PRIVACY POLICY OF GPRA E. V.

Data protection is of particular importance to GPRA. The GPRA website can be used without the need to provide any personal data. However, if a person concerned wishes to make use of special services of our association via our website, processing of personal data may become necessary. The processing of personal data always takes place in accordance with the basic data protection regulation and in accordance with the country-specific data protection regulations applicable to GPRA.
 

  1. NAME AND ADDRESS OF THE PERSON RESPONSIBLE FOR PROCESSING

The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:

 

GPRA e.V.

Leipziger Platz 15

10117 Berlin

 

Phone: +49 (0) 30 – 25894086

E-mail: datenschutz@gpra.de

 

Register of associations number: VR 30846 B

Any person concerned can contact the GPRA office directly at any time with any questions or suggestions regarding data protection.

 

  1. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Ordinance (DSGVO) serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which GPRA is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of GPRA or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for processing.

 

  1. NECESSITY OF PROVIDING PERSONAL DATA

The provision of personal data may be required in part by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). It may be necessary for the conclusion of the membership contract that a person concerned makes personal data available to GPRA, which must subsequently be processed by GPRA. For example, the person concerned is obliged to provide us with personal data if GPRA enters into a contract with him or her as a representative of the member agency. Failure to provide personal data would mean that the contract with the data subject could not be concluded.

If you have any questions, the person concerned must contact our office before providing personal data. It informs the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or required for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

 

  1. DATA ERASURE AND STORAGE DURATION

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject.

The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

  1. ACCESS TO PERSONAL DATA

Within GPRA, only those persons who need the personal data to fulfil the association’s activities and legal obligations have access to it. Service providers used by GPRA outside our association may also receive personal data for these purposes if they comply with our data protection instructions and the provisions of the EU Data Protection Basic Regulation (DSGVO) and the Federal Data Protection Act (BDSG).

 

  1. COLLECTION AND COLLECTION OF PERSONAL DATA
  • MEMBER DATA
  • We process personal data that we receive from our members as part of our association activities. In addition, we process personal data from our partners as well as from interested persons via our website – insofar as this is necessary for our activities as an association.

    The data can be:

    Name

    Address

    e-mail address

    Telephone number

    Employer

    We process the aforementioned personal data in accordance with the provisions of the EU Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG).

  • WEBSITE VISITS
  • Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

    This information (server log files) includes the type of web browser, the operating system used, the domain name of your Internet service provider, the browser type and version used, and similar information. This is exclusively information which does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimize our Internet presence and the technology behind it.

    The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this the IP address of the user must remain stored for the duration of the session.

 

  1. USE OF COOKIES

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

In principle, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via the settings of your browser. Please use the help functions of your Internet browser to find out how you can change these settings. Please note that some features of our website may not work if you have disabled the use of cookies. Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

Language settings

log-in information

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.

 

  1. USE OF GOOGLE ANALYTICS

This website uses Google Analytics, a web analysis service of Google Inc. (following: Google). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will previously be reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website use and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: Browser add-on to disable Google Analytics.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link . An opt-out cookie is installed on your device. This will prevent Google Analytics from collecting data for this website and for this browser in future as long as the cookie remains installed in your browser.

 

  1. USE OF SCRIPT LIBRARIES (GOOGLE WEBFONTS)

In order to present our contents correctly and graphically appealing across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser’s cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.

Calling script libraries or font libraries automatically triggers a connection to the library operator. In theory, it is possible – but currently also unclear whether and, if so, for what purposes – that operators of corresponding libraries collect data.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/

 

  1. SOCIAL PLUGINS

Social plug-ins from the providers listed below are used on our websites. You can recognize the plug-ins by the fact that they are marked with the corresponding logo.

These plug-ins may be used to send information to the service provider, which may include personal data, and may be used by the service provider. We prevent the unconscious and unwanted collection and transmission of data to the service provider through a 2-click solution. To activate a desired social plug-in, it must first be activated by clicking on the corresponding button. Only this activation of the plug-in triggers the collection of information and its transmission to the service provider. We do not collect any personal data ourselves using the social plug-ins or about their use.

We have no influence on which data an activated plug-in collects and how it is used by the provider. At present, it must be assumed that a direct connection to the provider’s services will be expanded and that at least the IP address and device-related information will be recorded and used. It is also possible that the service providers try to save cookies on the computer used. Please refer to the data protection information of the respective service provider to find out which specific data is collected and how it is used.

