for the processing of data in the course of using our website and the processing of data when using our website
Basic information about data processing
As a website operator, we take the protection of your personal data very seriously. We process personal data collected during your membership and when you visit our website both confidentially and in compliance with applicable data protection regulations. We do not publish your data or provide your data to third parties without authorisation.
Where personal data is processed for a given procedure, a simple reference to a provision indicates the legal basis for the data processing.
I. Scope of data protection
Data protection covers personal data. Personal data means information relating to an identified or identifiable natural person.
Unless clear from this document or other circumstances, we are not able to identify you.
Where we obtain the consent of the data subject for processing operations on personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing of the personal data.
When processing personal data that is required for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR is the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Where processing of personal data is necessary for compliance with a legal obligation to which the Association is subject, Article 6(1)(c) GDPR is the legal basis.
If the vital interests of the data subject or another natural person make processing of personal data necessary, Article 6(1)(d) GDPR is the legal basis.
If processing is necessary to safeguard a legitimate interest of the Association or a third party and the interests, fundamental rights and freedoms of data subject do not override that legitimate interest, Article 6(1)(f) GDPR is the legal basis for processing.
The personal data of the data subject are deleted or blocked, as soon as the purpose of storage no longer applies. Data may also be stored if required by European or national law in regulations, laws or other rules under EU law, to which the data controller is subject. The data are also blocked or deleted when a retention period prescribed by the above laws expires, unless it is necessary to continue to store the data for the conclusion or performance of a contract.
II. Collection, use and storage of data when you visit our website II. – Our web server
I.1. Our web server
It is possible to use our website without providing personal data. Below we describe what data is collected during a visit to our website, the extent of processing and the purpose for which we use the data. Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (hereafter: GDPR) and the German Federal Data Protection Act (hereafter: BDSG).
If you use the website for information purposes only, i.e. if you do not register on our website or send information to us in any other way, we only collect the personal data that the browser on your device automatically transfers to our website server. This information is stored in a log file for a limited period of time. The following data that is required for technical purposes to display our website on your browser (legal basis for storage in this case is Article 6(1)(f) GDPR) is stored without any intervention by you, until it is deleted automatically:
– Date and time of your visit to our website
– The pages on our website that you have visited and how much time you have spent on each page
– Access status/HTTP status code
– The amount of data that has been transferred
– The web browser you were using
– Language and version of your browser software
– The operating system and interface you were using
– The domain name of your internet service provider
– The website from which you reached our website
The data collected when you visit our website is used for the following purposes:
– to establish a connection with the website;
– to ensure our website is convenient to use;
– to assess the security and stability of our systems;
– for other administrative purposes.
Use of your IP address:
When you visit our website, we receive your full IP address from your computer. We can only transfer the data for our website to you so that you can view the website if we have your IP address (Article 6(1)(b) and (f) GDPR). Your IP address has to be processed and temporarily stored by the system in order to send the website to your computer. Your IP address may need to be stored for the duration of the session for this purpose, and is then deleted. As you have requested the website, this is in our shared legitimate interest. Your full IP address is not stored except to transfer the data you have requested.
You do not have a right to object, as these operations are essential to operate the website. Please do not visit our website if you wish to object to this. Your personal data is only used for the stated purposes and to the extent required to achieve those purposes. We never use these data to obtain information about your identity.
We only provide personal data to government bodies and authorities in accordance with mandatory national law or if disclosure is necessary for legal proceedings or law enforcement in the event of attacks on our network infrastructure. Data is not disclosed to third parties for other purposes.
