Privacy Policy
We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
This data protection declaration applies to the website of the Ectrims.eu, which can be reached under the domain ectrims.eu as well as the various subdomains (“our website”).
Who is responsible and how do I contact you?
Responsible
for the processing of personal data within the meaning of the Swiss Federal Act on Data Protection (DADP) and the EU General Data Protection Regulation (GDPR)
European Committee for Treatment and Research in Multiple Sclerosis
ECTRIMS Secretariat
c/o Congrex Schweiz AG
Reinacherstrasse 131
CH-4053 Basel
Postfach:
Congrex Schweiz AG
Reinacherstarsse 131
4053 Basel
Schweiz
Phone: +41616867777
E-mail: secretariat@ectrims.eu
Data protection officer
Swiss Infosec AG
Meienriesliweg 15
620 Sursee, Switzerland
E-Mail:
congrex.datenschutz@infosec.ch
EU Representative according Art. 27 GDPR (GDPR)
The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor, our representative is:
Swiss Infosec (Deutschland) GmbH
Unter den Linden 24
10117 Berlin, Germany
E-Mail: congrex.dataprivacy@swissinfosec.de
What is this about?
This data protection declaration meets the legal requirements for transparency in the processing of personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or user behavior when visiting a website. Information with which we cannot (or only with disproportionate effort) relate to you personally, e.g. through anonymization, are not personal data. The processing of personal data (e.g. the collection, querying, use, storage or transmission) requires a legal basis (within the scope of the GDPR) and a defined purpose.
Stored personal data are deleted as soon as the purpose of the Processing has been achieved and there are no legitimate reasons for further retention of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention requirements
Data collection on our website
Cookies
Some of our web pages use cookies and comparable technologies such as local storage. These small text files are stored on your device by your browser to make our website more user-friendly, efficient, and secure. Most of them are so-called “session cookies” that are automatically deleted after your visit. Others remain stored on your device until you delete them. You can configure your browser to control the handling of cookies. Detailed information on the purposes of processing and the respective legal bases can be found further below.
Server log files
Some of our web pages collect and store information in server log files. These logs help us identify technical issues, improve system security, and optimize performance. No data is combined with other data sources or used to identify users. Detailed information on the purposes of processing and the respective legal bases can be found further below.
Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. The processing of your data is based on our legitimate interest in effective communication in accordance with Art. 6 sec. 1 lit. f GDPR or, where applicable, on the performance of a contract or pre-contractual measures in accordance with Art. 6 sec. 1 lit b GDPR. We do not share this information without your permission.
If you provide us with data for purposes beyond handling your request (such as subscribing to a newsletter), the processing of such data is based on your consent in accordance Art. 6 sec. 1 lit. a GDPR.. You may revoke your consent at any time with effect for the future. An informal email making this request is sufficient. The lawfulness of processing based on consent before its withdrawal remains unaffected..
If the processing of your data is based on our legitimate interest as described above, you have the right to object to this processing at any time on grounds relating to your particular situation. In such a case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
We will retain the data you provide on the contact form until you request its deletion, object to its processing, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 sec. 1 lit. a GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 sec. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmitted when entering into a contract with online shops, retailers, and mail order
We transmit personally identifiable data to third parties only to the extent required to fulfil the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent. The basis for data processing is Art. 6 sec. 1 lit. b GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract. In individual cases, personal data is transmitted unencrypted if the recipient does not have the option of receiving data in encrypted form.
Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfil the terms of your contract with us, for example, to banks entrusted to process your payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent. The basis for data processing is Art. 6 sec.1 lit. b GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
In individual cases, personal data is transmitted unencrypted if the recipient does not have the option of receiving data in encrypted form.
Who gets my data?
We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfilment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then e.g. Law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who, as part of order processing on our behalf, provide personal data, these recipients of your personal data can be. You can find more detailed information on the use of processors and web services in the overview of the individual processing operations.
Do you use cookies?
Cookies are small text files that are stored by your browser on your device when you visit our website. In addition to cookies, similar technologies such as local storage may be used. These tools serve different purposes: Some are technically necessary to enable the basic operation and navigation of the site. Others are used to analyze how visitors use our website, to optimize performance, or to store your personal preferences such as language or display settings.
Most of the cookies we use are what are known as session cookies, which are automatically deleted when you close your browser. Other cookies remain stored on your device until you delete them. These persistent cookies enable us to recognize your browser the next time you visit our website. The use of technically required cookies is based on our legitimate interest in providing a user-friendly and secure website (Art. 6 sec. 1 lit. f GDPR). The use of cookies for analytical or personalization purposes is based on your consent (Art. 6 sec. 1 lit. a GDPR), which you can withdraw at any time with future effect.
You can adjust your browser settings to be informed about the use of cookies and decide on a case-by-case basis whether to accept or reject them. You can also configure your browser to automatically accept cookies under certain conditions, to reject them entirely, or to delete them when you close your browser. Disabling cookies may restrict some functionalities of the website.
If third-party services are integrated into our site (e.g. YouTube, Google Ads, or analytics tools), these providers may also use cookies and collect information directly from your browser. These providers are responsible for their own data processing and will be explicitly mentioned in this privacy policy.
