You are here

Privacy Policy

We, the European Foundation for the Study of Diabetes (EFSD) are pleased that you are interested in our online presence and service. We treat your personal data confidentially and in accordance with the legal regulations of the relevant data protection laws, in particular the EU General Data Protection Regulation (GDPR) as well as this privacy policy.

This privacy policy serves to explain to you what information and personal data we process when you visit our website and use our digital services on PCs, smartphones, tablets and all other Internet-enabled mobile devices.

The digital services may contain links to other third party service provider websites that are not covered by this privacy policy.

1. Controller’s name and contact information

The data controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is the

European Foundation for the Study of Diabetes

Rheindorfer Weg 3
40591 Düsseldorf
Germany

Tel: +49 211 758 469 0
Fax: +49 211 758 469 29
Email: foundation@easd.org

If you have any questions about our data processing activities, please write to us at the aforementioned postal address, with the addition "Data protection" or at the e-mail address provided. Our data protection officer can be reached via datenschutz@easd.org or by letter to our postal address c/o “Data protection officer”. The relevant contact data can be found in the imprint.

2. Log files

Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called “server log files”. The stored data records are technically necessary to display the websites to you and contain the following data:

  • Browser type and browser version,
  • operating system used,
  • referrer URL,
  • time of server request,
  • shortened IP address.

These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.

The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3. Processing of personal data / legal basis

3.1. Data processing for the provision of contractual services

We process personal data in order to process the contractual relationships and to be able to submit contractual offers tailored to your requirements. The collection of the data takes place in particular for the conclusion and/or for the performance of a contract.

We collect with all forms obligatorily only those personal data, which are absolutely necessary for the completion of the contractual relations and/or for your information inquiry. The collection of data, which is not absolutely necessary, but in which we are interested in order to optimise the fulfilment of the purpose, is only optional. In this case you decide on a voluntary basis if and which data you want to give us.

For orders or your registration we may need your correct name, address and payment data. We ask for your e-mail address and telephone number so that we can communicate with you in the event of questions or problems regarding the service you have commissioned.

3.1.1. Requesting services, registering for events or applying for membership or an EFSD grant or fellowship

If you are interested in becoming a member of our association, would like to know more about the events or other services we offer and/or would like to register with us or apply to an EFSD grant or fellowship, please allow us to collect and process the following information provided by you:

  • (academic) title, first name, surname,
  • a valid email address,
  • address (home address or that of a company you mention),
  • phone number (fixed line and/or mobile communication),
  • fax number,
  • information necessary for the processing of your request and to enable conclusion of a contract, including payment and bank details,
  • photos you submit to us, place in your member area or have processed for publication on the homepage or in print media.

The processing of this data occurs

  • to allow you to be identified as a (potential) customer or (potential) member,
  • for correspondence with you,
  • to examine your request or process your query/contract,
  • for invoicing/settlement of bills,
  • to enforce any claims against you or to defend against any claims made against us,
  • for the production of ID cards/permits,
  • for the compilation of attendance lists for events and attendance confirmation,
  • for the display of task areas on our homepage when taking on positions or duties,
  • reports in or about publications/about award ceremonies,
  • announcement of speakers at events, if needed along with CVs on the homepage and/or in print media,
  • arrangement of groups (e.g., Study Groups, EASD Academy) and transfer of personal data for exchange in this group,
  • for further customer care and promotional approach for one’s own similar products/events.

If you wish to register for our events or join us as a member, you will have to submit your personal data to conclude the contract so that we can process your registration. If you wish to apply for an EFSD grant or fellowship and receive funding after the review process, you will have to submit your personal data for pre-contractual measures and/or to conclude the contract so that we can process your application as well as the further funding procedure. For the conclusion of contracts, necessary mandatory particulars are marked separately; other particulars are voluntary.

The previously described data processing occurs on your request and is necessary for the aforementioned purposes to process your request and/or for the mutual fulfilment of obligations from previous or existing contractual relationships. The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

3.1.2. MyEASD account

We operate an online portal called MyEASD (hereinafter referred to as „MyEASD Portal"). Our MyEASD Portal offers you the possibility to view and manage the correspondence data concerning your MyEASD account at any time. If you wish to use our MyEASD portal or if this is for example the prerequisite for registration for our events and special services, you will be obliged to register with your email address, your name and a password of your choice. The submission of the aforementioned data is obligatory, whereas all other information can be provided voluntarily when you use our portal.

