PRIVACY AND PERSONAL DATA PROCESSING POLICIES
Arabisch Deutsches Center für Dialog e. V. (hereinafter “WASLA”), by virtue of the Charter of fundamental rights of the European Union, article 8 and the Federal Data Protection Act of 30 June 2017, through which provisions are established for the protection of personal data, notifies the Holders of Personal Data processed in any way by WASLA through academic, scientific and research events organized and / or developed by the WASLA, this policy for processing of information (the "Policy").
The main purpose of this Policy is to inform the Holders of Personal Data of the rights that are due to them, the procedures and mechanisms provided by WASLA to put into effect those rights of the Holders, and to inform them of the scope and purpose of the processing to which the Personal Data will be submitted in case the Holder grants his express, prior and informed authorization.
WASLA is committed to the compliance of the aforementioned regulation and the protection of the rights of individuals, and informs its stakeholders that it adopts the following policies on the collection, processing and use of personal data.
1. LEGAL FRAMEWORK
- Basic Law for the Federal Republic of Germany, articles 1 and 2.
- Charter of fundamental rights of the European Union, article 8
- General Data Protection Regulation (Regulation (EU) 2016/679)
- Federal Data Protection Act of 30 June 2017 (implementing the GDPR) ('BDSG')
In accordance with current legislation on the matter, the following definitions are established, which will be applied and implemented taking into account the criteria for interpretation that guarantee a systematic and comprehensive application, and in line with technological advances, technological neutrality and other principles and premises that govern the fundamental rights that encircle, orbit and surround the right of habeas data and protection of personal data.
a) Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
c) Restriction of processing: means the marking of stored personal data with the aim of limiting their processing in the future
d) Authorization: Prior, express and informed consent of the holder to carry out the Processing of personal data.
e) Authorized: Refers to all persons who, under the responsibility of the Company or the persons in charge, may conduct Personal Data Processing.
f) Privacy notice: Verbal, written or sent communication through any current technological means issued by the Responsible party, or by any third party designated by him/her, for the purposes, addressed to the Holder for his/her Personal Data Processing, through which he/she will be notified about the current policies of Personal Data Processing that will be applicable, the way to access those policies and the purposes of the processing that will be given to the personal data provided.
g) Database: Organized set of personal data that is subject of processing.
h) Personal datum: Any information linked, or that may be associated, to one or more specific or specifiable natural persons.
i) Private datum: It is the datum that due to its private or confidential nature, is only relevant to the Holder.
j) Sensitive datum (data): Sensitive data is understood as those that affect the privacy of the Holder or whose improper use may result in discrimination towards the Holder, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership to Unions, social, human right organizations, or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life and, biometric data, among others; the capture of still or moving image, fingerprints, photographs, iris image, voice, facial or palm recognition, etc.
k) Person in charge of the processing: Natural or legal person, public or private, who by himself or in association with others, performs the processing of personal data on behalf of the person responsible for the processing.
l) Person responsible for the processing: Natural or legal person, public or private, who by himself or in association with others, decides on the database and / or the processing of the data.
m) Holder: Natural person whose personal data are processed.
n) Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion thereof.
And the complementary definitions of article 3 of the General Data Protection Regulation (Regulation (EU) 2016/679)
WASLA will define its Personal Data Processing Policy in accordance with the following principles.
- Principle of finality: The Processing of Personal Data shall be in line with a legitimate purpose in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and the complementary law, which must be informed to the Holder.
- Principle of freedom: The processing can only be practiced with prior, express and informed consent of the Holder. Personal Data may not be obtained or disclosed without prior consent, or in the absence of a legal or judicial mandate that discontinues consent.
- Principle of veracity or quality: The information subject to Processing must be truthful, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fractionated or misleading data is prohibited.
- Principle of Transparency: The Processing must guarantee the right of the holder to obtain, at any time and without restrictions, information about the existence of data concerning him/her.
- Principle of access and restricted circulation: Personal data, except public information, may not be available on the Internet or other mass media, unless the access is technically controllable to offer knowledge restricted only to the Holder(s) or third parties authorized under the Law.
