This Privacy Notice applies on the occasion of the 18th International Congress of Immunology 2023 (hereinafter “IUIS 2023”, “Event” or “Congress”).
As the operator of the Conference website, we – K.I.T. Group GmbH together with our subsidiaries (hereinafter jointly: “K.I.T. Group”, “the company”, “we” or “us”) – take the protection of your personal data seriously and inform you at this point about data protection in our company.
The EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) obliges us, within the scope of our responsibility under data protection law, to protect personal data of the person affected by a processing (we also address you as a data subject hereinafter with “customer”, “user”, “you”, “you” or “data subject”).
Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (Art. 13 and 14 GDPR). With this information (hereinafter: “privacy policy”), we inform you about the way in which your personal data is processed by us.
The design and granting of consent to data processing is carried out exclusively in accordance with the requirements of Section 25 (1) TTDSG (German Telecommunications-Telemedia-Data-Protection- Act) in conjunction with Artt. 6 (1) lit. a GDPR, 5 No. 11 GDPR.
Our privacy has a modular structure. It consists of a general part for all processing of personal data and processing situations that come into play each time a website is called up (A. General) and a special part, the content of which relates in each case only to the processing situation specified there with the designation of the respective offer or product, in particular the visit to websites and the use of the Conference offers (B. Visit to websites, use of the Conference offers), which are described in more detail here. The privacy policy includes a cookie policy (part C.). In addition, where relevant processing operations exist, the special sections D. (Business partners) and E. (Online-based audio and video conferencing) must be taken into account.
In order to find the parts relevant to you, please note the following overview of the subdivision of the privacy policy. The following parts are relevant to you as a participant in the Conference:
These principles are always relevant to you.
These principles are relevant to you when you visit the event-related website, including social media presences, and take advantage of Congress offers.
The cookie policy contains the list of cookies, plug-ins and tools used as well as the information on revocation options with regard to consent to data processing once given.
These principles may be relevant for you in case of participation as a business partner or a representative of a business partner.
(1) Definitions
Following the example of Art. 4 GDPR, this privacy policy is based on the following definitions:
(2) Name and address of the controller
The controller of your personal data on this website and its subpages within the meaning of Art. 4 No. 7 GDPR is us:
K.I.T. Group GmbH
Kurfürstendamm 71
10709 Berlin
Germany
Phone: +49 30 24603 0
Fax: +49 30 24603 200
info@kit-group.org
For further information on our company, please refer to the legal notice section on our website https://www.kit-group.org/legal-notice/ .
(3) Contact details of the data protection officer
Our company data protection officer (DPO) is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection at our company. His contact details are:
Data Protection Officer
exkulpa gmbh
Waldfeuchter Straße 266
52525 Heinsberg
www.exkulpa.de
Tel.: 02452/993311
E-Mail: security@kit-group.org
You can also contact the data protection officer via our K.I.T. Group data protection coordinator by telephone on +49 30 24603 346
(4) Legal basis for data processing
In principle, any processing of personal data is prohibited by law and only permitted if the data processing falls under one of the following justifications:
For the processing operations we carry out, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.
(5) Data erasure and storage period
For each processing operation we carry out, we indicate below how long the data will be stored by us and when it will be erased or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in A.(7) and A.(8).
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
(6) Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see under A.(3)).
(7) Cooperation with processors
As with any larger company, we use external domestic and foreign service providers to process our business transactions (e.g., for IT, logistics, telecommunications, accommodation, sales and marketing). These service providers only act on our instructions and are contractually obliged to comply with data protection regulations in accordance with Article 28 of the Data Protection Regulation or – if applicable – on the basis of standard contractual clauses.
If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g., for advertising purposes), this is done on the basis of existing order processing relationships or joint responsibilities. You can find an overview of our subsidiaries at https://www.kit-group.org/de/offices/ .
(8) Conditions for the transfer of personal data to third countries
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing will only take place to fulfil contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the relevant places below.
The European Commission certifies data protection comparable to the EEA standard in some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html) . However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. Please contact our data protection officer (see under A.(3)) if you would like more information on this.
(9) No automated decision making (including profiling)
We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).
(10) No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are not under any legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.
(11) Legal obligation to transmit certain data
We may, under certain circumstances, be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 (1) lit. c GDPR).
(12) Your rights
You can assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A.(2). As a data subject, you have the right
Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, Germany, Tel: +49 30 13889 0, Fax: +49 30 2155050, mailbox@datenschutz-berlin.de
(13) Changes to the privacy policy
In the context of the further development of data protection law as well as technological or organisational changes, our privacy policy is regularly checked for the need to adapt or supplement it. You will be informed of any changes on the Conference website at https://iuis2023.org/ . This data protection notice is valid as of March 2022.