The data in the portal can be viewed, edited and deleted using your login credentials. In case you have forgotten your password for the customer portal, you will find the link "Forgot password" on the login page. Via our MyEASD portal, you are able to apply for or extend your membership, register for events, submit abstracts to our annual congress, take part in further education measures where, in particular, e-learning opportunities can be availed of, or you can also act and interact in virtual rooms.

Personal data is only processed within the scope of using the portal in order to be able to offer you the portal and the associated services. The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

3.1.3. Annual Meeting website

When using the EASD Annual Meeting website and register to receive access to the Annual Meeting and the services, we process the personal data you provide for this purpose. In order to fulfil our registration contract and to offer you the services lined out in our Terms and Conditions for the Annual Meeting, e.g., the Scientific Programme with personalised services and interactive features as well as certificates, we require the following data to allow you to view it and to receive such services:

  • IP address/s,
  • country and region,
  • MAC address/s,
  • device ID/s,
  • hard and soft keyboard events in public areas,
  • device specification,
  • full name,
  • registration information,
  • EASD membership status,
  • creatives (images, etc.),
  • behavioural data like login date and time as well as duration on the platform,
  • sessions and/or presentations viewed (live and on-demand),
  • viewing duration,
  • interaction in mass events (only applicable for open public events),
  • attendance,
  • personal programme,
  • personal input (topics, keywords, preferences),
  • first and last name.

The basis for data processing is Art. 6 para. 1 S. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

3.1.4. Payments within the framework of contracts with us

Insofar as payment is required within the framework of contract processing, we may transfer your payment data to our main bank or to the payment service provider we have commissioned. Our payment service provider is based in Switzerland. In accordance with the European Commission’s decision of 26 July 2000 (OJ EC 2000 L 215, 1), Switzerland has an adequate standard of data protection. This decision shall also remain in force until further notice following inception of the GDPR (Art. 45 para. 9 GDPR). The service provider was carefully chosen by us, was commissioned in writing, and is bound by our instructions. He is regularly monitored by us. The service provider shall not disclose your (payment) data to third parties, except where necessary for implementation of payment, and shall instead erase the latter after conclusion of contract and at the end of mandatory retention periods, except where you have consented to further storage. Your (payment) data shall be transferred to the corresponding payment service provider according to your chosen means of payment. The payment service provider carries responsibility for your (payment) data. Information, in particular concerning the payment service provider’s responsible authority, the contact details of the payment service provider’s data protection officer, and the categories of personal data processed by the payment service providers can be found at the Internet address https://www.six-payment-services.com/en/home.html. We ourselves merely receive notice that a payment has been made; your bank data is not transferred to us by the service provider.

The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

3.1.5. Data processing for communication with you (contact form, etc.)

In addition to the contract data, we process your communication data (address, telephone number, e-mail address) in order to be able to contact you. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.

The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

3.2. Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about the requested information. The respective content of a newsletter is explained in the respective declaration of consent. If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have entered. If you do not confirm your registration, your information will be blocked and automatically deleted after one month.

Your first name, last name and e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration for the newsletter and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. Our newsletter is sent by the technical service provider rapidmail GmbH (Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany), to whom we pass on the data you provide when registering for the newsletter. The data you enter for newsletter subscription will be stored on rapidmail’s servers in the EU. For more information, please see the rapidmail GTC and data privacy statement.

Data processing takes place on the basis of your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time and cancel the respective subscription. You can declare your revocation by clicking on the link provided in every e-mail or by sending us a message via the contact details mentioned under section 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

3.3. Cookies

In order to enable the use of certain functions, to recognise you when you visit our website again, and/or to adapt our offer to your personal preferences we use so-called cookies on various pages. These are small text files that are stored on your end device. Cookies are unable to run programmes or transfer viruses to your computer. Their general purpose is to make the internet service more user-friendly and effective. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

As a user you have full control over the application of cookies. By entering our website your consent for certain cookies and/or cookie-based applications can be given by ticking the respective box. Our cookie tool (“CookieYes”– for further details please refer to section 3.7.3) blocks all cookies requiring consent until the individual user gives corresponding consent. This ensures that such cookies are only set on the user's terminal device if consent is given.

By changing the settings in your internet browser, you can also deactivate or limit the transfer of cookies and, for example, refuse to allow third-party cookies or cookies in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:

Since we do not operate these websites, we assume no liability for it and have no influence over content and availability.

Please note that the functionality of our website may be limited if cookies are not accepted.

We use necessary cookies, which are required to enable the performance of the services we are obliged to provide. The data processing in this respect is then based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

In addition, we may use cookies which are indispensable for the functionality of our website. This data processing is then carried out in accordance with Art. 6 para. 1 s. 1 lit. f GDPR, which permits data processing to serve the legitimate interests of the data controller, unless the interests or the fundamental rights and freedoms of the data subject outweigh the interest of the data controller in processing the data.

