Data privacy statement
I. Contact details of the data controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is the
Helmholtz-Zentrum für Umweltforschung GmbH – UFZ
Permoserstraße 15
04318 Leipzig
Germany
Phone: +49 341 6025 1269
Email:
Website: www.ufz.de
II. Contact details of the Data Protection Officer
The Data Protection Officer
Permoserstraße 15
04318 Leipzig
Germany
Phone: +49 341 6025 1227
Email:
Website: www.ufz.de
III. General information on data processing
1. Scope of processing of personal data
We only process the personal data of our users insofar as this is necessary to provide a functional website and to provide our content and services. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal dataLegal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
Article 6(1)(b) GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR will serve as the legal basis.
If the processing is necessary to safeguard a legitimate interest of the UFZ or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR will serve as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject will be deleted as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of the data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer in a local log file.
The following data is collected if it is transmitted by the user's system:
- the website from which users access our website,
- the content of the request (specific subsite),
- the date and time of the query,
- the amount of data transferred,
- the access status (file transferred, file not found),
- the description of the type of web browser used and the version used,
- the user's Internet service provider,
- the pseudonymised IP address of the requesting computer.
Before storage, each data record is anonymised by changing the IP address. The data is not stored together with other personal data of the user.
2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
3. Purpose of the data processing
Temporary storage of the IP address is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is collected to provide the website, it is deleted when the respective session has ended. If the data is stored in log files, it is stored for a maximum of 31 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
V. Use of Cookies
1. Description and scope of data processing
We use technically necessary and temporary cookies on our website. We do not use persistent cookies or Flash cookies.
Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When users access a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
The following data is stored and transmitted in the cookies:
- Language settings
- Log-in information
- Earlier visit to prevent new pop-up adverts
- Session information for web services.
Cookies are stored on the user's computer and transmitted from there to our website. Users therefore also have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing the settings in their Internet browser. If cookies are deactivated for our website, it may no longer be possible to use all functions of our website to their full extent.
2. Legal basis for data processing
The legal basis for the data processing is Article 6(1)(f) GDPR and § 25 para. 2 no. 2 Telecommunications-Telemedia Data Protection Act (TTDSG).
3. Purpose of data processing
The purpose of using technically necessary cookies is to enable basic functions of this website and to simplify the use of our website for users.
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Article 6(1)(f) GDPR.
The user data collected by technically necessary cookies are not used to create user profiles.
4. Duration of storage
The cookies are deleted after the browser is closed.
VI. Registration for events
1. Description and scope of data processing
On our website we offer you the opportunity to register for RESPIN events. The data is entered into an input mask and saved.
The following data is collected during registration:
- Title, salutation, name
- Address, if applicable
- Email address
- Institution/Company.
The following data is also stored at the time of registration:
- IP address
- Date and time of registration.
The consent of the applicant is obtained for the processing of the data as part of the completion process.
We use either the 3rd party component Event Booking at our website for registration.
That means that event booking is runnin at the UFZ server and your data will be stored also at a UFZ server.
The data collected will be used exclusively for registration for the event and the organisation of the event.
2. Legal basis for data processing
The legal basis for the data processing in connection with registration for events is Article 6(1)(a) GDPR (consent) and, in the case of fee-based events, Article 6(1)(b) GDPR (for the fulfilment of a contract).
3. Purpose of data processing
The purpose of collecting the data is to ensure participation in the event. In the case of fee-based events, the data is also processed for billing purposes.
4. Duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected, i.e. after the event has been held.
If the event is a fee-based event and an invoice is issued for the participation fee, statutory retention periods must be observed. The data must then be stored for a period of 10 years in accordance with § 14b (1) Value Added Tax Act (UStG) and will be deleted or destroyed after this period has expired. Only the data contained on the invoice is stored. The data not required for issuing the invoice will be deleted.
