The controller within the meaning of Article 4 (7) of the General Data Protection Regulation (GDPR) and, if applicable, other national data protection laws of the Member States, and other data protection regulations, is:
Didacta Verband e.V.
Association of the German Education Industry
Rheinstraße 94
64295 Darmstadt
Telephone: 06151-35215-0
Email: info@didacta.de
Represented by President Dr Theodor Niehaus
You can find information about us, details of authorised representatives and other ways to contact us in the legal notice on our website: https://www.didacta.de/impressum.
We, as Didacta Verband e. V. and our central service provider, Didacta Ausstellungs- und Verlagsgesellschaft mbH, Rheinstraße 94, 64295 Darmstadt, Germany, are not legally obliged to appoint a data protection officer.
Didacta Ausstellungs- und Verlagsgesellschaft mbH has voluntarily appointed a data protection officer to provide additional protection for your personal data as a visitor to our website. There are various ways of contacting the data protection officer:
Didacta Ausstellungs- und Verlagsgesellschaft mbH
– Datenschutzbeauftragter/Data Protection Officer –
Rheinstraße 94
64295 Darmstadt, Germany
Email: info@didacta.de
1. Scope of processing personal data
We essentially only process our users’ personal data if this is necessary to provide a functional website and our content and services. The processing of our users’ personal data essentially only takes place after consent has been obtained from the user, except where the prior consent is not possible for practical reasons and the processing of data is permitted by law.
2. Legal bases for processing personal data
If personal data is processed for the performance of a contract or to take steps prior to entering into a contract to which the data subject is a contracting party, Article 6 (1) (b) of the GDPR serves as the legal basis.
The processing of personal data to comply with a legal obligation to which our company is subject is based on Article 6 (1) (c) of the GDPR.
If the processing of personal data is necessary in order to protect vital interests of the data subject or another natural person, Article 6 (1) (d) of the GDPR permits processing.
We also process data to safeguard the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user, based on Article 6 (1) (f) of the GDPR.
If there is no other legal basis for data processing, we obtain the data subject’s consent to the processing under Article 6 (1) (a) of the GDPR.
As soon as the purpose for storage no longer applies, we generally erase or suppress personal data relating to the data subject. In addition, data may be stored if this has been provided for by European or national legislators in Union regulations, laws or other provisions to which the controller is subject. Data will also be suppressed or erased if a storage period set by the aforementioned regulations has passed, unless further storage of the data is necessary to enter into or perform a contract.
Tools from companies based in the USA are integrated into our website. If these tools are active, your personal data may be sent to the servers of the respective company in the USA. Please note that the USA a not a secure third country within the meaning of EU data protection law. Companies in the USA are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that authorities in the USA (e.g. secret services) may process, evaluate and permanently store your data on servers in the USA for monitoring purposes. We have no control over these processing activities.
1. Description and scope of data processing
Each time you visit our website, our system automatically collects data and information from the accessing computer’s system.
The following data is collected through this process:
• Information regarding the browser type and version used
• The user’s operating system
• The user’s Internet service provider
• The user’s IP address
• Date and time of access
• Websites from which the user’s system accessed our website
• Websites accessed by the user’s system via our website
The data is also stored in our system’s log files. This data is not stored together with any other personal data relating to the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) of the GDPR.
3. Purpose of data processing
It is necessary for the system to temporarily store the IP address to allow the website to be displayed on the user’s computer. To do so, the user’s IP address must be stored for the duration of the session.
The IP address is stored in log files to guarantee the functionality of the website. Data is also used to optimise the website and to guarantee the security of our IT systems. We do not evaluate this data for marketing purposes.
Our legitimate interest in data processing is also based on these purposes, pursuant to Article 6 (1) (f) of the GDPR.
4. Storage period
Data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. If the data was collected to provide the website, it is erased when your session ends.
If data is stored in log files, it is erased within seven days at the latest. Further storage is possible. In this case, user IP addresses will be erased or distorted so that it is no longer possible to identify the accessing client.
5. Opt-out and elimination options
Data must be collected and stored in log files to provide and run the website. Therefore, users do not have any opt-out options here.
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are saved in or by the web browser on the user’s computer system. If a user visits a website, a cookie may be saved on their operating system. This cookies contains a distinctive character string that uniquely identifies the browser when the website is visited again.
We only use PHPSESSID cookies. This cookie saves your current session with respect to PHP applications, therefore ensuring that all page features, which are based on the PHP programming language, can be displayed in full. This cookie is required for internal areas, does not contain any personal data and is deleted after the browser session.
