Privacy policy
Foreword
This Privacy Notice applies on the occasion of the ILTS 28th Annual Congress
on Liver Transplantation (hereinafter
“ILTS 2024”, “Event” or “Congress”).
We, K.I.T. Group GmbH including our subsidiaries (hereinafter
collectively: “K.I.T. Group GmbH”, “the company“, “we” or “us”)
take the protection of your personal data seriously and would like to inform
you here about the data protection in our company.
Within the scope of our responsibility under data protection law,
additional obligations have been imposed on us by the entry into force of the
EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to ensure the protection
of personal data of the person affected by a processing operation (we also
address you as data subject hereinafter with “customer”,
“user”, “you”, “you”
or “data subject”).
Insofar as we decide, either alone or jointly with others, on the
purposes and means of data processing, this includes above all the obligation
to inform you transparently about the nature, scope, purpose, duration and
legal basis of the processing (cf. Articles 13 and 14 GDPR). With this statement
(hereinafter: “Privacy Notice“),
we inform you about the manner in which your personal data is processed by us.
The design and granting of consent to data processing is exclusively in
accordance with the requirements of § 25 (1) TTDSG in conjunction with Artt. 6 (1)
lit. a, 5 No. 11 GDPR.
Our data protection notices have a modular structure. It consists of a
general part for all processing of personal data and processing situations that
come into play each time a website is called up (A. General) and a special
part, the content of which relates in each case only to the processing
situation specified there with the designation of the respective offer or
product, in particular the visit to websites and/or participation in the event (B.
Visit to websites and the event), which are described in more detail here.
Section C. (Cookie Policy) with its presentation of the cookies and tools used
then refers to the above information. In addition, the special sections D.
(Business partners) must be taken into account in the case of corresponding
processing operations.
To find the parts that are relevant to you, please refer to the
following overview for the breakdown of the privacy notices:
Part A (General)
This part is always relevant for you as a participant of the congress
and visitor of the websites.
Part B (website and social media presence,
congress offerings)
The aforementioned principles are relevant to you when you visit the
event-related websites, including social media appearances, and use the
Congress offerings.
Part C (Cookie Policy)
The Cookie Policy contains the list of cookies, plugins and tools used,
as well as the information about the possibilities of revocation of consent to
data processing once given.
Part D (Business Partner)
These principles are relevant for you if you want to work with us as a
client, service provider, supplier or similar partner, are already in an
ongoing business relationship with us or have been in the past.
A. General
(1) Definitions
Following the example of Art. 4 GDPR, these data protection notices are
based on the following definitions:
· “Personal
data” (Art. 4 No. 1 GDPR) means any information relating to an identified
or identifiable natural person (“data subject”). A person is
identifiable if he or she can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification
number, an online identifier, location data or by means of information relating
to his or her physical, physiological, genetic, mental, economic, cultural or
social identity characteristics. The identifiability can also be given by means
of a linkage of such information or other additional knowledge. The origin,
form or embodiment of the information is irrelevant (photographs, video or
audio recordings may also contain personal data).
· “Processing”
(Art. 4 No. 2 GDPR) means any operation which involves the handling of personal
data, whether or not by automated (i.e. technology-based) means. This includes,
in particular, the collection (i.e. acquisition), recording, organization,
arrangement, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available,
alignment, combination, restriction, erasure or destruction of personal data,
as well as the change of a purpose or intended use on which a data processing
was originally based.
· “Controller”
(Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency
or other body which alone or jointly with others determines the purposes and
means of the processing of personal data.
· “Third
Party” (Art. 4 No. 10 GDPR) means any natural or legal person, public
authority, agency or other body other than the Data Subject, the Controller,
the Processor and the persons who are authorized to process the Personal Data
under the direct responsibility of the Controller or Processor; this also
includes other group-affiliated legal entities.
· “Processor”
(Art. 4 No. 8 GDPR) is a natural or legal person, authority, institution or
other body that processes personal data on behalf of the controller, in
particular in accordance with the controller’s instructions (e.g. IT service
provider). In particular, a processor is not a third party in the sense of data
protection law.
· “Consent”
(Art. 4 No. 11 GDPR) means any freely given specific, informed and unambiguous
indication of the data subject’s wishes in the form of a statement or other
unambiguous affirmative act by which the data subject signifies his or her
agreement to the processing of personal data relating to him or her.
