Privacy Statement

Imprint

Responsible for the content of this website under the German Tele Media Law

Federal Agency for Civic Education/ bpb
 (Germany)
Adenauerallee 86
53113 Bonn/ Germany
www.bpb.de /  www.nece.eu

Responsible as
per Section 55 Broadcasting State Agreement (Rundfunkstaatsvertrag – RStV)

Christoph Müller-Hofstede

Editing
Sandra Mayer
Rachel Owoko
Susanne Pöschko
Marie Serwe
Sonja Thielen
nece-network@labconcepts.de

 

 

Data protection policy for nece-conference.eu

A. Contact details and data controller

1. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:

Federal Agency for Civic Education/ bpb (Germany)
Adenauerallee 86
53113 Bonn/ Germany
Tel.: +49 (0)228 99515-0
E-Mail: info@bpb.de
DE-Mail: de-mail-poststelle@bpb-bund.de-mail.de
Website: www.bpb.de

2. Name and address of the data protection officer

The data protection officer of the data controller is:

Elke Diehl Friedrichstraße 50 / Checkpoint Charlie
10117 Berlin
Germany
Tel.: +49 (0)228 99515-0
E-Mail: datenschutz@bpb.de
B. General information on data processing

1. Scope of the processing of personal data

We only collect and use personal data of our users insofar as this is necessary to provide a functional website in addition to our content and services. The collection and use of our users’ personal data is only carried out with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for genuine reasons and where the processing of data is permitted by law.

2. Legal basis for the processing of personal data

Art. 6 para. 1 (a) of the General Data Protection Regulation (GDPR) serves as the legal basis when we obtain the consent of the data subject for the processing of personal data. Article 6 para. 1 (b) GDPR serves as the legal basis when processing personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to implement pre-contractual measures. Art. 6 para. 1 (c) GDPR serves as the legal basis when the processing of personal data is necessary to fulfil a legal obligation to which nece is subject. Art. 6 para. 1 (f) GDPR serves as the legal basis when processing is necessary to protect a legitimate interest of nece or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the said former interest.

3. Data erasure and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose for which the data was stored ceases to apply. In addition, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject, for example in accordance with the deadlines of the Records Directive, which supplements the Common Rules of Procedure of Federal Ministries (GGO). The data will also be blocked or deleted when a storage period stipulated by the aforementioned standards expires, unless there is a need for further storage of the data in order to conclude or perform a contract.

 

C. Data processing when visiting the nece-conference.eu website

I. Website provision and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the accessing computer’s system.

The following data are collected:

(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The user’s IP address
(4) Date and time of access
(5) Websites from which the user’s system accesses our website
(6) The URL visited

The data are also stored in our system’s log files. These data are not stored together with other personal data belonging to the user. The user’s IP address is rendered anonymous and is not stored by default. However, the IP address is saved in the event of faulty or aborted access. We cannot technically prevent this.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 (f) GDPR.

3. Purpose of data processing

It is necessary for the system to temporarily store the IP address in order to enable the website to be delivered to the user’s computer. In order to do this, the user’s IP address must remain stored for the duration of the session. The data are stored in log files to ensure the operability of the website. In addition, the data help us to optimise the website and to ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes within this context. These purposes also constitute our legitimate interest for data processing in accordance with Art. 6 para. 1 (f) GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to attain the purpose for which they were collected. This takes place at the end of the session where data have been collected in order to provide the website. If anonymised data are stored in log files, this will occur within a maximum of five weeks.

5. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no possibility to object.

 

II. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character sequence that provides a distinct identification of the browser when the website is accessed again. We use cookies which enable an analysis of the user’s surfing behaviour. You can find a list of saved and transmitted data in Section III of Piwik/Matomo. Technical precautions are taken to pseudonymise user data collected in this way. It is therefore no longer possible to assign the data to the accessing user. The data will not be stored together with other personal data about the user.

2. Legal basis for data processing

The legal basis for the processing of personal data by using cookies is Art. 6 Para. 1 e) GDPR in conjunction with § 3 BDSG (German Federal Data Protection Act)

3. Purpose of data processing

The use of analytical cookies is carried out in order to improve the quality of our website and its content. By means of the analytical cookies, we learn how the website is used and can thus continuously optimise our offer. For this purpose, processing is necessary for the performance of our tasks carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 e) GDPR in conjunction with § 3 BDSG).

4. Duration of storage, right to objection and erasure

Cookies are stored on the user’s computer and transmitted to our site. Cookies for Piwik/Matomo are stored for up to 13 months. We offer an “opt-out procedure” for the application. In this case, a cookie can also be set to opt out, which can be used to prevent the storage of the respective cookies. Users have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may no longer be possible to fully use all functions on the website.

