Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:

Valentum Kommunikation GmbH
Bischof-von-Henle-Str. 2b
93051 Regensburg
Germany
Phone: +49 941 591896 85

Name and Address of the Data Protection Officer

The data protection officer of the controller is:

Franziska Otto
Valentum Kommunikation GmbH
Bischof-von-Henle-Str. 2b
93051 Regensburg
Germany

General Information on Data Processing

1. Scope of Processing Personal Data

We generally process personal data of our users only to the extent necessary for providing a functional website and our content and services. The processing of our users' personal data is generally carried out only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.

2. Legal Basis for the Processing of Personal Data

Where we obtain the data subject's consent for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Where processing personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In cases where the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject, then Article 6(1)(f) GDPR serves as the legal basis for the processing.

3. Data Erasure and Storage Period

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

Information on Data Processing

This website uses the conference management software Converia, which is provided by Converia GmbH. Converia GmbH hosts the software and provides the organizer with additional services such as software maintenance and support. Therefore, in the course of these activities, Converia GmbH may come into contact with personal data stored in the software and is thus considered a data processor.

A data processing agreement pursuant to Article 28 GDPR has been concluded with Converia GmbH. (For company details, see the section "List of Data Processors" at the end).

Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's internet service provider
  • The user's IP address
  • Date and time of access

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. The data also helps us to optimize the website and to ensure the security of our IT systems. The data is not used for marketing purposes.

4. Duration of Storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended.

In the case of data stored in log files, this is the case after a maximum of ten days. Further storage is possible. In this case, users' IP addresses are deleted or anonymized so that it is no longer possible to identify the requesting client.

Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

We categorize cookies as follows:

Necessary Cookies (Type 1)

These cookies are essential for websites and their functions to work properly. Without these cookies, services such as participant registration cannot be provided.

Functional Cookies (Type 2)

These cookies enable us to improve the user experience and performance of websites and provide various functions. For example, language preferences can be stored in functional cookies.

Performance Cookies (Type 3)

These cookies collect information about how you use websites. Performance cookies help us, for example, to identify particularly popular areas of our website. This allows us to tailor the content of our websites more specifically to your needs and thus improve our services for you. The information collected with these cookies is not personally identifiable. You can find more information about the collection and analysis of this information in the section "Analysis of Usage Data."

2. Legal Basis for Data Processing

The legal basis for the use of technically necessary cookies is Art. 6(1)(f) GDPR in conjunction with § 25(2) TTDSG. The legal basis for the use of non-essential cookies is the user's consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL or TLS encryption. This ensures that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the https:// in your browser’s address bar and the padlock symbol in the browser bar.

3. Purpose of Data Processing

We use the following cookies on our website:

Cookie Name

Purpose

Type

PHPSESSID

User session identification

1

Converia_SID

User identification

1

4. Storage Period, Right to Object and Erasure

Cookies are stored on the user's computer and transmitted from there to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all of the website's functions.

Registration & Use of the Conference Management Software Functions

1. Description and Scope of Data Processing

The conference management software offers users the option to register by providing personal data. The data is entered into an input form, transmitted to us, and stored.

Mandatory information may be requested during registration. This information must be provided completely and correctly. If this is not the case, the registration will be rejected.

The system includes a function that requires users to actively confirm a data privacy agreement before their personal data is stored in the software.

A registration process is generally required for the following activities, among others:

  • Registering as a participant in an event
  • Submitting a scientific contribution to the system
  • Reviewing scientific contributions
  • Acting as a speaker or session chair
  • Using the favorites function of the conference planner

The following data is collected and stored as part of the registration process and the use of the software's functions:

  • Access data (username, password)
  • Address data
  • Email address
  • Shopping cart data
  • Billing information
  • Information on submitted contributions
  • Scheduling and location data (conference schedule)
  • Membership information
  • Information on supporting documents

Payment processing:

Various payment options are offered for processing payments when registering as a participant for an event (e.g., invoice/bank transfer, credit card, Google Pay, Apple Pay). Sensitive payment information is not stored in the conference management system itself. Specially certified payment service providers are used for this purpose, who handle the data processing and storage. Further information on data protection can be found on the websites of the respective service providers.

