Datenschutzerklärung

The controller within the meaning of Art. 4 (7) GDPR is:

EuDiSo e. V.
TODO: Straße Hausnummer
TODO: PLZ Ort — Germany
Email: TODO: privacy@eudiso.eu (or equivalent)

TODO: Name + contact of DPO if appointed, otherwise: 'No data protection officer has been appointed because we are not legally required to do so.'

We process personal data only on a lawful basis under Art. 6 GDPR, transparently, and limited to what is necessary for the stated purposes. Data stays within the European Union. We do not use any US-hosted cloud services for operating this website.

This website is hosted on servers operated by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany — within the European Union.

When you visit this website, our server automatically processes technical access data (so-called server log files):

• truncated IP address
• date and time of the request
• requested URL and HTTP status code
• user agent and referrer (if transmitted)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a stable, secure operation of the website). Storage period: TODO: e.g. 14 days, then automatic deletion.

This website uses only strictly necessary cookies that are required for the operation of the site (e.g. session cookies after login, locale preference). No tracking, no analytics, no advertising cookies. A cookie banner is therefore not required.

When you use our contact form, the data you enter (name, email, message, and any other fields you provide) is transmitted via TLS and stored in our PostgreSQL database on the same EU-hosted server for the purpose of processing your request.

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures / communication) or Art. 6 (1) lit. f GDPR (legitimate interest in answering inquiries). Storage period: TODO: e.g. deleted after 12 months, unless a longer retention is required by law or for ongoing matters.

If you apply to become a member or use our member portal, we process:

• your name, email, organization and role
• credentials (password hashes, TOTP secrets for MFA)
• log-in timestamps for security and audit purposes
• information you submit in working groups or profile pages

Legal basis: Art. 6 (1) lit. b GDPR (performance of the membership contract) and Art. 6 (1) lit. c GDPR (legal obligations, e.g. accounting). Storage period: for the duration of the membership plus the statutory retention periods.

Transactional emails (registration, password reset, notifications) are sent via an EU-based SMTP provider: TODO: SMTP provider name + legal entity + EU location.

Legal basis: Art. 6 (1) lit. b and f GDPR. A data processing agreement pursuant to Art. 28 GDPR is in place with the provider.

We work with the following processors under Art. 28 GDPR:

• Hetzner Online GmbH (hosting, Germany)
• TODO: SMTP provider (if used)
• TODO: Backup storage provider (e.g. Hetzner Storage Box)

We do not transfer personal data to third countries outside the EU/EEA.

You have the following rights under the GDPR:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on legitimate interest (Art. 21 GDPR)
• Right to withdraw consent with effect for the future, where processing is based on consent (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) — in Germany, typically the state data protection authority where you reside or where we are based: TODO: competent supervisory authority

To exercise your rights, contact us at TODO: privacy@eudiso.eu.

We may update this privacy policy to reflect changes to our processing activities or legal requirements. The current version is always available at /privacy.