We may obtain your consent for the use of other, unnecessary cookies. The data processing is then carried out on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.

3.4. Tracking with Matomo

On some of our websites we may use web analysis software Matomo to analyse the use of the respective website and/or to track user-specific behaviour, if this is necessary to provide our services. The relevant data processing for the provision of the contractual service is outlined in section 3.1. In contrast to other statistics programmes, no data is transmitted to an external server by the software we use. The relevant software is installed on one of our servers located in the EU. Our tracking software may collect the following data, which may give information about which functions of the respective website are frequently used and where misunderstandings may occur:

  • Country, state, city,
  • time of the page call,
  • the browser used, including the browser version, browser language and the installed plugins,
  • the operating system of the user,
  • the screen resolution of the user,
  • the date of the first visit,
  • the time of the last visit,
  • a randomly generated unique user ID,
  • the loading time of the visited page,
  • the number of actions per visit,
  • the page title of the visited page,
  • the URL of the visited page,
  • the length of stay per visit,
  • functions used during the visit.

Statistics on user behaviour are then based on this data. These include, for example, overviews of the actions per visit, e.g., whether data exports were carried out or counter readings were entered.

We use tracking technologies that are necessary to enable us to perform the services we are obliged to provide. The data processing in this respect is then based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. In addition, we may, under certain circumstances, obtain your consent for the use of tracking while processing personal data. The data processing will then be based on your consent in accordance with Art. 6 para. 1 s. 1 lit. b GDPR. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation. In addition, we use anonymous tracking on some of our websites.

3.5. Google Web Fonts

We use the Web Fonts from Google, which are installed on the server side (locally) and do not connect to Google at any time.

3.6. Data processing in the context of our Facebook corporate website

We operate a company page (fan page) in the social network facebook.com. We are jointly responsible with Facebook for the operation of the Facebook fan page within the meaning of Art. 26 GDPR. The agreement on joint controllership can be found here: https://www.facebook.com/legal/terms/page_controller_addendum. Primarily responsible for data processing is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook").

The type and scope of the information you provide to Facebook, the associated purposes of data processing by Facebook, its legality and information on the exercise of your rights can be found in the Data Policy, as well as other information provided by Facebook on the processing of "Insights data". https://de-de.facebook.com/policy.php

Facebook provides us with so-called page insights for our site. Page-Insights (https://www.facebook.com/business/a/page/page-insights) are aggregated data that allows us to understand how people interact with our site. The creation and provision of these page insights is the responsibility of Facebook, we have no influence on it. This also applies to data processing, which is carried out exclusively for the purposes of Facebook. Facebook also assumes all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).

The purpose of data processing of the data provided by Facebook by us is the statistical evaluation of the use of our fan page. This enables us, for example, to determine the preferred visiting and posting times of our users and to use this information to optimise our posts and our fan page. In addition, we process personal data made publicly available by you on Facebook (e.g., clear names in the user profile) as well as data directly related to activities on our fan page (e.g., posts, likes, markers), also for the purpose of communicating with you.

Please assert your rights to information, correction, deletion, restriction of processing and data transferability of your stored Insights data vis-à-vis Facebook, as Facebook has assumed the corresponding obligations:

Facebook Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour
Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads

The basis for the data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as data is processed in accordance with the Facebook terms of use, otherwise, if applicable, Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data for the purpose of serving the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. Our interest lies in providing content and communication with Facebook users and in improving the reach and effectiveness of our posts.

3.7. Other Tools

3.7.1. Online presence in other social networks

We have set up online presences in various social networks to communicate with you, interested parties and customers and to inform them about our services and current offers. In addition to our interaction with you, the social networks process data from visitors to their websites for the purpose of market research and advertising, i.e., that from the respective visit or usage behaviour and the preferences and interests of a visitor derived from this, a user profile may be created by the respective operator of the social network. Such user profiles can be used, among other things, to display advertisements within the respective social network and possibly on other websites, which are individually adapted to the respective user profile. Cookies (see above) may be stored on the visitors' devices, with the help of which data on usage behaviour can be collected. The collection of this data can, especially in the case of logged-in members of the respective social network, also be realised across several browsers and/or end devices used by a user. Even if a visitor does not have a profile with the respective social network, it cannot be ruled out that personal data on this visitor will be stored when visiting the respective website. Requests for information regarding the data stored in social networks via our online presence or the use of other relevant rights of data subjects can be addressed to the provider of the respective service. Only the providers of the social networks have access to the respective data stored there and can provide the corresponding information, etc. With regard to the purpose and scope of data processing by the various social networks, we refer additionally to their respective data protection notices and the respective contact options:

Instagram
Facebook Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour
Dublin 2, Ireland
Privacy Policy: https://help.instagram.com/519522125107875?helpref=page_content

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Twitter Inc.
One Cumberland Place
Fenian Street
Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/privacy
Opt-out: https://twitter.com/personalization

The basis for the data processing by the aforementioned social networks is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as data is processed in accordance with the relevant terms of use, otherwise, if applicable, Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data for the purpose of serving the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3.7.2. Zoom

We use the Zoom service of Zoom Video Communications Inc (hereinafter "Zoom") to conduct online meetings, video conferences and/or webinars. When using Zoom, different data will be processed. The extend of the processed data depends on the data you provide before or during your participation in an online meeting, video conference or webinar. When using Zoom, data of the communication participants is processed and stored on Zoom servers. This data may include your registration data (name, e-mail address, telephone [optional] and password) and meeting data (topic, participant IP address, device information, description [optional]). In addition, visual and audio contributions of the participants, as well as voice inputs can be processed in chats.

For more information about Zoom's use of data, please refer to Zoom's Privacy Policy:

Zoom Video Communications Inc
55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA
Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html

Important in the context of data processing in the US: The European Court of Justice considers that the standard of data protection in the US is insufficient and that there is a risk that your data may be processed by US authorities, for control and monitoring purposes and possibly without any possibility of legal recourse.

The basis for the data processing in this respect is based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as data is processed in accordance with the relevant terms of use, otherwise, if applicable, Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data for the purpose of serving the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3.7.3. CookieYes

This website uses the cookie consent tool “CookieYes“, supplied by Mozilor Limited (hereinafter „CookieYes“), to obtain valid user consents for cookies and cookie-based applications. By incorporating a corresponding JavaScript code, users are shown a banner when calling up a page, in which consent for certain cookies and/or cookie-based applications can be given by ticking the respective box. The tool blocks all cookies requiring consent until the individual user gives corresponding consent. This ensures that such cookies are only set on the user's terminal device if consent is given.

To enable the cookie consent tool to clearly assign page views to individual users and to individually record, log and store the consent settings made by the user for a session, certain user information (including the IP address) is collected by the cookie consent tool when calling up our website, transmitted to CookieYes servers and stored there.

For more information about CookieYes’ use of data, please refer to CookieYes’ Privacy Policy:

Mozilor Ltd.
3 Warren Yard,
Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom
https://www.cookieyes.com/privacy-policy/

The basis for the data processing in this respect is based on Art. 6 para. 1 lit. c GDPR, which permits the processing of data for compliance with a legal obligation to which the controller is subject. Further legal basis for the data processing described is Art. 6 para. 1 lit. f GDPR, if applicable, which permits the processing of data for the purpose of serving the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3.7.4. YouTube

For visualisation and reproduction of content, we have included videos from the YouTube platform on our website. YouTube is a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When you access one of the submenu pages of our web presence containing a YouTube plug-in, to play a video for instance, your browser establishes a direct connection to the servers of YouTube, thus showing the plug-in. At the same time, the YouTube server is informed as to which of our web pages you have visited. If you are now logged in as a member of YouTube or any other Google service (which of course is not mandatory just to view our videos), Google assigns this information to your personal user account. If you utilise the plug-in in that you for example click the start button of a video, this information is similarly assigned to your user account. You can prevent this assignment by logging out of your YouTube or any other Google service user account before using our website and erasing the corresponding cookies. Furthermore, we turned on the Privacy Enhance Mode in the YouTube settings to prevent YouTube from storing info about you as long as the video is not playing. Further information on data processing and references to Google’s data protection can be found under https://policies.google.com/privacy?hl=de.

Important in the context of data processing in the US: The European Court of Justice considers that the standard of data protection in the US is insufficient and that there is a risk that your data may be processed by US authorities, for control and monitoring purposes and possibly without any possibility of legal recourse.

The basis for the data processing by YouTube is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as data is processed in accordance with the Google terms of use, otherwise, if applicable, the data processing may be carried out on the basis of your consent in accordance with Art. 6 Para. 1 s. 1 lit. a GDPR in conjunction with Art. 49 para. 1 S.1 lit. a GDPR. You can revoke your consent at any time. An informal notification to us is sufficient for this purpose. The legality of the data processing that has already taken place remains unaffected by the revocation.