- Principle of security: Information subject to Processing must be handled with the necessary technical, human and administrative measures to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
- Principle of confidentiality: All persons involved in the Processing of Personal Data are obliged to guarantee the reservation of the information, even after ending their relationship with any of the tasks that the processing comprises, and may only supply or communicate Personal Data when this corresponds to the development of the activities expressly authorized in the Law.
4. PROCESSING AND PURPOSES
ALAPP will conduct the Processing of Personal Data for the fulfillment of the activities of its corporate purpose, in conformity with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679) and other complementary provisions. The Processing may be conducted through electronic, physical, automated means and / or using any known or to be known digital means, which may vary depending on the way of collecting information.
The processing of the personal data of any person with whom WASLA had established or established a relationship, permanently or occasionally, will be conducted within the legal framework that regulates the matter and by virtue of its condition of academic and cultural association.
4.1. The Personal Data processed by WASLA must be submitted strictly and only for the purposes indicated below. Likewise, the persons in charge or third parties who have access to the Personal Data by virtue of Law or contract, will maintain the Processing within the following purposes:
(i) The proper development of its corporate purpose, including the use of data for the execution of its activities;
(ii) Validate the information in compliance with the legal requirement of knowledge of the user applicable to WASLA;
(iii) Properly provide high quality training and education services for multidisciplinary professionals;
(iv) For the development of market research, statistics, etc., that allow WASLA's competitiveness;
(v) To address in an efficient and timely manner the health and / or emergency requirements that might arise during the provision of the service;
(vi) For the development of advertising campaigns, promotional material, etc., on social networks and the media.
(vii) Manage all the information necessary to comply with WASLA's tax obligations and, business, corporate and accounting records.
(viii) Comply with WASLA's internal processes in terms of administration of suppliers and contractors.
(ix) The transmission of data to third parties with whom contracts have been concluded for this purpose, for commercial, administrative, marketing and / or operational purposes including, but not limited to, the issuance of ID cards, personalized certificates and certifications to third parties, in accordance with the existing legal provisions.
(x) Keep and process, by computer or other means, any type of information related to the patient's health status with the purpose of providing relevant services and products.
(xi) Security and improvement of service and the experience of the Holder through any application, social network and / or web portal used by WASLA.
(xii) All other purposes determined by those responsible for Personal Data collection for its due processing and which are communicated to the Holders at the time of collecting them.
4.2. Processing of sensitive data. Data categorized as sensitive may be used and processed when:
(i) The Holder has given his/her explicit authorization for such processing, except in cases where said authorization is not required by law.
(ii) The Processing is necessary to safeguard the vital interest of the holder and in case he/she is deprived of his/her physical or legal capacities. In such events, legal representatives must grant the authorization.
(iii) The Processing has a historical, statistical or scientific purpose. In this event, measures leading to suppression of the identity of the Holders must be adopted.
4.3. Data Processing of children and adolescents: The Processing must ensure the respect for the prevailing rights of minors. The Processing of personal data of minors is proscribed, except for those data that are of a public nature. It is the duty of the State and educational entities of all kinds to provide information and train legal representatives and guardians on the potential risks that minors face in case of improper processing of their personal data, and provide knowledge about the responsible and safe use, by the children and adolescents, of their personal data, their right to privacy and the protection of their personal information and that of others.
Consequently, WASLA will be strict in the handling of the personal data of all under-aged users or visitors, and will only collect and process personal data of those children whose parents, and / or guardians in charge, have expressed explicitly and in writing their authorization for the purposes indicated in the respective privacy notice.
First Paragraph: The Personal Data provided by the Holder will be processed and used only for the purposes set forth herein, and for a period counted from the moment the authorization was granted until the period WASLA determines to be effective.
Second Paragraph: The information provided by the Holder may be shared with agencies, bodies responsible for the information, service providers, commercial allies, their allies, and third parties in general that provide services to WASLA or to third parties on behalf of or at WASLA’s expense.
Third Paragraph: WASLA guarantees that the mechanisms through which it makes use of Personal Data are safe and confidential, since they have IT security mechanisms and suitable technological means to ensure that they are stored in such a way that unwanted access is prevented by third parties.
