Privacy policy – djo Sachsen

Privacy policy
Thank you for visiting our website. In the following, we inform you which data is collected and how it is used by us. To this end, technical and organisational measures are taken to implement the requirements of data protection legislation, both by us and by the external service providers we commission.

§1 Name and contact details of the data controller
The responsible party according to Art. 4 No. 7 EU General Data Protection Regulation (DS-GVO) is:

djo-German Youth in Europe, Landesverband Sachsen e.V.

Großenhainer Str. 99

01127 Dresden

§ 2 Information on the collection and storage of personal data as well as the type and purpose of use:
(1) Access data

When you visit our website, if you do not transmit information to us in any other way, we only collect the personal data that your browser transmits to our server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

IP address
Date and time of the request
Time zone difference to the coordinated universal time (UTC)
Request transmitted by the web browser, consisting of request method (e.g. GET), requested page or resource, protocol version (e.g. HTTP/1.1)
access status/HTTP status code (e.g. 404 for “page not found”)
amount of data transferred in each case
Page from which the currently displayed page was called up or the resource was included (if your web browser transmits this information)
Browser identification, consisting of name, manufacturer, version and language of your browser software, as well as operating system and its version (if your web browser transmits this information).
The aforementioned data is collected for the purpose of displaying our website to you and ensuring stability and security. The legal basis is Art. 6 para. 1 letter f DS-GVO. Our legitimate interest follows from the aforementioned purpose of the data collection.

We also use cookies. You can find more detailed explanations under § 4 of this data protection declaration. We provide information on data processing when using social media applications in § 5 of this data protection declaration.

(2) Registration form to register for our events

You can register for seminars and events on our website. When you use our registration form, the following information – assuming you have given your consent – will be stored:

E-mail address
Name
IP address
Date and time of registration and confirmation
In order to be able to process your registration, we collect and process the following of your data:

Mandatory fields: First name, last name, date of birth, email address

Optional fields: Gender, street, postcode, city, telephone, organisation/youth group, role in the organisation, special dietary needs, other details.

After your registration, we collect the data in the content management system of our website and export the data from the website to our local database for further processing.

We use your data for the organisation of the seminar or event; among other things

we may use your contact details (surname, first name, e-mail address) to contact you or to send you materials relevant to the event (e.g. programme, results of the seminar)
to ensure the smooth running of the seminar or event on site (gender for room allocation, dietary requirements for catering).
The above-mentioned data is collected for the purpose of allocating the enquiry to you and answering it. The legal basis is Art. 6 para. 1 letter a) DS-GVO.

The legal basis for the processing of registration data is the fulfilment of a contract Art. 6 para. 1 lit. b) DS-GVO. Our offers are supported by public funds. The proof of use of these earmarked funds requires, among other things, the transmission of personal data (usually surname, first name, age, address, signature) of the participants to the funding bodies. By registering, the participant agrees to provide and forward this data.

We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the various storage periods provided for by law. For personal data, as long as there are no other retention periods, 6 years or 10 years (contractual documents) are stipulated in accordance with the German Fiscal Code (Abgabenordnung).

Pictures are taken at our events and seminars and published as part of our public relations work for reporting on the homepage of the djo-Saxony, in social media and in the magazine of our federal association “PFEIL”. The legal basis for the use of the image recordings is Art. 6 para. 1 letter f) DS-GVO (protection of legitimate interests).

(3) Information on the processing of member data and data of board members

We process the following data of our members or board members:

First name, last name, membership organisation, address, function, telephone numbers, e-mail address.
Your personal data is processed on the basis of the data protection regulations, especially the EU General Data Protection Regulation (DS-GVO). The aforementioned data is collected to implement the purpose of the association – promotion of youth work and implementation of measures – in order to enable the association to function in a regulated manner. The legal basis is Art. 6 para. 1 letter f) DS-GVO. Our legitimate interest follows from the aforementioned purpose of the data collection.

We process and store your data only for as long as is necessary for processing or to comply with legal obligations. After the purpose of processing no longer applies, your data will be blocked or deleted. If there are additional legal obligations to store your data, we will block or delete your data upon expiry of the legal storage periods.

(4) Contacting us by e-mail

We would like to point out that data transmission on the Internet (e.g. when sending messages by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

(5) Data protection for applications

The data controllers collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also take place electronically. This is particularly the case if an applicant sends the relevant application documents to the controllers electronically, for example by e-mail. If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the notification of the rejection decision, provided that no other legitimate interests of the data controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

(6) Protection of minors

Persons under the age of 16 should not submit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people under the age of 16. We do not knowingly collect such data or pass it on to third parties.

§ 3 Passing on of data
The data collected via our website is processed at the djo-Deutsche Jugend in Europa, Landesverband Sachsen e.V. by the responsible person and may be forwarded to commissioned service providers or cooperation partners for individual functions of our offer. Personal data will not be transferred to third parties for purposes other than the following. We only pass on your data to third parties if:

you have given your express consent in accordance with Art. 6 (1) a) DS-GVO,
the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 para. 1 lit. f) DS-GVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
if the disclosure is required by law pursuant to Art. 6 para. 1 lit. c) DS-GVO a legal obligation exists.

