The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:
Technische Universität Dresden
Corporation under public law - represented by the Rector
Responsible for the subject-matter
Directorate 2 – Personnel
Tel.: +49 351/463 34062
The controller’s data protection officer is:
TU Dresden’s Data Protection Officer
Mr Jens Syckor
Deputy: Mr Philipp Krahn
Tel.: +49 351/463 32839
Initiation, realization, conclusion, or termination of a service or employment contract; or the realization of other organization, personnel and social measures, in particular for purposes of personnel recruitment, personnel planning, human resources and personnel development.
Art. 6 para. 1 letter b and c, Art. 88 GDPR in accordance with § 6 para. 2 no. 5 Act on the Autonomy of Institutions of Higher Education in the Free State of Saxony (SächsHSFG) and § 11 Saxon Data Protection Implementation Act (SächsDSDG) as well as the Service Agreement on the Use of SAP at TU Dresden.
A data transfer / disclosure will only occur within TU Dresden, the administrative offices of the Saxon State Ministry for Higher Education, Research, Culture and Tourism as well as the State Office for Taxes and Finance if this is necessary and specified by law according to No. 3. A data transfer / disclosure to third parties will only occur if this is necessary according to No. 3 and for the fulfillment of a legal obligation (in this case, in particular, contracts with third-party funding partners, grant notifications - SAB/ESF, etc.) or if data transfer is to take place according to § 6 para. 1 sentence 2 SächsDSDG on the basis of a lawful request from a public body or if the data subject has consented to the data transfer / disclosure in particular cases.
The personal data will be stored / saved as long as it is necessary for the purposes listed in no. 3, i.e. at least until the legally effective termination of the service or employment contract or the conclusion of the other organization, personnel or social measure – unless otherwise stipulated in specific legal provisions.
Unless special legal provisions stipulate shorter or longer periods for certain data, personal contact details will be stored/saved for a period of 5 years after the service or employment contract has legally terminated or after the legally valid closure of the personnel file by the personnel administration office. The legal storage periods for business documentation, especially the commercial, tax and insurance deadlines according to German Commercial Code (HGB), The Fiscal Code of Germany (AO) and German Social Code Book Four (SGB IV).
After the above-mentioned storage periods have ended, the personnel file / personnel file data is stored in the university archives in accordance with the Free State of Saxony’s archiving regulations. Subsequent storage, evaluation and other use of the data is then only permitted in compliance with particular statutory archiving requirements.
This website uses the Converia conference management software, which is provided by Converia GmbH. Converia GmbH hosts the software and provides additional services such as software maintenance and support for the organiser. Additionally, Converia GmbH offers the handling of payment processing for the organiser.
Within the scope of the conference overview, Converia GmbH is in charge of privacy compliance. Within the scope of individual conferences (subpages or clients), the organiser is in charge of privacy compliance following the contractual agreement.
This means that Converia GmbH may come into contact with personal data stored in the software when carrying out this work and must therefore be regarded as a processor.
The individual conferences therefore have separate privacy policies in which this is stated in detail.
A contract has been concluded with Converia GmbH for order processing in accordance with Article 28 of the GDPR. (For company information, see the "List of Processors" section in this document).
If data is disclosed to other persons or companies (processors or third parties) within the scope of processing, or if data is transferred to them, or if they are allowed to access the data in any other way, this shall only be done on the basis of legal authorisation (e.g. if transferring data to third parties such as payment processors is required in order to fulfil the contract according to Article 6 (1) lit. b GDPR), if you have given your consent, a law provides for it, or on the basis of our legitimate interests (e.g. when appointing representatives, web hosters, etc.).
If we appoint third parties with processing data based on a "data processing contract", this will be based on Art. 28 GDPR.
The following data is collected:
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) of the GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user’s IP address must be stored for the duration of the session.
This data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. Data collected in this context is not analysed for marketing purposes.
Data processing for these purposes is also in our legitimate interest in accordance with Article 6 (1) (f) of the GDPR.
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. If data is collected for the provision of the website, this is the case when the respective session has ended.
Data stored in log files is erased after no more than then days. Storage for a longer period is possible. In such cases, the user’s IP address is erased or masked so that it can no longer be associated with the accessing client.
The collection of data for providing the website and storage of data in log files are absolutely necessary for operating the website. Consequently, there is no possibility for the user to object.
