Information on data processing in accordance with the General Data Protection Regulation (GDPR).
I. General Information
1. Controller 2. Joint controllers at events 3. Data Protection Officer
II. Information on personal data that are processed by SPECTARIS
4. Purpose of data processing and legal bases 5. Categories of personal data that are processed 6. Recipient categories 7. Periods for which your data will be stored 8. Rights of data subjects 9. Right to withdraw consent, right to object 10. Right to lodge a complaint with a supervisory authority 11. Sources
III. Information on personal data processed by SPECTARIS and by third parties when you use the functions of this website, by communication services and processors; Information on possible threats if the data are transmitted to third countries
12. Contact form, newsletter and subscription 13. Cookies and plug-ins 14. Communication services 15. Transmission to third countries, information on possible threats 16. Consent 17. Individual processors and companies 18. Hyperlinks
1. Controller, contact data
The controller for the processing of personal data by SPECTARIS is „SPECTARIS - Deutscher Industrieverband für Optik, Photonik, Analysen- und Medizintechnik e.V.“ (hereinafter referred to as: SPECTARIS).
Werderscher Markt 15 D-10117 Berlin Telephone +49 (0)30 41 40 21-0 Fax +49 (0)30 41 40 21-33 E-mail: info www.spectaris.de
2. Joint controllers at events, contact data
SPECTARIS informally supports services offered by SPECTARIS GmbH the latter provides in connection with events recommended by SPECTARIS. SPECTARIS and SPECTARIS GmbH process personal data related to such events as joint controllers and jointly fulfil the obligations towards the data subjects stipulated in the GDPR regarding these data. This data protection information apply to SPECTARIS GmbH to the extent indicated.
Contact data of SPECTARIS GmbH:
3. Data protection officer, contact data
SPECTARIS Data Protection Officer
Werderscher Markt 15 D-10117 Berlin Telephone: +49 (0)30 41 40 21 - 19 Fax: +49 (0)30 41 40 21 - 33 E-mail: datenschutz
The data protection officer is the point of contact for all data topics regarding the processing of their personal data that was made jointly with SPECTARIS GmbH as stipulated in no. 2 above.
II. Information on personal data that are processed by SPECTARIS
4. Purpose of data processing and legal bases
4.1. SPECTARIS processes personal data as follows
• in order to promote the purpose of its association in accordance with section 2 of its articles of association, namely to support the industrial sectors of optic, medical and mechatronic technologies, in this case in particular the areas of consumer optics, photonics, medical technology, biotechnology and laboratory technology. Such support is provided, without limitation, by informal, communicative and organisational measures such as the exchange and provision of information, of contacts and of market access, actors’ and interested parties’ networks, organisation of events and public relations. Such support is mainly provided to the SPECTARIS member companies and their employees, to actors and interested parties of the stated sectors, other market participants, scientists, politicians, public authorities, the society and the general public;
• in order to establish, manage or terminate memberships;
• in order to establish, manage or terminate employments;
• in order to establish, manage or terminate other contractual relationships;
• in order to fulfil obligations resulting from statutory provisions relating to the above-named purposes, including without limitation tax, social insurance, regulatory or statutory provisions.
4.2. SPECTARIS GmbH processes personal data collected in accordance with no. 2 above for the organisation and communication of and invitation to events.
4.3. The data are processed for the purposes stipulated in no. 4.1 and 4.2 as follows
• based on the data subject's consent (cf. Article 6(1)(a) of the GDPR),
• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (cf. Article 6(1)(b) of the GDPR),
• processing is necessary for the purposes of the legitimate interests pursued by SPECTARIS or by a third party (cf. 4.4), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (cf. Article 6(1)(f) of the GDPR), or
• processing is permitted or required based on other legal provisions.
4.4. SPECTARIS’ legitimate interests include, without limitation, the promotion of the above-stated purpose of the association.
SPECTARIS GmbH’s legitimate interests include, without limitation, the promotion of its company purpose, in particular the organisation of events recommended by SPECTARIS.
Legitimate interests of third parties include, without limitation, the interests of SPECTARIS’ member companies and their employees as well as the interests of persons and companies in the industrial sectors of optic, medical and mechatronic technologies that are informed and supported by and included in networks of economic, scientific, political actors, public authorities and the society and consumers relating to the economic sectors represented by SPECTARIS, to the technology produced in these sectors and related developments, progress and subsidy tools.
In addition, legitimate interests of third parties include the interests of contractual partners of SPECTARIS and SPECTARIS GmbH, including their employees, to initiate or execute contractual relationships with SPECTARIS relating to or in connection with the promotion of the purpose of the association and/or relating to the organisation of and participation in events.
5. Categories of personal data that are processed
Names of company, names and other designations of natural and legal persons, their contact data (such as addresses, telephone and fax numbers, e-mail addresses, etc.), the data necessary for payment transactions (such as banking and account data, etc.), data required for financial and payroll accounting (such as date of birth, tax or social insurance numbers) and other personal data service the purpose of processing stipulated in no. 4 above.
Biometrical data of natural persons (voices, faces or other physiognomic features) are also used if such means are used for the communication by audio and video functions (telephone and video conferences, video telephony, webinars, web conferences, etc.).
6. Categories of recipients, processors
6.1. Natural and legal persons with which SPECTARIS cooperates, communicates or is contractually or otherwise connected in order to promote the purposes of processing stipulated in no. 4, including without limitation SPECTARIS member companies, their employees and the third parties mentioned therein and the general public.
6.2. SPECTARIS uses processors, including without limitation for its electronic communication. These processors include without limitation providers of communication services, of databases or communication software and providers of cloud services for the hosting of such software. For such purpose, personal data will be transmitted to these processors to the extent necessary. These processors are subject to SPECTARIS’ instructions regarding the manner in which these data are processed and are obliged to erase these data after completion of the communication purpose and/or upon SPECTARIS’ instructions, unless otherwise regulated by statutory provisions or by instructions given by public authorities based on such provisions. In addition, there may be other regulations for processors whose registered office is not in an EU member state. These different regulations are expressly stated in no. III.
7. Periods for which your data will be stored
SPECTARIS stores personal data for as long as the data subject gave their consent and/or the data are necessary to fulfil the purpose of processing and as stipulated, required and/or permitted in accordance with the legal bases stated in no. 4.
If these requirements cease to exist, the data will be erased.
The storage period and erasure of the data are subject to the condition precedent that there are no statutory regulations requiring or permitting otherwise regarding their retention or erasure.
8. Rights of data subjects
The data subjects whose personal data are processed have a right of access to their personal data, to rectification, erasure, to restriction of processing and to portability thereof.
9. Right to withdraw consent, right to object
Data subjects who gave their consent to the processing of their personal data by SPECTARIS may withdraw such consent at any time.
To the extent these data are processed in SPECTARIS’ or any third party’s legitimate interests, the data subjects are also entitled to object to such processing on grounds relating to their particular situation.
Such objection is to be made in writing or in text form and to be directed to SPECTARIS to the contact data stipulated in no. I(1).
10. Right to lodge a complaint with a supervisory authority, legal remedies
Data subjects are entitled to lodge a complaint with a supervisory authority in the member state of their place of residence, their workplace or of the place where the presumed violation occurred, if they are of the opinion that the processing of their personal data is a violation of the GDPR. In addition, they have the right to an effective judicial remedy where they consider that their rights under the GDPR have been infringed as a result of the processing of their personal data in non-compliance with the GDPR.
SPECTARIS processes personal data as follows
• based on the information provided by the data subject and/or by the recipients as stipulated in no. 6, including without limitation with regard to the communication relating to the promotion of the purpose of the association such as communication via electronic means, mail or personal contact (business cards) to the extent such communication is not expressly or clearly made for purely private purposes;
• from public sources, including without limitation lists containing information on companies, public authorities or persons which are made public either voluntarily or based on statutory provisions, e.g. the company information on websites or in social media or public registers/lists.
