We are very pleased about your interest in our association. Data protection is of a particularly high priority for the management of the BISYOC – European Intercultural Youth Orchestra e.V.. The use of the Internet pages of the BISYOC – European Intercultural Youth Orchestra e.V. is possible without any indication of personal data. However, if a data subject wants to use special services of our association via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation, and in accordance with the country-specific data protection regulations applicable to the BISYOC – European Intercultural Youth Orchestra e.V.. By means of this data protection declaration, our association would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, the BISYOC – European Intercultural Youth Orchestra e.V. has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
The data protection declaration of the BISYOC – European Intercultural Youth Orchestra e.V. is based on the terms used by the European Data Protection Supervisor when adopting the Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this data protection declaration:
(a) Personal Data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) Data Subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling shall mean any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or Data Controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
j) Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent shall mean any freely given specific and informed indication of the data subject’s wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her. 2.
2. Name and Address of the Data Controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
BISYOC European Intercultural Youth Orchestra e.V.
c/o Jonas Boesken
Zwischen den Baechen 9
79618 Rheinfelden (Baden)
E Mail: firstname.lastname@example.org
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
4. Registration as an Association Member or Registration on the Alumni Site
The data subject has the possibility to register on the website of the controller by providing personal data in order to (a) become a member of the association or (b) become a member of the alumni network. In doing so
(a) name, e-mail address, date of birth, gender, postal address, amount of membership fee, payment method (if direct debit is chosen: IBAN and BIC), as well as musical instruments played (optional information)
(b) name, e-mail address, country of origin, as well as information on previous participation in the BISYOC European Intercultural Youth Orchestra e.V. or its predecessor
of the data subject.
The registration of the data subject by providing personal data serves the purpose of the controller to offer the data subject content or services which, by their nature, can only be offered to registered users. The personal data entered by the data subject is used to
(a) contacting, registering and enabling the association’s activities.
(b) contacting, documenting, determining membership eligibility, as well as for exchange purposes with other members.
The legal basis for data processing is therefore Art. 6 para. 1 b DSGVO. The processing of data provided voluntarily is based on Art. 6 para. 1 a DSGVO, the consent of the data subject is explicitly stated.
The controller may arrange for the data to be transferred to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for an internal use attributable to the controller.
By registering on the website of the controller, the IP address assigned by the internet service provider (ISP) of the data subject, the date as well as the time of registration are also stored. The storage of this data takes place against the background that only in this way can the misuse of our services be prevented and, if necessary, this data makes it possible to clarify criminal offences that have been committed. In this respect, the storage of this data is necessary for the protection of the data controller and is carried out on the basis of Art. 6 para. 1 f DSGVO. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
Based on Art. 7 (4) and Art. 17 (1) b DSGVO, the data subject may at any time revoke his or her consent and request the deletion of the stored data that was collected on a voluntary basis, without affecting the lawfulness of the processing carried out up to that point.
Pursuant to Art. 21 (1) and Art. 17 (1) c DSGVO, the data subject has the right to object at any time to the collection of data without explicit consent and to request the deletion of the stored data.
The stored data will be deleted at the end of the respective calendar year after the purpose for which it was collected has ceased to exist. This is usually the case when a member leaves the association or the alumni network. The data may be stored for a longer period of time if the data controller is legally obliged to do so or if the data is required for the assertion, exercise or defence of legal claims within the meaning of Art. 17 (3) e DSG. Art. 17 para. 3 e DSGVO are required.
5. Subscription to our Newsletter
On the website of the BISYOC – European Intercultural Youth Orchestra e.V., users are given the opportunity to subscribe to our enterprise’s newsletter. For this purpose, the name and e-mail address of the data subject are requested and stored. A confirmation e-mail is sent to the e-mail address specified by the data subject using the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address as the data subject has authorised receipt of the newsletter and has thus given their consent pursuant to Art. 6 (1) f DSGVO.
This personal data collected in the context of a subscription to the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties.
The subscription to our newsletter can be cancelled by the data subject at any time. Pursuant to Art. 7 (4) and Art. 17 (1) b DSGVO, the consent to the storage of personal data that the data subject has given us for the newsletter mailing can be revoked at any time and the deletion of the data can be requested. For the purpose of revoking consent, a corresponding link can be found in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter mailing at any time directly on the website of the controller or to inform the controller of this in another way.
When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration, as assigned by the Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves the legal safeguarding of the controller and is carried out on the basis of Art. 6 (1) f DSGVO.
Pursuant to Art. 21 (1) and Art. 17 (1) c DSGVO, the data subject has the right to object at any time to the collection of data without explicit consent and to demand the deletion of the stored data.
The collected data is automatically deleted as a result of unsubscribing from the newsletter mailing. Data may be stored for a longer period if the controller is legally obliged to do so or if the data is required for the assertion, exercise or defence of legal claims within the meaning of d. Art. 17 para. 3 e DSGVO are required.
6. Newsletter Tracking
7. Contact Possibility via the Website
8. Routine Erasure and Blocking of Personal Data
9. Rights of the Data Subject
a) Right to Confirmation
b) Right of Access
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of the right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the controller, or the right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: Any available information on the origin of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in relation to the transfer.
c) Right of Rectification
d) Right to Erasure (Right to be Forgotten)
- The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
- The data subject revokes the consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) DS-GVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) DS-GVO.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to information society services offered pursuant to Article 8(1) DS-GVO.