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies that are absolutely necessary for technical reasons is Article 6 (1) (f) of the GDPR.
The legal basis for the processing of personal data using cookies required for analytical reasons is the user’s consent – Article 6 (1) (a) of the GDPR.
3. Purpose of data processing
The purpose of using cookies that are necessary for technical reasons is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. This is why it is necessary for your browser to remain recognisable as you make your way through our site.
The user data collected by cookies necessary for technical reasons is not used to create user profiles.
Our legitimate interest in processing personal data is also based on these purposes, pursuant to Article 6 (1) (f) of the GDPR.
4. Storage period, opt-out and elimination options
Cookies are saved on the user’s computer and are transmitted to our site. As a user, you therefore retain full control over the use of cookies. You can disable or restrict the transmission of cookies by changing your web browser settings. Cookies that have already been saved may be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that you may no longer be able to use all of its features.
V. Newsletter
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service that can be used to organise and analyse newsletter mailing. The data you provide (e.g. your email address) to subscribe to our newsletter will be stored on CleverReach servers in Germany.
Sending our newsletters with CleverReach allows us to analyse the behaviour of newsletter recipients. Among other things, we can analyse how many recipients have opened the email containing the newsletter and how often various links inside the newsletter are clicked on. In addition, ‘conversion tracking’ can be used to analyse whether a set action has taken place after a link in the newsletter has been clicked on. You can find more information about how data is analysed by CleverReach at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/ .
Data is processed on the basis of your consent (Article 6 [1] [a] of the GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter. The legality of data processing already carried out remains unaffected by the withdrawal.
If you do not want your use of the newsletter to be analysed by CleverReach, you will have to unsubscribe from the newsletter. We provide a link to do this in every newsletter we send. You can also unsubscribe from the newsletter on the website.
The data you provide when registering for the newsletter will be stored by us or by the newsletter service provider until you cancel your subscription, when it will be erased from the newsletter mailing list. Data stored by us for other purposes shall remain unaffected by this.
After you have unsubscribed from the newsletter mailing list, your email address may be stored on a blacklist maintained by either us or the newsletter service provider to prevent future distribution. Data from the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Article 6 [1] [f] of the GDPR). Storage on the blacklist is not limited in time. You may object to storage if your interests outweigh our legitimate interests.
You can find CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/ .
VI. Registration form and email contact
1. Description and scope of data processing
A registration form is available on our website. If a user uses this option, the data entered in the input screen will be transmitted to us and stored.
The following data is also stored at the time the message is sent:
• The user’s IP address
• Date and time of the message
During the mailing process, your consent is obtained in order to process data, and reference is made to this privacy policy.
Alternatively, you may contact us via the email addresses provided. In this case, the user’s personal data transmitted in the email will be stored.
Such data will not be disclosed to third parties in this context. This data will be used exclusively to respond to your message.
2. Legal basis for data processing
If the user has given their consent, the legal basis for processing data is Article 6 (1) (a) of the GDPR.
The legal basis for processing data transmitted in the course of sending an email is Article 6 (1) (f) of the GDPR. If the aim of email contact is to enter into a contract, the additional legal basis for processing is Article 6 (1) (b) of the GDPR.
3. Purpose of data processing
We only process personal data provided in the input screen in order to process registrations. If contact is made via email, this is also because of our necessary legitimate interest in data processing.
Other personal data processed throughout the mailing process is used to prevent the registration form from being misused and to ensure the security of our information technology systems.
4. Storage period
Data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data from the contact form input screen and data sent by email, this is the case when the respective conversation with the user comes to an end. The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been resolved in a conclusive way.
5. Opt-out and elimination options
The user has the option of withdrawing their consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, it will not be possible to continue the conversation.
In this case, all personal data stored when contact was made will be erased.
VII. Disclosure to third parties
1. Scope of processing personal data
1.1 YouTube
YouTube videos are integrated into this website. The operator of this site is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in privacy-enhanced mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. The disclosure of data to YouTube partners is, however, not absolutely excluded by privacy-enhanced mode. Therefore, YouTube will establish a connection with the Google DoubleClick network regardless of whether you are viewing a video or not. As soon as you start a YouTube video on this website, a connection will be established with YouTube servers. In doing so, the YouTube server is notified about which pages you have visited in our website. If you are signed into your YouTube account, you are allowing YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this from happening by signing out of your YouTube account first.YouTube can save different cookies on your device or use comparable recognition technologies (e.g. device fingerprinting) once you have started a video. YouTube can do this to gather information relating to visitors to our website. Among other things, this information may be used to collect video statistics, improve user-friendliness and prevent attempts of fraud. Other data processing operations may be initiated after starting the YouTube video, over which we have no control.
