You are here

Privacy Policy

We are pleased that you are interested in our online presence and service. You are of course welcome to use our web pages without revealing your identity. Since we obviously wish to protect your data, we take this matter very seriously. This privacy policy serves to explain to you what information and personal data you transfer when you visit our website and how it is used and to what purpose. “Personal data” means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR), such as a name, address, email address or the user’s behaviour.

§ 1 Controller’s name and contact information

The controller pursuant to Art. 4(7) EU General Data Protection Regulation (GDPR) is the

European Association for the Study of Diabetes (EASD) e.V.

Rheindorfer Weg 3
40591 Düsseldorf
Germany

Phone: +49 211 758 469 0
Fax: +49 211 758 469 29

Email: secretariat@easd.org

§ 2 Data protection officer

Our data protection officer can be reached via datenschutz@easd.org or by letter to our postal address c/o “Data protection officer”. The relevant contact data can be found in the imprint.

§ 3 Processing of personal data / legal basis / duration of storage

Via the web pages of www.easd.org, apart from your IP address, no personal data whatsoever (e.g. names, addresses, phone numbers or email addresses) is processed, unless you voluntarily submit such data to us. Specifically, when you visit our site, your data is processed as follows:

a) Data processing when visiting the website

When using the website merely for information purposes, i.e. when you do not register or transfer information for any other reason, we only process the personal data your browser transmits to our server. In order to present our website to you and guarantee its stability and safety, we require, for technical reasons, the following data to allow you to view it, the legal basis being point f of Art. 6(1), sentence 1 GDPR:

  • the IP address
  • the date and time of access
  • the time difference from GMT (Greenwich Mean Time)
  • the content of the request (specific page)
  • the access status/HTTP status code
  • the respective data volume transferred
  • the referrer website
  • the browser
  • the operating system and its interface
  • the language and version of the browser software

The data is erased as soon as the purpose of transmission has been fulfilled. In the case of collection of data for presentation of the website, this applies when the respective session is over. Storage beyond this time period is possible. In this case, the user’s IP address is erased, so that the accessing client can no longer be assigned to the former. The collection of data for presentation of the website and the storage of the former in log files is essential for the site’s operation.

b) Data processing via cookies

In addition to the aforementioned data, cookies are stored onto your computer whenever you use our website. Cookies are small text files which are deposited on your hard drive and assigned to the browser you use, passing on certain information to the location at which the cookie is deposited (in this case by us). Cookies are unable to run programmes or transfer viruses to your computer. Their general purpose is to make the internet service more user-friendly and effective. For example, we apply cookies in order to identify you on further visits when you have an account with us. Failing this, you would have to login anew every time you visited us.

Cookies are stored onto your computer/terminal and transmitted from here to our website. Consequently, as a user you have full control over the application of cookies. By changing the settings in your internet browser, you can deactivate or limit the transfer of cookies and, for example, refuse to allow third-party cookies or cookies in general. However, if you deactivate cookies for our website, you may not be able to use the site’s features to the full.

Via your browser, you can also, at any time, delete all cookies which have so far been stored. For more details, please check your browser’s help functions. Please bear in mind that certain functions may in this case no longer be available. Furthermore, the following website can assist you in managing and deactivating third party cookies: http://www.youronlinechoices.com/uk/your-ad-choices. Since we do not operate this website, we assume no liability for it and have no influence over content and availability.

This website specifically uses the following types of cookies, the scope and functionality of which are described as follows:

  • transient cookies (see aa)
  • persistent cookies (see bb).

aa. transient cookies are erased automatically, as soon as you close your browser. This applies in particular to the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to a common session. In this way, your computer terminal can be identified when you return to our website. As soon as you log out or close your browser, the session cookies are deleted.

bb. persistent cookies are automatically erased after a prescribed period which can vary from cookie to cookie. You can delete the cookies at any time in your browser’s security settings.

If you login to our website, the session cookie is supplemented by your so-called user ID; this information is stored for 120 minutes and then erased.

Cookies, which are used to implement the electronic communication process or which are required for the presentation of certain features of your choice, are stored on the basis of point f of Art. 6(1) GDPR. We have a legitimate interest in storing cookies in order to provide error-free technology and an optimum presentation of our services. Since we are able via the cookies to determine when you re-visit our site, your use of the latter has been made more convenient, also on the basis of our legitimate interest, so that you do not for example have to login if you have an account with us.