We inform you about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.
| Domain Name | Description | Storage Duration |
|---|---|---|
| http://ectrims.eu | _gcl_au – used by Google Ads to track conversions and user journeys across different websites | Approx. 3 Months |
| http://ectrims.eu | cmplz_banner-status – Used by Complianz to store if the cookie banner has been dismissed. | Approx. 1 Year |
| http://ectrims.eu | cmplz_consented_services – Used by Complianz to store cookie consent preferences. | Approx. 1 Year |
| http://ectrims.eu | cmplz_functional – Used by Complianz to store cookie consent preferences. | Approx. 1 Year |
| http://ectrims.eu | cmplz_marketing – Used by Complianz to store cookie consent preferences. | Approx. 1 Year |
| http://ectrims.eu | cmplz_policy_id – Used by Complianz to store accepted cookie policy ID. | Approx. 1 Year |
| http://ectrims.eu | cmplz_preferences – Used by Complianz to store cookie consent preferences. | Approx. 1 Year |
| http://ectrims.eu | cmplz_statistics – Used by Complianz to store cookie consent preferences. | Approx. 1 Year |
| http://ectrims.eu | cmplz_marketing – Not available | Session |
| http://ectrims.eu | cmplz_policy_id – Not available | Approx. 1 Year |
| http://ectrims.eu | cmplz_preferences – Not available | Approx. 1 Year |
| http://ectrims.eu | cmplz_statistics – Not available | Approx. 1 Year |
| .google.com | __Secure-ENID – used by Google to enhance security and functionality within its services | Approx. 1 Year |
| .google.com | AEC- used by Google to ensure that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge | Approx. 6 Months |
| .google.com | SOCS – used by Google to store a user’s state regarding their cookies choices. | Approx. 1 Year |
| .google.com | NID – used by Google to personalize advertising and other experiences for users, even if they are not signed in to a Google account. | Approx. 6 Months |
| www.google.com | DV – used by Google Ads to provide ad delivery or retargeting | |
| www.google.com | _GRECAPTCHA – used by Google to provide spam protection | Approx. 6 Months |
| http://doubleclick.net | IDE – used by Google to track users’ actions on websites after viewing or clicking ads, allowing for ad effectiveness measurement and targeted advertising. | Approx. 1 Year |
| .doubleclick.net | ar_debug –is a debugging tool used by Google for testing and troubleshooting ad configurations. It’s primarily used in development or testing environments, not for targeted advertising or tracking user behavior. The cookie allows developers and advertisers to analyze ad delivery and verify proper functionality. It doesn’t track user behaviour for marketing purposes. | Approx. 1 Months |
| http://youtube.com | VISITOR_INFO1_LIVE – used by YouTube to track visitor behaviour and serving personalized advertising. | Approx. 6 Months |
| http://youtube.com | YSC – This cookie is set by YouTube to track views of embedded videos. | Session |
| youtube.com | __Secure-ROLLOUT_TOKEN – used by YouTube to manage the rollout of new features and updates. It assigns users to specific test groups for experimental changes, ensuring a phased rollout and helping manage experiments on the platform | Approx. 6 Months |
| youtube.com | VISITOR_PRIVACY_METADATA – used by YouTube to track and enrich the users privacy settings on the YouTube platform | Approx. 6 Months |
| vocalvideo.com | _vocal_session | |
| .hotelmap.com | Wwhmid – is set when embedded maps are included on the page displaying items such as the location of an event or converence. | Approx. 1 Month |
| .hotelmap.com | __hssrc – used by HotelMap to recognise the visitor’s browser upon reentry on the website. | |
| .hotelmap.com | __hstc – Sets a unique ID for the session. This allows HotelMap to obtain data on visitor behaviour for statistical purposes. | |
| .hotelmap.com | _hjSession_ – Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | |
| .hotelmap.com | _hjSessionUser_ – A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the same Hotjar session. | |
| .hotelmap.com | Hubspotutk – Sets a unique ID for the session. This allows HotelMap to obtain data on visitor behaviour for statistical purposes. |
What rights do I have?
You as a data subject have the following rights:
- Information about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
- Correction of inaccurate or incomplete data stored by us;
- Deletion of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Restriction of the processing, insofar as the correctness of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it, because you need it to assert, exercise or defend legal claims or you have objected to the processing.
- Data portability, insofar as you have provided us with personal data within the framework of consent pursuant to Art. 6 sec. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 sec. 1 lit.b GDPR and these were processed by us by means of automated procedures. You receive your data in a structured, common and machine-readable format or we transmit the data directly to another responsible person, as far as this is technically feasible.
- You object to the processing of your personal data, insofar as they are carried out on the basis of Art. 6 sec. 1 lit. e, f GDPR and there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. The right to object does not exist if overriding, overriding reasons for processing are proven or if the processing is carried out for the assertion, exercise or defence of legal claims. Insofar as there is no right to object in individual processing operations, this is indicated therein.
- Revocation of your given consent with effect for the future.
- Complaint to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
How will my data be processed in detail?
In the following we will inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
Type and scope of processing
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL the retrieved file
- website from which access is made (referrer URL)
- Browser type and version
- Host name of the accessing device
- if applicable, the operating system of your computer, as well as the name of your access provider
This data is automatically transmitted by your browser and stored temporarily in log files for system security and diagnostics purposes. We do not combine this data with other data sources, nor do we draw conclusions about your identity.
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of the Art. 6 sec. 1 lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21 sec 1 GDPR. Insofar as the further storage of the log files is required by law, the processing takes place on the basis of Art. 6 sec. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to call up our website without providing the data.
Storage duration
The server log data is stored temporarily and deleted automatically after a maximum of [7] days unless longer storage is required for security reasons (e.g., to investigate an incident). In such cases, the data will be stored until the matter is fully clarified and then deleted immediately. Further statutory retention obligations remain unaffected.
Content Delivery Network (CDN) by Cloudflare
Type and scope of processing
We use the Content Delivery Network (CDN) provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107 USA (“Cloudflare”) to ensure the secure and efficient delivery of our website content. Technically, Cloudflare acts as a reverse proxy, routing data traffic between your browser and our servers. As part of this process, Cloudflare processes information such as your IP address, time of access, system configuration information, and other data from web traffic.
According to Cloudflare all data transfers are strictly limited to the purposes described below.
Purpose and legal basis
We use Cloudflare to improve the security, stability, and performance of our website (e.g. protection against DDoS attacks and malicious traffic). The processing is based on our legitimate interest in the secure and reliable operation of our website pursuant to Art. 6 sec. 1 lit. f GDPR.
Storage period
We do not store any personal data in connection with the use of Cloudflare CDN. Cloudflare states that data is stored only as long as necessary and is automatically deleted or anonymized thereafter.
