Für nur 85 EURO im Jahr – Werden Sie DAASM Mitglied und blicken Sie mit uns über den Tellerrand.
Data Protection Policy & Privacy
Data Protection Policy
The „DAASM“ website can be used without submitting any personal data. However, if the data subject is to make use of certain services, processing of personal data may become necessary. If this is the case, and there is no legal basis for such processing, then „DAASM“ shall obtain the consent of the data subject.
The processing of personal data, for example the name, address, email address and telephone number of the data subject, is always conducted in accordance with the General Data Protection Regulation (GDPR) and with country-specific data protection legislation applicable to “DAASM”. This data protection policy is intended to inform the general public on the nature, scope and purpose of personal data captured, used and processed by „DAASM“– and to explain the corresponding rights of the data subject.
As the data controller, „DAASM“ has implemented a number of technological and organisational measures to ensure robust protection of the personal data processed via the „DAASM“ website. Nevertheless, transmission of data via the Internet is subject to vulnerabilities; therefore, absolute and total protection cannot be guaranteed. For this reason, the data subject can choose to provide personal data to „DAASM“ by alternative methods, for example by telephone.
a) Personal data
b) Data subject
d) Restriction of processing
g) Data controller
j) Third party
2. Name and address of the data controller
4. Capture of general data and information
5. Use of social media plug-ins
- b) Facebook
c) Google Plus
- f) Reddit
- g) LinkedIn
- h) Tumblr
Contacting „DAASM“ via the website
- SSL encryption
8. Routine erasure and blocking of personal data
9. Rights of the data subject
a) Right to confirmation
b) Right of access by the data subject
c) Right to rectification
d) Right to erasure (right to be forgotten)
e) Right to restriction of processing
f) Right of data portability
g) Right to object
h) Automated individual decision-making, including profiling
i) Right to withdraw consent
- j) Right of appeal
Legal basis for data processing
11. Legitimate interests of the controller or third party regarding the processing of data
12. Period for which personal data may be stored
13. Statutory or contractual requirements to provide personal data; or as a prerequisite for conclusion of a contract; obligation on the part of the data subject to provide personal data; possible consequences of failure to provide such data
14. Automated decision-making
“DAASM” data protection policy is based on the terminology employed by the European legislature for its General Data Protection Regulation (GDPR). “DAASM” data protection policy is intended to be easy to read and understand for the general public, for our customers, and our business partners. To achieve this aim, we would like to explain the terminology used in advance. The terms used in this data protection policy include, but are not limited to, the following:
- a) Personal data
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- b) Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
- c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
- e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- g) Data controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- i) Recipient
Recipient means a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
- Name and address of the data controller
The data controller is:
Deutsche Akademie für Angewandte Sportmedizin (DAASM)
Am Graben 1
phone: +49 4131. 287460-0
Dr. med Dr. disc.pol. Homayun Gharavi
Many cookies include a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific web browser to which the cookie was saved. This enables the visited websites and servers to distinguish the specific browser of the data subject from other browsers that contain other cookies. A specific web browser can be recognised and identified by its unique cookie ID.
The data subject can prevent cookies from being installed by adjusting the settings on their web browser software accordingly. Moreover, existing cookies can be deleted at any time via a web browser or other software. This is possible with all leading browsers. The data subject should be aware, however, that by doing so they may not be able to make full use of all the functions of our website.
- Capture of general data and information
The „DAASM“ website captures a variety of general data and information each time the website is visited. This data and information is stored in server log files. This data and information may include the type and version of browser used, the operating system, the website which linked the data subject to our website (referrer URL), the individual website pages accessed, the date and time of website access, the subject’s Internet Protocol (IP) address, the Internet service provider and other similar data and information that serve cyber security purposes in the event of attacks on our IT systems.
„DAASM“ cannot draw any conclusions about the data subject from this data and information. Instead, this information is required to correctly deliver the content of our website, to improve the content of our website and advertising for it, to ensure the ongoing correct operation and function of our IT systems and the technology of our website, and to provide law enforcement authorities with the information needed for criminal investigation and prosecution in the event of a cyber attack. This data and information is captured anonymously; it is analysed by „DAASM“ for statistical purposes, and in order to improve data protection and data security within our organisation, and in order to ultimately ensure the best possible degree of protection for personal data processed by us. The anonymous data stored in server log files is stored separately from all personal data provided by the data subject.
- Use of social media plug-ins
This website uses AddThis plug-ins, provided by AddThis LLC, 1595 Spring Hill Rd., Suite 300, Vienna, VA 22182, USA (“AddThis”). AddThis provides tools for creating and designing web pages (www.addthis.com). These are intended to make it easier for visitors to the website to share the current page with other Internet users via e-mail or social networks. You can recognize the plug-ins by the “Tweet”, “E-mail”, “LinkedIn” and “g+1” buttons integrated on parts of our website.
