Privacy Policy

We, the European Foundation for the Study of Diabetes (EFSD) are pleased that you are interested in our online presence and services. We treat your personal data confidentially and in accordance with the legal regulations of the relevant data protection laws, in particular the EU General Data Protection Regulation (GDPR) as well as this privacy policy.

This privacy policy serves to explain to you what information and personal data we process when you visit our website and use our digital services, including our social media profiles on PCs, smartphones, tablets and all other Internet-enabled mobile devices.

The digital services may contain links to other third party service provider websites that are not covered by this privacy policy.

1. Controller’s name and contact information

The data controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is the

European Foundation for the Study of Diabetes (EFSD)

Rheindorfer Weg 3
40591 Düsseldorf
Germany

Phone: +49 211 758 469 0
Email: foundation@easd.org

If you have any questions about our data processing activities, please write to us at the aforementioned postal address, with the addition "Data protection" or at the e-mail address provided. Our data protection officer can be reached via datenschutz@easd.org or by letter to our postal address c/o “Data protection officer”. The relevant contact data can be found in the imprint.

2. Log files

Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files for the duration of 6 months, the so-called “server log files”. The stored data records are technically necessary to display the websites to you and contain the following data:

Browser type and browser version,
operating system used,
referrer URL,
time of server request,
IP address.

This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.

The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3. Processing of personal data / legal basis

3.1. Data processing for the provision of contractual services

We process personal data in order to process the contractual relationships and to be able to submit contractual offers tailored to your requirements. The collection of the data takes place in particular for the conclusion and/or for the performance of a contract.

We collect with all forms obligatorily only those personal data, which are absolutely necessary for the completion of the contractual relations and/or for your information inquiry. The collection of data, which is not absolutely necessary, but in which we are interested in order to optimise the fulfilment of the purpose, is always optional. In this case you decide on a voluntary basis if and which data you want to give us.

For applications we may need your correct name, address and payment data. We ask for your email address and telephone number so that we can communicate with you in the event of questions or problems regarding the service you have commissioned.

3.1.1. Applying for an EFSD grant or fellowship

If you wish to apply for an EFSD grant or fellowship and receive funding after the review process, you will have to submit your personal data for pre-contractual measures and/or to conclude the contract so that we can process your application as well as the further funding procedure. For the conclusion of contracts, necessary mandatory particulars are marked separately; other particulars are voluntary.

To apply for an EFSD grant or fellowship, you must use our cloud-based grant and fellowship management platform:

SmartSimple

SmartSimple is a cloud-based platform for our grant and fellowship management. The entire process, from the application to the final report, is handled via the SmartSimple portal. To apply for an EFSD grant or fellowship, you are asked to register on the portal. For application processing, please allow us to collect the following information provided by you:

(academic) title, first name, surname,
a valid email address,
address (home address or that of a company you mention)
phone number (fixed line and/or mobile communication),
information necessary for the processing of your request and to enable conclusion of a contract, including payment and bank details,
photos you submit to us, place in your member area or for publication on the homepage or in print media.

The processing of this data occurs

to allow you to be identified as a (potential) applicant or (potential) grant/fellowship recipient,
for correspondence with you,
to examine your request or process your query/contract,
for the review process,
to share your data with the review committees and selected data with the co-financing partner of the respective programme,
for invoicing/settlement of bills,
to enforce any claims against you or to defend against any claims made against us,
for the display of task areas on our homepage when taking on positions or duties,
for reports or publications, e.g. about award ceremonies,
for the announcement of speakers at events, if needed along with CVs on the homepage and/or in print media,
arrangement of groups (e.g., Study Groups, EASD Academy) and transfer of personal data for exchange in this group,
for further customer care and promotional approach for one’s own similar products/events.

For SmartSimple privacy policy, please visit: Trust & Security - Security | SmartSimple Software

The previously described data processing occurs on your request and is necessary for the aforementioned purposes to process your request and/or for the mutual fulfilment of obligations from previous or existing contractual relationships. The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

3.1.2. Data processing for communication with you (contact form, etc.)

In addition to the contract data, we process your communication data (address, telephone number, email address) in order to be able to contact you. Personal data that you provide to us by email or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.