Note: If you are logged in to Facebook at the same time, Facebook can identify you as a visitor to a specific page. If you do not want Facebook to associate the data collected via our website directly with your Facebook profile, you must log out of Facebook before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy can be found in the data protection information of Facebook: http://www.facebook.com/policy.php

If you are logged in to Twitter at the same time, Twitter can identify you as a visitor to a specific page. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how it is used by Twitter. If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account. For more information, please see Twitter’s privacy policy: https://twitter.com/privacy.

Google receives information via the Google+ button that you have visited our website whenever you are logged in to Google+ at the same time as you visit our website. If you do not want your personal data to be transferred to Google, please log out of your Google+ account. For more information and Google’s privacy policy, please visit https://www.google.de/intl/de/policies/privacy/

We have integrated the social media buttons of the following companies on our website:

Facebook Inc. (1601 p. California Ave – Palo Alto – CA 94304 – USA)

Twitter Inc. (795 Folsom St. – Suite 600 – San Francisco – CA 94107 – USA)

Google Inc. (1600 Amphitheatre Parkway – Mountain View – CA 94043 – USA)

 

  1. CONTACT FORM AND E-MAIL CONTACT

On our website there is a contact form which can be used for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved.

 

This data is:

Name

E-mail addresses

At the time the message is sent, the following data is also stored:

The IP address of the user

the date and time of registration

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored.

In either case, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing of data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract (membership), then additional legal basis for the processing is Art. 6 exp. 1 lit. b DSGVO.

The processing of the personal data from the input mask serves us only for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

You have the possibility to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

 

  1. SSL ENCRYPTION

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

 

  1. AUTOMATED DECISION MAKING

As a responsible association, we do without automatic decision making or profiling.

 

  1. RIGHTS OF THE DATA SUBJECT

If personal data are processed by you, you are affected within the meaning of the DSGVO and you have the following rights vis-à-vis the person responsible:

 

  • RIGHT TO INFORMATION
  • You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

    If such processing has taken place, you can request the following information from the person responsible:

    1. the purposes for which the personal data are processed;
    2. the categories of personal data processed;
    3. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
    4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
    5. the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing;
    6. the existence of a right of appeal to a supervisory authority;
    7. any available information on the origin of the data if the personal data are not collected from the data subject;
    8. the existence of automated decision making including profiling in accordance with Art. 22 para. 1 and 4 DSGVO.

    You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transmission.

 

  • RIGHT TO CORRECTION
  • You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

     

  • RIGHT TO LIMITATION OF PROCESSING
  • Under the following conditions, you may request that the processing of personal data concerning you be restricted:

    1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
    2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
    3. the data controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
    4. if you have filed an objection to the processing pursuant to Art. 21 para. 1 DSGVO and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

    If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

    If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

 

  • RIGHT TO CANCELLATION
  • You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

    1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
    2. you revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO, and there is no other legal basis for the processing.
    3. you file an objection against the processing pursuant to Art. 21 para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 DSGVO.

    4 The personal data concerning you have been processed unlawfully.

    1. the deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.

    6) The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO.

    If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 DSGVO, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

    The right to cancellation does not exist insofar as the processing is necessary

    1. to exercise freedom of expression and information;
    2. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
    3. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;
    4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
    5. to assert, exercise or defend legal claims.

 

  • RIGHT TO INFORMATION
  • If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

    The person responsible shall have the right to be informed of such recipients.

 

  • RIGHT TO DATA TRANSFERABILITY
  • You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

    1. processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
    2. processing is carried out using automated methods.

    In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

    The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

 

  • RIGHT OF OBJECTION
  • You have the right to object at any time for reasons arising from your particular situation to the processing of your personal data in accordance with Art. 6 para. 1 lit. e or f DSGVO.

    The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

    You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

 

  • RIGHT TO REVOKE THE DATA PROTECTION DECLARATION OF CONSENT
  • You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

 

  • RIGHT OF APPEAL TO A SUPERVISORY AUTHORITY
  • Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the DSGVO.

    The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.

 

  1. DATA PROTECTION FOR APPLICATIONS

The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing can also be carried out electronically if an applicant sends corresponding application documents, for example by e-mail to GPRA.

If GPRA concludes an employment contract with the applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no contract of employment is concluded between GPRA and the applicant, the application documents will be automatically deleted two months after notification of the decision of rejection, provided that there are no other legitimate interests of the controller in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

 

  1. CHANGES TO OUR PRIVACY POLICY

We reserve the right to occasionally adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply for your next visit.

 

  1. QUESTIONS TO THE DATA PROTECTION OFFICER

If you have any questions about data protection, please write us an e-mail or contact our office directly at:

 

datenschutz@gpra.de