Privacy policy

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

 

General information on data processing

1. Scope of processing personal data

We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data is carried out regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

 

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

 

Information on order processing

This website uses the conference management software Converia, which is provided by Converia GmbH. Converia GmbH hosts the software and provides additional services for the organizer, such as software maintenance and support. Therefore, Converia GmbH may come into contact with personal data stored in the software in the course of its work and is therefore to be regarded as a processor.

 

A contract for order processing in accordance with Art. 28 GDPR has been concluded with Converia GmbH. (For information on the company, see the “List of processors” section in this document).

 

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

 

The following data is collected:

· Information about the browser type and version used

· The user's operating system

· The user's Internet service provider

· The user's IP address

· Date and time of access

 

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.

 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.

 

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

In the case of data storage in log files, this is the case after ten days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

 

5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no right to object on the part of the user.

 

Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

 

We divide cookies into the following categories:

Necessary cookies (type 1)

These cookies are essential for websites and their functions to work properly. Without these cookies, services such as user registration cannot be provided.

 

Functional cookies (type 2)

These cookies enable us to improve the convenience and performance of websites and provide various functions. For example, language settings can be stored in functional cookies.

 

Performance cookies (type 3)

These cookies collect information about how you use websites. Performance cookies help us, for example, to identify particularly popular areas of our website. This allows us to tailor the content of our websites more specifically to your needs and thus improve our offering for you. The information collected by these cookies is not personal. For more information on the collection and evaluation of information, please refer to the section “Evaluation of usage data.”

 

Third-party cookies (type 4)

These cookies are set by third parties, e.g., social networks. They are primarily used to integrate social media content such as social plugins on our site. For information on how we use social plugins, please refer to the “Social Plugins” section of the privacy policy.

 

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

 

3. Purpose of data processing

We use the following cookies on our pages:

 

Name of cookie Purpose Type

PHPSESSID Identification of a user session 1

Converia_SID Identification of a front-end user 1

[1.1]... (other proprietary cookies)

 

 

 

4. Duration of storage, option to object and removal

Cookies are stored on the user's computer and transmitted by the user to our site. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

 

Registration & use of the functions of the conference management software

1. Description and scope of data processing

The conference management software offers users the option of registering by providing personal data. The data is entered into an input mask, transmitted to us, and stored.

Mandatory information may be requested during registration. This information must be provided completely and correctly. If this is not the case, the registration will be rejected.

The system has a function that requires a data protection agreement to be actively confirmed before personal data is stored in the software [2.1].

A registration process is usually required for the following activities, among others:

· Registration as a participant in an event

· Submission of a scientific contribution in the system

· Review of scientific contributions

· Actions as a speaker or chair of a session

· Using the favorites function of the conference planner

 

The following data is collected and stored as part of the registration process and the use of the software's functions:

· Access data (username, password)

· Address data

· Email address

· Shopping cart data

· Billing information

· Information on submitted contributions

· Time and space planning data (conference schedule)

· Information about memberships

· Information about credentials (e.g., student ID)

 

· Optional[3.1]e data:

o Data from pre-registration

o Additional custom fields (EAV fields)

 

Payment processing

Various payment options are offered for processing payments when participants register for an event (e.g., invoice/bank transfer, credit card, PayPal). Sensitive payment information is not stored in the conference management system itself. Specially certified payment service providers are used for this purpose, which carry out data processing and storage. Users are redirected directly to the websites of the respective providers for this purpose. Further information on data protection can be found on the websites of the respective service providers.

 

The following data is collected during payment processing:

· Selected payment method

· Invoice amount

· Amounts paid

· Billing data

 

Additional information on the payment service providers can also be found at the end of this privacy policy under “Data protection information.”

 

2. Legal basis for data processing

The legal basis for data processing is Art. 6 (1) (a) GDPR if the user has given their consent.

If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR.

 

3. Purpose of data processing

Registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

This is the case for data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer necessary for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner's personal data in order to comply with contractual or legal obligations.

Since the access data, including address data, can be used for further events, such as follow-up events, this data is usually removed from the system within 2 years of the last login.

 

5. Right to object and right to erasure

As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time.

To do so, please contact the controller by email or telephone (see information above).

If the data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations that prevent deletion.

 

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

 

1. Right of access

You can request confirmation from the controller as to whether personal data concerning you is being processed by us

If such processing is taking place, you can request the following information from the controller:

 

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) any available information on the source of the data, if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the intended effects of such processing for the data subject.

 

You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of your personal data if it is inaccurate or incomplete. The controller shall carry out the rectification without delay.

 

3. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

 

(1) if you dispute the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims; or

(4) you have objected to processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

 

If the processing of personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

 

4. Right to erasure

a) Obligation to erase

You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

 

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The erasure of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to erasure does not apply if the processing is necessary

 

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defense of legal claims.

5. Right to be informed

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

 

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and

(2) the processing is carried out using automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures using technical specifications, irrespective of Directive 2002/58/EC.

 

8. Right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation.

 

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

List of processors

Converia GmbH

Kaufstr. 2-4

99423 Weimar

 

Type of processing:

· Hosting and operation of the Converia conference management software

· Maintenance and support

 

Data protection information

We use the payment service provider secupay AG, Goethestraße 6, 01896 Pulsnitz, Germany, to process payments. secupay AG is a payment institution approved by the German Federal Financial Supervisory Authority (BaFin).

Secupay acts on its own responsibility with regard to data protection law (Section 1 (1) sentence 2 no. 6 ZAG in conjunction with Art. 6 (1) lit. b, c, and f GDPR) and processes your personal data exclusively for the purpose of executing and processing the respective payment transaction.

 

The following data in particular is processed as part of the payment process:

• Payment information (e.g., IBAN, credit card number, check digit, payment amount)

• Transaction data (e.g., time, reference number, purpose)

• Contact details (e.g., name, address, email address), if applicable

Data processing is carried out for the purpose of secure and reliable payment processing and to fulfill legal obligations for fraud prevention, anti-money laundering, and record-keeping requirements.

Legal basis for processing:

• Art. 6 (1) (b) GDPR (performance of a contract),

• Art. 6 (1) (c) GDPR (legal obligation),

• Art. 6 (1) (f) GDPR (legitimate interest in secure payment processing).

Data is only transferred to recipients required for payment processing, in particular banks, credit institutions, and, if applicable, commissioned IT service providers.

Data is only stored for as long as is necessary for the processing purpose. Secupay deletes or anonymizes your data in accordance with legal requirements once the processing purpose no longer applies.