Data protection declaration
Information on the processing of your personal data in the context of the Quantum Photonics Spotlight 2026 [QPS2026] in accordance with Art. 13 of the General Data Protection Regulation (GDPR)
(Version 1.0, 1 December 2023)
This privacy policy describes the processing of your personal data in the context of the Quantum Photonics Spotlight 2026 [QPS2026], which will take place in Paderborn from 28 September to 02 October 2026. It fulfils Paderborn University's obligation to provide information in accordance with Art. 13 of the EU General Data Protection Regulation (hereinafter: GDPR). With regard to the terms used below, e.g. ‘personal data’, ‘processing’, ‘controller’, etc., please refer to the definitions in Art. 4 of the GDPR.
In addition, the general privacy policy for the Paderborn University website and the Converia GmbH privacy policy for the registration page apply to the event website.
- Name and contact details
Paderborn University, a public corporation with legal capacity supported by the state of North Rhine-Westphalia, is responsible for the processing of your personal data in the context of the conference Quantum Photonics Spotlight 2026 [QPS2026]. It is represented by the President.
1.1 Name and contact details of the person responsible
Paderborn University
Warburger Str. 100
33098 Paderborn
Phone: 05251 / 60 - 0
Web: https://www.uni-paderborn.de
1.2 Contact person for the [QPS2026]
Dirk Waldhoff
Phone: 05251 / 60 - 7014
E-mail: events(at)phoqs.uni-paderborn(dot)de
Web: https://phoqs.uni-paderborn.de/veranstaltungen/quantum-photonics-spotlight-2026
1.3 Contact details of the data protection officer
You can contact the data protection officer of Paderborn University by post at the address of the controller given above or as follows:
E-mail: datenschutz(at)uni-paderborn(dot)de
Phone: 05251 / 60 - 4444
Web: https://www.uni-paderborn.de/datenschutz/
- Data category/ies, purpose/s and legal basis/s of the processing of your personal data.
A. Log data
With regard to the use of the websites and the associated collection of log data such as the website/address accessed, the date and time of access or the collection and storage of the IP address of users, we refer to the general data protection declaration for the Paderborn University website and the data protection declaration of Converia GmbH.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. e GDPR.
B. Use of cookies
Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
The conference registration page uses the following cookies:
|
Name of Cookies |
Purpose |
|
PHPSESSID |
Identification of a session |
|
Converia_SID |
Identification of a front end user |
Cookies are stored on the user's computer and transmitted by it to the web server. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. a GDPR.
C. Registration & use of the conference management software functions
In the conference management software, users are offered the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored.
Mandatory information may be requested during registration. These must be complete and correct. If this is not the case, the registration will be rejected.
The system includes a function that requires active confirmation of a data protection agreement before personal data is stored in the software.
A registration process is usually required for the following activities, among others:
- Registration as a participant in an event
- Submission of a scientific contribution to the system
- Review of scientific contributions
- Actions as speaker or chair of a session
- Use of the conference planner's favourites function
The following data is collected and stored as part of the registration process and use of the software functions:
- Access data (login name, password)
- Address data
- E-mail address
- Shopping basket data
- Billing information
- Information on submitted contributions
- Time and location planning data (conference schedule)
- Information on memberships
- Information on certificates (e.g. PhoQS-Member)
Payment processing by Secupay
Various payment options (e.g. invoice/bank transfer, credit card) are offered to process payments when participants register for an event. Sensitive payment information is not stored in the conference management system itself. For this purpose, specially certified payment service providers are used to process and store the data. Users are redirected directly to the pages of the respective providers. Further information on data protection can be found on the websites of the respective service providers.
The following data is collected as part of payment processing
- Selected payment method
- Invoice amount
- Amounts paid
- Billing data
User registration is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
As the access data including address data can be used for further events such as follow-up events, this data is generally removed from the system within 2 years of the last login.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
D. Photos and film recordings during the event
Photos and/or film recordings will be made during the event. The recordings are used exclusively for the purposes of reporting on the event and for public relations work and are published in print and online media of Paderborn University. Participants of the event have the right and the opportunity to inform the photographers at any time that they do not wish to be recorded or that their recordings should not be published. If specific photographs are to be taken of individual persons, the photographers will obtain verbal consent to take and use the photographs.
