§ 3 Processing of personal data / legal basis / duration of storage
Via the web pages of www.easd.org, apart from your IP address, no personal data whatsoever (e.g. names, addresses, phone numbers or email addresses) is processed, unless you voluntarily submit such data to us. Specifically, when you visit our site, your data is processed as follows:
a) Data processing when visiting the website
When using the website merely for information purposes, i.e. when you do not register or transfer information for any other reason, we only process the personal data your browser transmits to our server. In order to present our website to you and guarantee its stability and safety, we require, for technical reasons, the following data to allow you to view it, the legal basis being point f of Art. 6(1), sentence 1 GDPR:
- the IP address
- the date and time of access
- the time difference from GMT (Greenwich Mean Time)
- the content of the request (specific page)
- the access status/HTTP status code
- the respective data volume transferred
- the referrer website
- the browser
- the operating system and its interface
- the language and version of the browser software
The data is erased as soon as the purpose of transmission has been fulfilled. In the case of collection of data for presentation of the website, this applies when the respective session is over. Storage beyond this time period is possible. In this case, the user’s IP address is erased, so that the accessing client can no longer be assigned to the former. The collection of data for presentation of the website and the storage of the former in log files is essential for the site’s operation.
b) Data processing via cookies
In addition to the aforementioned data, cookies are stored onto your computer whenever you use our website. Cookies are small text files which are deposited on your hard drive and assigned to the browser you use, passing on certain information to the location at which the cookie is deposited (in this case by us). Cookies are unable to run programmes or transfer viruses to your computer. Their general purpose is to make the internet service more user-friendly and effective. For example, we apply cookies in order to identify you on further visits when you have an account with us. Failing this, you would have to login anew every time you visited us.
Cookies are stored onto your computer/terminal and transmitted from here to our website. Consequently, as a user you have full control over the application of cookies. By changing the settings in your internet browser, you can deactivate or limit the transfer of cookies and, for example, refuse to allow third-party cookies or cookies in general. However, if you deactivate cookies for our website, you may not be able to use the site’s features to the full.
Via your browser, you can also, at any time, delete all cookies which have so far been stored. For more details, please check your browser’s help functions. Please bear in mind that certain functions may in this case no longer be available. Furthermore, the following website can assist you in managing and deactivating third party cookies: http://www.youronlinechoices.com/uk/your-ad-choices. Since we do not operate this website, we assume no liability for it and have no influence over content and availability.
This website specifically uses the following types of cookies, the scope and functionality of which are described as follows:
- transient cookies (see aa)
- persistent cookies (see bb).
aa. transient cookies are erased automatically, as soon as you close your browser. This applies in particular to the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to a common session. In this way, your computer terminal can be identified when you return to our website. As soon as you log out or close your browser, the session cookies are deleted.
bb. persistent cookies are automatically erased after a prescribed period which can vary from cookie to cookie. You can delete the cookies at any time in your browser’s security settings.
If you login to our website, the session cookie is supplemented by your so-called user ID; this information is stored for 120 minutes and then erased.
Cookies, which are used to implement the electronic communication process or which are required for the presentation of certain features of your choice, are stored on the basis of point f of Art. 6(1) GDPR. We have a legitimate interest in storing cookies in order to provide error-free technology and an optimum presentation of our services. Since we are able via the cookies to determine when you re-visit our site, your use of the latter has been made more convenient, also on the basis of our legitimate interest, so that you do not for example have to login if you have an account with us.
When you read and agree to the notice on our website on the implementation of cookies, you at the same time accept the processing of data via cookies pursuant to point a of Art. 6(1) GDPR. If you agree to the application of cookies, a so-called acceptance cookie is then implemented. The latter’s only content is a notice that the cookie has been clicked and that the application of session cookies has been approved of.
