1. Controller’s name and contact information
The data controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is the:
European Association for the Study of Diabetes (EASD) e.V.
Rheindorfer Weg 3
40591 Düsseldorf Germany
Phone: +49 211 758 469 0
Fax: +49 211 758 469 29
If you have any questions about our data processing activities, please write to us at the aforementioned postal address, with the addition “Data protection” or at the e-mail address provided. Our data protection officer can be reached via email@example.com or by letter to our postal address c/o “Data protection officer”. The relevant contact data can be found in the imprint.
2. Log Files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called “server log files”. The stored data records are technically necessary to display the websites to you and contain the following data:
- Browser type and browser version,
- operating system used,
- referrer URL,
- time of server request,
- shortened IP address.
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
3. Processing of personal data / legal basis
3.1 Data processing for the provision of contractual services
3.1.1 Registering on our website (easd-elearning.org)
If you register to take one or more of our online courses, we will collect and process the following information volunteered by you:
• (academic) title, first name, surname
• a valid email address
• other particulars are voluntary.
The processing of this data occurs
• to allow you to be identified as a (potential) learner
• for correspondence with you
• to examine your request or process your query/contract
• for further customer care and promotional approaches about new e-learning content on our site.
The previously described data processing occurs on your request and is necessary for the aforementioned purposes to process your request and/or for the mutual fulfilment of obligations from previous or existing contractual relationships. The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
You can access the easd-elearning.org platform by creating an account with us.
You are responsible for maintaining the confidentiality of your passwords or other account identifiers which you choose and all activities that occur under your account.
By registering on the easd-elearning.org platform, you agree that:
• easd-elearning.org has permission to hold your data as outlined above
• Your account and password are personal to you and may not be used by anyone else to access the easd-elearning.org platform.
• You will not do anything which would assist anyone who is not a registered user to gain access to any registration area of the easd-elearning.org platform.
• You will not create registration accounts for the purpose of abusing the functionality of the site, or other users; nor will you seek to pass yourself off as another user.
• You agree to notify us immediately if you become aware of unauthorised use of your password or account identifiers by others.
If you use the easd-elearning.org platform, you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and to the extent permitted by applicable law, you agree to accept responsibility for all activities that occur under your account or password. You should inform us immediately if you have any reason to believe that your password has become known to anyone else, or if the password is being, or is likely to be, used in an unauthorised manner.
You are responsible for ensuring that the details you provide us with are correct and complete and have the right to delete or amend the data that we hold for you at any time by emailing:
You must not use the easd-elearning.org platform:
• in any way that causes, or is likely to cause, any easd-elearning.org service or any access to it to be interrupted, damaged or impaired
• in any way for fraudulent purposes
• or in connection with a criminal offence or other unlawful activity to cause annoyance, inconvenience or anxiety.
Termination of registration
If you no longer wish to have a registered account, you may terminate your account by contacting easd-elearning.org (firstname.lastname@example.org). If you terminate your account, we will delete all personal data about you, unless you consent to your contact details being used by us to communicate with you and provide you with newsletters and other updates.
3.1.2 Data processing for communication with you (contact form, etc.)
In addition to the contract data, we process your communication data (e-mail address) in order to be able to contact you. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.
The basis for data processing is Art. 6 (1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
You can also provide your consent to the further use of your contact details for us to send our electronic marketing emails, with which we inform you about new content on the EASD e-Learning website. The respective content of a newsletter is explained in the respective declaration of consent. If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have entered. If you do not confirm your registration, your information will be blocked and automatically deleted after one month.
Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to refine material to address you personally. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration for the newsletter and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. As far as we use an order processor for the dispatch of the newsletter, we adhere to the applicable data protection laws.
Data processing takes place on the basis of your consent pursuant to Art.6(1)(a) GDPR. You can revoke your consent at any time and cancel the respective subscription by contacting us using the contact information set out in Section 1. You can declare your revocation by clicking on the link provided in every e-mail or by sending us a message via the contact details mentioned under section 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
3.3 Use of Rapidmail
We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Rapidmail organises and analyses the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter will be stored on rapidmail’s servers in Germany. If you do not want analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, emails sent with rapidmail contain a so-called tracking pixel, which connects to rapidmail’s servers when the email is opened. In this way it can be determined whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message are clicked. Optionally, links in the email can be set as tracking links with which your clicks can be counted.
Legal basis: The legal basis for data processing is Article 6 Paragraph 1 Letter a) GDPR.
Recipient: The recipient of the data is rapidmail GmbH.
Duration: The data you have stored with us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and rapidmail’s servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remains unaffected.
Option to revoke: You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Further data protection information: For more information, please see rapidmail’s data security information at: https://www.rapidmail.de/datensicherheit. For more information about rapidmail’s analysis functions, please visit the following link: https://www.rapidmail.de/wissen-und-hilfe.
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts.
