Data pro­tec­tion

The protection of your personal rights is of great importance for the GDV. Therefore, we proceed with all data processing according to the principle of limiting data processing only to the required information and the required degree. 

Controller

“Controller” in the terms of the General Data Protection Regulation (GDPR) is the German Insurance Association (Gesamtverband der Deutschen Versicherungswirtschaft e.V.), Wilhelmstraße 43 / 43G, 10117 Berlin (“GDV”).

Data Protection Officer

If you have any questions about data protection at GDV, please do not hesitate to contact our data protection officer:

I. Data Processing when visiting our websites

By way of our Information on data protection concerning Social-Media-Appearances and our Further information on data processing at GDV, we inform you of the purposes for which personal data are collected, processed and used when you visit our websites.

Data collection when using our websites

When you access our websites, the browser on your device automatically sends information to the server of our websites / applications and temporarily stores it in a log file. We have no influence over this. The following information is also recorded without your intervention and stored until it is automatically deleted:

  • the IP address of the requesting Internet-enabled device;
  • the date and time of access;
  • the name and URL of the retrieved file;
  • the website from which access was made (referrer URL);
  • the browser you are using and, if necessary, the operating system and user interface of your Internet-enabled computer as well as the name of your access provider;
  • an individual process ID, status code (information about the data retrieval process, e.g. whether it was successful), the response time of the server and the amount of data transferred in bytes.

The legal basis for processing the IP address is § 25(2) no. 2 TTDSG resp. Art. 6(1)f GDPR. Our legitimate interest follows from the purposes of data collection listed below. We are unable to draw any direct conclusions about your identity from the data collected.

The IP address of your terminal device and the other data listed above will be used by us for the following purposes:

  • to ensure a smooth connection setup;
  • to ensure comfortable use of our website;
  • to evaluate system safety and stability.

The server log files can also be checked subsequently if there are concrete indications of illegal use of our website. The data are stored for a period of 6 months and then automatically deleted. Furthermore, we use cookies and social media plug-ins for our website. The exact procedures involved, whether using the website can lead to tracking and how your data are used for this purpose are explained in more detail below.

Security

We use technical and organisational security measures to warrant that your personal data are protected against loss, falsifications and unauthorised access by third parties at all times. All safety measures are continuously adapted to technical progress. If you are requested to enter personal data within the offer, data will be transmitted over the Internet encrypted using SSL and thus protected against unauthorized access

Google Maps on gdv.de and udv.de

We use the Google Maps API in order to display geographic information. When using Google Maps, Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) will collect, process and use data about the usage of the maps-functions by the visitors of the websites. Your data will only be transmitted to Google, once you have given us your consent. The legal basis for consent is § 25(1) TTDSG resp. Art. 6(1)a GDPR. When opening our website a so-called banner will be displayed. You will be given the opportunity to consent to the processing of personal data by clicking “I agree”. In case you click on “Change Settings” Google Maps will only be displayed after you tick the box next to “third parties” or if you consent to the processing of personal data by clicking the information text in the map window on the website. If you click on “I decline”, you can also consent to the processing of personal data by clicking the information text in the map window on the website. You can withdraw your consent for future data processing at all times by using our Consent-Manager-Tool. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website. For further information on how Google processes personal data, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en-US

Google also processes your personal data in the USA (please see “Transfer to third countries”).

Orders

Personal data (name, address data, e-mail addresses) are collected and processed in accordance with Article 6(1)b GDPR in order to process orders of association publications or individual inquiries, for example. To send publications, it may be necessary to pass on your address data to companies that support us. Furthermore, we will not pass on your personal data unless, in an exceptional case, an authority requests the data, e.g. for criminal prosecution or security purposes. After complete processing of your request, your data will be blocked and deleted after expiry of the storage obligations in tax and commercial law.

Newsletter

If you have registered for our newsletter, we only use the data (name, e-mail addresses) collected during registration to send the newsletter. The processing of your data is based on your consent (Article 6(1) a GDPR). In addition, we record the e-mail address from which the newsletter was opened and links clicked. We evaluate this information for statistical purposes in order to optimise our newsletter offer. The legal basis for this data processing is Article 6(1)f GDPR. After completion of the statistical evaluation (after three months at the latest), the data will be deleted.

