Privacy Notice

Information regarding data protection to be provided

in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR)

 

GTH Gesellschaft für Thrombose- und Hämostaseforschung e.V. takes the protection of your personal data very seriously. Our goal is to use different formats (in-person, digital, hybrid) to provide you with a convenient range of training, while also protecting your right to informational self-determination and ensuring the protection of your privacy. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) for the sole purpose of complying with contractual obligations (point (b) of Article 6(1), first clause GDPR), on the basis of your consent (point (a) of Article 6(1), first clause GDPR) or on the basis of legal requirements (point (c) of Article 6(1), first clause GDPR), as well as when we have a legitimate interest (point (f) of Article 6(1), first clause GDPR). The following Privacy Notice gives you an overview of when we store which data, for which purpose we use it and how we ensure the protection of your personal data.

 

I The controller’s contact details

GTH Gesellschaft für Thrombose- und Hämostaseforschung e.V.
Haus der Verbände Köln
Gertrudenstr. 9
50667 Köln
Germany

Phone: +49 (0) 221 . 42 33 46 – 26
mail@gth-online.org

 

II The data protection officer’s contact details

Der schriftführende Sekretär
GTH Gesellschaft für Thrombose- und Hämostaseforschung e.V.
Haus der Verbände Köln
Gertrudenstr. 9
50667 Köln
Germany
Phone: +49 (0) 221 . 42 33 46 – 26
mail@gth-online.org

 

III. Data processing

 

  1. Which personal data do we process?

We process the following personal data:

  • First name, surname, academic title
  • Postal address, email address, telephone number, mobile number, fax number
  • Affiliation with a certain occupational group and membership
  • Company, department
  • Profession, professional function, specialist area/specialism
  • Financial and bank details, but only if they are required for remuneration for our services or for the reimbursement of expenses
  • EFN (Einheitliche Fortbildungsnummer) [standard training number]
  • IP address
  • Images, videos and audio recordings

 

  1. Purpose of the processing

2.1         Purpose of the processing when participating in events on-site

Data is processed in order to host and arrange training events, conventions, conferences and other seminar services within the scope of the performance of our contracts with our participants or to perform pre-contractual measures, which are carried out on request. The purposes of data processing are primarily based on the specific service (e.g. medical specialist course, further training course, specialist convention, one-day seminar). If necessary, we continue to process your data past the actual fulfilment of the contract on the grounds of our legitimate interests (e.g. exercise of legal claims and defence in the event of legal disputes). Data processing may also be carried out on the basis of your consent or on the grounds of a legitimate interest on our part.

We process photos, videos and audio recordings of you during the event in order to broadcast the event to third parties live on a conference or streaming platform and/or to make all or part of the event available to third parties on demand via various channels. These channels are the GTH online media library (GTh-mediathek.org), conference platforms and platforms for further training events, as well as social media (Instagram, Facebook, Twitter).

We also process photos and videos for the purposes of documentation and illustration, both on various online channels and for printed materials (e.g. training brochures). Examples of the online channels include the GTH homepage (gth-online.org) and training platforms (gth-akademie.org).

2.2         Purpose of the processing when participating in virtual events

Data is processed in order to host and arrange digital and hybrid training events, conventions, conferences and other seminar services within the scope of the performance of our contracts with our digital participants or to perform pre-contractual measures, which are carried out on request. The purposes of data processing are primarily based on the specific service (e.g. online specialist conference, online medical specialist course, online seminars), either digital or hybrid. If necessary, we continue to process your data past the actual fulfilment of the contract on the grounds of our legitimate interests (e.g. exercise of legal claims and defence in the event of legal disputes). Data processing may also be carried out on the basis of your consent or on the grounds of a legitimate interest on our part.

We process photos, videos and audio recordings to enable us to provide you with a comprehensive portfolio of online services when participating in digital events, particularly to enable you and/or to make it easier for you to participate in video conferences or to communicate in chatrooms/breakout rooms.

 

  1. Data categories

3.1         Data processing in companies

3.1.1     General

We process personal data when you register (online, e.g. when requesting event materials) and/or when you sign up for an event.

When signing up, you have the option to enter a different billing address.

The data collected during registration is used to set up a user account. You can find the current seminars you have booked and the seminar you have previously attended in your user account. You can also see which seminars you are on the waiting list for.

Furthermore, every time a user visits a page we operate, data pertaining to this process is stored in a log file. This data is used for analyses for statistical purposes; it is not merged with the personal details provided by the user.

