Data Protection Statement

Recitals and Definitions

1. Recitals
By operating our website www.oav.de (hereinafter referred to as "website") we process personal data. Any personal data will be treated and processed with strict privacy and in accordance with the applicable provisions of law – especially the EU General Data Protection Regulation (GDPR) and the new German Federal Data Protection Law (BDSG-new). Our data protection statement hence serves the purpose of informing you about which of your personal data we will collect, which purposes we will utilize such personal data for as well as the applicable legal basis for any use of personal data and to which entities we might disclose your personal data to. Furthermore, we would like to point out your rights to ensure and enforce your personal data privacy.

Our transparency document according to Art. 13 and 14 GDPR is available here.

2. Definitions
Our data protection statement contains legal technical terms, derived from the GDPR and the BDSG-new. In order to clarify the meaning of such terms, we would like to explain them in a more comprehensible manner:

2.1 Personal Data
"Personal Data" constitute any information relating to an identified or identifiable natural person (Art. 4 no. 1 GDPR). For example, such information relating to an identifiable person may include his or her name as well as his or her email address. However, even information unsuitable to directly determine any person's identity may constitute personal data, if the respective information allows for an identification by means of combining it with other originally collected or externally acquired information. A person will e.g. be identifiable on the combined basis of his or her mailing address or bank account details, his or her birth date or user name, IP address and/or location data. Any information allowing the conclusive determination of a natural person's identity may be relevant, respectively.

2.2 Processing
According to Art. 4 no. 2 GDPR "processing" means any operation which is performed on personal data. This particularly includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Responsible Enterprise and Data Protection Officer

3. Responsible Enterprise (Controller)
The responsible enterprise, i.e the controller, for any processing of personal data is:

Enterprise: Ostasiatischer Verein e.V. ("we")
Statutory Representative: Daniel Marek (Executive Member of the Board)
Mailing Address: Bleichenbrücke 9, 20354 Hamburg
Telephone: + 49 40 / 35 75 59-0
Fax: + 49 40 / 35 75 59-25
Email: oav@oav.de

4. Data Protecion Officer
We have appointed an external data protection officer for the purposes of oversight over our enterprise. You can reach him via:

Name: Prof. Dr. h.c. Heiko Jonny Maniero, LL.B., LL.M. mult., M.L.E
Mailing Address: DGD Deutsche Gesellschaft für Datenschutz GmbH, Fraunhoferring 3, 85238 Petershausen
Telephone: +49 (0) 8131-77987-0
Fax: +49 (0) 8131-77987-99
Web: https://dg-datenschutz.de
Email: info@dg-datenschutz.de

Scope of Processing

5. Scope of Processing: Website
Paragraphs 6 to 14 will list the different types of your personal data we process by operating the website under the URL www.oav.de more specifically. Thereby we will only process such of your personal data that you actively provide on our website (e.g. by filling forms) or such personal data that you provide to us automatically by using our online services.

Your data will be processed exclusively by ourselves and will inherently not be sold, lended or passed on to third parties. Even in such cases in which we draw on an external service contractor in order to process your personal data, this will be effected within the frame of a processing assignment contract under which we are authorized to issue directives to the respective service contractor. For the purpose of operating our website we do employ external service contractors tasked with hosting, maintenance administration and development. As far as any of our data processing activities listed in paragraphs 6 to 13 are carried out by external service contractors we will name the contractors, where applicable.

Transmission of data to third countries will generally not take place and is not intended to take place. We will inform you about any possible exceptions from this rule throughout the following paragraphs describing the various types of data processing, where applicable.

Specifics of Data Processing

6. Operation of Website

6.1 Description of Data Processing
Every visit to the website will result in the automatic processing of such data that your browser will transmit to our server. Such data will also be saved as part of the so called logfiles of our system. This includes the following data:

  • Domain
  • IP-adress
  • Time
  • "Request"
  • Status-Code
  • Transmitted Bytes
  • "Useragents"

Your IP-address will be saved as part of our logfiles in an abbreviated version as provided. For more information about this process please refer directly to our hosting provider www.df.eu.

6.2 Purpose
The data processing serves the purpose of enabling you to access and browse the website and providing stability and security for the website. Furthermore, data processing will facilitate statistical analysis and optimization of our online services.

6.3 Legal Basis
The data processing is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 6.2.

6.4 Duration of Data Storage
All data will be deleted as soon as they are no longer required for the fulfillment of the purpose of their collection. This will be the case at the end of any respective visit the to the website, as far as any data are collected for the purpose of providing the website services. Logfiles will be deleted after a period of 7 days.