When you read and agree to the notice on our website on the implementation of cookies, you at the same time accept the processing of data via cookies pursuant to point a of Art. 6(1) GDPR. If you agree to the application of cookies, a so-called acceptance cookie is then implemented. The latter’s only content is a notice that the cookie has been clicked and that the application of session cookies has been approved of.

Insofar as other cookies are stored, such as ones which analyse your surfing behaviour, these are dealt with separately in this privacy policy. Data processing via analytics tools and tracking / implementation of Google Analytics.

This website uses features from the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irish Republic. Google Analytics utilises so-called “cookies”, text files which are stored on your computer and which are able to analyse your use of the site. The information generated by the cookie about your use of this website is as a rule transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, however, your IP address shall be shortened beforehand by Google within the member states of the European Union or in other signatory states of the Agreement of the European Economic Area. Specifically, we use Google Analytics here with the add-on “_anonymizeIp()”. This allows IP addresses to be further processed in short form in order to rule out identification of the website user. If personally identifiable information appears in the data collected concerning you, it is then removed immediately and the personal data is erased there and then.

In exceptional cases only, the full IP address is transferred to a Google server in the USA and truncated there. Google uses this information on our behalf to analyse your use of the website, to compile reports on website activity, and to provide us with further services in connection with website and Internet use. Google has assured us that the IP address transmitted from your browser in connection with Google Analytics is not combined with other Google data.

We have signed an order processing contract with Google and adhere entirely to the strict regulations stipulated by German data protection authorities on the use of Google Analytics.

We apply Google Analytics to analyse the use of our website and to regularly improve it. The statistics we gather help us to improve our service and to make it more interesting for you as a user. Concerning exceptional cases in which personal data is transferred to the USA, Google has agreed to comply with the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. The legal basis for the use of Google Analytics is therefore also point f of Art. 6(1) GDPR. Data stored by Google on a user and event level and which is linked to cookies and identifiers (e.g. User ID), is not automatically erased. For further details see also: https://support.google.com/analytics/answer/7667196?hl=en.

You may prevent the storage of cookies by setting your browser software correspondingly, but we must remind you that in this case you will probably be unable to use all features of our website to the full. Apart from that, you can prevent Google from collecting and processing the data generated by the cookie (including your IP address) and relating to your use of the site by downloading and installing the available browser plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

In the case of (mobile) terminals, at which it may not be possible to install this plug-in, you can prevent Google from collecting and processing the data generated by the cookie (including your IP address) and relating to your use of the site by clicking

An opt-out cookie is then deposited on your terminal. We remind you, however, that in this case you may not be able to use all features of our website to the full. If you wish to erase your cookies, you must re-click the link.

c) Data processing via social media sites (Facebook / Twitter)

aa. Data processing by way of our links to social media

Currently, we do not use any social media plug-ins on our site www.easd.org. This means that when you visit our original Internet presence, at first no personal data whatsoever is transferred to providers of plug-ins. We merely provide links to our Facebook and Twitter pages. Only when you click the respective link and by doing so access our Facebook or Twitter pages does the provider receive the message that you have used the services on our website. Also, the data mentioned in Section 3 a) of this declaration is transferred.

In the case of Facebook, they claim that in Germany the IP address is immediately made anonymous after collection. When you access our pages in Facebook and Twitter, personal data is accordingly transferred to the respective provider and stored on American servers in the USA. We neither have any influence on data collected and processed by Facebook and Twitter nor have we knowledge of the entire extent of data collection, the purposes of data processing there, or the providers’ exact data retention periods. We also have no precise information on erasure of data by the provider.

bb. Data processing via the social networks

When you visit our pages on Facebook and Twitter, the respective provider stores the data collected concerning you as user profiles and uses it for advertising, market research and/or the needs-based design of his website. Such an analysis is used in particular (even with users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. When you visit our social media presences, numerous privacy related processing procedures are set in motion.

In detail: when you login to your social media account and visit our social media page, the provider of the social media portal can assign this visit to your user account. We recommend that you log out regularly after using a social network in order to prevent the provider from assigning you to your profile.