(2) Name and address of the controller
We are the responsible party for the processing of your personal data on
the websites operated by us within the meaning of Art. 4 No. 7 GDPR:
K.I.T. Group GmbH
Kurfürstendamm 71
10709 Berlin
Germany
Tel.: +49 30 24603 0
Fax.: +49 30 24603 200
info@kit-group.org
For further information on our company, please refer to the imprint
details on our website https://www.kit-group.org/de/legal-notice/
(3) Contact details of the data protection officer
Our company data protection officer is available at all times to answer
any questions you may have and to act as your contact person on the subject of
data protection at our company. His contact details are:
Data Privacy Officer (Group DPO)
Exkulpa gmbh
Waldfeuchter Straße 266
52525 Heinsberg
Germany
exkulpa.de
Phone: +49 (0)2452/993311
E-mail: security@kit-group.org
(4) Legal basis for data processing
By law, in principle, any processing of personal data is prohibited and
only permitted if the data processing falls under one of the following
justifications:
· Art. 6 (1) p. 1
lit. a GDPR (“consent”): Where the data subject has voluntarily, in
an informed manner and unambiguously indicated by a statement or other
unambiguous affirmative act that he or she consents to the processing of
personal data relating to him or her for one or more specified purposes;
· Art. 6 (1) p. 1
lit. b GDPR: If the processing is necessary for the performance of a contract
to which the data subject is a party or for the performance of pre-contractual
measures taken at the request of the data subject;
· Art. 6 (1) p. 1
lit. c GDPR: If processing is necessary for compliance with a legal obligation
to which the controller is subject (e.g. a legal obligation to preserve
records);
· Art. 6 (1) p. 1
lit. d GDPR: If the processing is necessary to protect the vital interests of the
data subject or another natural person;
· Art. 6 (1) p. 1
lit. e GDPR: Where processing is necessary for the performance of a task
carried out in the public interest or in the exercise of official authority
vested in the controller, or
· Art. 6 (1) p. 1
lit. f GDPR (“Legitimate Interests”): When processing is necessary to
protect the legitimate (in particular legal or economic) interests of the
controller or a third party, unless overriding interests or rights of the data
subject (in particular if the data subject is a minor).
For the processing operations carried out by us, we indicate below the
applicable legal basis in each case. A processing operation may also be based
on several legal bases.
(5) Data deletion and storage period
For the processing operations carried out by us, we indicate below in
each case how long the data will be stored by us and when it will be deleted or
blocked. If no explicit storage period is specified below, your personal data
will be deleted or blocked as soon as the purpose or legal basis for the
storage no longer applies. As a matter of principle and as far as possible, your
data will only be stored on our servers in Germany, subject to any transfer
that may take place in accordance with the provisions in A. (7) and A. (8).
However, storage may take place beyond the specified time in the event
of a (threatened) legal dispute with you or other legal proceedings or if
storage is provided for by statutory provisions to which we are subject as the
responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed
by the legal regulations expires, the personal data will be blocked or deleted
unless further storage by us is necessary and there is a legal basis for this.
(6) Data security
We use appropriate technical and organizational security measures to
protect your data against accidental or intentional manipulation, partial or
complete loss, destruction or against unauthorized access by third parties
(e.g. TLS encryption for our website), taking into account the state of the
art, implementation costs and the nature, scope, context and purpose of the
processing, as well as the existing risks of a data breach (including its
probability and impact) for the data subject. Our security measures are
continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on
request. Please contact our data protection officer (see under A.(3)).
(7) Cooperation with processors
As with any larger company, we also use external domestic and foreign
service providers (e.g. for IT, logistics, telemedia services and telecommunications,
sales and marketing) to handle our business transactions. These service
providers only act on our instructions and have been
contractually obligated to comply with the provisions of data protection law
within the meaning of Art. 28 GDPR or – if applicable – on the basis of
standard contractual clauses.
Insofar as personal data from you is passed on by us to our subsidiaries
or is passed on to us by our subsidiaries (e.g. for advertising purposes), this
is done on the basis of existing order processing relationships or joint
responsibilities. You can find an overview of our
subsidiaries at https://www.kit-group.org/de/offices/.
