Data protection

This privacy statements explains how personal data (hereinafter referred to as "data") is collected, used, retained and disclosed within our online offering and associated websites, functions and content as well as external online presences. The terms used here, such as "personal data" and its "processing", are used as defined in Art. 4 of the European General Data Protection Regulation (GDPR)

Changes and updates to the privacy statement

We ask that you read our privacy statement at regular intervals. We will modify the privacy statement as soon as changes to the processing of data carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification. Some prostep ivip Association websites may have their own, possibly different, privacy statements. Please read the privacy statement of each prostep ivip Association website that you visit. The different prostep ivip Association websites may includes links to websites operated by other providers which are not covered by this data privacy policy.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, pursuant to Art. 32 GDPR. These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, security of availability and separation of the data. Furthermore, we have established procedures that guarantee that you can exercise your rights, the deletion of data and an appropriate response to data risks. We also take the protection of personal data into consideration during the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Collecting, processing, using and deleting your personal data

The prostep ivip Association collects, exports and uses personal information to provide you with better service and to better consider your needs and interests. This is done on the basis of this privacy statement and your consent. When you visit our website, we collect your IP address and use cookies and other Internet technologies to collect general information about you and what is of interest to you. We also collect and process the information and data that you provide to us voluntarily, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums. We use server log files to collect data every time the server on which this service is located is accessed. We do this based on our legitimate interests pursuant to Art. 6 para. 1(f) GDPR. Access data includes the name of the accessed website, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data that needs to be stored for a longer period of time for evidentiary purposes will not be deleted until final clarification of the respective incident. The data we process will be deleted or its processing restricted pursuant to Articles 17 and 18 GDPR. Unless expressly stated in this privacy statement, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and its deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is needed for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and will not be processed for any other purposes. This applies, for example, to data that must be retained for business or tax reasons. In accordance with statutory requirements, the data will be kept, in particular, for 6 years pursuant to § 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

Newsletters

The following information is intended to provide you with information about the content of our newsletters, the subscription process, delivery of newsletters, statistical analysis and your right to object. By subscribing to our newsletter, you agree to receiving the newsletter and to the described procedures. Content of the newsletters: We only send newsletters, e-mails and other electronic notifications containing information about the activities carried out by the association (hereinafter referred to as "newsletters") with the consent of the recipients or legal authorization. If, when subscribing to the newsletter, the content of the newsletter is described specifically, the content is relevant to your consent. Our newsletters contain information about our projects, offerings, promotions, events and our association. Double opt-in and logging: a "double opt-in" procedure is used when you subscribe to our newsletter- This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is needed to ensure that no one can register using someone else's e-mail address. Subscription to the newsletter is logged in order to be able to prove that the subscription process complies with legal requirements. This includes storing the time at which you subscribed to the newsletter and the time at which you confirmed subscription as well as the IP address. Any changes made to your data, which is stored with the delivery service provider, are also logged. Subscription data: To subscribe to the newsletter, all you have to do is enter your e-mail address. We also give you the option of entering a name in the newsletter so that we can personalize it. Performance measurement – our newsletters may include a pixel-size file that is retrieved from the delivery service provider's server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, are collected. This information is used to improve the services on the basis of the technical data or the target groups and their reading behavior using their retrieval locations (which can be determined with the help of the IP address) or the time of access. Statistical surveys also include determining whether the newsletters are opened, when they were opened and which links are clicked. Although, for technical reasons, this information can be associated with the individual newsletter recipients, it is not our intention nor that of the delivery service provider to monitor individual users. The surveys enable us to identify the reading habits of our users and to adapt our contents accordingly or to send different content to different users according to what they are interested in. Delivery of the newsletter and performance measurement are based on the recipients' consent pursuant to Art. 6 para. 1(a), Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 of the Unfair Competition Act (UWG) or on the basis of legal authorization pursuant to § 7 para. 3 of the Unfair Competition Act. Logging of the subscription process is performed on the basis of our legitimate interests pursuant to Art. 6 para. 1(f) GDPR and serves as proof of consent to receive the newsletter. Unsubscribe/Revocation: You can unsubscribe to the newsletter at any time, i.e. revoke your consent. You will find a link that you can use to unsubscribe to the newsletter at the end of each newsletter. If you have only subscribed to the newsletter and subsequently unsubscribe, your personal data will be deleted.

Participation in an event

By registering for an event, you agree to the processing of your personal data for the purpose of organizing the event in question. The following data is collected during the registration process: first name, last name, title and name of the company/institution Your data is processed in accordance with Art. 6 para. 1(f) GDPR based on your consent, which you give by registering for the event. By registering, you agree that the data provided (first name, last name, title, name of the company/institution) may be included in the list of participants for the event and printed on a name tag. The list of participants is available to other participants in the event, as well as to the speakers and event partners, in printed or electronic form. Double opt-in and logging: a "double opt-in" procedure is used when you register for our events online. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is needed to ensure that no one can register using someone else's e-mail address. Registrations are logged in order to be able to prove that the registration process complies with legal requirements. This includes storing the time at which you registered for the event and confirmed your registration as well as the IP address. Any changes made to your data, which is stored with the delivery service provider, are also logged. It may be that photographs are taken and audio or film recordings made during the events and that these are published in various online and offline media. These photographs/recordings are linked to the pictorial representation of persons present. The persons are selected at random. The images are published on the homepage, print and online media. This also applies to events offered in cooperation with third parties. By entering the event venue, participants agree to the unremunerated publication, in the afore-mentioned manner, and the right to distribute and/or store for an unlimited period of time and make available the recorded image, audio and film material in the context of public relations work performed by the prostep ivip Association. Individual rights remain protected.

