Data protection information for participants of the event "BioSpine 2026 – Advanced Science Forum" on May 20, 2026 – May 22, 2025 in Berlin and online

 

The entity responsible for processing your data is:

 

GWT-TUD GmbH

Freiberger Str. 33

01067 Dresden

 

The data protection officer is:

 

Dresden Institute for Data Protection (DiD)

Hospitalstraße 4

01097 Dresden

Email: datenschutz@g-wt.de

Further information about DiD can be found at www.dids.de.

 

1. Scope of processing and type of data

This privacy policy informs you about the processing of your personal data that we process in connection with your participation in the event. Your personal data will be processed in accordance with the applicable data protection regulations. According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.

 

2. Purpose of data processing

Your personal data will be processed for the following purposes:

 

2.1 Event registration

When you register for the event, we collect the following mandatory information:

  • Last name, first name, email, IP address and company/organization

The mandatory information is processed in order to identify you as a participant in the event, to check the plausibility of the data entered, to reserve your place at the event if necessary, and to establish or implement the contract for your participation.

Additional information may also be provided voluntarily. Providing voluntary data enables us to plan and carry out the event in line with your interests.

 

Data processing is based on your registration and is necessary for the purposes stated in accordance with Art. 6 (1) sentence 1 lit. b) GDPR for the fulfillment of the participant contract and for the implementation of pre-contractual measures.

 

We use your email address to inform you about similar events in the future if you have expressly consented to such use or if we have informed you separately when collecting your email address and pointed out your right to object to this use at any time. In these cases, we use your email address together with your first and last name in order to address you appropriately. If this use is not based on your consent, processing is carried out on the basis of Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest is to inform our participants about other events we organize.

 

If the data is no longer required for the aforementioned purposes, it will be deleted on a regular basis, unless its temporary further processing is necessary (due to statutory retention periods). The personal data collected by us for the event will generally be stored until the expiry of the regular limitation period of 3 years after the end of the year in which the event took place and then deleted. In the case of free events, we delete the personal data collected by us no later than six months after the event has taken place. If the data processing is based on consent, we will delete the personal data concerned if you revoke your consent and no other legal basis applies. If the data processing is based on our legitimate interest, we will delete the personal data concerned if you have objected to the data processing.

 

2.2 Photographs

Photos are taken to document the event visually. It cannot be ruled out that you may be directly or indirectly identifiable in the photos, in which case they constitute personal data. The photos are used for news items directly related to the event and for internal and external reporting on our website. This processing is particularly necessary to document and promote our event. Data processing is carried out on the basis of Art. 6 (1) (f) GDPR. The purposes mentioned are legitimate interests within the meaning of the aforementioned provision.

 

3. Disclosure of data to third parties

Your data will only be disclosed to third parties if this is legally permissible and necessary for the execution of the contractual relationship with you. The disclosed data may only be used by the third party for the purposes mentioned.

 

 

4. Data transfer to third countries

 

Personal data will not be transferred to or processed in countries outside the EU.

 

Personal data processed in connection with online participation will not be disclosed to third parties unless it is specifically intended for disclosure.

 

We have incorporated Telekom Deutschland GmbH technologies for the integration of Zoom X into our services. Zoom X, as an innovative communication tool, enables the seamless execution of virtual meetings and conferences. When using Zoom X, personal data such as first name, last name, email address, IP address, and, if necessary, other information required for the provision of services is transmitted to Telekom. This data processing serves to identify users, ensure communication security, and improve service quality. By selecting Zoom X, users consent to this data transfer, although they may revoke their consent at any time. This does not affect the processing of data that is essential for the provision of the service.

Further details on data protection can be found at https://www.telekom.de/ueber-das-unternehmen/datenschutz

 

5. Rights of data subjects

Data subjects may at any time request information about their personal data and, if necessary, request correction or deletion or restriction of processing, or object to processing. They also have the right to data portability. In addition, if data processing is carried out on the basis of consent, this consent may be revoked at any time for the future. To exercise your rights, please contact our data protection officer using the contact details above.

 

6. Right to lodge a complaint with the supervisory authority

In accordance with Art. 77 GDPR, every data subject has the right to lodge a complaint with a data protection supervisory authority if they suspect that the processing of personal data is unlawful.

 

7. Information on order processing

This website uses the conference management software Converia, which is provided by Converia GmbH (Kaufstr. 2-4, 99423 Weimar).

 

Converia GmbH hosts the software and provides additional services for GWT-TUD GmbH, such as software maintenance and support. In performing these tasks, Converia GmbH may come into contact with personal data stored in the software and is therefore considered a processor.

 

A contract for order processing in accordance with Art. 28 GDPR has been concluded with Converia GmbH.

 

8. Provision of the website and creation of log files by Converia GmbH

8.1. Description and scope of data processing

Each time the website is accessed, the system automatically collects data and information from the computer system of the accessing computer.

 

The following data is collected:

 

  • Information about the browser type and version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • Date and time of access

 

8.2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

 

8.3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

 

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of the information technology systems. The data is not evaluated for marketing purposes in this context.

 

These purposes also constitute the legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.