Specifically, the following types of data are stored each time a page is viewed:

  • Name of the file retrieved
  • Date and time of visit
  • Data volume transmitted
  • Message as to whether access was successful
  • Description of the type of web browser used
  • Operating system used

3.1.2     When participating in an event on-site

As a participant of an in-person event you get a participant ID card on which the personal data provided when registering/signing up is stored and then read at the event location using a barcode/QR code scanner. We process your personal data every time this is scanned when moving around the conference site. Some scanning processes can be actively carried out by the participants themselves, e.g. at certain exhibition stands, and are sometimes automatic, e.g. when switching rooms. In particular, the purpose of the scanning procedure is to provide proof of your mandatory training. Data processing procedures carried out by the sponsor, which carries these out in the form of scanning procedures subject to consent at its exhibition stand, are subject to the relevant sponsor’s data protection statement.

3.1.3     At virtual events

We process personal data when you register (online, e.g. when requesting event materials) and/or when you sign up on the relevant conference platform.

We also process personal data every time you sign up for a chatroom, breakout room or video conference. If you activate access on your microphone and/or video camera, audio and video data is processed and played back.  As a participant, you can disable such access again at any time using the buttons with the relevant symbols.  Participation in a digital event is still possible if you disable access. There is also the opportunity to send text messages in a group chat, which are visible to all the participants in a given case. Clear notices are used on visibility and recording for individual participants when breakout rooms are entered for individual meetings.

You are given further information on the platforms we use in general, on how your data is handled and on server locations when visiting the relevant provider’s website or installing the provider’s application on your device. These service providers act as our processors when using video conferencing systems during digital and hybrid events.

3.2         External service providers

We use the following external service provider in particular to carry out our duties:

MCI Deutschland GmbH

Markgrafenstraße 56

10117 Berlin

We sometimes use other external service providers to carry out our duties. Find a list of the contractors and service providers with which we have permanent business relationships in the attached overview.

The data collected during registration is also used for our own statistical purposes and is also encrypted and sent to our service providers and sponsors, provided that consent has been given.

3.3         Other recipients

We do not transfer your personal data to any other recipients.

3.4         Newsletter

Purpose of the processing

If you would like to receive the newsletter offered on the website, we need you to provide an email address. You subscribe to the newsletter using the double opt-in method. This means that after subscribing you receive an email through which you must confirm your subscription. This method prevents anyone who doesn’t have the authority to do so from subscribing using your email address. Your subscription to the newsletter is logged (the time and date of subscription and confirmation, as well as your IP address, are stored). The log serves as evidence of the subscription process in accordance with legal requirements.

You can withdraw your consent to the storage of your email address (and, if entry fields are also provided, the options for your first name and surname in order to address you personally) and to the use of it to distribute the newsletter, together with the associated performance measurement, at any time. A link to unsubscribe is provided at the end of every newsletter. So that we can prove that consent has previously been given for an unsubscribed email address, we may store this for up to 3 years before erasing it.

The legal basis for distribution of the newsletter and the associated performance measurement is provided by the subscription by the data subject/recipient in accordance with point (b) of Article 6(1) GDPR and Article 7 GDPR and together with no. 3 of Section 7(2) of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG) and/or by the statutory consent in accordance with Section 7(3) UWG.

And point (f) of Article 6(1) GDPR: Our legitimate interest in performance measurement lies in identifying our users’ reading habits based on the opening of the newsletter, opening times and the links clicked, which enable us to produce and send users helpful content according to their interests.

The legal basis for logging is point (f) of Article 6(1) GDPR. Our legitimate interest lies in using a secure, user-friendly newsletter system that is useful for distributing the newsletter and protects the newsletter subscribers’ personal data. It also enables us to provide proof of consent.

 

3.5        Use of Matomo Tracking

This website uses the Matomo (Piwik) web analytics service. No cookies are used for this purpose. If you do not agree to the storage and analysis of such data related your visit, you may object to such storage and use at any time with a click of the mouse. In this case, a so-called ‘opt-out cookie’ will be stored in your browser, which means that Matomo will not collect any session data. Please note that the complete deletion of cookies means that the opt-out cookie will also be deleted and that you may need to re-enable it.

The applicable legal basis for this is Art. 6(1)(f) GDPR. Our legitimate interest arises from the fact that we implement modifications for optimisation and marketing purposes, as well as for security, based on the statistical analysis of user behaviour.

  1. Legal basis

In accordance with point (a) of Article 6(1), first clause GDPR, we use the photos, videos and audio recordings of you during events on the basis of your consent to the processing of personal data concerning you.

The processing of the specified data for the purpose of performing our contracts with our participants or for performing pre-contractual measures is also carried out on the basis of points (b) and (f) of Article 6(1), first clause GDPR. Processing is also required to implement the agreement.

Our legitimate interest lies in an essential and appropriate customer relationship with you. We would like to use direct marketing to provide you with detailed information on other available training opportunities following your event and to encourage you to take part in these, as well as to send you offers for our services.

