Privacy Policy pursuant to the EU-GDPR

1. Name and address of the controller

 

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions of data protection law is:

 

University of Bonn

Helmholtz-Institut für Strahlen- und Kernphysik

Section of Physics and Astronomy

Department of Theory

Nussallee 14-16

D-53115 Bonn

Germany

Tel.: +49 228 73-2203
E-Mail: sekretar@hiskp.uni-bonn.de

Website: https://www.hiskp.uni-bonn.de

 

2. Name and address of the data protection officer

 

Official data protection officer:

Dr. Jörg Hartmann

Genscherallee 3

D-53113 Bonn

 

Email: joerg.hartmann@uni-bonn.de

 

Deputy:

Eckhard Wesemann

Dezernat 1

Regina-Pacis-Weg 3

D-53113 Bonn

 

Email: wesemann@verwaltung.uni-bonn.de

 

3. General information on data processing

 

3.1 Scope of processing of personal data

 

We categorically only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users generally takes place only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for justified reasons and the processing of the data is permitted by law.

 

3.2 Legal basis for the processing of personal data

 

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

 

In the processing of personal data required for the performance of a contract to which the data subject is party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

 

If processing is necessary for compliance with a legal obligation to which the University of Bonn is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) lit. d GDPR serves as the legal basis.

 

If processing is necessary for the performance of a task which is in the public interest or to exercise official authority which has been transferred to the university, Art. 6 (1) lit. e GDPR serves as the legal basis for processing.

 

3.3 Data erasure and storage time

 

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this point in time if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

 

4. Provision of the website and creation of log files

 

4.1 Description and scope of data processing

 

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

 

When accessing services hosted on https://indico.hiskp.uni-bonn.de, the following data are collected:

 

  1. information about the browser type and version used;

  2. the user's operating system;

  3. the user’s IP address;

  4. date and time of access.

 

The log files contain IP addresses or other data that may allow an assignment to a user. This may for instance be the case if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data.

 

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

 

4.2 Purpose of data processing

 

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

 

The data are stored in log files to ensure the functionality of the website. In addition, the data help to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

 

4.3 Duration of storage

 

The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data are stored in log files, this is the case after 32 days at the latest. Storage beyond this point in time is not done.

 

4.4 Possibility of objection and erasure

 

The collection of the data for the provision of the website and the storage of the data in log files are absolutely necessary for the operation of the website. There is thus no possibility of objection on the part of the user.

 

5. Use of cookies

 

5.1 Description and scope of data processing

 

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser in the user's computer system. If a user visits a website, a cookie may be stored in the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is accessed again.

 

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

 

The following data are stored and transmitted in the cookies:

 

  1. language settings;

  2. log-in information;

  3. session cookies to securely track your personal login session on the website.

 

We do not use cookies for analysis of the web site or the browsing behaviour of users.

 

5.2 Purpose of data processing

 

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be provided without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. We require cookies for the following applications:

 

  1. applying language settings;

  2. tracking the user session during logged-in status for security reasons.

 

The user data collected by technically necessary cookies are not used to create user profiles.

 

5.3 Duration of storage, possibility of objection and erasure

 

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

 

6. Use of personal data for conference registration

 

Your personal data is collected for purposes of taking part in the Lattice 2020 conference taking place from August 3rd, 2020 till August 8th, 2020. Your personal data is processed for terms of registration to the conference and for managing your participation, contributions, talks and proceedings in accordance with the “Lawfulness of processing” pursuant to Art. 6 (1) sentence 1 lit. a EU-GDPR on the basis of the consent of the data subject.

 

For further information please see the notes on data collection and data processing which are provided with the online registration form.

 

7. Email contact

 

7.1 Description and scope of data processing

 

You can contact the conference organizers and the website administrators via email.

At the time of receiving your email, the following data are stored for purposes of email processing:

 

  1. source email addresses;

  2. destination email addresses;

  3. subject;

  4. mail body;

  5. date and time of transmission;

  6. originating server address of email transmission.

 

In the case you contact us by email this means in short words, the user's personal data transmitted by email will be stored.

 

The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation. Data is only forwarded to contractors if necessary and according to the prescriptions of the EU-GDPR.

 

7.2 Legal basis for data processing

 

The legal basis for the processing of the data, if consent by the user has been provided, is Art. 6 (1) lit. a GDPR.

If the aim of the email contact is the conclusion of a contract, then additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

 

 

7.3 Purpose of data processing

 

We only process the personal data from the form to handle contact being made.

The other personal data collected serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

7.4 Duration of storage

 

The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those data that were sent by email, this is the case when the respective conversation with the user is finished. The conversation is finished when it can be inferred from the circumstances that the facts in question have been conclusively clarified.

