We, Cross-Business-Architecture Lab e. V. (hereinafter also referred to as: "CBA Lab" or "we"), respect your private and personal sphere and take the protection of your personal data very seriously. We attach great importance to treating the information you provide for business transactions in accordance with the relevant statutory provisions and with the utmost care and greatest possible sense of responsibility at all times.

On this website, we have compiled a range of information for you concerning data protection when

• visiting our website www.cba-lab.de
• using our work platform at https://cba-lab.gocoyo.com
• using cookies and
• communicating with us

as well as on related topics.

1. On what basis do we process your data?

The processing of your personal data (“your data”) by CBA Lab ensues on a legal basis and – where required – on the basis of your consent. The most important legal basis is, as of 25.05.2018, the EU General Data Protection Regulation (GDPR). It goes without saying that we also observe all other relevant legal requirements, in particular those under the Federal Data Protection Law (BDSG) and the Telemedia Law (TMG).
2. Who is responsible under data protection law?

Unless stated otherwise, the party responsible for the processing of your data explained below is Cross-Business-Architecture Lab e.V.
3. Visiting our website cba-lab.de

As a visitor to our website www.cba-lab.de, you can use this and the other functions described here to obtain information about what we offer as well as about our network and our association in general, and use certain functions, such as our Coyo network. In the following, we would like, in accordance with the relevant legal requirements, in particular the GDPR, to provide you with the most precise information possible about the processing of your personal data when you visit our website.

We ensure that your personal data is transmitted securely by way of encryption. We use the SSL (Secure Socket Layer) coding system in this regard. Although nobody can guarantee absolute protection, we safeguard our website and other systems against the loss, destruction, access, modification or distribution of your data by unauthorized persons taking suitable technical and organizational measures.
3.1. Browsing on cba-lab.de

For what purposes do we process your data?

When you browse on our website, pages are requested by your device - based on the HTTP/S Internet protocol - and transmitted to you by our web server. Form data entered by you is also transmitted where necessary. You do not have to register or provide identification for this function. However, requests and responses from our server are assigned on the basis of your IP address, which may be used to relate this data to your person. This connection data and any form data are processed to enable you to browse our website and achieve what do you want to accomplish (e.g. registration, information about our association, making contact, etc.). In addition, the respective server calls are logged in a log file. We use this log file data for technical troubleshooting and to ward off and clear up unlawful attacks on our systems and, if necessary, to hold responsible persons to account. In addition, we generate evaluations from the log files that are already saved, which we use to optimize our websites. The evaluation as such takes place in an anonymous form, i.e. by combining call data, meaning that the results no longer have any personal reference.

Are you obliged to provide your data or is this necessary to enter into a contractual agreement and what happens if you decide against it?

It is unfortunately not possible to use our website without the aforementioned data being processed.

On what legal basis do we process your data? What legitimate interests do we pursue in this respect?

DThe legal basis for the processing of your data, where applicable, depends on the specific purpose of your visit: - If you visit our website to initiate (membership) contracts with us or to manage existing (membership) contracts, the legal basis for processing your connection data and any form data is Art. 6 (1) (b) of the GDPR (initiation or execution of a contract). - The processing is otherwise normally based on our legitimate interests in accordance with Art. 6 (1) (f) of the GDPR. Our legitimate interest involves operating a website for advertising purposes and for general information and communication purposes with regard to the objects of our association. The processing normally ensues on the basis of our legitimate interests in accordance with Art. 6 (1) (f) of the GDPR. Our legitimate interest is to protect our facilities and systems from attacks and, if necessary, to take legal action against attackers and further develop our websites for economic purposes.

Who is involved in the processing of your data?

In principle, the processing of your data is carried out on our server in a fully automated manner. Log files are used by us only in exceptional cases (e.g. for troubleshooting or investigating attacks) and, if necessary, passed on to public bodies such as law enforcement authorities and courts for the purpose of investigating or tracking illegal attacks on our systems. Depending on the function, such as connection data, form data is only processed by our web server (e.g. for the search function) or forwarded to internal or external recipients for the purpose of the respective function You can find more information on this in the respective functionality.

How long will your data be saved for?

Connection data is deleted immediately after the HTTP/S call has been made. Form data is stored for as long as necessary to carry out the respective action.
3.2. You would like to use our work platform ("Coyo network")

For what purposes do we process your data?

To facilitate exchanges with and communication between our members, in particular, we operate an online work platform at the website https://cba-lab.coyocloud.com. This site is operated by our processor, Coyo GmbH. You can access this website via our cba-lab.de website by selecting the relevant "Community” button. To use the work platform, you need to register and provide certain login details, in particular your contact details (first and last name) and email address. Various functions are available on the website https://cba-lab.coyocloud.com. What you will find there first and foremost are the work and results documents for the work streams as well as information from the office. You can also chat with other users. In order to provide these functions, we process various user data, in particular communication data (e.g. in the context of a chat). We process this data automatically and exclusively to facilitate the use of our work platform and thus promote the objects of our association, i.e. the exchange of information and ideas between CIOs, CDOs and chief architects from leading companies and organizations in the German-speaking area. We also process connection and form data, as shown for our website www.cba-lab.de under 3.1, to enable you to visit the https://cba-lab.coyocloud.com site. For more information on data processing when browsing only, see 3.1 accordingly.

