We take the protection of your data very seriously and are entirely committed to recording and storing as little of it as possible. What we do collect is used to constantly improve the running of the website. It is possible to use the site without supplying personal data, and not all information collected is personally identifiable - unless you give us your name, either in an email, on one of our forms or when you order something from us.
## When you use one of the services offered on our website or ## make a purchase, we collect and store personal information, so for example your name, your address, your email address or your telephone number. We will only collect and store your data in this way if you have either given us your express permission to do so or in accordance with applicable law and on the basis of the new EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act.
We provide information here on when and why we collect your personal information, precisely what we collect, how we use it and how we keep it secure. We also provide you with information on your rights with respect to this data.
On this site we use SSL data encryption. This helps to keep private information private, for example when you contact us in any way. You can tell that the web connection is secure when the web address in the address bar of your browser begins with "https://" (the extra ‘s’ stands for security) and the bar displays a green padlock symbol.
Data controller for our website as defined by the General Data Protection Regulation and other applicable data protection laws is:
International Tube Association e.V.
Heinz-Ingestau-Straße 9, 40474 Duesseldorf, Germany
+49 211 947 5650 / email@example.com / www.itatube.org
When we hold and process your personal data, we do so based on the terms of the new EU General Data Protection Regulation (GDPR), “Lawfulness of processing”, and the German Federal Data Protection Act, as follows:
We may need your personal data for compliance reasons (i.e. to comply with legal processes such as those prescribed by tax or commercial law) or for entering into or performance of a contract. If we’re not supplied with this data (e.g. name, address or other personal details of a contract partner), we will be unable to enter into a contract.
Our Internet server, in common with most others, automatically creates log files to record certain details of your activity on our website, such as
We use this data in the following ways:
Log files do not contain any personal information: We collect this data anonymously and store it separately from all personal data made available to us by data subjects. ## IP addresses are stored in an abbreviated and thus anonymous form, dropping the last octet.
In accordance with legal provisions and to the extent that you haven’t made use of your legal right to object to the processing of your personal data in this way, we can use and evaluate pseudonymised user profiles
Some of our services require that we use so-called cookies.
A cookie is a small piece of data sent from a website and stored in your web browser on your computer or other device. Cookies enable us to collect information from your visit to our website that help us to identify your browser and differentiate it from the browsers of other data subjects.
Most browsers are automatically configured to accept cookies. However, you can modify your browser at any time so that it disables cookies or requests permission before accepting them. Please note that if you simply disable all of our cookies or cookies in general in your browser settings, you may find that certain sections or features of our website will not work, because your browser may prevent us from setting functionally required cookies.
The web traffic analysis also puts together geographical user profiles via the IP addresses of visitors to our website. ## The IP addresses are abbreviated before they are stored by deleting the last octet, so that a regional categorization (also known as ‘IP geolocation’) but no actual identification of the individual user is possible.
Important note: You can manage the setting of cookies in general, or prevent it altogether, by adjusting the settings directly on your browser. Alternatively, you can block our web analysis cookies:
This website uses Google Analytics for the statistical analysis of visitor activity. This is a web analytics service offered by Google Inc., which means that they are active on our behalf as a processor. Google Inc. conduct their data tracking and processing activities using their own servers, which tend to be USA-based rather than in the European Union. Data collected from visitors to our website is used to create pseudonymous user profiles.
We use “Google Analytics” with their IP anonymization feature turned on. This masks the IP address of our users by removing the last octet before storage or processing begins. The abbreviation of the IP address is done in this case not by us, but by Google Inc.
Important note: You can manage the setting of cookies in general, or prevent it altogether, by adjusting the settings directly on your browser. Alternatively, you can prevent the data collected by cookies from being used or processed by Google if you download and install their opt-out browser add-on here: http://tools.google.com/dlpage/gaoptout?hl=en-GB
You can read the “Google Analytics” data privacy and security information provided by Google Inc. here: https://support.google.com/analytics/answer/6004245?hl=en
Whenever you send us an email or fill in a contact form, you voluntarily provide us with personal information which is recorded and used by us for the purpose of getting in touch or fulfilling other services that you may have requested. This information can include your name, address or email address, your telephone number and any other data you may have provided.
In addition, whenever you use a form provided on our website to get in touch, the IP address you used will also be recorded.
We make a point of ensuring that all personal data collected in this way is used solely for the purpose of responding to queries or delivering services. We will never share this data with others unless we are legally obliged to do so.
Whenever you use the links provided by our website to let you interact with our social media pages (such as Twitter, Facebook or Google+), these networks collect data, over the recording, processing, sharing or other use of which we have no control. You can avoid this by not using these links when you visit our website.
The data collection functions specific to these social media networks are only activated when you hit the button or icon that represents the link on our web pages. Our website has these functions deactivated by default.
If you have signed up to receive our regular newsletter, you will have filled in a form which provides us with certain personal information, in particular your email address.
For legal reasons our newsletter subscription procedure makes use of the best-practice ‘double-opt in’ process which sends an automatically generated verification email to the email address you have provided in the sign-up process. This allows us to confirm that the owner of said email address is in actual fact the person who wants to subscribe to our newsletter.
We will only use the personal data collected as part of the subscription process
You can cancel your newsletter subscription or withdraw your agreement to the retention of your personal data – also known as ‘the right to be forgotten’ – at any time by clicking on the link provided in every newsletter or by sending a request directly to the data controller for the website. In the event of either a cancellation or a withdrawal of your consent and barring any other legal obligation, we will erase the personal data in question and stop sending you the newsletter.
As well as the data provided on the subscription form, we also record the date and time of your sign-up as well as the IP address you used. This is done both for our own legal protection as well as to secure our technical systems against misuse.
## Our newsletters contain tracking pixels, also known as pixel tags or web beacons; these are tiny graphics embedded in the email and their activation is logged when the email is opened so that we can track if and when a newsletter is accessed. They also allow us to track the use of any links that the newsletter might contain. We record and evaluate this data for the sole purpose of collating statistics on our newsletter service or enhancing and personalising it to fit the profile of the individual subscriber.
Your personal data will only be retained for as long as is necessary to fulfil the purpose for which it was collected, or for as long as we are legally obliged to do so.
We will routinely block or delete any personal data we hold – without the need for an actual request on your part – as soon as it is no longer required to fulfil a purpose or contract or as soon as the legal retention period has come to an end, in compliance with legal requirements.
The following describes the rights that you (the data subject) have with regard to your personal data and that we (the data controller) must comply with. Should you wish at any time to request compliance with any of these rights, you can contact us; we recommend you do this in writing or by emailing us at firstname.lastname@example.org .
i.e. the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed.
i.e. where that is the case, access to the personal data and the following information:
i.e. the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
i.e. the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, whereby the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller shall take reasonable steps, taking account of available technology and the cost of implementation, and including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
This shall not apply to the extent that processing is necessary:
i.e. the right to obtain from the controller restriction of processing where one of the following applies:
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
i.e. the right of the data subject to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The exercise of the right to data portability shall be without prejudice to the right to erasure (‘right to be forgotten’). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
i.e. the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) of the GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) of the GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
This shall not apply if the decision:
In the cases referred to in points (a) and (c) above, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Decisions referred to in points (a), (b) and (c) above shall not be based on special categories of personal data – referred to in Article 9(1) of the GDPR – unless the data subject has given explicit consent to the processing of the personal data for one or more specified purposes, or processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.