INTRODUCTION AND TERMS
By operating our website www.structuralheartdiseasecoalition.eu (hereinafter referred to as “website”), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws – in particular the German Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-neu). With our data protection regulations, we want to inform you which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data protection.
Our data protection provisions contain technical terms that are in the GDPR and the BDSG-neu. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
“Personal data” means any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus finding out who it is. A person can be identified, for example, by providing his or her address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
Article 4 No. 2 GDPR understands “processing” to mean any operation in connection with personal data. This applies in particular to the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transfer, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction of personal data.
3. RESPONSIBLE PARTY
The person responsible for data processing is:
RPP Group SPRL
Lutz Dommel (CEO)
Rue Guimard 10, 1040 Brussels
+32 2 743 28 90
+32 2 808 23 43
4. PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website with the URL www.structuralheartdiseasecoalition.eu we process the personal data of you listed in detail below under point 6-59. We only process data from you that you actively provide on our website (e.g. by filling in forms) or that you provide automatically when using our offer.
Your data will only be processed by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. For the operation of our website, we use external service providers for hosting, as well as for maintenance, care and further development. If further external service providers are used for individual processing operations listed in sections 6-59, they will be named there.
Data transfer to third countries does not take place and is not planned. We will provide information on exceptions to this principle in the processing operations described below.
THE PROCESSING IN DETAIL
5. PROVISION OF THE WEBSITE AND SERVER LOG FILES
5.1 Description of the processing
Each time you access the website, we automatically collect information that your browser transmits to our server (so-called log files). This involves the following data:
- Your IP address
- the browser software you use, as well as its version and language
- the operating system you use
- the website from which you came to our website (so-called referrer)
- the sub-pages you have accessed on our website
- the date and time of your visit to our website
- your internet service provider
- The amount of data transferred
- Country and place from which you visited our website
- Your length of stay on our website
These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the end device of a user. For this purpose, the user’s IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.
The processing is carried out to enable the website to be called up and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
5.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 5.2.
5.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 7 days.
6.1 Description of processing
You can find out which cookies are used on our website for which purpose, how long they are stored on your end device and which consents you may have already declared in the settings of the Consent Tool.
6.3 Legal basis
The processing is necessary with regard to technically required cookies, as well as the use of the Consent Tool to protect the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR). Our legitimate interest lies in the purpose named in section 11.2. With regard to the processing of all other cookies – i.e. cookies that are not technically necessary – the legal basis is consent (Art. 6 (1) a GDPR). Such consent is voluntary.
6.4 Storage period, revocation of consent
6.5 Recipients and transmission to third countries
When using third-party cookies, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transfer of data to third countries in the settings of the Consent Tool or in the corresponding passage on the third-party service in these data protection provisions.
7. ADOBE TYPEKIT
7.1 Description of processing
The processing is done in order to display the text of our website in a more readable and aesthetically pleasing way.
7.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose named in section 7.2.
7.4 Recipients and transfer to third countries
Through the use of Adobe Typekit, personal data may be transmitted to Adobe. Adobe also processes your personal data in the USA, where applicable through the group company Adobe Systems Incorporated, San Francisco, 345 Park Avenue, San Jose, California 95110, USA.
8. GOOGLE ANALYTICS
8.1 Description of the processing
The processing takes place in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.
8.3 Legal basis
The processing is carried out on the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR. This is obtained by us via a consent tool. Such consent is voluntary.
8.4 Storage period and right of objection, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 6. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can click on the link to the Google Analytics website. Alternatively, you have the option of clicking on the following link. This will set an opt-out cookie on your terminal device, which will prevent the collection of your data during future visits to this website: Google Analytics deactivate (LINK). The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months. You can revoke the consent you have given with regard to Google Analytics at any time in the settings of the consent tool with effect for the future.
8.5 Recipients and transmission to third countries
According to the German data protection supervisory authorities (Data Protection Conference), Google Analytics is jointly responsible for data processing on our behalf. Against this background, we have also concluded the “Google Measurement Controller-Controller Data Protection Terms” with Google. Google also processes your personal data in the USA.
9. GOOGLE TAG MANAGER
Our website uses the “Google Tag Manager”, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). No personal data is collected via the Google Tag Manager and no cookies are set. This service only enables us to integrate and manage tags on our website. Tags are small code elements on our website that are useful to measure traffic and visitor behaviour based on them with other tools, to measure the impact of online advertising and social channels, to use remarketing and targeting, to test and optimise the website. More information on Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/use-policy.html
10. DATA SUBJECT RIGHTS
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
10.1 Information (Art. 15 GDPR).
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the further information listed in Art. 15 GDPR under the conditions specified in Art. 15 GDPR.
10.2 Correction (Art. 16 GDPR)
You have the right to request that we correct any inaccurate personal data relating to you without undue delay and, where applicable, to complete any incomplete personal data.
10.3 Deletion (Art. 17 GDPR)
You have the right to request that we delete personal data relating to you without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.
10.4 Restriction of data processing (Art. 18 GDPR)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
10.5 Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to request that the data relating to you be handed over in a structured, common and machine-readable format.
10.6 Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. The processing does not therefore become unlawful retroactively as a result of the withdrawal of consent.
10.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right before a supervisory authority in the EU Member State of your place of residence, place of work or place of the alleged infringement.
10.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
10.9 Objection (Art. 21 GDPR)
If we process personal data from you on the basis of Art. 6(1)(f) GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case – also irrespective of a specific situation – you have the right to object at any time to the processing of your personal data for direct marketing.
Status: February 2021