I. Name and address of the responsible person
The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is the:
Digital Lending Association e.V.
Leipziger Straße 124
Landline: 030 9485 4660
II. Your data subject rights
If your personal data is processed, you are a data subject within the meaning of the GDPR, and you are entitled to the following rights vis-à-vis the controller. These include in particular:
- Right of access by the data subject (Art. 15 GDPR);
- Right to rectification (Art. 16 GDPR);
- Right to erasure(Art. 17 GDPR);
- Right to restriction of processing (Art. 18 GDPR);
- Right to data portability (Art. 20 GDPR);
- Right to object to processing (Art. 21 GDPR);
- Right to lodge a complaint with the competent supervisory authority (Art. 57(1)(f) GDPR).
Submit your legal request in writing or via your (verified) e-mail address using the contact details provided under point I. above.
III. Right of Complaint
You have a general right of complaint. The competent supervisory authority for complaints regarding data processing is the Berlin State Data Protection Commissioner.
IV. Right of revocation for consent
If the data processing is based on consent, these consents can be revoked at any time with effect for the future in accordance with Art. 21 GDPR. Submit your revocation of your consent in writing or via your (verified) e-mail address using the contact details provided here.
V. General information on data processing
- Scope of the processing of personal data
As a matter of principle, we process personal data of our users only to the extent that this is necessary for the provision of a functional website, as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.
- Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) a) GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) f) GDPR serves as the legal basis for the processing.
- Data deletion and storage period
The personal data of the data subject will be deleted or restricted as soon as the purpose of storage ceases to apply. Unless the responsible party is obligated to store data beyond this due to a European or national regulation. Data will also be restricted or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
VI. Website visit and log files
- Description and scope of data processing
Each time our website is accessed, our system automatically and anonymously collects data and information from the computer system of the accessing computer.
The following data is collected in this process:
a) the current IP address of the Internet connection you are using;
b) the name of your Internet access provider in anonymized form (only to determine the location of the access);
c) the operating system you are using, the browser name (e.g. Internet Explorer, Firefox, etc.), the browser version and the type of device you are using;
d) if you visit our website via a link, the page from which you visit us;
e) the specific page you are visiting within our website;
f) the date and time of your visit;
g) the amount of data transferred;
h) web pages that are accessed by the user’s system via our website.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
- Our website uses the following services:
- 1&1 WebAnalytics: Our website uses the analysis tool „1&1 WebAnalytics“ from 1&1 Internet SE. This evaluates the log files of the server with regard to the following data:
- Referrer (previously visited website);
- Requested website or file;
- Browser type and version;
- Operating system used;
- Device type used;
- Time of access; and
- IP address in anonymized form (only to determine the location of access).
- Statify: Statify does not process or store personal data such as IP addresses. Statify counts visits to the website, not visitors. A database table created in the local WordPress installation consists of only 4 fields (ID, date, origin, destination) and can be viewed, cleaned up and cleared at any time by the administrator.
- Plugin Antispam Bee: The plug-in Antispam Bee is an open-source software is developed in Germany and Switzerland. The plug-in is used to prevent spam in the comments under the posts. The plug-in can filter out which comment was set by a real human or a spam bot and automatically block spam comments. The plug-in does not collect user data (e.g. IP address). More information about the Antispam Bee plug-in is available here: https://github.com/pluginkollektiv/antispam-bee, https://wordpress.org/plugins/antispam-bee/.
- Contact Form 7: The Contact Form 7 plugin is a service for creating contact forms. The Contact Form plug-in is only used to forward entered form data to our company’s e-mail address. Additional storage, e.g. in the WordPress database, does not take place. Further information and the applicable data protection provisions of Contact Form can be found at https://de.wordpress.org/plugins/contact-form-7/ and https://rocklobster.in/. Contact Form is open source software. The communication between browser and server is done exclusively by HTTPS (SSL/TLS) encryption.
