Thank you very much for your interest in the work of ENSHPO,
At this point we would like to inform you about the data protection when visiting our website. The protection of your privacy and your personal data is important to us. We want to collect and process personal data about you only with your knowledge or consent. You will learn what information we may store and for what purposes we use it. We undertake to observe data protection in accordance with the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 27
April 2016on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
This data protection declaration informs in accordance with the data protection regulations about the data collection from the data subject, in particular with regard to Article 13, Information to be provided where personal data are collected from the data subjectand the associated processing of personal data when visiting our website.
Name and address of responsible bodies
The person responsible within the meaning of theDirective 95/46/EC (General Data Protection Regulation) and other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is the:
The European Network of Safety and Health Professional Organisations (ENSHPO) e.V. Management Board
Chair: Ralf Giercke, Vicechair: Claudio Munforti
Finance+ PR: Mireya Rifa Fabregat
ENSHPO Office: Bracheweg 11 – 23569 Lübeck – GERMANY
Phone: +49 611 15755 – 44
fax: +49 611 15755-79
Each person concerned can contact us at any time with all questions and suggestions regarding data protection.
Collection and processing of personal data
Personal data is information that can be used to identify a person or describe his or her behaviour,
i.e. information that can be traced back to a person. This includes, among other things, the name, e- mail address or telephone number, but also data such as the IP address or websites visited.
In accordance with the principle of data minimisation, we only process personal data if this is absolutely necessary for the purposes described in this data protection declaration or for the fulfilment of a purpose desired by you. Your personal data will not be passed on to third parties unless this is necessary and without your consent. We use your personal data to process your order, to answer your enquiry or to provide you with access to special information and offers.
Access data / server log files
When visiting the website, data is collected about each access to the offer (so-called server log files). This includes access data:
Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
We use this technical access information on the basis of Article 6, Lawfulness of processing (legitimate interest) exclusively to improve the attractiveness and usability of our websites and to detect technical problems and malfunctions on our website at an early stage. The data is stored for a period of 4 weeks.
Use of the contact form / Contact us
You can easily and conveniently contact us via a form. When using the contact form, personal data will only be collected to the extent provided by you. You are free to use our contact form without providing any personal data.
All information is provided voluntarily and is collected directly from you as the person concerned. Your voluntarily provided personal data will be stored for the purpose of processing your request as well as any follow-up questions that may arise and for establishing contact as may be required in this context. This personal data will not be passed on to third parties.
The same applies to contacting us by e-mail, telephone or post. Please note that any further data resulting from the chosen communication channel (e-mail address or transmitted telephone number) may be required.
The data are processed on the base of Article 6, Lawfulness of processing (consent) for voluntary data and Art. 6 para. 1 lit. (Legitimate interest) for the use of the data for processing the request.
The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Please note that encrypted and/or signed communication may not be possible via the contact channels provided. For the dispatch of sensitive information it is recommended to use the post office.
If you contact us by e-mail, we process your personal data transmitted with the e-mail to process the request and in the event that follow-up questions arise.
The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR (legitimate interest). There is a necessary legitimate interest to use the information for the processing of your request. If the data processing is carried out to carry out pre-contractual measures, which are carried out at your request, or within the framework of your existing membership, the legal basis for this data processing is Art. 6 Para. 1 lit. b GDPR (fulfilment of contract). We only process further personal data if you explicitly consent to this.
The data will not be passed on to third parties in this context. The data will only be used to process your request.
The personal data transmitted by e-mail will remain with us until the purpose for data storage no longer applies (e.g. after the processing of your request has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Please note that encrypted and/or signed communication may not be possible via the contact channels provided. For sending sensitive information it is recommended to use the postal service.
Application for membership via our homepage and member area
You have the possibility to apply for membership electronically via our homepage. The personal data that is collected in the process is determined by the respective input mask that is used for the application. Mandatory information is marked accordingly and must be provided in full. All other information is optional.
The personal data given there will be collected and stored for the purpose of processing the application for the necessary duration. If an application is accepted, the data will be stored for the period of membership for the purpose of membership administration and support (fulfillment of contract pursuant to (Art. 6 para. 1 lit. b GDPR) and can be viewed, processed and supplemented via a log-in in the member area of our website. Access to the log-in of the member area is protected by a password. When you submit an application via our homepage, the IP address assigned by your Internet Service Provider (ISP), the date and time of registration are also saved. These data are stored against the background that this is the only way to prevent misuse of our services and, if necessary, to enable criminal offences to be investigated. In this respect, the storage of this data is necessary to safeguard the data controller (justified interest pursuant to Art. 6 para. 1 lit. f GDPR). These data will not be passed on to third parties unless there is a legal obligation to do so or the data is used for criminal prosecution. An automated profile formation by us based on your behaviour or other information does not take place.
