A. Basic Information pursuant to Art. 13/14 GDPR
1. Controller
European Bitcoin Energy Association e.V. (EBEA)
Alfred-Nobel-Straße 9
86156 Augsburg
Germany
welcome@ebea.work
For matters related to data protection, please contact us per mail to the address above adding “Data protection”.
2. Supervisory Authority
Should you be of the opinion that the processing of your personal data by EBEA is not lawful, you can contact any data protection supervisory authority with your complaint. The competent supervisory authority pursuant to Art. 55 GDPR is:
Bayerisches Landesamt für Datenschutzaufsicht
Physical Address
Promenade 18
91522 Ansbach
Germany
Mail to:
Postfach 1349
91504 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-Mail: poststelle@lda.bayern.de
3. Your Rights
In accordance with the legal provisions, you as the data subject have the right to receive information about your data stored by EBEA free of charge at any time.
In addition, you can assert your rights to rectification, erasure or restriction of processing or the right to object against EBEA at any time. This also applies to the right to data portability.
If you have provided us with your personal data based on consent, you can withdraw your consent at any time with effect for the future.
B. Purpose and Scope of Data Processing
1. Webpage
a) Processing of Communication Data
Every time a user accesses a page from the EBEA website and every time a file is retrieved, access data about this process is stored in a log file on our server.
Each data record consists of
- the page from which the file was requested (so-called referrer URL)
- the name of the file
- the date and time of the request (so-called „time stamp“)
- the amount of data transferred
- the access status (file transferred, file not found, etc.)
- a description of the type of Internet viewing program used (e.g. Mozilla Firefox, Google Chrome or Microsoft Internet Explorer, Apple Safari, Opera, etc.)
- a cookie
We store IP addresses in server log files. The storage takes place for reasons of data security in order to ensure the stability and operational security of our website. The legal basis for this is Art. 6 (1) lit. c GDPR.
b) Processing of Content Data
If there is an option to enter personal or business data (email addresses, names, addresses) on the website, for example via our contact form, this data is disclosed by the user on an expressly voluntary basis in accordance with Art. 6 (1) lit. a GDPR or on the basis of the contractual membership relationship in accordance with Art. 6 (1) lit. b GDPR. Here too, your data will be treated confidentially and will not be passed on to third parties without your consent. There is also no linking with the above-mentioned communication data.
c) Data Recipients
We do not pass on your data to third parties unless you have consented to this. However, we rely on the use of service providers for the hosting and maintenance of our website and the sending of our newsletter, which we oblige to comply with the legal requirements by means of order processing.
d) Cookies
What are cookies and how do we use them?
Cookies are small text files that are transmitted to your computer together with the data actually requested from the Internet. This data is stored there and kept ready for later retrieval.
We use cookies in some areas.
So-called session cookies are required in particular in the context of registration, as we use a so-called single sign-on concept for reasons of user-friendliness during authentication and to control access to the various areas of our portal.
This involves setting up a „session“ between the client and server, which allows you to move around the entire portal without having to log in again for each area. This session is represented by a cookie in which a randomly generated number is stored.
In addition, the login information assigned to you (user name, user rights and the validity of the session) is stored in another cookie for access control purposes. You can think of this as replacement login information. Instead of asking you to re-enter your login information if necessary, the cookie is sent to the server and accepted as proof of identity.
Validity of cookies
Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.
In some cases, it is possible that third-party cookies are stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g., cookies for the processing of payment services).
Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g., the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.
Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g., for the shopping cart function) or those that are necessary for the optimization of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
In the event that third-party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.
e) Social Media: X (formerly Twitter) & LinkedIn
The X link and LinkedIn link integrated on our site is not integrated via a so-called social plugin. The embedded graphic only contains an HTTP link to our social media pages. This means that no direct connection to the social media servers is established when our site is accessed.
2. Newsletter
You have the option of subscribing to a newsletter on our website or as part of special offers. The newsletter contains up-to-date specialist information on the work of EBEA and information on services and events offered by EBEA. The e-mail address collected is processed exclusively for the purpose of sending the newsletter. The legal basis for the processing of the e-mail address for the purpose of regularly sending the newsletter is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
After subscribed the newsletter, you will first receive an email in which you must confirm the order again via a link (double opt-in). This procedure serves to verify that the owner of the e-mail address has actually subscribed the newsletter. We store the date and time of the confirmation. The legal basis for storage is our legal obligation to document consent (Art. 7 para. 1 GDPR). If you do not confirm your registration, the data will be deleted. Otherwise, the e-mail address collected during registration will be deleted as soon as it is no longer required for the purpose for which it was collected. This is particularly the case if you withdraw your consent (unsubscribe from the newsletter).
