Privacy policy
Name and Address of the Responsible Party
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:
Justus Liebig University Giessen
The Data Protection Officer
Ludwigstraße 23
35390 Giessen
General Information on Data Processing
Scope of Processing Personal Data
We process personal data of our users primarily only to the extent necessary to provide a functional website, along with our content and services. The processing of personal data of our users occurs regularly only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.
Legal Basis for Processing Personal Data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data required to fulfill a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.
Insofar as processing personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
If the processing of personal data is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
If the processing is necessary for the protection of legitimate interests of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, then Article 6(1)(f) GDPR serves as the legal basis for processing.
Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the responsible party is subject. Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion of a contract or the fulfillment of a contract.
Notes on Order Processing
This website uses the conference management software Converia, provided by Converia GmbH. Converia GmbH hosts the software and provides additional services for the organizer, such as software maintenance and support. Furthermore, Converia GmbH offers to handle payment processing for the organizer. Therefore, Converia GmbH may come into contact with personal data stored in the software in the course of carrying out these tasks and is thus to be regarded as a processor.
A contract for order processing in accordance with Article 28 GDPR has been concluded with Converia GmbH. (Information about the company can be found in the section “List of Processors” in this document).
Provision of the Website and Creation of Log Files
Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected in this context:
- Information about the browser type and version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
Legal Basis for Data Processing
The legal basis for the temporary storage of the data and log files is Article 6(1)(f) GDPR.
Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. Additionally, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing according to Article 6(1)(f) GDPR.
Duration of Storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of data collection to provide the website, this is the case when the respective session is terminated.
In the case of data storage in log files, this occurs after a maximum of ten days. Further storage is possible. In this case, the IP addresses of users are deleted or anonymized, so that an assignment to the calling client is no longer possible.
Possibility of Objection and Removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility for the user to object.
Use of Cookies
Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows for the unique identification of the browser when the website is accessed again.
We classify cookies into the following categories:
Necessary Cookies (Type 1)
These cookies are absolutely necessary for websites and their functions to operate properly. Without these cookies, services such as participant registration cannot be provided.
Functional Cookies (Type 2)
These cookies allow for improved comfort and performance of websites and provide various functions. For example, language settings can be stored in functional cookies.
Performance Cookies (Type 3)
These cookies collect information about how users use websites. Performance cookies help us identify particularly popular areas of our online offering. This allows us to tailor the content of our websites more specifically to your needs and thus improve our offerings for you. The information collected by these cookies is not personal. For more information about the collection and evaluation of information, please refer to the section "Evaluation of Usage Data."
Third-Party Cookies (Type 4)
These cookies are set by third parties, such as social networks. They are primarily used to integrate social media content, such as social plugins, on our site. Information on how we use social plugins can be found in the section "Social Plugins" of the privacy policy.
Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.
Purpose of Data Processing
We use the following cookies on our pages:
| Cookie Name | Purpose | Type |
|---|---|---|
| PHPSESSID | Identification of a user session | 1 |
| Converia_SID | Identification of a frontend user | 1 |
| ... (other custom cookies) |
Duration of Storage, Right to Object, and Deletion Options
Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as the user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be fully usable.
Registration & Use of Conference Management Software Functions
Description and Scope of Data Processing
In the conference management software, users are given the opportunity to register by providing personal data. The data is entered into an input mask and transmitted and stored by us.
Mandatory information may be required during registration. This information must be provided completely and accurately. If this is not the case, registration will be denied.
The system provides a function whereby prior to storing personal data in the software, a data protection agreement must be actively confirmed.
Among other activities, a registration process is typically required for:
- Registration as a participant in an event
- Submission of a scientific contribution in the system
- Review of scientific contributions
- Actions as a speaker or chair of a session
- Use of the favorites function of the conference planner
The following data will be collected and stored during the registration process and the use of the software functions:
- Access data (username, password)
- Address data
- Email address
- Shopping cart data
- Billing information
- Information on submitted contributions
- Temporal and spatial planning data (conference schedule)
- Membership information
- Information on proof (e.g., student proof)
- Pre-registration data
- Other custom fields (EAV fields)
Payment Processing
To carry out payment processing for participant registration at an event, various payment options are offered (e.g., invoice/transfer, credit card, PayPal). Sensitive payment information is not stored in the conference management system. Specially certified payment service providers are used for this purpose, who handle data processing and storage. The user will be directed to the respective provider's website. More information on data protection can be found on the websites of the respective service provider.
The following data will be collected during payment processing:
- Selected payment method
- Invoice amount
- Paid amounts
- Billing data
Legal Basis for Data Processing
The legal basis for data processing, provided there is consent from the user, is Article 6(1)(a) GDPR. If registration serves to fulfill a contract of which the user is a party or to carry out pre-contractual measures, the additional legal basis for data processing is Article 6(1)(b) GDPR.
