Privacy Policy

Privacy Policy for www.dhgev.de

Thank you for visiting our homepage. Your privacy matters to us. We are happy to inform you on how we use your data when you visit our website. Protecting privacy means protecting a fundamental right. And fundamental rights are important to us.

1. Definitions

The Privacy Policy at Deutsche Huforthopädische Gesellschaft e.V. uses the same terminology as EU directives and regulations in adopting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be accessible and easy to read. Therefore, we would like to explain the terminology used.

Personal data: “Personal data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject: A data subject is any identified or identifiable natural person whose personal data has been processed.

Processing: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: “Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling: “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation: “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor: “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent: “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Collection of data

The Deutsche Huforthopädische Gesellschaft e.V. website collects data on each visit by an individual or automated system. This series of generalised data and information is stored in the logfiles on the server. The following data may be collected:

a) Browser types and versions used

b) Operating system used by the system accessing the website

c) Referrer website linking the visitor to our website

d) Pages accessed by the device visiting the website

e) Date and time of the visit to the website

f) Internet Protocol address (IP address) of the visitor

g) Internet service provider of the visitor

h) Other data and information of a similar type required for security in the event of attacks on our information technology systems

We will not draw any conclusions on the person visiting our website from this general data and information. We require the information for the following purposes:

a) Proper presentation of content on our website

b) Optimisation of website content as well as outreach for our website

c) Sustained availability of our information technology systems and technology hosting our website

d) Assistance with the necessary information for law enforcement agencies investigating a possible cyber attack

We will use the anonymous data and information collected for statistical evaluation to increase data privacy and security in our company with the ultimate aim of optimising the protection of personal data that we process. The anonymous data from server logfiles are stored separately from any personal data specific to a data subject.

3. Legal or contractual provisions for submitting personal data; necessity for contract conclusion; obligation of data subjects to submitting personal data; possible consequences of failure to submit

The following explains that submission of personal data may be a statutory requirement, such as in tax law, or may arise from contractual agreements, such as information on a contract party. Sometimes contract conclusion may require a data subject to submit personal data that we then need to process. The data subject may need to provide us with personal information for our organisation to conclude a contract with the data subject, and failure to do so would prevent conclusion of the contract with the data subject. The data subject must then contact our data protection officer before submitting personal data. Our data protection officer will explain to the data subject whether the personal data will be required by law or contract or for contract conclusion, whether there is a requirement to submit the personal data, and what consequences would be if the data subject failed to provide the personal data, all depending on the case at hand.

4. Contact options using the website or forum

According to statutory requirement, our website includes information to enable rapid electronic contact to our company as well as direct communication with us; this includes a general address for contact by computer, that is, an e-mail address.

Any personal information provided by the data subject will be stored automatically when a data subject uses e-mail or contact form to contact the controller responsible for processing. Any personal data voluntarily transmitted by a data subject to the controller will be stored for processing or contacting the data subject. The personal data will not be transmitted to third parties.

You may start or join a discussion, ask questions or post images to our forum. By participating, you agree that your posts will be publicly accessible to third parties on the Internet, and may be commented on. To this end, we store personal data including posts from all forum members on our servers. These servers are located in Germany. DHG e.V. signs processing contracts with any third parties as IT service providers able to access to these servers for personal data processing, and is satisfied as to the contractor’s proper processing and data security on site as well as in handling the data. These IT service providers are bound to confidentiality.

5. Cookies

We use cookies on various pages on our website to improve usability and user experience, and to enable certain features to be used by our website visitors. Cookies are small text files stored on your computer. Some of the cookies we use will be deleted after the browser session, meaning after you close your browser. These are referred to as session cookies.

Other cookies will remain on your device and allow us to recognise your browser on your next visit on our website. These are referred to as persistent cookies. You may configure your browser to notify you on the use of cookies and allow you to decide individually on whether you would like to accept or always reject cookies for specific cases. Note that if you choose to reject cookies, you may not be able to use all the features on our website.

6. Social plugins by Facebook using the two-click solution

Our website uses what are referred to as social plugins from the Facebook social network. This service is provided by Facebook Inc (the vendor).

Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). An overview of Facebook plugins and their appearance is available on wbs.is/rom90.

These plug-ins are integrated into our website using what is referred to as a two-click solution in order to increase your privacy when you visit our site. This integration prevents any connection with Facebook servers when visiting a page containing the plugin on our website. Your browser will not connect directly to Facebook servers unless you activate the plugin and give your consent to having your data transmitted to them. The plugin’s content will be transmitted to your browser for direct integration into the website. By integrating the plugin, Facebook will receive information that your browser has accessed the corresponding page on our website even if you do not have a Facebook profile or are not currently logged in to Facebook. This information, including your IP address, will be transferred directly from your browser to a Facebook server in the US and stored there. Clicking a plugin button such as the Like button will also transfer the corresponding information directly to a Facebook server and store it there, and the information will also be published on your Facebook page for your Facebook friends to see. Refer to Facebook’s privacy notices for the purpose and scope of data collection and further processing as well as use by Facebook and your rights and configuration options in protecting your privacy. Click the following link for the Shariff solution: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

We have included links to the following companies using the Shariff solution:

Facebook Inc (1601 S. CA Ave - Palo Alto 94304 - CA - USA)
However, you should always follow the following notes:

Privacy statement on using Facebook plugins without the Shariff solution

The following applies to social plugins from the facebook.com social network operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook): These plugins are identifiable by their Facebook logo or Facebook social plugin.

Your browser will form a direct connection to Facebook servers when you visit a page on a website that contains a corresponding social plugin. Facebook transmits the plugin’s content to your browser for direct integration into the website. The integrated plugin sends Facebook information that you have accessed the corresponding page on our website. Facebook may directly link your visit to your Facebook profile if you are logged in to Facebook. Interacting with the plugin by clicking the Like button or leaving a comment will transfer the corresponding information from your browser directly to a Facebook server and store it there. Refer to Facebook’s privacy notices for the purpose and scope of data collection and further processing as well as use by Facebook and your rights and configuration options in protecting your privacy. Log out of Facebook before visiting our website if you would prefer not to have Facebook collecting information about you on our website.

7. Embedded videos and images – YouTube and Instagram

Some of our pages include embedded content from YouTube or Instagram. The only data your browser will send will be your IP address without any data that could identify you if you only view an embedded YouTube video or Instagram image on our website. YouTube will send your IP address to Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043 (Google); Instagram will send it to Instagram Inc, 181 South Park Street Suite 2, San Francisco, CA 94107, USA.

8. Google Analytics, Google Tag Manager, Google Maps

This website uses Google Analytics, a web analysis service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Use includes universal analytics mode, which makes it possible to assign data, sessions and interactions across multiple devices in a pseudonymous user ID and analyse the visitor’s activity across devices.

Google Analytics uses what are referred to as cookies – text files that are stored on your computer to allow us to analyse how you use our website. Cookies store information on how you use our website, which is then usually transferred to Google’s servers in the US for storage. In the case of IP anonymisation activation on this website, Google will truncate/anonymise the last octet of the IP address for member states of the European Union as well as for other parties to the Agreement on the European Economic Area. The full IP address will only be sent to and shortened by Google servers in the USA in exceptional cases. Google will not link your IP address in the Google Analytics service with any other data held by Google. Google will use this information to analyse your use of our website, compile reports on website activities for the webmaster, and provide additional services involving website and Internet use as commissioned by this website's webmaster. This purpose reflects our legitimate interest in processing the data. German Telemedia Act (TGM) §15 para. 3 and GDPR Art. 6.1 (f) provide the legal basis for using Google Analytics.

Data sent by us and linked to cookies, user IDs and advertising IDs will be deleted automatically after 14 months. Data will be automatically deleted once a month after reaching the end of the corresponding retention period. Refer to the following links for Google’s Terms of Use and Privacy Policy: <a href=https://www.google.com/analytics/terms/ target="_blank">https://www.google.com/analytics/terms.html</a> and <a href=https://policies.google.com target="_blank">https://policies.google.com</a>

You may prevent your browser from storing cookies using the appropriate settings in your web browser software; however, if you should choose to do so, note that you may not be able to use the website’s functionality to its full extent. You may also prevent Google from collecting and using data, including your IP address, by downloading and installing this http://tools.google.com/dlpage/gaoptout browser addon. Opt-out cookies prevent your browser from collecting your information when you visit this website. You will need to install the opt-outs on all the devices you use if you wish to avoid detection by Universal Analytics completely.