You can cancel your newsletter subscription at any time with effect for the future. To do so, please send a message to welcome@ebea.work or use the unsubscribe function provided in the e-mail.
EBEA uses a service provider as a processor to send the newsletter.
3. Member Advice and Support
EBEA supports and advises its members as part of its statutory duties.
For this purpose, EBEA requires and processes personal data of members. As a rule, this concerns contact data to clarify their concerns. The legal basis for this data processing is Art. 6 (1) lit. b GDPR.
Please do not send us any third-party data. If documents from your company are to form the basis of the consultation, these must be redacted beforehand.
a) Recipients of the data
In principle, we do not pass on your data to third parties unless you have consented to this. However, for the provision and maintenance of our hardware and software as well as the destruction of data carriers, we rely on the use of service providers who we oblige to comply with the legal requirements by means of order processing.
b) Data Storage
EBEA stores personal data for the duration of membership in order to be able to guarantee consistent advice. Personal data of members who have left will be deleted, unless we are obliged to store it due to statutory retention obligations (e.g. in accordance with § 257 HGB and § 147 AO).
4. PR Work
In order to pursue its statutory objectives, EBEA maintains intensive cooperation with business, administration, science and politics as well as other organizations and bodies related to bitcoin mining and its relationship with energy infrastructure in the European Union. In this context, EBEA processes contact data of contact persons within the scope of necessary communication. The legal basis for this data processing results from Art. 6 (1) lit. e GDPR.
a) Data Recipients
Personal data will not be transferred to third parties without consent.
b) Data Storage
EBEA stores the personal data until the purpose of the PR work has been fulfilled.
5) Virtual Meetings (video conferences)
EBEA shall organize web conferences for the virtualization of board or member meetings or discussions, in which the voice of the participants shall be transmitted to all other participants via microphone and, if applicable, their image via webcam (hereinafter referred to as „video conferences“).
EBEA uses service providers who provide EBEA with their software and, where applicable, their technology (hereinafter: video conferencing systems). EBEA has concluded a data processing agreement with these service providers in accordance with Art. 28 GDPR.
a) Data Processing in the Context of Video Conferences by EBEA
We have to process various types of data in order to use „video conferencing“. The total volume of data processed in the context of video conferences depends on the functional scope of the video conference system provided by the video conference service provider, which data the respective user provides before, during and after participating in a „video conference“.
The following personal data may, in principle, be processed in order to conduct a video conference:
Information about the user themselves: e.g. display name („Display name“), online status (optional), status messages, profile picture (optional), e-mail address if applicable, preferred language.
Meeting metadata: e.g. date, time, duration, meeting ID, telephone number and location if applicable.
Text, audio, video and other multimedia data: For the display of video signals as well as the playback of audio signals and multimedia files, data from the microphone, a webcam/video camera or a screen display of your end device (using the screen/content sharing function) is processed during the duration of the meeting. The latter is necessary, for example, if a user has to give a screen presentation. Data transmission from the camera and microphone can be switched on and off independently at any time and by any user. The screen/content sharing function must be actively activated by the user and can also be deactivated at any time.
In a video conference, you also have the option of using the chat function of the video conferencing platform in parallel. In this respect, the text entries you make, the sharing of links or content, social interactions (such as emoticons, pictograms, etc.) are recorded: Emoticons, pictograms, like buttons for comments or the sending of so-called GIFs (Graphics Interchange Format) are processed in order to display them to the participants in „video conferences“.
These keystrokes (henceforth: „chats“) are stored in order to be able to send valuable information such as URLs to helpful documents, service providers, etc. to all participants by e-mail after the event. After the information has been sent, these chat logs are deleted.
b) Legal basis for data processing
The legal basis differs depending on whether EBEA members, non-members or EBEA employees participate in the video conference organized by EBEA:
If EBEA members participate in Virtual Meetings (e.g. board, member meetings), the legal basis for data processing is Art. 6 (1) lit. b GDPR, as the processing of personal member data is carried out „for the performance of membership“ at EBEA.
If third parties (non-EBEA members) participate in virtual meetings of EBEA events, Art. 6 (1) lit. f GDPR forms the legal basis for data processing when conducting „video conferences“ with non-members of EBEA.
If personal data of EBEA employees is processed, Section 26 BDSG in conjunction with Art. 88 GDPR forms the legal basis for data processing for the establishment, implementation (operational organization) and termination of the employment relationship.