- Assisting you in navigation;
- Assisting in registration to our events, login, and your ability to provide feedback;
- Analysing your use of our products, services or applications;
- Assisting with our promotional and marketing efforts. (including behavioural advertising)
Below is a detailed list of the cookies we use on our Website. Our Website is scanned with our cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:
Strictly Necessary Cookies:
|easd-elearning.org||OptanonAlertBoxClosed||This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a one year lifespan and contains no personal information.||1||Years|
|easd-elearning.org||OptanonConsent||This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.||1||Years|
|easd-elearning.org||_pk_id*||This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_id is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie. It is used to recognize visitors and hold their various properties. This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_id is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.||1||Years|
|tracking.easd-elearning.org||_pk_id*||This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_id is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie. It is used to recognize visitors and hold their various properties. This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_id is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.||1||Years|
|easd-elearning.org||_pk_ses*||This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_ses is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie. It shows the visitor’s active session. If the cookie doesn’t exist, it means that the session ended more than 30 minutes ago and was counted in the _pk_id cookie.This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_ses is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.||0||Days|
|tracking.easd-elearning.org||_pk_ses*||This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_ses is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie. It shows the visitor’s active session. If the cookie doesn’t exist, it means that the session ended more than 30 minutes ago and was counted in the _pk_id cookie. This cookie name is associated with the Piwik open source web analytics platform. It is used to help website owners track visitor behaviour and measure site performance. It is a pattern type cookie, where the prefix _pk_ses is followed by a short series of numbers and letters, which is believed to be a reference code for the domain setting the cookie.||0||Days|
|Host||Cookie Name||Description||Expiry Duration||Expiry Unit|
|vimeo.com||__cf_bm||This is a CloudFoundry cookie||0||Days|
3.5 Cookie consent tool “CookiePro” from OneTrust LLC.
This website uses the cookie consent tool “CookiePro” from OneTrust LLC., 1200 Abernathy Rd NE, Sandy Springs, GA 30328, USA (“OneTrust”) to obtain effective user consent for cookies requiring consent and cookie-based applications.
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo video, a connection is established to Vimeo’s servers. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. This applies even if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
Personal data could possibly be passed on by the provider beyond the actual purpose of order fulfilment to other third parties who use the data for other purposes. For smoother video playback, Vimeo uses services from Akamai Technologies Inc. (akamaized).
Basically, the so-called “do not track” parameter is activated on our website.
If you have not consented to the processing of your data by Vimeo within consent management, the videos embedded on our site will not be played immediately. You can also give your consent afterwards directly to the video by taking an upfront action.
Processing of personal data also takes place in a non-secure third country. In the USA there is no level of data protection comparable to the requirements of the GDPR. Effective enforcement of your rights is probably not possible. Further information on transfer to a non-secure third country can be found in this data protection information under “I. General information on data processing – 4. Data transfer to non-secure third countries”.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.
3.7 Tracking with Matomo
On some of our websites we may use web analysis software Matomo to analyse the use of the respective website and/or to track user-specific behaviour, if this is necessary to provide our services. The relevant data processing for the provision of the contractual service is outlined in section 3.1. In contrast to other statistics programmes, no data is transmitted to an external server by the software we use. The relevant software is installed on one of our servers located in the EU. Our tracking software may collect the following data, which may give information about which functions of the respective website are frequently used and where misunderstandings may occur:
- Country, state, city,
- time of the page call,
- the browser used, including the browser version, browser language and the installed plugins,
- the operating system of the user,
- the screen resolution of the user,
- the date of the first visit,
- the time of the last visit,
- a randomly generated unique user ID,
- the loading time of the visited page,
- the number of actions per visit,
- the page title of the visited page,
- the URL of the visited page,
- the length of stay per visit,
- functions used during the visit.
Statistics on user behaviour are then based on this data. These include, for example, overviews of the actions per visit, e.g., whether data exports were carried out or counter readings were entered.
We use tracking technologies that are necessary to enable us to perform the services we are obliged to provide. The data processing in this respect is then based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. In addition, we may, under certain circumstances, obtain your consent for the use of tracking while processing personal data. The data processing will then be based on your consent in accordance with Art. 6 para. 1 s. 1 lit. b GDPR. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation. In addition, we use anonymous tracking on some of our websites.
4. Automated decision-making in specific cases, including profiling
Automated decision-making including profiling does not regularly take place with us.
5. Categories of recipients of personal data
Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data.
Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract.
In the case of cooperations in which we merely act as intermediaries, your personal data will only be passed on to the cooperation partner if this is necessary for the purpose of concluding the contract and processing the contract for the cooperation partner. Both the cooperation partner and we are obliged to observe the data protection regulations within the framework of the cooperation. This obligation shall continue to apply even after termination of the respective contract.
Service providers who support us in providing our services to you are hosting providers and e-mail service providers.
6. Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
7. Data Security
Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organisational measures against loss, destruction, access, alteration or distribution of your data by unauthorised persons.
8. Rights of data subjects
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in clause 1. You may also have a right to restrict the processing of your data and a right to have the data provided by you released in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. In addition, you have the possibility of contacting a data protection supervisory authority (right of appeal).