(8) Conditions for the transfer of personal data to third countries
In the course of our business relationships, your personal data may be
transferred or disclosed to third party companies. These may also be located
outside the European Economic Area (EEA), i.e. in third countries. Such
processing takes place exclusively for the fulfillment of contractual and
business obligations and to maintain your business relationship with us. We
will inform you about the respective details of the transfer in the following
at the relevant points.
Some third countries are certified by the European Commission as having
a level of data protection comparable to the EEA standard through so-called
adequacy decisions (a list of these countries and a copy of the adequacy
decisions can be obtained here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).
However, in other third countries to which personal data may be transferred,
there may not be a consistently high level of data protection due to a lack of
legal provisions. If this is the case, we ensure that data protection is
adequately guaranteed. This is possible through binding company regulations,
standard contractual clauses of the European Commission for the protection of
personal data, certificates or recognized codes of conduct. Please contact our
data protection officer (see under A.(3)) if you would like more information on
this.
(9) No automated decision making (including profiling).
We do not intend to use any personal data collected from you for any
automated decision making process (including profiling).
(10) No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you
providing us with personal data in advance. As a customer, you are under no
legal or contractual obligation to provide us with your personal data; however,
we may only be able to provide certain services to a limited extent or not at
all if you do not provide the necessary data. If this should exceptionally be
the case in the context of the products we offer presented below, you will be
informed of this separately.
(11) Legal obligation to transmit certain data
We may be subject to a specific legal or statutory obligation to provide
the lawfully processed personal data to third parties, in particular public
bodies (Art. 6 (1) lit. c GDPR).
(12) Your rights
You can assert your rights as a data subject regarding your processed
personal data at any time by contacting us using the contact details provided
at the beginning of A.(2). You have the right as a data subject:
· In accordance
with Art. 15 GDPR, you may request information about your data processed by us.
In particular, you can request information about the processing purposes, the
category of data, the categories of recipients to whom your data has been or
will be disclosed, the planned storage period, the existence of a right to
rectification, erasure, restriction of processing or objection, the existence
of a right of complaint, the origin of your data if it was not collected by us,
as well as the existence of automated decision-making, including profiling and,
if applicable, meaningful information about its details;
· In accordance
with Art. 16 GDPR, you have the right to demand the correction of incorrect
data or the completion of your data stored by us without delay;
· In accordance
with Art. 17 GDPR, you may request the deletion of your data stored by us,
unless the processing is necessary for the exercise of the right to freedom of
expression and information, for compliance with a legal obligation, for reasons
of public interest, or for the assertion, exercise or defense of legal claims;
· In accordance
with Art. 18 GDPR, you have the right to demand the restriction of the
processing of your data, insofar as the correctness of the data is disputed by
you or the processing is unlawful;
· according to
Art. 20 GDPR to receive your data that you have provided to us in a structured,
common and machine-readable format or to request the transfer to another
controller (“data portability”);
·
object to the processing pursuant to Art. 21 GDPR,
provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f GDPR.
This is particularly the case if the processing is not necessary for the
performance of a contract with you. Unless it is an objection to direct
marketing, when exercising such an objection, we ask you to explain the reasons
why we should not process your data as we have done. In the event of your
justified objection, we will examine the merits of the case and either
discontinue or adapt the data processing or show you our compelling legitimate
grounds on the basis of which we will continue the processing;
· in accordance
with Art. 7 (3) GDPR, to revoke your consent given once (also before the
applicability of the GDPR, i.e. before 25.5.2018) – i.e. your voluntary will,
made understandable in an informed manner and unambiguously by means of a
declaration or other unambiguous confirming act, that you agree to the
processing of the personal data in question for one or more specific purposes –
at any time vis-à-vis us, if you have given such consent. This has the
consequence that we may no longer continue the data processing, which was based
on this consent, for the future and
· In accordance
with Art. 77 GDPR, you have the right to complain to a data protection
supervisory authority about the processing of your personal data in our
company, such as the data protection supervisory authority responsible for us:
Berlin Commissioner for Data
Protection and Freedom of Information, Friedrichstr. 129, 10969 Berlin, Germany,
Tel: +49 30 13889 0, Fax: +49 30 2155050, mailbox@datenschutz-berlin.de
(13) Changes to the data protection notice
In the context of the further development of data protection law and
technological or organizational changes, our data protection information is
regularly reviewed to determine whether it needs to be adapted or supplemented.
