Ru

Donate

Participation in Events of Civil Society Forum e.V. (CSF)

Overview of the processing of personal data when participating in an event on site or online​

Civil Society Forum e.V.
Badstraße 44
13357 Berlin
+49(0)30 460 645 40
privacy(at)csf-ev.org

In this context, we generally process the following categories of personal data: name, email address (private or business), telephone number (private or business), organisation, position, address (business). We process your data for the following purposes in particular:

  • Organisation and execution of the event
  • Communication related to the event
  • Documentation of event outcomes
  • Public relations and external representation of the event
  • Networking and contact management

The data processing described above is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract, organisation of events) and Art. 6(1)(f) GDPR (protection of legitimate interests, based on our interest in preparing the event in the best possible way).

Some of our events are held as hybrid events or purely as online meetings/conferences. Hybrid events offer the option of participating on site or virtually. Below you will find the necessary information for online participation in both hybrid events and purely online meetings. Online participation in a hybrid event is the same as participating in an online meeting.

If you are participating in the event online, participation is usually via the online meeting software ‘Zoom’. ‘Zoom’ is a service provided by Zoom Video Communications Inc., which is based in the USA. The service of the online meeting software is provided to us as order processing.

In this context, we generally process the following categories of personal data: name, email address (private or business), telephone number (private or business), organisation, position, address (business). We process your data for the following purposes in particular:

 

  • Personal details: first name, surname, telephone number, email address, password, profile picture, department.
  • Meeting metadata: topic, description, participants’ IP addresses, device/hardware information. For recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of all online meeting chats
  • Text, audio and video data: You may have the option of using the chat, question or survey function in an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting and, if necessary, to log them.

 

The provision of your data is voluntary. However, some of the data mentioned is necessary for the event to take place and is therefore marked as mandatory. The provision of this data is mandatory for participation in order to enable the event to take place.
The provision of other data is voluntary, but may be necessary for the use of certain services or functions. This data is also marked as mandatory. Failure to provide the mandatory information will result in the relevant service or function not being provided. In the case of optional data, failure to provide it may mean that we are unable to provide the online meeting in the same form and to the same extent as usual.

At some events, we will take photographs and/or make video recordings for public relations purposes. If this is the case, we will inform you at the latest at the beginning of the event. As a rule, photographs and video recordings will be taken of individuals who play a special role (e.g. speakers, moderators, etc.) or show groups of participants and convey the atmosphere of the event.

We may publish these photos and/or videos

  • on the CSF website,
  • on our social media pages such as LinkedIn, Facebook and Instagram,
  • to create a photo recap or highlight video of the event.

If you do not wish to appear in these photos or videos, please inform the photographer.

 

The legal basis for the processing is, as a rule, your consent in accordance with Art. 6(1)(a) GDPR, which we obtain before or at the start of the event. In addition, the processing may be based on Art. 6(1)(f) GDPR (legitimate interests in documenting the event with photographs for public relations purposes and using them for information and representation). You may withdraw your consent at any time with effect for the future and you may object to processing based on legitimate interests.

Some of our events are recorded for public relations purposes, to make the event accessible to interested parties in other locations or at a later date, or simply for our own documentation of the event. If this is the case, we will inform you of this at the latest at the start of the event. If you are participating online, you will be notified of the recording in the online meeting software itself.

 

If you do not wish to appear in the recordings, we kindly ask you to either position yourself at the venue in such a way that the camera cannot capture you or, if participating online, to turn off the camera on your device.

 

The legal basis for the processing is, as a rule, your consent in accordance with Art. 6(1)(a) GDPR, which we obtain before or at the start of the event. In addition, the processing may be based on Art. 6(1)(f) GDPR (legitimate interests in documenting the event for public relations purposes with film recordings and using these for information and representation). You may withdraw your consent at any time with effect for the future and you may object to processing based on legitimate interests.

Some of our events use the platform Luma (lu.ma), operated by Luma Labs, Inc., 548 Market Street, San Francisco, CA 94104, USA, for online registration and ticketing. When you register for or purchase a ticket to such an event, Luma processes the following categories of personal data on our behalf: name, email address, ticket and registration details (such as the event selected, ticket type, and the date and time of registration), and, where applicable, any optional information you provide in the registration form. When you access a Luma event page, Luma additionally processes log data (such as IP address and browser information) and uses cookies in accordance with its own privacy policy (https://luma.com/privacy-policy).

 

For paid events, payment processing is handled by Stripe, operated in the European Economic Area by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. When you pay for a ticket, your payment details (such as cardholder name, card number, expiry date, and security code) are entered directly into a payment form provided by Stripe; this data is captured and processed by Stripe and is not stored by Luma or by us. We receive only the information necessary to confirm payment and to issue an invoice (such as name, billing address, payment status, and transaction reference).

 

The legal basis for processing your data in connection with registration and ticket purchase is Art. 6(1)(b) GDPR (performance of the contract concluded by your registration or ticket purchase). Insofar as we are required to issue and retain invoices and payment records under tax and commercial law (in particular §14 and §14b UStG, §147 AO, §257 HGB), the legal basis is additionally Art. 6(1)(c) GDPR (compliance with a legal obligation).

