Information on data processing in accordance with the General Data Protection Regulation (GDPR).
I. General Information
1. Controller 2. Joint controllers at events 3. Data Protection Officer
II. Information on personal data that are processed by SPECTARIS
4. Purpose of data processing and legal bases 5. Categories of personal data that are processed 6. Recipient categories 7. Periods for which your data will be stored 8. Rights of data subjects 9. Right to withdraw consent, right to object 10. Right to lodge a complaint with a supervisory authority 11. Sources
III. Information on personal data processed by SPECTARIS and by third parties when you use the functions of this website, by communication services and processors; Information on possible threats if the data are transmitted to third countries
12. Contact form, newsletter and subscription 13. Cookies and plug-ins 14. Communication services 15. Transmission to third countries, information on possible threats 16. Consent 17. Individual processors and companies 18. Hyperlinks
1. Controller, contact data
The controller for the processing of personal data by SPECTARIS is „SPECTARIS - Deutscher Industrieverband für Optik, Photonik, Analysen- und Medizintechnik e.V.“ (hereinafter referred to as: SPECTARIS).
Werderscher Markt 15 D-10117 Berlin Telephone +49 (0)30 41 40 21-0 Fax +49 (0)30 41 40 21-33 E-mail: info www.spectaris.de
2. Joint controllers at events, contact data
SPECTARIS informally supports services offered by SPECTARIS GmbH the latter provides in connection with events recommended by SPECTARIS. SPECTARIS and SPECTARIS GmbH process personal data related to such events as joint controllers and jointly fulfil the obligations towards the data subjects stipulated in the GDPR regarding these data. This data protection information apply to SPECTARIS GmbH to the extent indicated.
Contact data of SPECTARIS GmbH:
3. Data protection officer, contact data
SPECTARIS Data Protection Officer
Werderscher Markt 15 D-10117 Berlin Telephone: +49 (0)30 41 40 21 - 19 Fax: +49 (0)30 41 40 21 - 33 E-mail: datenschutz
The data protection officer is the point of contact for all data topics regarding the processing of their personal data that was made jointly with SPECTARIS GmbH as stipulated in no. 2 above.
II. Information on personal data that are processed by SPECTARIS
4. Purpose of data processing and legal bases
4.1. SPECTARIS processes personal data as follows
• in order to promote the purpose of its association in accordance with section 2 of its articles of association, namely to support the industrial sectors of optic, medical and mechatronic technologies, in this case in particular the areas of consumer optics, photonics, medical technology, biotechnology and laboratory technology. Such support is provided, without limitation, by informal, communicative and organisational measures such as the exchange and provision of information, of contacts and of market access, actors’ and interested parties’ networks, organisation of events and public relations. Such support is mainly provided to the SPECTARIS member companies and their employees, to actors and interested parties of the stated sectors, other market participants, scientists, politicians, public authorities, the society and the general public.
• in order to establish, manage or terminate memberships;
• in order to establish, manage or terminate employments;
• in order to establish, manage or terminate other contractual relationships;
• in order to comply with statutory obligations related to the above-stated purposes, e.g. regulations on taxes, social insurance, regulatory authorities or regulative law.
4.2.SPECTARIS GmbH processes personal data collected in accordance with no. 2 above for the organisation and communication of and invitation to events.
4.3. The data are processed for the purposes stipulated in no. 4.1 and 4.2 as follows
• based on the data subject's consent (cf. Article 6(1)(a) of the GDPR),
• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (cf. Article 6(1)(b) of the GDPR),
• processing is necessary for the purposes of the legitimate interests pursued by SPECTARIS or by a third party (cf. 4.4), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (cf. Article 6(1)(f) of the GDPR), or
• processing is permitted or required based on other legal provisions.
4.4. SPECTARIS’ legitimate interests include, without limitation, the promotion of the above-stated purpose of the association.
SPECTARIS GmbH’s legitimate interests include, without limitation, the promotion of its company purpose, in particular the organisation of events recommended by SPECTARIS.
Legitimate interests of third parties include, without limitation, the interests of SPECTARIS’ member companies and their employees as well as the interests of persons and companies in the industrial sectors of optic, medical and mechatronic technologies that are informed and supported by and included in networks of economic, scientific, political actors, public authorities and the society and consumers relating to the economic sectors represented by SPECTARIS, to the technology produced in these sectors and related developments, progress and subsidy tools.
In addition, legitimate interests of third parties include the interests of contractual partners of SPECTARIS and SPECTARIS GmbH, including their employees, to initiate or execute contractual relationships with SPECTARIS relating to or in connection with the promotion of the purpose of the association and/or relating to the organisation of and participation in events.
5. Categories of personal data that are processed
Names of company, names and other designations of natural and legal persons, their contact data (such as addresses, telephone and fax numbers, e-mail addresses, etc.), the data necessary for payment transactions (such as banking and account data, etc.), data required for financial and payroll accounting (such as date of birth, tax or social insurance numbers) and other personal data service the purpose of processing stipulated in no. 4 above.