Disclosure of data to third parties
In principle, we use your personal data only within our association. If and to the extent that we involve third parties in the performance of contracts, this personal data will only be used to the extent that the transfer is necessary for the corresponding service. In the event that we outsource certain parts of the data processing (“order processing”), we contractually oblige order processors to use personal data only in accordance with the requirements of the data protection laws and to guarantee the protection of the rights of the person concerned.
A data transfer to places or persons outside the EU does not take place and is not planned.
Registration in our member area
Every member gets access to the internal member area on our homepage. The registration takes place via a personal identification and an individual password.
The personal data entered by the data subject shall be collected and processed exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be disclosed to one or more processors, who shall also use the personal data exclusively for internal purposes attributable to the controller.
By logging on to the Members’ Area on the website of the data controller, the IP address assigned by the Internet Service Provider (ISP) to the data subject, the date and time of registration are also stored. This data is stored in order to prevent misuse of our services and, if necessary, to enable us to investigate criminal offences that have been committed. In this respect, the storage of this data is necessary to safeguard the data controller. These data will not be passed on to third parties unless there is a legal obligation to do so or the data is used for criminal prosecution.
The registration of the data subject serves the purpose of the data controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to members. In this way, data subjects have the opportunity to initiate the modification of their data. Within the scope of registration in the member area, the processor also offers a partner program with product partners. Every member has the possibility to participate in this program. For this purpose, contact data will be passed on to the product partners to make an appointment, with the express consent of the persons concerned.
With the newsletter we inform you about us and our offers. If you would like to receive the newsletter, we need a valid email address from you and information that allows us to verify that you are the owner of the email address provided or that the owner agrees to receive the newsletter.
Further data will not be collected. This data will only be used to send the newsletter and will not be passed on to third parties. With the registration to the newsletter we store your IP address and the date of the registration. This storage serves solely as proof in the event that a third party misuses an email address and registers for receiving the newsletter without the knowledge of the authorised party. You can revoke your consent to the storage of your data, your email address and its use to send the newsletter at any time. The revocation can be made via a link in the newsletters themselves, in your profile area or by sending a message to the contact options listed above.
The processing of the data entered when registering for the newsletter takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, e-mail address and their use to send the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data that you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after unsubscribing from the newsletter.
Integration of third-party services and content
It may happen that contents of third parties, such as videos from YouTube, map material from Google Maps, RSS feeds or graphics from other websites are integrated within this online offer. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the user. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. However, we have no influence on whether the third party providers store the IP address for statistical purposes, for example. As far as this is known to us, we inform the users about it.
This processing is carried out on the basis of a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Some of our Internet pages use so-called cookies. Cookies are small text files that are stored on your computer by your browser. Session cookies are only stored for the duration of the access and are automatically deleted when the browser is closed. These cookies do not contain any personal data, but merely identify the browser with which the website is accessed. They serve to make our offer more user-friendly, more effective and safer.
Other cookies make it possible to store on the user’s access device (PC, Smartphone, etc.) specific information related to the device, even after a session. They are used, for example, to store page settings for future website visits. These cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser during your next visit.
Cookies which are necessary for the execution of the electronic communication process or for the provision of certain functions requested by you (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f (legitimate interest) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.
Most browsers are set to accept cookies automatically. The storage of cookies can be deactivated in the browsers or set so that a notification is sent as soon as cookies are sent.
Deletion of personal data
We store the personal data of the person concerned only for the period of time necessary to achieve the storage purpose. If the storage purpose no longer applies or if a storage period expires, the personal data will be deleted in accordance with the statutory provisions.
As the person concerned, you have the fundamental right to information about which personal data about you has been stored. If your request does not conflict with a legal obligation to store data, you have the right to correct incorrect data and to delete or restrict the processing of personal data. If the processing is based on a consent (pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), this consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. In addition, you have the right to data transfer.
Legal basis for processing
Art. 6 I lit. a GDPR serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose.
Art. 6 I lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 I lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 I lit. f GDPR shall serve as the legal basis for the processing.
Security of your data
The data you transmit to us will be protected by suitable technical and organizational means to protect it from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously monitored and improved in line with technological developments and organisational possibilities.