We, Patientenverband Familiäre Amyloid Polyneuropathie e.V. (hereinafter “FAP” or “we”), as operator of this website within the meaning of EU Regulation No. 2016/679, the General Data Protection Regulation (GDPR) and service provider within the meaning of the German Telemedia Act (Telemediengesetz, TMG) are the controller. In the following, we would like to inform you – according to Article 13 GDPR – on the collection of personal data when using this website. Please read the following Privacy Policy carefully. If you have any questions or queries regarding this Privacy Policy, please do not hesitate to contact us under the email address specified in cipher 2.

1. General

In the following provisions, we would like to inform you about the type, scope and purposes of the collection and use of your personal data when using the various functions on this website. Personal data are individual details about your personal or factual circumstances. This includes, in particular, your name, your e-mail address and your address. Depending on whether you visit our websites only to access information or to make use of any services we offer, the extent and type of collection and use of your personal data may differ.

The use/processing of your personal data by FAP can essentially be divided into two categories:

  • for the performance of a contract to which FAP is party or in order to take steps at your request prior to entering into a contract; If external service providers are involved in the performance of the contract (e.g. payment providers etc.) your personal data will be transferred to the necessary extend.
  • every time you access the contents of our website, your browser automatically transfers connection data to our web server. This may include personal data.t


In accordance with the GDPR, you have different rights and options, which you can assert toward FAP. This includes in particular the option to object specific means of processing and to revoke given consents. The option to object the processing of personal data is typographically emphasized.

2. Name and Contact of Controller and Data Processor

This Privacy Policy applies to the processing of personal data by Patientenverband Familiäre Amyloid Polyneuropathie e.V., Albert-Schweitzer-Campus 1, Building A1, Room 248.05, 48149 Münster (Controller) and the following website: https://attrmeeting.org

If you have any questions regarding privacy at FAP, please contact us via email: info@attrmeeting.org

The aforementioned website is operated by mediapool Veranstaltungsgesellschaft mbH, Tempelhofer Ufer 17a, 10963 Berlin (mediapool). The processing of your personal data is carried out on behalf of FAP. In this regard mediapool acts as a data processor for FAP. 

3. Purpose and legal basis of data processing legitimate interests of FAP and categories of recipients

3.1. Data processing for informational use of our website

Every time you access the contents of our website, your browser automatically transfers connection data to our web server and stored there as a so called Log-File.  We have no technical influence over this. The following information may be processed and stored until they are deleted automatically:

  • the IP address of the respective users,
  • date and time of retrieval,
  • the visited page/name of the accessed file,
  • if the retrieval took place via external link, the referring page,
  • browser type, browser version, operating system and its interface,
  • the amount of data transferred,
  • a message if the access/retrieval was successful,
  • host name of the accessing computer.

The legal basis for processing your IP-Address is Art. 6 Para 1 lit. f GDPR. We draw our legitimate interest from the purposes listed in the following. We would like to point out that the data is not used to draw any conclusions about the user’s identity nor are they merged with data from other data sources.

The IP-address of your devise and other data listed above is used for the following purposes:

  • deliver the content of our website correctly,
  • optimize the content of our website as well as its advertisement,
  • ensure the long-term viability of our information technology systems and website technology, and
  • provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

We store this connection data in our server log files for a period of 14 days from the time you visit our website. Your data are then erased. Furthermore this website uses cookies and other plugins. The technologies used and the extent of data processing is described in greater detail under cipher 3.4.

3.2. Processing of personal data for the performance of a contract

3.2.1. Processing of personal data when entering into a contract

FAP regularly organizes events, such as conferences and workshops in the health and medical sector.  In that regard FAP processes al personal data necessary for entering into an agreement, the performance and the termination of contracts. This may include:

  • First name, surname
  • Sex (if necessary)
  • Billing address
  • Email address
  • Billing and payment information
  • Date of birth (if necessary)
  • Phone number (if necessary)
  • Fax number (if necessary)
  • clinic / Institute / medical practice
  • profession / student status

The aforementioned processing is based on Article 6 Para.1 lit. b GDPR. We store your personal data until the expiration of statutory or possible contractual retention and/or warranty periods. Upon expiration of such periods, we only store the information prescribed for by statutory tax- or other legislation and only for the statutory retention periods (usually 10 years upon contract closure). The data is only processed for the purpose of a providing information to authorities in case of a company audit.

