limitations, the data subject enjoys the rights listed below. In order to facilitate the exercise of these rights, the data subject is informed that a corresponding request by the data subject does not require a specific form and can therefore also be made, inter alia, by electronic means (in particular by e-mail).
a) The data subject may ask the controller for access to personal data pertaining to him/her.
b) The data subject may request rectification by the controller of inaccurate personal data pertaining to him/her.
c) The data subject may request the deletion of personal data pertaining to him/her by the controller.
d) The data subject may request the restriction of further processing by the controller of personal data concerning him/her.
e) To the extent that the processing is based on a balance of interests (i.e. the legal basis of the processing is Article 6(1)(1)(f) of the GDPR), the data subject has the right to lodge with the controller an objection to the further processing by the controller of personal data pertaining to the data subject for the aforementioned purpose, on grounds relating to his/her particular situation.
f) Finally, where the processing is based on the establishment or performance of a contract to which the data subject is a direct party (i.e. the legal basis of the processing is Article 6(1)(b) of the GDPR), the data subject may obtain from the controller the personal data pertaining to him/her which he/she has provided to the controller for that purpose, in a structured, commonly used and machine-readable format, and may communicate those data to another person without hindrance from the controller to whom the personal data have been provided.
2. The data subject also has the right to lodge a complaint with a data protection supervisory authority about the processing of his/her personal data by the controller.