In the following provisions, we would like to inform you about the type, scope and purposes of the collection and use of your personal data when using the various functions on this website. Personal data are individual details about your personal or factual circumstances. This includes, in particular, your name, your e-mail address and your address. Depending on whether you visit our websites only to access information or to make use of any services we offer, the extent and type of collection and use of your personal data may differ.
The use/processing of your personal data by FAP can essentially be divided into two categories:
- for the performance of a contract to which FAP is party or in order to take steps at your request prior to entering into a contract; If external service providers are involved in the performance of the contract (e.g. payment providers etc.) your personal data will be transferred to the necessary extend.
- every time you access the contents of our website, your browser automatically transfers connection data to our web server. This may include personal data.t
In accordance with the GDPR, you have different rights and options, which you can assert toward FAP. This includes in particular the option to object specific means of processing and to revoke given consents. The option to object the processing of personal data is typographically emphasized.
2. Name and Contact of Controller and Data Processor
If you have any questions regarding privacy at FAP, please contact us via email: firstname.lastname@example.org
The aforementioned website is operated by mediapool Veranstaltungsgesellschaft mbH, Tempelhofer Ufer 17a, 10963 Berlin (mediapool). The processing of your personal data is carried out on behalf of FAP. In this regard mediapool acts as a data processor for FAP.
3. Purpose and legal basis of data processing legitimate interests of FAP and categories of recipients
3.1. Data processing for informational use of our website
Every time you access the contents of our website, your browser automatically transfers connection data to our web server and stored there as a so called Log-File. We have no technical influence over this. The following information may be processed and stored until they are deleted automatically:
- the IP address of the respective users,
- date and time of retrieval,
- the visited page/name of the accessed file,
- if the retrieval took place via external link, the referring page,
- browser type, browser version, operating system and its interface,
- the amount of data transferred,
- a message if the access/retrieval was successful,
- host name of the accessing computer.
The legal basis for processing your IP-Address is Art. 6 Para 1 lit. f GDPR. We draw our legitimate interest from the purposes listed in the following. We would like to point out that the data is not used to draw any conclusions about the user’s identity nor are they merged with data from other data sources.
The IP-address of your devise and other data listed above is used for the following purposes:
- deliver the content of our website correctly,
- optimize the content of our website as well as its advertisement,
- ensure the long-term viability of our information technology systems and website technology, and
- provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
3.2. Processing of personal data for the performance of a contract
3.2.1. Processing of personal data when entering into a contract
FAP regularly organizes events, such as conferences and workshops in the health and medical sector. In that regard FAP processes al personal data necessary for entering into an agreement, the performance and the termination of contracts. This may include:
- First name, surname
- Sex (if necessary)
- Billing address
- Email address
- Billing and payment information
- Date of birth (if necessary)
- Phone number (if necessary)
- Fax number (if necessary)
- clinic / Institute / medical practice
- profession / student status
The aforementioned processing is based on Article 6 Para.1 lit. b GDPR. We store your personal data until the expiration of statutory or possible contractual retention and/or warranty periods. Upon expiration of such periods, we only store the information prescribed for by statutory tax- or other legislation and only for the statutory retention periods (usually 10 years upon contract closure). The data is only processed for the purpose of a providing information to authorities in case of a company audit.
3.2.2. Identity, Transfer of data in case of default
If necessary we will verify your identity using services of external providers. Art. 6 Para 1 lit. b and lit f GDPR serve as a legal basis for the processing. The purpose is to safeguard your identity and prevent fraud incidents.
If you are in default with your payment, we may transfer your personal information to service providers, which will pursue our legitimate claims on our behalf. Art. 6 Para 1 lit. b and lit f GDPR serve as a legal basis. The pursuit of contractual claims is a legitimate interest within the meaning of the latter provision.
3.2.3. Transfer of personal data to third parties
In some cases, we use external service providers to process personal data. These are carefully selected by us and are bound by our instructions.
Categories of data recipients may be as follows:
- service providers for e.g. IT services, customer service, banking services, communication services,
- services in the field of festival organisation, print shops, advertising agencies and photographers.
If we disclose your personal data to a third party from the above list, we ensure by means of contractual regulations that the third party
- does not use your personal data for purposes other than those specified by us, and in accordance with the purposes set out in this data protection declaration, and
- has implemented appropriate security measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Art. 6 Para. 1 lit. b or f GDPR serve as a legal basis for the transfer.