Contributions and comments

In our blog, the authors present their subjective view of a topic. Readers have the opportunity to comment on the posts. Both the authors and those making comments can use a pseudonym instead of their real name. A valid e-mail address is however required, but it will not be published. Please note that the posts and comments on the blog can be seen by anyone using the Internet and can easily be found using search engines. If you have contributed a post or comment to the prostep ivip Association's blog, you have the right to ask us to delete or correct your post or comment. The prostep ivip Association's blog also offers readers the option of subscribing to posts and comments as an RSS feed. Depending on the RSS reader involved, not only the headline but also the entire post may be stored in the reader. Once a post or comment has been published, we no longer have any influence on the deletion or correction of data in the RSS readers used by subscribers.

Social plugins

The prostep ivip Association sometimes also uses social plugins (referred to in the following as "buttons") for social networks such as LinkedIn, Twitter and Xing. When you visit our website, these buttons do not send any data to the respective social networks unless you click on them. Not until you click on a button will a direct connection to the server operated by the respective social network be established, thus enabling it to collect data and set cookies. You can find out more about cookies under "Cookies and reach measurement" below. If you have logged onto a social network, the social network can associate your visit to this website with your user account on the social network. A social network cannot associate your visit to another prostep ivip Assocation website with your user account with the social network unless you click on the respective button during your visit to the other prostep ivip Assocation website. We have no influence on the amount of data that social networks collect when you click on their buttons. You can find information on what kind of data is collected, processed and used and for what purpose by the social networks in the privacy statement of the respective social network. This will also provide you with information about your rights and the options available for protecting your privacy.

Collaboration with processors and third parties

If we disclose data to other persons or companies (processors or third parties) during our processing operation, transmit the data to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorization (e.g. if transmission of the data to third parties such as payment service providers, is required for the fulfillment of a contract pursuant to Art. 6 Para. 1(b) GDPR ), if you have provided your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data within the framework of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

Provision of contractual services

We process inventory data (e.g., names and addresses as well as users' contact data), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1(b) GDPR. The entries marked as mandatory on online forms are required for the conclusion of the contract. When registering or re-registering and when using our online services, we will store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests and to protect the user against misuse or other unauthorized use. This data is not normally passed on to third parties does unless it is required to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1(c) GDPR. The data will be deleted once statutory warranty or comparable obligations expire. The need to store the data will be reviewed every three years. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)). Details in the customer account will remain until the account is deleted.

Cookies and reach measurement

Cookies are pieces of information that are transferred from our web server or third-party web servers to the web browser of the user and stored for later retrieval. Cookies can be small files or other types of stored information. We use session cookies, which are only stored on our website for the duration of your current visit (e.g. to allow your login status to be stored or to enable the shopping basket function and thus the use of our online offering). A randomly generated unique identification number, i.e. a session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted once you have finished using our online offering and, for example, log out or close your browser. In accordance with this privacy statement, the user is notified of the use of other cookies in the context of pseudonymous reach measurement. If users do not want cookies to be saved on their computers, they will be asked to the disable relevant option in the system settings of their browsers. Stored cookies can be deleted in the system settings of the browser. If cookies are disabled, you may not be able to use the full functionality of this website. You can object to the use of cookies for the purposes of reach measurement and advertising purposes, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and the US website (http://www.aboutads.info/choices) or the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/).

Contact

When contacting us (using the contact form or via e-mail), you details will be processed in the context of your contact request and its execution pursuant to Art. 6 para. 1(b) GDPR. Information about users may be stored in our request set-up. We delete requests once they are no longer needed. We review the need to store the data every two years. Requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)).

Rights of data subjects

You have the right to request confirmation as to whether the relevant data is being processed and to request information about this data as well as further information and a copy of the data pursuant to Art. 15 GDPR. You have the right to request that incomplete personal data be completed and rectification of inaccurate data concerning you pursuant to Art. 16 GDPR. You have the right to demand that relevant data be deleted immediately pursuant to Art. 17 GDPR or, alternatively, to demand a restriction of the processing of the data pursuant to Art. 18 GDPR. You have the right to receive the personal data that you have provided to us pursuant to Art. 20 GDPR and to request its transmission to another controller. You also have the right to file a complaint with the relevant supervisory authority pursuant to Art. 77 GDPR. Data protection officer in Hesse Prof. Dr. Alexander Roßnagel Gustav-Stresemann-Ring 1 65189 Wiesbaden, Germany Right to revoke consent: You have the right to revoke consent at any time in the future pursuant to Art. 7 para. 3 GDPR. Right to object: You have the right to object to the future processing of your personal data at any time pursuant to Art. 21 GDPR. You may object in particular to the processing of your personal data for direct marketing purposes.

Webanalytics with Matomo

This website uses the open-source web analysis service Matomo.

Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

IP anonymization

For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

Responsible in accordance with the GDPR:

prostep ivip Association
Dolivostraße 11
64293 Darmstadt, Germany
Register of Societies, Darmstadt Nr. VR2438
Board: Dr. Henrik Weimer (Chairman), Tomohiko Adachi, Thomas Kamla, Jens Poggenburg, Prof. Dr. Rainer Stark, Philipp Wibbing
Telephone number: +49 6151 9287-336
E-mail address:psev(at)prostep.org