We use the so-called “double opt-in procedure” for sending the newsletter. We will not send you a newsletter until you confirm in our notification e-mail that we should activate the newsletter service by clicking on a link. If you no longer wish to receive newsletters from us, you can unsubscribe at any time. You will find a link to unsubscribe in each newsletter. Of course you can send us a message in text form (e.g. e-mail or letter).

Via e-mail:
Newsletter Unfallforschung (German Insurers Accident Research): unfallforschung@gdv.de

All other newsletters: onlineredaktion@gdv.de.

Contact form

When you contact us via a contact form on our website, the data you provide (e-mail address and name) will be processed by us in accordance with Article 6(1)f GDPR in order to answer your questions. We will delete the data arising in this context after the storage is no longer necessary, or restrict the processing if statutory retention obligations exist.

Cookies

Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. If we require your consent for the use of cookies, we will only use cookies after you have given us your consent. The legal basis for consent is § 25(1) TTDSG resp Art. 6(1)(a) GDPR. In the following we inform you about the data processing concerned and how you may give your consent. You can withdraw your consent for future data processing at all times by using our Consent-Manager-Tool. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website.

Necessary Cookies

In order to enable the use of our website, the use of cookies is necessary. These Cookies are for instance necessary for functioning website navigation. Cookies that are necessary for the use of the website can’t be deactivated. However, you can prevent the storage of Cookies on your computer through appropriate browser settings. We would like to point out that the website might not work properly without the necessary Cookies.

Matomo

We also use the open source web analytics service Matomo (formerly Piwik) in order to analyse and regularly improve the use of our website. The resulting statistics enable us to improve our services and make them more interesting for you as a user.

With Matomo’s technology only anonymized data (e. g. shortened IP-addresses, date and time of the page view, length of stay or the page, from which you accessed our website) is stored or processed. The IP-addresses are anonymized immediately after the collection and before their storage. They do not enable the identification of visitors to our website. Your personal data will not be transmitted to third parties. Matomo also uses so-called “Cookies”.

The legal basis for the use of Matomo is § 25(2) no. 2 TTDSG resp Art. 6(1)(f) GDPR. You have the opportunity to object to the analysis. When accessing our website, a so-called “banner” will be displayed. There, you can prevent the analysis by Matomo by clicking the button “Change Settings” and unchecking the box next to “Analysis”. You can object to the webanalysis for future data processing at all times using our Consent-Manager-Tool or if you click the button “I decline” on the “banner”. In this case, no analysis of the use of the respective website will be conducted afterwards. Instead, a so-called Opt-out Cookie will be placed, which ensures that no usage will be analysed. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website. Should you delete your Cookies, the Opt-out Cookie will be deleted too and you may have to activate it again.

Information on Matomo’s privacy policy can be found here: https://matomo.org/privacy-policy/

Social plugins and sharing functions

On our website we use social plugins from various social networks. With the help of these plugins, you can recommend articles from our website. Other users of the social network can then see that you recommend this post. We aim to promote the recommendation of articles on our websites via social plugins.

To ensure that your use of our websites can only be recorded on the social network if you wish, using the provided button is only possible, once you have consented to the transfer of data. The legal basis for consent is § 25(1) TTDSG resp Art. 6(1)a GDPR. When opening our websites a so-called banner will be displayed. You will be given the opportunity to consent to the processing of personal data by clicking “I agree”. If you click on “Change Settings”, you can give your consent by ticking the box next to “third parties”. In case you do not wish to do so orif you click the button “I decline” on the “banner”, you will be informed about the possible processing of your personal data by the social network through the overlay of information on the display area of the button prior to using the button of each respective social network. Only once you have consented to the processing of data by clicking on the information, you will be able to activate the respective button. You can withdraw your consent for future data processing at all by using our Consent-Manager-Tool. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website. Only after having given your consent a connection to the website of the respective social network will be established and you are asked in a new window to register in the social network, if you are not already registered. In this case, a social network cookie will also be placed on your computer. The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your relevant rights and setting options for the protection of your privacy can be found in the data protection information of the respective networks or websites. We use social plugins and sharing functions of the following social networks:

  • We use the sharing button of the social network facebook.com, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). By using the sharing buttons, the social network receives the information that you have accessed the corresponding page of our website. If you are already logged in to the social network or if you log in to it, it can attribute the visit to your account. If you recommend a post, the relevant information is transmitted directly from your browser to the social network and stored there. You can find the link to Facebook's privacy policy here: https://www.facebook.com/about/privacy/. Facebook also processes your personal data in the USA (please see “Transfer to third countries”).
  • We use the sharing button of the social network Twitter of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland ("Twitter"). The Twitter sharing button is just a link to Twitter. For this reason, accessing our website alone does not provide any data. As with any link, only when you click the button does Twitter know from which website you are coming. The further processing of this information is the sole responsibility of Twitter. You can find the link to Twitter's privacy policy here: https://twitter.com/privacy. Twitter also processes your personal data in the USA (please see “Transfer to third countries”).
  • We also use the WhatsApp sharing button of WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("WhatsApp"). This allows you to easily send content from our website to your WhatsApp contacts. The WhatsApp sharing button is just a link to WhatsApp. For this reason, accessing our website alone does not provide any data. As with any link, only when you click the button does WhatsApp know from which website you are coming. It is the sole responsibility of WhatsApp to process this information. You can find the link to WhatsApp's privacy policy here: https://www.whatsapp.com/legal/#privacy-policy. WhatsApp Inc. also processes your personal data in the USA (please see “Transfer to third countries”).
  • We use the sharing button of the social network LinkedIn which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn). The LinkedIn sharing button is just a link to LinkedIn. For this reason, accessing our website alone does not provide any data. As with any link, only when you click the button does LinkedIn know from which website you are coming. The further processing of this information is the sole responsibility of LinkedIn. You can find the link to LinkedIn's privacy policy here: https://www.linkedin.com/legal/privacy-policy. LinkedIn also processes your personal data in the USA (please see “Transfer to third countries”).
  • We use the sharing button of the social network XING which is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (XING). The XING sharing button is just a link to XING. For this reason, accessing our website alone does not provide any data. As with any link, only when you click the button does XING know from which website you are coming. The further processing of this information is the sole responsibility of XING. You can find the link XING's privacy policy here: https://privacy.xing.com/en. XING also processes your personal data in third countries (please see “Transfer to third countries”).

Display of embedded content of social networks on gdv.de and dieversicherer.de

If you open content posted on social networks through our websites, that content will be retrieved from the respective social network in order to display it. If you activate the content after your prior consent, the social network receives the information that you have accessed the corresponding page of our website. Your IP address, the browser you are using and, if necessary, the operating system are transmitted, as is the case every time you visit a website. If you are registered with the social network or log in, it may be able to associate the visit with your account.

These external contents are all embedded in "extended privacy mode. The transfer of data is only carried out, after you have given us your consent for the transfer. The legal basis for consent is § 25(1) TTDSG resp Art. 6(1)a GDPR. When opening our websites, a so-called banner will be displayed. You will be given the opportunity to consent to the processing of personal data by clicking “I agree”. If you click on “Change Settings”, you can give your consent by ticking the box next to “third parties”. In case you do not wish to do so or if you click the button “I decline” on the “banner”, information on the processing of your personal data will be displayed on the display area of the content when watching the content. Only once you have consented to the processing of data by clicking on the information, you will be able to activate the content. You can withdraw your consent for future data processing at all times by using our Consent-Manager-Tool. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website.

We use content of the following social networks:

  • We use the social network facebook.com, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). You can find the link to Facebook's privacy policy here: https://www.facebook.com/about/privacy/. Facebook also processes your personal data in the USA (please see “Transfer to third countries”).
  • We use the social network Instagram, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). You can find the link to Instagram's privacy policy here: https://help.instagram.com/519522125107875. Instagram also processes your personal data in the USA (please see “Transfer to third countries”).
  • We use the social network Twitter of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland ("Twitter"). You can find the link to Twitter's privacy policy here: https://twitter.com/privacy. Twitter also processes your personal data in the USA (please see “Transfer to third countries”).
  • We use the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn“). You can find the link to LinkedIn’s privacy policy here: https://www.linkedin.com/legal/privacy-policy?src=direct%2Fnone&veh=direct%2Fnone&trk=homepage-basic_footer-about. LinkedIn also processes your personal data in the USA (please see “Transfer to third countries”).