Purpose of Data Processing
User registration is necessary to fulfill a contract with the user or to carry out pre-contractual measures.
Duration of Storage
Data will be deleted as soon as they are no longer necessary for the purposes for which they were collected.
This is the case for the data collected during the registration process for fulfilling a contract or for carrying out pre-contractual measures when the data is no longer necessary for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contracting partner to comply with contractual or legal obligations.
Since access data, including address data, can be used for further events, such as follow-up events, this data will generally be removed from the system within 2 years after the last login.
Right to Object and Deletion Options
As a user, you have the option to dissolve your registration at any time. You can have the data stored about you changed at any time.
Please contact the responsible party by email or phone for this purpose (see information above).
If the data is necessary for the fulfillment of a contract or for the execution of pre-contractual measures, an early deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.
Rights of the Data Subject
If personal data is processed by you, you are considered a data subject as defined by the GDPR and have the following rights against the responsible party:
Right of Access
You can request confirmation from the responsible party as to whether personal data concerning you is being processed by us.
If such processing occurs, you can request information from the responsible party regarding the following:
(1) The purposes for which the personal data is processed;
(2) The categories of personal data that are processed;
(3) The recipients or categories of recipients to whom personal data concerning you has been disclosed or will still be disclosed;
(4) The planned duration of storage for personal data concerning you or, if specific details are not possible, the criteria for determining the storage duration;
(5) The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the responsible party, or a right to object to this processing;
(6) The existence of a right to lodge a complaint with a supervisory authority;
(7) All available information about the origin of the data if the personal data was not collected from the data subject;
(8) The existence of automated decision-making, including profiling, according to Article 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved as well as the significance and the intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards according to Article 46 GDPR in connection with the transfer.
Right to Rectification
You have the right to rectification and/or completion against the responsible party if the processed personal data concerning you is inaccurate or incomplete. The responsible party must make the rectification without delay.
Right to Restriction of Processing
Under the following conditions, you may request the restriction of processing of personal data concerning you:
(1) If you contest the accuracy of the personal data concerning you for a period that enables the responsible party to verify the accuracy of the personal data;
(2) The processing is unlawful, and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
(3) The responsible party no longer needs the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims; or
(4) If you have objected to the processing according to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the responsible party override your grounds.
If the processing of personal data concerning you has been restricted, this data may be processed—apart from its storage—only with your consent or to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or a member state.
If the restriction of processing has been lifted according to the aforementioned conditions, you will be informed by the responsible party before the restriction is lifted.
Right to Erasure
a) Obligation to Delete
You can request the responsible party to erase personal data concerning you without delay, and the responsible party is obliged to delete this data without delay if one of the following reasons applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
(3) You object to the processing according to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to Article 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the member states to which the responsible party is subject.
(6) The personal data concerning you has been collected in relation to services offered by the information society according to Article 8(1) GDPR.
b) Information to Third Parties
If the responsible party has made personal data concerning you public and is obliged to erase it according to Article 17(1) GDPR, the responsible party shall take appropriate measures, taking into account the available technology and the implementation costs, also of a technical nature, to inform data controllers processing the personal data that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data.
c) Exceptions
The right to erasure does not exist to the extent that processing is necessary:
(1) To exercise the right of freedom of expression and information;
(2) To comply with a legal obligation requiring processing under Union law or the law of the member states to which the responsible party is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the responsible party;
(3) For reasons of public interest in the area of public health according to Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes according to Article 89(1) GDPR, insofar as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(5) To assert, exercise, or defend legal claims.
Right to Information
If you have asserted the right to rectification, erasure, or restriction of processing against the responsible party, the responsible party is obliged to inform all recipients to whom the personal data concerning you has been disclosed about this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to the responsible party in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another responsible party without hindrance from the responsible party to whom the personal data has been provided, as long as:
(1) Processing is based on consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract according to Article 6(1)(b) GDPR; and
(2) Processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you be transmitted directly from one responsible party to another, where technically feasible. Freedoms and rights of other persons may not be adversely affected by this.
Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
The responsible party will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims.
If the responsible party processes personal data concerning you for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility of exercising your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Right to Withdraw Data Protection Consent
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out based on your consent until the withdrawal.
Right to Complain to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.
Data Security
We use appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
In this context, we regularly review our security measures and adapt them to the latest standards.
Updates and Changes to the Privacy Policy
We reserve the right to change the privacy policy to adapt it to current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. Your new visit will be subject to the new privacy policy.