The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

3.2. Newsletter

With your consent, you can subscribe to our newsletters, with which we keep you informed. The respective content of a newsletter is explained in the respective declaration of consent. If you would like to receive a newsletter offered by us, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. For this purpose, we will send you an email with a confirmation link (double opt-in) to the email address you have entered. If you do not confirm your subscription, your information will be blocked and automatically deleted after one month.

Your first name, last name and email address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. In addition, we store the IP addresses you use and the dates of subscription and confirmation. The purpose of the procedure is to prove your subscription for the newsletter and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. Our newsletters are sent by the technical service provider rapidmail GmbH (Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany), to whom we pass on the data you provide when subscribing for the newsletter. The data you enter for the newsletter subscription will be stored on rapidmail’s servers in the EU. For more information, please see the rapidmail GTC and data privacy statement.

Data processing takes place on the basis of your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time and cancel the respective subscription. You can declare your revocation by clicking on the link provided in every email or by sending us a message via the contact details mentioned under section 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

3.3. Cookies

In order to enable the use of certain functions, to recognise you when you visit our website again, and/or to adapt our offer to your personal preferences, we use so-called cookies on various pages. These are small text files that are stored on your end device. Cookies are unable to run programmes or transfer viruses to your device. Their general purpose is to make the internet service more user-friendly and effective. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

As a user you have full control over the application of cookies. By entering our website your consent for certain cookies and/or cookie-based applications can be given by ticking the respective box. Our cookie tool (“CookieYes”– for further details please refer to section 3.6.2) blocks all cookies requiring consent until the individual user gives corresponding consent. This ensures that such cookies are only set on the user's terminal device if consent is given.

By changing the settings in your internet browser, you can also deactivate or limit the transfer of cookies and, for example, refuse to allow third-party cookies or cookies in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:

Since we do not operate these websites, we assume no liability for it and have no influence over content and availability.

Please note that the functionality of our website may be limited if cookies are not accepted.

We use necessary cookies, which are required to enable the performance of the services we are obliged to provide. The data processing in this respect is then based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

In addition, we may use cookies which are indispensable for the functionality of our website. This data processing is then carried out in accordance with Art. 6 para. 1 s. 1 lit. f GDPR, which permits data processing to serve the legitimate interests of the data controller, unless the interests or the fundamental rights and freedoms of the data subject outweigh the interest of the data controller in processing the data.

We may obtain your consent for the use of other, unnecessary cookies. The data processing is then carried out on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.

3.4. Tracking with Matomo

On some of our websites we may use the web analysis software Matomo to analyse the use of the respective website and/or to track user-specific behaviour, if this is necessary to provide our services. The relevant data processing for the provision of the contractual service is outlined in section 3.1. In contrast to other statistics programmes, no data is transmitted to an external server by the software we use. The relevant software is installed on one of our servers located in the EU. Our tracking software may collect the following data, which may give information about which functions of the respective website are frequently used and where misunderstandings may occur:

Country, state, city,
time of the page call,
the browser used, including the browser version, browser language and the installed plugins,
the operating system of the user,
the screen resolution of the user,
the date of the first visit,
the time of the last visit,
a randomly generated unique user ID,
the loading time of the visited page,
the number of actions per visit,
the page title of the visited page,
the URL of the visited page,
the length of stay per visit,
functions used during the visit.

Statistics on user behaviour are then based on this data. These include, for example, overviews of the actions per visit, e.g., whether data exports were carried out or counter readings were entered.

We use tracking technologies that are necessary to enable us to perform the services we are obliged to provide. The data processing in this respect is then based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. In addition, we may, under certain circumstances, obtain your consent for the use of tracking while processing personal data. The data processing will then be based on your consent in accordance with Art. 6 para. 1 s. 1 lit. b GDPR. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation. In addition, we use anonymous tracking on some of our websites.

3.5. Google Web Fonts

We use the Web Fonts from Google, which are installed on the server side (locally) and do not connect to Google at any time.