You will be informed of any changes in particular on the Event website at https://2024.ilts.org/. This data protection notice is valid as of April2023.
B. Visiting websites
(1) Explanation of the function
You can obtain information about our company and the services we offer
as part of the Event in particular at https://2024.ilts.org/ together with the associated
subpages and our company’s website (hereinafter collectively:
“websites”). When you visit these websites, personal data may be processed.
(2) Personal data processed
When you use the websites for information purposes, when you register as
an event participant and/or when you purchase services from us, the following
categories of personal data are collected, stored and processed by us:
“Log data”: When you visit our websites, a so-called log data
record (so-called server log files) is stored temporarily and anonymously on
our web server. This consists of:
· the page from
which the page was requested (so-called referrer URL).
· the name and
URL of the requested page
· the date and
time of the call
· the description
of the type, language and version of the web browser used.
· the IP address
of the requesting computer, which is shortened in such a way that a personal
reference can no longer be established
· the amount of
data transferred
· the operating
system
· the message
whether the call was successful (access status/http status code).
· the GMT time
zone difference.
“Participant data”: In
order to participate in the event and related offers, you must register via the
registration form. In doing so, the submitted data will be processed (e.g.
gender, surname and first name, title, nationality, address,
institution/company, e-mail address, research or activity area, billing data such
as account or credit card data). If you participate in the event as a speaker,
further data will be processed (e.g. data on your status as an author,
memberships in scientific professional associations, publication data). If a continuing
education certificate (CME credits) is sought, your participation data will be
processed for verification purposes.
“Accommodation data”: If
you inquire about or book a place of accommodation on our websites, the data
transmitted in the process will be processed (e.g. surname and first name,
title, e-mail address, billing address, billing data such as account or credit
card data).
“Billing data”: If you register for the event subject to
payment or order or make use of services subject to payment with or via us, the
data transmitted in the process will be processed (billing data, e.g. account or
credit card data).
“Contact details”: if you use the e-mail addresses provided to
contact us, the data transmitted will be processed (at least the e-mail address
and the time of transmission, in addition, depending on the information
provided, e.g. surname and first name, address, institution/company).
“Newsletter data”: In addition to the purely informative use
of the website, the subscription to our newsletter is offered, with which we
inform you about current professional developments and events. If you subscribe
to the newsletter, the following “newsletter data” will be collected,
stored and processed by us:
– the page from which the
page was requested (so-called referrer URL).
– the date and time of
the call
– the description of the
type of the used web browser
– the
IP address of the requesting computer, which is shortened in such a way that a
personal reference can no longer be established.
– the e-mail address
– the date and time of
registration and confirmation
(3) Purpose and legal basis of data processing
We process the personal data specified in more detail above in
accordance with the provisions of the GDPR, the other relevant data protection
regulations and only to the extent necessary. Insofar as the processing of
personal data is based on Art. 6 (1) lit. f GDPR, the aforementioned purposes
also represent our legitimate interests.
–
The processing of the log data serves
statistical purposes and the improvement of the quality of our website, in
particular the stability and security of the connection (legal basis is Art. 6 (1)
lit. f GDPR).
–
Participant data is processed for the purpose
of fulfilling the contract concluded upon registration regarding participation
in the event and the use of the agreed services (legal basis is Art. 6 (1) lit.
b GDPR). Any processing of special categories of personal data takes place
exclusively within the narrow limits of Art. 9 GDPR (e.g. health data,
biometric data, origin data). Participant data will only be processed for
advertising and marketing purposes if you have consented to the processing or
if the processing is necessary to protect our legitimate (in particular legal
or economic) interests, unless your conflicting interests or rights prevail
(legal basis is Art. 6 (1) lit. a or lit. f GDPR).
–
The processing of the accommodation data takes
place in preparation and for the fulfillment of the accommodation contract
(legal basis is Art. 6 (1) lit. b or lit. f GDPR).
–
The processing of billing data is carried out
in the context of billing for paid registration or services ordered or used for
a fee (legal basis is Art. 6 (1) lit. b GDPR). In addition, the processing is
carried out in the interest of a smooth, convenient and secure payment process
(legal basis is Art. 6 (1) lit. f GDPR).
–
The processing of contact data is carried out
for the processing of customer inquiries , for
informational and/or promotional purposes (legal basis is Art. 6 (1) lit.b or
lit. f GDPR, if consent is given Art. 6 (1) lit a GDPR).