7. Registration for Special Contents

7.1 Description of Data Processing
Specific contents of our website are only available to registered users. By becoming a member of our association you will be cleared and granted access to such contents automatically. In this case you will receive an email containing your username and password and will be able to log in at our website using this login data. As a registered user you will be entitled to free access to country specific information and events. Neither a distinct account containing your data nor a personal profile will be created thereby. We will not process any other information than such data that you provide by logging in on our website.

7.2 Purpose
The data processing serves the purpose of offering you the specific functions for registered users.

7.3 Legal Basis
The data processing is necessary for the purpose of entering into a user contract as well as performance under this user contract (Art. 6 para. 1 pt. (b) GDPR). Without your personal log in data we will be unable to render our services as owed as per contract.

7.4 Duration of Storage
All data will be stored for the duration of your membership. They will be deleted at termination of your membership.

8. Contact Form and Establishment of Contact via Email

8.1 Description of Data Processing
We have provided a contact form for you to get into contact with us. This form asks you to enter your email address, your name and your message for us. Further information, like your company name, mailing address or phone and fax numbers may be entered optionally. If you klick the “send” button, the data you entered will be transmitted to us using SSL encryption (see section 15). A transmission of the contact form will only be possible if you accept our data protection policy by clicking the respective consent checkbox. You may also get into contact with us via the email address provided to you on the website. In this case we will process the personal user data that are transmitted via email.

8.2 Purpose
By providing you with a contact form we would like to offer you a convenient way of getting into contact with us. All data transmitted to us as part of or together with a contact form or via email will be processed by us exclusively for the purposes of answering to any queries you might have.

8.3 Legal Basis
The data processing is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 8.2. As far as the establishment of contact via email is directed at concluding a contract or performing under a contract, any data processing will serve the purpose of performance under such contract (Art. 6 para. 1 pt. (b) GDPR).

8.4 Duration of Storage
We will delete your personal data as soon as their storage is no longer required for fulfilling the outlined purpose. This is usually the case when our respective correspondence with you is closed. Any correspondence will be considered to be closed when all relevant circumstances indicate that your queries have been answered conclusively. As far as statutory requirements provide for specific terms of keeping records and data, your data will be deleted immediately after expiry of such terms.

9. Cookies

9.1 Description of Data Processing
Our website makes use of cookies. The term cookies describes small text files that are stored on your terminal device when visiting a website. Cookies contain information in order to recognize your terminal device and thereby possibly enable specific website functions. In most cases we merely make use of so called “session cookies“. Such session cookies will be deleted automatically once you end your internet session and close your browser application. Other types of cookies might be stored on your terminal device for longer periods. Our website makes use of the following types of cookies:

  • Cookie name: __utma
    Duration: 2 Years
    Purpose of processing: Analytics over Google Analytics.
    Legal basis of processing: Legitimate Interest, Art. 6 (1) (f) GDPR.
     
  • Cookie name: __utmb
    Duration: 2 Years
    Purpose of processing: Analytics over Google Analytics.
    Legal basis of processing: Legitimate Interest, Art. 6 (1) (f) GDPR.
     
  • Cookie name: __utmc
    Duration: Session
    Purpose of processing: Analytics over Google Analytics.
    Legal basis of processing: Legitimate Interest, Art. 6 (1) (f) GDPR.
     
  • Cookie name: __utmt
    Duration: Session
    Purpose of processing: Analytics over Google Analytics.
    Legal basis of processing: Legitimate Interest, Art. 6 (1) (f) GDPR.
     
  • Cookie name: __utmz
    Duration: 6 Months
    Purpose of processing: Analytics over Google Analytics.
    Legal basis of processing: Legitimate Interest, Art. 6 (1) (f) GDPR.
  • Cookie name: CookieHint
    Duration: 10 Years
    Purpose of processing: Saving of the cookie settings of the cookie banner.
    Legal basis of processing: Legitimate Interest, Art. 6 (1) (f) GDPR.

9.2 Purpose
We make use of cookies in order to make our website more user-friendly and offer the specific functions described in section 9.1.