Display of videos

We use services of YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066, USA, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, to display the videos contained on our websites. Therefore, when you open a video sequence, the YouTube website is called up.

These YouTube videos are all in "extended privacy mode", which means that no data about you as a user will be transferred to YouTube if you do not play the videos. The transfer of data is only carried out, after you have given us your consent to the transfer The legal basis for consent is § 25(1) TTDSG resp Art. 6(1)a GDPR. Only then will you be able to start the respective video. When opening our websites a so-called banner will be displayed. You will be given the opportunity to consent to the processing of personal data by clicking “I agree”. If you click on “Change Settings”, you can give your consent by ticking the box next to “third parties”. In case you do not wish to do so or if you click the button “I decline” on the “banner”, information on the processing of your personal data will be displayed on the display area of the video when playing the video. Only once you have consented to the processing of data by clicking on the information, you will be able to start the video. You can withdraw your consent for future data processing at all times by using our Consent-Manager-Tool. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website. If you play the videos after having given your consent, the following data be transmitted:

By opening the video sequence, YouTube receives the information that you have accessed the corresponding subpage of our website. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, the information will be directly associated with your account. If you do not wish the information to be associated with your profile on YouTube, you must log out before opening the video sequence. YouTube stores your data as a user profile and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our websites.

You have the right to object to the creation of these user profiles, though you must contact YouTube to exercise this right.

When you play the YouTube videos included on our websites, YouTube uses DoubleClick by Google to present ads relevant to you. We do not use DoubleClick ourselves. We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. Below we inform you how Google processes your data according to our current state of knowledge:

A cookie used by Google DoubleClick (see also above in the section Cookies) assigns a pseudonymous identification number (ID) to your browser in order to check which ads were displayed in your browser and which ads were called. Google Dynamic Remarketing can also be used when calling up a YouTube video. It is used to serve ads that advertise the products and services you have viewed on other websites. By integrating such functions (e.g. AdWords), Google receives the information that you have called up the corresponding part of our website. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

You can prevent participation in these tracking procedures in various ways:

  • by setting your browser accordingly: in particular the suppression of third party cookies means that you will not receive any ads from third parties, though this setting will be deleted if you delete your cookies;
  • by disabling cookies for conversion tracking by setting your browser at https://www.google.de/settings/ads to block cookies from Google, which will also be deleted if you delete your cookies;
  • by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices; these settings will also be deleted if you delete your cookies;
  • by permanent deactivation using a browser add-on, which you can find at http://www.google.com/settings/ads/plugin for Firefox, Internet Explorer and Google Chrome.

Google also processes your personal data in the USA (please see “Transfer to third countries”). For further information on how Google processes personal data, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en-US.

Display of Graphics

On our websites we make available graphics for viewing and download. The involved processing of personal data is based on Art. 6 (1) (f) GDPR.

We use the service provider 23 degrees GmbH (23 degrees), Tigergasse 3/5, 1080 Wien, Austria. The use is based on our legitimate interests, specifically our interest in the safe and efficient provision of graphics. The graphics are loaded from 23 degrees. In that process your IP address is transmitted to 23 degrees, as is the case every time you visit a website. 23 degrees does not store your IP address. The browser you are using, the name of the requested content, date and time are logged by 23 degrees in log files for statistical purposes to ensure a secure and stable Internet presence. This data has no direct personal reference, i. e. it cannot be assigned to you as a person and is only stored temporarily and not together with other data. When accessing our website, a so-called “banner” will be displayed. In case you do not wish the display of graphics, you can prevent this by clicking the button “I decline”. Alternatively you can prevent the display of graphics by clicking the button “Change Settings” and unchecking the box next to “23 degrees Infographics“. If you want to display individual graphics afterwards, you can unlock them by clicking on the display area of the respective graphic. You can object to the display of graphics for future at all times by using our Consent-Manager-Tool. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website. For further information on how 23 degrees processes personal data please refer to 23 degrees privacy policy: https://app.23degrees.io/privacy-policy

Podcasts on dieversicherer.de

On our website dieversicherer.de we make available podcasts. The involved processing of personal data for providing the podcasts is based on Art. 6 (1) (f) GDPR.

