Privacy policy

Privacy policy for the website bvdnet.de

Here we inform you about the processing of your personal data when you visit the website of the Berufsverband der Datenschutzbeauftragten Deutschlands (BvD) e.V. (www.bvdnet.de).

Responsible body

Professional Association of Data Protection Officers in Germany (BvD) e.V.
Budapester Street 31
10787 Berlin
Telephone (030) 26 36 77 60
E-mail: bvd-gs@bvdnet.de
Authorized to represent: Thomas Spaeing (Chairman of the Board)

Online forms

On our website, we offer you various services and offers for which you can fill out online forms. In doing so, we collect the necessary personal data. In the following, we explain how we handle your personal data in connection with the respective online forms.

Contact form

You can contact us via the online contact form, by e-mail or by telephone. The handling of your data is explained in the “Contacting us” section below.

Company succession exchange

The data you enter will be used by us to manage and display your advertisement. The legal basis for this is the initiation and execution of the contract (Art. 6 para. 1 lit. b GDPR). Your data will be deleted after the advertisement has expired, provided there are no legal retention periods to the contrary.

Booking form for the data protection internship exchange

The data you enter will be used by us for the administration and placement of job and internship offers. The legal basis for this is the initiation and execution of the contract (Art. 6 para. 1 lit. b GDPR). Your data will be deleted after the advertisement has expired, provided there are no legal retention periods to the contrary.

Inquiry and booking forms for market overviews

We offer various market overviews in which you can register using online forms. These are, for example, the “Market overview of generators for data protection declarations”, “Market overview of software for website verification”, “Market overview of eLearning solutions in data protection” or the “Market overview of data protection management systems (DSMS)”.

We use the data you enter in the respective inquiry or booking form to provide the relevant overviews for members and interested parties and to bill entries subject to a charge.
The legal basis for this is the initiation and execution of the contract (Art. 6 para. 1 lit. b GDPR). Your data will be deleted after the advertisement has expired, provided there are no legal retention periods to the contrary.

Membership application

The data you enter will be used by us to process your membership application and manage your membership. The legal basis is the initiation and execution of the contract (Art. 6 para. 1 lit. b GDPR). We store your data for the duration of your membership, provided there are no statutory retention periods to the contrary.

Registration for events

If you register for one of our seminars, webinars or conferences, we will use the data you enter to organize and hold the respective event. The events can take place online or as face-to-face events.
The legal basis is the initiation and execution of the contract (Art. 6 para. 1 lit. b GDPR). We will retain your data for three years after the end of the event in order to be able to assert, exercise or defend ourselves against any legal claims (Art. 6 para. 1 lit. f GDPR). Our legitimate interest arises from the aforementioned purposes). Data that must be stored for longer due to statutory retention periods (e.g. 10 years for billing data) will be deleted after the statutory period has expired.

For online events, your data will be passed on to service providers for the provision of chat and video functionality. The following data may be processed in the context of online events:

  • Meeting data: Topic, description, participant IP address, device/hardware information, location, language settings, operating system,
  • Video and audio data, if released by users,
  • Data that is explicitly entered, for example in chats or question functions.
  • Duration of the session, connections made, hardware, equipment and devices used, IP addresses, location, language settings, operating system used, unique device identifiers and other diagnostic data.

This information is required for the provision, operation and improvement of the services. The service provider may process location-related data for the purpose of providing, operating and supporting the service and for fraud prevention and security monitoring. The legal basis for the processing of this data is the legitimate interest to maintain the services.
For video conferences, we use the services edudip(https://edudip.com/datenschutzerklaerung/) of edudip GmbH, Jülicher Straße 306, 52070 Aachen and Veeting(https://www.veeting.com/de/privacy) of Veeting AG, Seebahnstrasse 85, CH-8003 Zurich. For Switzerland, an adequacy decision pursuant to Art. 45 para. 3 GDPR has been issued by the EU Commission.

Contact us

When you contact us via our online contact form, by email or telephone, the data you provide will be processed and stored by us in order to respond to your request. If your request is related to your membership relationship or another contractual relationship with us, or if it is aimed at a contractual or membership relationship, Art. 6 para. 1 lit. b GDPR serves as the legal basis. In all other cases, the processing of your personal data is based on our legitimate interest in the efficient processing of inquiries and the promotion of communication with interested parties, members and other stakeholders (Art. 6 para. 1 lit. f GDPR).
After termination of a membership or contractual relationship, we delete the above-mentioned data, provided there are no statutory retention periods. We retain data that we process on the basis of our legitimate interest for three years after completion of the request in order to be able to assert, exercise or defend ourselves against any legal claims.