9.3 Legal Basis
The data processing is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 9.2.

9.4 Duration of Storage
All cookies will be deleted automatically at the end of a session or at the expiry of the relevant duration of storage, respectively. As cookies are being stored on your terminal device, you have full control over the use of cookies on your terminal device in your capacity as a user. By adjusting your browser preferences you are able to deactivate or restrict the transmission of cookies. Stored cookies can be deleted at any time. The deletion of cookies may even occur automatically, if you configure your browser preferences accordingly. As far as you chose to deactivate the use of cookies for our website, some functions of our website may be limited or even unavailable.

10. Newsletter

10.1 Description of Data Processing
Regularly we will send round a newsletter (every 6 weeks). In this newsletter we will inform you about events and will provide you with all relevant information regarding OAV concerns. However, you will only receive our newsletter, if you subscribe by registering to the respective mailing list. Subscription is possible by filling and transmitting our newsletter subscription form which you can find on our website. Just as well, you may subscribe to our newsletter within the process of becoming a member of our association. In order to subscribe to our newsletter we will need you to provide your email address and your name. Any further information is optional. You are also able to subscribe to our newsletter by tendering your subscription via email to the address listed on our website. In this case we will process any personal data that is transmitted in or with such subscription email of the respective user.

In order to manage and verify newsletter subscriptions we apply the so called double-opt-in process. By virtue of this process a subscription requires several steps to be completed. First, you subscribe to our newsletter on our website. Subsequently, we will send you an email to the address you have provided. In this email we will ask you to confirm that you have actually subscribed to our newsletter and agree to receive our newsletter. This confirmation can be given by clicking the confirmation link in the email. Only after positive confirmation we will add you to the respective newsletter mailing list and send you emails hereafter. As part of this double-opt-in process we will record date, time and your IP-addresses both at the time you you subscribe initially as well as when you confirm your subscription.

10.2 Purpose
The data processing will serve the purpose of being able to offer you our newsletter function and send you our latest newsletter. Collection and storage of data regarding date, time and IP-addresses during the process of subscription aims to register your consent and to avoid any form of abusive registration of email addresses.

10.3 Legal Basis
The data processing with respect to our subscriber newsletter is based upon our users' given consent according to Art. 6 para. 1 pt. (a) GDPR. The relevant declaration of consent may be obtained at our website www.oav.de/en/data-protection-statement.html at any time. Your consent remains voluntary of nature. Collection and storage of data regarding date, time and IP-addresses during the process of subscription is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 10.2.

10.4 Duration of Storage
If you fail to confirm your subscription to our newsletter within a period of 24 hours from the time of receipt of our confirmation email, your data will be deleted automatically. In all other cases we will process your personal data for the duration of your newsletter subscription. At any given time you may cancel your subscription by revoking your consent. For this purpose a simple note to be sent to us is sufficient (via email to oav@oav.de, via mail to OAV e.V., Bleichenbrücke 9, 20354 Hamburg or via fax to +49 40 / 35 75 59-25). You are also able to cancel our newsletter by clicking the cancellation link that is contained in every newsletter email. As of your effective cancellation you will receive no more newsletter emails just as well as we will delete any of your personal data from our active mailing list. In order to manage your cancellation we will add your email address to a so called blacklist restrictedly. Thereby we ensure that you will no longer receive newsletters in the future and that your email address will not be misused by third parties.

11. Social Networks

11.1 Description of Data Processing
Distinct subpages of our website contain so called social plugins that are provided by the external social networks LinkedIn, Xing and WhatsApp. When visiting a page containing a social plugin your browser will automatically establish a connection with the respective social network's servers. The handling of data collected by the servers of such social networks is, however, beyond our control. Hereby, we hence inform you according to our state of knowledge.

The social plugin will effect the transmission of your IP-address together with the address of our website to the respective social network. If you are logged into one of the concerned social networks while visiting our website, your information will be appropriated to your social network user account. If you chose to interact with a social plugin, for example by “sharing”, “liking” or “retweeting” a contribution, this information will also be transmitted directly to the respective social network and saved to your user account there.

The social networks that you communicate with will save your data as part of user profiles and will use such data for advertising purposes, market research and/or for designing their websites according to user needs. You are entitled to object to the creation of such user profiles. In order to make use of such objection rights you have to contact the respective social networks.

Furthermore, our website contains the logos of the social networks LinkedIn and Xing. Those logos are merely interlinked with the respective profiles of our association. If you click on one of the logos, you will be redirected to the external website of the respective social network.

11.2 Purpose
The data processing serves the purpose of providing you with the possibility of convenient and user-friendly communication with social networks.