This website uses Facebook social media plug-ins, provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). The plug-ins are recognisable by the use of the Facebook logo or the terms “Like”, “Share” and the signature Facebook colours (blue and white). Information on all Facebook plug-ins can be found via the following link:
The plug-in establishes a direct link between your browser and Facebook’s servers. „DAASM“has no influence over the nature and scope of data transmitted to the Facebook servers via the plug-in. Further information is available at: https://www.facebook.com/help/186325668085084
The plug-in informs Facebook that you visited the „DAASM“ website. It is possible that your IP address will be saved as a consequence. If you visit the website while logged on to Facebook, the information given above will be linked to that account.
If you use features of the plug-in – for instance by sharing or liking content – corresponding information will be transmitted to Facebook Inc. If you wish to prevent this information being linked to your Facebook account, you must first log out of Facebook before visiting this website.
c) Google Plus
Our website employs the “+1” button from Google+. This is operated by Google Inc., (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA). If you visit a website that includes the “+1” button, a direct connection is established between your browser and Google’s servers. The website operator has no influence over the nature and scope of data transmitted by the plug-in to Google Inc.’s servers. If you click on the “+1” button while you are logged onto Google+, then you will share the corresponding website content on your public profile.
According to Google Inc., personal data is only captured when you click on the button. It is also possible that the IP address of logged-in Google users is stored. If you wish to prevent Google Inc. from storing this data and linking it to your account, please log out of your account before you visit this website.
More information on the “+1” button is available at: https://developers.google.com/+/web/buttons-policy.
This website uses Twitter buttons. These are operated by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). If you visit a website that features one of these buttons, a direct connection is established between your browser and Twitter’s servers. „DAASM“ has no influence over the nature and scope of data transmitted to Twitter Inc.’s servers via the plug-in.
According to Twitter Inc., only your IP address is captured and stored. Further information on how Twitter Inc. processes personal data is available at: https://twitter.com/privacy
This website uses the Pin it button plug-in operated by Pinterest (Pinterest Inc., 635 High Street, Palo Alto,CA, 94301, USA). When you visit this website, a direct connection is established between your browser and Pinterest’s servers. Pinterest can therefore receive information, including your IP address, indicating that you have visited this website. If you click the Pin It button while you are logged onto your Pinterest user account, you can share content from this website with your Pinterest network.
Even if you do not possess a Pinterest account, you can change the settings for the storage of your data by Pinterest here:
On our pages functions of the service Reddit are integrated. These functions are offered by reddit Inc., s/o Wired, 520 Third St., San Francisco, CA 94107, USA. By using Reddit and the Reddit button, the web pages you visit will be linked to your Reddit account and shared with other users.
Your privacy settings at reddit can be found in the account settings at http://www.reddit.com/prefs/ to change.
Our website also uses the Share feature of the LinkedIn network. Provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click the LinkedIn Share button, you will be redirected to your user account in a separate browser window. There you can share the electronic publication deposited on our website with the addition of a commentary. The prerequisite is that you are logged into your user account at LinkedIn. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn receives information that you have visited our website with your IP address. In addition, LinkedIn will then be able to associate your visit to our website with you and your user account. We point out that we have no knowledge of the content of the transmitted data and their use by LinkedIn. For more information see:http://www.linkedin.com/legal/privacy-policy
- Contacting „DAASM“ via the website
In line with statutory requirements, the „DAASM“ website includes information that allows users to rapidly contact our organisation and to engage in direct communication with us. This information includes a physical address and an email address. If a data subject contacts „DAASM“ via email or a contact form, then personal data is automatically saved. Such voluntarily submitted data is used exclusively for the purposes of processing requests, answering queries and communicating with the data subject. This personal data is not made available to any third party.
In order to protect your transmitted data, the website operators use SSL encryption. You recognize such encrypted connections with the prefix “https: //” in the address bar of your browser. Unencrypted pages are identified by “http: //”. All data that you submit to this website (for inquiries and logins)cannot be read by third parties thanks to SSL encryption.
- Routine erasure and blocking of personal data
„DAASM“ only processes and stores personal data on the data subject for the duration for which this is necessary for the purpose of such storage or for as long as prescribed by the corresponding European legislature or any other legislature whose laws and regulations „DAASM“ is subject to.
If the purpose of storage no longer exists, or the deadline prescribed by the corresponding European legislature or other relevant legislature elapses, personal data will be routinely erased or blocked in line with statutory requirements.
- Rights of the data subject a) Right to confirmation
Any data subject has the right granted by the European legislature to receive confirmation from „DAASM“ as to whether or not „DAASM“ processes their personal data. If a data subject wishes to make use of this right, they may contact us to this end at any time.
b) Right of access by the data subject
The data subject shall have the right at any time to receive from „DAASM“ information, free of charge, on personal data relating to them, and to receive a copy of such information. Furthermore, the European legislature has granted the data subject the right to the following information:
- the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from „DAASM“ rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The data subject has to right to be informed as to whether personal data is transferred to a third country or an international organisation. Where this is the case, the data subject has the right to be informed of suitable guarantees in connection with such data transfer.