 

7.5 Possibility of objection and erasure

 

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user only contacts us by email, he can also object to the storage of his personal data here at any time; in such a case, however, the conversation cannot be continued.

 

If you want your data being revoked from our systems, contact the conference organizers or contact the website admin via email under:

 

indico@hiskp.uni-bonn.de

 

All personal data stored in the course of contacting us will be erased in the event of revocation.

 

8. Rights of the data subject

 

If your personal data are processed, you as the data subject have the following rights pursuant to the GDPR towards the controller:

 

8.1 Right to information

 

You can ask the controller to confirm whether personal data concerning you are being processed.

 

If such processing takes place, you can request the following information from the controller:

  1. the purposes for which the personal data are processed;

  2. the categories of personal data being processed;

  3. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

  4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

  5. the existence of a right to correction or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

  6. the existence of a right to lodge a complaint with a supervisory authority;

  7. all available information on the origin of the data, if the personal data are not collected from the data subject;

  8. the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

 

You have the right to request information as to whether the personal data concerning you are transmitted to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

 

Where data are processed for scientific, historical or statistical research purposes, the right of access may be limited to the extent that it is likely to render impossible or be seriously prejudicial to the realization of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

 

8.2 Right to correction

 

You have the right to correct and/or complete your data towards the controller if the personal data processed concerning you are incorrect or incomplete. The controller must make the correction without delay.

 

Where data are processed for scientific, historical or statistical research purposes, the right of correction may be limited to the extent that it is likely to render impossible or be seriously prejudicial to the realization of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

 

8.3 Right to restriction of processing

 

You may request that the processing of personal data concerning you be restricted under the following conditions:

 

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;

  2. the processing is unlawful, you reject the erasure the personal data and instead demand the restriction of the use of personal data;

  3. the controller no longer needs the personal data for the purposes of processing, but you require them for the assertion of or to exercise or defend legal claims;

  4. if you have filed an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

 

If the processing of personal data concerning you has been restricted, such data may only be processed - except for being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

 

If processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

 

Where data are processed for scientific, historical or statistical research purposes, the right of limitation of processing may be limited to the extent that it is likely to render impossible or be seriously prejudicial to the realization of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.

 

    1. Right of erasure

 

  1. Erasure obligation

You can demand that the controller erases the personal data concerning you immediately. The controller is obliged to erase these data immediately if one of the following reasons applies:

 

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

  2. You withdraw your consent on which the processing was based in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR and there is no other legal basis for processing.

  3. You object to processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to processing in accordance with Art. 21 (2) GDPR.

  4. Your personal data were processed unlawfully.

  5. The erasure of your personal data is necessary to fulfil a legal obligation under Union or Member State law which the controller is subject to.

  6. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

 

    1. Information to third parties

 

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the erasure of all links to these personal data or of copies or replications of these personal data.

 

Exceptions: The right to erasure does not exist insofar as the processing is necessary

 

  1. to exercise the right to freedom of expression and information;

  2. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;

  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law referred to under section a) is likely to render impossible or seriously impair the attainment of the objectives of such processing;

  5. to assert, exercise or defend legal claims.

 

    1. Right to information

 

If you have exercised your right to have the controller correct, erase or limit the processing, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or erasure of the data or the restriction on processing, unless this proves impossible or involves a disproportionate effort.

 

You have the right to be informed of such recipients by the controller.

 

    1. Right to data portability

 

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to pass these data on to another controller without obstruction by the controller to whom the personal data was provided, provide that

 

  1. processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and

  2. processing is carried out using automated methods.

 

In exercising this right, you further also have the right to request that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

 

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

 

    1. Right of objection

 

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Art. 6 (1) lit. e GDPR; this also applies to any profiling based on these provisions.

 

In the event of an objection, the controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is required for the establishment, exercise or defense of legal claims.

 

In the case of data processing for scientific, historical or statistical research purposes pursuant to Art. 89 (1) GDPR, you also have the right to object to the processing of personal data concerning you for reasons arising from your particular situation, unless the processing is necessary to fulfill a task in the public interest.

 

8.9 Right to revoke the data protection consent

 

You have the right to revoke your data protection consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

 

8.10 Automated decision in individual cases including profiling

 

You have the right to not be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner.

 

This does not apply if the decision

 

  1. is necessary for the conclusion or performance of a contract between you and the controller;

  2. is admissible by law of the Union or of the Member States to which the controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests;

  3. is made with your express consent.

 

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

 

In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, the right to state one’s own position and to challenge the decision.

 

8.11 Right to lodge a complaint with a supervisory authority

 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is in breach of the EU General Data Protection Regulation.