For more information, please refer to Cloudflare’s Privacy Policy and the Data Processing Addendum, which includes EU Standard Contractual Clauses (SCCs):
- Privacy Policy: https://www.cloudflare.com/privacypolicy/
- Data Processing Addendum: https://www.cloudflare.com/cloudflare-customer-dpa/
Cloudflare is certified under the EU-U.S.-Data Privacy Framework, including the UK Extension and the Swiss-U.S.- Data Privacy Framework (https://www.dataprivacyframework.gov/list).
Contact Form
Type and scope of processing
On our website, we offer you the option to contact us using forms. Depending on the context, we use different tools to provide these forms:
- Contact Form 7, an open-source WordPress plugin hosted on our own web server, and
- Jotform, a service provided by JotForm Inc., 4 Embarcadero Center, Suite 780, San Francisco, CA 94111 USA, or if you reside in the European Economic Area (EEA) or the United Kingdom, by Jotform Ltd., 25 Cabot Square, London E14 4QZ UK (“Jotform”).
When you fill out and submit a form, the information that you enter into the mandatory fields is required to process your request. You may voluntarily provide additional information you believe is necessary for your inquiry. We will only use this data to handle your request.
We use Contact Form 7 to create and display contact forms. When you fill out and submit a form, the data you enter is sent to us via email and stored on our own mail server. The plugin itself does not store any personal data in the backend of our website.
Jotform is used to create and process online forms (e.g. for booking meeting space). The data you enter in a Jotform form, including your IP address, is transmitted to and stored on a server located in Europe. According to Jotform, data is only processed in third countries (e.g. the USA) in exceptional cases.
To protect your personal data, we have concluded a Data Processing Agreement (https://www.jotform.com/dpa/dpa_en.pdf) with Jotform. This agreement includes EU Standard Contractual Clauses for the rare cases where Jotform might transfer data to a country without an adequate level of data protection. Additionally, Jotform is certified under the EU-U.S. Data Privacy Framework, including the UK Extension, and the Swiss-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov/list).
More information about Jotform’s data protection practices and technical functionality is available in their:
- Privacy Policy: https://www.jotform.com/privacy/
- Terms of Use: https://www.jotform.com/terms/
- Security Overview: https://www.jotform.com/security/
Purpose and legal basis
The processing of your data by using our contact form takes place for the purpose of communication and handling of your request, based on our legitimate interest in accordance with Art. 6 sec. 1 lit. f GDPR. If your request relates to the performance of a contact to which you are a party or to pre-contractual measures taken at your request, the processing is additionally based on Art. 6 sec. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not want to provide this data, please contact us by other means.
Storage period
Your personal data will be deleted as soon as your inquiry has been resolved. This is the case when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and no statutory retention obligations prevent deletion.
If you use the contact form in the context of a contractual relationship, we will retain the data collected in connection with your request for a period of [three years] after the end of the contractual relationship, unless statutory retention obligations require longer storage.
Newsletter
Type and scope of processing
If you would like to receive our newsletter, we require your email address. You may voluntarily provide additional information, such as your first and last name and your country of residence. You may also subscribe to or update your ECTRIMS alerts to be notified by email when relevant new information becomes available, such as updates on the Annual Congress, Fellowship Programmes or topics related to multiple sclerosis (MS). We will store this information together with the date of Registration and your IP address. You will then receive an email in which you have to confirm your subscription to the newsletter (double opt-in).
To send the newsletter, we use the services of external providers who process your personal data on our. Depending on the subdomain through which you register, different providers may be used. The specific provider is clearly indicated during the registration process.
The following newsletter service providers are used:
- Mailchimp, operated by the Rocket Science Group LLC, a company of Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA.
- Brevo, operated by Sendinblue SAS, 17 rue de Salneuve, 75017 Paris, France.
Mailchimp may process your personal data on servers located in the United States or in other countries where Mailchimp or its subprocessors (https://mailchimp.com/legal/subprocessors/) operate facilities. Mailchimp commits to appropriate safeguards under its Data Processing Addendum (https://mailchimp.com/en/legal/data-processing-addendum/), including the use of the European Commission’s Standard Contractual Clauses (SCCs). In addition, Intuit Inc., including The Rocket Science Group LLC, is certified under the EU-U.S.-Data Privacy Framework (https://www.dataprivacyframework.gov/list).
Brevo processes data exclusively within the EU and is bound by a data processing agreement (https://www.brevo.com/legal/termsofuse/#data-processing-agreement-dpa9). Access to the data by affiliated entities located in third countries (e.g. the USA, India or Canada) may be permitted for support and maintenance purposes. Such access is governed by Standard Contractual Clauses and additional safeguards.
Your personal data will not be disclosed to other third parties.
Purpose and legal basis
We process your data for the purpose of sending the newsletter on the basis of your consent in accordance with. Art. 6 sec. 1 lit. a GDPR. By unsubscribing from the newsletter, you can withdraw your consent at any time with future effect. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.
Storage period
If you register for the newsletter but do not confirm your subscription, we will store your data for a maximum of [60 days]. After successful confirmation, we will save your data until you withdraw your consent (unsubscribe from the newsletter). [For technical reasons, your data may be retained for up to [7 days] beyond the time of unsubscription before it is permanently deleted.]
Presences on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks and to offer you further ways to contact us and to find out about our offers. In the following, we inform you about what data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.
Data we process from you
If you wish to contact us via Messenger or Direct Message via the respective social network, we will normally process your username, through which you contact us and store any other data you provide if this is necessary to process/respond to your request.
The legal basis is Art. 6(1) sentence 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the controller).
(Static) Usage data we receive from the social networks
We receive automatically provided statistics about our accounts through Insights functionalities. The statistics include the total number of page views, likes, page activity and post interactions, reach, video views/views, and the proportion of men/women among our fans/followers.