If a data subject wishes to make use of this right, they may contact us to this end at any time.
c) Right to rectification
The data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to make use of this right, they may contact us to this end at any time.
d) Right to erasure (right to be forgotten)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
• the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal grounds for the processing;
• the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
• the personal data has been unlawfully processed;
• the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
Insofar as one of the above applies, and the data subject wishes their personal data stored by „DAASM“ to be erased, they may contact us to this end at any time. „DAASM“ will then ensure compliance with the request for erasure without delay.
If personal data were published by “DAASM”, and if our company is obliged to erase the personal data in accordance with Article 17(1) of the GDPR, then we shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other data controllers who process the published personal data, that the data subject has requested the erasure of all links to such personal data and erasure of copies or replicas of such personal data by these other data controllers, insofar as the processing of this data is not necessary.
e) Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Insofar as one of the above applies, and the data subject wishes the restriction of processing of personal data stored by “DAASM”, they can contact us to this end at any time.
f) Right of data portability
The data subject shall have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1); and the processing is carried out by automated means, insofar as processing is not necessary for the performance of a task in the public interest, or in the exercise of official authority vested in the controller.
In exercising their right to data portability pursuant to Article 20(1), the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and insofar as this does not infringe on the rights or freedoms of other persons.
Insofar as the data subject wishes to exert their right to data portability, they can contact us to this end at any time.
- g) Right to object
The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
Where the data subject lodges such an objection, „DAASM“ shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Where „DAASM“ processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing. This shall include profiling to the extent that it is related to such direct marketing.
Where the data subject lodges an objection with „DAASM“ to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Moreover, where personal data are processed by „DAASM“ for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest. Where the data subject wishes to assert their right to object, they can contact us to this end at any time. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.
- h) Automated individual decision-making, including profiling
The data subject shall have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This right shall not apply if the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or is based on the data subject’s explicit consent.
If the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller or is based on the data subject’s explicit consent, then the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
If the data subject wishes to exercise their rights with regard to automated decisions, they can contact us to this end at any time.
- i) Right to withdraw consent
The data subject has the right to withdraw their consent to the processing of their personal data at any time. The data subject can contact us to this end at any time.
- j) Right of appeal
Any person affected by the processing of personal data has the right to complain to the competent supervisory authority in the event of a breach of data protection law.
The competent judicial authority with regard to data protection issues is the state data protection officer of the federal state in which the head office of our company is located. For our company are the following contact details:
Ms. Barbara Thiel
State Data Protection Commissioner
30159 Hannover, Germany
phone: +49 (0) 511 – 120 4500
fax: +49 (0) 511 – 120 4599
- Legal basis for data processing
Article 6 I lit. a GDPR serves as the legal basis for data processing activities that require consent for a particular processing purpose. If processing of personal data is necessary for the performance of a contract to whom the person concerned is a party, as is the case, for example, without limitation, for the delivery of goods, or for the provision of another service or consideration, then such processing is based on Art. 6 I lit. b GDPR. The same shall apply to processing activities necessary to performing pre-contractual tasks, for example, without limitation, responding to queries about our products or services. If our company is subject to a legal obligation that necessitates the processing of personal data, such as, without limitation, compliance with taxation obligations, then such processing is on the basis of Art. 6 I lit. c GDPR. Under rare circumstances, processing of personal data may be necessary to protect the vital interests of the person concerned or of another natural person. This might for example be the case if a visitor to our business was injured and it would be necessary to provide their name, age, health insurance or other vital details to a doctor, hospital or other third party. In this instance, processing is on the basis of Art. 6 I lit. d GDPR. Moreover, some processing activities might be based on Art. 6 I lit. f GDPR.
This latter provision is the basis for processing activities that are not covered by any of the previously mentioned provisions when processing is necessary to safeguard a legitimate interest on the part of our company or a third party insofar as this is not overridden by the interests, fundamental rights or fundamental freedoms of the data subject. Such processing activities are permitted in particular, without limitation, because they were specifically named by the European legislature. The legislature expressed the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).
- Legitimate interests of the controller or third party regarding the processing of data
If the processing of personal data is based on Article 6 I lit. f GDPR, then our legitimate interest is to conduct our business for the well-being of all our employees and our shareholders.
- Period for which personal data may be stored
The criterion for the storage period for personal data shall be the corresponding statutory retention period. After the expiry of this period, the corresponding data will be routinely erased, provided that it is no longer necessary for the fulfilment or initiation of the contract.
- Statutory or contractual requirements to provide personal data; or as a prerequisite for conclusion of a contract; obligation on the part of the data subject to provide personal data; possible consequences of failure to provide such data
We hereby inform you that the provision of personal data is under certain circumstances a statutory requirement (e.g. under tax law) or may result from contractual requirements (e.g. information required on the contractual partner). In some cases, it may be necessary for the conclusion of a contract for the data subject to provide us with personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with them. Failure to provide personal data would mean the contract with the data subject could not be concluded. Before the data subject can provide personal data, the data subject must contact us. We inform the data subject on a case-by-case basis whether the provision of personal data is a statutory or contractual requirement for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
- Automated decision-making
As a responsible company, we do not deploy automated decision-making mechanisms, such as profiling.