–
The newsletter data is processed for the
purpose of sending the newsletter. When registering for our newsletter, you
consent to the processing of your personal data (legal basis is Art. 6 (1) lit.
a GDPR). For the registration to our newsletter, we use the so-called double
opt-in procedure. This means that after your registration, we will send you an
e-mail to the e-mail address you provided, in which we ask you to confirm that
you wish to receive the newsletter. The purpose of this procedure is to be able
to prove your registration and, if necessary, to clarify a possible misuse of
your personal data. You can revoke your consent to the sending of the
newsletter at any time and unsubscribe from the newsletter. You can declare the
revocation by clicking on the link provided in every newsletter e-mail, by
e-mail to ilts@ilts.org or by sending a message to the contact details provided
in the imprint.
(4) Duration of data processing
Your data will only be processed for as long as is necessary to achieve
the above-mentioned processing purposes; the legal bases specified in the
context of the processing purposes apply accordingly. With regard to the use
and storage duration of cookies, please refer to point A.(5) and the Cookie
Policy in section C.
Third parties engaged by us will store your data on their systems for as
long as is necessary in connection with the provision of services for us in
accordance with the respective order.
For more details on the storage period, please refer to A.(5) and the
Cookie Policy in Section C.
(5) Transfer of personal data to third parties;
basis for justification
The following categories of recipients, which are usually processors
(see A.(7)), may receive access to your personal data:
–
Service providers for the operation of our websites
and the processing of data stored or transmitted by the systems (e.g. for data
center services, developers and administrators of booking platforms and systems
for registrations / sponsors / exhibitors / hotel bookings, for payment
processing, IT security, app service providers). The legal basis for the
transfer is then Art. 6 (1) lit. b or lit. f GDPR, insofar as it does not
involve order processors;
–
Government agencies/authorities, insofar as
this is necessary to fulfill a legal obligation. The legal basis for the
disclosure is then Art. 6 (1) lit. c GDPR;
–
Persons employed to carry out our business operations
(e.g. auditors, banks, insurance companies, legal advisors, supervisory
authorities). The legal basis for the disclosure is then Art. 6 (1) lit. b or
lit. f GDPR.
–
Professional bodies in the context of the
recognition of training events and the awarding of training points to
participants (certification bodies). The legal basis for the transfer is Art. 6
(1) lit. b or lit. f GDPR, insofar as it does not involve order processors.
–
Service providers for the organization and
implementation of the event and the processing of the transmitted data required
for this purpose (e.g. venue operators, lecture and abstract submission
services, logistics and security companies, technical service providers, payment
service providers, accommodation and transport companies, catering, fringe
events). The legal basis for the transfer is Art. 6 (1) lit. b or lit. f GDPR,
insofar as it does not involve order processors.
For the guarantees of an adequate level of data protection in the event
of a transfer of the data to third countries, see A. (8).
In addition, we will only share your personal data with third parties if
you have given your express consent to do so in accordance with Art. 6 (1) lit.
a GDPR.
(6) Use of cookies, plugins and other services on our website
a) Cookie
We use cookies on our websites. Cookies are small text files that are
assigned to the browser you are using and stored on your hard drive by means of
a characteristic character string and through which certain information flows
to the entity that sets the cookie. Cookies cannot execute programs or transfer
viruses to your computer and therefore cannot cause any damage. They serve to
make the Internet offer as a whole more user-friendly and effective, i.e. more
pleasant for you.
Cookies can contain data that makes it possible to recognize the device
used. In some cases, however, cookies only contain information about certain
settings that are not personally identifiable. However, cookies cannot directly
identify a user.
A distinction is made between session cookies, which are deleted as soon
as you close your browser, and permanent cookies, which are stored beyond the
individual session. With regard to their function, a distinction is made
between cookies:
· Technical
cookies: these are mandatory to move around the website, use basic functions
and ensure the security of the website; they do not collect information about
you for marketing purposes, nor do they store which web pages you have visited;
· Performance
cookies: these collect information about how you use our website, which pages
you visit and, for example, whether errors occur during website use; they do
not collect information that could identify you – all information collected is
anonymous and is only used to improve our website and find out what interests
our users;
· Advertising
cookies, targeting cookies: These are used to offer the website user tailored
advertising on the website or offers from third parties and to measure the
effectiveness of these offers; advertising and targeting cookies are stored for
a maximum of 13 months;
· Sharing
cookies: These are used to improve the interactivity of our website with other
services (e.g. social networks); sharing cookies are stored for a maximum of 13
months.