 

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

 

The competent supervisory authority is:

 

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
P.O. Box 20 04 44
D-40102 Düsseldorf

 

Notes on data collection and data processing

 

Name and contact details of the office processing the data and the data protection officer

 

University of Bonn

Helmholtz-Institut für Strahlen- und Kernphysik

Section of Physics and Astronomy

Nussallee 14-16

D-53115 Bonn

Germany

Tel.: +49 228 73-2203

E-Mail: sekretar@hiskp.uni-bonn.de

 

Official data protection officer:

Dr. Jörg Hartmann

Genscherallee 3

D-53113 Bonn

Email: joerg.hartmann@uni-bonn.de

 

Deputy:

 

Eckhard Wesemann

Dezernat 1

Regina-Pacis-Weg 3

D-53113 Bonn

Email: wesemann@verwaltung.uni-bonn.de

 

 

Collection and storage of personal data as well as type and purpose of their use

 

Your personal data is collected for purposes of taking part in the Lattice 2020 conference taking place from August 3rd, 2020 till August 8th, 2020. Your personal data is processed for terms of registration to the conference and for managing your participation, contributions, talks and proceedings. Following data is collected upon registration:

 

  1. Title

  2. Academic title

  3. Given Name

  4. Family Name

  5. Company/Institution

  6. Department

  7. Job/Function

  8. Street address

  9. Addition to address

  10. Postal code

  11. City

  12. Phone

  13. Country

  14. Your e-mail address

  15. Talks, contributions and proceedings you upload or send to the organizers

  16. Your bank account coordinates and bank transfer data for processing the conference fee payment

  17. Status of promotion (for purpose of accounting with Deutsche Forschungsgemeinschaft DFG)

 

Your data is processed in accordance with the “Lawfulness of processing” pursuant to Art. 6 (1) sentence 1 lit. a EU-GDPR on the basis of the consent of the data subject.

 

The personal data collected from you will be erased or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this point in time if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is required for the conclusion or fulfillment of a contract.

 

Transmission of data to third parties

 

Your personal data will not be transmitted to third parties for purposes other than those listed below. If required pursuant to Art. 6 (1) sentence 1 lit. b EU-GDPR for the handling of the legal relationship with you, your personal data will be passed on to third parties. This includes in particular the transmission to

 

Lombego Systems GmbH

Kaufstr. 2-4

99423 Weimar

Germany

 

for following processes and purposes:

 

Hosting and operation of the Converia conference management software

  • Maintenance and support

  • Payment processing

 

The transmitted data may be used by the third parties exclusively for the stated purposes.

 

 

 

 

Rights of the data subject

 

You have the right,

 

a) if you have given your consent, to revoke your consent at any time in accordance with Art. 7 (3) EU-GDPR to the controller stated above. As a result, data processing that was based on this consent may no longer continue in the future;

b) pursuant to Art. 15 EU-GDPR, to request information about your personal data processed by the controller. In particular, you can obtain information

 

  1. on the processing purposes;

  2. the category of personal data;

  3. the categories of recipients to whom your data has been or will be disclosed;

  4. the planned duration of the storage or, if specific information on this is not possible, the criteria for determining the storage period;

  5. the existence of a right to correction, erasure, restriction of processing or objection;

  6. the existence of a right to lodge a complaint;

  7. the origin of your data, unless these were collected by the aforementioned controller;

  8. the possible existence of automated decision-making, including profiling and, where applicable, meaningful information on the details of this.

 

  1. pursuant to Art. 16 EU-GDPR, to immediately request the rectification of incorrect or incomplete personal data stored by the aforementioned controller;

  2. pursuant to Art. 17 EU-GDPR, to demand the erasure of your personal data stored by the aforementioned controller. This does not apply if longer storage of the data is required for

 

  1. processing to exercise the right to freedom of expression and information;

  2. to fulfill a legal obligation to which the controller is subject;

  3. for reasons of public interest;

  4. to assert, exercise or defend legal claims;

  5. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) EU-GDPR, insofar as the erasure of the data is likely to render impossible or seriously impair the attainment of the objectives of such processing.

 

  1. pursuant to Art. 18 EU-GDPR, to restrict the processing of your personal data under the conditions stated therein;

  2. pursuant to Art. 20 EU-GDPR, under the conditions stated therein, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to demand transmission of those data to another controller;

  3. to lodge a complaint with a supervisory authority pursuant to Article 77 EU-GDPR, without prejudice to any other administrative or judicial remedy. The competent supervisory authority is:

 

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

P.O. Box 20 04 44

D-40102 Düsseldorf.

 

Duty of Cooperation

 

You are obliged to provide your data in accordance with the aforementioned legal provisions or regulations. If you do not communicate or make the data available to the aforementioned controller, it may result in a refuse of your participation at the conference.

 

Right of objection

 

If your personal data are processed based on legitimate interests pursuant to Art. 6 (1) sentence 1 lit. e GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation.

 

If you wish to exercise your right of objection, simply send an email to the aforementioned controller.