2 Personal data
„Personal data“ means any information relating to an identified or identifiable natural person (i.e. name, e-mail address, or IP address).
Controller (according to point 7 of Article 4 GDPR) of this website, for managing the data of our business partners as well as for applicant management is the association Fibre Optic Sensing for Railways (FOS4R), Mainzer Landstraße 205, 60326 Frankfurt am Main.
In general we are the storing entity of your personal data. We are entitled to assign external IT-service providers with the storage and processing of your personal data. In this case, we have concluded a data processing agreement with the service provider to ensure the privacy-compliant treatment of your personal data.
4 Data Collected
When visiting our website, we only collect the personal data that your browser automatically transmits to our server. We collect the data that is technically necessary for us to display our website and to ensure stability and security, especially the following:
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific website)
- Access status/HTTP-status code
- Data volume transmitted
- Website, from which the request comes from (referrer-URL)
- Operating system and its interface
- Language and version of your browser software
- Your internet service provider.
The above-mentioned data is statistically evaluated with the purpose of furthering the enhancement of our Website's offerings and to make it more user-friendly, as well as to provide personalized and location-based content, to find and fix errors faster, and to control server capacity. This is also our legitimate interest according to point (f) of Article 6(1) GDPR.
If there is a concrete indication of illegal use of our website, we will use these data for the purpose of prosecution.
The IP addresses of users are deleted or made anonymous after a year in general. In the case of anonymization, the IP addresses are changed in such a way that individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person.
Here you can find out which cookies we use:
- ga / Analytics cookie by Google Analytics to differentiate users
- gat / Analysis cookie by Google Analytics for restricting request rates
- gid / Analytics cookie by Google Analytics to differentiate users
- inlinecss-loaded / cookie to speed up the load times of web pages by inlining CSS scripts
- PHPSESSID / The PHPSESSID cookie is native to PHP and is used to establish a user session and to pass state data via a temporary cookie
4.2.1 Google Analytics
- the operating system in use,
- referrer-URL (the previously visited website),
- time of the server request,
are usually transmitted to a Google server in the US and stored there. The IP address provided by your browser through Google Analytics will not be merged with other Google information. We have also added the code "anonymizeIP" to Google Analytics on this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases the full IP address will be sent to a Google server in the US and be shortened there.
On our behalf, Google will use the information to evaluate your use of this website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator. You can prevent the storage of cookies by changing your browser settings accordingly.
You can also prevent the transmission of data generated by the cookie (incl. your IP address) to Google and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be set which prevents the future collection of your personal data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
We also reserve the right to use Google Analytics to analyze data from Double-Click and AdWords for statistical purposes. If you do not want this to happen, you can disable it through the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
For more information about Google Analytics’ privacy, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=de).
4.2.2 Social Media
Our website uses social media plugins (e.g., Twitter, LinkedIn, Facebook, XING, Youtube).
The plugins can usually be identified by the respective social media logos. To ensure data privacy on our website, we only use these plugins together with the so-called "Shariff" solution. This application prevents these plugins from transferring data to the respective provider when visiting our website.
When visiting our website, these buttons are disabled by default. Only when you activate the respective plugin by clicking the corresponding button, a direct connection to the server of the provider is established. Once you activate the plugin, the respective provider receives the information that you have visited our website together with your IP address. After activating the plugin, the respective provider is able to collect data, regardless of whether you interact with the button. If you are simultaneously logged into your respective social media account, the respective provider may assign the visit to our website to your user account. The button will remain active until you disable it or delete your cookies.
You can change your Twitter privacy settings in the account settings at https://twitter.com/account/settings.
Our website uses features of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043. Each time you visit a top-level or subpage of our website that has LinkedIn features included, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website together with your IP address. If you click LinkedIn's "Recommend Button" while logged in to LinkedIn, LinkedIn will be able to associate your visit to our website with your LinkedIn user account. We point out that we are not aware of the extent of the transmitted data and their use by LinkedIn.
For more information, see the LinkedIn privacy statement at https://www.linkedin.com/legal/privacy-policy.