Any use of cookies that is not absolutely technically necessary
constitutes data processing that is only permitted with your explicit and
active consent pursuant to Art. 6 (1) lit. a GDPR, § 25 (1) TTDSG. This applies
in particular to the use of advertising, targeting or sharing cookies. In
addition, we will only share your personal data processed through cookies with
third parties if you have given your explicit consent to do so in accordance
with Art. 6 (1) lit. a GDPR, § 25 (1) TTDSG.
b) Cookie Policy
For more information about which cookies we use and how you can manage
your cookie settings and disable certain types of tracking, please see our
Cookie Policy in Section C.
c) Social media plugins
We do not use any social media plug-ins on our websites (differently
regarding the YouTube videos embedded on the website, see section C. below). If
our websites contain icons of social media providers (e.g., Twitter, LinkedIn,
Facebook), we use these only for passive linking to the pages of the respective
providers. When you call up our website, no connection is yet established to
the servers of the respective provider. If you click on one of the displayed
icons of the social media providers, the corresponding website will open in a
new window of your browser. Data processing is governed by the privacy policy
of the respective provider.
C. Cookie Policy
(1) Overview of cookies used
1.1 Consent with Borlabs Cookie
Our website uses Borlabs Cookie Consent technology to obtain your
consent to the storage of certain cookies in your browser or to the use of
certain technologies and to document this in accordance with data protection
law. The provider of this technology is Borlabs – Benjamin A. Bornschein,
Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
When you visit our website, a Borlabs cookie is stored in your browser,
in which the consents you have given or the revocation of these consents are
stored. This data is not passed on to the cookie provider Borlabs.
The following essential cookie is used when using the website:
a) Name: borlabs-cookie (Borlabs Cookie 2.x)
b) Aim and purpose: Borlabs Cookie Consent Technology is used to obtain
the legally required consent to the use of cookies. The legal basis for this is
Art. 6 (1) lit. c GDPR. This cookie stores the cookie settings of a user.
c) Retention period: The essential cookie automatically expires after six
(6) months.
The collected data will be stored until you request us to delete it or
until you delete the Borlabs cookie yourself or within the above-mentioned
period. Mandatory legal retention periods remain unaffected. Details on the
data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
1.2 Google Analytics
This website uses functions of the web analysis service Google
Analytics. The provider of this service is Google Ireland Limited (“Google”),
Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior
patterns of website visitors. For this purpose, the website operator receives a
variety of user data, such as pages viewed, time spent on the page, operating
system used and origin of the user. This data is assigned to the respective end
device of the user. An assignment to a device ID does not take place.
Google Analytics uses technologies that enable the recognition of the
user for the purpose of analyzing user behavior (e.g. cookies or device
fingerprinting). The information collected by Google about the use of the
website is usually transferred to a Google server in the United States and
stored there. The data transfer to the USA takes place on the basis of the
Standard Contractual Clauses (SCC) of the European Commission. Details can be
found here: https://privacy.google.com/businesses/controllerterms/mccs/
The following performance cookies are used when using the website:
a) Designations: _ga, _gat, _gid
b) Aim and purpose: Google Analytics (GA) performance cookies for
website analysis. The legal basis is Art. 6 (1) lit. f GDPR. The operator of
this website has a legitimate interest in analyzing user behavior in order to
optimize both the online offer and the operator’s advertising activities. If
there is a corresponding consent, the processing is carried out exclusively on
the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the
consent includes the storage of cookies or access to information in the user’s
terminal device (e.g. device fingerprinting) as defined by the TTDSG. This
consent can be revoked at any time.
c) Retention period: With the new standard feature of Google Analytics 4
(GA4), performance cookies usually expire automatically after 14 months. User
or event level data stored by Google in connection with cookies, user
identifiers or advertising identifiers (e.g. DoubleClick cookies, Android
advertising identifiers) are anonymized or deleted after 2 months. For details,
please click on the following link: https://support.google.com/analytics/answer/6004245?hl=de
IP anonymization
Anonymization of users’ IP addresses is a new standard feature of Google
Analytics 4 (GA4). The automatically activated IP anonymization cannot be
deactivated, see https://support.google.com/analytics/answer/9019185?hl=en#zippy=%2Cin-this-article.
