1. Information on the collection of personal data
(1) We would like to inform you by the following about the processing of your personal data when you use our website. Personal data are all data that refer to you personally such as your name, address, email address, user conduct.
(2) The body responsible for the data processing – that is the “Controller” in terms of Art. 4 subs. 7 EU General Data Protection Regulation (GDPR) – is:
UNIVERSIDAD DE CASTILLA LAMANCHA
ALTAGRACIA, Nº 50 13003, CIUDADREAL, CIUDAD REAL (SPAIN)
(3) If you contact us by email, we will process the data you transfer to us (if you send us an email these data usually comprise your email address and your first name and last name) to be able to answer your questions. The legal basis for the processing is Art. 6 subs. 1 sentence 1 b) and f) GDPR. We will delete the data we process in this context when the processing is no longer necessary or, if the law provides for retention obligations to be observed, we will restrict the processing of the data. You may issue a separate declaration of consent if you agree to a longer storage of your data for the purpose of contacting you and answering your queries.
(4) In case we engage third-party service providers to perform or implement any individual features of the services we offer or in case we want to use your data for advertising purposes, we are going to inform you about the details of the relevant processes hereinafter. We are also going to inform you about the applicable criteria governing the duration of the storage.
(5) In case the service providers or partners we engage are domiciled in a country outside the European Economic Area (EEA), we are going to specifically inform you hereinafter about the consequences of that fact.
2. Your rights
(1) You are entitled to the following rights relating to our processing of your personal data:
- Right of access/ right to information,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
You may at any time obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where this is the case, you have the right to obtain access to, and specific information about which of, your personal data we have stored. You may for such purpose send an email to firstname.lastname@example.org.
Right to object: In addition, where the legal requirements are fulfilled, you may object to the processing of your data: If and to the extent, for the purposes of processing your data, we rely on any overriding interest justifying the processing, you may object to the processing. This is in particular the case where the processing is not necessary for performing a contract with you; we will inform you about that from time to time in the description of the relevant features. In case you exercise your right to object, we kindly ask you to state the reasons why we should abstain from processing your personal data in the way we do. If your objection is justified, we will consider the situation and cease or adjust the processing of your data or explain to you the compelling legitimate grounds why we have to continue the processing.
If you have consented to the processing of your data, you may withdraw your consent at any time. The withdrawal will only affect the lawfulness of the processing of your personal data for the time after you have given notice of the withdrawal to us.
In addition, you are entitled to rectification, restriction of processing or erasure of your personal data we collect and process. Where the conditions specified in Art. 20 GDPR are fulfilled, you are also entitled to data portability, i.e. you have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without any hindrance by us.
If you want to exercise your rights under data protection law, please use the contact data stated in our legal notice.
(2) If you have any further questions, recommendations or complaints regarding our data protection information and the processing of your personal data, you may contact our office manager directly under email@example.com.
Moreover, without prejudice to any other administrative or judicial remedy available to you, you have the right to lodge a complaint with a (data protection) supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
(3) We do not carry out any automated individual decision-making including profiling.
3. Collection of personal data when you visit our website
(1) If you use our website for mere information purposes, which means that you do not register or otherwise transfer information to us, we will only collect the personal data which your browser transfers to our server. If you want to view our website, we will collect the following data which are necessary for us in technical respect to display our website to you and ensure stability and security (the legal basis for this is Art. 6 subs. 1 sentence 1 f) GDPR):
- IP address
- Date and time of the request
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- State of access / HTTP status code
- Access and error logs
- Data volume transferred from time to time
- Website from which the request is made
- Browser including browser fingerprint
- Operating system and its surface
- Language and version of the browser software.
The data are processed for the purpose of monitoring the serviceability of our website (including, among other things, the number and places of access), for error correction and also for safety reasons. We store the data for a period of 30 days, thereafter they are deleted automatically.
(2) In addition to the aforesaid data, cookies are stored on your computer when you use our website. Cookies are small text files that are allocated to the browser you use and stored on your hard drive and which provide the body that sets the cookies (namely us) with certain information. Cookies cannot execute programs or infect your computer with viruses. They help render the presentation of services on the Internet as a whole more-user friendly and more efficient.