5. OBLIGATIONS OF WASLA ASSOCIATION
As the party responsible for the Processing of Data, WASLA agrees with the Holders of Personal Data to:
a) Guarantee the Holder of the information, at all times, the full and effective exercise of the right of habeas data;
b) Keep and process by computer or other means, any type of information related to the business, in order to provide the relevant services and products;
c) Request and keep a copy of the respective authorization granted by the holder for the processing of personal data;
d) Duly inform the holder about the purpose of the collection and the holder's rights under the authorization granted;
e) Keep the information under the necessary security conditions in order to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;
f) Timely update the information, considering this way all news concerning the owner's data;
g) Rectify the information when it is incorrect;
h) Process the enquiries and claims formulated in the terms indicated by the current WASLA’s Personal Data Processing Policy;
i) Inform the Holder, at his/her request, about the use given to his/her data;
j) Inform the data protection authority when there are violations of the security codes and when the administration of the information of the Holders is at risk;
k) Comply with the instructions and requirements issued by the with the Federal Commissioner for Data Protection and Freedom of Information ('BfDI') and the various supervisory authorities of the Länder.
l) Refrain from circulating information that is being contested by the Holder and whose blocking has been ordered by the with the Federal Commissioner for Data Protection and Freedom of Information ('BfDI') and the various supervisory authorities of the Länder;
m) Use only data whose processing is previously authorized according to the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679);
n) Inform through any electronic means the new mechanisms implemented so that the Holders of the information make their rights effective, as well as any modification to the Personal Data Processing Policy;
o) To ensure the proper use of the personal data of children and adolescents, in those cases in which the processing of their data is authorized by their representative;
p) Other legal and contractual obligations.
6. RIGHTS OF THE PERSONAL DATA HOLDER
In accordance with laws currently in force, the Personal Data Holders have the following rights:
a) Know, update and rectify their Personal Data before WASLA or those in charge of the processing. This right may be exercised, among others, against partial, inaccurate, incomplete, fractionated, misleading data, or data whose Processing is expressly prohibited or not authorized;
b) Request proof of the Authorization granted to WASLA, unless the Law indicates that said Authorization is not necessary;
c) Submit requests to WASLA or the person/entity in charge of the Processing regarding the use that has been given to their Personal Data, and that they provide such information to them;
d) Submit complaints the Federal Commissioner for Data Protection and Freedom of Information ('BfDI') and the various supervisory authorities of the Länder for violations of the Law.
e) Revoke their Authorization and / or request the deletion of their Personal Data from the Institute's databases when the Federal Commissioner for Data Protection and Freedom of Information ('BfDI') and the various supervisory authorities of the Länder has determined, by means of a definitive administrative act, that the Processing of the institute or the person/entity in charge of the processing has engaged in conducts contrary to the Law or when there is no legal or contractual obligation to keep the Personal Datum in the database of the responsible person/entity.
f) Request access and gain access, free of charge, to their Personal Data that have been processed in accordance with article 15 of the General Data Protection Regulation (Regulation (EU) 2016/679)
g) Know the modifications to the terms of this Policy efficiently and in advance of the implementation of the new modifications or, failing that, of the new information processing policy.
h) Have easy access to the text of this Policy and its modifications.
i) Access, in an easy and simple way, to the Personal Data that are under the control of WASLA to effectively exercise the rights that the Law grants Holders.
j) Know the unit in charge or the person empowered by WASLA before whom they can submit complaints, queries, claims and any other request about their Personal Data. The Holders may exercise their rights under the Law and conduct the procedures established in this Policy, by presenting their national ID card or original identification document. Minors may exercise their rights in person, or through their parents or guardians who represent them before WASLA. Likewise, the rights of the Holder may be exercised by the successors who can prove such status, the representative and / or the attorney-in-fact of the holder with the appropriate documentation.
7. AUTHORIZATION AND CONSENT
The collection, storage, use, circulation or suppression of personal data by WASLA, requires the free, prior, express and informed consent of the Holder thereof. In compliance with current legislation, WASLA has adopted the following mechanisms to obtain authorization or ratification from the Holder of Personal Data:
7.1 Means and manifestations to grant the Authorization.
The Authorization may be granted in a physical or electronic document, text message, Internet, websites, in any other format that guarantees its subsequent consultation, or through an appropriate technical or technological mechanism that allows to express or obtain the consent of the Holder, whereby it can be unequivocally concluded that if a Holder's conduct had not taken place, the data would have never been collected and stored in the database.