3.2.2. Identity, Transfer of data in case of default

If necessary we will verify your identity using services of external providers. Art. 6 Para 1 lit. b and lit f GDPR serve as a legal basis for the processing.  The purpose is to safeguard your identity and prevent fraud incidents.

If you are in default with your payment, we may transfer your personal information to service providers, which will pursue our legitimate claims on our behalf. Art. 6 Para 1 lit. b and lit f GDPR serve as a legal basis. The pursuit of contractual claims is a legitimate interest within the meaning of the latter provision.

3.2.3. Transfer of personal data to third parties

In some cases, we use external service providers to process personal data. These are carefully selected by us and are bound by our instructions.

Categories of data recipients may be as follows:

  • service providers for e.g. IT services, customer service, banking services, communication services,
  • services in the field of festival organisation, print shops, advertising agencies and photographers.

If we disclose your personal data to a third party from the above list, we ensure by means of contractual regulations that the third party

  • does not use your personal data for purposes other than those specified by us, and in accordance with the purposes set out in this data protection declaration, and
  • has implemented appropriate security measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Art. 6 Para. 1 lit. b or f GDPR serve as a legal basis for the transfer.

3.2.4. Contact possibility via the website

This website contains information that enables a quick electronic contact to our association, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

3.3. Data processing for marketing purposes

3.3.1. Advertisement by FAP

If you have entered into an agreement with FAP we list you as a customer/client. In this case we process your postal contact data outside of an explicit consent, to provide you with information about other services and/or events via regular mail. We process your email address outside of an explicit consent to provide you with information regarding similar products and/or services.

3.3.2. Right to object

You may object to the processing if we use Art. 6 Para. 1 lit. f GDPR as the basis for processing your personal data, with future effect. Please send us an email or a letter via mail to the address specified under cipher 1.

Please note that in case of an objection it is possible that you may receive marketing material even after your objection. This is due to technical reasons and does not mean that we do not respect or uphold your objection. We apologise for any inconvenience this may cause and thank you for your understanding.

3.4. Online-presence and Website-Optimization

3.4.1. Use of other cookies

We use cookies to make your visit to our website attractive and to enable the use of certain functions. Cookies are small text files that are stored on your computer and enable us to recognise your Internet browser.

As cookies allow us to see which pages visitors access and how much time they spend there, they help us know which sections of this website are the most popular. In this way, we are better able to tailor our website to your needs and provide you with a more personalised user experience. You can configure your browser to accept all cookies, reject all cookies or notify you when a cookie is sent. Please note, however, that our website is designed for the use of cookies and their deactivation may affect your use of our website and prevent you from enjoying all of its advantages.

Our website uses various software solutions to optimise its online offering. This enables analysis of the website’s use and collection of valuable information on the users’ needs to constantly increase the website and its quality on this basis. Aggregated and anonymous statistical data are collected to be able to conduct these analyses. These data are connection and transaction data with no personal reference; they are connected with the browser used, the number of pages called up and visited, navigation behaviour and the duration of the relevant visitor on a website. As part of the collection and processing process, if necessary, the abbreviated IP address of the visitor may be displayed.

The data is used in particular for the following purposes:

  • to count visitors,
  • to measure the website’s particularly attractive areas for the respective visitor,
  • to evaluate the origin of the visitors to optimise the offer.

As this processing is necessary to protect our legitimate interests, Art. 6 Para. 1 lit. f) GDPR constitutes the legal basis for the processing of personal data using cookies. To keep statistics on visitor access, we have a legitimate interest in improving the website’s user-friendliness and functionality.