Click here to install the opt-out cookie: Disable Google Analytics

This website uses Google Tag Manager. Google Tag Manager is a solution that marketers use for managing website tags by user interface. The Tag Manager tool itself implements the tags using a domain without cookies, and does not collect any personal data. The tool triggers other tags. Google Tag Manager does not access this data. Any deactivation at domain or cookie level will remain active for tracking tags implemented using Google Tag Manager.

Google Maps

This website uses Google Maps to display interactive maps and create route plans. Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps may send information on how you use this website, including your IP address, and the (starting) address you have entered for the route planner to Google in the US. Your browser will connect directly to Google’s servers if you visit a page on our website that includes Google Maps. Google will transmit the map content to your browser for direct integration into the website. We have no control over the amount of data that Google collects in this way. As far as we know, the data will at least include:

· Date and time of your visit to the corresponding website

· Web address or URL of the page you have visited

· IP address

· Starting address entered for route planning

We have no control and can therefore accept no responsibility for any further processing or use of data by Google.

You will need to deactivate JavaScript in your browser if you prefer not to have Google collect, process or use your personal data on our website. However, you will not be able to use the Google Maps feature if you do so. Refer to Google’s privacy notices for the purpose and scope of data collection and further processing as well as use by Google and your rights and configuration options in protecting your privacy.

By using this service, you agree to the collection, processing and use of data automatically collected by Google Inc., their representatives and other third parties. See http://www.google.com/intl/de_de/help/terms_maps.html for the Terms of Use for Google Maps. See also google.de for details on Google’s privacy policy: Privacy & Terms [nur 1 Link funktioniert].

9. SSL encryption

This site uses SSL encryption for security and protection in transmission of sensitive content, such as when you send requests to the website owner. An encrypted connection is clearly marked as such by the address field in your browsers showing a padlock icon and https:// in front of the address instead of http://. Once SSL encryption has been activated, the data you submit to us cannot be read by a third party.

10. Announcement of changes

Changes in law or our internal processes may require alterations in our Privacy Policy. We will notify you at least six weeks before any such change enters into force. You may always revoke any consent you have given (No. 6).

Remember that the current version of the privacy policy always applies if you do not exercise your right to revocation.

11. Updating and deleting your personal data

You may review, change or delete the personal data you have submitted to us at any time by sending us an e-mail at info@dhgev.de. If you are on our membership list, you may also refuse to accept any further information in the future by the same means.

You may also revoke any consent you have granted at any time with effect for the future. We will delete any information we have stored on you if you withdraw your consent to storage.

The controller will only process and store personal data of the data subject for the period of time necessary to achieve purpose of data storage, or according to European directives or regulations or other laws or regulations to which the controller is bound.

Personal data will be restricted for processing or deleted routinely and as required by law once the purpose of storage ceases to apply or the retention periods set by European directives or regulations or other legal statutes have expired.

12. Rights of data subjects

EU directives and regulations grant every data subject the right to obtain verification from the controller as to whether the controller is processing personal data on the data subject. Data subjects wishing to exercise this right to verification may contact our data protection officer or other employee of the controller at any time.

EU directives and regulations grant every data subject the right to request disclosure on personal data stored as well as a copy of the disclosure at any time without cost to the data subject. In addition, EU directives and regulations grant every data subject the right to disclosure on the following information:

- Purpose of processing

- Categories of personal data processed

- Recipients or categories of recipients for personal data in the past, present or future, especially if the recipients are based in countries not subject to the GDPR or international organisations

- If possible, the planned storage duration for the personal data, or, if this is not possible, the criteria determining this storage duration

- The existence of a right to correct or delete personal data concerning the data subject, or restriction on processing by the controller, or the right to object to processing

- Right to lodge a complaint with a regulatory body

- For personal data sourced from a party other than the data subject: All available information on the origin of the data

- The existence of automated decision-making including profiling according to GDPR Art. 22.1 and 22.4 and, at least in these cases, meaningful information on the logic involved, and the scope and the desired impact of this processing on the person concerned

Apart from that, data subjects may request information on any personal data transmitted to a country not subject to the GDPR or an international organisation. If so, the data subject may also request information on the appropriate safeguards used in transmission.