5. Possibility of objection and removal
The collection of data for registration for an event is mandatory for participation in the event. Consequently, there is no possibility for event participants to object.
If the data subjects decide not to participate after registering for the event, the consent given to the processing of their data can be withdrawn at any time at the same time as the cancellation of participation in the event – in the case of fee-based events, however, only before the obligation to pay the fee arises. The cancellation must be sent to the email address provided in the registration confirmation or to
After receipt of the withdrawal of consent, the collected data will be deleted.
VI. Photo and video recordings during events
1. Description and scope of data processing
During selected events, photos and/or video recordings are made and processed to document these events. We will inform you when we announce an event and on site if we wish to make these recordings.
It cannot be excluded that persons may be directly or indirectly identifiable in these recordings.
2. Legal basis for data processing
Insofar as we obtain the consent of the data subjects for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of RESPIN and if the interests, fundamental rights and freedoms of the data subjects do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.
3. Purpose of data processing
Photos and video recordings are made as part of the RESPIN's press and public relations work and are used to document certain aspects of the event and to report on the event, also for interested third parties.
4. Duration of storage
If the production and processing of photos and video recordings is based on a consent, the photos and video recordings will be stored until the consent is withdrawn by the data subject. If consent is withdrawn, photos and video recordings in which the person withdrawing consent is recognisable and which essentially only show the withdrawing person will be deleted immediately. If the withdrawing person is depicted on the photo/video together with other persons, the withdrawing person will be immediately made unrecognisable on the photo/video (e.g. by pixelation).
Insofar as Article 6(1)(f) GDPR is relevant, the photo and video recordings will be deleted as soon as the purpose of storage no longer applies.
5. Possibility of opposition and removal
At the beginning or during the event, the persons concerned may inform the person taking the photos or video recordings that they do not consent to being depicted or that they wish to exercise their right to object.
Any consent given can be withdrawn at any time with effect for the future. The withdrawal of consent should be addressed to
VII. Rights of data subjects
The data subjects whose personal data are processed in the context of the above-mentioned services have the following rights, unless statutory exceptions apply in individual cases:
1. Right to information, Article 15 GDPR
The right to information gives the data subjects comprehensive access to the data concerning them and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right set out in § 34 BDSG apply.
2. Right to rectification, Article 16 GDPR
The right to rectification includes the possibility for the data subjects to have incorrect personal data concerning them corrected.
3. Right to erasure, Article 17 GDPR
The right to erasure includes the possibility for the data subjects to have personal data erased by the controller. However, this is only possible if this data is no longer necessary, is being processed unlawfully or consent has been withdrawn. The exceptions to this right set out in § 35 BDSG apply.
4. Right to restriction of processing, Article 18 GDPR
The right to restriction of processing includes the possibility for the data subjects to temporarily prevent further processing of their personal data. A restriction occurs in particular when other rights of the data subjects are being examined.
5. Right to notification, Article 19 GDPR
If the data subjects have asserted the right to rectification, erasure or restriction of processing, we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The data subjects have the right to be informed about these recipients.
6. Right to data portability, Article 20 GDPR
The right to data portability includes the possibility for the data subjects to receive the personal data concerning them from the controller in a commonly used, machine-readable format so that they can be forwarded to another controller if necessary. According to Article 20(3) sentence 2 GDPR, however, this right is not available if the data processing serves the fulfilment of public tasks.
7. Right to object, Article 21 GDPR
The data subjects have the right to object to the future processing of personal data concerning them, provided that this data is processed in accordance with Art. 6(1)(e) or (f) GDPR.
8. Right to withdraw the declaration of consent under data protection law, Article 7(3) GDPR
The data subjects have the right to withdraw their declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority, Article 77 GD
PR
Without prejudice to any other administrative or judicial remedy, the data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating them infringes the GDPR. The supervisory authority responsible for the UFZ is
The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153, 53117 Bonn, Germany
Phone: +49 (0)228-997799-0
Email: