INTRODUCTION AND TERMS
1. INTRODUCTION
By operating our website www.structuralheartdiseasecoalition.eu (hereinafter referred to as “website”), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws – in particular the German Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-neu). With our data protection regulations, we want to inform you which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data protection.
2. DEFINITIONS
Our data protection provisions contain technical terms that are in the GDPR and the BDSG-neu. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
“Personal data” means any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus finding out who it is. A person can be identified, for example, by providing his or her address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
2.2 Processing
Article 4 No. 2 GDPR understands “processing” to mean any operation in connection with personal data. This applies in particular to the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transfer, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction of personal data.
RESPONSIBLE COMPANY
3. RESPONSIBLE PARTY
The person responsible for data processing is:
Company: Legal representative: Address: Telephone: Fax: E-mail: |
RPP Group SPRL Lutz Dommel (CEO) Rue Guimard 10, 1040 Brussels +32 2 743 28 90 +32 2 808 23 43 |
PROCESSING FRAMEWORK
4. PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website with the URL www.structuralheartdiseasecoalition.eu we process the personal data of you listed in detail below under point 6-59. We only process data from you that you actively provide on our website (e.g. by filling in forms) or that you provide automatically when using our offer.
Your data will only be processed by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. For the operation of our website, we use external service providers for hosting, as well as for maintenance, care and further development. If further external service providers are used for individual processing operations listed in sections 6-59, they will be named there.
Data transfer to third countries does not take place and is not planned. We will provide information on exceptions to this principle in the processing operations described below.
THE PROCESSING IN DETAIL
5. PROVISION OF THE WEBSITE AND SERVER LOG FILES
5.1 Description of the processing
Each time you access the website, we automatically collect information that your browser transmits to our server (so-called log files). This involves the following data:
- Your IP address
- the browser software you use, as well as its version and language
- the operating system you use
- the website from which you came to our website (so-called referrer)
- the sub-pages you have accessed on our website
- the date and time of your visit to our website
- your internet service provider
- The amount of data transferred
- Country and place from which you visited our website
- Your length of stay on our website
These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the end device of a user. For this purpose, the user’s IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.
5.2 Purpose
The processing is carried out to enable the website to be called up and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
5.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 5.2.
5.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 7 days.
6. COOKIES
6.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user’s terminal device when visiting a website. Cookies contain information that enables the recognition of a terminal device and possibly certain functions of a website. We distinguish between our own cookies and external cookies, such as those from Google Analytics. So-called “session cookies” and “persistent cookies” are used on our site. “Session cookies” are automatically deleted when you end your internet session and close the browser. Persistent cookies remain stored on your end device for a longer period of time. If cookies are technically necessary for the operation of our site, your consent is not required for this. All other cookies that are not technically necessary are only set after you have actively consented to the use of cookies via our cookie banner or consent tool. We use the “…” service to obtain and document consent. The Consent Tool itself saves your selection in a cookie on your end device. This means that you do not need to make a decision about cookies again on a subsequent visit to our website.
You can find out which cookies are used on our website for which purpose, how long they are stored on your end device and which consents you may have already declared in the settings of the Consent Tool.
6.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 6.1.
6.3 Legal basis
The processing is necessary with regard to technically required cookies, as well as the use of the Consent Tool to protect the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR). Our legitimate interest lies in the purpose named in section 11.2. With regard to the processing of all other cookies – i.e. cookies that are not technically necessary – the legal basis is consent (Art. 6 (1) a GDPR). Such consent is voluntary.
6.4 Storage period, revocation of consent
Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your terminal device, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted. This can also be done automatically. If cookies for our website are deactivated, deleted or restricted, it may be that individual functions of our website cannot be used or can only be used to a limited extent. You can revoke any consent you may have given for the use of cookies at any time in the settings of the Consent Tool with effect for the future.
6.5 Recipients and transmission to third countries
When using third-party cookies, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transfer of data to third countries in the settings of the Consent Tool or in the corresponding passage on the third-party service in these data protection provisions.