We use the podcast-hosting service Podigee of the service provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded from Podigee or transmitted through Podigee. The use is based on our legitimate interests, specifically our interest in the safe and efficient provision, analyses and optimization of our podcast offers in accordance with § 25 (2) no. 2 TTDSG and Art. 6 (1) (f) GDPR. Podigee processes IP-addresses and information from terminal equipment in order to enable downloads/play back of podcasts and in order to determine statistical data, e.g. call-off figures. These data are anonymized before their storage in Podigee’s databankif they are not necessary for the provision of the podcasts.

For further information and the possibilities to object to the data processing please refer to Podigee’s data protection notice: https://www.podigee.com/de/about/privacy/.

Alternatively, you can listen to the podcasts via a platform. On our website we embedded links to the service providers Apple Music, Deezer, Google Play, Soundcloud and Spotify. Merely accessing our website does not lead to a transfer of any data to these service providers. Only once you have clicked on the link, will the respective service provider learn from which website you are coming – just like with any link. The further processing of this information is the sole responsibility of the service provider. We do not have any influence on the data the service providers collect from you or on their data processing, nor do we have knowledge of the full extent of the data collection, the purposes of the data processing or the retention periods. In particular, the service providers typically store your data as user profiles and process it for the purpose of advertising, market research and customized design of their platforms.

You can find further information on the data processing by the respective service provider in their data protection notices.

Service provider

Data Protection notice

Apple Music

https://www.apple.com/de/legal/privacy/data/de/apple-music/

https://www.apple.com/de/legal/privacy/data/de/apple-music-web/


Deezer

https://www.deezer.com/legal/personal-datas

Google Play

https://policies.google.com/privacy?hl=en-US

Soundcloud

https://soundcloud.com/pages/privacy

Spotify

https://www.spotify.com/de/legal/privacy-policy/

II. Conducting events

For conducting events we process data about title/first and last name, position, company, e-mail address, if necessary, telephone number, login data, registration data, IP-Address, time of submission of a registration, duration of the event and period of participation, time of submission of chat messages and, if applicable, transmitted content for the purposes of conducting and communicating during events.

The legal basis for the processing of these and the following data processing for conducting events is Article 6(1) (f) GDPR.

Registration management

For conducting the registration management of events, we may us Microsoft Forms. For further information please refer to section “IV Recipients or categories of recipients of personal data”.

Polls/Surveys/Questions

Surveys/polls (surveys) can be conducted during the event. The participation is voluntary. Surveys are conducted anonymously, so that neither the organizer nor other participants can see who cast the votes or answers. Survey results are also displayed without any information about the participants. For conducting surveys, we may us Microsoft Forms. For further information please refer to section “IV Recipients or categories of recipients of personal data”. Alternatively, we can also use the product Slido. Slido can also be used to enable you to ask your questions online during an event, with or without your name being mentioned. You will receive the corresponding access data at the beginning of the event. For further information on how Slido processes data, please refer to https://www.slido.com/terms#privacy-policy.

Face to face events

  • Photo and video recordings: GDV may take photo and video recordings during events and use these recordings for public relations and documentation, analog and digital. If this is the case, we will inform you accordingly in our invitation. In these cases, we have a legitimate interest in a contemporary “public reporting” and media work, which includes publication on the internet and on social media platforms. Please see also the information in section “Recording and streaming of events on the internet”.

