In the following, we describe how personal data is processed in the context of our web pages, functions and contents as well as external offers (such as social media). We also describe which types of personal data are processed, to what extent and for what purpose.
Name and address of the data processor
The jointly responsible parties within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law are:
Dr. Stefan Silvestrini
Im Stadtwald, Building C5.3
Zentrum für universitäre Weiterbildung ZUW, Universität Bern
Dr. Christina Cuonz
Postfach, 3001 Bern
General information on data processing
2.1. Scope of the processing of personal data
When you contact us as a customer or interested party, we collect personal data. This happens if you are interested in our products or register for newsletters, contact us by e-mail or telephone or if you use our products and services in the context of existing business relationships.
In this context, we process your personal data, e.g. first and last name, Title, address, e-mail address, telephone number.
In addition, we process contractual data (subject matter of contract, term, customer category) payment data (bank details, payment history) of our customers, interested parties and business partners for the purpose of providing contractual services and for service and customer care.
In addition, we process the following personal data for marketing, evaluation, and advertising purposes: nationality, gender, date of birth, sector of interest, employer, type of organisation, year of participation, how did you first learn about IPDET, previous IPDET attendance, reasons for applying, previous knowledge.
2.2. Legal basis for the processing of personal data
If the processing of personal data is based on the consent of the data subject, Article 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. If personal data are processed in order to fulfil a contract with the data subject, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If we process personal data in order to fulfil a legal obligation, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If we process data to safeguard the legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject are not more important, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
2.3. Cooperation with data processors and third party countries
If, in the course of our processing, we disclose data to other persons and companies (contract processors or third parties), transfer them to them or grant them access to the data, this will only be done on the basis of a legal permit (e.g. a transfer to payment service providers pursuant to Art. 6 Para. 1 lit. b GDPR required for the performance of a contract), a consent, a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosts). If we commission third parties to process data on the basis of a so-called “contract processing agreement”, this is done on the basis of Art. 28 GDPR.
2.4. Transfers to third party countries
If we process data in a third party country (i.e. outside the European Union or the European Economic Area) or if this is done in the context of the use of third party services, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of consent, a legal obligation or on the basis of our legitimate interests. We process data subject to legal or contractual permissions only if the requirements of Art. 44 to Art. 50 GDPR are met: Data will therefore only be processed if, for example, special guarantees exist, such as official recognition of a data protection level corresponding to the EU (e.g. “Privacy Shield”) or observance of officially recognised contractual obligations (so-called standard contractual clauses).
2.5. Data deletion and storage duration
As soon as the purpose of storage no longer applies, personal data of a data subject are deleted or their processing restricted (“blocked”). If European or national regulations, laws or other provisions to which we are subject require longer retention, the personal data will be stored in accordance with these legal provisions for longer than the original purpose intended.
2.6. Data deletion in case of revocation
All data recorded until revocation will be deleted immediately – except where required by law.
Data subjects rights
You have the right to gain access to the stored personal data.
You can obtain information about your stored data from us at any time (in accordance with Art. 15 GDPR).
You have the right to correction.
You can obtain the correction of your data (in accordance with Art. 16 GDPR).
You have the right to deletion.
You may request that your data be deleted (in accordance with Art. 17 GDPR) or restricted (in accordance with Art. 18 GDPR).
You have the right to data transfer.
You may receive personal data that you have provided to us in a transferable format (in accordance to Art. 20 GDPR).
You have the right to appeal.
You have the right to file a complaint with the competent supervisory authority (in accordance to Art. 77 GDPR).
Data collection on our website
4.1. Server and logfiles
Our hosting provider collects the following data for statistical evaluations: IP address of your computer at the time of access, date, time, content accessed, the page from which you reached our homepage, operating system and browser.
On our website you will find one or more e-mail addresses where you can get in touch with us. We store the personal data transmitted with the e-mail. We process the data only for contacting you. The following data is collected: E-mail address, company, title, surname, first name, telephone number, and date and reason of contact. Legal basis for the processing of the data, which you transmit to us by mail, is a (pre)contractual obligation and/or your consent by the transmission of your data for the purpose of the establishment of contact. You can revoke this consent at any time with effect for the future (informally by e-mail or post).
4.3. Registration for IPDET program
On our website you can fill in a registration form for the IPDET program. We store the transmitted data from the input mask. We process the data only for the registration process with you. The data which is collected you can read in the registration form, Step 2 “Data Processing Agreement”. The legal basis for the processing of the data that you transmit to us via the registration form is a (pre)contractual obligation or your consent by transmitting your data for the purpose of registration. You can revoke this consent at any time with effect for the future (informally by e-mail or post).
Registration is required for registration. The registration serves exclusively the access to the registration form of the program. In the course of the registration e-mail address, password, title, surname, middle name, first name are recorded and stored for the purpose of registration.
Analysis and online marketing
5.1. Double Click Ad Exchange
Social Media: Online appearances and plug-ins
Online presences in social media
We maintain online presences in social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
6.1. Facebook social plug-ins
As part of our legitimate interest in the analysis, optimisation and economic operation of our online services, we use social plug-ins (short “plug-ins”) of the social network facebook.com, which operates Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (short “Facebook”). The plug-ins can be interaction elements or content (e.g. graphics, text contributions) and can be recognised by one of the Facebook logos or marked with the addition “Facebook Social Plugin”. The list and the appearance of the plug-ins can be found here: https://developers.facebook.com/docs/plugins/
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user calls a function of this online service that contains such a plug-in, his device establishes a direct connection with Facebook servers. We cannot influence the amount of data that Facebook collects with this plug-in. Facebook transmits the content of the plug-in directly to the user’s device. This enables the creation of user profiles, since Facebook learns that a user has called up the corresponding page of the online service. If the user is logged in to Facebook, Facebook can assign the visit to the user’s Facebook account. If a user interacts with the plug-ins (e.g. pressing the Like button), the corresponding information is transmitted directly to Facebook and stored there. Even if a user is not a member of Facebook, it is possible for Facebook to find out and store the corresponding IP address.
If a Facebook member does not want Facebook to collect information about them through our online service and link it to their Facebook member information, they must log out of Facebook and delete their cookies before using our online service. You can make further settings via one of the following pages: https://www.facebook.com/settings?tab=ads, http://www.aboutads.info/choices/ (US site), http://www.youronlinechoices.com/ (EU site). The settings are platform-independent, i.e. they are applied to all devices.
6.2. Twitter plug-ins
SERVICES, TOOLS AND CONTENTS OF THIRD PARTIES
We use content or services offered by third parties in order to integrate their content and services (e.g. maps or fonts, hereinafter referred to as “Content”). The prerequisite for this is that the third party providers use your IP address. We make every effort to use only content whose providers use the IP address only to deliver the content.
Contacting the data protection officer
Our companies have data protection officers. You can reach her/him/them at the following e-mail addresses: email@example.com.