Datenschutzerklärung
Data Privacy Notices and Obligations to furnish Information pursuant to Articles 12, 13 and 14 GDPR
Our work also requires the collection and processing of personal data. According to Articles 12 to 14 of the GDPR, the controller must make the information mentioned in the Articles available to a data subject whose data he processes. With this reference sheet we are complying with this obligation to furnish information and giving you an overview in the following on how your personal data is processed by us and the rights you are entitled to pursuant to the EU General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG). These data privacy notices are directed at all our members, participants and guests of economic policy events as well as non-members/third parties and describe all data processing that is possible, which means that not all data processing described here necessarily has to apply to you. If you have any questions in this regard, we would like you to contact us.
Who is responsible for data processing and who is available to provide information?
Responsible for the processing of your personal data is Wirtschaftsrat der CDU e.V. Luisenstraße 44 10117 Berlin Telephone: 030 / 240 87-0 Fax: 030 / 240 87-405 E-mail: info@wirtschaftsrat.de
Our data protection officer is available at
Data Protection Officer of Wirtschaftsrat der CDU e.V. Luisenstr. 44 10117 Berlin Telephone: 030/240 87 -350 Fax: 030/240 87 -505 E-mail: datenschutz@wirtschaftsrat.de
What personal data is collected and processed?
We especially process personal data that we collect in the context of the admission application for membership (personal or as company) from our (future) personal members or from the contact persons of corporate members. In addition, we process – as far as necessary – personal data that we permissibly obtain from publicly accessible sources (e.g. trade and association registers, the press, websites, the internet) or that our representatives/regional representatives or other third parties are entitled to transmit to us. This also includes the personal data of non-members/third parties, which we receive from our members when inviting guests, companions and representatives to events as well as the personal data of lecturers, panellists and discussion partners, of interested parties as well as persons being approached as potential new members and public figures (politics, press etc.). Relevant personal data in the case of members are the contact details for the contact person of corporate members or for personal members (such as first name, surname, private address, function/position in the company, e-mail address, private phone number, date of birth), focal points of interest and account information (for the payment of membership fees) as well as telephone numbers and email addresses within the company. Other data can be added during membership such as for example participation in events and other promotional data. Relevant personal data in the case of non-members/third parties are their contact details such as first name, surname, possibly the address (private or company), possibly function/position in the company, email address, telephone number. For security reasons, certain types of events require that the date and place of birth of non-members/third parties participating in an event are also provided.
For what purpose do we process your data and on what legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulations (GDPR) and the German Data Protection Act (BDSG): - based on your consent (Article 6 (1) a) GDPR) If you have given us your consent to process personal data for specific purposes, for example if you as representative of a corporate member have consented to your personal data being processed in order to participate in an event of the Economic Council, such as in the context of making films, photographs and audio recordings during events, publishing your data in member and participant registers of the Economic Council, for telephonic contact and/or to send out newsletters, then data processing is based on this consent and is thus legal. You have the right to withdraw your consent at any time, whereby the withdrawal of consent does not affect the legality of data that was processed based on your consent up to the time of withdrawal. - for the performance of a contract (Article 6 (1) b) GDPR) Data processing occurs for the performance of the membership relationship between you or the company you represent and us, or for the implementation of pre-contractual measures taken upon request. The purposes for processing data relate to the actual data processing within the membership relationship (e.g. membership support, organising events, creating participant and guest lists, checking the identity for example during elections, etc.). - for compliance with legal obligations (Article 6 (1) c) GDPR) or reasons of public interest (Article 6 (1) e) GDPR) Sometimes specific processing is necessary in order to comply with legal obligations. This involves for example identity and security checks of participants at certain events that include high-ranking government officials and the like. This check is conducted by the Federal Criminal Police Office (among others, based on the BKAG (Federal Criminal Police Office Act)); we are especially obligated to transmit name and date of birth to them in advance. - in the context of weighing interests (Article 6 (1) f) GDPR) If necessary, we process your data beyond the actual performance of contract in order to protect our legitimate interests or those of third parties unless your interests or basic rights and fundamental freedoms, which call for the protection of your personal data, outweigh them. Here are some examples: Optimising member communication, member retention and member recruitment provided you have not objected to the use of your data, asserting and defending legal claims during legal disputes, ensuring IT security, implementing measures to protect the immunity of the home, implementing measures to secure the building (e.g. access control, visitor IDs, CCTV), etc.
Who is the data transmitted to?
