I. Name and Address of the Controller
The controller for the purposes of the General Data Protection Regulation and other national data protection regulations of Member States, as well as other data protection regulations is:
Research Institute of Automotive Engineering and Vehicle Engines Stuttgart -FKFS-
Foundation under civil law
Pfaffenwaldring 12
70569 Stuttgart
Germany
+49 711 685-65888
info@fkfs.de
II. Name and Address of the Data Protection Officer
The data protection officer for the controller is:
DataCo GmbH
Sarah Klein
Nymphenburger Str. 86
80636 München
Germany
sklein@consulting.dataguard.de
III. Rights of the Data Subject
The following list contains all the rights of the data subject according to the GDPR.
If your personal data is processed, then you are the data subject as laid down in the GDPR, and you may exercise the following rights against the controller:
1. Right to Information
You can demand confirmation from the controller as to whether we are processing personal data which concerns you. If we are processing your personal data, you can demand information from the controller about the following:
(1) The purposes for which the personal data are being processed;
(2) The categories of personal data which are being processed;
(3) The recipients or categories of recipients to whom your personal data has been disclosed or is still being disclosed;
(4) The planned period for which your personal data will be stored or, should specific details about this not be possible, criteria for determining the duration of storage;
(5) The existence of the right to correction or deletion of your personal data, the right to restriction of processing by the controller, or the right to object to this processing;
(6) The existence of the right to lodge a complaint with a supervisory (data protection) authority;
(7) All available information about the source of the data if the personal data was not acquired from the data subject;
(8) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to demand information about whether your personal data is transferred to a third country or to an international organization. In this context, you can demand to be informed about the appropriate safeguards in accordance with Article 46 of the GDPR regarding the information transfer.
2. Right to Correction
In as far as the processed personal data concerning you is incorrect or incomplete, you have the right to demand that the controller corrects and/or completes your personal data. The controller must perform the rectification without delay.
3. Right to Restriction of Processing
You can demand that the processing of your personal data is restricted if the following conditions apply:
(1) You are contesting the accuracy of your personal data for a period enabling the controller to verify the accuracy of your personal data;
(2) The processing is unlawful and you oppose the deletion of your personal data and instead request the restriction of their use;
(3) The controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims, or
(4) You have objected to processing pursuant to Article 21(1) of the GDPR pending verification as to whether the legitimate grounds of the controller override yours as the data subject.
Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the conditions stated above, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to Deletion
a) "Right to be forgotten"
You have the right to demand that the controller deletes your personal data without undue delay, and the controller shall be obliged to delete this data without undue delay, in as far as one of the following grounds applies:
(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent upon which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
(4) Your personal data was processed unlawfully.
(5) Your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) Your personal data was collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
We would like to point out that if your data is deleted, participation in the event will not be possible.
b) Information to third parties
Where the controller has made your personal data public and is obliged pursuant to Article 17(1) of the GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the deletion by such controllers of all links to, or copies or replications of, your personal data.
c) Exceptions
The right to deletion shall not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) of the GDPR as well as Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defense of legal claims.
5. Notification Obligation
If you have made use of your right to correction, deletion or restriction of processing, the controller shall communicate any correction or deletion or restriction of processing of your personal data to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to request the controller for information about these recipients.
6. Right to Data Portability
You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others must not be adversely affected by this.
The exercise of the right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
At any time, you have the right to object on grounds relating to your particular situation to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Withdraw Consent to the Processing of your Personal Data
You can withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects which concern you, or which affects you in a similarly significant way. This shall not apply if the decision
(1) is necessary for entering into, or fulfillment of, a contract between you and the data controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.
In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
IV. General Information about Data Processing
1. Scope of Personal Data Processing
We collect and use the personal data of users of this website for the documentation and administration of event participants, for the purposes of organizing and implementing the AutoTest Technical Conference, after referred to as "the event". The collection and use of our users' personal data generally occurs only after the user gives consent: by signing up for and registering for the event.
On our website https://www.fkfs-veranstaltungen.de/autotest we enable users to sign up for the event with the submission of their personal details. The data is entered in an input screen, transferred to our service provider EMENDO and saved there.
Depending on the choice of payment method at the end of the registration procedure, certain personal data (first name, last name, payment amount) will be transferred to third parties for the purposes of the payment process.
Credit card payments via Sofort and PayPal are processed by BS PAYONE GmbH, Lyoner Strasse 9, D-60528 Frankfurt/Main, Germany, which is certified according to the Payment Card Industry Data Security Standard (PCI DSS). Your credit card details are collected and processed directly by BS PAYONE. We do not save your credit card details.
For payments with Sofort, the online payment system provided by SOFORT GmbH, Theresienhöhe 12, D-80339 Munich, Germany, the online banking data (PIN and TAN) you entered into the electronic transfer form provided by SOFORT GmbH during the ordering process will be encrypted and transferred to your bank for execution of the electronic transfer. We do not save your online banking details.
Payments with PayPal (Europe), S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, use the bank details you have registered with PayPal to make the payment. We have no access to this data.
The transfer of your payment details to the relevant payment service provider will only occur as far as this is necessary for processing the payment. The legal basis is point (b) of Article 6(1) of the GDPR.
