Data protection declaration according to GDPR

Thank you for visiting our website and your interest in our institute and our services. The protection of your personal data is very important to us. In the following, you will find information on how we handle your data collected through your use of our website. Your data will be processed in accordance with the legal regulations on data protection. Insofar as links are provided to other websites, we have neither influence nor control over the linked contents and the data protection regulations there. We recommend that you check the data protection declarations on the linked websites to determine whether and to what extent personal data is collected, processed, used or made available to third parties. 

I. Responsible body in terms of data protection law

The institution responsible within the meaning of the General Data Protection Regulation GDPR and other national data protection laws of the member states and other data protection regulations is the:

Institut für Automation und Kommunikation e. V.
Werner-Heisenberg-Straße 1
39106 Magdeburg
Germany
Tel.: +49 391 990140
Email: info@ifak.eu
Website: www.ifak.eu

II. Contact details of the data protection officer

In order to safeguard data protection rights, our institute has appointed an external data protection officer. You can find our data protection officer at:

datenschutzbeauftragter@datenschutzexperte.de
www.datenschutzexperte.de

III. Definitions

Our privacy policy should be simple and understandable for everyone. As a rule, the data protection declaration uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

IV. General information on data processing

Scope of the processing of personal data

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 letter a EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data necessary for the performance of a contract with this person, Article 6 para. 1 letter b GDPR serves as the legal basis. This also applies to processing operations, which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation, to which our institute is subject, Art. 6 para. 1 letter c GDPR serves as the legal basis.

If vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 para. 1 letter d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our institute or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 letter f GDPR serves as the legal basis for the processing.

Data transfer and recipient

Your personal data will not be transferred to third parties, except

  • if we have explicitly pointed out in the description of the respective data processing.
  • if you have given your express consent pursuant to Art. 6 para. 1 sentence 1 letter a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 letter c GDPR and
  • insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 letter b GDPR.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing and with whom we have, if necessary, concluded contract processing agreements in accordance with Art. 28 GDPR. They are bound by our instructions and are regularly checked by us. These are service providers for web hosting, the sending of emails and the maintenance and servicing of our IT systems etc. The service providers will not pass on this data to third parties.

Deletion of data and duration of storage

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies or you make use of your right of revocation or objection. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

V. Data processing by visiting our website

When you call up our web pages, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  1. information about the browser type and version used
  2. the user's operating system
  3. the Internet service provider of the user
  4. the IP address of the user
  5. date and time of access
  6. amount of data transmitted
  7. websites from which the user's system reaches our website
  8. websites that are accessed by the user's system via our website

We collect the listed data to ensure a smooth connection of the website and to enable a comfortable use of our website by the users. In addition, the log file serves to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or log files is Art. 6 para. 1 letter f GDPR.

For reasons of technical security, in particular to defend against attempts to attack our web server, we may store this data for a short period of time. It is not possible for us to draw conclusions about individual persons based on this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. There is no evaluation of this data except for statistical purposes in anonymised form. This data is not merged with data from other data sources.

VI. Contact form and contact by email

On our website, there is a contact form, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. These data are:

(1)          Name

(2)          Email address

(3)          Subject

(4)          Message

The processing of the personal data from the input mask serves us only for the processing of the establishment of contact. In the case of contacting us by email, this is also the necessary legitimate interest in the processing of the data.

At the time the message is sent, the following data is also stored:

(1)          IP address of the user

(2)          Date and time of the request

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy.

Alternatively, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing of the data is Art. 6 para. 1 letter a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Par. 1 letter f GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 letter b GDPR.

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

VII. Participation in online meetings and workshops/seminars or similar

We use third-party applications for online meetings, virtual digitalisation consultations, hybrid workshops/seminars (face-to-face and virtual) or online seminars/workshops. User data can be processed and stored on the servers of these third-party providers. Depending on the application used and the interaction on the part of the user, this can include contact data, shared screen content, video and audio contributions or chat messages.

By agreeing to participate in the above-mentioned communication activities with us via these third-party providers and their applications, third parties may process different data. For further details, please refer to the corresponding data protection notices of the respective third-party providers.

The processing of data is based on our legitimate interest in ensuring efficient communication with users in the above-mentioned communication situations. This may also include recording or live streaming or the distribution of recorded events. For this purpose, notifications will be provided during the registration process for the event and additionally at the beginning of the event. In this context, the legal basis for data processing is the consent of the users to participate in the event. A recording of online meetings between ourselves and the users does not occur at any time.

Used services / third-party providers:

"GoToMeeting" is a service provided by LogMeIn Ireland Limited (Bloodstone Building Block C 70 Sir John Rogerson's Quay Dublin 2, Ireland (Website: https://www.gotomeeting.com/)), a subsidiary of LogMeIn Inc. (Log-MeIn, 320 Summer Street, Boston, MA 02210, USA (Website: https://www.logmeininc.com/)). Any processing of personal data will therefore also be carried out in a third country. ifak has concluded a data processing agreement with the provider of "GoToMeeting" which meets the requirements of article 28 of the German Data Protection Act. LogMeIn's International Privacy Policy can be found here: https://www.logmeininc.com/de/legal/privacy/international

VIII. Use of cookies

This website does not use cookies or other applications that collect personal data.

IX. Web analysis and advertising tracking

We do not use tools for web analysis such as Matomo (formerly PIWIK) or Google Analytics on our website.

X. Social Media and Social Media plug-ins

Social networks (Facebook, Twitter, etc.) are only integrated on our website as links to the corresponding services. After clicking on the integrated text/image link, you will be redirected to the page of the respective provider. Only after this redirection will user information be transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective data protection regulations of the providers you use.

XI. Right of data subjects

Your rights

In the following, you will find information on the rights of data subjects, which the applicable data protection law grants you towards the data controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR In particular, you may request information as to the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof.

The right, in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us.

The right, in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right to demand, in accordance with Art. 18 GDPR, the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party.

The right to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can turn to the supervisory authority of the federal state of our registered office mentioned above or, if applicable, that of your usual place of residence or workplace.

Right to revoke consents granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke at any time, with effect for the future, any consent to the processing of data that you have once granted. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;

Right of objection

If your personal data are processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 letter f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to indicate a special situation.

If you wish to make use of your right of revocation or objection, simply send an email to info@ifak.eu.

XII. Adjustments and status of the data protection declaration

We reserve the right to adapt or update this data protection declaration if necessary in accordance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and take into account changes in our services, e.g. when introducing new services. The most recent version applies to your visit.

Status of this data protection declaration: 17/11/2020