Data Privacy Statement
Name and address of the Data Controller
The Data Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection legislation of the member states and other data protection legislative provisions is:
European Thyroid Association e.V.
ETA Standing Office:
Hopfengartenweg 19
90518 Altdorf
Germany
Tel: +49 (0) 9187-97424-15
Fax: +49 (0) 9187-97424-75
Email: euro-thyroid-assoc@endoscience.de
General information about data processing
- 1. Extent of the processing of personal data
We only ever process our users’ personal data in so far as this is necessary for the provision of a functioning website and our content and services. As a rule, our users’ personal data are processed only with the prior consent of the user. An exception is made in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legislation.
- 2. Legal basis for the processing of personal data
Provided that we obtain the consent of the Data Subject for the processing of personal data, Art. 6 Para. 1 a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
With the processing of personal data necessary for fulfilling a contract to which the Data Subject is a party, Art. 6 Para. 1 b GDPR serves as the legal basis. This also applies to the processing activities necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary for the fulfilment of a legal duty to which our company is subject, Art. 6 Para. 1 c GDPR serves as the legal basis.
In the event that the vital interests of the Data Subject or of another natural person make the processing by personal data necessary, Art. 6 Para. 1 d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the Data Subject do not take precedence over the first-named interest, Art. 6 Para. 1 f GDPR serves as the legal basis for the processing.
- 3. Data deletion and retention period
The Data Subject’s personal data are deleted or quarantined as soon as the purpose of the storage lapses. Storage may continue beyond that if this has been stipulated by European or national legislation in EU regulations, acts or other legislation to which the Data Controller is subject. Quarantining or deletion of the data will also occur when a retention period specified by the above-mentioned legislation lapses unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Provision of the website and production of log files
- 1. Description and extent of the data processing
With every instance of access to our website, our system automatically gathers data and information from the accessing system’s computer. Here the following data are recorded:
- Information about the browser type and the version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system comes to our website
- Websites accessed by the user’s system via our website
The data are stored in our system’s log files. There is no storage of these data with other personal data of the user.
- 2. Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 f GDPR.
- 3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to permit delivery of the website to the user’s computer. For this purpose the user’s IP address must be stored for the duration of the session.
Storage in log files occurs to ensure that the website works. In addition, the data allow us to optimise the website and to guarantee the security of our IT systems. The data are not evaluated for marketing purposes in this context.
These purposes also encompass our legitimate interest in the data processing per Art. 6 Para. 1 f GDPR.
- 4. Retention period
The data are deleted as soon as they are no longer required for the achievement of the purpose for which they were recorded. With the gathering of the data for the provision of the website, this is the case when the relevant session has ended.
With the gathering of data in log files, this is the case after seven days at the latest. Storage beyond that is possible. In that event, the users’ IP addresses are deleted or altered so that it is no longer possible to associate them with the accessing client.
- 5. Options for withdrawal of consent and deletion
The gathering of the data for the provision of the website and the storage of the data in log files are essential to the operation of the website. So there is no option for withdrawal of consent by the user.
Use of cookies
- 1. Description and extent of the data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence of characters that permits unambiguous identification of the browser when it accesses the website again.
We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to still be identifiable after a change of page. Here the following data are stored and transmitted in the cookies:
- Session ID
- In the event of login: Login information
- 2. Legal basis for the data processing
The legal basis for the processing of personal data and the use of cookies is Art. 6 Para. 1 f GDPR.
- 3. Purpose of the data processing
The purpose of the use of technically necessary cookies is to simplify users’ use of websites. Some functions of our website cannot be offered without the use of cookies. For these functions it is necessary for the browser to still be recognised after a change of page. The user data recorded by technically necessary cookies are not used for the production of user profiles.
- 4. Retention period, options for refusal of consent and deletion
Cookies are stored on the user’s computer and transmitted from there to our site. So you as the user also have total control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. You can delete any cookies already stored at any time. This can also be done automatically. If cookies for our website are deactivated, it might no longer be possible to use all the website functions to the full extent.
Email contact
- 1. Description and extent of the data processing
It is possible for the user to make contact via the email addresses provided on the website. In that event, the user’s personal data transmitted with the email are stored.
The data are not passed on to third parties in this context. The data are used exclusively for the processing of the conversation.
- 2. Legal basis for the data processing
The legal basis for the processing of the data transmitted in the course of the sending of an email is Art. 6 Para. 1 f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 b GDPR.
- 3. Purpose of the data processing
The processing of the personal data serves us only for the processing of the contact made.
- 4. Retention period
The data are deleted as soon as they are no longer necessary for the achievement of the purpose for which they were recorded. For the personal data transmitted by email, this is the case if the conversation concerned with the user has ended. The conversation is ended if it may be ascertained from the circumstances that the relevant matter has been definitively dealt with.
