CELIS Institute Data Protection Statement for Events, E-learning, Trainings or Other Services, except for the Website
by Steffen Hindelang and Jens Hillebrand Pohl (hereafter referred to together as the “CELIS Institute” as of 09 May 2021
Who is responsible for data-processing and whom can I contact?
The organisation involved is:
c/o Steffen Hindelang
You can contact our data protection officer at:
c/o Steffen Hindelang
Att. Data protection officer
What data do we process and for what purpose?
We process personal data that we receive either from you yourself in the course of our business relationship or from another legitimate source (e.g. your employer, your professional association) insofar as they are necessary for us to provide our services to you.
We process or use the types of personal data listed below for the following purposes:
To implement our academic and other events or to provide e-learning or trainings or other services we need your name and contact details (address, telephone number, e-mail, etc.) and information about your professional group in order to admit you to an event and to ensure the smooth running of the event. We register your participant and/or training details as necessary either electronically or in printed form.
Publication in participant and check-in lists
For its events the CELIS Institute draws up lists of participants and provides these to participants within the framework of the event. They serve in particular to promote professional networking and are part of the event documentation. A list of participants may also be provided to the funders of an events if (co-)funded by them.
Usually a participant list contains:
- Title, first name and surname
- Professional title
You can object to the inclusion of your data in the list of participants or specify that particular data should not be included in the list. Should this be the case please contact us when registering your participation, at the latest one week before the event takes place. For (co-)funded events this is not possible.
Use of your e-mail address for transmitting information
If you register for an event or other services you will receive our newsletter or info-mails, we will use your e-mail address to provide information about the CELIS Institute until you cancel your subscription. You will only receive regular information about our events and services and occasionally e-mails relating to a specific event, for example an invitation to the annual CELIS Forum.
You can withdraw your consent for us to send you newsletters or info-mails with future effect at any time.
Other data processing (website)
The use of our website is generally possible without revealing any personal data. Should personal data be collected on our pages (for example name, address, or e-mail address) this is purely voluntary and as a rule only for the implementation of the services you have expressed interest in and for further correspondence. You will find further details relating to the website here: https://www.celis.institute/data-protection/
Other data processing (Microsoft Forms)
We have expanded our use of Microsoft 365, and in particular Microsoft Forms, to enable the CELIS Institute to quickly and easily create forms and perform surveys and questionnaires.
Personal data is processed, i.e. collected and stored in Microsoft’s cloud servers, for the purpose of providing the above-mentioned services.
It will not be used for any automated decision-making, including profiling.
The data collected about you is dependent on whether you are an owner or a respondent.
Owners have access to Forms and can either individually or in collaboration with other owners directly create and distribute surveys, forms and questionnaires.
Respondents are people who have received a survey, form or questionnaire powered by the Forms service from an owner with a request to complete it.
The owner will be able to see your personal data, like your name, your email address, the date and time you opened the form and the date and time you submitted the form.
Usage information is recorded. Form data (questions and responses) is stored in the Microsoft cloud. Access to the submitted responses is available to owners only. Unless there is a legitimate interest in retaining them for longer (see above), the owner will delete all responses within one year of the form’s completion. If you are a respondent, you can ask the owner how long your responses will be stored in Forms.
What is the legal basis for our processing of your data?
We process your data in line with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
Compliance with contractual obligations (Art. 6.1.(b) GDPR)
This relates to the processing of data for the purposes of implementing an event, providing training or other services within the framework of our contracts with participants, speakers, service providers etc. The nature and extent of data processing depends on the specific purpose of the contract.
On the basis of your consent (Art. 6.1.(a) GDPR)
Consent to process personal data is required in particular to send you information. Your consent can be withdrawn at any time. This includes the withdrawal of any consent given before the coming into force of the GDPR, i.e. 25 May 2018. Withdrawing consent does not affect the legality of any data processing before this date.
If it is in the legitimate interests of the CELIS Institute (Art. 6.1.(f) GDPR), to comply with a legal obligation (Art. 6.1.(c) GDPR) or to perform a task in the public interest (Art. 6.1.(e) GDPR)
For example, the recording or processing of personal data is permitted in the form of closed circuit TV in the underground carpark to prevent or investigate criminal offences, in order to assert or defend against legal claims, for measures to develop our services or in order to comply with business or fiscal obligations to maintain records.
Who has access to my data?
Within the CELIS Institute only those units or persons who need your data to conduct the business relationship or to provide the services you require have access to them. Should the CELIS Institute have recourse in this context to external service providers, their access is strictly limited to what is needed to fulfil the contract or to provide the service. Through technical, organisational and legal measures we ensure that data protection regulations are also adhered to by our external service providers.
Insofar as external funders make the provision of funding for an event conditional on the receipt of participant details, participation in such an event implies consent for us to pass on your data.
How long will my data be stored?
The CELIS Institute processes and stores your personal data as long as this is necessary for its contractual or legal obligations, or as long as we have your consent.
Is data transferred to a third country?
Your data is processed exclusively within the EU.
What are my data protection rights?
Any affected person has the right of access (Article 15 GDPR), the right to rectification (Article 16, GDPR), the right to erasure (Article 17 GDPR), the right to restrict processing (Article 18 GDPR), the right to object (Article 21 GDPR) and the right to transfer their personal data (Article 20 GDPR). Certain restrictions apply to the right of access and the right to erasure (§§ 34, 35, BDSG).
Do I have an obligation to provide data?
Within the framework of our business relationship you must provide the personal data necessary for us to conduct this relationship or that we are legally obliged to collect.
Amendments to this data protection statement
The date of applicability of this data protection statement is indicated above. The CELIS Institutes reserves the right to amend this statement at any time with future effect. The currently applicable version can always be consulted on our website. We recommend that you inform yourself regularly of any amendments.