Opt-out options
a) Withdrawal of consent
You can revoke your consent to cookies. To do this, you must click on
the link “Change cookie settings” in the footer and, if necessary, “Show
cookie information”.
b) Browser plugin
You can prevent the collection and processing of your data by Google by
downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
For more information about how Google Analytics handles user data,
please see Google’s privacy policy at: https://support.google.com/analytics/answer/6004245?hl=en
Demographic parameters provided by Google Analytics
Insofar as this website uses the “Demographic Characteristics”
function of Google Analytics (e.g. age, gender and interests of website
visitors), this is done in order to be able to display suitable advertisements
within the Google advertising network. The sources of information are Google’s
interest-based advertising and visitor data obtained from third-party
providers. This data cannot be assigned to a specific person. You can either
deactivate this function at any time by making appropriate changes to the
advertising settings in your Google account, or you can generally prohibit the
collection of your data, as explained in the “Opt-out options” section
above.
Data processing agreement
We have concluded a data processing agreement with Google and fully
implement the strict requirements of the German data protection authorities
when using Google Analytics.
1.3 Fonts (local hosting)
Google Fonts are disabled. There is no connection to Google servers. For
more information, see https://developers.google.com/fonts/faq and
https://policies.google.com/privacy?hl=de.
The fonts used are hosted locally.
(2) Overview of plugins and tools used
2.1 YouTube with enhanced privacy
YouTube videos are embedded on this website. The operator of the pages
is Google Ireland Limited (“Google”), Gordon House, Barrow Street,
Dublin 4, Ireland.
We use YouTube in extended privacy mode. According to YouTube, this mode
means that YouTube does not store any information about visitors to this
website before they view the video. However, the transmission of data to
YouTube partners is not necessarily excluded by the extended data protection
mode. For example, YouTube connects to the Google DoubleClick network
regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection to
the YouTube servers is established. This tells the YouTube server which of our
pages you have visited. If you are logged into your YouTube account, you enable
YouTube to assign your surfing behavior directly to your personal profile. You
can prevent this by logging out of your YouTube account.
In addition, YouTube may store various cookies on your end device after
starting a video or use comparable recognition technologies (e.g. device
fingerprinting). In this way, YouTube can obtain information about the visitors
to this website. This information is used, among other things, to compile video
statistics, improve the user experience and prevent fraud attempts.
If necessary, further data processing processes may be triggered after
the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our
online offers. This represents a legitimate interest within the meaning of Art.
6 (1) lit. f GDPR. If a corresponding consent has been obtained, the processing
is based exclusively on Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG; the consent
can be revoked at any time.
a) Designation: NID
b)
Aim and purpose: YouTube is used in the
interest of an appealing presentation of our online offers. This represents a
legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a
corresponding consent has been obtained, the processing is carried out
exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG; the
consent can be revoked at any time.
c) Retention period: six (6) months
For more information on YouTube’s privacy policy, please see their
privacy policy at: https://policies.google.com/privacy?hl=de
2.2 Google Maps
This website uses the map service Google Maps. The provider is Google
Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4,
Ireland.
To enable the use of the Google Maps functions, your IP address must be
stored. This information is usually transferred to a Google server in the USA
and archived there. The operator of this website has no influence on the data
transfer. If Google Maps is activated, Google has the option of using Google
Web Fonts for the uniform display of fonts. When you call up Google Maps, your
browser loads the required web fonts into your browser cache in order to
display texts and fonts correctly.
We use Google Maps to present our online content in an appealing way and
to make the places indicated on our website easy to find. This constitutes a
legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If there is a
corresponding declaration of consent, the processing of the data is carried out
exclusively on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TTDSG,
insofar as the consent includes the storage of cookies or access to information
in the user’s terminal device (e.g. device fingerprinting) as defined by the
TTDSG. This declaration of consent can be revoked at any time.
The data transfer to the USA is based on the Standard Contractual
Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/GDPRcontrollerterms/
and https://privacy.google.com/businesses/GDPRcontrollerterms/sccs/
For more information about the handling of user data, please see
Google’s privacy policy at: https://policies.google.com/privacy?hl=en
2.3 Data processing in case, Newsletter is
requested
Mailchimp with deactivated performance
measurement
This website uses the services of Mailchimp for sending newsletters. The
provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000,
Atlanta, GA 30308, USA.