This website uses features from the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irish Republic. Google Analytics utilises so-called “cookies”, text files which are stored on your computer and which are able to analyse your use of the site. The information generated by the cookie about your use of this website is as a rule transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, however, your IP address shall be shortened beforehand by Google within the member states of the European Union or in other signatory states of the Agreement of the European Economic Area. Specifically, we use Google Analytics here with the add-on “_anonymizeIp()”. This allows IP addresses to be further processed in short form in order to rule out identification of the website user. If personally identifiable information appears in the data collected concerning you, it is then removed immediately and the personal data is erased there and then.
In exceptional cases only, the full IP address is transferred to a Google server in the USA and truncated there. Google uses this information on our behalf to analyse your use of the website, to compile reports on website activity, and to provide us with further services in connection with website and Internet use. Google has assured us that the IP address transmitted from your browser in connection with Google Analytics is not combined with other Google data.
We have signed an order processing contract with Google and adhere entirely to the strict regulations stipulated by German data protection authorities on the use of Google Analytics.
We apply Google Analytics to analyse the use of our website and to regularly improve it. The statistics we gather help us to improve our service and to make it more interesting for you as a user. Concerning exceptional cases in which personal data is transferred to the USA, Google has agreed to comply with the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. The legal basis for the use of Google Analytics is therefore also point f of Art. 6(1) GDPR. Data stored by Google on a user and event level and which is linked to cookies and identifiers (e.g. User ID), is not automatically erased. For further details see also: https://support.google.com/analytics/answer/7667196?hl=en.
You may prevent the storage of cookies by setting your browser software correspondingly, but we must remind you that in this case you will probably be unable to use all features of our website to the full. Apart from that, you can prevent Google from collecting and processing the data generated by the cookie (including your IP address) and relating to your use of the site by downloading and installing the available browser plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
In the case of (mobile) terminals, at which it may not be possible to install this plug-in, you can prevent Google from collecting and processing the data generated by the cookie (including your IP address) and relating to your use of the site by clicking
An opt-out cookie is then deposited on your terminal. We remind you, however, that in this case you may not be able to use all features of our website to the full. If you wish to erase your cookies, you must re-click the link.
c) Data processing via social media sites (Facebook / Twitter)
aa. Data processing by way of our links to social media
Currently, we do not use any social media plug-ins on our site www.easd.org. This means that when you visit our original Internet presence, at first no personal data whatsoever is transferred to providers of plug-ins. We merely provide links to our Facebook and Twitter pages. Only when you click the respective link and by doing so access our Facebook or Twitter pages does the provider receive the message that you have used the services on our website. Also, the data mentioned in Section 3 a) of this declaration is transferred.
In the case of Facebook, they claim that in Germany the IP address is immediately made anonymous after collection. When you access our pages in Facebook and Twitter, personal data is accordingly transferred to the respective provider and stored on American servers in the USA. We neither have any influence on data collected and processed by Facebook and Twitter nor have we knowledge of the entire extent of data collection, the purposes of data processing there, or the providers’ exact data retention periods. We also have no precise information on erasure of data by the provider.
bb. Data processing via the social networks
When you visit our pages on Facebook and Twitter, the respective provider stores the data collected concerning you as user profiles and uses it for advertising, market research and/or the needs-based design of his website. Such an analysis is used in particular (even with users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. When you visit our social media presences, numerous privacy related processing procedures are set in motion.
In detail: when you login to your social media account and visit our social media page, the provider of the social media portal can assign this visit to your user account. We recommend that you log out regularly after using a social network in order to prevent the provider from assigning you to your profile.
