This data protection declaration of the GAPS 2022 Annual Conference is based on the terms used in the EU General Data Protection Regulation (GDPR). It outlines the type, scope, and purpose of the personal data that is being collected, used and processed, as well as the rights of data subjects.
The processing of personal data of the GAPS 2022 Annual Conference, such as name, address, e-mail address, or telephone number of a data subject is handled in line with the General Data Protection Regulation (GDPR) and other applicable data protection regulations such as the Datenschutz-Grundverordnung (DS-GVO).
The conference organizers aim to ensure the best possible protection of personal data and has implemented technical and organizational measures for the protection of personal data processed through this website and in its management of members’ data. As Internet-based transmissions may have security gaps, however, absolute protection cannot be guaranteed. Hence we also offer the option of transferring personal data to us by telephone or standard mail.
General use of our website is possible without any indication of personal data beyond the information automatically collected by our providers. For use of some of the association’s services and communication via our website, the processing of further personal data might be necessary. Should there be no statutory basis for such processing, we obtain consent from the data subject.
Terminology
The term personal data refers to any information relating to a natural person that allows identification of that person through identifiers such as name, location data, online identifier or factors specific to the identity of that person. Data subject is any identifiable natural person whose personal data is processed. Consent refers to any freely given and unambiguous indication of data subjects’ agreement to the processing of their personal data. Data processing refers to any operation which is performed on personal data, e.g. collection, recording, organisation, structuring, storage, retrieval, use, disclosure by transmission, dissemination or otherwise making available, erasure or destruction. Controller, processor, recipient and third party can refer to a natural or legal person, public authority, agency or body. The controller responsible for the processing is the person determining the purposes and means of processing personal data. Data is being processed by the processor on behalf of the controller. The recipient refers to a person to which the personal data are disclosed. Third party refers to a person, public authority, agency or body other than the data subject, the controller, the processor and persons who are authorised to process personal data as authorized by the controller or processor.
Name and Address of the Controller
The controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
GAPS 2022 Conference Team
Email: info@gaps2022.com
Use of Cookies
Cookies are small text files that are stored in a computer system by an Internet browser. Cookies can contain a so-called cookie ID that identifies the cookie and consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. Visited Internet sites and servers can thus recognize and identify the data subject’s browser. The website of the GAPS 2022 Annual Conference does not use cookies.
Collection of Data and Information
This website collects a series of general data and information on the accessing system that are stored in the server log files. Such anonymously collected general data and information is not used to draw any conclusions about the data subject, but only analysed statistically and stored anonymously and separately from all personal data so as to ensure the best possible level of protection of personal data.
Such information is needed to deliver and optimize the content of our website. It can include the used browser type and version, the operating system, other websites from which our website is called up, sub-websites, the date and time of access, an IP (Internet protocol) address, the accessing system’s Internet service provider, or similar data and information used in the event of attacks on information technology systems. Such information can also assist law enforcement authorities in criminal prosecutions of cases of cyber-attack.
Erasure or Blocking of Personal Data
The data controller processes and stores the personal data of data subjects only for the necessary period or as far as legally granted by the applicable laws and regulations and blocks or erases them in accordance with legal requirements. After this the data is routinely deleted. The period of storage of personal data is based on the statutory retention period, unless it is necessary for the fulfilment of the aims and purposes of the GAPS 2022 Annual Conference.
Data Subjects’ Rights
Each data subject has the right to obtain information and confirmation from the controller as to whether or not and which personal data concerning them are being processed. This includes information on whether personal data are transferred to a third country or to an international organization, in which case the data subject has the right to be informed about safeguards relating to the transfer. Any data subject can contact the GAPS 2022 Annual Conference team in order to request a copy of such information, which will be provided in due time via the controller. Data subjects have the right to withdraw their consent to processing of their personal data at any time. Withdrawals of consent to the processing of personal data can be issued to the GAPS 2022 Annual Conference team and will be ensured by the controller.
In addition, data subjects can request access to information about the purposes of the data processing; about the categories of personal data; about recipients to whom the personal data have been or will be disclosed; as well as about the envisaged period for which the personal data will be stored.
