Privacy Policy / Youth Internet Governance Forum

Privacy Policy

The original (German) version of the Gesellschaft für Informatik e.V. privacy policy can be found here: https://gi.de/datenschutz/

Hereafter, you find an English translation.

Our privacy policy

The Gesellschaft für Informatik e.V. operates its website to support the implementation of its charitable purposes. The website serves in particular to present the goals, work and activities of the GI, but also to communicate with members and non-members from the field of computer science.

Data protection information for members and interested parties

Information on data protection regarding our data processing in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR). We take data protection seriously and hereby inform you how we process your data and which claims and rights you are entitled to according to the data protection regulations.

Responsible body for data processing

Responsible body in the meaning of data protection law

Gesellschaft für Informatik e.V.

Ahrstraße 45

53175 Bonn, Germany

E-mail: info(at)gi.de

Contact details of our data protection officer:

HEC Harald Eul Consulting GmbH

Auf der Höhe 34

50321 Brühl

E-Mail: data protection officer(at)gi.de

Purpose and legal basis on which we process your data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends to a large extent on the services requested or agreed. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. in connection with the use of our website or our terms and conditions). In addition, this Privacy Statement may be updated from time to time, as you can read on our website at https://gi.de/datenschutz[DK1]

The processing of personal data is carried out to execute our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relationships, e.g. with interested parties. In particular, the processing serves to provide membership services in accordance with your orders and wishes and includes the necessary services, measures and activities. These essentially include contract-related communication with you, the verifiability of transactions, orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures for the control and optimisation of business processes as well as for the fulfilment of general duties of care; statistical evaluations for company management, cost recording and controlling, reporting, internal and external communication, emergency management, invoicing and tax evaluation of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory bodies or supervisory bodies (e.g. audit).

Purposes in the context of a legitimate interest of the Gesellschaft für Informatik e.V. or third parties (Art. 6 para. 1 f GDPR)

Beyond the actual fulfillment of the contract or preliminary contract, we process your data if necessary, if it is necessary to protect legitimate interests of us or third parties, in particular for purposes:

- advertising or market and opinion research, if you have not objected to the use of your data;

- the examination and optimisation of procedures for needs analysis;

- the further development of services and products as well as existing systems and processes;

- the enrichment of our data, including through the use or research of publicly accessible data;

- statistical evaluations or market analysis;

- the limited storage of data, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage;

- the prevention and clarification of criminal offences, unless exclusively for the fulfilment of legal requirements;

- internal and external investigations, security checks;

Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)

A processing of your personal data for certain purposes (e.g. use of your e-mail address for member information, newsletter) can also take place on the basis of your consent. As a rule, you can revoke your consent at any time. You will be informed separately about the purposes and consequences of a revocation or the non-granting of consent in the corresponding text of the consent.

In principle, the revocation of consent will only take effect in the future. Processing that took place before the revocation is not affected by this and remains lawful.

Purposes to fulfil legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Like everyone who participates in economic activities, we are also subject to a large number of legal obligations. These are primarily legal requirements (e.g. trade and tax laws), but may also include regulatory or other official requirements. The purposes of processing may include identity and age verification, compliance with tax control and reporting obligations, archiving data for the purposes of data protection and data security, and verification by tax and other authorities. In addition, the disclosure of personal data may become necessary within the framework of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.

The categories of data processed by us, insofar as we do not receive data directly from you, and their origin

Insofar as this is necessary for the provision of our services, we process personal data received from other companies or other third parties (e.g. credit agencies). In addition, we process personal data which we have taken, received or acquired from publicly accessible sources (e.g. telephone directories, trade and association registers, press, Internet and other media) and are permitted to process.

Relevant personal data categories can be in particular:

- Personal data (name, profession/industry and comparable data)

- Contact data (address, e-mail address, telephone number and similar data)

- Address data (reporting data and comparable data)

- Member history

- Data on your use of the telemedia offered by us (e.g. time of calling up our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)

Recipients or categories of recipients of your data

Within our company, those internal departments or organisational units that need your data to fulfil our contractual and legal obligations or in the context of processing and implementing our legitimate interest will receive it. Your data will only be passed on to external parties

- in connection with the execution of the contract;

- for purposes of fulfilling legal requirements, according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest (cf. Section 2.4);

- insofar as external service providers process data on our behalf as contract processors or function takers (e.g. external computer centres, support/maintenance of EDP/IT applications, archiving, document processing, data destruction, purchasing/procurement, member administration, lettershops, marketing, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);

- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes stated under "Purposes within the scope of a legitimate interest of us or third parties" (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, group companies and committees and supervisory bodies);

- if you have given us your consent to transfer it to third parties.

Beyond that we will not pass on your data to third parties. If we commission service providers to process your data, your data will be subject to the same security standards as ours. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.

Duration of storage of your data

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (Handelsgesetzbuch) and the Fiscal Code (Abgabenordnung). The periods for storage and documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Furthermore, special statutory provisions may require a longer retention period, e.g. the preservation of evidence within the scope of the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data are no longer necessary for the fulfilment of contractual or legal obligations and rights, they are regularly deleted, unless their further processing - for a limited period - is necessary for the fulfilment of the listed purposes for an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and if processing for other purposes is excluded by suitable technical and organizational measures.