Personal data is also processed in order to comply with other legal obligations to which the organiser is subject (particularly those under commercial and/or tax law) in accordance with point (c) of Article 6(1), first clause GDPR. The legal obligation also arises from the required mandatory training for doctors according to the relevant medical associations in accordance with Section 95 d of the German Social Security Code V (Sozialgesetzbuch, SGB V).

You have the right to object to the processing of data concerning you that is being carried out in accordance with point (f) of Article 6(1), first clause GDPR at any time and to state the reasons for this. The objection can be made in any form and should be directed, where possible, to: mail@gth-online.org. If you do object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.

 

  1. Right of withdrawal

You can withdraw consent that you have given at any time with effect for the future; this does not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal. Consent granted by law remains unaffected by a withdrawal of consent, for example because the recording of the event constitutes an image from contemporary history or you have only appeared as an accessory or participated in a similar convention or event (legal basis point (f) of Article 6(1), first clause GDPR and Section 23(1) of the German Art Copyright Act (Kunsturhebergesetz, KUG)). If a claim for erasure is made, the recordings are removed from our own web pages or rendered unrecognisable (e.g. through pixelation) and no longer used for new printed materials. Information published on the Internet may remain accessible through archiving services even after it has been erased from the original web page. According to the information currently available, it is no longer possible to erase photos and data on social media services; instead, they are simply no longer publicly displayed.

 

  1. Duration of storage

We erase your personal data as soon as it is no longer required for the aforementioned purposes. There are different storage periods depending on the nature of the personal data:

6.1      Billing data (first name, surname, academic title and postal address): max. 10 years (retention of encrypted data only)

6.2      Event organisation data:

6.2.1  Images, videos and audio recordings of on-site events: 3 months to max. 1 year (depending on the media library program)

6.2.2  Images, videos and audio recordings of virtual events: 3 months to max. 1 year

6.2.3  Other essential data for hosting the event (IP addresses, email addresses, telephone numbers, mobile numbers, fax numbers): Erased immediately after the event

6.3      Data serving as proof of mandatory training (affiliation with a particular occupational group, membership, company, department, profession, professional function, specialist area/specialism, EFN if applicable): 3 years

6.4      Data used for direct marketing (email addresses, telephone numbers, mobile numbers, fax numbers, postal addresses): 3 years

6.5      Financial and bank details: Erased immediately after payment

 

  1. Sources of personal data

We obtain the data collected from

  • Your registration,
  • The set-up of a user account,
  • Association/membership data
  • or from our own database.
  • Participant data from previous training events

 

  1. Automated decision-making

We do not carry out any automated decision-making, including profiling.

 

  1. Data security

We take appropriate technical and organisational safety measures to protect your data against accidental or intentional data manipulation, partial or complete loss, destruction or unauthorised third-party access (e.g. TSL encryption), taking into consideration the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including the probability and consequences thereof) for data subjects. Our security measures are continuously improved in line with technological developments. We would be happy to provide you with further information regarding this on request. To request this, please contact: mail@gth-online.org.

 

  1. International data transfers

GTH processes personal data on servers in Germany and Switzerland.

When transferring data, GTH complies with all provisions laid down in the GDPR which apply for the processing of EU citizens’ personal data.

 

  1. Data subject rights

In accordance with Article 15 GDPR, you can request access to the data concerning you that we are storing via the address above. Under certain circumstances, you can also obtain the rectification of your data in accordance with Article 16 GDPR or the erasure of your data in accordance with Article 17 GDPR. Additionally, you have the right to the restriction of processing of your data in accordance with Article 18 GDPR as well as the right to the provision of the data in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions laid down in Sections 34 and 35 BDSG apply.

 

You also have the option to lodge a complaint with the data protection officer above or a data protection authority. The data protection supervisory authority responsible for us is:

Nordrhein-Westfalen

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Bettina Gayk

Postfach 20 04 44

40102 Düsseldorf

Kavalleriestraße 2-4

40213 Düsseldorf

Phone: +49 211 384 24-0

E-Mail: poststelle@ldi.nrw.de

Homepage: https://www.ldi.nrw.de

VII.        Overview of service providers

Overview of the controller’s service providers in accordance with the statutory information obligation.

Service provider Service/purpose of contract
Eventclass GmbH
Herkulesstr. 1501277 Dresden		 Registration/Abstract submission/online platform
LUXAV Audiovisuelle Kommunikation GmbH
Am Feldrain 1-334253 Lohfelden		 Streaming / video recording

 

VIII.       Notification of change

This Privacy Notice may be updated on a regular basis. We will update the date of this Privacy Notice accordingly. 

 

RIGHT TO OBJECT

Information on your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)

CASE-SPECIFIC RIGHT TO OBJECT

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1), first clause GDPR (data processing on the basis of a balance of interests). If you do object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.

The objection can be made in any format and should be directed, where possible, to: mail@gth-online.org.

 

Version dated February 2023