III. Information on personal data processed by SPECTARIS and by third parties when using the functions of these websites, by communication services and processors; Information on possible threats if the data are transmitted to third countries
12. Contact form, newsletter and subscription
Data entered into our contact form (https://www.spectaris.de/verband/kontakt), for the subscription to our newsletter (https://www.spectaris.de/verband/newsletter-verband) or for the registration of a user account (https://www.spectaris.de/registrierung) will be processed by SPECTARIS under the circumstances stipulated in nos. 1-11 above.
13. Cookies and plug-ins
The programs showing our website on the domain https://www.specctaris.de and its sub-domains when these pages are visited using a web browser and that are stored on our web server (our websites), use so-called cookies and plug-ins. Cookies and plug-ins are files or functions that are able to place or exchange information between our website and/or web server and the visitor’s web browser, and/or programme elements placed on our website by the operators of other websites, e.g. social media, which establish a connection to the servers of these operators of other websites and thus the exchange of information collected during the visit on our website, such as IP addresses. These cookies and plug-ins are provided by the processors and companies stated in no. 17 and the use thereof is the basis of the processing of data by these processors and companies.
14. Communication services
We use the services of the processors and/or companies listed in no. 17 for the purposes of communication in accordance with no. 6.2 and no. 12. These processors and/or companies process the personal data indicated in no. 5 and no. 13 for such purposes,
including without limitation the data entered into the registration form for one of our events (https://www.spectaris.de/verband/termine).
15. Transmission to third countries, information on possible threats
Data processing activities as stipulated in no. 13 and no. 14 include the transmission of data to processors and companies whose seat is not in one of the EU member states (third countries).
Please note that this may include processing of personal data such as IP addresses or biometrical data beyond our sphere of influence (e.g. profiling). These processing activities are subject to the statutory provisions applicable in that third country. There is neither an adequacy decision by the EU Commission nor are there suitable safeguards in accordance with the GDPR. This means that there are general legal and actual risks for the data subject, including without limitation, regarding the establishment and exercise of legal claims and rights, in particular with regard to their personal data.
We do not process the data in accordance with nos. 12-15 unless you gave your express consent by clicking on the appropriate button.
In addition, we use plug-ins of social media providers only in connection with a so-called „ePrivacy Keeper-solution“. This application prevents the plug-ins from transmitting data to the providers as soon as you enter our website. After you activated the plug-in by clicking on the relevant button, the direct connection to the provider's server will be established (consent).
In addition, you may prevent the installation of cookies by adjusting the relevant settings of your browser. In order to prevent the installation of cookies, please select “do not accept cookies” in your browser settings. If the browser does not accept any cookies, you may not be able to fully use all functions offered by our website.
17. Individual processors and companies
17.3. This website uses the open source web analysis service Matomo. Matomo is an open source platform, distributed by the main developers listed at https://matomo.org/team/. We use Matomo in a self-hosted version. Matomo does not use any cookies. The IP address is anonymised before it is transmitted. The operator of the website has a legitimate interest in the anonymised analysis of the user behaviour in order to optimise its website and marketing activities. Such information on the use of that website will not be disclosed to any third party.
17.5. Our website uses plug-ins provided by YouTube for the integration and presentation of video contents. The operator of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages where a YouTube plug-in is included, a connection to the YouTube servers will be established, and YouTube is informed of the pages you accessed. YouTube is able to link your browsing behaviour to your personal profile if you are logged into your YouTube account. You may prevent this by first logging out from your YouTube account. We are not informed of the contents of the transmitted data and their use by YouTube.
17.6. For surveys, we use the services offered by SurveyMonkey Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge, Dublin 4, Ireland, a company of SurveyMonkey Inc., 1 Curiosity Way, San Mateo, California 94403, USA. If you have already established a business contact with us and provided us with your e-mail address for contact purposes, we may use your e-mail address in order to invite you to these surveys. If you participate in a survey, SurveyMonkey collects information on the device and the application you use to participate in the survey. Such information includes your IP address, the version of your operating system, the type of your device and information on system and performance and type of browser.