The following data is collected during payment processing:

  • Selected payment method
  • Invoice amount
  • Amounts paid
  • Billing information

Additional information on the payment service providers can also be found at the end of this privacy policy under "Data Protection Information".

2. Legal Basis for Data Processing

The legal basis for processing data is Article 6(1)(a) GDPR if the user has given their consent.

If registration is necessary for the performance of a contract to which the user is a party or in order to take steps at the request of the user prior to entering into a contract, the additional legal basis for processing the data is Article 6(1)(b) GDPR.

3. Purpose of Data Processing

User registration is necessary for the performance of a contract with the user or in order to take steps at the request of the user prior to entering into a contract.

4. Storage Period

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

This is the case for data collected during the registration process for the performance of a contract or in order to take steps at the request of the user prior to entering into a contract when the data is no longer required for the performance of the contract. Even after the contract has been concluded, it may be necessary to store the personal data of the contracting party in order to comply with contractual or legal obligations.

Since login credentials, including address data, can be used for future events, such as follow-up events, this data is generally removed from the system within two years of the last login.

5. Right to Object and Erasure

As a user, you have the right to cancel your registration at any time. You can also have your stored data modified at any time.

Please contact the data controller by email or telephone (see information above).

If the data is required for the performance of a contract or for taking steps prior to entering into a contract, premature deletion of the data is only possible if no contractual or legal obligations prevent such deletion.

Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights against the controller:

1. Right of Access

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can request the following information from the controller:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

(4) the planned duration for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that storage period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) all available information about the source of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

Under the following conditions, you may request the restriction of processing of your personal data:

(1) if you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;

(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) if the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims; or

(4) if you have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, this data may – apart from being stored – only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been imposed under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You have the right to request that the controller erase your personal data without undue delay, and the controller is obligated to erase such data without undue delay where one of the following grounds applies:

(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) Your personal data was collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

b) Information to third parties

If the controller has made your personal data public and is obliged to erase it pursuant to Article 17(1) GDPR, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure of all links to, copies of, or replications of that personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of ​​public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of this processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right to Information

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obligated to inform all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of other persons must not be adversely affected by this. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 7. Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. You have the option, in connection with the use of information society services—notwithstanding Directive 2002/58/EC—to exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent under data protection law

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

List of Data Processors

Converia GmbH
Kaufstr. 2-4
99423 Weimar
 

Type of processing:

  • Hosting and operation of the Converia conference management software
  • Maintenance and support

Data Protection Information

For processing payments, we use the payment service provider secupay AG, Goethestraße 6, 01896 Pulsnitz, Germany. secupay AG is a payment institution authorized by the German Federal Financial Supervisory Authority (BaFin).

Secupay acts under its own data protection responsibility (Section 1 Paragraph 1 Sentence 2 No. 6 of the German Payment Services Supervision Act (ZAG) in conjunction with Article 6 Paragraph 1 Letters b, c and f of the GDPR) and processes your personal data exclusively for the execution and processing of the respective payment transaction.

The following data is processed during the payment process:

  • Payment information (e.g., IBAN, credit card number, security code, payment amount)
  • Transaction data (e.g., time, reference number, purpose of payment)
  • Contact details (e.g., name, address, email address)

Data processing is carried out for the purpose of secure and reliable payment processing and to fulfill legal obligations regarding fraud prevention, anti-money laundering, and record-keeping requirements.

Legal basis for processing:

  • Art. 6 para. 1 lit. b GDPR (performance of a contract),
  • Art. 6 para. 1 lit. c GDPR (legal obligation),
  • Art. 6 para. 1 lit. f GDPR (legitimate interest in secure payment processing).

Data is transferred exclusively to the recipients necessary for payment processing, in particular banks, credit institutions, and, where applicable, commissioned IT service providers.

Data is stored only as long as necessary for the processing purpose. Secupay deletes or anonymizes your data in accordance with legal requirements after the processing purpose has ceased to exist.