- This website uses the following types of cookies the scope and functionality of which is described hereinafter:
- Transient cookies (see b.)
- Persistent cookies (see c.).
- Transient cookies are deleted automatically when you close the browser. They include but are not limited to session cookies which store a so-called session ID that enables different requests from your browser to be allocated to a specific session. This enables us to recognize your computer when you come back to our website. The session cookies are deleted when you log out or close the browser.
- Persistent cookies are deleted automatically after the expiry of a pre-defined period of time which may vary, depending on the type of cookie used. You can delete the cookies in the security settings of your browser at any time.
- You can set your browser as you think appropriate and, for instance, refuse acceptance of all cookies or cookies that are used by third parties (so-called third-party cookies). Please be aware that when you deactivate cookies you might be prevented from using all functions and features of this website.
- No personalized user profiles are created for advertising purposes, e.g. for targeted display of advertisements or for recognition of the user when he or she comes back to the website or for market research purposes.
4. Additional functions, features and services offered on our website
- In addition to the mere informatory use of our website, we offer different services which you can use if you are interested in them. For such purpose, you are usually required to enter further personal data which we use to provide the relevant service, and which are subject to the afore-mentioned principles of data processing.
- Moreover, we may transfer your personal data to third parties when we offer contract conclusions or similar services together with our partners. You will obtain more detailed information when you enter your personal data, or in the relevant service description.
5. ECSS user account
(1) When you create an ECSS user account (whether for members or non-members) under the menu item “log-in“, the data you enter there will be stored. Required fields are clearly marked, all other information is voluntary. The legal basis for this is Art. 6 subs. 1 sentence 1 b) and f) GDPR. You cannot create a user account without providing the complete and correct basic data because we are in need of these data to identify you. You are not required to provide any voluntary information.
If you use the user account to enter into a contract with us, for instance for participation in an event, you will be required to provide your personal data for the purpose of contract conclusion. Any required information which is necessary for contract conclusion is specifically marked, any further information can be provided voluntarily. We process the data you provide for the purpose of performing the contract with you. The legal basis for this Art. 6 subs.1 sentence 1 b) and f) GDPR.
If you use the user account for filing a written contribution, it is necessary for the purpose of further processing of your contribution that you provide your personal data. Any required information which is necessary for the processing is specifically marked, any further information can be provided voluntarily. We process the data you provide for the purpose of handling, auditing/perusing and, if applicable, for consideration and publication of your contribution. The legal basis for this is Art. 6 subs. 1 sentence 1 f) GDPR or Art. 6 subs. 1 sentence 1 a) GDPR, if we obtain your consent.
(2) We only collect and process the data which are necessary for the aforesaid purposes. If you do not provide the data (which are marked as required fields), we cannot implement the relevant measure. You need not fill in any fields that are marked optional.
(3) You may via your account obtain access to (depending on how you use the account), among other things, the
- Account ID
- ECSS status
- Last account modification
- Payment history
- Congress history
- myMembership administration
- Modify/Update myECSS account details
- Print myECSS membership payment receipt
- Unsubscribe from ECSS Newsletter
- Submit my proposal
We process the data required for this purpose.
(4) As modes for payment we offer Visa, MasterCard and Maestro. Bank transfer and payment against invoice are not possible.
(5) The personal data are transferred to internal bodies if and to the extent they are required there for proper task performance. In some cases, we engage external service providers for processing personal data. We have carefully selected and engaged them and they are bound to our instructions and audited at regular intervals. We may from time to time transfer personal data to our bank and payment service providers for the purpose of contract performance if and to the extent this is necessary for providing the services you request. We may also transfer personal data to third parties if we provide contract performance, event organization or similar services together with our partners. We may also from time to time transfer personal data to legal representatives or competent courts and authorities.
6. Google Analytics
(1) This website uses the web analysis service “Google Analytics“ of Google Inc. (“Google”). Google Analytics uses so-called cookies which are small text files which are stored on your computer such that Google is able to analyse how you use our website. The information generated by the cookies about how you use this website is usually transferred to a server of Google Inc. in the USA and stored there. However, if the IP anonymization is activated on this website, Google will shorten your IP address within EU Member States or in any other country party to the Agreement on the European Economic Area prior to the transfer. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google, acting upon the instruction of the operator of this website, will use the information to analyse how you use the website, to compile reports on the website activities and render to the website operator additional services that are related to the use of the website and the use of the Internet.