In case (digital) services and media for direct and indirect communication with and without audio and video functions (telephone and video conferences, videotelephony, webinars, web conferences, newsletters, etc.) are used, including:
• personal data disclosed by the participants such as information on the device and software with which they use these services, e.g. the IP address of their end device, the version of the operating system, the device code, browser type and information on their location and duration of the use;
• personal data that are part of the contents of the communication to the extent they result from the chat history and the chat history is logged because, for example, work instructions or questions to be answered at a later time result therefrom;
• biometrical data of natural persons (including without limitation voices and faces or other physiognomic features).
6. Categories of recipients, processors
6.1. Natural and legal persons with which SPECTARIS cooperates, communicates or is contractually or otherwise connected in order to promote the purposes of processing stipulated in no. 4, including without limitation SPECTARIS member companies, their employees and the third parties mentioned therein and the general public.
6.2. SPECTARIS uses processors, including without limitation for its electronic communication. These processors include without limitation providers of communication services, of databases or communication software and providers of cloud services for the hosting of such software. For such purpose, personal data will be transmitted to these processors to the extent necessary. These processors are subject to SPECTARIS’ instructions regarding the manner in which these data are processed and are obliged to erase these data after completion of the communication purpose and/or upon SPECTARIS’ instructions, unless otherwise regulated by statutory provisions or by instructions given by public authorities based on such provisions. In addition, there may be other regulations for processors whose registered office is not in an EU member state. These different regulations are expressly stated in no. III.
7. Periods for which your data will be stored
SPECTARIS stores personal data for as long as the data subject gave their consent and/or the data are necessary to fulfil the purpose of processing and as stipulated, required and/or permitted in accordance with the legal bases stated in no. 4.
If these requirements cease to exist, the data will be erased.
The storage period and erasure of the data are subject to the condition precedent that there are no statutory regulations requiring or permitting otherwise regarding their retention or erasure.
8. Rights of data subjects
The data subjects whose personal data are processed have a right of access to their personal data, to rectification, erasure, to restriction of processing and to portability thereof.
9. Right to withdraw consent, right to object
Data subjects who gave their consent to the processing of their personal data by SPECTARIS may withdraw such consent at any time.
To the extent these data are processed in SPECTARIS’ or any third party’s legitimate interests, the data subjects are also entitled to object to such processing on grounds relating to their particular situation.
Such objection is to be made in writing or in text form and to be directed to SPECTARIS to the contact data stipulated in no. I(1).
10. Right to lodge a complaint with a supervisory authority, legal remedies
Data subjects are entitled to lodge a complaint with a supervisory authority in the member state of their place of residence, their workplace or of the place where the presumed violation occurred, if they are of the opinion that the processing of their personal data is a violation of the GDPR. In addition, they have the right to an effective judicial remedy where they consider that their rights under the GDPR have been infringed as a result of the processing of their personal data in non-compliance with the GDPR.
SPECTARIS processes personal data as follows
• based on the information provided by the data subject and/or by the recipients as stipulated in no. 6, including without limitation with regard to the communication relating to the promotion of the purpose of the association such as communication via electronic means, mail or personal contact (business cards) to the extent such communication is not expressly or clearly made for purely private purposes;
• from public sources, including without limitation lists containing information on companies, public authorities or persons which are made public either voluntarily or based on statutory provisions, e.g. the company information on websites or in social media or public registers/lists.
III. Information on personal data processed by SPECTARIS and by third parties when using the functions of these websites, by communication services and processors; Information on possible threats if the data are transmitted to third countries
12. Contact form, newsletter and subscription
Data entered into our contact form (https://www.spectaris.de/verband/kontakt), for the subscription to our newsletter (https://www.spectaris.de/verband/newsletter-verband) or for the registration of a user account (https://www.spectaris.de/registrierung) will be processed by SPECTARIS under the circumstances stipulated in nos. 1-11 above.
13. Cookies and plug-ins
The programs showing our website on the domain https://www.specctaris.de and its sub-domains when these pages are visited using a web browser and that are stored on our web server (our websites), use so-called cookies and plug-ins. Cookies and plug-ins are files or functions that are able to place or exchange information between our website and/or web server and the visitor’s web browser, and/or programme elements placed on our website by the operators of other websites, e.g. social media, which establish a connection to the servers of these operators of other websites and thus the exchange of information collected during the visit on our website, such as IP addresses. These cookies and plug-ins are provided by the processors and companies stated in no. 17 and the use thereof is the basis of the processing of data by these processors and companies.
14. Communication services
We use the services of the processors and/or companies listed in no. 17 for the purposes of communication in accordance with no. 6.2 and no. 12. These processors and/or companies process the personal data indicated in no. 5 and no. 13 for such purposes, including without limitation the data entered into the registration form for one of our events (https://www.spectaris.de/verband/termine).
15. Transmission to third countries, information on possible threats
Data processing activities as stipulated in no. 13 and no. 14 include the transmission of data to processors and companies whose seat is not in one of the EU member states (third countries).
