Controller
Responsible person according to GDPR and the respective national data protection laws of the European member states as well as other national regulations, which concern data protection, is:
Albrecht Stroh
Leibniz Institute for Resilience Research (LIR) gGmbH
Wallstraße 7
55122 Mainz
Phone: +49 (0)6131 89448-77
E-mail: albrecht.stroh@lir-mainz.de
Legal basis for data processing
As the processing is based on this consent, Article 6 (1) a GDPR is the legal basis for it.
Purpose of data processing
By signing up as a member for ISyN personal data will be processed and displayed on this website provider and by ISyN team members. ISyn team members, other ISyN members and maybe external parties will be able to use the contact details. Name, e-mail address, affiliation, and expertise will be shown on the website. Members will also be able to upload a portrait picture. Each member is able to delete their membership and contact details via the website or revoke their consent.
Members can login into the intranet of our website and can register for events organized by ISyN. Members will be informed about upcoming events via their contact details.
Type of data that is processed:
Contact details such as name, affiliation, telephone number, e-mail address, and eventually a portrait picture; Also the scientific expertise will be listed.
Data erasure and storage duration
In case of the purpose of the data processing ends personal data of the data subject will be deleted or blocked. There might be a duty of storage imposed by European or national laws or regulations. If persons revoke their membership, we will delete the corresponding personal data immediately.
Rights of the data subject
1) Right to information (Article 13 GDPR and Article 15 GDPR)
Information about the data processing is hereby given prior to data collection (Article 13 GDPR). This right provides the data subject with the ability to ask us for information about what personal data (about him or her) is being processed and the rationale for such processing (Article 15 GDPR).
2) Right to access (Article 15 GDPR)
This right provides the data subject with the ability to get access to his or her personal data that is being processed. This request provides the right for data subjects to see or view their own personal data, as well as to request copies of the personal data.
3) Right to rectification (Article 16 GDPR)
This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that this personal data is not up to date or accurate.
4) Right to withdraw consent
This right provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for a purpose. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier (e.g., if you are cancelling your conference participation).
5) Right to object (Article 21 GDPR)
This right provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
6) Right to object to automated processing (Article 22 GDPR)
This right provides the data subject with the ability to object to a decision based on automated processing. We are not using automated decision-making processes.
7) Right to be forgotten (Article 17 GDPR)
Also known as right to erasure, this right provides the data subject with the ability to ask for the deletion of their data. This will generally apply to situations where a relationship has ended. It is important to note that this is not an absolute right and depends on your retention schedule and retention period in line with other applicable laws.
8) Right for data portability (Article 20 GDPR)
This right provides the data subject with the ability to ask for transfer of his or her personal data. As part of such request, the data subject may ask for his or her personal data to be provided back (to him or her) or transferred to another controller.
9) Right to notification obligation (Article 19 GDPR)
If you, as the data subject, exercise the right to rectify, delete or restrict data processing, we as controllers are required to notify each recipient to whom the relevant personal data have been disclosed of the correction or deletion of the data or restriction of processing by the data subject (Article 19 GDPR).
You also have the right to restriction (Article 18 GDPR) of your data and the right to complain to a supervisory authority (Article 77 DS-GVO).
For our more detailed data protection declaration see also here: Data Protection