Are you obliged to provide your data or is this necessary to enter into a contractual agreement and what happens if you decide against it?

It is unfortunately not possible to use the work platform without the aforementioned data being processed.

On what legal basis do we process your data? What legitimate interests do we pursue in this respect?

The processing of your data normally ensues on the basis of our legitimate interests and those of our members in accordance with Art. 6 (1) (f) of the GDPR. Our legitimate interest involves providing a work platform for members of our network as well as partners and their employees in order to promote the objects of our association. The legitimate interest of our members involves using this work platform for their own purposes. The legal basis for the storage of data to meet statutory retention periods is, where applicable, Art. 6 (1) (c) of the GDPR in conjunction with the relevant statutory retention period (in particular Art. 257 of the German Commercial Code (HGB), Art. 147 of the German Tax Code (AO)).

Who is involved in the processing of my data?

In principle, your data is processed fully automatically on the servers of our processor, COYO GmbH. These servers are located exclusively within the scope of application of the GDPR, i.e. there is no data transmission to third countries. As far as these are positioned in the public areas, your data is visible to other users of the work platform. Your data is otherwise never transmitted to third parties.

How long will my data be saved for?

Your user data is stored for the duration of the existence of your respective user account only. Deletion takes place as soon as you have your account deleted in our community. Further storage takes place when your account is deleted only insofar as this is necessary to fulfill legal obligations, in particular commercial retention obligations.
3.3 You would like to use social networks (Youtube, Twitter) via our website using social media plug-ins

To what extent and for what purposes is your data processed? Who is responsible under data protection law?

We use social media plug-ins on our website to give our users the opportunity to share content on social media platforms, to increase the attractiveness of our website and to improve our presence on social media. If you open a page on which such a plug-in is integrated, the plug-in connects to the respective social media provider

• Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A

• YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA

and transmits certain personal usage data to it (e.g. which website was accessed). This is a built-in function of the respective plug-ins, the functioning of which we cannot influence. Nor do we have any access whatsoever to the data collected. According to our understanding, it is therefore not we but, rather, only the respective social media providers that are responsible for the data processing. In order to ensure the best possible transparency, we would nevertheless like to give you some information about data processing in connection with social media plug-ins. You can also find relevant information in the privacy statements from

• Twitter

• YouTube

On what legal basis do we process your data, where applicable?

Insofar as we do process your usage data, this serves, in our view, legitimate interests in accordance with Art. 6 (1) (f) of the GDPR. Our legitimate interest involves optimizing the user experience on our website and strengthening our presence in social networks to promote the objects of our association. Further information concerning the legal basis for the processing of your personal data can be found in the privacy statement issued by the respective social network (see above).

Are you obliged to provide your personal data and what happens if you decide against it?

You are not obliged to provide your personal data. However, it is not possible to use the respective social media plug-in without processing your personal data.

Who is your data passed on to and who is involved in the processing of your data?

We have no access to your personal data in connection with the social media plug-ins and do not share any information with third parties. Further information concerning the passing on of your personal data by the respective social network as the party responsible can be found in the respective privacy statement (see above).

Is your data transmitted to a third country or an international organization?

We do not transmit your personal data in connection with the social media plug-ins to any third country or international organization. If the social media plug-ins connect to servers of the respective social networks as the party responsible and personal data about you is transmitted in this regard, you will find further information in the privacy statement issued by the respective social network (see above).

How long will your data be saved for?

We do not save any personal data in connection with the social media plug-ins. Further information concerning the storage of your personal data by the respective social network as the party responsible can be found in the respective privacy statement (see above).
4. Why we use cookie technologies

Like practically every website, we use so-called cookies and similar technologies on both cba-lab.de and https://cba-lab.coyocloud.com. A cookie is a small text file that consists of letters and numbers. A cookie contains information that is stored on your computer or mobile device for the duration of your visit (so-called session cookies) or for a longer period (so-called permanent cookies) when you visit this website. These cookies or comparable technologies make it possible, in particular, to save your user preferences or login data for the duration of a visit or up to the next visit to the website or, for example, to offer you login functions across several pages of our website. We also use certain cookies to collect information about how visitors use our website, e.g. which pages are visited and how long visits last. Pseudonymized user profiles are sometimes created for this purpose. The processing of the above information ensues on the basis of Art. 15 (3) of the Telemedia Law and Art. 6 (1) (f) of the GDPR. In the latter case, the processing serves our legitimate interest in accordance with Art. 6 (1) (f) of the GDPR to optimize our website for the purpose of promoting the objects of our association.