Please note that this may include processing of personal data such as IP addresses or biometrical data beyond our sphere of influence (e.g. profiling). These processing activities are subject to the statutory provisions applicable in that third country. There is neither an adequacy decision by the EU Commission nor are there suitable safeguards in accordance with the GDPR. This means that there are general legal and actual risks for the data subject, including without limitation, regarding the establishment and exercise of legal claims and rights, in particular with regard to their personal data.
We subjected the data processing stipulated in 12-15 above to your express consent (by clicking on a designated button).
In addition, we use plug-ins of social media providers only in connection with a so-called „ePrivacy Keeper-solution“. This application prevents the plug-ins from transmitting data to the providers as soon as you enter our website. After you activated the plug-in by clicking on the relevant button, the direct connection to the provider's server will be established (consent).
In addition, you may prevent the installation of cookies by adjusting the relevant settings of your browser. In order to prevent the installation of cookies, please select “do not accept cookies” in your browser settings. If the browser does not accept any cookies, you may not be able to fully use all functions offered by our website.
17. Individual processors and companies
17.3. This website uses the open source web analysis service Matomo. Matomo is an open source platform, distributed by the main developers listed at https://matomo.org/team/. We use Matomo in a self-hosted version. Matomo does not use any cookies. The IP address is anonymised before it is transmitted. The operator of the website has a legitimate interest in the anonymised analysis of the user behaviour in order to optimise its website and marketing activities. Such information on the use of that website will not be disclosed to any third party.
17.5. Our website uses plug-ins provided by YouTube for the integration and presentation of video contents. The operator of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages where a YouTube plug-in is included, a connection to the YouTube servers will be established, and YouTube is informed of the pages you accessed. YouTube is able to link your browsing behaviour to your personal profile if you are logged into your YouTube account. You may prevent this by first logging out from your YouTube account. We are not informed of the contents of the transmitted data and their use by YouTube.
17.6. For surveys, we use the services offered by SurveyMonkey Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge, Dublin 4, Ireland, a company of SurveyMonkey Inc., 1 Curiosity Way, San Mateo, California 94403, USA. For information on the cookies used by SurveyMonkey, on data privacy and on the period of time for which your information will be stored, please go to: https://www.surveymonkey.de/mp/legal/survey-page-cookies
17.7. For mobile and non-mobile VoIP telephone conferences, digital video conferences, webinars and cloud-based group work and group communication, we use the following services and products:
(a) Those provided by LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland and/ or by LogMeIn, Inc., 333 Summer Street, Boston, MA, USA and its subsidiaries under the brand name „GoToMeeting“. The computers used by “LogMeln” to process the personal data (the cloud), are at unspecified locations within and outside the EU and the data entered by the users may be transmitted to other unspecified third parties and may be processed for other unspecified purposes. For more information, please see: https://www.logmeininc.com/de/legal/privacy/us
(b) Those provided by Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. The computers used to process the personal data (the cloud), are at unspecified locations within and outside the EU and the data entered by the users may be transmitted to other unspecified third parties and may be processed for other unspecified purposes. For more information, please see: https://zoom.us/docs/de-de/privacy-and-legal.html
(c) The services "Jira" and "Confluence", offered by, among others, Atlassian, Inc., 350 Bush Street, San Francisco, CA 94104. The computers used by “Atlassian” to process the personal data (the cloud), are at unspecified locations within and outside the EU and the data entered by the users may be transmitted to other unspecified third parties and may be processed for other unspecified purposes. For more information, please go to: https://www.atlassian.com/de/legal/privacy-policy
17.9 For the analysis, organisation and the sending of newsletters, we use the service “CleverReach“ by CleverReach GmbH &Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede. For more information about data analysis by using CleverReach newsletters please go to: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
For more information about the CleverReach data protection regulations, please go to: https://www.cleverreach.com/de/datenschutz/
17.10 For work processes, the exchange of information and communication with and between our function owners and employees, our members and their function owners and employees as well as with third parties for the purposes of our association, we use our own, association-related network „myspectaris“. For such network, we use the cloud and communication services „tixxt“ by mixxt GmbH, Adenauerallee 134, 53113 Bonn (cf: https://www.tixxt.com/ ). When using these services, the personal data of the participants and of third parties will be processed, including without limitation names, contact data, biometrical data such as pictures and voices, all data generated by the participants themselves as well as technical data with personal references (e.g. in order to enable the services). Services provided by other service providers are embedded in the services. For mixxt GmbH’s information regarding the services „tixxt“, please go to: https://www.tixxt.com/genesis/legal/terms/
Our websites contain electronic links (hyperlinks) to the electronic information and communication services of third-party providers (services). By clicking on these hyperlinks, the visitors of our website are referred to these services. The use of these services initiated as described above is likely to result in their providers or other third parties collecting personal data such as your IP address. SPECTARIS is not responsible for the contents of these services nor for the collection of personal data by the providers of these services or by other third parties that may be caused by clicking on the hyperlinks.