7. Links to social media
We currently set links to the following social media pages: Facebook, Twitter, Youtube, LinkedIn, Instagram. You can identify the respective social media provider by the mark in the box above the provider’s initial or by the provider’s logo.
We offer you the opportunity to directly communicate with us via our social media pages by clicking the button. You may also use the links to interact with the social networks and other users such that we can improve the services we offer and render them more interesting for you as a user. The legal basis for this is Art. 6 subs. 1 sentence 1 f) GDPR. If a service provider asks you to consent to the data processing (i.e. if you give your consent by ticking a checkbox or clicking a button), the legal basis for the processing will be Art. 6 subs. 1 sentence 1 a) GDPR.
The social media providers may also collect other data from time to time. For the time being, we can neither influence the collected data or the data processing activities nor are we fully aware of the scope of data collection, the purposes of the processing and the duration of data storage. We do not know about the deletion of the collected data by the social media providers either.
The social media provider stores the data collected from you as user profiles and uses them for the purposes of advertising, market research and/or customized design of the provider’s website. This analysis serves in particular (also with regard to users who are not logged in) to provide customized advertising and inform other users of the social network about your activities on our social media site. You may object to the preparation of the user profiles; if you want to exercise your right to object, you have to address your objection to the relevant social media provider.
As far as we know (and for Facebook, Facebook itself confirms) that the data are transferred regardless of whether or not you have an account with the social media provider or are logged in there. When you are logged in to the social media provider, the data we have collected from you are directly allocated to your account with the social media provider. We recommend that you always log out after you have used a social network and especially before you activate the button because thereby you can prevent the allocation of the information to your profile with the social media provider.
Further information on the purpose and scope of data collection and data processing by the social media provider is available in the privacy policies of these providers at the addresses listed below. They also contain further information on your rights and the possible settings to protect your privacy.
Addresses of the relevant social media providers and URL and the information they provide on data protection:
Facebook Inc., 1601 5 California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php
Facebook agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
Linkedln agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy .
Twitter agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Facebook agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Google processes your personal data also in the USA and agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
8. Further information on our Facebook fan page
(1) We have our own page on Facebook; The company is Facebook Inc., 16015 California Ave, Palo Alto, California 94304, USA resp. Facebook Ireland Limited 4, GRAND CANAL SQUARE, GRAND CANAL HARBOUR, D2 Dublin, IRELAND.
(2) If you visit our fan page, you can read our contributions, react to, or comment on, them, create a user post yourself and send us personal messages with your personal concerns. We use the data which you provide on that occasion and which we may be able to access (e.g. Facebook user name; images; interests, if available; contact data) for no purposes other than communication with customers and potential customers; this use is based on an overriding legitimate interest (Art. 6 subs. 1 sentence 1 f) GDPR). Our interest consists in offering a platform to you where we can provide you with current information and which you can use to communicate your requests to us such that we can deal with your requests as quickly as possible. If the operation of the fan page is terminated, we will delete your data if and to the extent this is possible for us.
(3) Facebook agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
(4) We obtain statistical data from “Facebook Insights“ about the visitors on our Facebook pages. We cannot allocate them to a certain individual. The feature helps us to better analyze our pages and adapt them to the requirements and interests of our visitors. For the purposes of this feature, Facebook processes personal data. We thereby obtain in particular the following general summaries (including the relevant dates) regarding the visitors of our Facebook fan page: page activities; page views; page previews; “Likes”; reach; recommendations; interaction with respect to contributions; videos; page subscribers; demographic data collected from the persons who like our page, based on their profile data regarding their age and sex; home country and number of fans there; city and number of fans there; language and number of fans of that language; organic/ paid. We can also see when a certain Facebook user has “liked”, or subscribed to, any of our Facebook pages. We can also allocate comments on our Facebook pages to individual users. We use the personal data to which we may have access for no purposes other than communication with customers and potential customers; this use is based on an overriding legitimate interest on our part (Art. 6 subs. 1 sentence 1 f) GDPR).