- 5. Options for refusal of consent and deletion
The user has an option at any time to withdraw his consent to the processing of his personal data. If the user contacts us by email, he may withdraw his consent to the storage of his personal data at any time. In that event the conversation cannot be continued. In this case, all the personal data stored in the course of contact are deleted.
Google Fonts
In order to be able to display the content of our website correctly and in a graphically attractive manner regardless of the browser, on this website we use script libraries and font libraries from Google Fonts (https://fonts.google.com/). These are transmitted to your browser’s cache to avoid multiple loading. If the browser does not support Google Fonts or forbids access, content is displayed in a standard font.
Accessing script libraries or font libraries automatically initiates a connection to the operator of the library. Here it is theoretically possible for operators of such libraries to record data.
You will find the data protection guidelines of Google as the library operator here: https://policies.google.com/privacy
Rights of the user/the Data Subject
If personal data concerning you are processed, you are a Data Subject within the meaning of the GDPR and you have the following rights vis a vis the Data Controller:
- 1. Right to information
You can demand confirmation from the Data Controller of whether personal data concerning you are processed by us.
If such processing occurs, you may demand to be told about the following information by the Data Controller:
(1) The purposes for which the personal data are being processed
(2) The categories of personal data being processed
(3) The recipients and/or the categories of recipients to which the personal data concerning you have been disclosed or are still being disclosed
(4) The planned retention period of the personal data concerning you or, if concrete statements about this are not possible, criteria for determining the retention period
(5) The existence of a right to the correction or deletion of the personal data concerning you, a right to the restriction of the processing by the Data Controller or a right to refuse consent to this processing
(6) The existence of a right to complain to a supervisory authority
(7) All available information about the origin of the data if the personal data are not gathered from the Data Subject
(8) The existence of an automatic decision process including profiling per Art. 22 Paras. 1 and 4 GDPR and at least in these cases, meaningful information about the logic involved and the scope and the effects sought upon the Data Subject with such processing.
You are entitled to demand information about whether the personal data concerning you are transmitted to a non-EU country or an international organisation. In this context you may demand to be informed about the appropriate guarantees per Art. 46 GDPR in connection with the transmission.
- 2. Right to correction
You have a right vis a vis the Data Controller to correction and/or completion if the data concerning you being processed are incorrect or incomplete. The Data Controller must make the correction without delay.
- 3. Right to restriction of the processing
Subject to the following preconditions you may demand the restriction of the processing of the personal data concerning you:
(1) If you dispute the correctness of the personal data concerning you for a period that permits the Data Controller to check the correctness of the personal data
(2) The processing is unlawful and you refuse deletion of the personal data and instead demand restriction of the use of the personal data
(3) The Data Controller no longer requires the personal data for the purposes of processing but you need them for the claiming, exercise or defence of legal rights or
(4) If you have given notice of refusal of consent to the processing per Art. 21 Para. 1 GDPR and it has not yet been established whether the Data Controller’s legitimate interests take precedence over yours.
If the processing of the personal data concerning you has been restricted, these may, apart from being stored, only be processed with your consent or for the claiming, exercise or defence of legal rights or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a member state.
If the restriction of the processing was imposed in accordance with the above preconditions, you will be informed by the Data Controller before the restriction is lifted.
- 4. Right to deletion
- 4.1 Duty to delete
You may demand that the Data Controller deletes the personal data concerning you without delay and the Data Controller is obliged to delete these data without delay provided that one of the following reasons applies:
(1) The personal data concerning you are no longer needed for the purposes for which they were recorded or otherwise processed.
(2) You withdraw your consent on which the processing relied per Art. 6 Para. 1 a or Art. 9 Para. 2 a GDPR and there is no other legal basis for the processing.
(3) You give notice of refusal to allow the processing per Art. 21 Para. 1 GDPR and there are no legitimate reasons with precedence for the processing or you give notice of refusal to allow the processing per Art. 21 Para. 2 GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The deletion of the personal data concerning you is necessary for the fulfilment of a legal duty under European Union law or the law of the member states to which the Data Controller is subject.
(6) The personal data concerning you were recorded with regard to services offered by the IT company per Art. 8 Para. 1 GDPR.
- 4.2 Information to third parties
If the Data Controller has disclosed the personal data concerning you and if it is obliged per Art. 17 Para. 1 GDPR to delete them, it shall, taking into account the available technology and the cost of implementation, take reasonable measures, including of a technical nature, to inform the Data Controllers who are processing the personal data that you as the Data Subject have demanded that they delete all links to these personal data or copies or replications of these personal data.
