CEDPO

Privacy Notice

CEDPO

Privacy Notice

A. Controller

Controllers of your data pursuant to Art. 4 para. 7 GDPR are the CEDPO members, each of them an independent and joint controller.

 

B. Processing of Personal Data

1. Website

1.1 Log files

If you visit www.cedpo.eu our webserver collects standard internet log information including

  • IP address
  • the URL requested
  • date and time of query
  • the browser and operating system being used
  • the HTTP Referrer

We process such information temporarily only to guarantee system safety. Hence, we process your data for the purposes of the legitimate interests and to comply with our legal obligation to ensure appropriate security of personal data (Art. 6(1)(f) and (c) GDPR).

Our webserver’s log files are anonymized. This means that for IPv4 addresses the last block is changed to “.0”. With IPv6 addresses only the first two blocks are stored, the last 6 blocks are changed to “::”. This means that it is no longer possible to draw conclusions about the visitors. Log files get deleted after 14 days at the latest.

 1.2 Cookies and web tracking

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We currently neither store cookies on users’ devices nor track user activities.

 1.3 Contact Form

We process personal information if you use our contact form. The data provided in this form will be used by CEDPO members, each of them an independent and joint controller, for the sole purpose of processing your request.

 

2. Online Events

When organising events online, we rely on a video conferencing software which processes various types of data. The total volume of data processed in the context of video conferencing depends on the functional scope of the video conferencing system provided by the video conferencing service provider. Additionally, this includes data the respective user provides before, during and after a participation in a video conference.

2.1 Processed Data

The following personal data may in principle be the subject of processing for the purpose of conducting a videoconference:

  • Information about the user: e.g., display name , online status (optional), status messages, profile picture (optional), e-mail address if applicable, preferred language.
  • Meeting metadata: e.g., date, time, duration, meeting ID, phone number if applicable, and the location.
  • Text, audio, video, and other multimedia data: For the display of video signals as well as the playback of audio signals and multimedia files, data from the microphone, a webcam/video camera or a screen display of your end device (via screen/content sharing function) is processed during the meeting. The latter is necessary, for example, if you must give a screen presentation. Data transmission from the camera and microphone can be switched on and off independently at any time and by any user. The screen/content sharing function must be actively activated by the user and can also be deactivated at any time.
  • In a video conference, you also have the option of using the chat function of the video conferencing platform used in parallel. In this respect, the text entries made by you, the sharing of links or content, social interactions (such as, for example: Emoticons, pictograms, Like-Button for comments or the sending of so-called GIFs – Graphics Interchange Format) are processed in order to display them to the participants in video conferences.
  • These keystrokes (henceforth: “chats”) are stored in order to be able to send valuable information such as URLs to helpful documents, activity reports of the supervisory authorities, service providers, etc. to all participants by e-mail after the event. After the information has been sent, these chat logs are deleted.

2.2 Legal Basis

For video conferences the organisation of a of video conference is based on the legal basis Art. 6 (1)(f) GDPR. It is our legitimate interest to effectively organise an online event vis-à-vis interested third parties or members.

 2.3 Storage/Recipients

Recordings of image and/or sound data streams generally do not take place. Should a recording be planned for exceptional reasons, then CEDPO will communicate this transparently in advance and – if necessary – obtain the consent of all participants.

The contents of the chats will be logged in so-called chat logs by the respective service provider of the video conferencing platform (e.g., Zoom, Microsoft Teams).

Personal data, which are processed in connection with the participation in video conferencing are in principle exclusively stored at our data processors, i.e., the service providers, who support us in the execution of the video conferences.

Apart from this, a transfer to third parties will only take place if CEDPO is legally obligated to do so (e.g., by court order), or if the data subjects have expressly consented to the transfer of their data.

2.4 Third countries

We have limited our storage location to data centres in the European Union, so data processing is generally not carried out outside the European Union (EU). However, we cannot technically completely exclude routing or storage on servers outside the European Union at the data processor. A secure level of data protection is ensured by the conclusion of supplemented EU Standard Data Protection Clauses and technical-organisational measures. Among other things, by encrypting data in transit over the Internet and generally protecting it from disclosure to third parties. With respect to personal data that is stored in third countries, these may be subject to government requests for information.

 

3. Surveys

CEDPO uses online survey tools to obtain opinions among members of it member associations or in the context of online events such as webinars.

These online survey tool are operated on the systems of data processors (external hosting). However, within the scope of the surveys, we only process personal data if it is necessary for the implementation of the survey (e.g., to verify the authorisation to participate in a survey for a closed user groups). Unless we separately indicate otherwise, the voting is anonymous.

The legal basis for the processing of personal data in the context of the described online surveys is our legitimate interest in optimising the activities of CEDPO including our events (Art. 6 (1) (f) GDPR).

We retain survey in anonymised form for one year.

Opt-out

You can always opt-out from our online survey by contacting us at info[at]cedpo.eu

 

 C. Rights of the data subject

In case we processed your personal data, you are a data subject pursuant to the GDPR. Hence you have the following Rights:

Art. 15 GDPR – you have the right of access to the personal data that we process. Notably you have the right to obtain the purposes of the process, the categories of the personal data concerned, the categories of the recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure, restriction of the process or the right to object, the existence of the right to lodge a complaint , any available information as to the source where the personal data are not collected by us as well as the existence of automated decision-making, including profiling and as the case may be meaningful information of its Details.
Art. 16 GDPR – you have the right to obtain without undue delay the rectification of inaccurate personal data or to have incomplete personal data completed.
Art. 17 GDPR – you have the right to request the erasure of personal data where the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Art. 18 GDPR – you have the right to obtain restriction of processing of personal data where the accuracy of the personal data is contested, the processing is unlawful, and you oppose the erasure of the personal data as well as we no longer need the personal data but you require the personal data for the establishment, exercise or defence of legal claims.
Art. 20 GDPR – you have the right to receive the personal data, which you provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.
Art. 7 para. 3 GDPR – you have the right to withdraw your consent at any time. If you do so we may not continue the processing of your personal data you gave us the consent for in the future.
Art. 77 GDPR – you have the right to lodge a complaint with a supervisory authority. Normally you can lodge the complaint to a supervisory authority in the Member State of your habitual residence or the place of work or the place or place of our Business
Right to Object
Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your situation, at any time to processing of personal data based on Art. 6(1)(f) GDPR, including profiling based on those provisions. Furthermore, you have the right to object where personal data are processed for direct marketing purposes. In the latter case, you do have a general right to object which we have to implement without a given particular situation.

 

D. Joint-Controllership

 1. Website

The CEDPO member GDD is responsible for compliance wit the GDPR concerning the CEDPO website (e.g. data security, privacy information, data subject rights etc.). You can contact the GDD anytime regarding your data subject rights.

2. Online Events

The respective CEDPO member who oversees the organising of an online event will be responsible for compliance with the GDPR (e.g. data security, privacy information, data subject rights etc.). In the privacy notice of each online event the responsible CEDPO member will be indicated towards data subjects in combination with a point of contact.

3. Surveys

The respective CEDPO member who oversees the organising of the survey will be responsible for compliance with the GDPR (e.g. data security, privacy information, data subject rights etc.). In the privacy notice of each survey the responsible CEDPO member will be indicated towards data subjects in combination with a point of contact.

 

E. Complaints or queries

If you have questions concerning the processing of your data or should you wish to exercise your rights to data protection (rights to access, rectify or object to further processing) please contact us at info@cedpo.eu.