Imprint

Website operator

University of Cologne
Albertus-Magnus-Platz
50923 Köln
Germany

Contact

Dr. Susanne Preuschoff
E-mail address: s.preuschoff@verw.uni-koeln.de
Telephone: +49 221 470-4089

Web design

Trippus Event Solutions AB
Head office
Kungsgatan 62
753 18 Uppsala
Contact
+46 10 888 55 20
info@trippus.com

PRIVACY POLICY

[Art. 13 EU Regulation 2016/679 - General Data Protection Regulation]

This privacy policy is provided pursuant to Article 13 of EU Regulation 2016/679 (General Data Protection Regulation, hereinafter EU Regulation), in relation to personal data that the University of Cologne (hereinafter University) comes into possession of for the purposes of registration and participation in the 2022 Coimbra Group Annual Conference & General Assembly event (hereinafter the event), which may involve the collection and processing of personal data, as well as audio and video recordings of the data subjects.

The processing of personal data is based on the principles of correctness, lawfulness, transparency and protection of confidentiality and of all the rights of the persons concerned, as specified in the following information.

1. Data Controller
2. Contact details of the Data Protection Officer
3. Sources and types of data
4. Purposes of processing
5. Methods of data processing
6. Legal basis of the processing and nature of the provision Publication of images
7. Data recipients
8. Data retention
9. Rights of the data subject
10. Methods of exercising rights
11. Changes to the privacy policy

1. Data Controller

The Data Controller is the University of Cologne, Public Body (Körperschaft öffentlichen Rechts), represented by the Rector.
 

Albertus-Magnus-Platz

50923 Köln

+49 221 / 470-0

s.preuschoff@verw.uni-koeln.de

 

Contact details of the Data Protection Officer

Data Protection Officer of the University of Cologne

Albertus-Magnus-Platz

50923 Köln

+49 221 / 470-3872

dsb@verw.uni-koeln.de

3. Sources and types of data

We specify the personal data that may be processed by the co-controllers exclusively for the purposes indicated in point 4.

1. Personal data provided directly by the data subject. Common data, such as personal and identification data (driving licence/national identification card/passport), and contact data (e-mail, telephone number, etc.);
2. Travel data and food preferences. Data on arrival and departure times from Cologne, and data on food allergies and intolerances.
3. Images. Photos and video recordings of the participants, subject to notification during the event

4. Purposes of processing

The data acquired is processed for the purposes of registering for the event and exclusively for the purposes related to the performance and dissemination of the University's institutional activities.

In particular, the data is processed for the following purposes:

1. Registration for the event of interest;
2. Organisation and participation in the activities envisaged by the event;
3. Information and dissemination of cultural, teaching, research and third mission activities.

5. Methods of data processing

Data processing is carried out in such a way as to guarantee maximum security and confidentiality and will be implemented using manual, computerised and telematic tools suitable for storing, managing and transmitting the data.

The University does not use automated decision-making processes relating to the rights of the data subject on the basis of personal data, including profiling, in compliance with the guarantees provided for by Article 22 of the EU Regulation.

In particular, the processing of personal data is carried out through the use of electronic tools owned by Trippus Event Solutions AB, a webapp and software company specialising in platforms for event secretarial activities and for the publication and dissemination of related content on the basis of information provided by participants. In fulfilling its processing obligations, Trippus Event Solutions AB has implemented security measures to ensure the integrity and confidentiality of the data.

In order to improve the service, during the use of forms and webapps, personal data will be uploaded to the webapp, including but not limited to, name, surname, university, role, e-mail, telephone number and preferences expressed during registration for the event. The information is requested in order to access content relating to the conference (personalised agenda, location, speakers, etc.) and to receive real-time updates on the event, also based on the preferences expressed during the registration phase.

Each user will only have access to their own personal profile.

The images contained in photos, videos or other audiovisual material may be published on the University's official communication channels, only under the conditions indicated in point 7 (with a release or for public interests and events).

In any case, the events in which the acquisition of images of data subjects by means of photos, videos or other audiovisual material is envisaged, are identified through a notice to the data subjects.

6. Legal basis of the processing and nature of the provision

The legal basis of the processing is Art. 6(1)(e) of the EU Regulation, as it is necessary for the performance of institutional tasks of teaching, research or the so-called "third mission".

The provision of personal data is indispensable for the purposes of registration and participation in the event.

7. Publication of images

The images contained in photos, videos or other audiovisual material acquired during the event may be published on the University's official communication channels, subject to one of the following conditions:

1. Signing of the appropriate disclaimer by the data subject or, in the case of minors, by their parent/legal guardian;
2. Images related to facts, events and ceremonies of interest to the community or held in public, in respect of the honour, reputation and decorum of the parties concerned. In all cases, the principles of restraint and relevance shall be respected (exclusion of close-ups, blurring, pixilation, etc.).

8. Data recipients

The data may be communicated, solely for the purposes indicated in point 4, to University staff and to independent contractors, professionals and consultants who provide support activities for the implementation and management of the event.

Specifically, the IT services company Trippus Event Solutions AB is appointed as Data Processor pursuant to Article 28 of EU Regulation 2016/679. The University may also communicate the personal data acquired to other public administrations, if necessary for any proceedings falling within its institutional competence, as well as to all those public entities to which, in the presence of the relevant prerequisites, communication is required by EU provisions, laws or regulations.

The data collected is not normally transferred to countries outside the European Union. In any case, the University will ensure compliance with the security rules for the protection of the privacy of data subjects.

9. Data retention

The period of storage of personal data shall be determined in accordance with the principle of necessity of processing. Personal data is therefore stored for as long as is necessary to fulfil the purposes set out in point 4, and in any case no later than 30 September 2023. The service provider, who is located within the EU and does not currently transfer data to third countries outside the EU, will store the personal data collected necessary for participation in the event.

10. Rights of the data subject

The data subject is granted the following rights:

1. The right of access to their personal data (Art. 15 EU Regulation);
2. The right to rectification or integration of one's own data (Art. 16 EU Regulation);
3. The right to erasure (right to be forgotten), pursuant to Article 17 of the EU Regulation;
4. The right to restriction of processing under the conditions of Art. 18 EU Regulation;
5. The right to data portability, as regulated by Art. 20 EU Regulation;
6. The right to object to the processing at any time (Art. 21 EU Regulation);
7. The right to lodge a complaint with the Data Protection Authority of North Rhine-Westphalia (LDI NRW)

11. Methods of exercising rights

To exercise their rights, data subjects may contact the Data Controller by writing to the certified e-mail address dsb@verw.uni-koeln.de or to the e-mail address Coimbra2023@verw.uni-koeln.de. Alternatively, data subjects may write to: Universität zu Köln, Albertus-Magnus-Platz, 50923 Köln, Germany

The Data Controller is obliged to provide a reply within one month of the request, which may be extended to three months in the event of particular complex requests.

12. Changes to the privacy policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the "Last Updated" date.

Last update, 23 February 2023

In any event, the University undertakes to notify data subjects directly, through its institutional channels, of any changes in the purposes of the processing, the identity of the data controller and any other change likely to significantly affect the rights of data subjects or the exercising of their rights.