3.4.2. Possibility for objection and elimination

You can also object at any time to the setting of persistent cookies by making the relevant settings in the browser or only permitting them to be saved after explicit confirmation. (cp. 3.4.1).

3.4.3 Plug-ins

We currently use plug-ins from Google on the basis of Art. 6 Para. 1 lit. f GDPR.  

3.4.3.1 Operation of Google

This website uses the map service Google Maps, which allows the display of interactive maps and the use of the map feature directly on our website. The Google Maps service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. The Google Maps service uses persistent cookies. When visiting the page on our website that uses Google Maps, Google will receive a notification that you have accessed the page. In addition, the following information will be transmitted to Google:

  • IP address of the device you are using
  • Name of the accessed file (specific page)
  • Date and time of access
  • Volume of data transferred
  • Access status (successful/unsuccessful)
  • Browser type and version as well as which operating system you use
  • URL of the previously visited page (so-called “referrer URL”).

This takes place regardless of whether you are logged in to a Google user account. If you are logged in to Google, your data will be assigned to your user account. If you do not want the data to be assigned to your account, you will need to log out before accessing the map feature. Google stores your data as a user profile and utilises it for advertising, market research and/or to provide personalised services on their website. More specifically, such analysis is carried out (even for users who are not logged in) to provide targeted advertising and to provide other social network users with information about your activities on this website. You have the right to object to the creation of these user profiles. This right can be exercised directly with Google.

For more information regarding the purpose and extent to which Google collects, processes and uses data as well as your rights in this regard and the settings available to protect your privacy, please see Google’s privacy policy. Google also processes your information in the USA and does so within the framework of theEU-US Privacy Shield.

4. Data transfer to a third country

With the exception of the processing described under 3.4., we do not transfer your personal data outside the European Union or the European Free Trade Area.

If there is no level of data protection in this country which is comparable to that of the European Union and, accordingly, there is no so-called adequacy decision of the European Commission with regard to this country, we will protect your interests in data protection by concluding so-called EU Standard Data Protection Clauses issued by the European Commission and agreed with the recipient or in other appropriate ways. You can request a copy of the EU Standard Data Protection Clauses and any other guarantees from us at the contact details provided in Cipher 2. Please send us a letter including a prepaid envelope for this purpose.

5. Your Rights

If the legal requirements according to Arts. 15 – 22 GDPR are met, you have the following rights:

5.1. General

  • Right of access by the data subject acc. Art. 15 GDPR,
  • Right to rectification of incorrect and/or incomplete data acc. Art. 16 GDPR,
  • Right to erasure acc. Art. 17 GDPR, 

  • Right to restriction of processing acc. Art. 18 GDPR,

  • Right to data portability acc. Art. 20 GDPR.

5.2. Right to object

If the legal requirements of Art. 21 GDPR are met, the data subject may object to processing of personal data concerning him or her on grounds relating to his or her particular situation, at any time.

This general right to object relates to all purposes of processing described in this Privacy Policy, which is carried out on the basis of Article 6 Para 1 lit. f GDPR. If you wish make such an objection, we ask you to provide us with a reason why we should not process your personal data. We will weigh your reasons against our interest in continuing data processing and subsequently either stop, or adapt the data processing, or point out to you our compelling reasons worthy of protection on the basis of which we shall continue the processing. Please note that we also process your data if this is necessary for asserting, exercising or defending any legal claims.If you are of the opinion that the processing of the personal data relating to you is in breach of the GDPR, you have the right to lodge a complaint to a supervisory authority. The address of the supervisory authority responsible for us is: Die Landesbeauftragte für den Datenschutz Niedersachsen.

6. Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. Usually this period is 3 years (e.g. in case of statutory limitation of contractual claims) or 10 years (e.g. statutory retention period for tax purposes). After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract and if we do not have another legitimate interest in the retention of your personal data.

7. Right of amendment

We reserve the right to amend, modify and adapt the contents of this data protection declaration at any time. The updated Data Protection Declaration is valid from the time at which it is published on our website.