Information regarding data protection to be provided
in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR)
GTH Gesellschaft für Thrombose- und Hämostaseforschung e.V. takes the protection of your personal data very seriously. Our goal is to use different formats (in-person, digital, hybrid) to provide you with a convenient range of training, while also protecting your right to informational self-determination and ensuring the protection of your privacy. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) for the sole purpose of complying with contractual obligations (point (b) of Article 6(1), first clause GDPR), on the basis of your consent (point (a) of Article 6(1), first clause GDPR) or on the basis of legal requirements (point (c) of Article 6(1), first clause GDPR), as well as when we have a legitimate interest (point (f) of Article 6(1), first clause GDPR). The following Privacy Notice gives you an overview of when we store which data, for which purpose we use it and how we ensure the protection of your personal data.
I The controller’s contact details
GTH Gesellschaft für Thrombose- und Hämostaseforschung e.V.
Haus der Verbände Köln
Phone: +49 (0) 221 . 42 33 46 – 26
II The data protection officer’s contact details
Der schriftführende Sekretär
GTH Gesellschaft für Thrombose- und Hämostaseforschung e.V.
Haus der Verbände Köln
Phone: +49 (0) 221 . 42 33 46 – 26
III. Data processing
- Which personal data do we process?
We process the following personal data:
- First name, surname, academic title
- Postal address, email address, telephone number, mobile number, fax number
- Affiliation with a certain occupational group and membership
- Company, department
- Profession, professional function, specialist area/specialism
- Financial and bank details, but only if they are required for remuneration for our services or for the reimbursement of expenses
- EFN (Einheitliche Fortbildungsnummer) [standard training number]
- IP address
- Images, videos and audio recordings
- Purpose of the processing
2.1 Purpose of the processing when participating in events on-site
Data is processed in order to host and arrange training events, conventions, conferences and other seminar services within the scope of the performance of our contracts with our participants or to perform pre-contractual measures, which are carried out on request. The purposes of data processing are primarily based on the specific service (e.g. medical specialist course, further training course, specialist convention, one-day seminar). If necessary, we continue to process your data past the actual fulfilment of the contract on the grounds of our legitimate interests (e.g. exercise of legal claims and defence in the event of legal disputes). Data processing may also be carried out on the basis of your consent or on the grounds of a legitimate interest on our part.
We process photos, videos and audio recordings of you during the event in order to broadcast the event to third parties live on a conference or streaming platform and/or to make all or part of the event available to third parties on demand via various channels. These channels are the GTH online media library (GTh-mediathek.org), conference platforms and platforms for further training events, as well as social media (Instagram, Facebook, Twitter).
We also process photos and videos for the purposes of documentation and illustration, both on various online channels and for printed materials (e.g. training brochures). Examples of the online channels include the GTH homepage (gth-online.org) and training platforms (gth-akademie.org).
2.2 Purpose of the processing when participating in virtual events
Data is processed in order to host and arrange digital and hybrid training events, conventions, conferences and other seminar services within the scope of the performance of our contracts with our digital participants or to perform pre-contractual measures, which are carried out on request. The purposes of data processing are primarily based on the specific service (e.g. online specialist conference, online medical specialist course, online seminars), either digital or hybrid. If necessary, we continue to process your data past the actual fulfilment of the contract on the grounds of our legitimate interests (e.g. exercise of legal claims and defence in the event of legal disputes). Data processing may also be carried out on the basis of your consent or on the grounds of a legitimate interest on our part.
We process photos, videos and audio recordings to enable us to provide you with a comprehensive portfolio of online services when participating in digital events, particularly to enable you and/or to make it easier for you to participate in video conferences or to communicate in chatrooms/breakout rooms.
- Data categories
3.1 Data processing in companies
We process personal data when you register (online, e.g. when requesting event materials) and/or when you sign up for an event.
When signing up, you have the option to enter a different billing address.
The data collected during registration is used to set up a user account. You can find the current seminars you have booked and the seminar you have previously attended in your user account. You can also see which seminars you are on the waiting list for.
Furthermore, every time a user visits a page we operate, data pertaining to this process is stored in a log file. This data is used for analyses for statistical purposes; it is not merged with the personal details provided by the user.
Specifically, the following types of data are stored each time a page is viewed:
- Name of the file retrieved
- Date and time of visit
- Data volume transmitted
- Message as to whether access was successful
- Description of the type of web browser used
- Operating system used
3.1.2 When participating in an event on-site
As a participant of an in-person event you get a participant ID card on which the personal data provided when registering/signing up is stored and then read at the event location using a barcode/QR code scanner. We process your personal data every time this is scanned when moving around the conference site. Some scanning processes can be actively carried out by the participants themselves, e.g. at certain exhibition stands, and are sometimes automatic, e.g. when switching rooms. In particular, the purpose of the scanning procedure is to provide proof of your mandatory training. Data processing procedures carried out by the sponsor, which carries these out in the form of scanning procedures subject to consent at its exhibition stand, are subject to the relevant sponsor’s data protection statement.
3.1.3 At virtual events
We process personal data when you register (online, e.g. when requesting event materials) and/or when you sign up on the relevant conference platform.
We also process personal data every time you sign up for a chatroom, breakout room or video conference. If you activate access on your microphone and/or video camera, audio and video data is processed and played back. As a participant, you can disable such access again at any time using the buttons with the relevant symbols. Participation in a digital event is still possible if you disable access. There is also the opportunity to send text messages in a group chat, which are visible to all the participants in a given case. Clear notices are used on visibility and recording for individual participants when breakout rooms are entered for individual meetings.