11.3 Legal Basis
The data processing is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 11.2.

11.4 Receiver and Transmission to Third States
By activating a social plugin your data will be transmitted to either one of the following social networks:

  • LinkedIn: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn also processes your data in the USA and has subjected to the terms of the EU-US-Privacy-Shield. Further information about the EU-US-Privacy-Shield is available at www.privacyshield.gov/EU-US-Framework. You can find further information regarding LinkedIn's data protection policy in LinkedIn's data protection statement at https://www.linkedin.com/legal/privacy-policy.
  • Xing: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland. You can find further information in Xing's data protection statement at https://www.xing.com/app/share?op=data_protection.
  • WhatsApp: WhatsApp Inc, 650 Castro Street, Suite 120-219, Mountain View, California, 94041, USA. WhatsApp also processes your data in the USA and has subjected to the terms of the EU-US-Privacy-Shield. Further information about the EU-US-Privacy-Shield is available at www.privacyshield.gov/EU-US-Framework. You can find further information regarding WhatsApp's data protection policy in WhatsApp's data protection statement at http://www.whatsapp.com/legal/?l=de.

12. Youtube-Videos

12.1 Description of Data Processing
Our website makes use of services provided by “YouTube”, a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding single videos from the platform in our website as iframes, thereby making them playable directly on our website. The embedding is effected under the “extended data protection mode” offered by YouTube, meaning that no personal data will be transmitted to Google as long as you do not play the videos. Only by playing the respective videos your data will be transmitted to Google. This data transmission is beyond our control. If you do play a video that is embedded in one of our website's subpages, the information on which subpage you have visited and which video you have watched will be transmitted to Google. Also, your IP-address might be transmitted to Google. If you are logged in as a YouTube or Google user while playing a video, Google will appropriate the aforementioned information to your user account. Also, Google with will save your data as part of user profiles and will use such data for advertising purposes, market research and/or for designing Google websites according to user needs. You are entitled to object to the creation of such user profiles. In order to make use of such objection rights you have to contact Google directly. Further information about Google's data privacy policy can be found at http://www.google.com/intl/de-DE/policies/privacy/.

12.2 Purpose
The data processing serves the purpose of enabling us to display videos on our website for you.

12.3 Legal Basis
The data processing is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 12.2.

12.4 Receiver and Transmission to Third States
By virtue of the embedding of YouTube videos personal data might be transmitted to YouTube LLC or Google, respectively. Google also processes your personal data in the USA and has subjected to the terms of the EU-US-Privacy-Shield. Further information about the EU-US-Privacy-Shield is available at https://www.privacyshield.gov/EU-US-Framework.

13. Google Analytics

13.1 Description of Data Processing
Our website makes use of „Google Analytics”, a web analysis service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Analytics makes use of Cookies (see section 9) allowing for an analysis of your use of our services. Regularly, all information provided by the cookie will be transmitted to one of Google's servers in the USA and stored there. However, we exclusively utilize Google Analytics by anonymizing IP-addresses. Thereby your IP-address from within all member states of the European Union or other contracting member states of the agreement on the European Economic Area will be abbreviated by Google. Only in exceptional cases will Google fully transmit your IP-address to the USA and abbreviate it there. Still, your IP-address as transmitted by your browser as part of the functions of Google Analytics will not be combined with any other of Google's data. Specifically, the statistic data compiled by Google Analytics include information on how many users visit our website, from which country or place the respective access originates, which subpages are visited as well as information on the link or search words via which users find our website.

13.2 Purpose
The data processing serves the purpose of being able to analyze the use of and visits to our website. All information derived therefrom serves the purpose of optimizing the need-based design of our online presentation.

13.3 Legal Basis
The data processing is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 13.2.

13.4 Duration of Storage and Right of Objection
We have explained the duration of storage as well as your options to control and adjust the use and functions of cookies in section 9. At any time you may object to the data processing by Google Analytics by downloading and installing the relevant browser add-on provided by Google at https://tools.google.com/dlpage/gaoptout?hl=de.