SurveyMonkey will use such information in our name to analyse customer satisfaction surveys. For this purpose, cookies, user data, device and browser data, log data and data on third-party provider integrations, if any, will be collected. If you participate using a mobile phone, SurveyMonkey will also collect the device’s UUID. In addition, at the end of the survey, you are given the option to provide your e-mail address in order to receive the results of the survey. For information on the cookies used by SurveyMonkey, on data privacy and on the period of time for which your information will be stored, please go to: https://www.surveymonkey.de/mp/legal/survey-page-cookies
17.7. For VoIP telephone conferences on computer or mobile phone, digital video conferences and webinars, we use the services and products offered by „LogMeIn, Inc., 333 Summer Street, Boston, MA, USA“ and its subsidiaries under the brand name „GoToMeeting“. If you communicate with us using these services or products, any information you provide as a user, such as name, contact data etc., information on the device and software you use these services, such as your device’s IP address, the version of your operating system, the device code, the browser type and information on your location and the time and duration of use may be processed. In addition, biometrical data such as your voice, your face or other physiognomic features may be processed. The computers used by “LogMeln” to process the personal data (the cloud), are at unspecified locations within and outside the EU and the data entered by the users may be transmitted to other unspecified third parties. For more information, please go to: https://www.logmeininc.com/de/legal/privacy/us
17.8. For stationary and mobile VoIP teleconferencing, digital video conferencing and webinars we use services and products provided by Zoom Video Communications, Inc.,55 Almaden Boulevard, 6th Floor, San Jose, CA 95113 USA. If you communicate with us using these services or products, any information you provide as a user, eg. name, contact data, etc.; information about the device and the software used to access these services, such as the device’s IP address; the version of operating system used; the device code; the browser type; and information on the location, time and duration of use, may be processed. In addition, biometric data such as your voice, your face or other physiognomic features may be processed. The computers used to process the personal data (‘the cloud’) are at unspecified locations within and outside the EU and the data entered by users may be transmitted to other unspecified third parties. For more information, please see:
Chat records may be logged. This may particularly be the case when work instructions, questions to be answered later or other matters arise from the chat. In the course of this, only comments directed at all participants or to the organisers of the web meeting are logged. Private information passed to another participant is not logged.
17.9. For the cloud-based group work and group communication, we use the software products "Jira" and "Confluence", which are provided by „Atlassian, Inc., 350 Bush Street, San Francisco, CA 94104“. We make this software available to our members for use. The users may process all kinds of data (or have them processed), including without limitation personal data. In order to gain access to the software products, the user transmit their data, including their names and e-mail address, to Atlassian. The computers used by “Atlassian” to process the personal data (the cloud), are at unspecified locations within and outside the EU and the data entered by the users may be transmitted to other unspecified third parties. For more information, please go to: https://www.atlassian.com/de/legal/privacy-policy
17.11 In some cases we use CleverReach to send our newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service for organising and analysing newsletter mail-outs. The data provided by you for the purpose of receiving the newsletter (eg. email address) is stored on the CleverReach servers in Germany or Ireland.
The newsletters sent via CleverReach enable us to analyse how the newsletters are received. We can analyse who opens which newsletters and which links in the newsletter are clicked. With the help of so-called ‘conversion tracking’ we can also analyse whether, after clicking a link in a newsletter, a pre-defined action (eg. registering for an event) is taken. More information about data analysis with CleverReach newsletters can be found at: www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Your data is processed on the basis of your permission (Art. 6 Para. 1 (a) General Data Protection Regulation GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter. The legality of the data processing procedures which have already been carried out is not affected by your withdrawal.
If you do not wish any analysis to be carried out by CleverReach you need to unsubscribe from the newsletter. There is a link given in every newsletter for this purpose. You can also cancel your subscription to the newsletter directly on the website.
The data provided by you in order to receive the newsletter is stored by us until you unsubscribe from the newsletter and is deleted from our servers and from the CleverReach servers after you cancel your subscription. Data stored by us for other purposes (eg. email addresses for the members’ area) is not affected by this.
Our websites contain electronic links (hyperlinks) to the electronic information and communication services of third-party providers (services). By clicking on these hyperlinks, the visitors of our website are referred to these services. The use of these services initiated as described above is likely to result in their providers or other third parties collecting personal data such as your IP address. SPECTARIS is not responsible for the contents of these services nor for the collection of personal data by the providers of these services or by other third parties that may be caused by clicking on the hyperlink.