The statistics contain only aggregated data which cannot be related to individuals. They are not identifiable to us.
Registration / Create your own personal account
Congress Registration
Type and scope of processing
If you wish to participate in a congress, you must register an account with us. For group registrations (minimum six participants), only one person is required to complete the registration on behalf of the group.
Upon successful registration, you will receive password-protected access to a personal account that includes:
- Your personal information
- An overview of your past bookings / congress participations
To complete the registration, we require certain mandatory details, including your email address, first and last name, and a password of your choice. These details are essential to set up a secure account.
Please make sure to register with a valid email address that you will have access to during the congress days. This is particularly important for digital participants, as access to the digital congress platform requires logging in with the same email address used during registration.
The registration process follows a double opt-in procedure: after submitting your details, you will receive an email asking you to confirm your registration by clicking a verification link. Only then is the account activated.
Purpose and legal basis
The purpose of this data processing is to enable the registration and participation in congresses, including user authentication and account management. The legal basis is Art. 6 sec. 1 lit. b GDPR (performance of a contract) and, where applicable, Art. 6 sec. 1 lit. f GDPR (our legitimate interest in secure user management and smooth congress operations).
Participants from countries classified by the World Bank as low or lower-middle income economies (see: https://datahelpdesk.worldbank.org/knowledgebase/articles/906519) are eligible for reduced registration rates.
Discounted rates are also available for:
- Nurses, upon uploading an English confirmation from their head of department confirming their current role (PDF or JPG).
- Young Congress Delegates, born on or after 1 January 1990, upon uploading appropriate proof of age (e.g. passport or ID copy).
Third parties and payment processing
As part of the registration and order process, third-party service providers (such as transport companies or payment providers) will receive the necessary data to process your booking or payment. Responsibility for processing your payment data lies solely with the payment provider you have selected. We do not access or store your payment details.
Please refer to the respective privacy policies of the selected payment providers for more information.
Storage period
You may delete your account at any time by clicking the respective option in your account settings. Unless legal retention obligations apply, we will delete all associated data after account deletion. It is your responsibility to back up your personal data before deletion. Once your account is closed, we reserve the right to irreversibly delete all stored data.
Community platform registration (myECTRIMS)
If you wish to use our community platform “myECTRIMS,” you must register an account with us. Upon registration, you will receive password-protected access to your personal account. This account includes, among other things, your:
- Personal information
- Documents
- Favourites
- Events
- Discussions
Certain mandatory information is required to complete the registration. This includes your email address, your first and last name, and a password of your choice. These details are necessary to set up a secure account.
Registration follows a double opt-in process. This means that after submitting the required information, you will receive an email in which you must confirm your registration by clicking a confirmation link. Once successfully activated, you can log into your account.
You may delete your account at any time by clicking the respective option in your account settings. Unless legal retention obligations apply, we will delete all associated data after account deletion. It is your responsibility to back up your personal data before deletion. Once your account is closed, we reserve the right to irreversibly delete all stored data.
Presences on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks and to offer you further ways to contact us and to find out about our offers. In the following, we inform you about what data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.
Data we process from you
If you wish to contact us via Messenger or Direct Message via the respective social network, we will normally process your username, through which you contact us and store any other data you provide if this is necessary to process/respond to your request.
The legal basis is Art. 6 sec. 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller).
(Static) Usage data we receive from the social networks
We receive automatically provided statistics about our accounts through Insights functionalities. The statistics include the total number of page views, likes, page activity and post interactions, reach, video views/views, and the proportion of men/women among our fans/followers.
The statistics contain only aggregated data which cannot be related to individuals. They are not identifiable to us.
What data you process social networks
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and no user account is required for the respective social network.
Please note, however, that when the respective social network is accessed, the social networks also collect and store data from website visitors without a user account (e..B. technical data in order to be able to view the website to you) and use cookies and similar technologies, which we have no influence on. Details can be found in the privacy policy of the respective social network (see the corresponding links above)
If you wish to interact with the content on our fan pages/accounts, e.B.g. comment, share or like our postings/posts and/or contact us via Messenger functions, prior registration with the respective social network and the provision of personal data is required.
We have no influence on the data processing by the social networks in the context of your use. To our knowledge, your data will be stored and processed in particular in connection with the provision of the services of the respective social network, furthermore for the analysis of the usage behaviour (using cookies, pixel/web beacons and similar technologies) on the basis of which advertising based on your interests is played out both within and outside the respective social network. It cannot be excluded that your data will be stored by the social networks outside the EU/EEA and will be passed on to third parties.
Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of the registration and use of social networks can be found in the social protection policy/cookie policy. There you will also find information about your rights and possibilities of objection.
Facebook page
When you visit our Facebook page, Facebook (Meta Platforms Inc., 1 Meta Way, Menlo Park, California 94025 (USA), respectively Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5 (Irleand); “Meta”) collects, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Meta provides further information on this under the following link: https://facebook.com/help/pages/insights.
By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use these in order to be able to respond to the interests of our users and to continuously improve our online presence and to ensure the quality of it.
We collect your data via our fan page only in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 sec. 1 lit. f GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis of the processing extends to Art. 6 sec. 1 lit. a.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options are limited to your data. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively asserted directly against the respective provider.
Together with Meta, we are responsible for the personal content of the fan page. Data subject rights can be asserted with Meta as well as with us.
According to the GDPR, the primary responsibility for the processing of Insights data lies with Meta and Meta fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta makes the essence of the Page Insights supplement available to the data subjects.
We do not make any decisions regarding the processing of Insights data and the storage period of cookies on user devices.
Further information can be found directly on Facebook (supplementary agreement with Meta): https://www.facebook.com/legal/terms/page_controller_addendum.
Further information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use can be found in Facebook’s privacy policy/cookie policy:
- Privacy Policy: https://www.facebook.com/privacy/policy
- Cookie Policy: https://www.facebook.com/privacy/policies/cookies
Instagram page
When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides further information on this under the following link: https://help.instagram.com/788388387972460?helpref=faq_content
By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use these in order to be able to respond to the interests of our users and to continuously improve our online presence and to ensure the quality of it.