For the purposes, Authorization is understood as that given through technological mechanisms such as, but not limited to, a "click" of acceptance of our Terms and Conditions and the Personal Data Processing Policy, when entering the data for sending emails or "Newsletter"; completing forms on the site www.wasla.berlin and / or by subscribing through third-party applications such as, but not limited to, Facebook, Instagram or LinkedIn.
With this procedure of Agreed Authorization, it is expressly guaranteed that the Personal Data Holder knows and accepts that WASLA will collect, store, use, clean, analyze, circulate, transmit, transfer, update or delete, according to the Law, the information for the purposes for which it is informed prior to granting the authorization, and for the purpose contained on this document.
The Authorization requested by WASLA will establish as a minimum:
(i) The complete identification of the person from whom Personal Data are collected;
(ii) The Authorization referred to in numeral 6.1;
(iii) The purpose of the Processing of Personal Data, and;
(iv) The rights of access, correction, update or deletion of the Personal Data provided by the Holder thereof.
7.2 Proof of Authorization.
WASLA will use its current mechanisms and will implement and adopt the necessary and tending actions to keep suitable technical or technological records or mechanisms of when and how it obtained authorization from the holders of personal data for their Processing. To comply with the foregoing, paper files or electronic repositories can be created directly or through third parties contracted for such purpose.
7.3 Privacy Notice. General information on data processing
For the data collected, an email will be sent to all persons of whom WASLA has Personal Data informing them about the implementation of WASLA’s Personal Data Processing Policy and how to exercise their rights.
In accordance with the law, the Privacy Notice is the physical, electronic, or in some other format, document known, or to be known, that is made available to the Holder for the processing of his/her personal data. Through this document, the Holder is provided with the information regarding the existence of the policies of information processing that will be applicable, the way to access said policies and the characteristics of the processing that is to be given to personal data.
7.4 Scope and content of the Privacy Notice.
The Privacy Notice, as a minimum, must contain the following information:
1. the purposes of the processing,
2. the rights of data subjects with regard to the processing of their personal data to access, rectification, erasure and restriction of processing,
3. the names and contact details of the controller and the data protection officer,
4. the right to lodge a complaint with the Federal Commissioner, and
5. the contact details of the Federal Commissioner.
8. RESPONSIBLE AREA AND PROCEDURE FOR THE EXERCISE OF THE HOLDER’S RIGHTS
The Holder, his representative, his successor or his attorney-in-fact may present, at any time, queries, requests and / or claims before WASLA to know, update, rectify, request the deletion of his Personal Data and / or revoke the authorization. For this reason, it is the responsibility of the entire team of direct and indirect WASLA workers, without exception, to comply with the Information Processing Policy, and especially with due attention to the requests, complaints and claims that the Holder submits to the company for this concept.
To exercise his/her rights, the Holder or whoever acts on his/her behalf and representation, to comply with the Information Processing Policy, and especially with due attention to the requests, complaints and claims that the Holder submits to the company for this concept.
To exercise his/her rights, the Holder or whoever acts on his/her behalf and representation, may submit requests, complaints and / or claims before ALAPP by the following means:
(i) Email to: email@example.com
(ii) Tel.: + (49) 173 3111 910
Written communication by electronic means through the website www.wasla.berlin
The area responsible for the management and Processing of the Databases, as the case may be, will always be the person in charge of the customer service department, who will be in charge of handling the requests, complaints and claims filed by the Holder in exercise of his rights. Whatever means used, the person in charge will keep proof of the query and its response.
The attention of a query, request, complaint or claim, in writing, by email, electronic means, phone or verbally, will be handled according to the following procedure:
When the main request is a query, that is, to consult personal information of the Holder that resides in the WASLA Databases, the procedure will be as established here:
(i) The query will be formulated by filling out the WASLA formats for Petitions, complaints and claims available on the website or by email: : firstname.lastname@example.org
(ii) Once the query has been received, a response must be sent to the Holder, whatever it may be, within ten (10) business days following the date when the query was received.