Your personal data can however in some cases be collected even when you are not logged in or do not have an account with the relevant social media portal. This collection of data takes place in this instance for example via cookies which are stored on your terminal or via registration of your IP address. With the aid of data collected in this way, the providers of social media portals can generate user profiles in which your preferences and interests are filed. In this way, interest-related advertising can be displayed to you both inside and outside the respective social media site. In cases where you have an account at the respective social network, this interest-related advertising can be displayed on all devices you are or were logged into.

Please bear in mind that despite all our efforts, we are not always able to trace all processing procedures carried out in the social media portals. For this reason, depending on the provider, further processing procedures may be carried out by the controllers of social media portals. For details, please consult the terms of use and privacy policies of the respective social media sites.

cc. Legal bases and responsible authorities

By way of our Facebook and Twitter sites we give you the chance to interact with the social media and other users, thus allowing us to improve our service and to develop it in a more interesting way for users like yourself. Additionally, through our services in the social networks we aim to provide a comprehensive media presence which guarantees that our targets as an association are reached. These interests constitute legitimate interests pursuant to point f of Art. 6(1) sentence 1 GDPR. The analytical processes initiated by the social networks may be based on deviating legal bases which must be specified by the social media providers (e.g. consent in the meaning of point a of Art. 6(1) GDPR.

When you visit one of our social media sites (e.g. Facebook), we are jointly responsible along with the operator of the social media platform for the data processing procedures triggered off by this visit. You can categorically exercise your rights (access, rectification, erasure, restriction of processing, data portability, complaints) against us and against the operator of the respective social media portal (e.g. Facebook). Please bear in mind that despite our joint responsibility with the operators of social media portals, we do not have complete influence over the latter’s data processing procedures. Our capabilities are largely determined by the respective provider’s corporate policy.

dd. Duration of storage

The data directly collected by us via the social media site is erased as soon as the purpose of storage has been fulfilled, you demand its erasure, you revoke your consent to storage or if the purpose of data storage ceases. Stored cookies remain on your terminal until you delete them. Mandatory legal provisions, especially retention periods, remain unaffected. We have no influence over the length of storage of your data by providers of social networks for their own purposes. For any further particulars, please contact the providers directly, for instance by consulting their privacy policies (see below).

ee. Specific social networks

(1) Facebook

The provider of our Facebook profile is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook has certified to the EU-US Privacy Shield: (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC). We have signed an agreement with Facebook on common processing (Controller Addendum). This agreement stipulates which data processing procedures we or Facebook are responsible for whenever you visit our Facebook page. It is viewable under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can also adjust your advertising preferences independently in your Facebook user account. To go there, please click the following link and login to: https://www.facebook.com/settings?tab=ads.

The details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

(2) Twitter

We utilise the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter has certified to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO.

You can also adjust your advertising preferences independently in your Twitter user account. To go there, please click the following link and login to: https://twitter.com/personalization.

The details can be found in Twitter’s privacy policy: https://twitter.com/en/privacy.

d) Data processing via third party plugins and tools

aa. Google Maps

Our online service includes the use of Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for the display of interactive maps, allowing the visualisation of geographic information. When you use this service, our location or the location of selected venues and/or hotels are displayed and journeys to your destination facilitated. This constitutes a legitimate interest pursuant to point f of Art. 6(1) GDPR.

As soon as subpages are accessed which are linked to Google Maps, information on your use of our site such as your IP address is transferred to Google servers in the USA and stored there. This takes place regardless of whether Google provides a user account which you are logged into, or whether you are without an account. If you are logged into Google, your data is directly assigned to your account. If you do not wish to be assigned to your Google profile, you must log out before you activate the button. Google stores data as user profiles (even if users are not logged in) and analyses it. An analysis of this kind takes place in particular pursuant to point f of Art. 6(1) GDPR on the basis of Google’s legitimate interest in displaying personalised advertising, market research and/or needs-based design of its website.

You have a right to object to the generation of this user profile, however you must contact Google directly in order to exercise this right. For more details please read Google’s privacy policy under https://www.google.com/policies/privacy. The opt-out clause ought to be available via the following link: http://www.google.com/settings/ads/.