Processing exclusively takes place on the basis of your consent, pursuant to Article 6 (1) (a) of the GDPR; consent may be withdrawn at any time with future effect. More information regarding data protection at YouTube can be found in the privacy policy at: https://policies.google.com/privacy?hl=de .
You also consent to the transmission of your data (in particular your IP address) to third countries in accordance with Article 49 (1) (a) of the GDPR at the same time. There is a risk here that your data may be collected and processed by authorities. You cannot enforce your data subject rights in this case. Please note that this means you will not enjoy a level of data protection comparable to the level that applies in the EU. You can withdraw your consent at any time with future effect under ‘Cookie settings’.
1.2 etracker
This website uses the etracker analysis service. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
A pseudonym user profile may be created with this data. etracker uses technologies that allow the user to be recognised (e.g. cookies or device fingerprinting) for this purpose. Data collected by etracker technologies is not used to personally identify visitors to this website and shall not be merged with personal data relating to the owner of this pseudonym without having obtained separate consent from the data subject.
Use of this analysis tool takes places on the basis of Article 6 (1) (a) of the GDPR; consent may be withdrawn at any time with future effect.
Entering into a commissioned processing contract
We have entered into a commissioned processing contract with the provider of etracker and fully implement the strict requirements of German data protection authorities when using etracker.
2. Legal basis for processing personal data
The legal basis for processing users’ personal data is Article 6 (1) (f) of the GDPR.
3. Purpose of data processing
We use YouTube in the interests of displaying our online offering. This is a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.
4. Storage period
Data is erased as soon as it is no longer required to fulfil the purpose for which it was collected.
5. Opt-out and elimination options
Cookies are saved on the user’s computer and are transmitted to our site. As a user, you therefore retain full control over the use of cookies. You can disable or restrict the transmission of cookies by changing your web browser settings. Cookies that have already been saved may be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that you may no longer be able to use all of its features.
VIII. Data subject rights
If personal data concerning you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights which you can assert against the controller:
1. Right of access
You may request confirmation from the controller as to whether we are processing or have processed personal data concerning you.
If this is the case, you may request the following information from the controller:
(1) the purposes for which personal data is being processed;
(2) how long the controller plans to store your personal data for, or, if specific information is not available, the controller’s criteria for determining the storage period;
(3) the existence of a right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; and
(4) the existence of a right to lodge a complaint with a supervisory authority.
The personal data concerning you is not sent to a third party nor to any international organisations.
2. Right to rectification
You have a right to obtain from the controller rectification and/or completion if the personal data processed that concerns you is incorrect or incomplete. The controller is required to carry out the rectification without undue delay.
3. Right to restriction of processing
You may ask for the processing of your personal data to be restricted under the following conditions:
(1) you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose the erasure of the personal data and request that the use of personal data is restricted instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Article 21 (1) of the GDPR, pending the verification whether the legitimate grounds of the controller override your grounds.
Where the processing of your personal data has been restricted, it shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction has been limited for any of the grounds listed above, you will be notified by the data controller before the restriction has been lifted.
4. Right to erasure
a) Erasure obligation
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) Your personal data is no longer required for the purposes for which it was originally collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and where there is no other legal basis for the processing.
(3) You object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The personal data concerning you must be erased for compliance with a legal obligation in the Union or Member State law to which the controller is subject.
(6) The personal data concerning you was collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
b) Transfer of information to third parties
Where the controller has made the personal data concerning you public and is obliged to erase the personal data pursuant to Article 17 (1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as a data subject have requested the erasure by such controllers of any links to, or copies or replications of, such personal data.
c) Exceptions
There is no right to erasure if processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to be informed
If you have asserted a right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.
The controller will no longer process personal data relating to you unless it can prove that there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing, you have the right to object to the processing of the personal data concerning you for such marketing at any time, which also includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent given under data protection law
You have the right to withdraw your consent given under data protection law at any time. By withdrawing your consent, the lawfulness of processing previously carried out on the basis of consent will not be affected by this.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you. This shall not apply if the decision
(1) is necessary for entering into, or the performance of, a contract between you and the controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (g) or the GDPR applies and suitable measures to safeguard your rights, freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