III. Webanalyse by Matomo (formerly PIWIK)

1. Description and scope of data processing

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software places a cookie on the user’s computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:

(1) Two bytes of the IP address of the user’s accessing system
(2) The accessed website
(3) The website from which the user has accessed the accessed website (referrer)
(4) The sub-pages accessed from the accessed website
(5) The time spent on the website
(6) The frequency with which the website is accessed
(7) Browser language settings
(8) Location

The software runs exclusively on bpb’s servers. Users’ personal data is only stored there. The data will not be transmitted to third parties. The software is set so that the IP addresses are not completely stored and 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way it is no longer possible to assign the shortened IP address to the accessing computer.

2. Legal basis for the processing of personal data

The legal basis for processing users’ personal data is Art. 6 Para. 1 e) GDPR in conjunction with § 3 BDSG.

3. Purpose of data processing

The processing of users’ personal data enables us to analyse our users’ surfing behaviour. By analysing the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. For this purpose, processing is necessary for the performance of our tasks carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 lit. e) GDPR in conjunction with § 3 BDSG). By rendering the IP address anonymous, sufficient account is taken of the users’ interest in protecting their personal data.

4. Duration of storage

The data will be deleted as soon as they are no longer required for our record-keeping purposes, but no later than after three years.

5. Right to objection and erasure

Cookies are stored on the user’s computer and transmitted to our site. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may no longer be possible to fully use all functions on the website.

We offer users of our website the possibility to opt out of the analysis process. To do this, you must untick the box under this section. In this manner, another cookie will be set on your system, which tells our system not to store the user’s data. If the user deletes the relevant cookie from his/her own system in the meantime, he/she must set the opt-out cookie again.

https://piwik.bpb.de/index.php?module=CoreAdminHome&action=optOut&language=de

You can find more information about the Matomo software’s privacy settings on the following link: https://matomo.org/docs/privacy/.

 

D. Collection of personal data when contacting us

I. Contact by e-mail

1. Description and scope of data processing

In the event of contact by e-mail, the user’s personal data transmitted by the e-mail – e.g. e-mail address, surname, first name, address, and any other personal information contained in the e-mail – will be stored. The data will only be used for processing the conversation or for the purpose of the request.

2. Legal basis for data processing

The legal basis for processing data provided during the course of sending an e-mail is Art. 6 para. 1 (f) GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

Data is processed in order to process the contact and related enquiries and concerns.

4. Duration of storage

Data and information provided will be stored for contact purposes and for processing the request, in accordance with the deadlines of the Registry Directive, which supplements the Common Rules of Procedure of Federal Ministries (GGO), which apply to the storage of documents.

5. Possibility of objection and elimination

At any time, the user has the right to object to the processing of his/her data for reasons arising from his/her particular situation. The data are then no longer processed. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us will be deleted. Processing is possible despite the user’s objection, provided that the authority can present compelling reasons for processing which are worthy of protection and which outweigh the interests, rights and freedoms of the user.

Objections against processing can be submitted informally to nece-network@labconcepts.de. labconcepts GmbH will forward the objection to the relevant office at bpb (info@bpb.de).

 

E. Processing of personal data for offers provided by nece

I. Sending Newsletters

1. Description and scope of data processing

You can subscribe to a free newsletter on the nece.eu website. When registering for the newsletter, the e-mail address specified in the entry template is sent to us. In addition, the date and time of registration are collected at the time thereof.

During the registration process, your consent is obtained for data processing and reference is made to this in the data protection policy. You must also confirm your registration and thus the storage and processing of your e-mail address once again by e-mail (“Double Opt-In”). This is to prevent misuse of the e-mail address by third parties.

No data is passed on to third parties in the course of data processing in order to send newsletters. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

When the user has given his or her consent, the legal basis for processing the data after registration for the newsletter is Art. 6 para. 1 (a) GDPR.

3. Purpose of data processing

Collecting the user’s e-mail address is used to send the respective newsletter.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

5. Right to objection and erasure

Subscription to the newsletter can be cancelled by the concerned user at any time at www.bpb.de/newsletter. Each newsletter contains a link for this purpose. The e-mail address will be deleted after un-subscription from the newsletter.

II. Integration of external contents and/or services on nece-conference.eu

1. Description and scope of data processing

nece integrates some content on nece-conference.eu via external services. Data may be forwarded from nece-conference.eu to external services and cookies may be set by these services. nece uses these services to provide users of nece-conference.eu with multimedia content.