- 4.3 Exceptions
There is no right to deletion if the processing is necessary:
(1) for the exercise of the right to the free expression of opinion and information
(2) for the fulfilment of a legal duty which the processing in accordance with the law of the European Union or of the member states to which the Data Controller is subject requires or for the performance of a task that is in the public interest or which occurs in the exercise of the official authority that has been delegated to the Data Controller
(3) for reasons of the public interest in the area of public health per Art. 9 Para. 2 h and i and Art. 9 Para. 3 GDPR
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes per Art. 89 Para. 1 GDPR in so far as the right mentioned in Section a) apparent makes the realisation of the aims of the processing impossible or seriously restricts it or
(5) for the claiming, exercise or defence of legal rights.
- 5. Right to notification
If you have claimed the right to correction, deletion or restriction of the processing vis a vis the Data Controller, the latter is obliged to notify all recipients to which the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of the processing unless this proves to be impossible or is associated with excessive expense.
You have a right vis a vis the Data Controller to be informed about these recipients.
- 6. Right to data transferability
You are entitled to receive the personal data concerning you that you have provided to the Data Controller, in a structured, conventional and machine-readable format. In addition, you are entitled to transfer these data to another Data Controller without any hindrance by the Data Controller to which the personal data were provided in so far as
(1) the processing relies on consent per Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 a GDPR or on a contract per Art. 6 Para. 1 b GDPR and
(2) the processing is performed with the aid of an automated procedure.
In exercising this right, you also have a right to have the personal data concerning you transferred directly from one Data Controller to another Data Controller in so far as this is technically possible. The freedoms and rights of other persons must not be adversely affected by this.
The right to data transferability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or which occurs in the exercise of official authority which has been delegated to the Data Controller.
- 7. Right of refusal
You have the right to give notification of refusal to allow the processing of personal data concerning you on the basis of Art. 6 Para. 1 e or f GDPR at any time for reasons arising from their special situation; this also applies to profiling relying on these provisions.
The Data Controller will cease to process the personal data concerning you unless it is able to prove mandatory reasons for the processing worthy of protection that take precedence over your interests, rights and freedoms or the processing serves the purposes of claiming, exercise or defence of legal rights.
If the personal data concerning you are processed for direct advertising purposes, you are entitled to give notification at any time of refusal to allow the processing of the personal data concerning you for the purpose of such advertising. This also applies to profiling in so far as it is in connection with such direct advertising.
If you refuse to allow the processing for the purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.
You have an option in connection with the use of services provided by the IT company and regardless of Directive 2002/58/EC to exercise your right of refusal by means of automatic procedures in which technical specifications are used.
- 8. Right to withdraw the data protection law declaration of consent
You are entitled to withdraw your data protection law declaration of consent at any time. This does not affect the legality of the processing performed on the basis of the consent up to the date of its withdrawal.
- 9. Automatic decision in the individual case including profiling
You are entitled not to be subject to a decision based solely on automatic processing, including profiling, that has a legal effect on you or that adversely affects you in a similar way. This does not apply if the decision:
(1) is necessary for the conclusion or fulfilment of a contract between you and the Data Controller
(2) is permitted on the basis of legislative provisions of the European Union or of the member states to which the Data Controller is subject and these legislative provisions contain reasonable measures for safeguarding your rights, freedoms and legitimate interests or
(3) is made with your express consent.
However, these decisions must not be based on special categories of personal data per Art. 9 Para. 1 GDPR in so far as Art. 9 Para. 2 a or g GDPR does not apply and reasonable measures have been taken to protect your rights, freedoms and legitimate interests.
Regarding the cases referred to in (1) and (3), the Data Controller takes reasonable measures to safeguard your rights, freedoms and legitimate interests, which as a minimum include the right to effect the intervention of a person at the location of the Data Controller, to presentation of your own viewpoint and to contest the decision.
- 10. Right to complain to a supervisory authority
Without prejudice to any other administrative law or in-court legal remedies, you are entitled to complain to a supervisory authority, in particular in the member state of your place of residence, of your place of work or of the place of the alleged breach, if you are of the opinion that the processing of the personal data concerning you is in breach of the GDPR.
The supervisory authority to which the complaint has been submitted informs the complainant of the situation and the results of the complaint including the opportunity of a legal remedy via the courts per Art. 78 GDPR.
Up-to-date status and amendment of this data protection declaration
This data protection declaration is currently applicable and was last updated in August 2020.
As a result of the further development of our website and the services offered via it or as a result of amended legislative or public authority regulations, it may be necessary to amend this data protection declaration. The current up-to-date data protection declaration may be accessed by you on this site and printed out at any time.