Data subjects wishing to exercise this right to disclosure may contact our data protection officer or other employee of the controller at any time.

EU directives and regulations grant every data subject the right to request immediate correction of incorrect personal data on the data subject. Apart from that, the data subject may request that incomplete personal data be completed, taking the purpose of processing into account; this may also involve a supplementary declaration.

Data subjects wishing to exercise this right to correction may contact our data protection officer or other employee of the controller at any time.

EU directives and regulations grant every data subject the right to request immediate deletion from the controller as long as one of the following circumstances applies and where no processing is necessary:

- Personal data no longer needed for the original purpose of collection or processing in some other form

- Withdrawal of consent by the data subject for the personal data to be processed according to GDPR Art. 6.1 (a) or Art. 9.2 (a) without any other legal justification for processing

- Objection by the data subject to processing according to GDPR Art 21.1 with no prevailing legitimate reason for processing, or objection to processing by the data subject according to GDPR Art. 21.2

- Unlawfully processed personal data

- Need to delete personal data for compliance with a legal obligation under EU or member state law to which the controller is bound

- Personal data collected in relation to the offer of information society services according to GDPR Art. 8.1

Any data subject may contact the controller at any time if one of the above reasons applies and the data subject wishes to have the personal data stored at our company deleted. The data protection officer or another charged with data protection at Deutsche Huforthopädische Gesellschaft e.V. will immediately have this request for deletion fulfilled.

If Deutsche Huforthopädische Gesellschaft e.V. has published personal data and our company is the controller according to GDPR Art. 17.1 with the obligation to delete the personal data, Deutsche Huforthopädische Gesellschaft e.V. shall take the necessary technical and organisational measures subject to current technological and implementation costs such that another controller responsible for processing the published personal data is aware that the data subject has requested from this other controller that all links to this personal data or copies or duplicates of this personal data be deleted as long as processing is not necessary. The data protection officer or another employee shall take the necessary action on a case by case basis/in each individual case.

EU directives and regulations grant every data subject the right to request restriction on processing the personal data on the data subject from the controller as long as one of the following conditions applies:

- The data subject contests the accuracy of personal data on the data subject allowing enough time for the controller to verify the accuracy of the personal data

- Processing is unlawful and the data subject rejects the deletion of personal data, instead requesting a restriction on the use of the personal data

- The controller no longer requires the personal data for the purpose of processing, but the data subject requires the personal data to exercise or defend legal claims

- The data subject has lodged an objection to processing according to GDPR Art. 21.1, and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject

The data subject may contact the controller at any time if any of the above conditions applies and a data subject requests restriction on the processing of personal data stored at Deutsche Huforthopädische Gesellschaft e.V. The data protection officer or another employee at Deutsche Huforthopädische Gesellschaft e.V. will have processing restricted on the personal data.

EU directives and regulations grant every data subject the right to request the information that the data subject has passed on to the controller to be disclosed to the data subject in a common structured and computer-readable form. The data subject may also have the controller to which the data subject submitted the personal data transmit the data to another controller without hindrance as long as the justification for processing is based on GDPR Art. 6.1 (a) or Art. 9.2 (a), or in a contract according to GDPR Art. 6.1 (b) with personal data subject to automatic processing, provided that processing is not required for the fulfilment of an obligation in the public interest or on order from a public authority to the controller.

In addition, the data subject may have his or her personal data transmitted from one controller to another controller in exercising the data subject’s right to data portability according to GDPR Art. 20.1, provided that this is technically feasible and the rights and freedoms of others are not impacted.

The data subject may contact our data protection officer or another employee at any time in order to exercise the right to data portability.

EU directives and regulations grant every data subject the right to object to further processing of personal data on the data subject according to GDPR Art. 6.1 (e) or (f) at any time for reasons arising from the specific situation of the data subject. This also applies to any profiling results based on these regulations.