(1) Explanation of function
Information about our company and the services offered by us in the context of the IUIS 2023 can be obtained in particular at https://iuis2023.org/ together with the associated sub-pages as well as our company’s website (hereinafter collectively referred to as “websites”). When you visit these websites, personal data may be processed.
(2) Processed personal data
During the informational use of the Websites, the following categories of personal data are collected, stored and processed by us:
“Log data”: When you visit our websites, a so-called protocol data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
“Participant data”: In order to participate in the event, you must register via the registration form. In doing so, the submitted data will be processed (e.g., gender, surname and first name, title, nationality, address, institution/company, e-mail address, field of research or activity, payment data such as account or credit card details). If you participate in the event as a speaker or by submitting an abstract, additional data will be processed (e.g., data on your status as an author, memberships in scientific professional associations, publication data).
“Accommodation data”: If you enquire about or book accommodation via our websites, personal data transmitted in the process will be processed (e.g., last name and first name, [title], gender, e-mail address, phone number, billing address, billing data such as account or credit card data).
“Billing data”: If you order or use chargeable services from us, the data transmitted in the process will be processed (billing data such as account or credit card data).
“Contact data”: If you use the e-mail addresses provided to contact us, the data thereby transmitted will be processed (at least e-mail address and the time of transmission, in addition, depending on the information provided, for example, surname and first name, address, institution/company).
“Contact form data”: When contact forms are used, the data transmitted through them are processed (e.g., gender, surname and first name, address, institution/company, e-mail address and the time of transmission).
“Newsletter data”: In addition to the purely informational use of our website, the subscription to a newsletter and mailing list is offered and conducted separately and autonomously on the website of International Union of Immunological Societies at https://iuis.org/ . If you are interested in receiving the newsletter or joining the mailing list, please read the privacy policy on the IUIS homepage at https://iuis.org/privacy-policy/ .
(3) Purpose and legal basis of data processing
We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 (1) lit. f GDPR, the aforementioned purposes also represent our legitimate interests. Insofar as the processing of personal data is based on Art. 6 (1) lit. a GDPR with consent to the storage of information on a device of an user, any such consent complies with the requirements of § 25 (1) TTDSG.
(4) Duration of data processing
Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases stated in the context of the processing purposes apply accordingly. With regard to the use and storage duration of cookies, please refer to point A.(5) as well as the Cookie Policy under section C.
Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of services for us in accordance with the respective order.
For more details on the storage period, please refer to A.(5) and the Cookie Policy in section C.
(5) Transfer of personal data to third parties; justification basis
The following categories of recipients, which are usually order processors (see A.(7)), may receive access to your personal data:
For guarantees of an adequate level of data protection in the event of data being passed on to third countries, see A.(8).
Furthermore, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 (1) lit. a GDPR.
(6) Use of cookies, plugins, and other services on our website
a) Cookie
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the body that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e., more pleasant for you.
Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) lit. a GDPR, § 25 (1) TTDSG. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we will only share your personal data processed through cookies with third parties if you have given your explicit consent to do so in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG.
b) Cookie policy
For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please see our Cookie Policy in section C.
c) Social media plugins
For more information about which social media plugins we use and how you can manage your settings and disable certain types of tracking, please see our Cookie Policy in section C.
In other cases, where our websites may contain icons from social media providers, we only use these to passively link to the pages of the respective providers. Further details on data processing when using the links can be found in the privacy policies of the respective social media providers (currently Facebook, Twitter, LinkedIn).
(1) Cookies used on the website
1.1 Consent with Borlabs Cookie
Our website uses Borlabs Cookie Consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given, or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider.
The following essential cookie is used when using the Website:
(a) Name: borlabs-cookie.
(b) Aim and purpose: Borlabs Cookie Consent Technology is used to obtain the legally required consent to the use of cookies. The legal basis for this is Art. 6 (1) lit. c GDPR. This cookie stores the cookie settings of a user.
(c) Retention period: The essential cookie automatically expires after 1 year.
The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or within the aforementioned period. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/ .
