1. Controller’s name and contact information
The data controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is the
European Foundation for the Study of Diabetes
Rheindorfer Weg 3
Tel: +49 211 758 469 0
Fax: +49 211 758 469 29
If you have any questions about our data processing activities, please write to us at the aforementioned postal address, with the addition "Data protection" or at the e-mail address provided. Our data protection officer can be reached via firstname.lastname@example.org or by letter to our postal address c/o “Data protection officer”. The relevant contact data can be found in the imprint.
2. Processing of personal data / legal basis
2.1 Data processing for the provision of contractual services
We process personal data in order to process the contractual relationships and to be able to submit contractual offers tailored to your requirements. The collection of the data takes place in particular for the conclusion and/or for the performance of a contract.
We collect with all forms obligatorily only those personal data, which are absolutely necessary for the completion of the contractual relations and/or for your information inquiry. The collection of data, which is not absolutely necessary, but in which we are interested in order to optimise the fulfilment of the purpose, is only optional. In this case you decide on a voluntary basis if and which data you want to give us.
For orders or your application we may need your correct name, address and payment data. We ask for your e-mail address and telephone number so that we can communicate with you in the event of questions or problems regarding the service you have commissioned.
2.1.1 Requesting services, registering for events or applying for membership
If you are interested in becoming a member of our association, would like to know more about the events or other services we offer and/or would like to register with us, please allow us to collect and process the following information volunteered by you:
- (academic) title, first name, surname
- a valid email address
- address (home address or that of a company you mention)
- phone number (fixed line and/or mobile communication)
- fax number
- information necessary for the processing of your request and to enable conclusion of a contract, including payment and bank details
- photos you submit to us, place in your member area or have processed for publication on the homepage or in print media.
The processing of this data occurs
- to allow you to be identified as a (potential) customer or (potential) member
- for correspondence with you
- to examine your request or process your query / contract
- for invoicing / settlement of bills
- to enforce any claims against you or to defend against any claims made against us
- for the production of ID cards/permits
- for the compilation of attendance lists for events and attendance confirmation
- for the display of task areas on our homepage when taking on positions or duties
- reports in or about publications / about award ceremonies
- announcement of speakers at events, if need be along with CVs on the homepage and/or in print media
- arrangement of groups (e.g. study groups) and transfer of personal data for exchange in this group
- for further customer care and promotional approach for one’s own similar products/events.
If you wish to register for our events or join us as a member, you will have to submit your personal data to conclude the contract so that we can process your registration. For the conclusion of contracts, necessary mandatory particulars are marked separately; other particulars are voluntary.
The previously described data processing occurs on your request and is necessary for the aforementioned purposes to process your request and/or for the mutual fulfilment of obligations from previous or existing contractual relationships. The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.1.2 MyEASD account
We operate the online portal www.easd.org/myeasd/home.html#home (hereinafter referred to as „MyEASD Portal"). Our MyEASD Portal offers you the possibility to view and manage the correspondence data concerning your MyEASD account at any time. If you wish to use our MyEASD portal or if this is for example the prerequisite for registration for our events and special services, you will be obliged to register with your email address, your name and a password of your choice. The submission of the aforementioned data is obligatory, whereas all other information can be provided voluntarily when you use our portal.
The data in the portal can be viewed, edited and deleted using your login credentials. In case you have forgotten your password for the customer portal, you will find the link "Forgot password" on the login page. Via our MyEASD portal, you are able to apply for or extend your membership, register for events, submit abstracts to our annual congress, take part in further education measures where, in particular, e-learning opportunities can be availed of, or you can also act and interact in virtual rooms.
Personal data is only processed within the scope of using the portal in order to be able to offer you the portal and the associated services. The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.1.3 Payments within the framework of contracts with us
Insofar as payment is required within the framework of contract processing, we may transfer your payment data to our main bank or to the payment service provider we have commissioned. Our payment service provider is based in Switzerland. In accordance with the European Commission’s decision of 26 July 2000 (OJ EC 2000 L 215, 1), Switzerland has an adequate standard of data protection. This decision shall also remain in force until further notice following inception of the GDPR (Art. 45 para. 9 GDPR). The service provider was carefully chosen by us, was commissioned in writing, and is bound by our instructions. He is regularly monitored by us. The service provider shall not disclose your (payment) data to third parties, except where necessary for implementation of payment, and shall instead erase the latter after conclusion of contract and at the end of mandatory retention periods, except where you have consented to further storage. Your (payment) data shall be transferred to the corresponding payment service provider according to your chosen means of payment. The payment service provider carries responsibility for your (payment) data. Information, in particular concerning the payment service provider’s responsible authority, the contact details of the payment service provider’s data protection officer, and the categories of personal data processed by the payment service providers can be found at the Internet address https://www.six-payment-services.com/en/home.html. We ourselves merely receive notice that a payment has been made; your bank data is not transferred to us by the service provider.