(5) The Facebook pages offer different means to contact us for different purposes. If you use any of them to transfer data to us, we will use these data exclusively for processing your request. The legal basis for this is Art. 6 subs. 1 sentence 1 b) and f) GDPR. Any messages will be deleted after the request has been settled at the latest unless retention of the message is required for other reasons.
(6) We do not use the fan page for performing any data processing beyond the basic functions and features. Please be aware that Facebook Ireland Limited may use tracking tools and cookies, independently of our use of the fan page. More detailed information on this issue is available in the privacy policies of Facebook referred to above.
(7) Further information and policies of Facebook regarding data protection and privacy are available at the addresses listed in § 7 (7) above. Information on the possible settings regarding the processing of personal data by Facebook is available, for instance, under the menu item “Settings” in your Facebook profile.
- Facebook Ireland Limited and we are joint controllers. The arrangement in terms of Art. 26 GDPR (joint controllers) between us and Facebook is available at https://www.facebook.com/legal/terms/page_controller_addendum#. Facebook Ireland has primary responsibility according to the GDPR for the processing of Insights data and is obliged to fulfil all duties stipulated by the GDPR regarding the processing of Insights data (including but not limited to the duties under Articles 12 and 13 GDPR – Information duties –; Articles 15 to 22 GDPR – rights of data subjects –; and Articles 32 to 34 – Data security and reporting of data breaches –).
- You may exercise your rights listed in § 2 above (“Your rights“) at any time at no expense to you by sending an appropriate message to our contact data stated above. If you contact us for the processing of Insights data and the duties assumed by Facebook Ireland, we will be obliged to pass all relevant information on to Facebook Ireland without undue delay (“unverzüglich”) but no later than within 7 calendar days, and Facebook will then respond to your request. You may also contact Facebook Ireland Limited 4, GRAND CANAL SQUARE, GRAND CANAL HARBOUR, D2 Dublin, IRELAND, directly for the assertion of your rights. Please be again aware of the following: We have a legitimate interest in operating our Facebook pages to ensure effective marketing via a platform that is used all over the world; pursuant to Art. 21 subs. 1 GDPR, you have the right at any time to object, on grounds relating to your particular situation and with effect for the future, to the processing of your personal data for the aforesaid purpose, see § 2 above.
9. Integration of YouTube videos
(1) We have embedded YouTube videos in our online presentation in order to improve our service presentation and render it more interesting for you as a user. The videos are stored on http://www.YouTube.com and can be started and played back directly from our website. The legal basis for this is Art. 6 subs. 1 sentence 1 f) GDPR.
Google processes your personal data also in the USA and Google agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
(1) You can subscribe to our newsletter by giving your consent to the newsletter transmission; we will then send you the newsletter to inform you about our current interesting offers and activities. The offers and activities advertised in the newsletter are specified in the declaration of consent.
(2) The only required field which you must necessarily fill in to receive the newsletter is your email address. The entry of any other specifically marked data is voluntary. After you have confirmed the subscription, we will store your email address for sending you the newsletter. The legal basis for this is Art. 6 subs. 1 sentence 1 a) and f) GDPR.
(3) You may at any time revoke your consent to the transmission of the newsletter; for such purpose, you may either send an email to firstname.lastname@example.org or send a message to the contact data stated in the legal notice. You will also find a hyperlink at the end of every email by which you can unsubscribe very comfortably.
(4) Please be aware that, when we send the newsletter, we only collect (non-personal) data about the delivery of the newsletter and about whether the newsletter was opened and whether the links contained in the newsletter were clicked. We do not create user profiles.
12. Changes to our data protection regulations
13. SSL or TLS encryption
On our website, we use SSL or TLS encryption for security reasons and to protect the transmission of confidential information such as requests which you send to us as the website operator. You can see that the connection is encrypted by the address line of the browser changing from “http://” to https:// and also by the lock symbol in your browser line.
Whenever the SSL or TLS encryption is activated, third parties are unable to read the data you transfer to us.
We use technical and organizational security measures to protect your data which we have stored against manipulation, loss, destruction and against access by unauthorized third parties. Our security measures are improved continuously according to the technological progress.