Do not send us any sensitive data by unencrypted e-mail. Use our public PGP key to send us encrypted e-mails. The corresponding fingerprint is: 5802 0F5B 09A2 0DA6 D4C4 6083 94C8 CED8 0870 1C12

Our newsletter

You can subscribe to various e-mail newsletters on our website, including our general newsletter, press mailing list, political letter and “Rudi’s Data Circus”. In the following, we refer to all versions of our newsletters.
If you subscribe to one of our newsletters, the data you enter in the respective input mask will be transmitted to us. We use the data exclusively for sending the newsletter.
Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people’s e-mail addresses. When registering for a newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned and for us as proof of your consent to receive the newsletter.
You can unsubscribe from the newsletter at any time and revoke your consent to the storage of your personal data. There is a corresponding link for this purpose in every newsletter.
Our legal basis for processing the data after you have subscribed to the newsletter is your consent (Art. 6 para. 1 lit. a GDPR).
If we have received your email as part of your purchase of one of our offers (e.g. seminars), the legal basis for sending the newsletter is our legitimate interest in direct advertising (Art. 6 para. 1 lit. f GDPR under the conditions of Section 7 para. 3 UWG).
If you are a member of the BvD, you will receive the special newsletter for members “Member Information” as part of your membership (fulfillment of contract Art. 6 para. 1 lit. b GDPR).

We use rapidmail to send the newsletter. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize the sending of newsletters. We do not use the analysis functions of rapidmail. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail’s servers in Germany. For more information, please refer to rapidmail’s data security information at: https://www.rapidmail.de/datensicherheit.

Member area and login

As a BvD member, you will receive access to the member area of our website. When you log in to the members’ area of our website, we use your login details to verify your identity and grant you access. If you have forgotten your password, we will use your e-mail address to send you a password reset message.
If you check the “Stay logged in” box, you will remain logged in for the next 14 days without having to log in again. Your browser saves your login data. To ensure your security, do not use this function if other people have access to your device.
If you do not activate the “Stay logged in” checkbox, you will be logged out automatically after one hour at the latest. You will also be logged out as soon as you close the browser. It is recommended that you always log out manually to ensure your security.
In the member area, you will receive exclusive information and have the option of using various member services, such as changing your address or making changes to your bank account.
As soon as your membership ends, we will delete your data, provided there are no statutory retention obligations. The legal basis for the processing of your personal login data is our legitimate interest in providing you with secure and convenient access to the member area of our website (Art. 6 para. 1 sentence 1 lit. f GDPR). The legal basis for your data in the member area is the initiation and execution of contracts (Art. 6 para. 1 sentence 1 lit. b GDPR).

Find a data protection officer

On our website, we publish a list of data protection officers who have committed themselves to the professional mission statement of the data protection officer. Members who are data protection officers with the appropriate qualifications can be added to this list. Your contact details will be published in this list on our website for the purpose of contacting you. The legal basis for the publication of your contact details is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Your data will be deleted if you withdraw your consent, but at the latest after termination of your membership.

Online presence in social media

We maintain online presences within social networks and platforms such as LinkedIn and Mastodon in order to communicate with the customers, interested parties and users active there and to inform them about our services and generally on the subject of data protection.

We would like to point out that user data may be processed in social networks outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.

Furthermore, user data is generally processed by the platforms for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). The BvD does not receive any access to the actual usage data. We only use general usage statistics to check the effectiveness of usage.

The processing of users’ personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. If users are asked by the respective providers to consent to general terms and conditions for which data processing is required, the legal basis for processing is Art. 6 para. 1 lit. b., Art. 7 GDPR.

For a detailed description of the respective processing and the opt-out options, we refer to the following linked information from the providers.
In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the user’s data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

– LinkedIn (LinkedIn Corporation, 605 W Maude Ave, Sunnyvale, CA 94085, USA) – Privacy Policy: https://de.linkedin.com/legal/privacy-policy
– Mastodon: The Mastodon privacy policy of your provider applies.

YouTube videos

(1) YouTube is a service of the provider Google LLC, 1600 Amphiteatre Parkway, Mountain View, CA 94043, USA. In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website. The integration of YouTube is based on our legitimate interest in an informative and appealing design of our website (Art. 6 para. 1 lit. f GDPR). The YouTube videos are all integrated with a preview image in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the YouTube cookies be set and the data mentioned below transferred. We obtain your consent for these processes (storage of data or access to information in the user’s terminal device § 25 para. 1 TTDSG and Art. 6 para. 1 lit a GDPR).
When the YouTube video is started, further data processing may be triggered over which we have no influence. Google LLC is responsible for further data processing.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in the “Web server logs” section of this statement is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in YouTube’s privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has concluded standard contractual clauses for data transfers to the USA, which can be accessed here: https://policies.google.com/privacy/frameworks.

