Data protection declaration / duty to provide information according to § 5 TMG & Art. 13/14 GDPR
At ENFSI e.V., we believe the protection of personal data involves far more than just complying with legislation. We are therefore happy that you are interested in how we handle personal data.
We always process personal data such as a person’s name, address, e-mail address, or phone number in accordance with applicable privacy law.
With this privacy notice, we would like to inform everyone about the nature, scope, and purpose of the personal data that we collect, use, and process. Furthermore, we would like to explain to the persons concerned the rights to which they are entitled.
ENFSI e.V. has implemented numerous technical and organizational measures to ensure that the personal data processed via this Web site is protected as comprehensively as possible.
Despite the care we take, Internet-based data transmission is vulnerable to security flaws and, consequently, absolute protection can never be guaranteed. For this reason, you of course have the option of transmitting your personal data by alternative means, for example, by telephone or post.
Name, Address, and Contact Details of the Entity Responsible
Represented by the members of the board:
Pinelopi Miniati, Dorijan Kerzan, Stefan Becker
Privacy Officer Contact Details
The Privacy Officer for the data controller is:
DDI – Deutsches Datenschutz Institut GmbH
You can contact our Privacy Officer by sending a letter to the attention of “Privacy Officer” at the address above or by sending an e-mail to: email@example.com
Purposes and Legal Grounds for Processing Data – When Visiting Our Web Site in General
Should you use our Web site purely for informational purposes, not register yourself, or convey information to us in some other way (e.g. by e-mail), we will only collect the data that your browser transfers to our server (“server log files”). This data is processed in accordance with GDPR art. 6(1)(f) on the basis of our legitimate interest in improving the stability and functionality of our Web site. This data is not used in any other way and in no way shared with third parties. However, we do reserve the right to analyze log files at a later date if there are reasons to suspect unlawful usage.
Purposes and Legal Grounds for Processing Data – Contact Form
When you contact us (e.g. using our contact form or by e-mail), we collect personal data. This data is stored and used exclusively for the purposes of answering your inquiry and for the associated technological administration. Our legitimate interest in responding to your inquiry forms the legal grounds for processing this data, in accordance with GDPR art. 6(1)(f). If you contact us for the purpose of entering into a contract, there are additional legal grounds for processing provided in GDPR art. 6(1)(b). Your data will be erased once your inquiry has been conclusively resolved. This is the case if it can be assumed that the relevant matter has been completely resolved and if there are no statutory retention periods barring us from erasing the data.
Purposes and Legal Grounds for Processing Data – Comment Function
When using the comment function on this Web site, details about the time you wrote the comment and the user name you have selected will be stored and published on the Web site alongside the comment. Furthermore, your IP address will also be recorded and stored. We store your IP address for security reasons and in case a comment that is left violates third-party rights or leads to illicit content being posted. The legal grounds for storing your data are provided in GDPR art. 6(1)(b) and (f). We reserve the right to delete comments if third parties contend that they are unlawful or harmful.
Purposes and Legal Grounds for Processing Data – Newsletter Function
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: “CleverReach”). CleverReach is a service with which the newsletter dispatch can be organised and analysed. The data you enter for the purpose of receiving newsletters (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland.
We use the double opt-in method to send out our newsletter. This means that we will only send you an e-mail newsletter if you have explicitly confirmed that you give your consent to us sending newsletters. We will then send you a confirmation e-mail asking you to confirm your desire to receive future newsletters by clicking on a corresponding a link.
By clicking on the confirmation link, you grant us permission to use your personal data in accordance with GDPR art. 6(1)(a). When you register for our newsletter, we save the IP address assigned by your Internet service provider (ISP) along with the date and time of registration so that we can trace any misuse of your e-mail address at a later point in time. The data that we collect when you register for the newsletter is used exclusively for promotional purposes in the form of our newsletter.
Our newsletters sent with CleverReach allow us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. For more information on data analysis through CleverReach newsletters, please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
You can unsubscribe from the newsletter at any time by using the link provided for this in every newsletter. When you unsubscribe, your e-mail address will be immediately deleted from our newsletter mailing list, provided that you have not given your explicit consent to us continuing to use your data or that we do not reserve the right to use the data beyond the given scope in a manner legally allowed and about which we inform you in this notice.
After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to the data protection provisions of CleverReach at: https://www.cleverreach.com/de/datenschutz/.
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Purposes and Legal Grounds for Processing Data – Software ChemoRe
This website uses CleverReach to register for the download of the ChemoRe software. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: “CleverReach”). The software ChemoRe is a free software environment for statistical calculations and graphics. In addition, instructions for the installation of the software as well as for its operation are provided. The data will only be processed for this purpose on the basis of your consent (Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time with effect for the future.