(iii) If it is not possible to answer the consultation within the aforementioned period, the Holder must be notified, explaining the reasons for the delay and indicating the date on which the consultation will be responded, which may not exceed five (5) business days following the expiration of the first term.
When the main request is a claim, that is, when the Holder considers that the information contained in the WASLA Databases should be subject to correction, updating or deletion, or when he/she notices the breach of any of the duties contained in the Federal Data Protection Act of 30 June 2017 (implementing the GDPR by WASLA, the procedure will be as established here:
(i) The claim will be lodged through a request addressed to the person Responsible or in charge of the Information, with the Holder's identification number, the description of the events that give rise to the claim, the address and the documents considered necessary.
(ii) If the claim is incomplete, the Holder, or whoever acts as him, will be required within five (5) business days after receipt of the claim to correct errors.
(iii) If, after two (2) months from the date of the correction request, the Holder or whoever acts as him, does not submit the requested information, it will be understood that the claim has been withdrawn.
(iv) Once a claim is received with full requirements, it must be included in the databases in a term not exceeding two (2) business days, identifying it as "claim in process" and the reason for it. Such label must be kept until a decision is made on the claim.
(v) If, after two (2) months from the date of the correction request, the Holder or whoever acts as him, does not submit the requested information, it will be understood that the claim has been withdrawn.
(vi) The maximum deadline to respond to the claim will be fifteen (15) business days counted from the next day after it is received. When it is not possible to respond the claim within this term, the interested party will be informed of the reasons for the delay and the date on which his claim will be responded, which may not exceed eight (8) business days following the expiration of the term.
(vii) In the event that WASLA receives a claim and is not competent to resolve it, WASLA will transfer the claim to whom it may concern, to the extent possible, within a maximum term of two (2) business days and will inform the interested party of the situation.
(viii) When the request is made by a person other than the Holder and it is not proven that the person acts on his/her behalf, the request shall be deemed as not filed.
9. RECTIFICATION, UPDATE AND DELETION OF PERSONAL DATA
As established in the provisions of numeral 8 above, WASLA will rectify, update or delete, at the Holder’s request, any type of information according to the procedure and the terms indicated in the previous article. In the case of rectification and / or update, the proposed corrections must be duly substantiated.
Paragraph: The information Holder will have the right, at all times, to request the total or partial deletion of his/her Personal Data and for this the procedure, established in point 8 above, will be followed. WASLA can only deny the deletion when:
i) The Holder has the legal and / or contractual duty to remain in the database;
ii) The deletion of the data hinders ongoing judicial or administrative proceedings, and;
iii) In all other cases referred to in section 57 and 58 of the Federal Data Protection Act of 30 June 2017 (implementing the GDPR), when appropriate.
10. INFORMATION SECURITY MEASURES
WASLA will adopt the technical, human and administrative measures that are necessary to grant security to the records, avoiding their adulteration, loss, consultation, or unauthorized or fraudulent access or use; these measures will respond to the minimum requirements of the legislation in force.
11. AUTHORIZATION OF COMMUNICATIONS THROUGH EMAIL AND / OR SOCIAL NETWORKS
With the collection and due processing of personal data, WASLA will use its electronic means such as the website, applications, social networks and / or any electronic means to send communications to its members and / or anyone who participates in its events. The information may contain, but is not limited to, services, research, projects, programs, publications and academic events conducted by WASLA.
12. DESIGNATION OF THE RESPONSIBLE PERSON
WASLA designates the customer service department, or whoever is acting on its behalf, to fulfill the function of protecting Personal Data, as well as to process the requests of the Holders, for the exercise of the rights of access, consultation, rectification, update, deletion and revocation referred to the Federal Data Protection Act of 30 June 2017 (implementing the GDPR), all other norms that regulate or complement them and the Personal Data Processing Policy.
This Policy is effective as of [01/10/2020]. Personal Data that are stored, used or transmitted will remain in our Database, based on the criteria of temporality and necessity, for as long as necessary, for the purposes mentioned in this Policy for which they were collected.
Databases in which personal data will be recorded shall be valid for a period equal to the time that the information is kept and used for the purposes described in this policy. Once these purposes are fulfilled and, as long as there is no legal or contractual duty to retain your information, your data will be removed from our databases.
Arabisch Deutsches Center für Dialog - WASLA e. V.