Mailchimp is a service with which, among other things, the sending of
newsletters can be organized. When you enter data for the purpose of receiving
newsletters (e.g. e-mail address), this data is stored on Mailchimp’s servers
in the USA. We have deactivated performance measurement with Mailchimp, so
Mailchimp will not evaluate your behavior when you open our newsletters.
If you do not want your data to be transferred to Mailchimp, you must
unsubscribe from the newsletter. For this purpose, we provide a corresponding
link in every newsletter message.
The data processing is based on your consent (Art. 6 (1) lit. a GDPR).
You can revoke this consent at any time by unsubscribing from the newsletter.
The legality of the data processing operations already carried out remains
unaffected by the revocation.
The data you have provided to us for the purpose of receiving the
newsletter will be stored by us or the newsletter service provider until you
unsubscribe from the newsletter and will be deleted from the newsletter
distribution list after you unsubscribe from the newsletter. Data that has been
stored by us for other purposes remains unaffected by this.
Data transfer to the USA is based on the standard contractual clauses of
the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses
After you have unsubscribed from the newsletter distribution list, your
e-mail address will be stored by us or the newsletter service provider in a
blacklist if necessary to prevent future mailings. The data from the blacklist
will only be used for this purpose and will not be merged with other data. This
serves both your interest and our interest in complying with legal requirements
when sending newsletters (legitimate interest within the meaning of Art. 6 (1)
f GDPR). The storage in the blacklist is not limited in time. You can object to
the storage if your interests outweigh our legitimate interest.
For more details, please refer to the privacy policy of Mailchimp at:
https://mailchimp.com/legal/terms/.
Order processing
We have concluded an order processing agreement with the above-mentioned
provider. This is a contract required by data protection law, which ensures
that the provider only processes the personal data of our website visitors in
accordance with our instructions and in compliance with the GDPR.
(3) Overview of cookies on the profile and/or
registration pages.
Session cookies are used by a server
to store information about activity on our pages so that you, as a user, can
simply continue from the point where you last used the pages. Normally, pages
have no “memory”. Cookies tell the server which pages to show you, so
you don’t have to remember or navigate from the beginning. Cookies are
therefore a kind of bookmark within our pages.
The following session cookie is used
when using the profile pages:
a) Name: JSESSIONID
b) Aim and purpose: The session
cookie identifies you as a visitor between different pages and stores certain
properties and settings for displaying teasers and similar offers.
c) Retention period: The session
cookie is automatically deleted when you leave the profile pages.
D. Special features for
business partners
In the relationship with our business partners, additional processing of
personal data may occur. In this context, business partners are legal entities
or natural persons with whom we maintain or have maintained in the past or
intend to establish in the future a business relationship in order to achieve
and implement our corporate purpose (in particular clients for events and/or
business office management, sponsors, exhibitors, suppliers, service
providers).
(1) Personal data processed
“Marketing and Sales Data”: If you or third parties
commissioned by you are in contact with us within the scope of a formerly or
currently existing business relationship or if a future business relationship
is to be initiated, the transmitted data of the contact persons will be
processed (e.g. surname, first name, title, e-mail address,
institution/company, address).
“Employee data”: If you request information or services, order
or provide services within the scope of a former, current or future business
relationship, the transmitted data of the contact persons will be processed
(e.g. surname, first name, title, e-mail address, institution/company,
address).
(2) Purpose and legal basis of the processing
Marketing and sales data is processed for information and advertising
purposes vis-à-vis existing or former business partners and to attract new
business partners (legal basis is Art. 6 (1) lit. f, in the case of an existing
business relationship also Art. 6 (1) lit. b GDPR).
The processing of employee data takes place in preparation,
implementation and fulfillment of the underlying contractual relationship with
the respective business partner (legal basis is Art. 6 (1) lit. b or lit. f
GDPR).
(3) Retention period of the data
The retention period of the transmitted data is based on the above
principles from B. (4) in conjunction with A. (5). In deviation from this, in
the case of marketing and sales data, we reserve the right to retain the data
you have provided on the basis of our legitimate interests for up to 6 months
from the termination of the last business contact with us (legal basis is Art.
6 (1) lit. f GDPR).