We collect your data via our fan page only in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 sec. 1 lit. f GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis of the processing extends to Art. 6 sec. 1 lit. a.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options are limited to your data. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively asserted directly against the respective provider.
Together with Meta, we are responsible for the personal content of the fan page. Data subject rights can be asserted with Meta as well as with us.
The primary responsibility for the processing of Insights data under the GDPR lies with Meta and Meta fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta makes the essence of the Page Insights supplement available to the data subjects.
We do not make any decisions regarding the processing of Insights data and the storage period of cookies on user devices.
Further information can be found on Facebook (supplementary agreement with Meta): https://www.facebook.com/legal/terms/page_controller_addendum.
Further information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use can be found in Meta’s privacy policy/cookie policy:
- Privacy Policy: https://privacycenter.instagram.com/policy
- Cookie Policy https://privacycenter.instagram.com/policies/cookies
X page
When you visit our X page, X (X Corp., 865 FM 1209, Building 2 Bastrop, TX 78602 (USA), respectively X Internet Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 (Ireland), respectively X Switzerland GmbH) collects, among other things, your IP address and other information available on your device using cookies and other tracking technologies. uses this data to provide statistical information, such as aggregated interaction metrics, to us as the operator of the page. However, we do not receive any personal data from X and have no access to the underlying data used to generate these statistics.
For more information on how X processes personal data, please refer to their privacy policy: https://x.com/en/privacy
By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use these in order to be able to respond to the interests of our users and to continuously improve our online presence and to ensure the quality of it.
We collect your data via our fan page only in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 sec. 1 lit. f GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for the processing extends to Art. 6 sec. 1 lit. a GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options are limited to your data. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively asserted directly against the respective provider.
Together with X, we are responsible for the personal content of the fan page. Data subject rights can be asserted at X as well as with us.
The primary responsibility under the GDPR for the processing of Insights data lies with X and X fulfils all obligations under the GDPR with regard to the processing of Insights data. X makes the essence of the Page Insights supplement available to the data subjects.
We do not make any decisions regarding the processing of Insights data and the storage period of cookies on user devices.
Further information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use can be found in X’s privacy policy/help center on how X uses cookies:
Privacy Policy: https://x.com/en/privacy
Help Center: https://help.x.com/en/rules-and-policies/x-cookies
LinkedIn page
When you visit our LinkedIn page, LinkedIn (LinkedIn Corporation, 1000 W Maude Avenue, Sunnyvale, CA 94085 (USA)/LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 (Ireland)) collects, among other things, your IP address and other information available on your device through cookies or similar technologies. This information is used to provide us, as the operator of the LinkedIn company page, with statistical insights about how our page is used (e.g. page views, interactions, demographic data). LinkedIn provides more information on this under the following link: https://www.linkedin.com/legal/privacy-policy, respectively https://www.linkedin.com/legal/privacy/eu
When using or visiting the network, LinkedIn automatically collects data from users or visitors during use or visit, such as user name and job title. This is done with the help of various tracking technologies. LinkedIn provides benefits based on the data collected in this way, among other things, information, offers and recommendations.
We collect your data via our company profile only in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 sec. 1 lit. f GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for the processing extends to Art. 6 sec. 1 lit. a GDPR.
Since the technical operation and underlying processing are carried out by LinkedIn, only LinkedIn has full access to the collected data. For this reason, data subject rights (e.g. access, deletion, objection) are most effectively exercised directly with LinkedIn. You can contact LinkedIn’s Data Protection Officer here: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
We are joint controllers with LinkedIn in relation to the processing of so-called Page Insights data. LinkedIn assumes primary responsibility for compliance with GDPR obligations in this regard and provides the essential terms of this joint controller arrangement here:
Please note that LinkedIn alone determines the purposes and means of processing outside of the statistical Page Insights, such as the use of tracking technologies, personalized advertising, and content recommendation. We have no influence on these activities.
For further information on how LinkedIn processes personal data, including data retention, profiling, international data transfers (e.g. to the USA), and your privacy controls, please refer to:
- Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- Privacy Policy EU: https://www.linkedin.com/legal/privacy/eu
- Cookie Policy: https://www.linkedin.com/legal/cookie-policy
XING page
We maintain a company profile on the social networking platform XING, which is operated by New Work SE, Am Strandkai 1 20457, Hamburg, Germany.
Our XING profile is used to publish posts, promote events and job opportunities, and provide general information about our organization. As part of this usage, personal data may occasionally be processed.
When you interact with our profile (e.g. comment, like, or share a post), we may access publicly available profile data such as your name, job title, or profile picture, depending on your XING settings. We do not store or further process this data outside the XING platform.
We also receive anonymized statistics from XING (e.g. number of views or engagements). These do not allow identification of individual users.
If you contact us via XING’s messaging function, we process the information you provide (e.g. name, content of your message) solely to respond to your enquiry.
The legal basis for the processing of your personal data in connection with our XING company page is our legitimate interest in offering information and communication channels under Art. 6 sec. 1 lit. f GDPR.
Where you have given consent to the processing of your personal data by XING itself (e.g. by actively publishing personal information or activating certain settings), the legal basis for that processing is Art. 6 sec. 1 lit. a GDPR.
Please note that we have no influence over how XING itself processes your personal data. Use of XING and its functions is at your own responsibility.
We do not store or further process personal data obtained via XING outside the platform.
All personal data is stored and processed by XING in accordance with its own privacy policy. For information on storage periods and data processing by XING, please refer to:
Privacy Policy: https://privacy.xing.com/en/privacy-policy
Further information on XING can be found at: https://www.new-work.se/en/about-new-work-se.
YouTube page
When you visit our YouTube channel, your personal data is processed, depending on your location, either by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5 (Ireland), or Google LLC, 600 Amphitheatre Parkway, Mountain View, CA 94043, (USA).
