Data Privacy Statement

 

Name and address of the Data Protection Officer

The Data Protection Officer for the responsible body is:

Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e. V.
F.A.O. the Data Protection Officer
Hansastraße 27c
80686 Munich | Germany

Phone: +49 89 1205-0

datenschutz@zv.fraunhofer.de

www.fraunhofer.de

 

General information concerning data processing

1. Scope of the processing of personal data

In principle, we process the personal data of our users only insofar as this is necessary for the provision of a functioning website and for our content and services. The processing of personal data of our users is carried out regularly and only with the consent of the user. An exception applies in cases in which prior consent cannot be obtained due to factual reasons and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing procedures for personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis.

During the processing of personal data which is necessary for the fulfillment of a contract whose contract partner is the data subject, Art. 6 para. 1 lit. b GDPR shall serve as the legal basis. This also applies to processing procedures which are necessary for the execution of pre-contractual measures.

Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR shall serve as the legal basis.

In the event that vital interests of the data subject or other natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR shall serve as the legal basis.

In the case of processing being necessary in order to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the first-mentioned interest, Art. 6 para. 1 lit. f GDPR shall serve as the legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage has been fulfilled. Furthermore, such storage may take place if they have been provided for through the European or national legislator in EU regulations, laws or other provisions to which the responsible body is subject. A blocking or deletion of the data will also take place when a storage period stipulated by the aforementioned standards expires, unless the necessity of continued storage of the data for conclusion of a contract or fulfillment of a contract exists.

Information regarding order processing

This website uses the conference management software Converia, which is made available by the company Converia GmbH. Converia GmbH hosts the software and provides the organizer with additional services such as software maintenance and support. In addition, Converia GmbH offers the assumption of the payment processing on behalf of the organizer. Converia GmbH may therefore come into contact with personal data stored in the software during the performance of this work and is therefore to be regarded as the order processor.

An order processing contract was concluded with Converia GmbH in accordance with Art. 28 GDPR. (For information on the company, please refer to the “List of order processors” section of this document).

Provision of the website and creation of log files

1. Description and scope of the data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data are thereby collected:

  •          Information concerning the browser type and the used version
  •          The operating system of the user
  •          The Internet service provider of the user
  •          The IP address of the user
  •          Date and time of access

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is formed by Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary in order to allow provision of the website to the computer of the user. For this purpose, the user's IP address must be stored for the duration of the session.

The storage in log files is carried out in order to ensure the functionality of the website. Furthermore, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place within this context.

Our legitimate interest in the processing of data in accordance with Art. 6 para. 1 lit. f GDPR also lies within these purposes.

4. Duration of the storage

The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection. In the case of collection of the data for provision of the website, this applies when the respective session has been completed.

In the case of storage of the data in log files, this applies after a maximum of ten days. An extended storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an allocation of the accessing client is no longer possible.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. As a consequence, no objection possibility exists on the part of the user.

Use of Cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored in an Internet browser and/or in the user’s computer system via an Internet browser. When a user accesses a website, a cookie may be stored in the user's operating system. This cookie contains a characteristic string which enables the browser to be uniquely identified when the website is re-accessed.

We separate cookies into the following categories:

Necessary cookies (Type 1)

These cookies are absolutely necessary in order to ensure the correct operation of websites and their functions. Without these cookies, services such as e.g. participant registration cannot be provided.

Functional cookies (Type 2)

These cookies enable the improvement of the comfort and performance of websites and the provision of various functions. Language settings, for example, can be stored in functional cookies.

Performance cookies (Type 3)

These cookies collect information regarding your usage of websites. Performance cookies help, for example, in the identification of particularly popular areas of our website. This enables us to tailor the content of our websites more specifically to your requirements and to thereby improve our offer for you. The information collected via these cookies is not personal.

Third-party cookies (Type 4)

These cookies are placed by third parties, e.g. social networks. They are used primarily to integrate social media content, such as social plugins, into our website.

2. Rechtsgrundlage für die Datenverarbeitung

Die Rechtsgrundlage für die Verarbeitung personenbezogener Daten unter Verwendung von Cookies ist Art. 6 Abs. 1 lit. f DSGVO.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data using cookies is Article 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

We use the following cookies on our website:

Name of the cookie

Purpose

Type

PHPSESSID

Identification of a user session

1

Converia_SID

Identification of a front-end user

1

 

4. Duration of the storage, possibility of objection and deletion

Cookies are stored on the user’s computer, which transmits the cookies to our website. As a user, you therefore have full control over the use of cookies. By altering the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies which have already been saved can be deleted at any time. This can also be performed automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full extent. 

Registration and usage of the functions of the conference management software

1. Description and scope of the data processing

Within the conference management software, users are offered the possibility of registering themselves through the provision of personal data. The data are thereby entered into an input mask, transmitted to us and stored.