3.8. Data processing for applications

We regularly receive applications and queries concerning the possibility of participating in work placement or (auxiliary) activities via our websites and the displayed contact data. If you send us applications, we process the personal data which we receive from you within the scope of the application process or the employment contract. Relevant data are e.g. Master data (name and address), CVs, contact data (telephone, fax, e-mail) and other data such as bank details, date of birth, age, marital status, denomination, health insurance fund, pension insurance institution, social security number, tax number, tax identification number and tax class, which are necessary for processing the payroll accounting.

In the case of applicants who are minors, we also record the personal data of the legal guardians, in particular name, address and, if applicable, the consent to enter into the contract with us and obtain any necessary consent.

If we are unable to offer you a job, you turn down a job offer, withdraw your application, revoke your consent to data processing or demand that we erase the data, the data and documents submitted by you, including any possible remaining physical records, shall be stored or retained for a maximum of four months after conclusion of the application procedure (retention period). Provided you have consented to further storage of your personal data, we shall add your data to our pool of applicants.

Within the scope of the employment relationship, we may request information as to whether there is a severe disability in order to be able to safeguard corresponding rights in accordance with the German Social Code IX, as well as to be able to calculate any compensation levy in accordance with s. 160 Social Code IX. An answer to this question is only required after a period of employment of six months, before that the answer is voluntary. We may ask for information on marital status and parental status in order to calculate social security contributions and to determine whether a contribution supplement to nursing care insurance is to be paid in accordance with s. 55 para. 3 Social Code XI. If it is necessary to check the legality of the employment, we may ask for a work permit or permission to work. Within the scope of the employment relationship, we process further personal data, including data on periods of illness, absences (vacation, special leave, sabbatical, etc.) or working hours. We keep a personnel file in which we store all central information required for the employment relationship.

We may process the aforementioned personal data for the purpose of establishing, implementing and terminating an employment contract or application process. The basis for data processing is Art. 88 para. 1 GDPR, s. 26 para. 1 BDSG (new), which allows the processing of data for the fulfilment of a contract or pre-contractual measures.

3.9. Data processing to protect legitimate interests

We may process your data if it is necessary to protect the legitimate interests of us or third parties. This may be the case in particular to ensure IT security and IT operation, in particular also for support enquiries, to be able to understand and prove facts in the event of legal disputes, for market and opinion surveys, to statistically evaluate the use of our website. Furthermore, we may use your e-mail address for recommendations if you have already ordered something from us. In this way, we want to send you information that might interest you based on your last orders from us. In doing so, we comply strictly with the legal requirements. If you no longer wish to receive product recommendations or promotional messages from us, you can object to this at any time. A message in text form to the contact data mentioned under section 1 (e.g. e-mail, fax, letter) is sufficient for this purpose.

The basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3.10. Data processing for marketing purposes

In the event of the use of your data for advertising purposes for us or for our cooperation partners, we may obtain your consent.

The data processing is then carried out on the basis of your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can revoke your consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

3.11. Other data processing based on your consent

It may also happen that we ask for your consent to process personal data. Any granting of consent and the relevant data processing is voluntary and you will not suffer any disadvantages if you do not consent.

The data processing is then carried out on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. An informal notification to us is sufficient for this purpose. The legality of the data processing operations already carried out remains unaffected by the revocation.

3.12. Use of data for fraud prevention purposes

The data you provide when placing an order can be used by us to check whether an atypical order process is present.

In principle, we have a legitimate interest in carrying out such an inspection. The processing of the data is based on the legal basis in Art. 6 para. 1 lit. f GDPR.

3.13 Data processing for the fulfilment of legal obligations

In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations).

The basis for data processing is Art. 6 para. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.

3.14. Automated decision-making in specific cases, including profiling

Automated decision-making including profiling does not regularly take place with us.

4. Categories of recipients of personal data

Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data.

Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract.

In the case of cooperations in which we merely act as intermediaries, your personal data will only be passed on to the cooperation partner if this is necessary for the purpose of concluding the contract and processing the contract for the cooperation partner. Both the cooperation partner and we are obliged to observe the data protection regulations within the framework of the cooperation. This obligation shall continue to apply even after termination of the respective contract.

Service providers who support us in providing our services to you are Congress and Event Management service providers, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, hosting providers and e-mail service providers.

5. Duration of data storage

In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).

6. Data security

Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organisational measures against loss, destruction, access, alteration or distribution of your data by unauthorised persons.

7. Rights of data subjects

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in clause 1. You may also have a right to restrict the processing of your data and a right to have the data provided by you released in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. In addition, you have the possibility of contacting a data protection supervisory authority (right of appeal).