Your personal data can however in some cases be collected even when you are not logged in or do not have an account with the relevant social media portal. This collection of data takes place in this instance for example via cookies which are stored on your terminal or via registration of your IP address. With the aid of data collected in this way, the providers of social media portals can generate user profiles in which your preferences and interests are filed. In this way, interest-related advertising can be displayed to you both inside and outside the respective social media site. In cases where you have an account at the respective social network, this interest-related advertising can be displayed on all devices you are or were logged into.
cc. Legal bases and responsible authorities
By way of our Facebook and Twitter sites we give you the chance to interact with the social media and other users, thus allowing us to improve our service and to develop it in a more interesting way for users like yourself. Additionally, through our services in the social networks we aim to provide a comprehensive media presence which guarantees that our targets as an association are reached. These interests constitute legitimate interests pursuant to point f of Art. 6(1) sentence 1 GDPR. The analytical processes initiated by the social networks may be based on deviating legal bases which must be specified by the social media providers (e.g. consent in the meaning of point a of Art. 6(1) GDPR.
When you visit one of our social media sites (e.g. Facebook), we are jointly responsible along with the operator of the social media platform for the data processing procedures triggered off by this visit. You can categorically exercise your rights (access, rectification, erasure, restriction of processing, data portability, complaints) against us and against the operator of the respective social media portal (e.g. Facebook). Please bear in mind that despite our joint responsibility with the operators of social media portals, we do not have complete influence over the latter’s data processing procedures. Our capabilities are largely determined by the respective provider’s corporate policy.
dd. Duration of storage
The data directly collected by us via the social media site is erased as soon as the purpose of storage has been fulfilled, you demand its erasure, you revoke your consent to storage or if the purpose of data storage ceases. Stored cookies remain on your terminal until you delete them. Mandatory legal provisions, especially retention periods, remain unaffected. We have no influence over the length of storage of your data by providers of social networks for their own purposes. For any further particulars, please contact the providers directly, for instance by consulting their privacy policies (see below).
ee. Specific social networks
The provider of our Facebook profile is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook has certified to the EU-US Privacy Shield: (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC). We have signed an agreement with Facebook on common processing (Controller Addendum). This agreement stipulates which data processing procedures we or Facebook are responsible for whenever you visit our Facebook page. It is viewable under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can also adjust your advertising preferences independently in your Facebook user account. To go there, please click the following link and login to: https://www.facebook.com/settings?tab=ads.
We utilise the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter has certified to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO.
You can also adjust your advertising preferences independently in your Twitter user account. To go there, please click the following link and login to: https://twitter.com/personalization.
d) Data processing via third party plugins and tools
aa. Google Maps
Our online service includes the use of Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for the display of interactive maps, allowing the visualisation of geographic information. When you use this service, our location or the location of selected venues and/or hotels are displayed and journeys to your destination facilitated. This constitutes a legitimate interest pursuant to point f of Art. 6(1) GDPR.
As soon as subpages are accessed which are linked to Google Maps, information on your use of our site such as your IP address is transferred to Google servers in the USA and stored there. This takes place regardless of whether Google provides a user account which you are logged into, or whether you are without an account. If you are logged into Google, your data is directly assigned to your account. If you do not wish to be assigned to your Google profile, you must log out before you activate the button. Google stores data as user profiles (even if users are not logged in) and analyses it. An analysis of this kind takes place in particular pursuant to point f of Art. 6(1) GDPR on the basis of Google’s legitimate interest in displaying personalised advertising, market research and/or needs-based design of its website.
Google LLC is based in the USA and has certified to the EU-US Privacy Shield data protection agreement, which adheres to the standard of data protection guaranteed in the EU according to the level specified by the European Commission: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
bb. Google Web Fonts
For the uniform display of fonts, this site utilises the so-called web fonts Google provides. When a page is accessed, your browser uploads the required web fonts to your browser cache in order to properly display texts and fonts.
To this aim, the browser you utilise must make contact with Google’s servers. At the same time, Google is informed that our website was accessed via your IP address. The use of Google Web Fonts takes place in the interest of an appealing, uniform display of our online services. This constitutes a legitimate interest pursuant to point f of Art. 6(1) GDPR.