During registration, it is possible that mandatory information is required. This must be entered in complete and correct form. If this is not the case, the registration will be rejected.

The system provides a function which makes the active confirmation of a data protection agreement necessary before the storage of the personal information in the software can be performed.

Amongst others, the following activities usually require a registration process:

  •          Registration as a participant for an event
  •          Submission of a scientific article in the system
  •          Assessment of scientific articles
  •          Actions as a speaker or chair of a session
  •          Using the Favorites function of the conference planner

The following data are collected and stored within the framework of the registration process and the use of the functions of the software:

  •          Access data (user name, password)
  •          Address data
  •          E-Mail address
  •          Shopping-cart data
  •          Invoice information
  •          Information concerning submitted articles
  •          Temporal and spatial planning data (conference plan)
  •          Information concerning memberships
  •          Information concerning substantiation (e.g. student ID)

o   Data from the pre-registration

o   Further custom fields (EAV fields)

Payment processing

For the execution of payment processing in the case of participant registration for an event, various payment options are offered (e.g. invoice/transfer, credit card, PayPal). Sensitive payment information itself is not stored in the conference management system. For this purpose, specially certified payment service providers are employed, who perform the data processing and storage. The user is hereby guided directly to the website of the respective provider. Further information concerning data protection can be found on the website of the respective service provider.

The following data are collected within the framework of the payment processing:

  •          Selected payment method
  •          Invoice total
  •          Amounts paid
  •          Invoicing data

2. Legal basis for the processing of personal data

The legal basis for the processing of the data in the case of the user providing his/her consent is Article 6 para. 1 lit. f GDPR.

In the case of the registration serving the fulfillment of a contract of which the user is a contract party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

A registration of the user is necessary in order to fulfill a contract with the user or to implement pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection.

This is the case during the registration procedure for the fulfillment of a contract or for the performance of pre-contractual measures if the data are no longer necessary for the fulfillment of the contract. Following conclusion of the contract, there may remain a necessity for the storage of personal data of the contracting party in order to comply with contractual or legal obligations.

As the access data including address data may be used for other events, such as follow-up events, these data are usually removed from the system within 2 years following the last login.

5. Possibility of objection and removal

As user, you have the option of terminating the registration at any time. You can amend the stored data relating to you at any time.

For this purpose, please contact the responsible body via E-Mail or telephone (see information above).

If the data are necessary for the fulfillment of a contract or for the performance of pre-contractual measures, a premature deletion of the data is only possible insofar as contractual or legal obligations do not preclude a deletion.

Rights of the data subject

In the case of your personal data being processed, you are the data subject in accordance with the GDPR and are entitled to the following rights against the responsible body:

 1. Right of access

You may demand that the responsible body provides a confirmation as to whether personal data relating to you are being processed by us.

If such processing exists, you may demand disclosure of the following information from the responsible body:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients and/or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information hereto is not available, criteria for the determination of the duration of storage;

(5) the existence of a right of rectification or deletion of personal data relating to you, a right of restriction of processing by the responsible body or a right of objection to this processing;

(6) the existence of a right of complaint to a regulatory authority;

(7) all available information concerning the source of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making including profiling pursuant to Article 22 para. 1 and para. 4 GDPR and, at least in these cases, meaningful information concerning the involved logic as well as the consequences and intended impact of such processing on the data subject.

You have the right to demand information as to whether your personal data are transmitted to a third country or an international organization. In this regard, you may demand, via the appropriate guarantees in accordance with Art. 46 GDPR, notification in connection with the transmission.

2. Right of rectification

You have a right of rectification and/or completion against the responsible body insofar as the personal data relating to you is incorrect or incomplete. The responsible body must perform the rectification without delay.

3. Right of restriction of processing

Under the following conditions, you may demand the restriction of the processing of the personal data relating to you:

(1) if you contest the accuracy of the personal data relating to you for a period of time which enables the responsible body to verify the accuracy of your personal data;

(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;

(3) the responsible body no longer requires the personal data for the purposes of the processing but you need them to assert, exercise or defend legal claims, or

(4) if you have placed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain as to whether the legitimate reasons of the responsible body outweigh your reasons.

If the processing of the personal data relating to you has been restricted, these data - with the exception of their storage - may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or for protecting the legal rights of another natural or legal person or for reasons of important public interest to the Union or a Member State.

In the case of the restriction of the processing having been performed in accordance with the aforementioned conditions, you will be informed by the responsible body prior to the restriction being lifted.

4. Right of deletion

a) Obligation to delete

You may demand that the responsible body deletes the personal data relating to you without delay, and the responsible body is obliged to delete these data without delay insofar as one of the following grounds applies:

(1) Personal data relating to you are no longer required for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing, in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR, was founded, and no other legal basis for the processing exists.