3.6. Other tools

3.6.1. Zoom

We use the Zoom service of Zoom Video Communications Inc (hereinafter "Zoom") to conduct online meetings, video conferences and/or webinars. When using Zoom, different data will be processed. The extent of the processed data depends on the data you provide before or during your participation in an online meeting, video conference or webinar. When using Zoom, data of the communication participants is processed and stored on Zoom servers. This data may include your registration data (name, email address, telephone [optional] and password) and meeting data (topic, participant IP address, device information, description [optional]). In addition, visual and audio contributions of the participants, as well as voice inputs can be processed in chats.

For more information about Zoom's use of data, please refer to Zoom's Privacy Policy:

Zoom Video Communications Inc

55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA

Important in the context of data processing in the US: The European Court of Justice considers that the standard of data protection in the US is insufficient and that there is a risk that your data may be processed by US authorities, for control and monitoring purposes and possibly without any possibility of legal recourse.

The basis for the data processing in this respect is based on Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as data is processed in accordance with the relevant terms of use, otherwise, if applicable, Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data for the purpose of serving the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3.6.2. CookieYes

This website uses the cookie consent tool “CookieYes“, supplied by Mozilor Limited (hereinafter „CookieYes“), to obtain valid user consents for cookies and cookie-based applications. By incorporating a corresponding JavaScript code, users are shown a banner when calling up a page, in which consent for certain cookies and/or cookie-based applications can be given by ticking the respective box. The tool blocks all cookies requiring consent until the individual user gives corresponding consent. This ensures that such cookies are only set on the user's terminal device if consent is given.

To enable the cookie consent tool to clearly assign page views to individual users and to individually record, log and store the consent settings made by the user for a session, certain user information (including the IP address) is collected by the cookie consent tool when calling up our website, transmitted to CookieYes servers and stored there.

For more information about CookieYes’ use of data, please refer to CookieYes’ Privacy Policy:

Mozilor Ltd.

3 Warren Yard,

Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom

https://www.cookieyes.com/privacy-policy/

The basis for the data processing in this respect is based on Art. 6 para. 1 lit. c GDPR, which permits the processing of data for compliance with a legal obligation to which the controller is subject. Further legal basis for the data processing described is Art. 6 para. 1 lit. f GDPR, if applicable, which permits the processing of data for the purpose of serving the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3.6.3. Youtube

For visualisation and reproduction of content, we have included videos from the YouTube platform on our website. YouTube is a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When you access one of the submenu pages of our web presence containing a YouTube plug-in, to play a video for instance, your browser establishes a direct connection to the servers of YouTube, thus showing the plug-in. At the same time, the YouTube server is informed as to which of our web pages you have visited. If you are now logged in as a member of YouTube or any other Google service (which of course is not mandatory just to view our videos), Google assigns this information to your personal user account. If you utilise the plug-in in that you for example click the start button of a video, this information is similarly assigned to your user account. You can prevent this assignment by logging out of your YouTube or any other Google service user account before using our website and erasing the corresponding cookies. Furthermore, we turned on the Privacy Enhance Mode in the YouTube settings to prevent YouTube from storing info about you as long as the video is not playing. Further information on data processing and references to Google’s data protection can be found under https://policies.google.com/privacy?hl=de.

The basis for the data processing by YouTube is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as data is processed in accordance with the Google terms of use, otherwise, if applicable, the data processing may be carried out on the basis of your consent in accordance with Art. 6 Para. 1 s. 1 lit. a GDPR in conjunction with Art. 49 para. 1 S.1 lit. a GDPR. You can revoke your consent at any time. An informal notification to us is sufficient for this purpose. The legality of the data processing that has already taken place remains unaffected by the revocation.

3.7. Data processing for job applications

If you send us job applications using the contact details provided, we will process the personal data that we receive from you within the scope of the application process or the employment contract. Relevant data are e.g. Master data (name and address), CVs, contact details (telephone, fax, email).

In the case of applicants who are minors, we also record the personal data of the legal guardians, in particular name, address and, if applicable, the consent to enter into the contract with us and obtain any necessary consent.

