We, the Initiative for Systems Analysis in Neuroscience (ISyN) of the Leibniz Institute for Resilience Research (LIR) gGmbH, will inform you below in accordance with Article 13 of the EU General Data Protection Regulation (GDPR), or in accordance with Article 14 GDPR if the data acquisition is not direct.

We are pleased to fulfil this obligation and inform you in detail and transparently about which personal data is or will be processed by us.

The purpose of the following explanations is to describe what kind of data we process, for which purpose and what your rights are (in accordance with Articles 15 to 22 and Article 34 GDPR).

Controller

Responsible person according to GDPR and the respective national data protection laws of the European member states as well as other national regulations, which concern data protection, is:

Prof. Dr. Albrecht Stroh

Leibniz Institute for Resilience Research (LIR) gGmbH
Wallstraße 7
55122 Mainz

Phone: +49 (0)6131 89448-77

E-mail: albrecht.stroh@lir-mainz.de

Contact details of the Data Protection Officer:

E-mail: datenschutzbeauftragte@lir-mainz.de

Phone: +49 (0)6131 89448-08

Processing of personal data

We are processing your personal data in accordance with the respective applicable legal data protection requirements for the respective purposes listed. An an interested party or other data subject, we process your personal data primary for the establishment of a membership network and event organisation.

Legal basis

Personal data will only be processed if it is necessary and if there is a legal basis. We will primarily seek the consent of the individuals concerned, unless this is excluded for factual reasons and/or there is another legal permission that justifies the processing.

• Thus, as the processing is based on the consent of the person concerned, Article 6 (1) a GDPR is the legal basis for it.

Purpose of data processing

In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users and members takes place only with the consent of the interested party. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

This data protection declaration applies to the website of the ISyN initiative of the LIR gGmbH, which links to this text. This data protection declaration applies to the internet offer www.isyn-mainz.de and the contents offered there. For content from other providers, for instance accessible via links, the terms and data protection policies of their websites apply.

Our website contains contact information and pictures of ISyN team members who have given their consent.

Interested external parties can become a member of ISyN and sign up for a membership via our website after they have given their consent. We are therefore processing personal data from external parties. Members can login into the intranet of our website, can be contacted by the ISyN team members and other ISyN members and maybe also by external parties if wanted (voluntary). Members can register for events organized by ISyN and will be informed about upcoming events via their contact details.

Type of data that is processed:

• For customer inquiries/interested parties: contact details such as name, affiliation, e-mail address, and eventually a portrait picture;

Data erasure and storage duration

In case of the purpose of the data processing ends personal data of the data subject will be deleted or blocked. There might be a duty of storage imposed by European or national laws or regulations. If persons revoke their membership, we will delete the corresponding personal data immediately.

 

Forwarding to another provider

If links to contents of other websites are used on our website, this is recognizable by an appropriate symbol or a text hint. Use of these offers may be subject to conditions other than those described in this data protection declaration.

Cookies, reach analysis, and tracking

As part of the content management system used to provide this website, so-called “session cookies” are used. These are required to provide certain content in the desired manner. These session cookies are deleted after closing your browser.

When using external content via www.isyn-mainz.de, for example, in the case of linking to other sites, third-party cookies may be used by their offer. It is not possible for us to explicitly mention those cookies. The current browsers allow you to set the processing of such cookies, so that you can disable the storage of these cookies or set the type of processing by your browser or delete these cookies.

The ISyN initiative does not use another form of tracking analysis or cookies.

Social plugins

This website does not use mechanisms that automatically provide information to social media service providers when visiting our service (social plugins).

Any redirections to providers of social media services such as Youtube, Facebook etc. are exclusively via link, so that data about your visit of our website (e.g., IP addresses, time stamps, URL) or on existing data on your device (e.g., cookie information)  is transferred to the those providers only with a conscious use of the link on our website.

E-mail contact

On the website, contact via the provided e-mail addresses is possible. We are only providing the contact detail and a contact via this website is not possible.

In this case you contact us by e-mail, your transmitted personal data will be processed. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing is:

• For the processing of the data after registration for the newsletter by the user: consent by the user according to Article 6 (1) a GDPR.
• If the e-mail contact aims to conclude a contract, the additional legal basis for the processing is Article 6 (1) b GDPR.

If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or there exists no other legal basis for processing of the data.

Registration forms

The processing of personal data from an input mask (online form, e.g., for event registration/membership for ISyN) serves us to be able to contact you and to register for our events.

The legal basis for the processing is for the processing of the registration data by the user is his consent according to Article 6 (1) lit. a GDPR.

In the case of registration via online forms, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection or there exists no other legal basis for processing of the data.

The user can revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.

Service providers

Some of the aforementioned processes or services are executed by carefully selected external service providers. We transfer and receive personal data of only on the basis of a separate data protection agreement for processors (according to Article 28 GDPR[SZ9] ). If the seat of a service provider is located outside the European Union, a transfer of data to a third country takes place. With these service providers, the respective data protection agreements for the establishment of an adequate level of data protection are contracted and corresponding guarantees agreed.

Rights of the data subject

As far as one’s personal data are processed, one is according to the GDPR a so-called data subject. If you are the data subject, you have the following rights listed below. The right to negative information is added if we have not saved anything about you.

Information to be provided were personal data is collected

In addition to providing information on whether any data has been stored about you, you have a general right to information. When we are processing your personal data, you can request the following information:

According to the legal wording according to Article 15 GDPR we will inform you upon request about:

• the purposes for which the personal data is processed
• the categories of personal data that are processed
• the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed
• the planned duration of the storage of your personal data
• if specific information is not possible, criteria for determining the duration of storage;

Furthermore, we provide you with information about your rights. These are detailed below. You have a right to rectification (Article 16 GDPR) or a right to erasure (Article 17 GDPR) of your personal data. In addition, you have the right to restriction of processing by the controller (Article 18 GDPR) or a right to object to such processing (Article 21 of the GDPR). You have also the right to complain to a supervisory authority (Article 77 DS-GVO).

