1. Name and contact information of the controller and corporate data protection officer
Controller within the meaning of Art. 4 (7) GDPR is:
zur Förderung der angewandten Forschung e.V.
Hansastraße 27 c,
80686 München, Germany
Telephone: +49 (0)89 1205- 0
Fax: +49 (0)89 1205-7531
on behalf of its
Fraunhofer Institute for Wood Research
Bienroder Weg 54E
38108 Braunschweig, Germany
Telephone: +49 (0)531 2155-0
Fax: +49 (0)531 2155-334
The corporate data protection officer at Fraunhofer may be reached at the above-mentioned address in Munich, c/o Data Protection Officer or at email@example.com.
Please feel free to contact the data protection officer directly at any time with your questions concerning your data protection rights and/or your rights as data subject.
2. Personal data processing and purposes of data processing
a) Event registration
If you want to register for an event, we collect the following mandatory data:
- Name, first name
- Email address
The purpose of processing the mandatory data is to identify you as event participant, to check the provided data for plausibility, to reserve a spot for your participation and to establish a contractual relationship with you.
We also require your data in order to prepare name badges and lists of participants for other participants, as applicable, and to supply you with event information before, during, and after the event. This is done to ensure optimal participation for you and to allow us to plan the event and ensure that it goes smoothly.
Further information, such as company affiliation, can be provided voluntarily. Voluntary data allow us to plan and conduct the event in accordance with participants’ interests.
We process data at your request and for the purposes described by Art. 6 (1) lit. b GDPR to fulfill the obligations of the participation agreement and to execute precontractual provisions.
We will use your email address to inform you about similar events organized by us in the future only if you have expressly consented to this use of your email address or if we have informed you thereof separately when collecting your email address and have pointed out your right to object to this use at any time. To the extent that this use is not based on consent, the processing takes place on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in notifying our participants of other events also organized by us.
In the case of events for which a fee is charged, the personal data we collect for the event are, in principle, stored until the end of the standard limitation period of three years after the end of the year in which the event was held, and the data are erased after that. In the case of free events, we erase the personal data collected by us no later than six months after the event was held. Storage beyond the respective period stated takes place only if and to the extent that:
- we are obligated to store the data for a longer period pursuant to Art. 6 (1) lit. c GDPR based on statutory obligations of storage and documentation (especially Sec. 147 of the German Fiscal Code (AO)). In this case, the data are stored only to the extent required by the retention obligation.
- you have consented to storage beyond that pursuant to Art. 6 (1) lit. a GDPR.
- we use your email address, subject to the requirements set out in Sec. 7 (3) of the German Act Against Unfair Competition (UWG), to inform you of future events by email. In this case, we store your email address and your first and last names until you object to processing for this purpose.
If you register using an online form on our website, please also see our data protection information, accessible at https://www.wki.fraunhofer.de/en/data-protection.html, that explains which data are already collected and processed as soon as you visit our website.
b) Participation in an online event
If the event in which you participate is not on-site, but rather online (e.g., via video- and/or audioconference), the following instructions shall also apply.
To conduct the online event we use a technical service provider as processor, which processes the data according to our instructions.
In connection with participation in the online event the following data may be collected:
- Access data: e.g., an individualized link through which you dial into the online event
- Content data: Contents of your contributions, e.g., in chats or in votes or files released by you. Image or sound recordings of you will be made only if and to the extent that you have separately consented to this in advance (Art. 6 (1) lit. a GDPR). The purpose as well as your consent to recording will be documented within the recording.
- Profile data: Data about yourself that you have voluntarily released in connection with the online event; for example, your name or your profile photo. Profile data are used for personalization, for tailoring contents to the interests of the public and for a more personal style of communication.
- Dial-in data: This includes, for example, the date and time of your dial-in to the conference and the time you leave it.
- Support /Feedback data: Information in connection with the handling of any troubleshooting tickets or feedback.
- Telemetry data: These include diagnostic data in connection with the use of the service, including the transmission quality. These data serve to improve troubleshooting, securing and updating technical service and its monitoring. The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interests are the provision of a secure and error-free service for online events.
Unless otherwise specified, the processing of the data is done for the technical and content-related execution of the online event, i.e., for the performance of the contract (Art. 6 (1) lit. b GDPR) and we delete the data after 90 days at the latest.
During the conference, the following information is visible to other participants who are not the organizer: Your name, profile photo and your chat contributions.
We do not record whether you participated attentively in the event (e.g., whether you opened windows other than that of the online event, during the event).
If the online event takes place using the “Microsoft Teams” service, the following shall also apply:
The technical service provider is Microsoft Ireland Operations Ltd. in Dublin, Ireland (Microsoft), which works for us as a processor. Data storage takes place in the Microsoft Cloud, specifically in computing centers in the European geographic space. It is not anticipated to transmit personal data to a third country for reasons related to the operation of Microsoft Teams. Should you dial in from a third country, the processing ordered by us will be done using European computer centers in this case as well.
In providing the service Microsoft captures certain diagnostic and service data and uses these on its own authority for its own purposes. To the extent that Microsoft processes personal data in connection with its own legitimate business processes, Microsoft is the independent controller within the meaning of the GDPR for such processing. Particulars concerning the processing by Microsoft may be found at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
You may also participate in an online event based on Microsoft Teams even without your own Microsoft user account. If you do use your own Microsoft user account to participate, then additional data pursuant to the provisions of your Microsoft user account may be processed.
3. Forwarding data to third parties
We do not transfer your personal data to third parties for purposes other than those mentioned below.
a) For performance of the contract
Your personal data are disclosed to third parties where legally permissible and required, pursuant to Art. 6 (1) lit. b GDPR, for the performance of the contracts and agreements with you. This includes in particular disclosure of the data to event partners for the purpose of planning and holding the event. Third parties may use the transferred data for the above-mentioned purposes only.
b) For additional purposes
Beyond the above, we disclose your personal data to third parties only if:
- you have given consent pursuant to Art. 6 (1) lit. a GDPR, or
- in the event that there is a legal requirement for disclosure pursuant to Art. 6 (1) lit. c GDPR.
4. Rights of the data subject
You have the following rights:
- pursuant to Art. 7 (3) GDPR, to withdraw your consent at any time. This means that we may not continue the data processing based on this consent in the future;
- pursuant to Art. 15 GDPR, to obtain access to your personal data processed by us. In particular, you may request information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, and the envisaged period for which the data will be stored. Moreover, you have the right to request rectification, erasure, or restriction of processing, to object to processing, the right to lodge a complaint, and to obtain information about the source of your data if they were not collected by us, as well as about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved;
- pursuant to Art. 16 GDPR, to obtain the rectification of inaccurate data or the completion of your personal data without undue delay;
- pursuant to Art. 17 GDPR, to obtain the erasure of personal data saved by us unless processing is necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to obtain restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose the erasure of the personal data, or if we no longer need the personal data but you still require the data for establishing, exercising or defending legal claims, or if you have filed an objection to the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of those data to another controller and
- pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Generally, you may contact the supervisory authority of your habitual residence, place of work or the registered offices of our organization.
5. Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR if reasons exist for doing so that are based on your special situation or if the objection relates to direct marketing. In the latter case, you have a general right to object, with which we will comply without you having to provide information about a special situation.
If you would like to assert your right to object, an email to firstname.lastname@example.org will suffice.