We consider your privacy and the protection of your data a very important matter, and we do our best to comply with the regulations in this field. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR).
The following privacy policy provides indications regarding your privacy rights and how we handle data in our activities.
Definitions
This privacy policy is using the terms of the European legislator for the adoption of the General Data Protection Regulation (GDPR), as defined below:
- Personal data: personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject: data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
- Processing: processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Data controller or controller responsible for the processing: the data controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Who we are
The data controller for all purposes related to data protection is:
TAFISA
c/o Commerzbank, Filiale Höchst
Hostatostraße 2
D-65929 Frankfurt am Main
Germany
Email: info@tafisa.org
Tel: +49 (0) 69 973 935 99 0
Fax: +49 (0) 69 973 935 99 5
Collection of data and information
Our website does not require the provision of any personal data to be used. In common with most websites, our website logs various information about visitors, including internet protocol (IP) addresses, browser type, internet service provider (ISP) information, referring / exit pages and date / time stamp. We may use this information to analyse trends, administer the website, track your movement around the website and gather broad demographic information.
We also collect data when you actively register for specific events that we organise or that are organised on our behalf. In such cases, the use we make of this data shall be appropriately related to the specific event you have registered for. In all situations where your data is collected, it allows us to carry out our work and facilitate the provision of services to you in direct relation to our mutual relationship.
Disclosure of information
We do not disclose your personal information unless you have given express consent to share it with an identified third party, or we are required to do so by law. We do not sell, trade or rent your personal information to others.
Transferring your personal information internationally
The personal information we collect may be transferred to and stored in countries outside of the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third party processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws.
Subscription to newsletters
We regularly make use of our newsletter to inform you about the latest and upcoming events and activities related to our work. You may subscribe to our newsletter through our website, and both the subscription process and data collection to allow the sending of newsletter is managed by the third-party MailChimp®. The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time, through a link to unsubscribe accessible at the bottom of each newsletter. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. It is also possible to unsubscribe from the newsletter at any time by communicating directly with us.
Storage duration of your personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage. The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you, however, we will only hold your information for as long as is necessary or where you ask us to delete records we may delete it earlier. In some cases, personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual practice and regulatory requirements.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address, by contacting us.
Your rights regarding data protection and personal information
You have the following rights in relation to your personal information:
- the right to be informed about how your personal information is being used;
- the right to access the personal information we hold about you;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the erasure of your personal information in certain limited circumstances;
- the right to restrict processing of your personal information where certain requirements are met;
- the right to object to the processing of your personal information;
- the right to request that we transfer elements of your data to you or another service provider;
- the right to object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
To exercise any of your rights, or if you have any questions relating to your rights, please contact us.
Data protection provisions about the use of PayPal
Paypal process payments membership fees from our website. Neither us or PayPal retain any financial information you may submit as part of the payment process. PayPal monitors every transaction to prevent fraud, email phishing and identity theft. Every transaction is heavily guarded behind PayPal’s advanced encryption. If something appears suspicious, their dedicated team of security specialists will identify suspicious activity and help protect you from fraudulent transactions. PayPal or TAFISA will never ask for any sensitive information. Your data as mentioned below is encrypted before transmission to prevent misuse of the transmitted data by third parties. SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted so that is only readable by the PayPal payment system. Your data which is encrypted, is as follows:
- personal data (address data, telephone number, etc.)
- login data (username and password)
- all methods of payment selected, credit card and bank account
Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our organisation is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our organisation and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our organisation or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. They considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
Legitimate interests by controller or third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.
Provision of personal data as statutory or contractual requirement; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our organisation signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
Security
We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of it. Unfortunately, no information transmission over the Internet is guaranteed 100% secure nor is any storage of information always 100% secure, but we do take all appropriate steps to protect the security of your personal information.
Changes to our privacy policy
We may update this privacy policy from time to time. Any changes we may make to this privacy policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes and should you object to any alteration, please contact us.
TAFISA welcomes your enquiries and feedback, and can be reached via the details below.
TAFISA OFFICE
TAFISA
c/o Commerzbank / Filiale Höchst
Hostatostrasse 2
65929 Frankfurt Höchst
Germany