Recipients or Categories of Recipients
providers, IT service providers, Google Inc.
Transfer to Non-EU/EEA Country
The controller processes and stores the data subject’s personal data only for the period of time required to achieve the purpose for which it is stored or only if the controller is required to store data on account of legislation or regulations that are passed by European Union legislators and regulators, or other legislators, and the controller is subject to this legislation or these regulations.
Should there no longer be any reason to store the data or if a retention period prescribed by a European Union directive or regulation or by other relevant law expires, the personal data will be restricted from processing or deleted as a matter of routine and in accordance with statutory regulations.
Notice of Right to Object When Consent Is Selected as Legal Grounds
You have the right at any time to withdraw any consent given to the processing of your data. If you withdraw your consent, we will immediately delete the data concerned, provided there are no other legal grounds to support further processing. If you withdraw your consent, it will not affect the legality of the processing operations conducted until the time of the withdrawal.
Right to Complain to Data Protection Supervisory Authority
If you believe that the processing of your personal data violates the GDPR, GDPR art. 77 provides you the option of filing a complaint with the Privacy Officer named above or with a supervisory authority for data protection. The supervisory authority with jurisdiction over us is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Notice About Profiling and Scoring
Profiling and scoring does not take place.
Rights of the Data Subject
You can request information about the personal data concerning you that we have stored by writing to the above address. Moreover, in certain situations you can request to have your data rectified or erased.
You may additionally have the right to have the processing of your data restricted as well as the right to obtain the data you have provided in a structured, commonly used, and machine-readable format.
By using cookies, ENFSI e.V. can provide Web site users with more user-friendly services that would otherwise not be possible.
The data subject can at any time stop cookies being saved by our Web site by activating the corresponding settings in his/her Web browser and, in doing so, permanently object to cookies being saved. Furthermore, cookies that have already been saved can be deleted at any time using the Web browser or other software programs. This is a function available in all common Web browsers. If the data subject deactivates his/her Web browser’s cookie-saving function, it may in some cases no longer be possible to use the complete functionality of our Web site.
Cookie Consent Banner
The website uses a Cookie Consent Banner from Borlabs to enable you to give your consent for certain technical tools in accordance with data protection regulations. For this purpose we use Borlabs Cookie, which sets a technically necessary cookie (borlabs cookie) to store your cookie consents. Borlabs Cookie does not process any personal data according to its own statements, https://borlabs.io/kb/what-information-does-borlabs-cookie-store/
The borlabs cookie stores your consent that you gave when you entered the website. If you wish to revoke these consents, simply delete the cookie via your cookie settings on our website or via your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.
Otherwise the expiry date of the cookie is one week.
Detailed information about Borlabs can be found on https://borlabs.io/
The data controller has integrated Google Maps on this website.
Google Maps (API) is a web service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to display interactive (land) maps for visual representation of geographical information. By using this service, visitors to the website are shown the company’s location and any directions are made easier.
Information about the use of the respective website (such as the IP address) is transmitted to and stored by Google on servers in the USA as soon as the sub-pages into which the Google Maps map is integrated are accessed. This happens regardless of whether Google provides a user account through which the person concerned is logged in, or whether no user account exists. If the person concerned is logged in to Google, their data will be assigned directly to their account. If this assignment is not desired, the person concerned must log out before activating the button. Google saves the data (even for users who are not logged in) as usage profiles and evaluates them. The data transmission takes place in particular according to art. 6 para. 1 lit. a GDPR based on your consent. You can withdraw your consent at any time via your cookie settings on our website or via your browser. Furthermore, you have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
Data Protection Provisions for the Use of Google Fonts
The controller has integrated Google Fonts into this Web site. Google provides free fonts that can be used when designing Web sites. Google Fonts was installed locally. A transfer of data does not take place. Only if you give your consent (GDPR art. 6(1)(a)) for Google Maps, Google Fonts will be automatically included for the display of Google Maps.
So that fonts for Google Maps can be displayed consistently, this Website uses Web fonts that are provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). When visiting a page on our Web site, the data subject’s browser loads the required Web fonts into its cache so that it can display text and fonts correctly.
For this purpose, the browser used by the data subject must establish a connection with Google’s servers. This process informs Google of the corresponding page being visited from the data subject’s IP address. If the data subject’s browser does not support Web fonts, the data subject’s computer will use a default font.
Google LLC., based in the United States, has been certified for the purposes of the U.S.-EU “Privacy Shield” data protection framework, which ensures compliance with the level of privacy required in the EU.