Privacy statement for waitro.org
As data protection and security are some of our top priorities, we would like to provide you with extensive information as to how we will process your personal data. Your data will remain your property. Our systems are subject to regular security audits and are constantly being developed.
The aim of this privacy statement is to inform you about the personal data that will be processed when you visit our website and use the members’ area, and the rights you have with regard to your data.
The applicable legislation states that personal data must be processed lawfully, fairly and transparently for data subjects (“lawfulness, fairness and transparency”). To ensure this, we would like to inform you about the terms defined in the European General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG), which are also used in this privacy statement.
1.1 Personal data
“Personal data” means any information related to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transfer, dissemination or other means, alignment, combination, restriction, erasure or destruction.
1.3 Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting its processing in the future.
“Profiling” means any form of automated data processing used to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
1.6 Filing system
“Filing system” means any structured set of personal data that is accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body to which personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data as part of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
1.10 Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Who is responsible for data processing at waitro.org?
The following party is responsible for data protection issues:
Waitro Office Germany
c/o Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
Fraunhofer-Institutszentrum Schloss Birlinghoven IZB
Schloss Birlinghoven 1
53757 Sankt Augustin
3. Who can answer any questions I might have about data protection?
If you have any questions about data protection, please contact our data protection officer.
Our data protection officer can be contacted by post at the address indicated above (FAO “Data Protection Officer”) or via email (firstname.lastname@example.org).
4. General information about data processing on our website
We would like to inform you below about the personal data that will be collected when you use our website. Some of the personal data may include your name, address, email address or user behavior.
If you get in touch with us by email or via a contact form, we will save the information you provide (e.g. your email address, first name, surname and perhaps your gender and title) to respond to your questions. We will delete any data obtained in this manner as soon as it no longer has to be stored, or we will restrict processing if such erasure is prevented by our statutory retention obligations. We will not perform any “automated individual decision-making”, as described in Art. 22 GDPR; in particular, we will not carry out any profiling.
If you use our website for purely informational purposes (i.e. if you do not register or do not provide us with information in any other way), we will collect the personal data that your browser transmits to our server. If you view our website, we will collect the data listed below; this is technically necessary to display our website and to guarantee stability and security:
– Your IP address;
– The date and time of your request;
– The difference between your time zone and Greenwich Mean Time (GMT);
– The content of your request (specific page);
– The access status / HTTP status code;
– The volume of data transmitted;
– The website from which your request comes;
– Your browser;
– Your operating system and its interface; and
– The language and version of your browser software
The legal basis for the processing of this data is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in maintaining the stability and security of our website.
In addition to the data listed above, cookies will be saved on your computer when you use our website. A cookie is a small text file that is saved on your device to enable certain information to be obtained by the entity that places it. Cookies cannot run any programs or transmit viruses to your computer. They help to improve the overall user-friendliness and efficiency of our website.
5.1 Necessary Cookies
We are entitled to use such cookies in accordance with point (f) of Art. 6 (1) GDPR, as we have a legitimate interest in ensuring a functional website that is displayed correctly.
5.2 Tracking cookies to control advertising campaigns and measure website audience data
When you visit our website for the first time, we will ask for your explicit consent for cookies to be used for the purposes specified above. The legal basis for this form of data processing is point (f) of Art. 6 (1) GDPR.
5.3 Cookie settings
Our website can also be visited without cookies. If you would like to conveniently use all features of our website, however, you should enable cookies. Most browsers are set to enable cookies by default. However, you can configure your browser to display cookies before they are saved, to enable or disable certain cookies, or to reject all cookies. If you change your settings, please note that the changes will only apply to the browser in which they are made. If you use different browsers or change your device, you will have to change your settings again. You can also delete cookies from your storage disk at any time. You can find more information about your cookie settings and deleting cookies in your browser’s help section.
5.4 Google Analytics
As we use Google Analytics with IP anonymization, however, your IP address will first be truncated in the member states of the European Union or the European Economic Area. Your full IP address will only be first transmitted to a Google server in the United States and then truncated there in exceptional cases. Google will use this information on behalf of the website provider to analyze your use of the website by creating reports on website activities for website operators and providing other services related to the use of websites and the Internet. The IP address transmitted by your browser via Google Analytics will not be combined with any other data held by Google.
Your personal data will only be transmitted to a server in the USA with your consent. If you accept the cookie, you will explicitly consent to the transfer of your personal data to the USA in accordance with point (a) of Art. 49 (1) GDPR.
Please note that the European Court of Justice (ECJ) has classified the USA as an unsafe third country for which no adequacy decision has been issued and which does not ensure appropriate safeguards for you to exercise your rights. The level of data protection in the USA is not the same as the level ensured within the EU. Whenever cookies are used to transmit data to the USA, there is subsequently a certain degree of risk involved. In particular, we cannot assure that your personal data will not be accessed and processed by state (monitoring) authorities – and there may be a lack of effective legal remedies. The legal basis for processing is point (a) of Art. 6 (1) GDPR and point (a) of Art. 49 (1) GDPR.
You can prevent Google Analytics from tracking your activities in future by downloading and installing the Google Analytics opt-out add-on for your current browser (click here: https://tools.google.com/dlpage/gaoptout?hl=en-GB.). In addition, you can always withdraw your consent with future effect by configuring your cookie settings or rejecting all cookies.