We operate this page as a communication and information channel to inform about our services. The processing of personal data is carried out pursuant to Art. 6 sec. 1 lit. f GDPR based on our legitimate interest in using a contemporary means of information and interaction with users and visitors of the page.
Please note that you use this YouTube channel and its functions on your own responsibility. This applies in particular to the use of interactive features such as the “Discussion” function. Information on what data is processed by Google and for what purposes can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en
We have no influence on the type and scope of the data processed by Google, the manner of processing and use, or the transfer of this data to third parties. We also have no effective control in this regard. By using YouTube, your personal data is collected, transmitted, stored, disclosed, and used by Google. Your data may be transferred to the United States, Ireland, and other countries in which Google operates, regardless of your place of residence. Google may share your data with affiliated companies and trusted third parties who process the data on Google’s behalf.
Google processes both data that you voluntarily provide (e.g. name, email address, comments) and data derived from your usage patterns (e.g. videos watched, search terms used, IP address, device data, location). Google may use this data to create user profiles and serve personalized advertising or content.
For statistical purposes, Google may use tools such as Google Analytics. We have no influence on whether and how such tools are used by Google. Any data collected via such tools is not made available to us. As the channel operator, we only have access to aggregated statistical information (e.g. number of views, reach, interactions, demographic information). We do not receive any personal data from Google and have no access to the underlying data used to generate these statistics.
You can restrict the processing of your data through your general Google account settings. In addition, Google offers specific privacy settings for YouTube. For more information, please refer to Google’s privacy guide for its products: https://policies.google.com/technologies/product-privacy.
We also process your data when you interact with us via YouTube. While we do not collect data directly from your YouTube account, we may respond to comments or content you publish under our videos. Any publicly shared data you submit on YouTube may be included in our content and made available to other users.
Further information and options to manage your privacy can be found in Google’s privacy settings section: https://policies.google.com/privacy#infochoices.
Social Media Toolkit – Sosha.ai
Type and scope of processing
We use a widget provided by SpeechifAI Inc. (doing business as “SoSha”), 576 5th Ave Suite 903, New York, New York 10036, USA, to display curated, shareable social media content directly on our website. The integration is implemented via an iframe and enables users to view, interact with, and share pre-configured social media content.
When you access a page containing this widget, your IP address and browser information may be transmitted to servers operated by SoSha. In addition, interactions with the embedded interface (e.g. opening the widget, uploading content, clicking buttons) may also be logged by SoSha for functional purposes.
This integration occurs only after you have provided your consent in the Consent Manager. Without such consent, the widget will not be loaded.
Purpose and legal basis
The purpose of using the SoSha widget is to enable you to interactively engage with pre-defined social media content and to share it via your own social media channels. The legal basis for this processing is your consent in accordance with Art. 6 sec. 1 lit. a GDPR. You may withdraw your consent at any time with effect for the future by adjusting your privacy settings.
There is no legal or contractual obligation to provide your data. However, the use of the widget functionality is not possible without your consent.
Storage period
We do not store any data related to your interaction with the widget ourselves. Any data transmitted to SoSha is subject to their own data handling and retention policies. We do not have access to or control over any personal data stored by SoSha.
Further information on data processing by SoSha is available in their Privacy Policy and Terms and Conditions:
- Privacy Policy (located in the terms of use): https://www.sosha.ai/terms-of-use
- Terms and Conditions: https://www.sosha.ai/terms-and-conditions
Google Services
We use various services provided by Google LLC, headquartered in the USA, or if you are located in the European Economic Area (EEA) or Switzerland by Google Ireland Ltd., headquartered in Ireland (“Google”). The following Google services are used on our website:
- Google Tag Manager
- Google Analytics
- Google Ads
- Google Fonts
- YouTube
- Google reCAPTCHA (Contact Form 7)
- DoubleClick
Further information on each individual service can be found below.
Google uses technologies such as cookies, local browser storage, and tracking pixels to analyse your use of our website. The information generated through your interaction with our website may be transmitted to and stored on a server operated by Google in the United States or other countries. Information about the locations of Google’s data centres is available here.
We use tools provided by Google which, according to Google, may process personal data in countries where Google or its subprocessors maintain facilities (https://datacenters.google/locations/). In its “Data Processing Addendum for Products where Google is a Data Processor” (https://business.safety.google/processorterms/), Google states that it ensures an adequate level of data protection by relying on the EU Standard Contractual Clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=en) .
In addition, Google is certified under the EU-U.S.-Data Privacy Framework (https://www.dataprivacyframework.gov/list) .
Further information about Google’s data processing practices and privacy settings can be found in Google’s Privacy Policy and Privacy Controls:
- Privacy Policy: https://policies.google.com/privacy
- Privacy Controls: https://safety.google/privacy/privacy-controls/
If you have given us your consent pursuant to Art. 6 sec. 1 lit. a GDPR, you may withdraw it at any time with effect for the future by adjusting your selection in the cookie banner to deactivate individual Google services on our website.
Google Tag Manager
Type and scope of processing
Google Tag Manager is used to manage website tags through an interface and allows us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to evaluate user access to our website.
Google Tag Manager itself does not set cookies and does not process personal data directly. It merely enables the controlled deployment of other tools, which may themselves process personal data if triggered.
Purpose and legal basis
The use of Google Tag Manager is based on our legitimate interest pursuant to Art. 6 sec. 1 lit. f GDPR in enabling efficient administration and controlled deployment of services on our website. However, any tools or services loaded via Google Tag Manager that require consent (e.g. analytics or marketing technologies) are only activated based on your explicit consent pursuant to Art. 6 sec. 1 lit. a. GDPR. Your preferences are managed via our cookie consent banner.
Storage period
Google Tag Manager does not itself store personal data. Any data processing is performed exclusively by the services activated through Tag Manager and governed by the applicable privacy policies and settings.