Online-events

  • Use of cameras and microphones: Camera images of participants are visible during the event if the camera is activated. Comments will be audible to all participants. If you do not want to be heard and/or seen, we would ask you to pose your questions solely through the Chat and to deactivate your camera. Chat messages can be read by all participants, if you address them to all participants. We will not make the Chat history publicly accessible outside of the event.
  • Recording and streaming of events on the internet: Events may be recorded and used for the GDV’s public relations. For this purpose, they may be live-streamed through YouTube, LinkedIn, Twitter and on our website GDV.de. If we intend to record and/or live-stream an event, we will inform you accordingly in our invitation.
  • In these cases, the recording may remain watchable through YouTube, LinkedIn, Twitter and on our website GDV.de after completion of the event. The recordings can be accessed and stored worldwide on the internet when published in such a way. Further processing of the recordings can thus not be ruled out in general. Through the archive function of search machines, recordings may also remain accessible even though the data was already removed from the website of the GDV or the social media platforms.
  • Camera images of participants will only be visible during the live-stream and in the recordings if it was announced in the invitation and the participants activate their cameras. Sound recordings (especially questions) may be audible during the livestream and in the recording. If you do not want others to hear you, we would ask you to pose questions during these events only through the chat and to deactivate your microphone.
  • Streaming and recording only takes place if, by its nature, the event serves to generate publicity for the GDV’s concerns. In these cases, we have a legitimate interest in a contemporary “public reporting” and media work, which includes publication on the internet and on social media platforms.

For the streaming and the publication we use:

  • YouTube, a service of the company YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066, USA, represented by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For further information about the data processing by Google please refer to Google’s data protection notice: https://policies.google.com/privacy?hl=en-US.
  • Twitter, a service of Twitter Inc. represented by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. For further information about the data processing by Twitter please refer to Twitter’s data protection notice: https://twitter.com/en/privacy.
  • LinkedIn, a service of the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For further information about the data processing by LinkedIn please refer to LinkedIn’s data protection notice: https://www.linkedin.com/legal/privacy-policy.

We also use the recordings internally for the optimization of public relations.

Use of service providers for conducting online-events

For conduction online-events we may us Microsoft Teams and Webex. For further information please refer to section “IV Recipients or categories of recipients of personal data”.

III. Conducting the association’s work with Microsoft Forms and Microsoft SharePoint

Purposes of data processing and legal bases

Processing of data about title/first and last name, position, company, e-mail address, login data, IP-Address, time of log-in and log-off, assignment to SharePoint-Groups for managing access rights and, if applicable, transmitted content during collaboration.

Further information can be found in the privacy policy of Microsoft: https://privacy.microsoft.com/en-us/privacystatement.

Surveys/polls

Surveys/polls (surverys) can be conducted with Microsoft Forms. The participation is voluntary. Surveys are conducted anonymously, so that neither the organizer nor other participants can see who cast the votes or answers. In individual cases, it may be necessary to perform surveys using the name. This is only done if it is absolutely necessary for the execution of the survey. Survey results are also displayed without any information about the participants.

Collaboration on documents in SharePoint

Joint editing of documents via SharePoint is voluntary. If you work on documents jointly with GDV and other parties involved in the association's work, such as members of GDV's committees or external experts, your user data (e-mail and user name) and the edits you have made will be visible to the other parties involved. The processing of your user data is also required for managing access authorizations to the respective SharePoint documents. If you are already using Microsoft 365, your status may also be visible to others if submission has not been disabled.

The legal basis for the processing of personal data for conducting the association’s work with Microsoft Forms and Microsoft SharePoint is Article 6(1) (f) GDPR.

IV. Recipients or categories of recipients of personal data

Within GDV, only those persons and units (e.g. departments) will receive your personal data that need the data to fulfil their tasks with regard to the above mentioned purposes mentioned. In the course of our activities, we will also have to transfer some data to external third parties and make use of external service providers. In particular, we may transfer your personal data to the following recipients and categories of recipients:

  • GDV Dienstleistungs-GmbH and other IT and hosting service providers for tasks of the individual departments of GDV
  • telecommunications service providers
  • service providers to support the organisation and execution of events and web-seminars/ online-meetings
  • participants of events and web-seminars/online-meetings