If you have registered for the event via a website, you also have the option of voluntarily subscribing to the newsletter or mailings for future events and activities. Or you will be asked in the registration form for voluntarily subscribing to the newsletter. After registering, you will receive an email in which you must confirm your email address for verification purposes (known as the double opt-in procedure).


The legal basis for storing your email address and sending you information is your consent in accordance with Art. 6 (1) (a) and Art. 7 GDPR, which you can revoke at any time with future effect. An easy way to revoke your consent is to use the unsubscribe link provided in every email.

We use the email address you provided when registering for an event organised by CSF to inform you about our own similar event formats. You will receive these event recommendations regardless of whether you have subscribed to our newsletter. In this way, we want to send you information about events and topics that may be of interest to you based on your previous registrations for our events. If you do not wish to receive this information, you can object at any time. An informal message sent to privacy(at)csf-ev.org is sufficient.

The legal basis for the data processing described is Article 6(1)(f) GDPR (balancing of interests, based on our interest in sending advertising to existing contacts) and Section 7(3) UWG (processing of your email address for direct advertising).

Within CSF, only persons who need your data to perform the tasks assigned to them will have access to it.

In addition, service providers or other persons who support us in the performance of our tasks may also have access to your data. These are service providers or persons in the following categories:

 

  • Hosting service providers for the operation of our servers (IONOS)
  • Service providers for the registration process (SeaTable GmbH)
  • Service providers for online event registration and ticketing (Luma Labs, Inc., USA)
  • Service providers for payment processing (Stripe Payments Europe, Ltd., Ireland)
  • Service providers for the provision of a video conferencing system (Zoom)
  • Email delivery service providers for sending emails (Intuit, MailChimp)
  • Other companies necessary for the organisation of the event, such as hotels, tour operators, airlines, etc.
  • Speakers for preparing for an event

 

Service providers used by us must meet special confidentiality requirements. They only have access to your data to the extent and for the period necessary to perform their tasks.

For certain service providers such as Intuit, Mailchimp (USA) for newsletter distribution or Zoom as video conferencing system data may be transferred to the USA under appropriate safeguards in accordance with Art. 46 GDPR (Standard Contractual Clauses). Intuit (Mailchimp) and Zoom Video Communications Inc. are certified under the EU-U.S. Data Privacy Framework. This ensures that these services provide an adequate level of data protection when processing data in the United States.

 

Luma Labs, Inc., which we use for online event registration and ticketing, is based in the USA. Personal data transferred to Luma is processed in the USA on the basis of the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. Luma Labs, Inc. is, to our knowledge, not currently certified under the EU-U.S. Data Privacy Framework. Payment processing is provided by Stripe Payments Europe, Ltd. (Ireland); insofar as data is transferred to Stripe, Inc. in the USA in the course of providing the payment service, the transfer takes place on the basis of the EU-U.S. Data Privacy Framework, under which Stripe, Inc. is certified, and additionally on the basis of the EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

 

Beyond this, no personal data will be transferred to countries outside the EU or EEA.

Data processed in connection with participation in the event is deleted as soon as it is no longer required for the performance of the contract – at the latest three years after the end of the event – unless statutory retention periods require longer storage.
If you have subscribed to our newsletter or consented to our mailing list, we will store your name and email address until you revoke your consent. We also store the data we need to prove your consent to the newsletter until the expiry of the three-year limitation period.

 

Insofar as we are required by tax and commercial law to retain invoices and other accounting records relating to paid event participation (in particular §14b UStG, §147 AO, and §257 HGB), the corresponding data is stored for the applicable statutory retention period (currently eight years for booking vouchers and invoices), beginning at the end of the calendar year in which the record was created.

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR in the processing operations described in this notice.

Under the GDPR, data subjects have the following rights:

 

  • Right to access (Art. 15 GDPR): The right to obtain information about the personal data being processed.
  • Right to rectification (Art. 16 GDPR): The right to request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): The right to request deletion of data under certain circumstances.
  • Email delivery service providers for sending emails (Intuit, MailChimp)
  • Right to restriction of processing (Art. 18 GDPR): The right to request restriction of data processing under specific conditions.
  • Right to data portability (Art. 20 GDPR): The right to receive data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): The right to object to the processing of data if based on legitimate interest.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): The right to file a complaint with a data protection supervisory authority.
  • Right to withdraw consent: The participant has the right to withdraw their consent at any time with future effect, without affecting the lawfulness of the processing carried out based on the consent before the withdrawal. The easiest way to withdraw your consent is to send an email to privacy(at)csf-ev.org.
Civil Society Forum event banner
Donate

Join us

We are always open for collaborations. Whether you’re working directly with human rights defenders, supporting them through research, funding or advocacy, get in touch with us.

Want to become a member of the Civil Society Forum?

Just drop us a message stating the organisation you represent and a brief description of your motivation. We’ll follow up with the application form and other details and gladly answer any questions you may have.