EELA Privacy Statement
The protection of personal data is highly important to EELA. This Privacy Statement serves to inform visitors to the website of EELA about the processing of personal data (hereinafter also “Data”) that takes place on the website of EELA subject to the applicable data protection laws, in particular Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”).
1. Controller of data processing
EELA is the controller of the lawful processing of Users’ personal data.
2. Data processed and purposes of processing
2.1 Usage data
When the website of EELA is accessed, the servers of EELA automatically store certain data of the accessing system. This includes the type of browser used, the browser version, the operating system used, the website from which the website of EELA is accessed, the controlled subpages of the website of EELA, the date and time of access, the internet protocol address (IP address), the internet service provider and data comparable with such data.
EELA uses this data to make the website available, to detect and remove possibly occurring technical problems and to prevent and, if need be, prosecute any abuse of the services of EELA. EELA also uses this data in anonymised form, i.e. without being able to identify the user, for statistical purposes and in order to improve the website. The legal basis for processing personal usage data is Article 6(1), first subparagraph, point (f) GDPR.
2.2 Application data
If a User applies for EELA membership via the website, he/she has to submit certain information (e.g. name, e-mail address). EELA needs this data to check the eligibility of the applicant, set up and manage membership accounts, identify authorized Users and to be able to offer the User the functions desired. The legal basis for processing the data outlined above is Article 6(1), first subparagraph, point (b) GDPR.
2.3 Use of cookies
The website of EELA uses cookies. Cookies are small text files that are stored on the User’s data carrier and exchange certain settings and data with the system of EELA via the browser. A cookie normally contains the name of the domain from which the cookie data are sent and information on the age of the cookie and an alphanumerical identifier. Cookies enable EELA to design the website attractively to the User and also facilitate use by, for example, storing certain input such that it need not be entered repeatedly. The information stored in the cookies is not used to identify the User and is not combined with other personal data stored about the User. The legal basis for processing personal data is Article 6(1), first subparagraph, point (f) GDPR.
Users may deactivate or restrict the transfer of cookies by changing the settings on the internet browser. Cookies already stored may be erased at any time. This may also be done by automatic means. Should cookies for the website of EELA be deactivated, it may be the case that not all functions of the website can be fully used.
2.4 Google Analytics
The website of EELA also uses functions of the web analysis service Google Analytics provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google Analytics likewise uses cookies. The information generated by the cookie about the use of this website is as a rule transmitted to a Google server in the USA where it is stored.
The website of EELA uses Google Analytics with the additional component “anonymize IP”. This means that the IP address of the User collected by the Google Analytics cookie will be shortened by Google beforehand within Member States of the European Union or in other signatory states of the Treaty on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google is certified under the EU-US Privacy Shield Program.
Google uses the information generated by the Google Analytics cookie on behalf of EELA in order to evaluate the use of the website, prepare reports on the website activities and to provide EELA with additional services associated with the use of the website and the internet. The IP address transmitted by the browser of the accessing system as part of Google Analytics will not be combined with other Google data. More detailed information on the conditions of use and data protection is available at http://www.google.com/analytics/terms/de.html or at http://www.google.com/intl/de/analytics/privacy- overview.html. The legal basis for processing personal data by using cookies is Article 6(1), first subparagraph, point (f) GDPR.
3. Transfer of data to externals
EELA receives assistance from outside service providers for certain technical data analysis, processing or storage processes (e.g. to obtain aggregated, non-personal statistics from data bases or for the storage of backup copies). These service providers are carefully selected and meet high data protection and data security standards. They are obligated to maintain strict confidentiality and process personal data only when commissioned to do so by EELA and according to EELA’s instructions. The legal basis for the involvement of such service providers is Article 28 GDPR.
EELA cooperates with companies and other entities which provide specialized expertise with regard to special areas (e.g. tax consultants, legal counsel, accounting firms, conference organizers). These entities are either legally or contractually obliged to maintain confidentiality. If a transmission of personal data to these entities is necessary, the legal basis is, depending on the respective kind of cooperation, Article 6(1) first subparagraph 1 point (b) or, (f) GDPR.
Except in the cases set out in this Privacy Statement, EELA only transfers data to third parties without the User’s explicit consent if so obliged by law or by administrative or judicial directive.
4. Storage period
Usage data will be stored for a period of three months, in case of EELA members until one year after the termination of the membership, as far as all membership fees are duly paid. The data outlined above will otherwise be erased once it is no longer required for the described purposes, provided statutory provisions do not stipulate a longer retention period.
5. Rights of the Users
Users requesting detailed information on the processing of personal data concerning them may contact EELA at any time. They may also ask to receive in structured, commonly used and machine-readable format the data which they have provided to EELA or for such data to be transferred to a third party. Should the Users establish that the data stored about them is incorrect or incomplete, they may at any time require the immediate rectification or completion of such data. Subject to the preconditions set out in Articles 17 and 18 GDPR, the User may also require the erasure or restriction of processing of personal data. Users also have the right to lodge a complaint with the competent supervisory authority for EELA.
6. Contact information
The User may contact EELA at any time regarding questions concerning EELA’s processing of personal data and the exercise of rights to which the User is entitled against such processing. To do so it is sufficient to contact info@eela.org.