When using Microsoft Teams, Microsoft Forms and Microsoft SharePoint, we use products of Microsoft Ireland Ltd. (“Microsoft”) and concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with Microsoft. It can-not be ruled out that data will be transmitted to the Microsoft Corp. in the USA in this context. Microsoft may also conduct remote maintenance from other third countries. Microsoft has concluded the EU-Commission’s standard data protection clauses with Microsoft Corp. According to Microsoft, the Microsoft Corp. processes data about the use of Teams, Forms and SharePoint for its own business purposes as follows: billing and account management; compensation (e. g. calculation of employee commissions and partnership incentives); internal reporting and modelling (e. g. forecasting, revenue, capacity planning, product strategy); combating fraud, cybercrime or cyber-attacks, which may affect Microsoft or Microsoft products; improving the core functionality with regard to accessibility, data protection or energy efficiency; and financial reporting and compliance with legal obligations (subject to the disclosure limitations described in contractual regulations). Microsoft only processes the data for the aforementioned purposes and explicitly not for user profiling, advertising or similar commercial purposes. With regard to the aforementioned commercial purposes Microsoft determines both, the means and the purposes of the data processing. Microsoft regards itself as the solely responsible entity for ensuring compliance with all applicable laws and the fulfilment of the obligations. Further information can be found in the privacy policy of Microsoft: https://privacy.microsoft.com/en-us/privacystatement.

When using Webex, we use products of Telekom Deutschland GmbH ("Telekom") and concluded a data processing agreement in accordance with Art. 28 GDPR with Telekom. It cannot be ruled out that data will be transmitted to Cisco International Limited in the USA in this context. Telekom has concluded the EU-Commission’s standard data protection clauses with Cisco International Limited. User data, shared screen content and recordings of meetings are processed exclusively on IT systems in the EU. According to Telekom, Cisco International Limited only processes data for billing purposes (host name, meeting URL, start/end of meeting) or for service analysis purposes (client telemetry data: Hardware type, operating system type and version, client version, IP addresses along the network path, endpoint MAC address (if applicable), service version, meeting session information (title, date and time, frequency, average and actual duration, number, quality, network activity and network connectivity), number of sessions, number of screen sharing and non-screen sharing sessions, number of participants, host name, screen resolution, performance, troubleshooting and diagnostic information) in the United States. In individual cases, if maintenance/service by Telekom was unsuccessful, remote maintenance access may be provided from the USA. Further information about Webex can be found in the online privacy statement of Cisco: https://www.cisco.com/c/en_uk/about/legal/privacy-full.html and in the privacy policy of Telekom: https://konferenzen.telekom.de/rechtliches/webex-datenschutz/

V. Transfer to third countries

Insofaras personal data is transferred to a country that is neither a member state of the European Union nor a signatory state to the agreement on the European Economic Area (third country) in accordance with this data protection notice, the transferral will be conducted, as far as possible, on the basis of the European Commission’s adequacy decisions or standard data protection clauses. When using standard data protection clauses, we will endeavour to implement additional measures for the protection of your personal data if necessary.

VI. Duration of data storage

We delete your personal data as soon as they are no longer required for the above-mentioned purposes. It may occur that personal data will be stored for the period during which claims can be asserted against GDV (statutory limitation period of three up to thirty years). In addition, we will store your personal data if we are legally obliged to do so. Corresponding documentation and storage obligations arise, inter alia, from the German Commercial Code and Tax Code. The storage periods in accordance therewith are up to ten years. If necessary, we will be pleased to provide you further information on the duration of data storage with respect to any specific purpose.

VII. Your rights

If we process your data to protect legitimate interests, you may object to such processing for reasons relating to your particular situation. We will then no longer process your personal data unless we can document compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

We use a Consent-Manager-Tool on our websites, through which you can give and withdraw your consent for data processing when using Google Maps, social plugins, sharing-features, embedded content and when displaying videos and through which you can decide about the performance of webanalysis. You can access the Consent-Manager-Tool at any time via the "Privacy settings" icon displayed at the bottom left of the website.

You can request information about the data stored by us at any time. Please contact the data protection officer at GDV by e-mail (datenschutz@gdv.de) or by post to the controller’s above address.

You may also request that your data be corrected or deleted under certain circumstances. As soon as you assert a claim for deletion or if the data are no longer necessary to fulfil the purpose for which they were stored or if the storage thereof is inadmissible for other legal reasons, we will delete the personal data you have stored. You may also have the right to restrict the processing of your data and to have the data you provide disclosed in a structured, common and machine-readable format.

You have the option to contact the aforementioned data protection officer or a data protection supervisory authority with a complaint. The data protection supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

Back to homepage