For visualisation and reproduction of content, we have included videos from the “Vimeo” Attention platform on our website. Vimeo Inc. Legal Department, 555 West 18th Street New York, New York 10011, USA. This constitutes a legitimate interest pursuant to point f of Art. 6(1) GDPR. When you access one of the submenu pages of our web presence containing a Vimeo plug-in, to play a video for instance, your browser establishes a direct connection to the servers of Vimeo, thus showing the plug-in. At the same time, the Vimeo server is informed as to which of our web pages you have visited. If you are now logged in as a member of Vimeo (which of course is not mandatory just to view our videos), Vimeo assigns this information to your personal user account. If you utilise the plug-in in that you for example click the start button of a video, this information is similarly assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and erasing the corresponding Vimeo cookies. Further information on data processing and references to Vimeo’s data protection can be found under https://vimeo.com/privacy.
dd. Google reCAPTCHA
Our website utilises Google reCAPTCHA to monitor and avoid the interaction of automated access to our site (e.g. via “bots”). This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to solely as “Google”. Google LLC is based in the USA and has certified to the EU-US Privacy Shield data protection agreement, which adheres to the standard of data protection guaranteed in the EU according to the level specified by the European Commission: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
Via this service, Google monitors which IP address you operate the so-called reCAPTCHA input box from, and from which website a request is sent. Apart from your IP address, other information necessary for the service and safeguarding of this service may be collected by Google. Via reCAPTCHA, Google analyses the behaviour of website visitors on the basis of various characteristics. This analysis begins automatically as soon as the visitor accesses the website. For the analysis, reCAPTCHA monitors a variety of information (e.g. IP address, duration of the visitor’s stay on the website or the user’s mouse movements). The data collected in the analysis is transferred to Google. The reCAPTCHA analyses take place entirely in the background. Website visitors are not informed that an analysis is taking place.
The legal basis for the implementation of this service is point f of Art. 6(1) GDPR. It is in our legitimate interest to safeguard our Internet presence and defend it against unwanted, automated access in the form of spam and other harmful programmes. Via https://policies.google.com/privacy, Google provides further information on the general handling of user data and further details concerning the tool utilised here under https://www.google.com/recaptcha/intro/android.html.
e) Data processing when registering for our newsletter
Should you wish to subscribe to the newsletter provided in the member area, we require from you an email address as well as information to allow us to monitor whether you are the holder of the specified email address and whether you agree to receipt of the newsletter. Further data is not collected, or only submitted on a voluntary basis. This data is used exclusively for the dispatch of requested information, and is not forwarded to third parties.
The processing of data entered to the newsletter registration form occurs solely on the basis of your consent (point a of Art. 6(1) GDPR). The given consent to storage of data, the email address and its use to dispatch the newsletter can be revoked at any time, for example via the "unsubscribe” link in the newsletter or by emailing firstname.lastname@example.org. The legality of data processing up to the revocation remains unaffected by the revocation.
We shall store the data concerning your person collected for the purpose of newsletter subscriptions until you cancel the newsletter and deleted after cancellation of the latter. Data which has been stored by us for other purposes shall remain unaffected. If you subscribe to the newsletter as a service towards our members, data processing in this context also occurs pursuant to point b of Art. 6(1) GDPR and in the context of a legitimate interest pursuant to point f of Art. 6(1) GDPR, only if and insofar as you do not demand that we remove your name from the mailing list.
f) Data processing via email contact
If you contact us via email, the data you submit to us (your email address, and if need be your name and phone number) shall be stored by us so we can answer your queries. The data accumulated in this context is erased by us once storage of the same is no longer necessary, or we limit processing if legal retention periods exist.
Data processing for the purpose of making contact with us occurs pursuant to point a of Art. 6(1) sentence 1 GDPR on the basis of your voluntary consent. Additionally, the legal basis for processing may be point b of Art. 6(1) GDPR where establishment of contact occurs for reasons of, or within the framework of, a membership or contractual relationship. In such cases, further data processing occurs as follows as described in Section 4.