Data protection information according to Art. 13, 14 DSGVO for partners, customers and other data subjects With the following information we would like to inform you about the processing of your personal data as well as give you an overview of your rights according to the EU General Data Protection Regulation (GDPR). 1. Who is responsible for data processing and who is the data protection officer? Responsible for data processing is: Schurman Society e.V. Sofienstraße 12 69115 Heidelberg Tel. 06221/607320 E-mail verwaltung@dai-heidelberg.de You can reach our data protection officer at info@agor-ag.com 2. What data do we use and where does it come from? Within the framework of the contractual relationship, we process the following personal data concerning you: Master data (name, address and other contact details) E-mail address Contract details (which may include personal data) We usually receive the aforementioned personal data directly from you as part of our contractual relationship or a contract initiation. 3. What do we process your data for (purpose of processing) and on what legal basis? We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG n.F.). The purposes of the processing include the organization of events, the administration of the association and its members. In the context of our contractual relationship, you must provide those personal data, because without the presence of these data, we will usually not be able to conclude a contract with you, to execute it and to terminate it. 3.1 Fulfillment of contractual obligations (Art. 6 para. 1 p. 1 lit. f DSGVO) The processing of your data is carried out for the fulfillment or for the implementation of pre-contractual measures, which are carried out upon request. 3.2 Weighing of interests (Art. 6 para. 1 p. 1 lit. b DSGVO) To the extent necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests. Within our association, we use cloud services for the following purposes: document management and storage, email traffic, creation of presentations/tables, calendar management, document sharing, as well as chats and participation in audio and video conferences. If processing takes place outside the European Union (EU), our service providers are used exclusively under the conditions of Art. 44 ff DSGVO. Parts of the processing may take place in the USA. In the process, personal data of the users are collected and processed, should they be part of the processed content within the services described above. This may include master data, contact information, contracts and other processes. Within the scope of these processing operations, usage data and metadata are also collected and processed for the purpose of security and service optimization. The legal basis for the use of the cloud services is our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DSGVO in efficient and secure work processes and administrative procedures. All processing operations are carried out on the basis of a concluded order processing contract with the respective provider. The deletion periods for data located within the cloud services are determined by the statutory retention obligations. 4. Data access: Who gets my data? Within the Schurman-Gesellschaft e.V., access to your data is granted to those offices that need it to fulfill our contractual and legal obligations. In the event that data transfer to third parties outside our association is necessary, this will only take place if required by law, the customer has consented or there is a legitimate interest. Recipients of your personal data may include service providers that we use in the context of order processing relationships. 5. How long will my data be stored? We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. For this purpose, commercial and tax retention obligations according to Art. 6 para. 1 lit. c DSGVO must be taken into account. These result from the German Commercial Code (HGB) & Fiscal Code (AO). The periods specified there for storage and documentation are generally two to ten years. Within the scope of the legal statute of limitations according to §§ 195 ff. BGB, data may have to be preserved for between 3 and 30 years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted. 6. Does profiling take place? We do not use automated profiling within the scope of the contractual relationship. 7. what data protection rights do i have? As an affected person, you have: the right to information according to Article 15 DSGVO (with the restrictions according to §§ 34 and 35 BDSG-Neu) the right to rectification according to Article 16 DSGVO the right to deletion according to Article 17 DSGVO (with the restrictions according to §§ 34 and 35 BDSG-neu) the right to restriction of processing pursuant to Article 18 DSGVO the right to data portability from Article 20 DSGVO the right to object under Article 21 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. There is also a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG-neu).