Our website uses plugins of the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plug-ins by the Facebook logo or the "Like-Button" ("Like") on our website. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
When visiting our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our website with your IP address. If you click on the Facebook "Like" button while logged in to your Facebook account, you can link the contents of our website to your Facebook profile. This allows Facebook to associate the visit of our website with your user account. We point out that we are not aware of the content of the transmitted data and their use by Facebook. If you do not want Facebook to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.
Our website uses plugins of the network XING. The provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you visit websites that contain XING plugins, it will connect to XING servers. As far as is reasonably known to us, XING does not store your personal data nor do they store your IP address or evaluate your usage behavior
Our website uses plugins from Google's website YouTube. The operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit websites equipped with a YouTube plugin, you will be connected to the servers of YouTube. Youtube receives the information that you have visited our website. If you're logged into your YouTube account, YouTube will allow you to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
We use the so-called double opt-in process. This means that after registering, we will send you an e-mail to the e-mail address provided at the time of registration, asking you to confirm that you wish to receive information on products and services by e-mail. If you do not confirm your registration within 72 hours, your information will be locked and automatically deleted after one month. We store your given personal data, the time of registration and of confirmation. The purpose of the process is to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
After your confirmation, we will store your e-mail address for the purpose of providing you with information on products and services. The legal basis for sending the newsletter is your consent in accordance with point (a) of Article 6(1) GDPR. The legal basis for logging the application is our legitimate interest in accordance with point (f) of Article 6(1) GDPR to prove that the dispatch was made with your consent.
You can withdraw or object your consent to the dispatch of information on products and services at any time. You can withdraw or object your consent by clicking on the link provided in each e-mail or by sending a message to the contact details stated in the imprint.
There is a contact form available on our website, which can be used to get into contact electronically, for downloading documents, such as the white paper, or to order documents by e-mail. If a user uses a contact form, the data given in the user interface is transmitted to us and stored electronically. The transmission of this data is done in an encrypted form. The respective data can be seen directly in the user interface.
The processing of the personal data from the user interface serves us only to process your contact request. In the case of contact via e-mail, this also includes our required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
If the data processing takes place to carry out pre-contractual measures, which occurs upon your request, or if you are already our member, the data processing takes place for the execution of the contract, the legal basis for this data processing is point (b) of Article 6(1) GDPR. We process further personal data only if you consent to it (point (a) of Article 6(1) GDPR) or if we have a legitimate interest in the processing of your data (point (f) of Article 6(1) GDPR). Replying to your e-mail is such a legitimate interest.
For the administration of our association we process your personal data for the following purposes:
- Communicating with members for example to process inquiries of members or billing.
- Carrying out marketing campaigns, market analyses, lotteries, competitions or similar actions and events;
- To maintain and protect the safety and reliability of our services and our website, to prevent and detect safety risks, fraudulent activity or other criminal or intentional acts;
- Comply with legal requirements (such as legal retention requirements); and
- Settlement of litigation, enforcement of existing contracts and assertion, exercise and defense of legal claims.
For the above purposes, we may process the following categories of personal information:
- Contact information, such as name, address, telephone number or e-mail address;
- Payment information, such as information required to process payment transactions or fraud prevention, including credit card information and card verification numbers;
- Information collected from publicly available sources, information databases or credit bureaus; and
- Other personal data whose processing is necessary for the management of the members or which are voluntarily provided by you, such as correspondence or other cooperation data on the associations activities;
The processing of personal data is necessary to achieve the above-mentioned purposes, including the performance of the associations goals. The legal basis for the processing of this data is point (b) of Article 6(1) GDPR, because this data is needed so that we can fulfill our obligations to you.
If the personal data are not provided or not available to the required extent or if we cannot collect these, the individual described purposes may not be fulfilled or the request(s) may not be processed. Please note that this would not be considered a contractual default on our part.
The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate this website.
