Data protection regulations
Data protection rules of the European Academy for Freedom of Information and Data Protection (EAID) – Updated: 28 February 2021
1.The European Academy for Freedom of Information and Data Protection e.V., Bismarckallee 46/48, 14193 Berlin (hereinafter: EAID) informs by these data protection regulations according to Art. 13 of the European Data Protection Regulation (DS-GVO) that it as a controller processes personal data about the following persons from them:
c) Event participants,
d) Interested persons,
e) Users of the EAID website.
2.These data are processed exclusively for the pursuit of the association’s purpose as stated in § 2 of the EAID statutes, in particular for communication with members, speakers and participants, including invitations to and the implementation of events, the collection, collection and settlement of contributions, fees and participation fees.
Data will only be used for other purposes incompatible with the original purpose if the data subjects have given their consent.
The personal data will be processed exclusively in the European Union, unless otherwise specified in detail (4.1).
3. The following data are regularly processed in connection with membership:
a) Name, first name
b) Start and end of membership
c) Amount of the membership fee according to the contribution rules and payment status
d) Contact details (postal address, e-mail address if applicable, telephone number or other identifier for electronic services).
e) Bank details (in case of direct debit authorization)
These data will not be passed on to third parties without the consent of the members concerned. They will be deleted upon termination or exclusion member concerned, provided that he or she has paid all due contributions.
4. For organisation of events, the following data of speakers, presenters and participants are collected from them and processed:
a) Name, Vorname
b) Contact details (postal address, e-mail address if applicable, telephone number or other identifier for electronic services).
c) Bank details (only for speakers), if a fee or reimbursement of costs has been agreed upon and, if applicable, also for participants for the processing of participant fees in the case of offers with costs).
The surnames and first names and, if applicable, the function of the speakers will be published on the EAID website in connection with the announcement of the respective event. If a printed list of participants is made available at the respective event, the names and other data of the participants will only be included in this list with their consent.
For invitations and other information about the work of EAID, the data is processed on the basis of Art. 6 para. 1 sentence 1 lit f) DSGVO. If a participant objects, his/her contact data will no longer be used for this purpose. The participants will be informed of their right to object. Insofar as there are no legal obligations to store data (such as tax retention obligations under the German Fiscal Code), participant data will be deleted if the participant requests deletion.
4.1 Privacy notices for online meetings, telephone conferences and webinars via „GoToMeeting“
We use the tool “GoToMeeting” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”), insofar as no special categories of personal data (Art. 9 (1) DS-GVO) are processed in the process. A call to the website is only necessary for the use of “GoToMeeting” in order to download the software for the use of “GoToMeeting”. You can also use “GoToMeeting” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “GoToMeeting” app.
If you do not want to or cannot use the “GoToMeeting” app, then the basic functions can also be used via a browser version, which you can also find on the “GoToMeeting” website.
a) Data processing outside the European Union
“GoToMeeting” is a service of the LogMeIn group of companies, which is headquartered in the United States. If you are visiting their websites from the European Union and/or the European Economic Area, the primary controller is LogMeIn Ireland Unlimited Company, an Irish company located at The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Republic of Ireland. For technical processing, LogMein also makes use of services hosted in third countries, especially in the USA. In this respect, it can be assumed that data is also transmitted to the USA during use.
The EAID has concluded an order processing contract with the provider that complies with the requirements of Art. 28 GDPR. In it, Logmein undertakes to comply with the provisions of the GDPR. According to the data processing addendum to the usage agreements with LogMeIn, the transfer of personal data to third countries outside the European Union takes place on the basis of the standard contractual clauses approved by the European Commission (see Annex 3 to the data processing addendum). Please note that the standard contractual clauses are currently being revised in accordance with the judgment of the European Court of Justice of July 16, 2020 (Case C-311/18 – “Schrems II”).
b) Welche Daten werden verarbeitet?
When using “GoToMeeting”, various types of data are processed. The scope of the data also depends on the personal information you provide before or during participation in an “Online Meeting” and how you use the service.
The following personal data are subject to processing:
User details: First name, last name, phone (optional), email address, password (if “single sign-on” is not used), profile picture (optional) – A pseudonym can also be used instead of the first and last name.
Meeting-Metadata: Subject and description of messages (optional), subscriber IP addresses, device/hardware information. By using protected connections (e.g. VPN tunnels, anonymization services) you can reduce the amount and traceability of metadata.
Bei Aufzeichnungen (optional): MP4-Datei aller Video-, Audio- und Präsentationsaufzeichnungen, M4A-Datei der Audioaufzeichnungen, Textdatei des Online-Meeting-Chats.
When dialing in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as (e.g. the IP address of the device) can be stored. If you deactivate the display of caller ID for your device when dialing in with the phone, your phone number will not be recorded and displayed by GoToMeeting.
Text, audio and video data: In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device will be processed accordingly during the duration of the meeting, provided that you have enabled these for the service on your terminal device. You can switch off or mute the camera or microphone yourself at any time via the “GoToMeeting” applications.