- Facebook, Google+, Pinterest, LinkedIn, Reddit, Twitter and Tumblr plugins:
So-called social plugins („plugins“) from the social networks Facebook, Google+, Pinterest, LinkedIn, Reddit and the microblogging services Twitter and Tumblr are used on our website. These services are offered by the companies Facebook Inc, Google Inc, Pinterest Inc, LinkedIn Corporation, Twitter Inc and Tumblr Inc (each a „Provider“).
Facebook is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA („Facebook“).
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“).
Pinterest is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA („Pinterest“).
LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA („LinkedIn“).
Reddit is operated by Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, USA („Reddit“).
Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA („Twitter“).
Tumblr is operated by Tumblr, Inc, 35 East 21st St, 10th Floor, New York, NY 10010, USA („Tumblr“).
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook, Google, Pinterest, LinkedIn, Reddit or Twitter or Tumblr. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the respective provider in the USA and stored there.
If you are logged in to one of the services, the providers can directly assign your visit to our website to your profile on Facebook, Google+, Pinterest, LinkedIn, Reddit or Twitter or Tumblr. If you interact with the plugins, for example by clicking the „Like“, the „+1“, the „Pint it“, the „Recommend“ button, the „Reddit“ button or the „Tweet“ button and the Tumblr button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information will also be published on the social network or on your Twitter account or Tumblr account and displayed there to your contacts.
For the purpose and scope of the data collection and the further processing and use of the data by the providers, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy notices of the providers.
Privacy notice from LinkedIn:
Privacy notice from Reddti:
Privacy notice from Twitter:
Privacy notice of Tumblr:
If you do not want Facebook, Google, Pinterest, LinkedIn, Reddit, Twitter or Tumblr to directly assign the data collected via our website to your profile on the respective service, you must log out of the corresponding service before visiting our website.
You can also completely prevent the loading of the plugins with add-ons for your browser, e.g. with the script blocker „NoScript“ (http://noscript.net/).
- Legal basis for data processingThe legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f GDPR.
- Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the anonymized IP address of the user must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
- Duration of storage
Our web provider 1&1 stores anonymized visitor data for eight weeks.Statify stores the data for a limited period (default: two weeks), longer intervals can be set as an option in the dashboard. Data older than the set period is deleted by a daily cronjob.
- Objection and erasure option.The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
- Description and scope of data processing
Our website uses only one technically necessary cookie. Cookies are small text files that are stored on your terminal device (laptop, tablet, smartphone or similar) when you visit our website.
Cookies cannot be used to launch programs or transfer viruses to a computer. However, the information contained in Cookies can help to facilitate navigation and enable the correct display of a website.
We only use a so-called “session cookie”. This is technically necessary, as it ensures correct functionality of the system and allows us to administer the website. It does not provide the possibility for tracking, nor does it serve analysis, marketing or other purposes beyond the functionality of the website. It expires at the end of the session and therefore cannot support the storage of data beyond a session. Under no circumstances will data be passed on to third parties or linked to personal data without your consent.
Our website uses the following cookies:
|WordPress Test Cookie||Checks if your web browser allows or rejects cookies||WordPress||Session|
Our website uses the following services:
- Customize cookie notice
- Users can be redirected to a page with more information about cookies
- Multiple cookie expiry options
- Option to have the user accept a cookie by scrolling
- Option to set a scroll offset
- Option to reject functional cookies
- Option to have the user revoke consent
- Option to manually block scripts
- Option to reload the page after accepting cookies
- Choose the positioning of the cookie message box
- Animation of the message box after the cookie is accepted
- Selection of button style between None, WordPress and Bootstrap
- Set text and bar background color
- WPML and Polylang compatible
- SEO friendly
- .pot file included for translations
- Legal basis for the data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.
- Purpose of the processing
The purpose of using our one technically necessary cookie is to simplify the use of the website for users, to ensure the correct functionality of the system and the administration of the website.
- Storage period and cookies used
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
- Opera: http://www.opera.com/de/help
- Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter.
We use the double opt-in procedure to ensure that the newsletter is sent with your consent. In the course of this, the potential recipient allows himself to be included in a distribution list. Subsequently, the user receives through a confirmation e-mail the possibility to confirm the registration in a legally secure way.