Within the Economic Council, (incl. the employees of the Federal Office and in the states, and including representatives and state representatives), the offices that need your data to fulfil our contractual and legal obligations gain access to your data. These are for example committees (members of the Executive Committee, the Federal Board, the Regional Committees as well as Section Spokespersons) that receive access to participant lists and member data relevant to their sphere of responsibility via an exclusive system sector. This also includes presenting participant lists to chairpersons of committees and working groups. Even if we pass on your data to outsiders, this only occurs if and when the data transmission is absolutely necessary. These outsiders could be for example credit institutes which we have to transmit personal data to in order to collect fees, but also service providers that process data on our behalf (order processing). These could be for example service providers for logistics, printing, telecommunication, security, collections, sales or marketing. Naturally, we conclude the necessary agreements with order processors and ensure that processing occurs in compliance with the requirements of the GDPR, and the protection of your rights is assured. In addition, it could for example become necessary for us to transmit your name to an organiser of a local event so that name tags can be produced or access control provided. In individual cases, data can also be transmitted to public authorities and institutions, e.g. state safety and law enforcement agencies (among others the German Federal Office of Criminal Investigation) provided a legal or official duty exists. Other recipients could be offices where you gave us your consent for the transmission of data or to which we may transmit personal data based on the weighing of interests. Is data also transmitted to a third country or to an international organisation? We do not intend to transmit data to offices in countries outside the European Union (so-called third countries); it can however occur if you have given us your consent (e.g. for events outside of the European Union) or if this is legally prescribed (e.g. fiscal obligations to notify).
How long is data stored?
We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations, thus at least for the duration of your membership, which constitutes a continuing obligation and will hopefully last for many years. If the data is no longer needed to fulfil contractual and legal obligations, it is regularly deleted, unless ongoing processing for a limited time is required for the following purposes: - To exercise the right of freedom of expression and information, if for example a report on an event is published that mentions the data subject by name and public interest in the information prevails. - To fulfil storage obligations under commercial and tax law (e.g. from the German Commercial Code (HGB) or Tax Code (AO)), whereby these have storage times of up to ten years. - To assert, exercise and defend legal claims in the context of legal limitation provisions, which can be up to 30 years (normal limitation period is three years) according to Section 195 et seq. of the German Civil Code (BGB).
What rights do you have as the data subject with regard to our data processing?
Every data subject has the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to deletion pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR as well as the right to data portability pursuant to Article 20 GDPR. With regard to the right to information and the right to deletion the restrictions according to Section 34 or Section 35 BDSG apply. In addition, every data subject has the right to lodge a complaint relating to data protection issues with the relevant supervisory authority for data protection (Article 77 GDPR in connection with Section 19 BDSG), thus especially in the member state where you live or at our head office in Berlin. If your data is processed based on consent that you have given us, you have the right to withdraw your consent at any time, whereby the withdrawal of your consent does not affect the legality of data that was processed based on your consent up to the time of withdrawal.
Am I obliged to make data available?
You are obliged to supply the data required for your membership and thus for the performance of the contract between you and us because we cannot conclude, execute or terminate the contract without this data.
In order to participate in events of the Economic Council, you must make the data we require from you as a non-member/third party available to us, otherwise you cannot participate in the event (possibly also for security reasons). Further data is supplied on a voluntary basis.
Is there automated decision-making (including “profiling”)?
In principle, we use neither automated decision-making in terms of Article 22 GDPR nor “profiling” (in terms of Article 4 no. 4 GDPR).
Notice regarding your right to object pursuant to Article 21 GDPR
Right to object for reasons derived from your special situation
For reasons arising from your special situation, you have the right to object to your personal data being processed on the basis of Article 6 (1) e) GDPR (data processing for reasons of public interest) or Article 6 (1) f) GDPR (data processing for the purpose of protecting legitimate interests); this also applies to profiling based on these provisions (in terms of Article 4 no. 4 GDPR). If you object, we will no longer process your personal data unless we can verify that there are mandatory legitimate reasons for processing that outweigh your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.
Right to object to data being processed for direct advertising purposes
If we process your personal data in order to conduct direct advertising, you have the right to object to your personal data being processed for the purpose of such advertising; this also applies to profiling if it is connected to such direct advertising. If you object to processing for the purpose of direct advertising, we will no longer process your personal data for such purposes.
Exercising the right to object
You can lodge your objection informally and cost-free by giving your name and address. If you would like to assert a right to object for reasons arising from your special situation, please also give a short statement on the relevant reasons. The objection should be sent to:
Wirtschaftsrat der CDU e. V. Luisenstr. 44 10117 Berlin Telephone: 030/240 87 -455 Fax: 030/240 87 -405 E-mail: info@wirtschaftsrat.de
Notice:
Changes to this data protection notice may become necessary for organizational or legal reasons. On the Economic Council’s website, the data protection notices are always published in their latest (and thus current) version.
Older versions will continue to be available for your reference. These can be requested from the Economic Council at any time.
Last updated: 10 December 2018
CAPTCHA service (bot access detection service) Purpose of processing:
The purpose of processing is information security. The legal basis for this processing is Article 6 Paragraph 1 Sentence 1 Letter f GDPR, which allows processing based on legitimate interests. The legitimate interests pursued include the operation, integrity, and security of digital products, the reduction of risks of failure, the prevention of crime, administrative offenses, and other adverse actions, as well as the design, operation, and availability of digital products. The categories of data processed include connection data and usage data. The recipients of the data are IT service providers. In individual cases, data may be transferred to the USA based on standard contractual clauses.