If we are unable to offer you a job, you turn down a job offer, withdraw your application, revoke your consent to data processing or demand that we erase the data, the data and documents submitted by you, including any possible remaining physical records, shall be stored or retained for a maximum of four months after conclusion of the application procedure (retention period). Provided you have consented to further storage of your personal data, we shall add your data to our pool of applicants.

When an employment contract is concluded, we process further data such as bank details, date of birth, age, marital status, religious denomination, health insurance, pension insurance provider, social security number, tax number, tax identification number and tax class, which are necessary for the processing of payroll accounting.

Within the scope of the employment relationship, we may request information as to whether there is a severe disability in order to be able to safeguard corresponding rights in accordance with the German Social Code IX, as well as to be able to calculate any compensation levy in accordance with s. 160 Social Code IX. An answer to this question is only required after a period of employment of six months, before that the answer is voluntary. We may ask for information on marital status and parental status in order to calculate social security contributions and to determine whether a contribution supplement to nursing care insurance is to be paid in accordance with s. 55 para. 3 Social Code XI. If it is necessary to check the legality of the employment, we may ask for a work permit or permission to work. Within the scope of the employment relationship, we process further personal data, including data on periods of illness, absences (vacation, special leave, sabbatical, etc.) or working hours. We keep a personnel file in which we store all central information required for the employment relationship.

We may process the aforementioned personal data for the purpose of establishing, implementing and terminating an employment contract or application process. The basis for data processing is Art. 88 para. 1 GDPR, s. 26 para. 1 BDSG (new), which allows the processing of data for the fulfilment of a contract or pre-contractual measures.

3.8. Data processing to protect legitimate interests

We may process your data if it is necessary to protect the legitimate interests of us or third parties. This may be the case in particular to ensure IT security and IT operation, in particular also for support enquiries, to be able to understand and prove facts in the event of legal disputes, for market and opinion surveys, to statistically evaluate the use of our website. Furthermore, we may use your email address for recommendations if you have already ordered something from us. In this way, we want to send you information that might interest you based on your last orders from us. In doing so, we comply strictly with the legal requirements. If you no longer wish to receive product recommendations or promotional messages from us, you can object to this at any time. A message in text form to the contact data mentioned under section 1 (e.g. email, letter) is sufficient for this purpose.

The basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

3.9. Data processing for marketing purposes

In the event of the use of your data for advertising purposes for us or for our cooperation partners, we may obtain your consent.

The data processing is then carried out on the basis of your consent (Art. 6 para. 1 s. 1 lit. a GDPR). You can revoke your consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

3.10. Other data processing based on your consent

It may also happen that we ask for your consent to process personal data. Any granting of consent and the relevant data processing is voluntary and you will not suffer any disadvantages if you do not consent.

The data processing is then carried out on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. An informal notification to us is sufficient for this purpose. The legality of the data processing operations already carried out remains unaffected by the revocation.

3.11. Use of data for fraud prevention purposes

The data you provide when placing an order can be used by us to check whether an atypical order process is present.

In principle, we have a legitimate interest in carrying out such an inspection. The processing of the data is based on the legal basis in Art. 6 para. 1 lit. f GDPR.

3.12. Data processing for the fulfilment of legal obligations

In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations).

The basis for data processing is Art. 6 para. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.

3.13. Automated decision-making in specific cases, including profiling

Automated decision-making including profiling does not regularly take place with us.

4. Categories of recipients of personal data

Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data.

Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract.

In the case of cooperations in which we merely act as intermediaries, your personal data will only be passed on to the cooperation partner if this is necessary for the purpose of concluding the contract and processing the contract for the cooperation partner. Both the cooperation partner and we are obliged to observe the data protection regulations within the framework of the cooperation. This obligation shall continue to apply even after termination of the respective contract.

Service providers who support us in providing our services to you are Congress and Event Management service providers, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, hosting providers and email service providers.

5. Duration of data storage

In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).

6. Data Security

Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organisational measures against loss, destruction, access, alteration or distribution of your data by unauthorised persons.

7. Rights of data subjects

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your personal data stored by us, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in clause 1. You may also have a right to restrict the processing of your data and a right to have the data provided by you released in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. In addition, you have the possibility of contacting a data protection supervisory authority (right of appeal).

You are here