As a general rule, forwarded data contains the same information as when accessing the content integrated on nece-conference.eu. This may also include personal data (e.g. IP address). It is not always possible to trace which data is being forwarded. You should therefore obtain information about data collection, storage and use from the respective providers.

Nece-conference.eu currently includes services from the following providers, inter alia:

Google (e.g.. YouTube-Player, Google Maps, Google Spreadsheets): Google services are operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google’s data-protection policy provides information on the purpose and scope of data collection and the further processing and use of the data by Google as well as your related rights and setting options at: https://policies.google.com/privacy?hl=en

Twitter (Twitter widgets/feed): Twitter is operated by Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). Information on how Twitter uses or reuses the data collected can be found at: https://twitter.com/de/privacy

2. Legal basis for data processing 

The legal basis for the transmission of data is Art. 6 para. 1 (f) GDPR.

3. Purpose of processing

The integration of external services on nece-conference.eu is intended to provide content, functions and information which could not be made available to users without these services.

4. Duration of storage, Right to objection and erasure

The duration of data transmission and storage depends on the service in question. You must therefore obtain information about the purpose and scope of data collection, further processing and use and storage of the data as well as your rights of objection and erasure from the respective service provider. We have linked the respective data protection guidelines for you above.

 

F. Rights of data subjects

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to the data controller:

1. Right of access

You can ask the data controller to confirm whether personal data concerning you are processed by us. If such processing has taken place, you can request the following information from the data controller:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data have been or are still being disclosed;
(4) the planned duration of storage of your personal data or, if specific information is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third-party country or to an international organisation. In this context, you may request to be informed about the appropriate guarantees under Art. 46 GDPR concerning the transmission.

2. Right to rectification 

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The data controller must immediately make the correction.

3. Right to restriction of processing

You may request that the processing of your personal data be restricted under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to erase the personal data and instead request that the use of the personal data be restricted;
(3) the data controller no longer needs the personal data for processing purposes, but you do need them to establish, exercise or defend legal claims, or
(4) if you have filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the compelling legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending legal claims or for the protection of the rights of another natural or legal person or on grounds of a vital public interest of the European Union or of a Member State.

If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to erasure

a) Obligation of erasure

You may request that the data controller immediately erase any personal data concerning you and the data controller is obliged to immediately erase these data to the extent that one of the following grounds apply:

(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
(4) Your personal data have been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.(6) Your personal data was collected in relation to information technology services offered in accordance with Art. 8 para. 1 GDPR.

b) Information to third parties 

If the data controller has made your personal data public and is obliged to erase them in accordance with Art. 17 para. 1 GDPR, he/she shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers processing personal data, that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.

c) Exceptions

The right to erasure shall not arise to the extent that the processing is necessary for

(1) for the exercise of the right to freedom of expression and information;
(2) for the performance of a legal obligation required for processing under Union or Member State law to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller;
(3) for public-interest reasons in the field of public health pursuant to Art. 9 para. 2 (h) and (i) and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right mentioned under item (a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) for asserting, exercising or defending legal claims.

5. Right to information

If you have exercised your right to have the processing rectified, erased or restricted, the data controller is obliged to inform all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

You also have the right to be informed by the data controller about these receiving parties.

6. Right to data portability

You have the right to receive any personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another data controller without hindrance by the data controller to whom the personal data was provided, provided that

(1) processing is based on consent pursuant to Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or based on a contract pursuant to Art. 6 para. 1 (b) GDPR and
(2) processing is carried out by means of automated methods.

In exercising this right, you also have the right to request that your personal data concerning you be transmitted directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected thereby.

The right to portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right to object

For reasons relating to your particular situation, you have the right to object at any time to the processing of your personal data in accordance with Art. 6 para. 1 (e) or (f) GDPR.

The data controller will no longer process your personal data unless he/she can prove compelling legitimate grounds for processing that override your interests, rights and freedoms or unless the processing serves to establish, exercise or defend legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising purposes.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the possibility to exercise your right to object in connection with the use of information technology services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke consent with respect to data protection

You have the right to revoke your consent under data protection law at any time. The legality of the processing carried out on the basis of such consent until revocation shall not be affected by the revocation of such consent.

9. Right to lodge a complaint with a supervisory authority

Without prejudice as to any other administrative or judicial legal remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the suspected infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The supervisory authority for the Federal Agency for Civic Education is the (Federal Authority for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit), Husarenstraße 30, 53117 Bonn.