13.5 Receiver and Transmission to Third States
Google Analytics operates its data processing as an external service contractor under a processing assignment contract for us. Google also processes your personal data in the USA and has subjected to the terms of the EU-US-Privacy-Shield. Further information about the EU-US-Privacy-Shield is available at https://www.privacyshield.gov/EU-US-Framework

14. Google Webfonts

14.1 Description of Data Processing
Our website makes use of “Google Webfonts”, a typesetting service offered by Google. When displaying our website on your terminal device, Google Webfonts will exchange the standard fonts of your terminal device by fonts provided by the Google catalogue. If your browser blocks the integration of Google Webfonts, the text on our website will be displayed as the standard typeface as set up by your terminal device. Google fonts will be downloaded directly from a Google server. For the purpose of this function your browser will send a request to the respective Google server. Thereby your IP-address and the address of our website may be transmitted to Google. However, Google Webfonts will not place any cookies on your terminal device. According to Google, all data that are being processed by the Google Webfonts service will be transmitted to resource specific domains like fonts.googleapis.com or fonts.gstatic.com. Such data will not be combined or put into context with other data that are related to the use of other Google services, for example the Google search engine or Gmail. Further information on Google Webfonts' data protection policy can be found at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on Google's data protection policy is available at http://www.google.com/intl/de-DE/policies/privacy/.

14.2 Purpose
The data processing serves the purpose of making our website text more readable and make it appear more esthetically appealing.

14.3 Legal Basis
The data processing is necessary for the purpose of the predominant legitimate interests pursued by the controller (Art. 6 para. 1 pt. (f) GDPR). Our legitimate interest is the purpose described in section 14.2.

14.4 Receiver and Transmission to Third States
By using Google Webfonts your personal data may be transmitted to Google. Google also processes your personal data in the USA and has subjected to the terms of the EU-US-Privacy-Shield. Further information about the EU-US-Privacy-Shield is available at https://www.privacyshield.gov/EU-US-Framework.

Security Measures

15. Security Measures
In order to secure your data from unauthorized access our website is protected by SSL or TLS certificates, respectively. SSL is an abbreviation for “Secure Sockets Layer”, whereas TLS stands for “Transport Layer Security”. Both certificates encrypt all communication between a website and the respective user's terminal device. You will know that the SSL or TLS encryption is active, by recognizing a small logo representing a lock on the left hand side of your browser's address bar.

Your Rights

16. Rights of Data Subjects
As a data subject you have the following rights with respect to the data processing as described above:

16.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed by us, without undue delay. If we do process your personal data, you have the right to access and obtain information about such personal data under the legal prerequisites and within the scope of Art. 15 GDPR.

16.2 Right to Rectification (Art. 16 GDPR)
In case of processing of inaccurate data, you are entitled to obtain the rectification of such data concerning you or the completion of incomplete data concerning you without undue delay.

16.3 Right to Erasure (Art. 17 GDPR)
In any one of the cases listed in Art. 17 GDPR, for example if and when we do no longer require your personal data for the fulfilling of their respective purpose, you have the right to obtain from us the erasure of data concerning you without undue delay.

16.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to the restriction of processing in any one of the cases listed in Art. 18 GDPR. For example, if you contest the accuracy of the personal data concerning you, we will restrict the processing for a period enabling us to verify the accuracy of your personal data.

16.5 Right to Data Portability (Art. 20 GDPR)
Under the legal prerequisites of Art. 20 GDPR you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

16.6 Withdrawal of Consent (Art. 7 para. 3 GDPR)
In all cases in which the data processing is based upon your consent you have the right to withdraw your consent at any time. The withdrawal will be effective from the time of its declaration. In other words, it will merely be effective for the future. The withdrawal will not result in the unlawfulness of any processing based on the consent before its withdrawal.

16.7 Right of Complaint (Art. 77 GDPR)
If you consider the processing of any personal data concerning you to be in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority. You may make use of this right of complaint with the supervisory authority in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

16.8 Prohibition of Automated Individual Decision-Making/Profiling (Art. 22 GDPR)
Such decisions producing legal effects for you or affecting you significantly may not be subject to a decision solely based on automated processing of personal data, including profiling. Hereby we inform you that we do not make use of automated individual decision-making, including profiling, with respect to your personal data.

16.9 Right to Object (Art. 21 GDPR)
In such cases in which we process your personal data on the legal basis of Art. 6 para. 1 pt. (f) GDPR (for the purpose of our predominant legitimate interests), you have the right to object to the data processing under the legal prerequisites of Art. 21 GDPR. However, this applies if and when your individual situation gives rise to specific reasons for this objection. Once you declare your objection to the data processing we will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. However, we are not obliged to cease the processing of your data, if it serves the purpose of establishment, exercise or defense of legal rights. In any case – even without regard to your individual situation – you have the right to object to object to the processing of your data for the purposes of direct marketing.

Last updated: February 2021