You are given further information on the platforms we use in general, on how your data is handled and on server locations when visiting the relevant provider’s website or installing the provider’s application on your device. These service providers act as our processors when using video conferencing systems during digital and hybrid events.
3.2 External service providers
We use the following external service provider in particular to carry out our duties:
MCI Deutschland GmbH
We sometimes use other external service providers to carry out our duties. Find a list of the contractors and service providers with which we have permanent business relationships in the attached overview.
The data collected during registration is also used for our own statistical purposes and is also encrypted and sent to our service providers and sponsors, provided that consent has been given.
3.3 Other recipients
We do not transfer your personal data to any other recipients.
- Legal basis
In accordance with point (a) of Article 6(1), first clause GDPR, we use the photos, videos and audio recordings of you during events on the basis of your consent to the processing of personal data concerning you.
The processing of the specified data for the purpose of performing our contracts with our participants or for performing pre-contractual measures is also carried out on the basis of points (b) and (f) of Article 6(1), first clause GDPR. Processing is also required to implement the agreement.
Our legitimate interest lies in an essential and appropriate customer relationship with you. We would like to use direct marketing to provide you with detailed information on other available training opportunities following your event and to encourage you to take part in these, as well as to send you offers for our services.
Personal data is also processed in order to comply with other legal obligations to which the organiser is subject (particularly those under commercial and/or tax law) in accordance with point (c) of Article 6(1), first clause GDPR. The legal obligation also arises from the required mandatory training for doctors according to the relevant medical associations in accordance with Section 95 d of the German Social Security Code V (Sozialgesetzbuch, SGB V).
You have the right to object to the processing of data concerning you that is being carried out in accordance with point (f) of Article 6(1), first clause GDPR at any time and to state the reasons for this. The objection can be made in any form and should be directed, where possible, to: firstname.lastname@example.org. If you do object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
- Right of withdrawal
You can withdraw consent that you have given at any time with effect for the future; this does not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal. Consent granted by law remains unaffected by a withdrawal of consent, for example because the recording of the event constitutes an image from contemporary history or you have only appeared as an accessory or participated in a similar convention or event (legal basis point (f) of Article 6(1), first clause GDPR and Section 23(1) of the German Art Copyright Act (Kunsturhebergesetz, KUG)). If a claim for erasure is made, the recordings are removed from our own web pages or rendered unrecognisable (e.g. through pixelation) and no longer used for new printed materials. Information published on the Internet may remain accessible through archiving services even after it has been erased from the original web page. According to the information currently available, it is no longer possible to erase photos and data on social media services; instead, they are simply no longer publicly displayed.
- Duration of storage
We erase your personal data as soon as it is no longer required for the aforementioned purposes. There are different storage periods depending on the nature of the personal data:
6.1 Billing data (first name, surname, academic title and postal address): max. 10 years (retention of encrypted data only)
6.2 Event organisation data:
6.2.1 Images, videos and audio recordings of on-site events: 3 months to max. 1 year (depending on the media library program)
6.2.2 Images, videos and audio recordings of virtual events: 3 months to max. 1 year
6.2.3 Other essential data for hosting the event (IP addresses, email addresses, telephone numbers, mobile numbers, fax numbers): Erased immediately after the event
6.3 Data serving as proof of mandatory training (affiliation with a particular occupational group, membership, company, department, profession, professional function, specialist area/specialism, EFN if applicable): 3 years
6.4 Data used for direct marketing (email addresses, telephone numbers, mobile numbers, fax numbers, postal addresses): 3 years
6.5 Financial and bank details: Erased immediately after payment
- Sources of personal data
We obtain the data collected from
- Your registration,
- The set-up of a user account,
- Association/membership data
- or from our own database.
- Participant data from previous training events
- Automated decision-making
We do not carry out any automated decision-making, including profiling.
- Data security
We take appropriate technical and organisational safety measures to protect your data against accidental or intentional data manipulation, partial or complete loss, destruction or unauthorised third-party access (e.g. TSL encryption), taking into consideration the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including the probability and consequences thereof) for data subjects. Our security measures are continuously improved in line with technological developments. We would be happy to provide you with further information regarding this on request. To request this, please contact: email@example.com.
- International data transfers
GTH processes personal data on servers in Germany and Switzerland.
When transferring data, GTH complies with all provisions laid down in the GDPR which apply for the processing of EU citizens’ personal data.
- Data subject rights
In accordance with Article 15 GDPR, you can request access to the data concerning you that we are storing via the address above. Under certain circumstances, you can also obtain the rectification of your data in accordance with Article 16 GDPR or the erasure of your data in accordance with Article 17 GDPR. Additionally, you have the right to the restriction of processing of your data in accordance with Article 18 GDPR as well as the right to the provision of the data in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions laid down in Sections 34 and 35 BDSG apply.
You also have the option to lodge a complaint with the data protection officer above or a data protection authority. The data protection supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
Phone: +49 211 384 24-0
VII. Overview of service providers
Overview of the controller’s service providers in accordance with the statutory information obligation.
|Service provider||Service/purpose of contract|
Herkulesstr. 1501277 Dresden
|Registration/Abstract submission/online platform|
|LUXAV Audiovisuelle Kommunikation GmbH
Am Feldrain 1-334253 Lohfelden
|Streaming / video recording|
VIII. Notification of change
This Privacy Notice may be updated on a regular basis. We will update the date of this Privacy Notice accordingly.
RIGHT TO OBJECT
Information on your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)
CASE-SPECIFIC RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1), first clause GDPR (data processing on the basis of a balance of interests). If you do object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
The objection can be made in any format and should be directed, where possible, to: firstname.lastname@example.org.
Version dated February 2023