7. ADOBE TYPEKIT
7.1 Description of processing
Our website uses “Adobe Typekit”, a font substitution service provided by Adobe Systems Software Ireland Ltd, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (hereinafter referred to as “Adobe”). Adobe Typekit replaces the standard fonts of your terminal device with fonts from the Adobe catalogue when displaying our website. If your browser disables the integration of Adobe Typekit, the text of our website will be displayed in the standard fonts of your end device. The Adobe Typekit fonts are loaded directly from an Adobe server. In order for this to happen, your browser sends a request to an Adobe server. As a result, your IP address may also be transmitted to Adobe in conjunction with the address of our website. However, Adobe Typekit does not store any cookies on your terminal device. Further information on data protection at Adobe Typekit can be found at www.adobe.com/privacy/typekit.html. For general information about Adobe’s privacy practices, please see the company’s privacy policy at https://www.adobe.com/de/privacy/policy.html.
7.2 Purpose
The processing is done in order to display the text of our website in a more readable and aesthetically pleasing way.
7.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose named in section 7.2.
7.4 Recipients and transfer to third countries
Through the use of Adobe Typekit, personal data may be transmitted to Adobe. Adobe also processes your personal data in the USA, where applicable through the group company Adobe Systems Incorporated, San Francisco, 345 Park Avenue, San Jose, California 95110, USA.
8. GOOGLE ANALYTICS
8.1 Description of the processing
Our website uses “Google Analytics”, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Analytics uses cookies (see section 11), which enable an analysis of your use of our offer. We use Google Analytics in the “Universal Analytics” version offered, which allows this analysis across devices by assigning the data to a pseudonymous user ID. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we use Google Analytics exclusively with IP anonymisation. This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The statistics generated by Google Analytics record, in particular, how many users visit our website, from which country or location the access takes place, which sub-pages are called up and via which links or search terms visitors reach our website. You can find the Google Analytics user conditions at https://marketingplatform.google.com/about/analytics/terms/de/. An overview of data protection at Google Analytics is available at http://www.google.com/intl/de/analytics/learn/privacy.html. Google’s privacy policy can be viewed at https://policies.google.com/privacy?hl=de-DE.
8.2 Purpose
The processing takes place in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.
8.3 Legal basis
The processing is carried out on the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR. This is obtained by us via a consent tool. Such consent is voluntary.
8.4 Storage period and right of objection, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 6. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can click on the link to the Google Analytics website. Alternatively, you have the option of clicking on the following link. This will set an opt-out cookie on your terminal device, which will prevent the collection of your data during future visits to this website: Google Analytics deactivate (LINK). The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months. You can revoke the consent you have given with regard to Google Analytics at any time in the settings of the consent tool with effect for the future.
8.5 Recipients and transmission to third countries
According to the German data protection supervisory authorities (Data Protection Conference), Google Analytics is jointly responsible for data processing on our behalf. Against this background, we have also concluded the “Google Measurement Controller-Controller Data Protection Terms” with Google. Google also processes your personal data in the USA.
9. GOOGLE TAG MANAGER
Our website uses the “Google Tag Manager”, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). No personal data is collected via the Google Tag Manager and no cookies are set. This service only enables us to integrate and manage tags on our website. Tags are small code elements on our website that are useful to measure traffic and visitor behaviour based on them with other tools, to measure the impact of online advertising and social channels, to use remarketing and targeting, to test and optimise the website. More information on Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/use-policy.html
YOUR RIGHTS
10. DATA SUBJECT RIGHTS
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
10.1 Information (Art. 15 GDPR).
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the further information listed in Art. 15 GDPR under the conditions specified in Art. 15 GDPR.
10.2 Correction (Art. 16 GDPR)
You have the right to request that we correct any inaccurate personal data relating to you without undue delay and, where applicable, to complete any incomplete personal data.
10.3 Deletion (Art. 17 GDPR)
You have the right to request that we delete personal data relating to you without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.
10.4 Restriction of data processing (Art. 18 GDPR)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
10.5 Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to request that the data relating to you be handed over in a structured, common and machine-readable format.
10.6 Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. The processing does not therefore become unlawful retroactively as a result of the withdrawal of consent.
10.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right before a supervisory authority in the EU Member State of your place of residence, place of work or place of the alleged infringement.
10.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
10.9 Objection (Art. 21 GDPR)
If we process personal data from you on the basis of Art. 6(1)(f) GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case – also irrespective of a specific situation – you have the right to object at any time to the processing of your personal data for direct marketing.
Status: February 2021