3.2.4. Contact possibility via the website
This website contains information that enables a quick electronic contact to our association, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
3.3. Data processing for marketing purposes
3.3.1. Advertisement by FAP
If you have entered into an agreement with FAP we list you as a customer/client. In this case we process your postal contact data outside of an explicit consent, to provide you with information about other services and/or events via regular mail. We process your email address outside of an explicit consent to provide you with information regarding similar products and/or services.
3.3.2. Right to object
You may object to the processing if we use Art. 6 Para. 1 lit. f GDPR as the basis for processing your personal data, with future effect. Please send us an email or a letter via mail to the address specified under cipher 1.
Please note that in case of an objection it is possible that you may receive marketing material even after your objection. This is due to technical reasons and does not mean that we do not respect or uphold your objection. We apologise for any inconvenience this may cause and thank you for your understanding.
3.4. Online-presence and Website-Optimization
3.4.1. Use of other cookies
Our website uses various software solutions to optimise its online offering. This enables analysis of the website’s use and collection of valuable information on the users’ needs to constantly increase the website and its quality on this basis. Aggregated and anonymous statistical data are collected to be able to conduct these analyses. These data are connection and transaction data with no personal reference; they are connected with the browser used, the number of pages called up and visited, navigation behaviour and the duration of the relevant visitor on a website. As part of the collection and processing process, if necessary, the abbreviated IP address of the visitor may be displayed.
The data is used in particular for the following purposes:
- to count visitors,
- to measure the website’s particularly attractive areas for the respective visitor,
- to evaluate the origin of the visitors to optimise the offer.
As this processing is necessary to protect our legitimate interests, Art. 6 Para. 1 lit. f) GDPR constitutes the legal basis for the processing of personal data using cookies. To keep statistics on visitor access, we have a legitimate interest in improving the website’s user-friendliness and functionality.
3.4.2. Possibility for objection and elimination
You can also object at any time to the setting of persistent cookies by making the relevant settings in the browser or only permitting them to be saved after explicit confirmation. (cp. 3.4.1).
We currently use plug-ins from Google on the basis of Art. 6 Para. 1 lit. f GDPR.
126.96.36.199 Operation of Google
This website uses the map service Google Maps, which allows the display of interactive maps and the use of the map feature directly on our website. The Google Maps service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. The Google Maps service uses persistent cookies. When visiting the page on our website that uses Google Maps, Google will receive a notification that you have accessed the page. In addition, the following information will be transmitted to Google:
- IP address of the device you are using
- Name of the accessed file (specific page)
- Date and time of access
- Volume of data transferred
- Access status (successful/unsuccessful)
- Browser type and version as well as which operating system you use
- URL of the previously visited page (so-called “referrer URL”).
This takes place regardless of whether you are logged in to a Google user account. If you are logged in to Google, your data will be assigned to your user account. If you do not want the data to be assigned to your account, you will need to log out before accessing the map feature. Google stores your data as a user profile and utilises it for advertising, market research and/or to provide personalised services on their website. More specifically, such analysis is carried out (even for users who are not logged in) to provide targeted advertising and to provide other social network users with information about your activities on this website. You have the right to object to the creation of these user profiles. This right can be exercised directly with Google.
4. Data transfer to a third country
With the exception of the processing described under 3.4., we do not transfer your personal data outside the European Union or the European Free Trade Area.
If there is no level of data protection in this country which is comparable to that of the European Union and, accordingly, there is no so-called adequacy decision of the European Commission with regard to this country, we will protect your interests in data protection by concluding so-called EU Standard Data Protection Clauses issued by the European Commission and agreed with the recipient or in other appropriate ways. You can request a copy of the EU Standard Data Protection Clauses and any other guarantees from us at the contact details provided in Cipher 2. Please send us a letter including a prepaid envelope for this purpose.
5. Your Rights
If the legal requirements according to Arts. 15 – 22 GDPR are met, you have the following rights:
- Right of access by the data subject acc. Art. 15 GDPR,
- Right to rectification of incorrect and/or incomplete data acc. Art. 16 GDPR,
- Right to erasure acc. Art. 17 GDPR,
- Right to restriction of processing acc. Art. 18 GDPR,
- Right to data portability acc. Art. 20 GDPR.
5.2. Right to object
If the legal requirements of Art. 21 GDPR are met, the data subject may object to processing of personal data concerning him or her on grounds relating to his or her particular situation, at any time.
6. Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. Usually this period is 3 years (e.g. in case of statutory limitation of contractual claims) or 10 years (e.g. statutory retention period for tax purposes). After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract and if we do not have another legitimate interest in the retention of your personal data.
7. Right of amendment
We reserve the right to amend, modify and adapt the contents of this data protection declaration at any time. The updated Data Protection Declaration is valid from the time at which it is published on our website.