In doing so, we or our hosting service provider processes inventory data, contact data, content data, contract data, usage data, metadata and communication data members, prospects and visitors to this website based on our legitimate interests in the efficient and secure provision of our website according to point (f) of Article 6(1) GDPR and Article 28 GDPR.
5 Transmission and disclosure of data and data transfer
In general, we only use your personal data within the association. Within the legal provisions, we may transfer personal data to courts, authorities or law firms or other business partners (such as shipping or logistics partners for the execution and processing of orders).
If and as far as we engage third parties for the execution of contracts (e.g., logistics service providers), personal data will only be provided to that extent which is absolutely necessary for the corresponding service.
In the event that we outsource certain parts of the data processing ("processing on behalf of a controller (processor)", Article 28 GDPR), we contractually obligate the processor to use personal data only in accordance with data protection laws and ensuring the protection of the data subject's rights.
It is possible that recipients are located in countries outside the European Union ("Third Countries"), where the applicable law does not guarantee the same level of data protection as in your home country. In that case, a transmission will only take place if the Third Country has an adequacy decision of the European Commission, or appropriate guarantees have been agreed with the processor (e.g. EU standard contractual clauses have been concluded), the processor participates in an approved certification system (e.g. EU-US Privacy Shield), or binding internal data protection regulations according to Article 47 GDPR or an exemption according to Article 49 GDPR exists.
Any transfer of your personal data to third parties beyond the extent already described will only take place if this is necessary for the processing of your request, or, more generally, for fulfilling our obligations or the associations goals or due to mandatory legal/regulatory requirements. For other purposes, your personal data will not be disclosed to third parties.
6 Legal Basis and Storage Periods
Data processing takes place on the legal basis of point (a) of Article 6(1) GDPR (consent) and / or point (b) (contract initiation / performance) and / or point (f) (legitimate interest).
The processed personal data are used for statistical evaluations as well as for the purpose of operation, safety, and optimization of this website (legitimate interest). Any further use of your personal data (e.g., shipping of product and service information) will only take place with your consent.
As far as no explicit storage period is specified when collecting your personal data (e.g. in the context of a declaration of consent), your personal data will be deleted (or anonymized), to the extent they are no longer required and provided that deletion or anonymization does not contradict any statutory storage requirements and/or security-related obligation.
7 How we protect your data
All personal data collected by us will be protected by appropriate technical and organizational measures, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing and the likelihood and severity of the risk to individuals' rights and freedoms within the meaning of Article 32 GDPR against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons or misuse. For example, your personal data is stored in a secure operating environment, not open to the public. As a principle your personal data is encrypted during transmission by Secure Socket Layer (SSL) technology. This means that an approved encryption method is used for the communication between your terminal and our servers or, if required, to the assigned processor, provided that your browser supports SSL.
Please note that we do not assume any liability for the disclosure of information due to errors in data transmission not caused by us or not attributable to us and / or due to unauthorized access by third parties.
All our employees and all third parties involved in the processing of data are obliged to comply with the applicable data protection rules and corresponding laws and the confidential handling of personal data.
8 Your Rights
In general, you have the right to information, correction, deletion, restriction, data portability and objection regarding your stored personal data. If the processing of your data takes place on the basis of your consent, you have the right to revoke the consent at any time, though without affecting the legality of the processing carried out on the basis of the consent until the revocation. If you believe that the processing of your personal data violates data protection laws or otherwise your data protection rights have been violated in any way, we ask you to contact us by using the contact details below. If clarification is not possible, you can file a complaint to the supervisory authority. In Germany the “ Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)“ is the competent data protection authority.
To ensure an efficient response to such concerns, we may always request proof of your identity, such as by submitting an electronic ID card copy.
Fibre Optic Sensing for Rail
Mainzer Landstraße 205,
60326 Frankfurt am Main
Our website contains links to other websites. Those references to websites of other internet users are provided as a service on whose content we have no influence. We assume no liability for this content. The content and accuracy of the information provided here is the sole responsibility of the respective provider of the linked website.
Please keep in mind that data transmission on the internet can generally be subject to security gaps. Full protection against access by third parties is not feasible.