(3) You place, in accordance with Art. 21 para. 1 GDPR, an objection to the processing and no overriding justifiable reasons exist for the processing or, pursuant to Art. 21 para. 2 GDPR, you place an objection to the processing.

(4) The personal data relating to you have been processed unlawfully.

(5) The deletion of personal data relating to you is required in order to fulfill a legal obligation under Union law or the law of the Member States to which the responsible body is subject.

(6) The personal data relating to you were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the responsible body has made the personal data relating to you public and is, pursuant to Article 17 para. 1 GDPR, obliged to delete these data, it shall, taking into account the available technology and implementation costs, undertake appropriate measures, including those of a technical nature, in order to inform the body responsible for the data processing of the personal data that you as data subject have demanded the deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right of deletion does not exist if the processing is necessary

(1) in order to exercise the right to freedom of expression and information;

(2) in order to fulfill a legal obligation required by the law of the Union or of the Member States to which the responsible body is subject, or for the execution of a task which is in the public interest or which occurs during the exercise of official authority which has been conferred upon the responsible body;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to in section (a) will foreseeably render impossible or seriously impair the achievement of the objectives of this processing, or

(5) in order to assert, exercise or defend legal claims.

5. Right to be informed

In the case of your having asserted your right of rectification, deletion or restriction of processing against the responsible body, the responsible body is obliged to notify all recipients to whom the personal data relating to you have been disclosed concerning this rectification or deletion of the data or restriction of processing, unless this proves to be impossible or would involve a disproportionate effort.

You have a right against the responsible body to be informed regarding these recipients.

6. Right of data portability

You have the right to receive, in a structured, conventional and machine-readable format, the personal data relating to you which have been provided to the responsible body. In addition, you have the right to transmit these data to another responsible body, without hindrance on the part of the responsible body provided with the personal data, provided that

(1) the processing is based upon a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or upon a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2) the processing is performed by means of automated procedures.

In asserting this right, you also have the right to bring into effect the direct transmission of the personal data relating to you from one responsible body to another responsible body, insofar as this is technically feasible. Freedoms and rights of other persons must not be hereby affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task which is in the public interest or which occurs during the exercise of official authority which has been conferred upon the responsible body.

7. Right of objection

You have the right at any time, for reasons arising from your particular situation, to object to the processing of the personal data relating to you which has been performed pursuant to Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

The responsible body shall then no longer process the personal data relating to you, unless it can prove compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

In the case of the personal data relating to you being processed for direct advertising purposes, you have the right to object at any time to the processing of the personal data relating to you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.

In the case of your objecting to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.

You have the possibility, within the context of the use of information society services and irrespective of Directive 2002/58/EG, of asserting your right of objection by means of automated procedures for which technical specifications are utilized.

8. Right of revocation of data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent shall not affect the legality of the processing performed on the basis of the consent until the revocation.

9. Right of complaint to a regulatory authority

Irrespective of a further administrative or judicial redress, you shall retain the right to complain to a regulatory authority, in particular in the Member State of your residence, your place of work or the location of the alleged infringement, should you be of the view that the processing of the personal data relating to you is in breach of the GDPR.

The regulatory authority to which the complaint has been submitted shall inform the complainant regarding the status and the results of the complaint, including the possibility of a judicial redress in accordance with Art. 78 GDPR.

Privacy information for paying by credit card

In the area of card payments (debit/girocard/credit cards), we are cooperating with the Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn, represented by its directors Jana Brendel and Carsten Höltkemeyer.

Within this scope, the purchase amount and date as well as card data will be transferred to the aforementioned company.

All payment data as well as data regarding any possible chargebacks will only be stored as long as they are needed for payment processing (including processing possible return debits and debt collection) and for anti-abuse provisions. As a rule, this data will be deleted no later than 13 months after its collection.

The data may be stored for a longer period of time if and as long as that is necessary in compliance with a statutory retention period or in order to prosecute a particular case of misuse. Article 6(1) lit. f GDPR serves as the legal basis for data processing.

You are entitled to obtain information regarding your stored data and, where applicable, have a right to have this data corrected or deleted. You may also demand a restricted processing of your data and/or, where applicable, object to the processing of your personal data. If you have any questions regarding Concardis’s data processing or asserting your aforementioned rights, please consult the data protection officer that can be contacted by post at the above address or by email at Datenschutzbeauftragter@concardis.com <mailto:Datenschutzbeauftragter@concardis.com>

Furthermore, you are entitled to make a complaint to the supervisory authority (the privacy and data protection representative of the federal state in Germany). We would like to point out that the provision of payment data is neither legally nor contractually required. In case you do not wish to provide your payment data, you may use another payment method (e.g. cash).

 

List of order processors

Converia GmbH
Kaufstr. 2-4
99423 Weimar | Germany 

Type of processing:

  •          Hosting and operation of the conference management software Converia
  •          Maintenance and support
  •          Payment processing