Processing of your data in a third country or by an international organisation

A data transfer to locations in states outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) takes place when it should be necessary for the execution of an order/contract by or with you, it is required by law (e.g. tax reporting obligations), it is in the context of a legitimate interest of us or a third party or you have given us consent.

The processing of your data in a third country may also take place in connection with the involvement of service providers within the framework of order processing. If the EU Commission has not decided on an appropriate level of data protection for the country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection regulations. We will provide you with the relevant detailed information on request.

Information on the appropriate or appropriate guarantees and on the possibility of receiving a copy of you can be requested from the company data protection officer on request.

Your data protection rights

Under certain conditions you can claim your data protection rights against us

- Thus you have the right to receive information from us about your data stored with us according to the rules of Art. 15 GDPR (if necessary with restrictions according to § 34 BDSG).

- At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or erroneous.

- If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other statutory provisions (e.g. statutory storage obligations or the restrictions pursuant to § 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not prevent this.

- Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the processing of your data.

- Furthermore, you may object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must terminate the processing of your data. However, this right of objection only applies in very special circumstances of your personal situation, whereby the rights of our company may conflict with your right of objection.

- You also have the right to receive your data under the conditions of Art. 20 GDPR in a structured, common and machine-readable format or to forward it to a third party.

- In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (cf. Section 2.3).

- You also have the right to appeal to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that you always first address a complaint to our data protection officer.

If possible, your requests regarding the exercise of your rights should be addressed in writing to the above address or directly to our data protection officer.

Scope of your obligations to provide us with your data

You only need to provide data which is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later within the framework of the business relationship. If we also request data from you, you will be informed of the voluntary nature of the information separately.

Existence of automated decision-making in individual cases (including profiling)

We do not use purely automated decision-making procedures pursuant to Article 22 GDPR. If we do use such a procedure in individual cases in the future, we will inform you separately if this is required by law. We may process some of your data with the aim of evaluating certain personal aspects (profiling). In order to be able to provide you with targeted information and advice on services, we may use evaluation tools. These enable us to tailor services, communication and advertising to your needs, including market and opinion research.

Information about your right of objection Art. 21 GDPR

1. You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 f GDPR (data processing on the basis of a weighing of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) if there are reasons for doing so which result from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

2 We may also process your personal data for the purpose of direct marketing. If you do not wish to receive advertising, you have the right to object at any time; this also applies to profiling, insofar as it is connected with such direct advertising. We will consider this contradiction for the future.

We will no longer process your data for direct marketing purposes if you object to such processing.

The objection can be made without form and should be addressed to

Gesellschaft für Informatik e.V.

Ahrstraße 45, 53175 Bonn, Germany

Supplementary data protection declaration for our website

This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our web portal and the associated web pages, functions and content as well as external online presences, such as our social media profile. (hereinafter jointly referred to as "web portal"). With regard to the terms used, such as "personal data" or their "processing", we refer you to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Storage of Cookies

Cookies are pieces of information that are transferred from our web server to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. We use temporary and permanent cookies. In some cases, the cookies serve security purposes or are necessary for the operation of our online offer (e.g. for registration in the member area https://meine.gi.de) or to save the user decision when confirming the cookie banner. In addition, we use cookies to measure the range of the website, about which users will be informed in the course of the data protection declaration.

If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

Collection of access data and log files

On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f., we collect GDPR data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify abuse or fraud) and then deleted. Data, the further storage of which is necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.

Range analysis with Matomo (formerly PIWIK)

Matomo collects and stores the following data: the type and version of browser you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, your length of stay on the website and the external links you click on. The user's IP address is anonymised before it is stored.

Matomo uses cookies which are stored on the user's computer and which enable an analysis of the use of our online offer by the user. Pseudonymous user profiles of the users can be created from the processed data. The cookies have a storage duration of one week. The information generated by the cookie about your use of this website will only be stored on our server and not passed on to third parties.

Users can object to the anonymous data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, the opt-out cookie is also deleted and must therefore be reactivated by the users.

Use of videos

Use of YouTube videos

This website uses the service YouTube for the integration of videos. YouTube is operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In order to integrate YouTube videos, we use the "extended data protection mode", which only stores a cookie on the user's computer when the respective YouTube video is played. YouTube states that no personal cookie information is stored when playing embedded videos in advanced privacy mode.

Further information on data processing and information on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/ If you would like to ensure that YouTube does not receive any data from you, please do not click on the embedded YouTube videos.

Use of Vimeo videos

This website uses the service Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011.

When you access the Vimeo plugged subpages of our website, a connection to the Vimeo servers is established and the plugin is displayed. This will tell the Vimeo server which of our subpages or websites you have visited. If you are logged into Vimeo as a member, Vimeo will assign this information to your personal user account. When using the Vimeo plugin, such as clicking the start button of a video, this information is also assigned to your user account. To prevent this from happening, log out of your Vimeo account before using our website and delete the relevant Vimeo cookies.

For more information about Vimeo's data processing and privacy practices, please visit www.vimeo.com/privacy

Our Privacy Policy and the information on data protection regarding our data processing pursuant to Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this page.