We also inform you about all available information on the origin of the data, if the personal data are not directly collected from the data subject (Article 14 GDPR).

We will generally not use profiling and will not use your data for automated decision-making in accordance with Article 22 (1) and (4) GDPR.

You also have the right to know whether your personal information is being transferred to a third country or to an international organization. If this is the case, we will inform you about the appropriate guarantees according to Article 46 GDPR regarding the third-country transfer.

Right to rectification

The right to rectification (Article 16 GDPR) and the new right to completion of data are guaranteed if personal data about you is incorrect or incomplete. The correction will be made immediately, which means without any undue delay by us.

Right to restriction of processing

You have the right to restrict the processing of your personal data (Article 18 GDPR). In this case, your data will only be saved and no longer used. According to the law you can assert this right if:

• you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
• the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of personal data;
• if the controller no longer needs personal data for the purposes of processing, but you need them for asserting, exercising or defending legal claims, or if you have lodged an objection to the processing according to Article 21 (1) GDPR and one has to check whether there are other legitimate reasons data processing.

If the processing of your personal data has been restricted, these data may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of major public interest by the Union or a Member State.

As soon as we would like to continue to process the data again, i.e. the restriction of the processing would be cancelled, you will be informed.

Right to erasure

You have the right to request the erasure of your data (Article 17 GDPR) if one of the following cases applies.

We will delete your personal data without undue delay,

• if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
• if you revoke your consent to the processing in accordance with Article 6 (1) a or Article 9 (2) a GDPR and there is no other legal basis for processing
• if you according to Article 21 (1) GDPR object to the processing and no other justifiable reasons for the processing exist, or you according to Article 21 (2) GDPR object to the processing
• if your personal data have been processed unlawfully
• if the erasure of your personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject to
• if the personal data relating to you have been collected in relation to information society services offered pursuant to Article 8 (1) GDPR

Right to be forgotten

If the controller has made the personal data relating to you public and is in accordance with Article 17 (1) GDPR required to erase them, the controller will, by taking the currently available technology into account as well as the implementation costs, inform all instances that are processing the data about your request to delete any links to such personal data as well as copies and replications.

Exceptions to the right of erasure

The right to delete may be restricted. This is the case if the data is required for the following purposes:

• to exercise the right to freedom of expression and information;
• to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject to, or to carry out a task which is in the public interest or in the exercise of public authority delegated to the controller;
• for reasons of public interest in the field of public health according to Article 9 (2) h and i as well as Article 9 (3) GDPR;
• for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR;
• to assert, exercise or defend legal claims;

Right to notification obligation

If you, as the data subject, exercise the right to rectify, delete or restrict data processing, we as controllers are required to notify each recipient to whom the relevant personal data have been disclosed of the correction or deletion of the data or restriction of processing by the data subject (Article 19 GDPR). However, this does not apply if this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability

You, as the data subject, have the right to request the personal data that you have given to a controller in a structured, standard and machine-readable format (Article 20 GDPR).

Added to this is the right to send this data to a third party of your choice. The controller will not prevent you from transferring the data to the new person responsible, provided that the processing is based on a consent in accordance with Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract according to Article 6 (1) b GDPR the processing is done using automated procedures.

As far as this is technically feasible and the liberties and rights of other persons are not affected by this, you also have the right that your personal data will be transferred directly from the original person responsible to the new person in charge.

However, the right to data portability does not apply in all cases. An example would be if the processing of your personal data is necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.

Right to object

In several situations, you are entitled to a right of objection (Article 21 GDPR) against data processing. You are therefore informed that you have the right to object the processing of your personal data at any time, which was based on Article 6 (1) a and e GDPR or Article 9 (2) a and file your opposition with the controller. In this case, your personal data will no longer be processed, unless the person responsible can prove that there are compelling legitimate reasons that outweigh your interests as a data subject and your rights and freedoms. Likewise, processing may continue if it serves to assert, exercise or defend legal claims.

If the processing of your personal data serves direct marketing purposes you continue to have the right to object at any time to this processing for such advertising.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You may object to the processing of personal data relating to you for scientific or historical research purposes or for statistical purposes under Article 89 (1) GDPR, unless such processing is necessary to fulfil a task of public interest.

Right to withdraw the data protection consent declaration

You have the right to withdraw your consent at any time without giving reasons. The revocation is valid only for the future. This means that by revoking the declaration of consent, the previous processing, until receipt of the revocation of the consent, is not unlawful.

Automated decision-making on a case-by-case basis, including profiling

You have the right not to be subjected to a decision-making process based solely on automated processing in so far as it has a legal effect or similarly affects you in a substantial way (Article 22 GDPR). This also applies to so-called “profiling”.

We generally will not use personal information for profiling or automated decision making.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for you is that of your place of residence. In addition, you are free to assert any other remedies from administrative or civil courts.

The supervisory authority with which you filed your complaint will be pleased to inform you of the current status of the results and to provide you with any legal remedies.

Changes to the data protection declaration

We reserve the right to update our Data Protection Declaration as required and publish it here. The updated statement will become effective upon publication, subject to applicable legislation. If we have already collected data about you that are affected by the change and/or are subject to a statutory information obligation, we will also inform you about significant changes to this data protection declaration.

 Additional data protection declarations (DPD)

• DPD for memberships
• DPD for event registrations

Hosting of the website

The website is hosted by the following company using appropriate guaranties (based on a data protection agreement according to Article 28 of the GDPR):

1&1 IONOS SE

Elgendorfer Straße 57

56410 Montabaur