For other video conferences (e.g. outside EBEA events) and if there are no (employment) contractual relationships with participants, our implementation of video conferences is based on the legal basis of Art. 6 (1) lit. f GDPR. Here, too, we have a legitimate interest in the effective implementation of „video conferences“ vis-à-vis third parties, members, interested parties and non-members.
c) Data Storage
In general, „video conferences“ of image and/or sound data streams will not be recorded. If, by way of exception – which is not currently planned – a recording is planned, EBEA will communicate this transparently in advance and – if necessary – obtain the consent of all participants.
The content of the chats will be logged by the respective service provider of the video conferencing platform (e.g. Zoom, Microsoft Teams) in so-called chat logs. Files shared by users in chats are saved in the OneDrive for Business account of the user who shared the file. Files that team members share in a channel are saved on the SharePoint site of the respective team.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
d) Data Recipients
Personal data that is processed in connection with participation in „video conferences“ is generally only passed on to our processors, i.e. the service providers who support us in conducting the video conferences.
Apart from this, data will only be passed on to third parties if EBEA is legally obliged to do so (e.g. by court order) or if the data subjects have expressly consented to their data being passed on.
e) Data processing outside the European Union
As far as possible, EBEA has limited the storage locations to data centres in Germany or within the European Union. Therefore, data processing does not take place outside the European Union (EU).
If we use the video conferencing software „Microsoft Teams“, please also note the following information:
When accessing the „Microsoft Teams“ website, „Microsoft“ is responsible for data processing. Accessing this website (https://teams.microsoft.com/) is only necessary for downloading the necessary software if use should/cannot take place directly and without a download via an Internet browser.
A quick start guide for new users of „MS Teams“ can be found under the following link: Microsoft Teams Video Training – Office Support . Microsoft provides a comprehensive video tutorial at the following link: https://cloudblogs.microsoft.com/industry-blog/de-de/uncategorized/2020/05/14/microsoft-teams-video-tutorials-nutzliche-tipps-und-tricks/
We recommend that you familiarize yourself with the software in good time before an upcoming video conference in order to minimize technical delays in the meetings.
„Microsoft Teams“ is a service of the Microsoft Corporation:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
(https://teams.microsoft.com/)
a) Necessary consent to the data protection and terms of use vis-à-vis „Microsoft“ and „Microsoft Teams“
The use of MS Teams is generally subject to the terms of use and data protection provisions of „Microsoft“, over which EBEA itself has no influence. In order to use MS Teams, you must accept the terms of use and data protection provisions of „Microsoft“, otherwise you will not be able to use MS Teams.
Data protection provisions: https://www.microsoft.com/en-us/microsoft-365/microsoft-teams/download-app and https://privacy.microsoft.com/de-de/privacystatement
Other recipients: Microsoft Corporation, as the provider of MS Teams, receives knowledge of the above-mentioned data insofar as this is provided for in our data processing agreement with MS Teams. We oblige Microsoft to comply with the legal requirements of the applicable data protection law via the order processing contract concluded with MS-Teams on the basis of EU standard contractual clauses. A currently valid version can be viewed at the following link: https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18030.
b) Data processing outside the European Union
We have limited our storage location to data centres in the European Union, which is why data processing does not generally take place outside the European Union (EU). However, we cannot technically completely rule out routing or storage on servers outside the European Union at the processor Microsoft. A secure level of data protection is ensured by concluding supplementary EU standard data protection clauses and technical and organizational measures. Among other things, this means that data is transport-encrypted during transportation via the Internet and is generally protected against disclosure to third parties. With regard to personal data that is stored by Microsoft in the USA and Europe and may be subject to official requests for information from authorities in the USA, Microsoft guarantees in a statement dated July 20, 2020 that such orders will be challenged in court, which would allow access to personal data.
In addition, as part of a legal settlement, Microsoft has acquired the right to disclose transparent reports on the number of US national security directives issued to Microsoft, and new guidelines have been introduced within the US government that have restricted the use of non-disclosure directives (see https://news.microsoft.com/de-de/stellungnahme-zum-urteil-des-eugh-was-wir-unseren-kunden-zum-grenzueberschreitenden-datentransfer-bestaetigen-koennen/ ). The level of data protection is considered sufficient when measured against the expected content of EBEA videoconferences, which generally do not contain any personal data apart from the names of the persons participating in the videoconference.
c) Further information on data protection at Microsoft Corporation and MS Teams
Please refer to Microsoft’s data protection notice at https://privacy.microsoft.com/de-de/privacystatement under the section „Online services for companies“ and: https://www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions in connection with the Microsoft DPA , available at: https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18030 .
6. Information about your right to object in accordance with Art. 21 GDPR
a) Right to Object on a Case-by-Case Basis
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit (e) of Article 6 (1) GDPR (data processing in the public interest) and lit. (f) of Article 6 (1) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR; profiling does not take place.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
b) Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and should preferably be addressed to
January 2024