1.2 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. For this purpose, the website operator receives a variety of user data, such as pages viewed, time spent on the page, operating system used and origin of the user. This data is assigned to the respective end device of the user. An assignment to a device ID does not take place.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of the website is usually transferred to a Google server in the United States and stored there. The data transfer to the USA takes place on the basis of the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/
The following performance cookies are used when using the website:
(a) Designations: _ga, _gat, _gid
b) Aim and purpose: Google Analytics (GA) performance cookies for website analysis. The legal basis is Art. 6 (1) lit. f GDPR. The operator of this website has a legitimate interest in analyzing user behavior in order to optimize both the online offering and the operator’s advertising activities. If a corresponding consent exists, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) as defined by the TTDSG. This consent can be revoked at any time.
c) Retention period: With the new standard function of Google Analytics 4 (GA4), performance cookies usually expire automatically after 14 months. User or event level data stored by Google in connection with cookies, user identifiers or advertising identifiers (e.g. DoubleClick cookies, Android advertising identifiers) are anonymized or deleted after 2 months. For details, please click on the following link: https://support.google.com/analytics/answer/7667196?hl=en
IP anonymization
We have activated the IP anonymization function on this website. The IP addresses of users are anonymized by Google. This is a new standard feature of Google Analytics 4 (GA4). The automatically activated IP anonymization cannot be deactivated, see https://support.google.com/analytics/answer/9019185?hl=en#zippy=%2Cin-this-article .
Opt-out options
a) Withdrawal of consent
You can withdraw your consent to cookies. To do so, you must click on the “Change cookie settings” link in the footer and, if applicable, “Show cookie information”.
b) Browser plug-in
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
For more information about how Google Analytics handles user data, please see Google’s privacy policy at: https://support.google.com/analytics/answer/6004245?hl=en
Demographic parameters provided by Google Analytics
If this website uses the “Demographic Characteristics” function of Google Analytics (e.g., age, gender and interests of website visitors), this is done in order to display suitable ads within the Google advertising network. The sources of information are Google’s interest-based advertising and visitor data obtained from third-party providers. This data cannot be assigned to a specific person. You can either deactivate this function at any time by making appropriate changes to your advertising settings in your Google account, or you can generally prohibit the collection of your data, as explained in the “Opt-out options” section above.
Data processing agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
1.3 Google Web Fonts (local hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de .
(2) Plugins and tools used on the website and/or in preparation and/or during performance of the conference
2.1 YouTube-Videos / Other Videos
YouTube with extended data protection
This website embeds YouTube videos. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, regardless of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may save various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG; the consent can be revoked at any time.
Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de
2.2 Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
(3) Overview of cookies on the profile and/or registration pages
On the sub-websites for registering for the event, only so-called session cookies (“session cookies”) are regularly used.
Session cookies are used by a server to store information about activities on our pages so that you, as a user, can simply continue at the point where you last used the pages. Typically, pages have no “memory”. Cookies tell the server which pages to show you so you don’t have to remember or navigate from the beginning. Cookies are therefore a kind of bookmark within our pages.
The following session cookie is used when using the profile pages:
a) Designation: JSESSIONID
b) Aim and purpose: The session cookie identifies you as a visitor between different pages and stores specific properties and settings regarding the display of teasers and the like.
c) Retention period: The session cookie is automatically deleted after you leave the profile pages.
In the relationship with our business partners, additional processing of personal data may occur. In this context, business partners are legal entities or natural persons with whom we maintain or have maintained in the past or intend to establish in the future a business relationship in order to achieve and implement our corporate purpose (in particular, clients for events and/or business office management, sponsors, exhibitors, suppliers, service providers).
(1) Processed personal data
“Marketing and Sales Data”: If you or third parties commissioned by you are in contact with us within the scope of a formerly or currently existing business relationship or if a future business relationship is to be initiated, the transmitted data of the contact persons will be processed (e.g. surname, first name, title, e-mail address, institution/company, address).
“Employee data”: If you request information or services, order or provide services within the framework of a former, current or future business relationship, the transmitted data of the contact persons will be processed (e.g., surname, first name, title, e-mail address, institution/company, address).
(2) Purpose and legal basis of processing
Marketing and sales data is processed for information and advertising purposes vis-à-vis existing or former business partners and to attract new business partners (legal basis is Art. 6 (1) lit. f, in the case of an existing business relationship also Art. 6 (1) lit. b DSGVO).
The processing of employee data is carried out in preparation, implementation and fulfillment of the underlying contractual relationship with the respective business partner (legal basis is Art. 6 (1) p. 1 lit. b or lit. f DSGVO).
(3) Retention period of the data
The retention period of the transmitted data is based on the above principles from B. (4) in conjunction with A. (5). Deviating from this, in the case of marketing and sales data, we reserve the right to retain the data you have transmitted for up to 6 months from the termination of the last business contact with us on the basis of our legitimate interests (legal basis is Art. 6 (1) p. 1 lit. f DSGVO).