OFFIS e.V. is responsible for data collection and processing.
We generally only collect the data which is required by law or by contract, or required in order to fulfill a contract.
You may provide further data, e.g. your day of birth, voluntarily. If you choose not to provide that information, this will not have any negative consequences.
Data processing for the fulfillment of a contract:
If an exchange of services takes place with you, we process your commercial contact details (name, address, e-mail address, phone number) according to Sec. 6 para. 1 lit. b GDPR for the purpose to fulfill a contract.
If necessary, personal data will be passed on to the companies involved in the processing of this contract, e.g. to credit institutions or PayPal Plus for payment processing.
The data which is necessary for the fulfillment of a contract will be deleted within 6 months after termination/fulfillment of the contract; during that time it will only be kept in order to be able to respond to queries. The data will not be deleted as long as there are any outstanding invoices which are to be collected. Should there be any legal retention requirements, the affected data will be archived for the prescribed period.
Data processing based on consent:
If you have given a separate consent, the processing will be based on Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time, without this affecting the legitimacy of previous data processing. When you revoke you consent, we will stop the data processing.
Data processing for information purposes:
We process your data for the purpose of providing you with information about our activities in research and development in the field of computer science. This may include sending our “Datawork” magazine, our annual report, a newsletter and invitations to events. In individual cases, we may also ask you to take part in a survey. Data processing is carried out on the basis of Sec. 6 para. 1 lit. f GDPR and in the interest of informing you about our activities and innovations in the field of our research. You have a right of objection to such processing, the exercise of which leads to the termination of processing for information purposes (see below). If data is stored exclusively for information purposes, it will be deleted after the objection has been raised.
We only transfer your personal data to third parties (e.g. to credit institutions for payment handling) if a legal norm (e.g. one of the above-mentioned) permits to do so.
We may also transfer your personal data to external service providers (e.g. IT service provider, companies that archive or destruct data, printing services) that support us within the scope of commissioned data processing as per our instructions.
Data processing outside of the EU or the EEA does not take place.
We will not sell or otherwise market your personal data to third parties.
Rights of the Data Subject:
Data subjects have the right to obtain information from the responsible party regarding their personal data, and they have to right to rectification of inaccurate data, or to data erasure if one of the reasons stated in Art. 17 GDPR applies, e.g. the data is no longer required for the purpose for which it was collected. In addition, data subjects have the right to have the processing restricted under the conditions stated in Art. 18 GDPR, or, in cases according to Art. 20 GDPR, they have the right to data portability. If data is collected based on Art. 6 para. 1 lit. e (data processing in the public interest or in the exercise of official authority) or based on lit. f (Data Processing in pursuance of legitimate interests), the data subject has the right to object to the data processing on ground of his or her particular situation. We will then no longer process your personal data, unless compelling legitimate grounds for the processing override the data subject’s interests, rights and freedom, or the processing serves the exertion or defense of legal claims.
Every data subject has the right to lodge a complaint with a Data Protection Authority if the person feels that the processing of his or her personal data is incompliant with data protection regulations. The right to lodge a complaint may in particular be exercised with a supervisory authority of the member state in which the data subject is located or where the alleged incident has occurred. In Lower Saxony, the competent supervisory authority is the State Commissioner for Data Protection of Lower Saxony, Barbara Thiel, P.O. Box 2 21, 30002 Hanover, Germany.
Contact Details of the Data Protection Officer:
Dr. Uwe Schläger
datenschutz nord GmbH