6. Social media links
Our website features links to various social media platforms (e.g. Facebook, Instagram, LinkedIn, Twitter, YouTube). These are not social media plug-ins that cause data to be transmitted to the respective operator; they are simply hyperlinks. If you click on one of the links, you will be redirected to the respective website provider; your IP address will be transmitted. If you are logged in to your account with the social media provider when you click on a link, additional data may be collected by the respective provider.
7. Integration of YouTube videos
This website features YouTube videos. YouTube is a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). If you click on a YouTube video, a connection will be established to the provider’s servers. As the videos are embedded in “Privacy Enhanced Mode”, the provider states that your user information will only be saved when you play a video. When you start a video, YouTube will set a cookie to collect information on your user behavior.
If you have enabled the relevant cookie, a connection to Google’s “DoubleClick” network may be established regardless of whether you play an embedded video, and your user behavior may be analyzed as a result.
Your personal data will only be transmitted to a server in the USA with your consent. If you accept the cookie, you will explicitly consent to the transfer of your personal data to the USA in accordance with point (a) of Art. 49 (1) GDPR. Please note that the European Court of Justice (ECJ) has classified the USA as an unsafe third country for which no adequacy decision has been issued and which does not ensure appropriate safeguards for you to exercise your rights. The level of data protection in the USA is not the same as the level ensured within the EU. Whenever cookies are used to transmit data to the USA, there is subsequently a certain degree of risk involved. In particular, we cannot assure that your personal data will not be accessed and processed by state (monitoring) authorities – and there may be a lack of effective legal remedies. The legal basis for processing is point (a) of Art. 6 (1) GDPR and point (a) of Art. 49 (1) GDPR.
If you give your consent, you can subscribe to our newsletter so that we can inform you about our latest events and offers that may be of interest to you.
We use the so-called “double opt-in” process for subscriptions to our newsletter. In other words, once you have subscribed, we will send you an email for you to confirm whether you would like to receive the newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically deleted after one month. We will also save your IP addresses and the time you subscribe and confirm your subscription. The purpose of this process is to prove you have subscribed to our newsletter and shed light on the possible misuse of your personal data.
If you wish to receive our newsletter, you must provide your email address, first name and last name. If you voluntarily provide additional data, which is marked separately, we will use this information to address you personally. Once you have confirmed your subscription, we will save your email address for the purpose of sending you the newsletter. The legal basis for this is point (f) of Art. 6 (1) GDPR.
You may always withdraw your consent to the newsletter and unsubscribe at any time. You can withdraw your consent by clicking on the link provided in each newsletter, by completing this form on the website, by sending an email to email@example.com or by sending a message to the contact indicated in our legal notice.
9. Registering to apply for WAITRO membership
If you would like to register for become a Member, you must provide your personal data to conclude a user agreement. The required fields are marked separately; all other information is optional. The following information is mandatory:
- Your first and last name;
- Your address;
- Your email address; and
We will use the data provided for the sole purpose of administering your membership. The legal basis for the processing of your personal data is point (b) of Art. 6 (1) GDPR.
The data you provide will be stored until you withdraw your consent. We will delete your data immediately if you terminate the WAITRO-Membership, unless this is prevented by our statutory retention obligations.
TLS encryption will always be used to prevent your personal data (especially your financial information) from being accessed by unauthorized third parties.
10. How long will my personal data be stored?
We will store any personal data required to perform contracts with you for the duration of our contractual relationship. We will only continue to store your data after this period if this is necessary to comply with our statutory retention obligations.
Any other data that you provide to us voluntarily will be erased when you delete your user account or withdraw your consent to data processing.
11. Will my personal data be disclosed to third parties?
As a general rule, we will not disclose your data to third parties without your explicit consent.
As a modern company, however, we may work with processors to offer you the best possible service without any interruptions. We would like to inform you about how and when we will disclose your personal data to our external partners.
Whenever we work with external service providers, data processing is performed on the basis of Art. 28 GDPR. For this purpose, we conclude the necessary agreements with our partners to ensure data protection. Your data will be processed exclusively by service providers who have been carefully selected by us, who are bound to our instructions and who are regularly audited by us. We only commission external service providers who can ensure that all data processing operations will be carried out in accordance with the relevant data protection regulations.
Your personal data may be sent to the following categories of recipients:
Newsletter service providers, hosting service providers
12. What are my rights with regard to my personal data?
In this section, we would like to tell you about your rights with regard to your personal data.
12.1 Right to withdraw consent
If your personal data is being processed on the basis of your consent, you have the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the legality of any data processing carried out on the basis of your consent before it was withdrawn.
If you would like to exercise your right to withdraw your consent, please do not hesitate to contact us.
12.2 Right to confirmation
You have the right to ask us to confirm whether we are processing your personal data. If you would like to request such a confirmation, please refer to the contact details above.
12.3 Right of access
If your personal data is being processed, you may always request access to your personal data and the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, particularly recipients in third countries or international organizations;
- If possible, the period for which your personal data will be stored or, if this is not possible, the criteria used to determine this period;
- The right to request the rectification or erasure of your personal data or the restriction of our data processing, or the right to object to such processing;
- The right to lodg