Further information can be found in the Google Tag Manager Terms of Service: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
Google Analytics
Type and scope of processing
We use Google Analytics, a web analytics service, to analyze the use of our website and its visitors, as well as for marketing and advertising purposes. Google Analytics uses cookies and similar technologies that are stored on your device and enable the evaluation of your interactions with our website. Based on this data, we receive statistical reports that help us improve the structure, content, and relevance of our online offering.
IP address anonymization is enabled by default in Google Analytics. This means your IP address is shortened within the EU/EEA before being transmitted. In exceptional cases only, the full IP address is transmitted to a server and shortened there.
According to Google, the IP address transmitted by your browser will not be merged with other data. Google Analytics tracks interactions in the form of events (e.g. page views, clicks, time on page) and technical metadata (e.g. browser type, device type, referrer URL, and approximate location).
You can prevent the collection and transmission of data to Google by installing the opt-out browser add-on: https://tools.google.com/dlpage/gaoptout
You may also object to interest-based advertising by adjusting your preferences here: https://adssettings.google.com
Purpose and legal basis
The use of Google Analytics is based on your consent in accordance with Art. 6 sec. 1 lit. a. GDPR. You may withdraw your consent at any time with effect for the future by adjusting your preferences in the cookie consent banner.
Storage period
The data collected via Google Analytics is automatically deleted after [2] months.
Further information on data protection and the handling of user data in Google Analytics can be found in the Google Analytics Help Center.
An overview of how Google Analytics uses data and the measures Google has implemented to protect your information can be found in the Google Analytics Help Center: https://support.google.com/analytics/answer/6004245
Further information on the specific terms of use applicable to Google Analytics is available here:
https://marketingplatform.google.com/about/analytics/terms/us/
Google Ads
Type and scope of processing
We use the online advertising service Google Ads to draw attention to our offers on external websites through targeted advertisements. If you reach our website via a Google ad, a cookie (the so-called conversion cookie) is set on your device. This enables us to track the effectiveness of individual ads without identifying you personally.
These cookies usually expire after [30] days. Each Google Ads customer receives a different cookie, which prevents tracking across different websites. Based on the collected interaction data, Google assigns interest categories to your browser in order to display personalized ads.
We receive only anonymized, statistical reports from Google and cannot identify users personally based on this information.
You can prevent tracking by:
- Adjusting your browser settings to block third-party cookies
- Deactivating personalized ads via Google Ads Settings: https://adssettings.google.com/
- Using the opt-out options of initiatives such as YourAdChoices: https://optout.aboutads.info/?c=2&lang=EN
Purpose and legal basis
The use of Google Ads is based on your consent in accordance with Art. 6 sec. 1 lit. a. GDPR. You can withdraw your consent at any time with effect for the future by adjusting your preferences in the cookie consent banner.
Storage period
Conversion cookies expire after [30] days. We cannot influence the further processing or storage periods applied by Google. Details are provided in: https://policies.google.com/privacy.
Google Fonts
Type and scope of processing
To ensure consistent and visually appealing display of fonts across different browsers and devices, we use the font library Google Fonts. When visiting our website, your browser loads the required fonts into its cache to display texts correctly.
This involves a request to Google’s servers, which may result in the transmission of your IP address. We do not store or otherwise process personal data in connection with the integration of Google Fonts.
You can prevent the execution of Google Fonts by deactivating JavaScript in your browser settings or by using a browser extension such as a script blocker. Please note that this may result in reduced functionality or fallback to standard system fonts.
Purpose and legal basis
The use of Google Fonts is based on your consent in accordance with Art. 6 sec. 1 lit. a. GDPR.
Storage period
We do not store any data in connection with the use of Google Fonts. The storage duration for any data processed by Google is determined solely by Google. For details, please refer to https://policies.google.com/privacy.
YouTube
Type and scope of processing
We embed videos on our website using the “YouTube” video platform operated by Google LLC, USA. When you access a page with an embedded video, your browser automatically establishes a connection to YouTube’s servers, during which your IP address and potentially other metadata (such as browser type, time of access, referrer URL) are transmitted.
We use the “Privacy-Enhanced Mode” provided by YouTube. According to YouTube, this mode limits the collection of data and prevents cookies from being set until the video is actively played. However, data transfers to Google and YouTube partners may still occur once playback begins.
YouTube Video uses cookies and other browser technologies to evaluate user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to create reports.
If you are logged in to your YouTube account while visiting our website, YouTube can associate your viewing behavior with your personal profile. You can prevent this by logging out before accessing our website.
Purpose and legal basis
The use of the service is based on your consent in accordance with Art. 6 sec. 1 lit. a. GDPR. You can withdraw your consent at any time by adjusting your settings in the cookie banner.
Storage period
We do not control the storage duration of data processed by YouTube. For more details, please refer to Google’s Privacy Policy and the YouTube Terms of Service:
Privacy Policy: https://policies.google.com/privacy
Terms of Service: https://www.youtube.com/t/terms
Google reCAPTCHA (Contact Form 7)
Type and scope of processing
To protect our website against spam, automated abuse and malicious requests, we use Google reCAPTCHA, a service provided by Google. This service is integrated on our site in multiple contexts, including (but not limited to) web forms created using Contact Form 7.
Google reCAPTCHA analyzes the behaviour of website visitors using various technical indicators, such as IP address, browser type, operating system, referrer URL, time spent on the page and user interactions (e.g. mouse movements). This evaluation runs entirely in the background and begins automatically when a user accesses a page where reCAPTCHA is embedded. It helps distinguish whether an interaction is made by a human or an automated program (bot).
In the case of Contact Form 7, reCAPTCHA is embedded via the plugin’s native integration module. In other parts of our website, reCAPTCHA may also be integrated independently, for example to protect login or comment forms.
Purpose and legal basis
The use of Google reCAPTCHA serves the legitimate interest in maintaining the security and integrity of our website, particularly to prevent automated access and spam, pursuant to Art. 6 sec. 1 lit. f GDPR.