Google LLC is based in the USA and has certified to the EU-US Privacy Shield data protection agreement, which adheres to the standard of data protection guaranteed in the EU according to the level specified by the European Commission: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

If you do not agree with the future transfer of data to Google within the framework of use of Google Maps, you have the option of completely deactivating the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and consequently the map display on this website can then no longer be used.

Google’s terms of use can be consulted under: http://www.google.de/intl/en/policies/terms/regional.html, whereas the additional terms of use for Google Maps can be found at https://www.google.com/intl/en_US/help/terms_maps.html. Detailed information on data protection in connection with the application of Google Maps can be found on Google’s website (“Google Privacy Policy”): http://www.google.de/intl/en/policies/privacy/.

bb. Google Web Fonts

For the uniform display of fonts, this site utilises the so-called web fonts Google provides. When a page is accessed, your browser uploads the required web fonts to your browser cache in order to properly display texts and fonts.

To this aim, the browser you utilise must make contact with Google’s servers. At the same time, Google is informed that our website was accessed via your IP address. The use of Google Web Fonts takes place in the interest of an appealing, uniform display of our online services. This constitutes a legitimate interest pursuant to point f of Art. 6(1) GDPR.

If your browser does not support web fonts, a standard font from your computer is applied. Further details of Google Web Fonts can be found under https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

cc. Vimeo

For visualisation and reproduction of content, we have included videos from the “Vimeo” Attention platform on our website. Vimeo Inc. Legal Department, 555 West 18th Street New York, New York 10011, USA. This constitutes a legitimate interest pursuant to point f of Art. 6(1) GDPR. When you access one of the submenu pages of our web presence containing a Vimeo plug-in, to play a video for instance, your browser establishes a direct connection to the servers of Vimeo, thus showing the plug-in. At the same time, the Vimeo server is informed as to which of our web pages you have visited. If you are now logged in as a member of Vimeo (which of course is not mandatory just to view our videos), Vimeo assigns this information to your personal user account. If you utilise the plug-in in that you for example click the start button of a video, this information is similarly assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and erasing the corresponding Vimeo cookies. Further information on data processing and references to Vimeo’s data protection can be found under https://vimeo.com/privacy.

dd. Google reCAPTCHA

Our website utilises Google reCAPTCHA to monitor and avoid the interaction of automated access to our site (e.g. via “bots”). This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to solely as “Google”. Google LLC is based in the USA and has certified to the EU-US Privacy Shield data protection agreement, which adheres to the standard of data protection guaranteed in the EU according to the level specified by the European Commission: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

Via this service, Google monitors which IP address you operate the so-called reCAPTCHA input box from, and from which website a request is sent. Apart from your IP address, other information necessary for the service and safeguarding of this service may be collected by Google. Via reCAPTCHA, Google analyses the behaviour of website visitors on the basis of various characteristics. This analysis begins automatically as soon as the visitor accesses the website. For the analysis, reCAPTCHA monitors a variety of information (e.g. IP address, duration of the visitor’s stay on the website or the user’s mouse movements). The data collected in the analysis is transferred to Google. The reCAPTCHA analyses take place entirely in the background. Website visitors are not informed that an analysis is taking place.

The legal basis for the implementation of this service is point f of Art. 6(1) GDPR. It is in our legitimate interest to safeguard our Internet presence and defend it against unwanted, automated access in the form of spam and other harmful programmes. Via https://policies.google.com/privacy, Google provides further information on the general handling of user data and further details concerning the tool utilised here under https://www.google.com/recaptcha/intro/android.html.

e) Data processing when registering for our newsletter

Should you wish to subscribe to the newsletter provided in the member area, we require from you an email address as well as information to allow us to monitor whether you are the holder of the specified email address and whether you agree to receipt of the newsletter. Further data is not collected, or only submitted on a voluntary basis. This data is used exclusively for the dispatch of requested information, and is not forwarded to third parties.

The processing of data entered to the newsletter registration form occurs solely on the basis of your consent (point a of Art. 6(1) GDPR). The given consent to storage of data, the email address and its use to dispatch the newsletter can be revoked at any time, for example via the "unsubscribe” link in the newsletter or by emailing newsletter@easd.org. The legality of data processing up to the revocation remains unaffected by the revocation.

