1. Introduction

This Privacy Policy explains how your personal data is collected, processed, and stored when you use the https://ceda2026.com website (“Site”), in accordance with the General Data Protection Regulation (GDPR) and other applicable EU laws.

2. Controller and Contact Details

The controller responsible for the processing of your data is:

German Diabetes Center (DDZ), Legal body: Deutsche Diabetes-Forschungsgesellschaft e.V.Auf’m Hennekamp 65Düsseldorf, GermanyEmail: kontakt@ddz.de

For any privacy-related concerns, contact the Data Protection Officer at datenschutz@ddz.de.

3. Data Collected

The following categories of personal data may be collected:

• Identification Data: Name, email address, professional affiliation, contact information (when registering or contacting us)

• Technical Data: IP address, browser, OS, device type, pages visited, date and time of access

• Additional data shared via forms, event registration, or correspondence.

4. Purpose and Legal Basis of Processing

Personal data is processed for:

• Managing event registrations and participation

• Communicating event updates and relevant information

• Organizing onsite or digital attendance (including for security, access control, or digital conference delivery)

• Complying with legal obligations and event organization requirements Legal bases according to Art. 6 GDPR:

• Your consent (registration forms, newsletter signup)

• Performance of a contract (event participation)

• Legitimate interests (ensuring site security, communication, optimizing site performance).

5. Data Sharing and Transfers

Your data may be shared with:

• Service providers (IT hosting, payment, event management platforms) with whom we have contractual data protection agreements

• Conference partners and/or co-organizers, only as necessary

• Regulatory bodies if legally required

Data is not transferred outside the EU/EEA unless appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

6. Cookies and Tracking

The Site uses cookies and similar technologies:

• Essential and analytical cookies to ensure website functionality and performance

• For details and cookie preferences, see our separate Cookie Policy

• You can opt out via browser settings.

7. Data Retention

Personal data is retained only as long as necessary to fulfill event, legal, or business requirements, and will be securely deleted thereafter unless further retention is required by law.

8. Data Subject Rights

Under the GDPR, data subjects have the right to:

• Access, rectify, or erase personal data

• Restrict or object to processing

• Withdraw consent at any time (where processing is based on consent)

• Data portability

• Lodge a complaint with a supervisory authority.

Please contact the Data Protection Officer to exercise these rights.

9. Data Security

We implement appropriate technical and organizational measures to secure your personal data against unauthorized access, loss or misuse.

10. Changes to This Policy

This Privacy Policy is subject to updates. Date of last update: [insert date].All changes will be posted on this page.

11. Contact and Complaints

Questions or complaints regarding data privacy can be addressed by contacting:Email: [DPO or support email]Supervisory authority: Landesbeauftragte für Datenschutz und Informationsfreiheit NRW