Where required by law, e.g. for setting cookies or similar identifiers, processing is based on your consent in accordance with Art. 6 sec. 1 lit. a. GDPR . You can withdraw your consent at any time via the cookie consent banner.
Storage period
We do not store any data collected via reCAPTCHA. The duration of any processing is determined by Google. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.
For more information about the reCAPTCHA integration in Contact Form 7, please refer to the plugin developer’s documentation: https://contactform7.com/recaptcha/
Google DoubleClick
Type and scope of processing
We have integrated components of Google DoubleClick on our website. DoubleClick is a trademark of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transmits data to the DoubleClick server with each impression as well as with clicks or other activities.
Each of these data transmissions triggers a cookie request to the data subject’s browser. If the browser accepts this request, DoubleClick sets a cookie in your browser.
DoubleClick uses a cookie ID, which is required to handle the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplication. Furthermore, it is possible for DoubleClick to record conversions through the cookie ID. Conversions are recorded, for example, if a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser’s website using the same Internet browser.
A cookie from DoubleClick does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, who Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.
Purpose and legal basis
We process your data with the help of the DoubleClick cookie for the purpose of optimizing and displaying advertising on the basis of your consent pursuant to Art. 6 sec. 1 lit. a. GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertisement. Each time you visit one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be fully available.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.
Google APIs
Type and scope of processing
We use Google Ireland Limited Google APIs, Gordon House, Barrow Street, Dublin 4, Irland to access additional services and data from Google Ireland Limited. Your IP address will be transmitted to Google Ireland Limited. Please note that a single section of this Privacy Policy is for each additional service we use from Google Ireland Limited.
Purpose and legal basis
The use of Google APIs is based on our legitimate interests, i.e. interest in optimising our online offer in accordance with Art. 6 sec. 1 lit. f. GDPR.
Storage period
The actual storage time of the processed data is not influenced by us, but is determined by Google Ireland Limited. For more information, see the privacy policy for Google APIs: https://policies.google.com/privacy.
Google CDN
Type and scope of processing
We use Google CDN to properly provide the content of our website. Google CDN is a service of the Google Ireland Limited, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offer, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer in accordance with Art. 6 sec. 1 lit. f. GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.
Font Awesome
Type and scope of processing
To ensure a consistent and visually appealing presentation of our content across different browsers, we use web fonts (specifically icons) from Fonticons Inc., USA (“Font Awesome”). The icons are loaded via a Content Delivery Network (CDN). When a page is accessed, the browser automatically connects to a Font Awesome CDN server, during which your IP address and information about the retrieved icon and time of access are technically transmitted.
According to Font Awesome, this data is used, among other things, to ensure secure CDN delivery, diagnose technical problems, and generate usage statistics. Further details can be found in Font Awesome’s privacy policy and the support section:
- Privacy Policy: https://fontawesome.com/privacy
- Support Section: https://fontawesome.com/support
We do not collect any personal data ourselves through the integration of Font Awesome.
Purpose and legal basis
The use of Font Awesome is based on our legitimate interest in accordance with Art. 6 sec. 1 lit. f GDPR, to ensure consistent, fast, and optimized presentation of our website content across browsers.
Storage period
We do not control the storage duration of the data transmitted to Font Awesome servers. For more information, please refer to Font Awesome’s privacy policy:
Privacy Policy: https://fontawesome.com/privacy
Vocal Video
Type and scope of processing
We embed videos on our website using the service Vocal Video, offered by Vocal Video, Inc., based in Walnut Creek, California, USA. When you visit a page that contains such an embedded video, your browser establishes a direct connection to Vocal Video’s servers and loads content via an embedded iFrame. In this process, your IP address, device information, browser type, and operating system are transmitted to Vocal Video. Additionally, a technically necessary session cookie is set to ensure the proper functioning of the embedded video.
Vocal Video is certified under the EU-U.S.-Data Privacy Framework, including the UK Extension and the Swiss-U.S.- Data Privacy Framework (https://www.dataprivacyframework.gov/list). The transfer of personal data to the United States is therefore based on an adequacy.
Purpose and legal basis
The integration serves our legitimate interest in providing a multimedia-enhanced and user-friendly website experience in accordance with Art. 6 sec. 1 lit. f GDPR.
Storage period
We do not store personal data in this context. Data processing takes place solely under the responsibility of VocalVideo Inc. For further information on data processing and your rights, please refer to Vocal Video’s privacy policy:
- Privacy Policy: https://vocalvideo.com/privacy
Hotel bookings via HotelMap
Type and scope of processing
Our website integrates a hotel booking section provided by HotelMap.com Limited, he Bloomsbury Building, 10 Bloomsbury Way, London, United Kingdom, WC1A 2SL. When you visit a page with this booking section, a script is loaded from HotelMap’s servers, and a connection is established. Personal data such as your IP address, device type, browser details, and possibly location data may be transferred – even if you do not make a booking.
Please note that by completing a booking, you are entering into a direct contractual relationship with either the hotel or the booking provider; not with us.
According to its privacy notice, HotelMap’s main servers are located in Ireland (EU). However, access to personal data may also take place from other countries, including the United Kingdom. HotelMap states that it applies UK-approved data transfer mechanisms and safeguards to ensure an adequate level of data protection in line with UK law.
Purpose and legal basis
This integration serves the legitimate interest of offering a user-friendly hotel booking service, pursuant to Art. 6 sec. 1 lit. f GDPR.
HotelMap’s use of cookies and similar technologies is based on your consent, pursuant to Art. 6 sec. 1 lit. a GDPR. You can provide or withdraw this consent via our cookie consent banner when first visiting our website.
Storage period
We do not store personal data in this context. The processing is carried out solely by HotelMap under its own responsibility. Please refer to HotelMap’s privacy notice for information on retention periods:
Privacy Notice: https://www.hotelmap.com/Terms/popup?option=PPC