We shall store the data concerning your person collected for the purpose of newsletter subscriptions until you cancel the newsletter and deleted after cancellation of the latter. Data which has been stored by us for other purposes shall remain unaffected. If you subscribe to the newsletter as a service towards our members, data processing in this context also occurs pursuant to point b of Art. 6(1) GDPR and in the context of a legitimate interest pursuant to point f of Art. 6(1) GDPR, only if and insofar as you do not demand that we remove your name from the mailing list.

f) Data processing via email contact

If you contact us via email, the data you submit to us (your email address, and if need be your name and phone number) shall be stored by us so we can answer your queries. The data accumulated in this context is erased by us once storage of the same is no longer necessary, or we limit processing if legal retention periods exist.

Data processing for the purpose of making contact with us occurs pursuant to point a of Art. 6(1) sentence 1 GDPR on the basis of your voluntary consent. Additionally, the legal basis for processing may be point b of Art. 6(1) GDPR where establishment of contact occurs for reasons of, or within the framework of, a membership or contractual relationship. In such cases, further data processing occurs as follows as described in Section 4.

§ 7 Automated decision-making in specific cases, including profiling

Automated decision-making including profiling does not regularly take place with us.

§ 8 Your rights

As a user of this service, you have the right at any time inter alia, to access, rectification, erasure and restriction of the data stored concerning you. Specifically, you can exercise the following rights:

  • pursuant to Art. 7(3) GDPR, the right to withdraw consent previously given to us at any time. The consequence of this is that in future we may no longer continue to process data based on this consent;
  • pursuant to Art. 15 GDPR, the right to obtain confirmation as to whether or not we process personal data concerning you. If this is the case, you have the right to further obtain, in particular, information on the purpose of processing, the category of personal data, the categories of recipients towards which your data was or shall be disclosed, the length of storage, the existence of a right to rectification, erasure, restriction of processing or to object, the existence of a right to appeal, to the source of your data insofar as it has not been collected by us as well as the existence of automated decision-making including profiling and possibly the right to demand meaningful information on its particulars; the right pursuant to Art. 16 GDPR to have incomplete personal data stored by us concerning you completed without undue delay;
  • pursuant to Art. 17 GDPR, the right to obtain the erasure of personal data concerning you except where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise or defence of legal claims; pursuant to Art. 18 GDPR, the right to obtain restriction of processing of personal data concerning you where the accuracy of the personal data is contested by you, the processing is unlawful and yet you oppose the erasure of the latter and we no longer require the data, you however require it for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, the right to obtain the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format or to have it transmitted to another controller, and
  • pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can in this case consult the supervisory authority of your usual place of residence or work or that of our HQ.

However, we ask you to contact us in advance as the controller of data processing or to get in touch with our data protection officer. In this way, many queries can be clarified in advance.

§ 9 Data security

We apply the standard SSL (Secure Socket Layer) procedure during visits to the website in conjunction with the highest level of encryption supported in each case by your browser. As a rule, this consists of a 256-bit encryption. You are able to tell if a given page of our website is transferred in encrypted form by way of the closed key or padlock icon in the lower status bar of your browser.

Incidentally, we apply suitable technical and organisational security measures to protect your data from random or deliberate manipulation, partial or complete loss or destruction, or against unlawful third party access. We continually improve our security measures in line with technical developments.

§ 10 Information on your right to object pursuant to Art. 21 GDPR

a) Individual right to object

You have the right, on grounds relating to your personal situation, at any time to object to processing of personal data concerning you which is based on point e of Art. 6(1) GDPR (data processing for reasons of public interest) and point f of Art. 6(1) GDPR (data processing on the basis of a balancing of interests). Where you object to processing, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

b) Right to object to processing of data for direct marketing purposes

In isolated cases we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning you for the purpose of such marketing. Where you object to processing for reasons of direct marketing, we shall no longer process your personal data for such purposes.

c) Recipient of an objection

Should you wish to make use of your right to object, simply email us: secretariat@easd.org or  send a message to our data protection officer via datenschutz@easd.org. You may of course at any time get in touch with us via the contact data in our imprint.

§ 11 Topicality and alterations to this privacy policy

This privacy policy is currently valid as of February 2019. Due to further development of our website and services relating to it or in view of amended legal or official requirements, this privacy policy may occasionally have to be updated. You can access and print out the latest update of our privacy policy at any time under https://www.easd.org/easd/privacy-policy.html.