1. Controller’s name and contact information
The data controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is the
European Association for the Study of Diabetes (EASD) e.V.
Rheindorfer Weg 3
40591 Düsseldorf Germany
Phone: +49 211 758 469 0
Fax: +49 211 758 469 29
If you have any questions about our data processing activities, please write to us at the aforementioned postal address, with the addition “Data protection” or at the e-mail address provided. Our data protection officer can be reached via email@example.com or by letter to our postal address c/o “Data protection officer”.
2. Processing of personal data / legal basis
2.1 Data processing for the provision of contractual services
2.1.1 Registering on our website (easd-elearning.org)
If you register to take one or more of our online courses, we will collect and process the following information volunteered by you:
- (academic) title, first name, surname
- a valid email address
- other particulars are voluntary.
The processing of this data occurs
- to allow you to be identified as a (potential) learner
- for correspondence with you
- to examine your request or process your query/contract
- for further customer care and promotional approaches about new e-learning content on our site.
The previously described data processing occurs on your request and is necessary for the aforementioned purposes to process your request and/or for the mutual fulfilment of obligations from previous or existing contractual relationships. The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
You can access the easd-elearning.org platform by creating an account with us. You do not have to be a member of easd-elearning.org in order to do this.
You are responsible for maintaining the confidentiality of your passwords or other account identifiers which you choose and all activities that occur under your account.
By registering on the easd-elearning.org platform, you agree that:
- easd-elearning.org has permission to hold your data as outlined above
- Your account and password are personal to you and may not be used by anyone else to access the easd-elearning.org platform.
- You will not do anything which would assist anyone who is not a registered user to gain access to any registration area of the easd-elearning.org platform.
- You will not create registration accounts for the purpose of abusing the functionality of the site, or other users; nor will you seek to pass yourself off as another user.
- You agree to notify us immediately if you become aware any unauthorised use of your password or account identifiers by others.
If you use the easd-elearning.org platform, you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and to the extent permitted by applicable law, you agree to accept responsibility for all activities that occur under your account or password. You should inform us immediately if you have any reason to believe that your password has become known to anyone else, or if the password is being, or is likely to be, used in an unauthorised manner.
You are responsible for ensuring that the details you provide us with are correct and complete.
You are responsible for ensuring that the details you provide us with are correct and complete and have the right to delete or amend the data that we hold for you at any time by emailing:
You must not use any easd-elearning.org platform:
- in any way that causes, or is likely to cause, any easd-elearning.org service or any access to it to be interrupted, damaged or impaired
- in any way for fraudulent purposes
- or in connection with a criminal offence or other unlawful activity to cause annoyance, inconvenience or anxiety.
Termination of registration
If you no longer wish to have a registered account, you may terminate your account by contacting the easd-elearning.org (firstname.lastname@example.org). If you terminate your account, we will delete all personal data about you, unless you consent to your contact details being used by us to communicate with you and provide you with newsletters and other updates.
2.1.2 Data processing for communication with you (contact form, etc.)
In addition to the contract data, we process your communication data (e-mail address) in order to be able to contact you. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.
The basis for data processing is Art. 6 (1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
With can also provide your consent to the further use of your contact details for us to send our electronic marketing emails, with which we inform you about new content on the EASD e-Learning website. The respective content of a newsletter is explained in the respective declaration of consent. If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have entered. If you do not confirm your registration, your information will be blocked and automatically deleted after one month.
Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to refine material to address you personally. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration for the newsletter and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. As far as we use an order processor for the dispatch of the newsletter, we adhere to the applicable data protection laws.
Data processing takes place on the basis of your consent pursuant to Art.6(1)(a) GDPR. You can revoke your consent at any time and cancel the respective subscription. You can declare your revocation by clicking on the link provided in every e-mail or by sending us a message via the contact details mentioned under section 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally. These pieces of information are used to improve services for you through, for example:
- Enabling a service to recognise your device so you don’t have to give the same information several times during one task
- Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
- Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.
You can manage these small files yourself through your browser settings.
A number of cookies are used by this site:
- WordPress uses the cookie wordpress_[hash] to store the authentication details on login.
- The cookie wordpress_logged_in_[hash] is used to indicate when you are logged in, and who you are. This cookie is maintained on the front-end of the website as well when logged in.
- Google Analytics uses ‘__utma’ and is set by Google Analytics on your first visit to this website. This cookie is used to determine unique visitors to this site and it is updated with each page view. This is used to help us measure numbers and volumes of visitors using anonymised data.
- Google Analytics uses ‘__utmb’ and is set by Google Analytics to establish and continue your visits to our site. Each time a user visits a different page on our site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as your activity continues within 30-minute intervals. This cookie expires when a visitor pauses on a page on our site for longer than 30 minutes. This is used to help us measure numbers and volumes of visitors using anonymised data.
- Google Analytics uses ‘__utmz’ and is set by Google Analytics to store how a visitor reaches our website; whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. This cookie is updated with each page view on our website. This is used to help us measure the success of online marketing (e.g. organic or paid search engine listings) and offline marketing that is used to direct visitors to this website. This uses anonymised data.