III. Third-party services
I.2. Role of the Google web server
I.2.a. General information about using Google services on our website
Our website uses plugins from Google, which are Google services. These services are operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access a page on our website that contains a Google plugin, your browser establishes a direct connection with the Google server. The content of the plugin is sent directly to your browser and integrated into the page. Integration of the plugin means that Google is informed that your browser has accessed the applicable page of our website, even if you do not have a Google user account or are not logged in. This information (including your IP address) is sent directly from your browser to the Google server, which may also be located in the USA (see details about Google Analytics below), and it must be assumed that the data is also stored on the server. These data processing operations are carried out pursuant to Article 6(1)(f) GDPR to maintain, improve and develop (new) Google services, to provide personalised services including content and ads from Google, to detect, prevent and combat fraud, abuse, security risks and technical problems at Google. Google describes the use of the data on the basis of legitimate interests as follows: The data is processed for such purposes as:
- Providing, maintaining, and improving our services to meet the needs of our users
- Developing new products and features that are useful for our users
- Understanding how people use our services to ensure and improve the performance of our services
- Customizing our services to provide you with a better user experience
- Marketing to inform users about our services
- Providing advertising to make many of our services freely available for users
- Detecting, preventing, or otherwise addressing fraud, abuse, security, or technical issues with our services
- Protecting against harm to the rights, property or safety of Google, our users, or the public as required or permitted by law
- Performing research that improves our services for our users and benefits the public
- Fulfilling obligations to our partners like developers and rights holders
- Enforcing legal claims, including investigation of potential violations of applicable Terms of Service
If you do not want Google to link the data collected on our website to your Google account, you must log out of Google before you visit our website.
I.2.b. Google Analytics
• Browser type/version
• Operating system used
• Referrer URL (the page you visited before our website)
• Time of the server request
is usually sent to a Google server in the United States and stored there. However, we only use Google Analytics with IP anonymisation. The IP address sent by your browser for Google Analytics is not combined with other Google data. We have also added the “anonymizeIP” code for Google Analytics on this website. This guarantees that your IP address is masked within the European Union or in other parties to the Agreement on the European Economic Area, so that your full IP address is only processed within the EU to exchange the data between your browser and Google, but your IP address is not transferred or stored outside the EU. All stored data is therefore anonymous. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Your IP address is processed briefly by Google to generate website statistics to serve our legitimate interest in improving our website.
Objecting to the collection of data
You can prevent cookies being saved by changing your browser settings to reject cookies. However, please note that, by doing so, you may not be able to use all the features of this website without limitations.
You can also prevent the data generated by the cookie about your use of the website (including your IP address) from being passed to Google and being processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can also reject the collectino of your data by Google Analytics by clicking on the following link: Disable Google Analytics. This will set an opt-out cookie, which prevents your data being collected on subsequent visits to our website.
For more information about data protection for Google Analytics, see the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en). Only authorised persons have access to this anonymised data.
Processing of data by a processor on our behalf
We have entered into a contract with Google to process data on our behalf and we fully apply the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics demographics
This website uses the Google Analytics “Demographics” feature. Demographics can be used to create reports that contain details of the age, gender and interests of visitors to our website. This data comes from interest-based advertising by Google and from user data provided by third-party providers. This data cannot be associated with a specific person. You can disable this feature at any time by changing the ad settings in your Google account or you can generally prevent your data being collected by Google Analytics by following the procedure descirbed under “Objecting to the collection of data”.
I.2.c. Google reCAPTCHA
The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We use the Google reCAPTCHA service (hereafter “reCAPTCHA”) for forms to check whether an actual person, such as you as a visitor, or undesirable automated hacking software is attempting to use the form. This is for the purpose of IT security and we have a legitimate interest in maintaining our services and preventing incorrect information in our databases (Article 6(1)(b) and (f) GDPR).
We are not informed by Google what reCATPCHA you will see, but Google does send us a message indicating whether the reCATPCHA was likely solved by an actual person.
Google uses the information that you provide in order to solve the reCAPTCHA – which is not personal data – to improve its image analysis algorithms. reCAPTCHA analyses the behaviour of the website visitors on the basis of various characteristics for this purpose. This analysis starts automatically, as soon as the website visitor accesses the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, how long the visitor has been on the website and the mouse movements made by the user). The data collected during analysis is forwarded to Google.
https://www.google.com/intl/en/policies/privacy/ und https://www.google.com/recaptcha/intro/android.html.
IV. Cookies when you visit our website
We divide cookies into the following categories:
Type A – Essential cookies
These cookies are required for websites and their features to work properly. It is not possible to provide the user-specific features described below without these cookies.
Type B – Functional cookes
These cookies makes it possible to improve the user experience and performance of websites and to provide various features. For example, information to identify your shopping cart or your comparison list can be stored in functional cookies.