We classify cookies into the following categories:
Necessary cookies (type 1)
These cookies are essential for websites and their functions to work properly. Without these cookies, services such as attendee registration cannot be provided.
Functional cookies (type 2)
These cookies make it possible to improve the convenience and performance of websites and to provide various functions. For example, language settings can be stored in functional cookies.
Performance cookies (type 3)
These cookies collect information on how you use websites. For example, performance cookies help us to identify particularly popular areas of our internet presence. In this way, we can adapt the content of our websites more specifically to your needs and thereby improve what we offer you. No personal data is stored in these cookies. Further details on how the information is collected and analyzed can be found in the section "Analysis of usage data".
Third-party cookies (type 4)
These cookies are installed by third parties, e.g. social networks. Their main purpose is to integrate social media content on our site, such as social plugins. Information on how we use social plugins can be found in the "Social Plugins" section of the privacy statement.
The legal basis for the processing of personal data using cookies is Article 6 (1) (f) of the GDPR.
We use the following cookies on our websites:
Identification of a user session
Identification of a front-end user
The conference management software offers users the possibility to register by entering personal data. The data is entered into an input mask and then transmitted to us and stored.
Mandatory information may be requested during registration. This information must be entered completely and accurately. If this is not the case, the registration will be rejected.
The system provides for a function which requires that a data protection agreement must be actively confirmed before personal data is stored in the software.
For example, a registration process is usually required for the following activities:
The following data is collected and stored during the registration process and use of the software features:
Various payment options (e.g. invoice/bank transfer, credit card, PayPal) are available for payment processing when participants register for an event. Sensitive payment information is not stored in the conference management system itself. For this purpose, specially certified payment service providers are employed which perform the data processing and storage. The user is led directly to the website of the respective provider. Further information on data protection can be found on the websites of the respective service provider.
The following data is collected for payment processing:
The legal basis for the processing of data is Article 6 (1) (a) of the GDPR, provided the user's consent has been obtained.
If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for processing of the data is Article 6 (1) (b) of the GDPR.
A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected.
This is the case for data collected during the registration process to fulfil a contract or to carry out pre-contractual measures, when this data is no longer required for the execution of the contract. After conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
Since the access data including address data will be used for other events such as follow-up events, this data will be removed from the system within 2 years after the last login.
As a user you have the possibility to cancel the registration at any time. You can have the data stored about you amended at any time.
For this purpose, please contact the controller by e-mail or telephone (see information above).
If the data is required to fulfil a contract or to carry out pre-contractual measures, a premature deletion of this data is only possible to the extent that contractual or legal obligations do not preclude deletion.
If the legal requirements are met, you are entitled to the following rights:
Right to lodge a complaint with the supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of personal data concerning your person does not comply with the law. The supervisory authority is:
The Saxon Data Protection Officer
Dr. Juliane Hundert
Tel.: +49 351/85471 101
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
In the area of card payments (debit/girocard/credit cards), we are cooperating with the Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn, represented by its directors Jana Brendel and Carsten Höltkemeyer.
Within this scope, the purchase amount and date as well as card data will be transferred to the aforementioned company.
All payment data as well as data regarding any possible chargebacks will only be stored as long as they are needed for payment processing (including processing possible return debits and debt collection) and for anti-abuse provisions. As a rule, this data will be deleted no later than 13 months after its collection.
The data may be stored for a longer period of time if and as long as that is necessary in compliance with a statutory retention period or in order to prosecute a particular case of misuse. Article 6(1) lit. f GDPR serves as the legal basis for data processing.
You are entitled to obtain information regarding your stored data and, where applicable, have a right to have this data corrected or deleted. You may also demand a restricted processing of your data and/or, where applicable, object to the processing of your personal data. If you have any questions regarding Concardis’s data processing or asserting your aforementioned rights, please consult the data protection officer that can be contacted by post at the above address or by email at Datenschutzbeauftragter@concardis.com.
Furthermore, you are entitled to make a complaint to the supervisory authority (the privacy and data protection representative of the federal state in Germany). We would like to point out that the provision of payment data is neither legally nor contractually required. In case you do not wish to provide your payment data, you may use another payment method (e.g. cash).
List of Processors
Type of processing:
e event organizer]