Only if the confirmation is made, the address will be actively included in the distribution list.
We use this data exclusively for sending the requested information and offers.
Newsletter2Go is used as the newsletter software. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue GmbH is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
You can find more information here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the „unsubscribe“ link in the newsletter.
- Description and scope of data processing
It is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
- Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 S.1 lit. A) GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 S.1 lit. F) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 S.1 lit. b) GDPR.
- Purpose of the data processing
The processing of personal data from the contact serves us solely to process the contact.
- Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and no other legal obligations, e. g. record-keeping or retention obligations, stand in the way of deletion.
For personal data sent by e-mail, this is the case, subject to conflicting legal retention periods, when the respective conversation with the user has ended. The conversation shall be deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
- Objection and erasure possibility
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. For the revocation of consent and the objection to storage, an e-mail is sufficient. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case. If legal storage obligations or other legal obligations prevent the deletion, the data will be deleted at the end of this legal obligation.
- Data security
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
When you register for our events, we generally collect the following information about you: academic title, first name, last name, company, department, position, street and house number or post office box, telephone, e-mail address, membership in the VdK. Mandatory information is marked as such, the remaining information is voluntary. We use this information to fulfill the contract concluded with you and to be able to carry out the event. The legal basis is Art. 6 para. 1 lit. b) GDPR or, if you provide us with more than the mandatory fields, Art. 6 para. 1 lit. a GDPR.
In addition, we make photo and/or film recordings at our events. The production and their subsequent publication/use, among other things, on/in the website of the VdK, the social media channels, print/online ads and banners of the VdK, videos of the VdK, the playback on video screens is done for information and documentation purposes.
The legal basis for the processing of your personal data is our legitimate interest (Art. 6 para.1 p.1 lit. f, 85 para. 1 GDPR in conjunction with §§ 22, 23 KUG) in the production and publication of photos/videos of the event for information and documentation purposes, in particular to present the performance and education portfolio of the association, for member information, retention and recruitment.
Your rights will be appropriately taken into account in the production and publication of the photos/videos. Therefore, we generally limit ourselves to taking photos/videos of larger groups of people and refrain from taking portrait photos of individual event participants without prior consultation. Before publication, the photos are checked. Pictures that could have a defamatory effect will not be published.
If you do not agree to the production of a photo in an individual case, a short note to the photographer is sufficient. After publication, you can object to the further publication of photos in which you are depicted at any time. To do so, please contact the address mentioned under point I. above. The photos will then be immediately removed from the relevant platform(s) and deleted.
The photos/videos of the event will be stored on the internal association media database for 5 years and then deleted.
In principle, the images will not be passed on to third parties. However, we reserve the right to carry out the provision on the Internet using an appropriate order processor. In addition, we would like to point out that when information is made available on the Internet, it cannot be ruled out that the images may be stored and otherwise used by third parties. Should you become aware of such third-party use, we will be happy to support you with the information available to us in any legal action.
XI. Participant management at events
As a matter of principle, your data will not be transferred to third parties unless we are legally obliged to do so or the transfer of data is necessary for the performance of the contractual relationship or you have previously given your express consent to the transfer of your data.
We also reserve the right to pass on your personal data (surname, first name, position, company) in the form of a guest list to cooperation partners for documentation purposes (legal basis Art. 6 para. 1 lit. f GDPR).
External service providers and partner companies such as online event managers, online payment providers or the shipping company commissioned with the delivery will only receive your data insofar as this is necessary to process your order. Insofar as our service providers come into contact with your personal data, we ensure within the framework of order processing pursuant to Art. 28 GDPR that they comply with the provisions of data protection laws in the same manner. Please also note the respective Data protection information of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with legal requirements within the scope of reasonableness.
XII. Changes to our data protection policy
We reserve the right to adapt this data protection statement so that it always complies with the current legal requirements or to implement changes to our services in the data protection statement, e.g. when introducing new services. The new data protection statement will then apply to your next visit to our website.