The legal basis for the processing of recordings is consent in accordance with Art. 6 para. 1 lit. a GDPR.
- Recipients of your personal data
Your personal data processed by Paderborn University as part of [QPS2026] will generally not be transferred to third parties, subject to the data processing described below. In individual cases, data may be transferred on the basis of legal permission, for example to law enforcement authorities for the investigation of criminal offences within the framework of the provisions of the Code of Criminal Procedure (StPO) or for the purpose of asserting claims for damages in the event of copyright infringements.
If (technical) service providers are given access to your personal data, this is done on the basis of a contract in accordance with Art. 28 GDPR.
Paderborn University has commissioned the company Converia GmbH to carry out participant administration and payment processing as a ‘ticketing partner’.
For data processing that takes place with other controllers, this is done, if necessary, on the basis of an agreement in accordance with Art. 26 GDPR. Within Paderborn University, only those departments and employees receive your personal data if they are authorised and need it to fulfil the above-mentioned purpose(s).
- Transfer of your personal data outside the EU
In principle, no personal data is transferred to countries outside the European Economic Area and associated countries (no ‘third country transfer’). Should this be necessary, Paderborn University will inform you separately.
You also need to know this if your recordings are made available on the Internet:
Paderborn University would like to draw your attention to the fact that when recordings are published on the Internet, this personal data can be accessed by anyone worldwide - including with the help of search engines (e.g. Google). In this way, personality profiles can be created by linking this data with other data available about you on the Internet. The data can also be used by third parties in this way for other purposes without Paderborn University having any influence on this. Archive functions of search engines (see e.g. www.archive.org) may still allow access to the data even if it has already been removed or changed from the above-mentioned university websites.
When using your personal data on the Internet, data may also be transferred to countries outside the EU and may be stored and used there for unknown purposes. It is possible that the data protection laws or regulations or their application in the recipient country have a lower level of protection than in the EU and that you cannot assert your rights there.
- Duration of the storage of your personal data
Your personal data processed by Paderborn University within the framework of [QPS2026] as described above will generally be deleted as soon as they are no longer required for the purposes for which they were collected.
If and insofar as the processing of your personal data is based on your consent, your data will only be stored until you revoke your consent, unless there is also another legal basis for the processing (Art. 17 para. 1 lit. b) GDPR).
- Rights of data subjects
As a data subject, you can assert the rights granted to you by the GDPR at any time; these are
- the right to information as to whether and which of your data is being processed in accordance with Art. 15 GDPR, § 12 DSG NRW;
- the right to request the rectification or completion of data concerning you in accordance with Art. 16 GDPR
- the right to erasure of data concerning you in accordance with Art. 17 GDPR,
10 DSG NRW;
- the right to restrict the processing of data concerning you in accordance with Art. 18 GDPR
- the right to data portability of the data concerning you in accordance with Art. 20
GDPR
- Objection to the processing of your personal data and revocability of your consent
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(1)(e) of the GDPR, in accordance with Article 21 of the GDPR. The right to object pursuant to Art. 21 GDPR vis-à-vis a public authority does not exist if there is a compelling public interest in the processing that outweighs the interests of the data subject or if a legal provision obliges the processing (§ 14 DSG NRW). If you would like to exercise your right to object in accordance with Art. 21 GDPR, simply send an email to
datenschutz@uni-paderborn.de.
Any consent given can be revoked in whole or in part at any time without giving reasons. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 (3) GDPR). As a result, Paderborn University may no longer continue the data processing based on this consent in the future. If you wish to withdraw your consent in whole or in part, simply send an email to datenschutz@uni-paderborn.de.
- Right to lodge a complaint
In addition to the rights mentioned above, you have the right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR) if you believe that the processing of personal data concerning you violates data protection requirements; for example, with the State Commissioner for
Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, telephone: 0211/38424-0, e-mail: poststelle@ldi.nrw.de
- Automated decision-making/profiling
There is no automated decision-making or profiling in accordance with Art. 22 GDPR.
- Validity of the privacy policy
Paderborn University reserves the right to amend this privacy policy in order to adapt it to changes in relevant laws or regulations or to better meet your needs. This privacy policy applies in the version last published by Paderborn University. Please therefore note the current version number of the privacy policy.