The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
2.1.4 Data processing for communication with you (contact form, etc.)
In addition to the contract data, we process your communication data (address, telephone number, e-mail address) in order to be able to contact you. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.
The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
With your consent, you can subscribe to our newsletter, with which we inform you about the requested information. The respective content of a newsletter is explained in the respective declaration of consent. If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have entered. If you do not confirm your registration, your information will be blocked and automatically deleted after one month.
Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration for the newsletter and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. As far as we use an order processor for the dispatch of the newsletter, we adhere to the applicable data protection laws.
Data processing takes place on the basis of your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time and cancel the respective subscription. You can declare your revocation by clicking on the link provided in every e-mail or by sending us a message via the contact details mentioned under section 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
We use so-called cookies on some of our websites, among other things to be able to offer you website-specific services, to recognize you when you visit our website again, and/or to adapt our offer to your personal preferences.
Cookies are small text files that are stored on a visitor's computer and contain data on the respective user in order to enable access to various functions. Cookies are unable to run programmes or transfer viruses to your computer. Their general purpose is to make the internet service more user-friendly and effective. For example, we apply cookies in order to identify you on further visits when you have an account with us. Failing this, you would have to login anew every time you visited us.
Cookies are stored onto your computer/terminal and transmitted from here to our website. Consequently, as a user you have full control over the application of cookies. By changing the settings in your internet browser, you can deactivate or limit the transfer of cookies and, for example, refuse to allow third-party cookies or cookies in general. However, if you deactivate cookies for our website, you may not be able to use the site’s features to the full. Via your browser, you can also, at any time, delete all cookies which have so far been stored. For more details, please check your browser’s help functions. Please bear in mind that certain functions may in this case no longer be available. Furthermore, the following website can assist you in managing and deactivating third party cookies: http://www.youronlinechoices.com/uk/your-ad-choices. Since we do not operate this website, we assume no liability for it and have no influence over content and availability. This website specifically uses the following types of cookies, the scope and functionality of which are transient cookies (see a) and/or persistent cookies (see b).
- Transient cookies are erased automatically, as soon as you close your browser. This applies in particular to the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to a common session. In this way, your computer terminal can be identified when you return to our website. As soon as you log out or close your browser, the session cookies are deleted.
We use necessary cookies, which are required to enable the performance of the services we are obliged to provide. The data processing in this respect is then based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
We may obtain your consent for the use of other, unnecessary cookies. The data processing is then carried out on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.
2.4 Tracking with Matomo
On some of our websites we may use web analysis software Matomo to analyse the use of the respective website and/or to track user-specific behaviour, if this is necessary to provide our services. The relevant data processing for the provision of the contractual service is outlined in section 2.1. In contrast to other statistics programs, no data is transmitted to an external server by the software we use. The relevant software is installed on one of our servers located in the EU. Our tracking software may collect the following data, which may give information about which functions of the respective website are frequently used and where misunderstandings may occur:
- Country, state, city
- Time of the page call
- the browser used, including the browser version, browser language and the installed plugins
- the operating system of the user
- the screen resolution of the user
- the date of the first visit
- the time of the last visit
- a randomly generated unique user ID
- the loading time of the visited page
- the number of actions per visit
- the page title of the visited page
- the URL of the visited page
- the length of stay per visit
- Functions used during the visit
Statistics on user behaviour are then based on this data. These include, for example, overviews of the actions per visit, e.g. whether data exports were carried out or counter readings were entered.
We use tracking technologies that are necessary to enable us to perform the services we are obliged to provide. The data processing in this respect is then based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. In addition, we may, under certain circumstances, obtain your consent for the use of tracking while processing personal data. The data processing will then be based on your consent in accordance with Art. 6 para. 1 s. 1 lit. b GDPR. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation. In addition, we use anonymous tracking on some of our websites.
2.5 Google Web Fonts
On some of our websites, we use so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google") for the consistent display of fonts. When you view one of these pages, your browser loads the required web fonts into your browser cache to display text and fonts correctly. To do this, the browser you are using must connect to Google's servers. This enables Google to know that this website has been accessed via your IP address.
Important in the context of data processing in the US: The European Court of Justice considers that the standard of data protection in the US is insufficient and that there is a risk that your data may be processed by US authorities, for control and monitoring purposes and possibly without any possibility of legal recourse.