Type C – Performance cookies
Type D – Opt-out cookies
Opt-out cookies are cookies created by websites in your browser folder to block the website from creating more cookies in the future. The opt-out cookie tells the website not to install third-party cookies or other cookies on your browser or adserver. This keeps third-party ad providers from tracking your preferred sites, if you visit multiple sites within their network. It is essentially a declaration that you do not want to be confronted with targeted advertising or profiling or otherwise have any of your actions tracked. We have to set an opt-out cookie, as we have no other way of recognising you again in the future. This is necessary for technical reasons in order to implement your objection. Opt-out cookies are site-specific. You can only block cookies from specific servers and cookies from other servers are not blocked. This means that they are not a general tool to block cookies from the websites you visit.
Google Analytics, as used by us, sets the following cookies:
Description of the purpose of the cookie
Expiration time – how long the cookie is stored
Typical values, if possible
Specific ways to object
Used to distinguish users
Article 6(1)(f) GDPR
See above under the section on Google Analytics
Used to distinguish users
Article 6(1)(f) GDPR
See above under the section on Google Analytics
Used to throttle request rate
Article 6(1)(f) GDPR
See above under the section on Google Analytics
Used to disable Google Analytics
Article 6(1)(f) GDPR
See above under the section on Google Analytics
We also distinguish between the following types of cookies we use, the scope and function of which are described below:
– Transient Cookies (see a)
– Persisent Cookies (see b).
a) Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. Session cookies store a session ID, which is associated with the various requests made by your browser in the same session. This means that we can recognise your computer when you return to the website. Session cookies are deleted when you log out or when you close your browser.
b) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time via your browser’s security settings.
Most browsers accept cookies automatically. You can configure your browser settings according to your preferences and reject e.g. third-party cookies or all cookies on your device by selecting the appropriate browser settings. You can delete cookies that have already been created on your device at any time. For the most common PC/notebook browsers, see the following links for the steps to follow:
MOZILLA FIREFOX, Link: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
GOOGLE CHROME, Link: https://support.google.com/accounts/answer/61416?hl=en
MICROSOFT INTERNET EXPLORER, Link: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-11
APPLE SAFARI, Link: https://support.apple.com/kb/PH19214?locale=en_GB
See the manual for your browser or from your device manufacturer for information about how deleting cookies works on your device.
Please note that you may not be able to use all the features of this website if you disable cookies.
Use of external links
Our webpages may contain links to third-party websites − operated by providers who are not associated with us. These include e.g. forwarding links for social networks such as Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA), Twitter, Google+, Youtube, LinkedIN, Xing, and Viadeo. You can identify links on our website from the applicable logo. Once you click on the link, we have no more influence over the collection, storage or processing of any personal data transferred to the third party by clicking on the link (such as the IP address or URL of the page with the link), because we naturally have no control over the actions of third parties. We cannot accept any responsibility for the processing of such personal data by third parties.
VI. Contact form
When you use the contact form, the information you enter is sent to us and stored. We use the information collected in this way exclusively to communicate and reply to your request and, if the request relates to a contract or a contract comes about following contact, we also use this information to initiate and manage the contract (Article 6(1)(a), (b) and (f) GDPR). If you are already one of our members or become a member in the future, we may collect, store, modify and transfer the data to establish, perform or end the contract without requiring your consent (Article 6(1)(b) GDPR) and as long as we are permitted to do so by law. In other cases, i.e. while there is still no contract, we do not store your data for longer than 4 weeks and you have a right to object to the processing of the data transferred to us with your consent via the contact form, with effect for the future. You can exercise your right to object by sending a message, using the contact details in our Legal Notice. If you want to contact us by email, please note that the content of unencrypted emails can be viewed by third parties. We therefore recommend sending confidential information in encrypted format or by post.
VII. Login area
We process and store email addresses and passwords so that our members can use the login area. The data are not deleted. Members have access for the duration of membership. After membership has ended, the login data are deleted.
The data are processed and stored to ensure access to member information is limited, via technical measures (Article 6(1)(b) GDPR).
VIII. SSL or TLS encryption
For security reasons and to protect the transfer of confidential content, such as queries that you send to us as the site operator, our website uses SSL (Secure Sockets Layer) or TLS encryption in combination with the highest level of encryption supported by your browser. This is normally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise an encrypted connection by the fact that the address in the address bar of your browser (Firefox, Google Chrome etc.) changes from “http://” to “https://” and from the lock icon in the address bar. If SSL or TLS encryption is enabled, the data you transfer to us is protected and cannot be read by third parties.