2.4 Data processing in the context of our Facebook corporate website
We operate a company page (fan page) in the social network facebook.com. We are jointly responsible with Facebook for the operation of the Facebook fan page within the meaning of Art. 26 GDPR. The agreement on joint controllership can be found here: https://www.facebook.com/legal/terms/page_controller_addendum. Primarily responsible for data processing is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
The type and scope of the information you provide to Facebook, the associated purposes of data processing by Facebook, its legality and information on the exercise of your rights can be found in the Data Policy, as well as other information provided by Facebook on the processing of “Insights data”. https://de-de.facebook.com/policy.php
Facebook provides us with so-called page insights for our site. Page-Insights (https://www.facebook.com/business/a/page/page-insights) are aggregated data that allows us to understand how people interact with our site. The creation and provision of these page insights is the responsibility of Facebook, we have no influence on it. This also applies to data processing, which is carried out exclusively for the purposes of Facebook. Facebook also assumes all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
The purpose of data processing of the data provided by Facebook by us is the statistical evaluation of the use of our fan page. This enables us, for example, to determine the preferred visiting and posting times of our users and to use this information to optimise our posts and our fan page. In addition, we process personal data made publicly available by you on Facebook (e.g. clear names in the user profile) as well as data directly related to activities on our fan page (e.g. posts, likes, markers), also for the purpose of communicating with you.
Please assert your rights to information, correction, deletion, restriction of processing and data transferability of your stored Insights data vis-à-vis Facebook, as Facebook has assumed the corresponding obligations:
2.5 Online presence in other social networks
We have set up online presences in various social networks to communicate with you, interested parties and customers and to inform them about our services and current offers. In addition to our interaction with you, the social networks process data from visitors to their websites for the purpose of market research and advertising, i.e. that from the respective visit or usage behaviour and the preferences and interests of a visitor derived from this, a user profile may be created by the respective operator of the social network. Such user profiles can be used, among other things, to display advertisements within the respective social network and possibly on other websites, which are individually adapted to the respective user profile. Cookies (see above) may be stored on the visitors’ devices, with the help of which data on usage behaviour can be collected. The collection of this data can, especially in the case of logged-in members of the respective social network, also be realised across several browsers and/or end devices used by a user. Even if a visitor does not have a profile with the respective social network, it cannot be ruled out that personal data on this visitor will be stored when visiting the respective website. Requests for information regarding the data stored in social networks via our online presence or the use of other relevant rights of data subjects can be addressed to the provider of the respective service. Only the providers of the social networks have access to the respective data stored there and can provide the corresponding information, etc. With regard to the purpose and scope of data processing by the various social networks, we refer additionally to their respective data protection notices and the respective contact options:
2.6 Data processing to protect legitimate interests
We may process your data if it is necessary to protect the legitimate interests of us or third parties. This may be the case in particular to ensure IT security and IT operation, in particular also for support enquiries, to be able to understand and prove facts in the event of legal disputes, for market and opinion surveys, to statistically evaluate the use of our website. Furthermore, we may use your e-mail address for recommendations if you have already ordered something from us. In this way, we want to send you information that might interest you based on your last orders from us. In doing so, we comply strictly with the legal requirements. If you no longer wish to receive product recommendations or promotional messages from us, you can object to this at any time. A message in text form to the contact data mentioned under section 1 (e.g. e-mail, fax, letter) is sufficient for this purpose.
The basis for data processing is Art. 6 (1)(f)GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.7 Data processing for marketing purposes
In the event of the use of your data for advertising purposes for us or for our cooperation partners, we may obtain your consent.
The data processing is then carried out on the basis of your consent (Art. 6 (1)(a)GDPR). You can revoke your consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.8 Other data processing based on your consent
It may also happen that we ask for your consent to process personal data. Any granting of consent and the relevant data processing is voluntary and you will not suffer any disadvantages if you do not consent.
The data processing is then carried out on the basis of your consent in accordance with Art. 6(1)(a)GDPR. You can revoke your consent at any time with effect for the future. An informal notification to us is sufficient for this purpose. The legality of the data processing operations already carried out remains unaffected by the revocation.
2.9 Log files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address. These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
The data processing is based on Art. 6 (1)(f)GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.10 Use of data for fraud prevention purposes
The data you provide when placing an order can be used by us to check whether an atypical order process is present.
In principle, we have a legitimate interest in carrying out such an inspection. The processing of the data is based on the legal basis in Art. 6 (1)(f)GDPR.
2.11 Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations).
The basis for data processing is Art. 6 (1)( c)GDPR, which permits processing to fulfil a legal obligation.
2.12 Automated decision-making in specific cases, including profiling
Automated decision-making including profiling does not regularly take place with us.
3. Categories of recipients of personal data
Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data.
Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract.
In the case of cooperations in which we merely act as intermediaries, your personal data will only be passed on to the cooperation partner if this is necessary for the purpose of concluding the contract and processing the contract for the cooperation partner. Both the cooperation partner and we are obliged to observe the data protection regulations within the framework of the cooperation. This obligation shall continue to apply even after termination of the respective contract.
4. Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
5. Data Security
Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.
6. Rights of data subjects
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in clause 1. You may also have a right to restrict the processing of your data and a right to have the data provided by you released in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. In addition, you have the possibility of contacting a data protection supervisory authority (right of appeal).