§ 4 Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

Use of cookies

Transient cookies: Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website.
Persistent cookies: Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. We use such cookies to statistically record the use of our website and to optimise our offer. In doing so, the cookies enable us to automatically recognise that you have already been to our website when you visit it again.
You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) f DS-GVO.

§ 5 Social media
(1) Data protection provisions on the use of social media plug-ins

We currently use the following social media plug-ins: Facebook, Google+. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can identify the provider of the plug-in by the logo on the respective button. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under § 2 para. 1 of this data protection declaration are transmitted. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA) (in the case of Facebook, according to the provider in Germany, the IP address is anonymised immediately after collection). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.

We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

The plug-in provider stores the data collected about you as a usage profile and uses this for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 letter f DS-GVO.

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you to avoid an assignment to your profile with the plug-in provider.

For further information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

Addresses of the respective plug-in providers and URL with their data protection notices:

Facebook plug-ins (Like button)

Plugins of the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) are integrated on our pages. You can recognise the Facebook plugins by the Facebook logo or the “Like button” (“Like”) on our page. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/. When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in facebook’s privacy policy at http://de-de.facebook.com/policy.php. If you do not wish Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Further information on data collection:

http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications

and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Maps
We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under § 2 para. 1 of this privacy policy will be transmitted. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Google Maps is used in the interest of making it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DS-GVO.

Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

§ 6 References to external websites (links)
Links to external websites displayed on our website may collect user data when you click on them or otherwise follow their instructions. We have no control over the information collected voluntarily or involuntarily through advertisements or third party websites. We generally recommend that you review the privacy policies of websites if you have concerns about the collection and use of your information.

§ 7 Data Security
The djo-German Youth in Europe, Landesverband Sachsen e.V. takes appropriate technical and organisational measures to store your personal data in such a way that it is not accessible to third parties. Our employees and the service companies commissioned by us are obliged by us to maintain secrecy towards third parties and to comply with the provisions of data protection legislation. To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

§ 8 Data subject rights
You have the following rights with regard to the personal data concerning you:

Right to information about your personal data processed by us (Art. 15 DS-GVO).
Right to rectification of incorrect or incomplete personal data stored by us (Art. 16 DS-GVO)
Right to erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (Art. 17 DS-GVO)
Right to restriction of processing insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 DS-GVO (Art. 18 DS-GVO)
Right to data portability (Art. 20 DS-GVO)
Right to object to processing (Art. 21 DS-GVO)
To revoke your consent once given to us at any time (Art. 7 (3) DS-GVO). This has the consequence that we may no longer continue the data processing based on this consent in the future, as well as
complain to the competent supervisory authority (Art. 77 DS-GVO). The competent supervisory authority is the Saxon Data Protection Commissioner, Postfach 120016, 01001 Dresden, saechsdsb@slt.sachsen.de, www.datenschutz.sachsen.de.
§ 9 Legal basis of processing
We process personal data within the framework of data protection law.

Contract fulfilment
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I lit. B) DS-GVO.

Safeguarding legitimate interests

We process your personal data if this is necessary to safeguard our interests or the interests of third parties and your interests do not outweigh our interests. Our offers are supported by public funds. Proof of the use of these earmarked funds requires, among other things, the mandatory transmission of personal data (surname, first name, age, address, signature) of the participants to the grant providers. By registering, the participant agrees to provide and forward this data.

Fulfilment of a legal obligation

If our association is subject to a legal obligation through which the processing of personal data becomes necessary, the processing is based on Art. 6 I lit. c) DS-GVO.

Processing on the basis of consent

Art. 6 I lit. a) DS-GVO serves our association as the legal basis for processing operations in which we obtain consent for a specific processing purpose.

§ 10 Legitimate interests in processing pursued by the controller or a third party.
If the processing of personal data is based on Article 6 I lit. f) DS-GVO, our legitimate interest is the performance of our business activities. No further transfer of personal data to other third parties will take place unless this is permitted by law or the user has consented to the transfer of data.

§ 11 Duration for which the personal data are stored
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

§ 12 Automated decision-making or profiling
The djo-German Youth in Europe, Landesverband Sachsen e.V. does not use automated decision-making or profiling.

§ 13 Right of objection
Insofar as we base the processing of your personal data on the exercise of legitimate interests (Art. 6 (1) (f) DS-GVO), you may object to the processing. When exercising such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time.

You can inform us of your objection at the following contact details: info@djo-sachsen.de or at: djo-Deutsche Jugend in Europa Landesverband Sachsen e.V., Datenschutzbeauftragte, Bautzner Str 45, 01099 Dresden.

§ 14 Up-to-dateness and amendment of this data protection declaration
This data protection declaration is currently valid and has the status May 2018.

Due to the further development of our website and the offers we make available via it, or due to changes in legal or official requirements, it may become necessary to amend this data protection declaration. The new data protection declaration will then apply to your next visit.