The aforementioned data processing may be carried out on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR in conjunction with Art. 49 para. 1 S.1 lit. a GDPR. You can revoke your consent at any time. An informal notification to us is sufficient for this purpose. The legality of the data processing that has already taken place remains unaffected by the revocation.
2.6 Data processing for applications
We regularly receive applications and queries concerning the possibility of participating in work placement or (auxiliary) activities via our websites and the displayed contact data. If you send us applications, we process the personal data which we receive from you within the scope of the application process or the employment contract. Relevant data are e.g. Master data (name and address), CVs, contact data (telephone, fax, e-mail) and other data such as bank details, date of birth, age, marital status, denomination, health insurance fund, pension insurance institution, social security number, tax number, tax identification number and tax class, which are necessary for processing the payroll accounting.
In the case of applicants who are minors, we also record the personal data of the legal guardians, in particular name, address and, if applicable, the consent to enter into the contract with us and obtain any necessary consent.
If we are unable to offer you a job, you turn down a job offer, withdraw your application, revoke your consent to data processing or demand that we erase the data, the data and documents submitted by you, including any possible remaining physical records, shall be stored or retained for a maximum of four months after conclusion of the application procedure (retention period). Provided you have consented to further storage of your personal data, we shall add your data to our pool of applicants.
Within the scope of the employment relationship, we may request information as to whether there is a severe disability in order to be able to safeguard corresponding rights in accordance with the German Social Code IX, as well as to be able to calculate any compensation levy in accordance with S. 160 Social Code IX. An answer to this question is only required after a period of employment of six months, before that the answer is voluntary. We may ask for information on marital status and parental status in order to calculate social security contributions and to determine whether a contribution supplement to nursing care insurance is to be paid in accordance with S. 55 para. 3 Social Code XI. If it is necessary to check the legality of the employment, we may ask for a work permit or permission to work. Within the scope of the employment relationship, we process further personal data, including data on periods of illness, absences (vacation, special leave, sabbatical, etc.) or working hours. We keep a personnel file in which we store all central information required for the employment relationship.
We may process the aforementioned personal data for the purpose of establishing, implementing and terminating an employment contract or application process. The basis for data processing is Art. 88 para. 1 GDPR, S. 26 para. 1 BDSG (new), which allows the processing of data for the fulfilment of a contract or pre-contractual measures.
2.7 Data processing to protect legitimate interests
We may process your data if it is necessary to protect the legitimate interests of us or third parties. This may be the case in particular to ensure IT security and IT operation, in particular also for support enquiries, to be able to understand and prove facts in the event of legal disputes, for market and opinion surveys, to statistically evaluate the use of our website. Furthermore, we may use your e-mail address for recommendations if you have already ordered something from us. In this way, we want to send you information that might interest you based on your last orders from us. In doing so, we comply strictly with the legal requirements. If you no longer wish to receive product recommendations or promotional messages from us, you can object to this at any time. A message in text form to the contact data mentioned under section 1 (e.g. e-mail, fax, letter) is sufficient for this purpose.
The basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.8 Data processing for marketing purposes
In the event of the use of your data for advertising purposes for us or for our cooperation partners, we may obtain your consent.
The data processing is then carried out on the basis of your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can revoke your consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.9 Other data processing based on your consent
It may also happen that we ask for your consent to process personal data. Any granting of consent and the relevant data processing is voluntary and you will not suffer any disadvantages if you do not consent.
The data processing is then carried out on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. An informal notification to us is sufficient for this purpose. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.10 Log files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address. These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.11 Use of data for fraud prevention purposes
The data you provide when placing an order can be used by us to check whether an atypical order process is present.
In principle, we have a legitimate interest in carrying out such an inspection. The processing of the data is based on the legal basis in Art. 6 para. 1 lit. f GDPR.
2.12 Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations).
The basis for data processing is Art. 6 para. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.
2.13 Automated decision-making in specific cases, including profiling
Automated decision-making including profiling does not regularly take place with us.
3. Categories of recipients of personal data
Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data.
Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract.
In the case of cooperations in which we merely act as intermediaries, your personal data will only be passed on to the cooperation partner if this is necessary for the purpose of concluding the contract and processing the contract for the cooperation partner. Both the cooperation partner and we are obliged to observe the data protection regulations within the framework of the cooperation. This obligation shall continue to apply even after termination of the respective contract.
Service providers who support us in providing our services to you are Congress and Event Management service providers, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, hosting providers and e-mail service providers.
4. Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
5. Data Security
Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.
6. Rights of data subjects
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in clause 1. You may also have a right to restrict the processing of your data and a right to have the data provided by you released in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. In addition, you have the possibility of contacting a data protection supervisory authority (right of appeal).