Deutsche Huforthopädische Gesellschaft e.V. will no longer process personal data in the event of an objection unless we can document a legitimate interest in processing that outweighs the interests, rights and freedoms of the data subject, or further processing is essential in pursuing, exercising or defending legal claims.

The data subject may at any time object to the processing of personal data for the purpose of direct advertising by DHG e.V. This shall also apply to any profiling in connection with direct advertising. Deutsche Huforthopädische Gesellschaft e.V., represented by Dr. Konstanze Rasch, shall no longer process any personal data used for direct advertising once the data subject lodges an objection to Deutsche Huforthopädische Gesellschaft e.V., represented by Dr. Konstanze Rasch. DHG e.V. does not practise profiling.

In addition, the data subject may object to processing personal data that Deutsche Huforthopädische Gesellschaft e.V. has collected for statistical purposes according to GDPR Art. 89.1 for reasons of the specific situation of the data subject unless processing is necessary in fulfilling an obligation in the public interest.

The data subject may contact the data protection officer or an employee responsible for data protection at Deutsche Huforthopädische Gesellschaft e.V. to exercise the rights to objection. The data subject may also exercise these rights to objection by way of an automated system using technical specifications in relation to the offer of information society services irrespective of 2002/58/EC.

EU directives and regulations grant every data subject the right not to be subjected to a decision based exclusively on automatic processing – including profiling – resulting in legal consequences or otherwise substantially impairing the data subject as long as the decision:

a) Is not required for the conclusion or performance of a contract between the data subject and the controller

b) Is permissible according to the statutory regulations of the EU or member states to which the controller is bound, and these regulations include appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests

c) Occurs on the explicit consent of the data subject

If this decision:

a) Is required for the conclusion or performance of a contract between the data subject and the controller

b) Has been made on the explicit consent of the data subject, Deutsche Huforthopädische Gesellschaft e.V. shall take the necessary measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, express his or her point of view and appeal against a decision.

The data subject may any time contact our data protection officer or another employee of the controller to exercise rights with respect to automated decisions.

EU directives and regulations grant every data subject the right to revoke any consent previously granted to have personal data on the data subject processed at any time.

The data subject may any time contact our data protection officer or another employee of the controller to revoke any consent previously granted.

13. Purpose and legal basis for processing

Our company will process personal data on the legal basis of GDPR Art. 6.1 (a) where we seek consent for processing to satisfy a particular purpose. We will process personal data on the legal basis of GDPR Art. 6.1 (b) if processing is required to fulfil a contract where one contracting party is the data subject such as in processing data to supply goods or other services, or payment or reward.

The same applies to processing required to perform pre-contract activities such as processing requests for products or services.

We will process personal data on the legal basis of GDPR Art. 6.1 (c) if we are legally bound to process personal data for purposes such as fulfilling tax obligations. In rare cases, we may be required to process personal data to protect the vital interests of the data subject or another individual.

Finally, we may also process personal data on the legal basis of GDPR 6.1 (f), which refers to processing personal data not covered by any of the other provisions above as a legal basis, but to protect our legitimate interests or those of a third party where these interests outweigh the interests or fundamental rights or freedoms of the data subject. We are permitted these forms of processing as they are specifically included in the EU regulation, and a legitimate interest may be assumed if the data subject is a customer of the controller (GDPR Recital 47.2).

14. Legitimate interests in processing as pursued by the controller or a third party

Our legitimate interest to carry out our activities towards the welfare of all our employees and shareholders where we process personal data on the legal basis of GDPR Art. 6.1 (f).

15. The controller and your contact

Please contact the following persons if you have any questions on the collection, processing or use of personal information, or if you require the disclosure, correction, or deletion of data or wish to revoke any consent you may have given, or object to having your data used in a certain way:

Your contact for data protection

Deutsche Huforthopädische Gesellschaft eV
Dr. Konstanze Rasch, Gerhard Jampert

Bahnhofstraße 20
04779 Mahlis

Tel.: +49 34364 88745
Fax: +49 34364 88746
E-mail: info@dhgev.de
E-mail: jampert@jampert.de

May 2018