 

8.4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

 

In the case of storage of the data in log files, this is the case after ten days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

 

8.5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

 

9. Use of cookies

9.1. Description and scope of data processing

This website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

 

Cookies are divided into the following categories:

Necessary cookies (type 1)

These cookies are essential for websites and their functions to work properly. Without these cookies, services such as user registration cannot be provided.

 

Functional cookies (type 2)

These cookies enable us to improve the convenience and performance of websites and provide various functions. For example, language settings can be stored in functional cookies.

 

Performance cookies (type 3)

These cookies collect information about how you use websites. Performance cookies help, for example, to identify particularly popular areas of the website. This allows the content of the websites to be tailored more specifically to your needs, thereby improving the service for you. The information collected by these cookies is not personal.

 

Third-party cookies (type 4)

These cookies are set by third parties, e.g., social networks. They are primarily used to integrate social media content such as social plugins on the site.

 

9.2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

 

9.3. Purpose of data processing

The following cookies are used:

Name of the cookie

Purpose

Type

PHPSESSID

Identification of a user session

1

Converia_SID

Identification of a front-end user

1

 

 

9.4. Duration of storage, option to object and removal

Cookies are stored on the user's computer and transmitted to the site by the user. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to use all the functions of the website to their full extent.

10. Registration & use of the functions of the conference management software

10.1. Description and scope of data processing

The conference management software offers users the option of registering by providing personal data. The data is entered into an input mask and transmitted to Converia GmbH, where it is stored.

 

Mandatory information may be requested during registration. This information must be provided completely and correctly. If this is not the case, the registration will be rejected.

 

The system provides a function that requires a data protection agreement to be actively confirmed before personal data is stored in the software.

 

A registration process is usually required for the following activities, among others:

 

  • Registration as a participant in an event
  • Submission of a scientific contribution in the system
  • Reviewing scientific contributions
  • Actions as a speaker or chair of a session
  • Using the favorites function of the conference planner

 

The following data is collected and stored during the registration process and when using the software's functions:

  • Access data (username, password)
  • Address data
  • Email
  • Shopping cart data
  • Billing information
  • Information on submitted contributions
  • Temporal and spatial planning data (conference schedule)
  • Information about memberships
  • Information on certificates (e.g., student ID)

  • Optional data:
    • Data from the pre-registration
    • Additional custom fields (EAV fields)

 

 

 

Payment processing

Various payment options are offered for processing payments when participants register for an event (e.g., invoice/bank transfer, credit card, PayPal). Sensitive payment information is not stored in the conference management system itself. Specially certified payment service providers are used for this purpose, which carry out data processing and storage. Users are redirected directly to the websites of the respective providers for this purpose. Further information on data protection can be found on the websites of the respective service providers.

 

The following data is collected during payment processing:

  • Selected payment method
  • Invoice amount
  • Amounts paid
  • Billing data

 

Additional information about the payment service provider:

 

The payment service provider secupay AG, Goethestraße 6, 01896 Pulsnitz, Germany, is used to process payments. secupay AG is a payment institution licensed by the German Federal Financial Supervisory Authority (BaFin).

 

Secupay acts under its own responsibility for data protection (§ 1 (1) sentence 2 no. 6 ZAG in conjunction with Art. 6 (1) lit. b, c, and f GDPR) and processes your personal data exclusively for the execution and processing of the respective payment transaction.

 

The following data in particular is processed as part of the payment process:

 

  • Payment information (e.g., IBAN, credit card number, verification code, payment amount)
  • Transaction data (e.g., time, reference number, purpose)
  • Contact details (e.g., name, address, email address), if applicable

 

Data processing is carried out for the purpose of secure and reliable payment processing and to fulfill legal obligations for fraud prevention, anti-money laundering, and record-keeping requirements.

 

Legal basis for processing:

  • Art. 6 (1) (b) GDPR (performance of a contract),
  • Art. 6 (1) (c) GDPR (legal obligation),
  • Art. 6 (1) (f) GDPR (legitimate interest in secure payment processing).

 

Data is only transferred to recipients required for payment processing, in particular banks, credit institutions, and, if applicable, commissioned IT service providers.

 

The data is only stored for as long as is necessary for the processing purpose. Secupay deletes or anonymizes your data in accordance with legal requirements once the processing purpose no longer applies.

 

10.2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) (a) GDPR if the user has given their consent.

If the registration serves to fulfill a contract to which the user is a party or to implement pre-contractual measures, the additional legal basis for data processing is Art. 6 (1) lit. b GDPR.

 

10.3. Purpose of data processing

Registration of the user is necessary for the performance of a contract with the user or for the implementation of pre-contractual measures.

 

10.4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

 

This is the case for data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the performance of the contract. Even after the conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to comply with contractual or legal obligations.

 

Since the access data, including address data, can be used for other events, such as follow-up events, this data is usually removed from the system within 2 years after the last login.

 

10.5. Right to object and right to erasure

As a user, you have the option of canceling your registration at any time. You can have the data stored about you changed at any time. To do so, please contact the person responsible (see information above) by email or telephone.

 

If the data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.