When using the chat, question or survey functions, the text entries you make are processed in order to display them in the “online meeting” and log them if necessary.
To participate in an “online meeting” or to enter the “meeting room”, you can provide information about your name. The use of a pseudonym is possible. The name you provide may also be displayed to other participants of the respective meeting.
c) Scope of processing
If we want to record “online meetings”, we will inform you in advance and – if necessary – ask for consent. The fact of the recording will also be displayed to you in the “GoToMeeting” app and the start of the recording as well as its end will be announced automatically to all participants.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case. Here, too, logging may only take place if we have informed you of this in advance. In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up webinars.
If you are registered as a user at “GoToMeeting”, reports about “Online Meetings” (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at “GoToMeeting” for up to one month.
The option of software-based “attention monitoring” (“attention tracking”) that exists in “online meeting” tools such as “GoToMeeting” is deactivated.
d) Purposes and legal basis of data processing for online meetings
The online meetings organized by the EAID serve the purposes of the association as defined in § 2 of the EAID statutes, in particular the promotion of education as well as the general promotion of democratic governance with regard to the fundamental rights to data protection and freedom of information through lecture events, expert panels and panel discussions.
With the acceptance of the invitation to the online meeting and your registration on the platform, the processing of your personal data by EAID takes place on the basis of Art. 6 para. 1 lit. f GDPR (protection of a legitimate interest). This also applies to in connection with the use of additional functions (e.g. chat function). If you have concerns about the processing, you are free to deactivate your camera and microphone, not use additional functions, not participate in or leave the meeting. No data will be collected from the end of the connection.
e) Empfänger / Weitergabe von Daten
In the case of online meetings that serve to exchange information and opinions, the content you communicate in words, images and text naturally becomes known to the other participants and, in the case of public online conferences, may also be generally accessible (e.g. via streaming). Incidentally, personal data processed in connection with participation in “online meetings” will not be passed on to third parties by EAID unless you have consented to the passing on of such data.
The provider of “GoToMeeting” necessarily obtains knowledge of the above-mentioned data to the extent that this is provided for and required under our order processing agreement with “GoToMeeting”. It may only process this data within the framework of the contractual relationship, unless you have permitted the company to process the data relating to you in a more extensive manner.
5. For the provision of the web offer, the organization of events and for the performance of accounting, personal data required for these purposes may be passed on to a processor. Insofar as data is processed by a processor on behalf of EAID, the processor shall ensure that the data remains adequately protected and is not misappropriated. Specific information on order processing is provided on the registration website for the respective event, if applicable.
6. Only the members of the Executive Board and – in the case of event participants – the processor entrusted with the processing may access the data of members, speakers and participants.
7. The EAID reserves the right to publish pictures and contributions of speakers at its events either live or time-delayed as a video or audio stream, unless they object. Pictures and discussion contributions from other participants will only be published if they have given their consent.
8. The persons named in item 1 have the right to request information about the data stored about them (Art. 15GDPR). They may also request the correction, deletion or restriction of the processing of this data (Art. 15 – 18 GDPR) and object to data processing for reasons arising from their particular situation in accordance with Art. 21 GDPR. Furthermore, they may complain to the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, about the processing of their data by EAID if they believe that it violates data protection regulations.
9. Each time a user accesses the EAID’s Internet offer and each time a file is retrieved, data about this process is briefly stored and processed in a log file for technical reasons.
In detail, the following data is stored about each access and retrieval:
• calling IP address
• Date, time and time zone
accessed page or file including size and transfer status
• Bezeichnung des Browsers
Referrer if applicable
The IP addresses that are retrieved are only evaluated to identify illegal use and then anonymized – usually no later than 24 hours after retrieval. For statistical purposes, no individual visitors are counted, only page views. Therefore, no IP addresses are stored for this purpose. Only three categories of data are stored locally for statistical purposes: the time stamp for documenting the page call, the linking page and the page called up.
The comment function is enabled on some EAID websites. Comments can be made with the author’s name, under a pseudonym or without naming the author. In the case of comments, the IP address of the system from which a comment was sent is stored.
Since the web offer is hosted by a provider, the data required for retrieval is transferred to this provider. No other use or transfer of data to other third parties takes place.
The legal basis for the processing of the data of the members of the association is the statutes of the EAID in the currently valid version in conjunction with Art. 6 para. 1 lit. b GDPR. The data of persons who participate in EAID events, act as speakers at such events or use the EAID’s internet offer are processed on the basis of Art. 6 para. 1 lit. b) and f) GDPR. The legitimate interest in the processing pursuant to Art. 6 para. 1 lit. f) consists in the implementation of the events and the provision of the internet offer.
Insofar as the data processing takes place with the consent of the data subjects, Art. 6 para. 1 lit. a) GDPR is relevant. The consent can be revoked at any time with effect for the future.
11.These data protection regulations come into force on May 25, 2018. The German text of these rules is authoritative.
Copyright notice: This text may be used freely with attribution. The authors are not liable for the use of the text by third parties (CC-by).