Technically necessary cookies

We use technically necessary cookies to enable you to use our website conveniently and securely. These cookies do not process any personal data. The legal basis for the use of these technically necessary cookies is §25 para. 2 TDDDG. The technically necessary cookies we use serve to set the language (Polylang), to save the successful login to avoid multiple password queries and to detect and contain malicious activities.

Web server protocols

Each time you visit our website, our system, i.e. the web server, automatically processes information that your Internet browser automatically transmits to us. This data is technically necessary in order to display our website to you and is also used for statistical evaluations:

  • the IP address from which the request was made
  • the browser type and version used by the user
  • the operating system used by the user
  • the previous page from which the user came to our website (referrer)
  • Status, date and time of access
  • the name of the requested file,
  • the size of the transferred file

The IP address of the website visitor is completely anonymized in the web server log, so the data in the web server log is not personal.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR; our legitimate interests as the responsible website operator arise from the above-mentioned purposes.

The web server for the operation of this website is technically operated by a hosting service provider with a server location in Germany.

Logging of security-relevant processes

Our website uses the WP Activity Log plugin, a tool for security monitoring and logging user activities on this WordPress installation. This plugin helps us to track security-relevant processes on the website and identify potential security risks at an early stage.

Among other things, the following data is collected and stored:

  • User name of registered user
  • Time and type of action (e.g. login, change of content, settings)
  • IP address of the executing user
  • Technical details of the user’s environment (e.g. browser type)

This data is processed on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring the security of our website and in investigating possible security incidents.

The logged data is stored for a period of 6 months. It is then automatically deleted unless it is required for longer in individual cases to track a security-relevant event.

Web analysis with Matomo

What is Matomo?

Matomo is an open source web analytics platform. The web analytics platform is used by us to measure, collect, analyze and process visitor data in order to understand and optimize our website.

What is Matomo used for?

Matomo is used by us to analyze the behavior of website visitors to identify potential pitfalls; pages not found, search engine indexing issues, what content is most popular. Once the data is processed (e.g. the number of visitors who reach a page not found, view only one page), Matomo creates reports that we can use to take action to improve our offering, e.g. change the layout of the pages, publish new content.

We process the following personal data with Matomo:

  • anonymized IP address
  • pseudonymized user ID
  • Customized dimensions
  • User-defined variables
  • Date and time of the request
  • Title of the page being viewed
  • URL of the displayed page
  • Referrer (URL of the page that was displayed before the current page)
  • Screen resolution
  • Time in the local time zone of the local user
  • Files that have been clicked and downloaded
  • Clicks on external links
  • Creation time of the pages
  • Page generation time (the time it takes to generate web pages from the web server and then download them from the user)
  • Location of the user: country, region, city, approximate latitude and longitude (geolocation)
  • Main language of the browser used
  • User agent of the browser. Matomo uses a universal device detection library via the user agent to recognize the browser, operating system, device used (desktop, tablet, cell phone, TV, car, console, etc.), brand and model

Legal basis

The processing of personal data with Matomo is based on legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interests arise from the purposes described above for data processing with Matomo.

Storage duration

The personal data collected via Matomo and aggregated report data are automatically deleted after a period of 180 days.

Possibility of objection

Matomo does not create profiles and respects the do-not-track setting of your browser.

If you do not want us to process any personal data with Matomo when you visit our website, you can opt out at any time. This will have no consequences for the use of our website.
You can object to the tracking of your personal data by using the following opt-out function:

By activating the checkbox below with a mouse click, a so-called opt-out cookie is set in your browser software, which prevents the future collection of your usage information by Matomo on this website. If you delete the opt-out cookie from your browser software, you must set the opt-out cookie again by selecting the checkbox in order to prevent Matomo from collecting your usage information on this website.

Obligation to provide the data

There is no legal obligation to provide personal data.

Sometimes it may be necessary to conclude a contract for you to provide us with personal data, which must subsequently be processed by us. This is the case, for example, when you submit membership applications or book events or seminars. Failure to provide personal data would mean that the contract could not be concluded.

Your rights towards us

You have the following rights vis-à-vis us with regard to your personal data:

  • Right to information
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to the processing
  • Right to data portability
  • Right to object to the processing of personal data for advertising purposes
  • Right to withdraw consent: You have the right to withdraw your consent to the processing of your personal data at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

To exercise your rights, please contact us by email at bvd-gs@bvdnet.de or by post at the address of the above-mentioned controller.

Right to lodge a complaint with the data protection supervisory authority

You have the right to lodge a complaint with any data protection supervisory authority. The data protection supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information https://www.datenschutz-berlin.de/.

Contact for data protection issues

For general questions about data protection at the BvD, you can contact us at any time at datenschutz@bvdnet.de.
If you have a confidential request, please let us know – we will name a suitable contact person on request.

To our other data protection declarations

To the privacy policy – Data protection goes to school
To the data protection information Photo and film recordings at BvD events