We consider your privacy and the protection of your data a very important matter, and we do our best to comply with the regulations in this field. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR). The following privacy policy provides indications regarding your privacy rights and how we handle data in our activities.
Definitions
This privacy policy is using the terms of the European legislator for the adoption of the General Data Protection Regulation (GDPR), as defined below:
Who we are
The data controller for all purposes related to data protection is:
TAFISA
c/o Commerzbank, Filiale Höchst
Hostatostraße 2
D-65929 Frankfurt am Main
Germany
Email: info@tafisa.org
Tel: +49 (0) 69 973 935 99 0
Fax: +49 (0) 69 973 935 99 5
Cookies
Certain parts of our website use "cookies" to keep track of your visit and to help you navigate between sections. A cookie is a small data file that certain websites store on your computer's hard-drive when you visit such websites. Cookies can contain information such as your user ID and the pages you have visited. The only personal information a cookie contains is information that you have personally supplied. We use cookies on our website to enable us to deliver content that is specific to your interests and gives us an idea of which parts of the website you are visiting and to recognise you when you return to the website. Reading cookies does not give us access to other information on your computer's hard-drive and our website will not read cookies created by other websites that you have visited. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. If, however, you select this setting you may be unable to access certain parts of the website. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you access the website. Please note providers of third party content may also use cookies over which we have no control.
Collection of data and information
Our website does not require the provision of any personal data to be used. In common with most websites, our website logs various information about visitors, including internet protocol (IP) addresses, browser type, internet service provider (ISP) information, referring / exit pages and date / time stamp. We may use this information to analyse trends, administer the website, track your movement around the website and gather broad demographic information.
We also collect data when you actively register for specific events that we organise or that are organised on our behalf. In such cases, the use we make of this data shall be appropriately related to the specific event you have registered for. In all situations where your data is collected, it allows us to carry out our work and facilitate the provision of services to you in direct relation to our mutual relationship.
Disclosure of information
We do not disclose your personal information unless you have given express consent to share it with an identified third party, or we are required to do so by law. We do not sell, trade or rent your personal information to others.
Transferring your personal information internationally
The personal information we collect may be transferred to and stored in countries outside of the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third party processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws.
Subscription to newsletters
We regularly make use of our newsletter to inform you about the latest and upcoming events and activities related to our work. You may subscribe to our newsletter through our website, and both the subscription process and data collection to allow the sending of newsletter is managed by the third-party MailChimp®. The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time, through a link to unsubscribe accessible at the bottom of each newsletter. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. It is also possible to unsubscribe from the newsletter at any time by communicating directly with us.
Storage duration of your personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage. The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you, however, we will only hold your information for as long as is necessary or where you ask us to delete records we may delete it earlier. In some cases, personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual practice and regulatory requirements.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address, by contacting us.
Your rights regarding data protection and personal information
You have the following rights in relation to your personal information:
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
To exercise any of your rights, or if you have any questions relating to your rights, please contact us.
Data protection provisions about the use of PayPal
Paypal process payments membership fees from our website. Neither us or PayPal retain any financial information you may submit as part of the payment process. PayPal monitors every transaction to prevent fraud, email phishing and identity theft. Every transaction is heavily guarded behind PayPal's advanced encryption. If something appears suspicious, their dedicated team of security specialists will identify suspicious activity and help protect you from fraudulent transactions. PayPal or TAFISA will never ask for any sensitive information. Your data as mentioned below is encrypted before transmission to prevent misuse of the transmitted data by third parties. SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted so that is only readable by the PayPal payment system. Your data which is encrypted, is as follows:
Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our organisation is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our organisation and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our organisation or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. They considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
Legitimate interests by controller or third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.
Provision of personal data as statutory or contractual requirement; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our organisation signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
Security
We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of it. Unfortunately, no information transmission over the Internet is guaranteed 100% secure nor is any storage of information always 100% secure, but we do take all appropriate steps to protect the security of your personal information.
Changes to our privacy policy
We may update this privacy policy from time to time. Any changes we may make to this privacy policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes and should you object to any alteration, please contact us.
TAFISA welcomes your enquiries and feedback, and can be reached via the details below.
TAFISA c/o Commerzbank / Filiale Höchst Hostatostrasse 2 65929 Frankfurt Höchst Germany
c/o Commerzbank / Filiale Höchst Hostatostraße 2 D-65929 Frankfurt am Main Germany Email: info@tafisa.org Tel: +49 (0) 69 973 935 990 Fax: +49 (0) 69 973 935 995