The terms and conditions and privacy statement of the relevant provider apply for the use of the above-named payment services. You will be informed of this separately before using the relevant service.
You can access the BS PAYONE GmbH privacy statement via the following link:
https://www.payone.com/DE-de/datenschutz
Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden). Their privacy statement can be accessed via the following link:
https://www.klarna.com/uk/privacy/
PayPal's privacy statement can be accessed via the following link: https://www.paypal.com/us/legalhub/privacy-full
We collect the following data during the registration process:
2. Legal Basis for the Processing of Personal Data
The collection and use of our users' personal data occurs on the basis of consent given by the user: when the user signs up for and is registered for the event.
The legal basis for this is point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR).
3. Data Deletion and Duration of Storage
The personal data of the data subject will be deleted or blocked as soon as the reason for its storage no longer applies.
Moreover, storage may take place if this is provided for under European or national regulatory authorities in Union provisions, laws or other regulations to which the controller is subject.
The data will also be deleted or blocked if a data-retention period specified by the stated standards expires: unless continued storage of the data is required for concluding or fulfilling a contract.
4. External Services and Content on our Website
We incorporate external services and/or content in our website. If you use such a service or if third-party content is displayed to you, then, for technical reasons, communication data will be exchanged between you and the relevant provider. The following external services are currently incorporated:
Find this provider's privacy statement here:
V. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Every time our website is called up, our system automatically records data and information from the computer system calling up the website.
Here the following data are collected:
(1) The IP address of the user
(2) Date and time of access
(3) Any changes to the existing personal data
(4) The exceeding of an individual registration step
(5) Sending of an e-mail
(6) Selection of bookings (e.g. workshops, etc.)
These data are also stored in log files on our system. Storage of this data alongside other personal data of the user does not occur.
2. Legal Basis for the Data Processing
The legal basis for the temporary storage of the data and the log files is point (f) of Article 6(1) of the GDPR.
3. Purpose of the Data Processing
The system must temporarily store the IP address in order to deliver the website to the user’s computer. To achieve this, the user’s IP address must be stored for the duration of the session. Storage in log files occurs in order to ensure the functionality of the website. In addition, the data help us optimize our website and ensure the security of our IT systems.
For these purposes, data processing is also necessary for the pursuit of our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR.
4. Duration of Storage
The data are deleted as soon as they are no longer necessary for fulfilling the purpose for which they were collected. In the case of data collection for the provision of the website, this occurs when the relevant session is terminated.
Opting Out and Removal Options
The collection of data for the provision of the website and the storage of the data in log files is essential for operating the website. Therefore, the user cannot opt out of this.
VI. Use of Cookies
1. Description and Scope of Data Processing
Our website uses cookies. Cookies are text files which are saved in the internet browser or saved by the internet browser on the user’s computer system. If a user calls up a website, a cookie can be saved on the user's operating system. This cookie contains a distinguishing character string which enables the browser to be identified definitively if the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the browser calling up our webpage can still be identified after changing pages.
The cookies are used to save and transmit the following data:
(1) Distinguishing character string (token)
(2) Acceptance of the cookie rule
2. Legal Basis for the Data Processing
The legal basis for processing personal data by means of cookies is point (f) of Article 6(1) of the GDPR.
3. Purpose of the Data Processing
Cookies necessary for technical reasons make websites easier for users to use. Some of the functions on our website cannot be provided without using cookies. For these, it is necessary that the browser can be recognized even after a page change.
We need cookies for the following applications:
(1) Login information (login status)
(2) Adoption of language settings
(3) Changes to the dataset
(4) Booking items (pursuant to workshop bookings, etc. -> shopping basket)
(5) Invoicing
(6) Improving the design and functionality of our website.
For these purposes, processing of personal data is also necessary for the pursuit of our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR.
4. Duration of Storage, Opting Out and Removal Options
Cookies are saved on the user's computer and transferred from here to our webpage. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies which have already been saved can be deleted at any time. This can also be performed automatically. If you deactivate the cookies for our website, you may not be able to use the full range of functions available on our website.
VI Data Protection Information for Card Payments
For card payments (credit cards, debit cards), we work with Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn, Germany, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti.
In this context, card details are also transferred to the above-named company, along with the purchase amount and the date.
All payment data, including data for any return debits made, are only stored for as long as they are necessary to process the payment (including processing any return debits and debt collection) and for combating misuse. In general, this data is deleted 13 months after its collection, at the latest.
Furthermore, continued storage may occur in as far as and for as long as it is required to adhere to a legal retention period or for pursuing a specific case of misuse. The legal basis for the data-processing is point (f) of Article 6(1) of the GDPR.
You can demand information about your data and, if applicable, correction or deletion of your data as well as restriction of its processing. If applicable, you also have the right to revoke your consent to the processing of your data. For questions about data processing by Concardis or to exercise your above-stated rights, please contact the Data Protection Officer, who can be reached at the address below or via e-mail at Datenschutzbeauftragter@concardis.com.
Furthermore, you have the right to lodge a complaint with a Data Protection Authority (in Germany, with the Federal State Data Protection Commissioner). We would like to point out that there are no legal or contractual requirements for you to provide your payment data. If you do not wish to provide your payment details, you can use a different payment process.