We need your consent to store and read cookies on your device that are not necessary for technical purposes. Insofar as they are not cookies that are technically necessary for the services you want - which is indicated in each case - you can object to the use of cookies and the associated data processing at any time in accordance with Art. 15 (3) of the Telemedia Law and Art. 21 (1) of the GDPR as follows:

You can set your browser to prevent our website from setting cookies. However, this may also affect other functions in individual cases.

You can deactivate the cookies we use by clicking appropriately on the banner that appears when you first visit the site.

If you object, the use of cookies and associated data processing for the future will be dispensed with. This will not have any disadvantages with regard to using the website, unless you also deactivate the cookie functions for cookies that are required for technical reasons (see above).
5. Contact

You are very welcome to contact us in the way that is most convenient for you.

General inquiries

Email: info@cba-lab.de

Telephone number: +49 228 2673179

Or write to: Cross-Business-Architecture Lab e. V., Artquadrat, Emil-Nolde-Strasse 7, 53113 Bonn

Inquiries concerning data protection

Email: info@cba-lab.de

Telephone number: +49 228 2673179

Or write to: Cross-Business-Architecture Lab e. V., Artquadrat, Emil-Nolde-Strasse 7, 53113 Bonn

Your data is also processed in the course of communication:

For what purposes do we process your data?

If you contact us with a request or we contact you, we will of course also process your personal data, e.g. name, address, telephone number and the content of the communication, for the purpose of carrying out the exchange with you. We use this communication data to process your request accordingly. We also process communication data in order to comply with any statutory retention periods that may exist.

Are you obliged to provide your data or is this necessary to enter into a contractual agreement and what happens if you decide against it?

There is, of course, no obligation to contact us. However, we can only deal with your request if you provide us with sufficient information to do so.

On what legal basis do we process your data? What legitimate interests do we pursue in this respect?

Your data is processed on the basis of Art. 6 (1) (b) of the GDPR insofar as the exchange is related to the initiation or fulfillment of a (membership) contract with you. - Otherwise, the legal basis depends on the specific purpose of the exchange, with Art. 6 (1) (f) of the GDPR (our legitimate interest in conducting business correspondence and, for example, answering inquiries about data protection and compliance with your rights in accordance with Section 6) being relevant in most cases.

Insofar as further processing takes place to comply with a statutory retention period, the legal basis is 6 (1) (c) of the GDPR in conjunction with the relevant statutory retention periods (in particular Art. 257 of the German Commercial Code, Art. 147 of the German Tax Code).

Who is involved in the processing of my data?

The contact person responsible for your request.

Possibly our IT service providers in the context of order processing.

Possibly affiliated companies, insofar as the request relates to them.

How long will your data be saved for?

Communication data will be deleted insofar as it is no longer needed for the exchange with you and any statutory retention periods have expired. For business correspondence such as emails, this is usually the case six years after the end of the year in which they were received.
6. Your rights

If we process your data, you have, to the extent provided by law, the right to

receive information, particularly about data stored by us and the purposes for which this is processed (Art. 15 of EU GDPR),

correction of incorrect or incomplete data (Art. 16 of EU GDPR),

deletion of, for example, unlawfully processed data or data that is no longer required (Art. 17 of EU GDPR),

restriction of processing (Art. 18 of EU GDPR),

objection to the processing if this is done to protect the legitimate interests of the party responsible (Art. 21 EU GDPR) and

data transmission if the processing is based on consent or is carried out for the execution of a contract or with the help of automated processes (Art. 20 of EU GDPR).

If processing is based on your consent (Art. 6 (1) (a) or Art. 9 (2) (a), you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent up to the time consent is withdrawn. You can also submit complaints to the relevant supervisory authorities. For Cross-Business-Architecture Lab e.V., this is the State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia, P.O. Box 200444, 40102 Düsseldorf, poststelle@ldi.nrw.de.
7. Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 (1) (f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and Internet usage. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.

Browser plug-in
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that, in this case, you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) as well as and from processing this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set which prevents the collection of your data during future visits to this website: Google Analytics deaktivieren

You can find more information about the handling of user data at Google Analytics in Google's privacy statement: https://support.google.com/analytics/answer/6004245?hl=de.

Demographic characteristics in Google Analytics

This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of the website visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally deny the collection of your data by Google Analytics as shown under “Objection to data collection”.

You can find more information on Google AdWords and Google Conversion Tracking in Google's privacy policy: https://www.google.de/policies/privacy/. You can set your browser in such a way that you are informed about the setting of cookies and only allow cookies in individual cases, as well as for the purpose of excluding the acceptance of cookies for certain cases or in general, and activating the automatic deletion of cookies when the browser is closed. Deactivating cookies may restrict the functionality of this website.