Taking into account the purposes of processing, data subjects can request from the controller the rectification of inaccurate or incomplete personal data. They can also restrict or object to processing of their personal data. Data subjects can request information on the sources of personal data that has not been collected directly from them as well as, if applicable, on automated decision-making as referred to in Article 22(1) and (4) of the GDPR. Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling. The GAPS 2022 Annual Conference team does not use any form of automated processing, decision-making or profiling.
Data subjects can request the restriction of processing of their personal data in cases of contested accuracy until the controller can verify the accuracy of the data. Should the processing be unlawful and the data subject opposes the erasure of the personal data, they can also request restriction of processing. Furthermore, should the data subject require their personal data in the context of legal claims, the data can be restricted even if the controller no longer needs the personal data for the purposes of the processing. If a data subject has objected to processing pursuant to Article 21(1) of the GDPR, data can be restricted until it is clarified whether the legitimate grounds of the controller override those of the data subject. Requests for restriction of the processing of personal data can be issued to the GAPS 2022 Annual Conference team and will be ensured by the controller.
Data subjects can request the erasure of their personal data when these are no longer necessary in relation to the purposes for which they were collected or otherwise processed. They can withdraw consent to the processing according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, when there is no other legal ground for the processing. Furthermore, data subjects can object to the processing pursuant to Article 21(1) of the GDPR when there are no overriding legitimate grounds for the processing, as well as pursuant to Article 21(2) of the GDPR. Erasure can also be requested when personal data have been unlawfully processed as per applicable law or when they have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR. Requests for erasure of stored personal data can be issued to the GAPS 2022 Annual Conference team.
Data subjects have the right to receive their personal data that was provided to a controller and have to transmit those data to another controller by automated means as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR. This applies if the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The data subject can request to have personal data transmitted directly from one controller to another within the given legal frameworks. Requests for data portability can be issued to the GAPS 2022 Annual Conference team.
Data subjects have the right to object to processing of their personal data based on point (e) or (f) of Article 6(1) of the GDPR, including objections to profiling based on these provisions. If such objections have been issued to the GAPS 2022 Annual Conference team and no legitimate grounds for the processing override the interests and rights of the data subject or legal claims, the data subject’s personal data will no longer be processed. Objections can also be issued to the processing of personal data for marketing purposes as well as to the use of personal data for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task in the public interest. Objections can be issued to the controller or the GAPS 2022 Annual Conference team.
Should the controller have made personal data public and be obliged pursuant to Article 17(1) to erase the personal data, reasonable steps and available technical measures will be taken to inform other controllers processing the personal data that the data subject has requested erasure. Necessary measures for individual cases will be arranged by the GAPS 2022 Annual Conference team.
Legal Bases
The GAPS 2022 Conference team obtains consent for the purpose of processing data based on Art. 6(1) lit. a GDPR. Should the processing of personal data be necessary to answer an inquiry, provide a service, or in relation to a contract with the data subject, the processing is based on Article 6(1) lit. b GDPR. In the context of legal obligations which necessitate the processing of personal data, including tax-related obligations, the processing is based on Art. 6(1) lit. c GDPR. Should the processing of personal data become necessary in relation to protecting vital interests of the data subject or another natural person, such as insurance-related inquiries, the processing would be based on Art. 6(1) lit. d GDPR. Further processing operations outside of the listed contexts can be based on Article 6(1) lit. f GDPR if such processing is within the legitimate interests of the association or a third party, except where those interests are overridden by rights and interests of the data subject requiring the protection of personal data. In such cases our legitimate interest relates to the statutory aims and purposes of the GAPS 2022 Annual Conference.
The provision of personal data can be required by law, based on contractual provisions, as well as in relation to the membership management of the GAPS 2022 Annual Conference. The non-provision of necessary personal data could result in the inability of the association to fulfil its statutory aims and purposes. Upon request, the GAPS 2022 Annual Conference team will clarify whether the provision of personal data is required by law or necessary in relation to a contract, for purposes of membership management or in relation to the association’s aims and purposes, and will provide information on whether there is an obligation to provide the personal data as well as on possible consequences of non-provision.