We have taken both technical and organisational measures to ensure that protection is as comprehensive as possible. However, please note that data transferred over the internet (e.g. when communicating by email) is never completely secure, so that we cannot guarantee that your data is completely protected from access by third parties. For this reason, you can also send us your personal data by other methods, such as phone or post. It is also your responsibility to check that the personal data we hold about you is accurate and up-to-date.
IX. Web hosting
X. Registration for seminars and workshops
You can register on our website to take part in a seminar or workshop. For this purpose, we require the following personal data:
– First name and last name
– Email address
– Phone number
– If applicable, company name or name of practice
By registering for one of our seminars, you consent to the above personal data being processed.
XI. Your rights to access, rectification, blocking, erasure, completion, restriction and data portability
As data subject, you have various rights relating to the personal data processed by the Association. We provide information about these rights below:
You will receive access to the personal data concerning you that we store free of charge without stating any reasons. Your legal rights include the right to have data concerning you that we store blocked, rectified or deleted. You also have the right to have incomplete data completed and, in the cases provided for by law, to request that the processing of your data is restricted. You then also have the right to data portability, where we have specified Article 6(1)(a) or (b) GDPR in this Policy as the legal basis for data processing and the processing is carried out by automated means.
Your specific rights are as follows:
1. Right of access
You have the right to request confirmation as to whether or not we are processing personal data concerning you.
If such processing is taking place, you may request the following information from the data controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed in the future;
(4) the planned duration of storage of the personal data concerning you or, if specific details cannot be provided in this regard, the criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of the personal data concerning you, of a right to restriction of the processing by the data controllers or of a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data, if the persona data has not been collected from the data subject;
(8) the existence of any automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether or not your personal data will be transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
1. Right to rectification
You have a right to rectification and/or completion of your data by the data controller, if the processed personal data concerning you is incorrect or incomplete. The data controller must carry out rectification immediately.
2. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you, where one of the following applies:
(1) you dispute the accuracy of your personal data for a period which enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you request restriction of use of the personal data rather than erasure;
(3) the data controller no longer needs the personal data for the purposes of the processing, but needs them in order to assert, exercise or defend legal claims; or
(4) you have objected to the processing pursuant to Article 21(1) GDPR and is has not yet been determined whether the data controller’s legitimate interests override your reasons.
Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted under the above conditions, you shall be informed by the controller before the restriction of processing is lifted.
3. Right to erasure
a) Obligation to erase data
You have the right to request from the controller that your personal data are erased without undue delay and the controller has the obligation to erase such personal data without undue delay where one of the following grounds applies:
(1) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
a) Transfer of personal data to third parties
Where the controller has made your personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
4. Right to be informed
If you have exercised your right for the controller to rectify, erase or restrict the processing of your data, the controller must communicate such rectification or erasure of the data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.
5. Right to data portability
You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right for those data to be transmitted to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or a contract pursuant to Article 6(1)(b) GDPR and (2) the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. General information about your right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.
8. Right to withdraw consent under data protection law
You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
(3) is based on your explicit consent.
However, such decisions must not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard yours rights and freedoms and your legitimate interests are in place.
In the cases under (1) and (3), the data controller implements suitable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
XII. Links to websites of other providers
Our webpages may contain links to third-party websites − operated by third parties not associated with us, e.g. forwarding links for social networks such as Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA), Twitter, Google+, Youtube, LinkedIN, Xing, and Viadeo. You can identify links on our website from the applicable logo. Once you click on the link, we have no more influence over the collection, storage or processing of any personal data transferred to the third party by clicking on the link (such as the IP address or URL of the page with the link), because we naturally have no control over the actions of third parties. We cannot accept any responsibility for the processing of such personal data by third parties.
XIII. Data protection officer, complaints, data controller
You can contact the supervisory authority with complaints relating to data protection. Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
We are the data controller, i.e. we are the operator of this website, as per the Legal Notice.
If you have further questions about data protection and how we process your personal data, you are welcome to contact us at any time. Please note that data protection regulations and approaches to data processing may change at any time. It is therefore advisable to stay up-to-date with changes to the law and data protection in practice.