1. Contact details for BaFin and BaFin’s Data Protection Officer:

Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: +49 (0)228 / 4108 – 0
Fax: +49 (0)228 / 4108 – 1550
E-mail: poststelle@bafin.de oder De-Mail: poststelle@bafin.de-mail.de

BaFin’s Data Protection Officer can be reached at: Datenschutz@bafin.de

2. Purpose of processing

Events:

When you register for an event, BaFin needs certain data from you, depending on the type of event. Mandatory and optional data are indicated on the registration form. In addition, photographs and video recordings are taken at BaFin’s events which may feature individual participants.

BaFin uses your data for the following purposes:

• Participation management: to select participants and for event organisation, implementation and follow-up
• Networking during the event: to provide name tags (including name and institution) and possibly also lists of participants (including name and institution)
• Customer relations: to facilitate the planning of future events and to invite you to these events, where appropriate
• E-mail communications: to provide you with necessary information regarding your participation in a BaFin event by e-mail

• Public relations: the photographs and video recordings by BaFin are used for BaFin’s public relations work. Those participants who do not want to be featured in any photographs and/or video recordings are asked to avoid the areas in which photographs are taken and recordings are made and/or to inform the photographer thereof. Seating areas in which no photographs or videos will be taken will be explicitly indicated by signs.

  Note: The media representatives are themselves data controllers within the meaning of the GDPR.

Using the networking function of the app: If you want to use the networking function of the LineUpr app, you have to create a user account. In order to do so, you have to enter the following data:

User name and e-mail address

In addition, users are free to share further data such as pictures, contact information, job position etc.

The data are used for the following purposes:

• Networking with other event participants

3. Legal basis for the collection of data

Events:

Article 6(1)(e) of the GDPR in conjunction with section 4e (1) sentence 1 of the German Act Establishing the Federal Financial Supervisory Authority (Finanzdienstleistungsaufsichtsgesetz – FinDAG) in conjunction with the applicable supervisory laws (German Banking Act (Kreditwesengesetz – KWG), German Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG), German Securities Trading Act (Wertpapierhandelsgesetz – WpHG).

Using the networking function of the app:

Legal basis is your consent in line with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without this affecting the lawfulness of processing based on consent before its withdrawal.

4. Categories of processed personal data

Events:

The personal data held about you consist of contact details, photographs and video recordings.

Using the networking function of the app:

The personal data in question are

• contact data (e-mail address and any further data you choose to share)
• pictures you choose to share
• server log files

5. Intention to transfer the personal data to recipients in a third country or to an international organisation

BaFin does not intend to transfer your data to a recipient in a third country (non-EU member states and countries outside the European Economic Area) or to an international organisation.

However, if the event is hosted online using a video conference system, it may not be possible to fulfil the requirements of Chapter V of the GDPR. It cannot be ruled out that, in this case, participants’ personal data and communication data might be transferred to a third country which does not have a level of data protection equivalent to that of the EU.

6. Recipient of data

Events:

If the number of applications received is higher than the maximum number of places available, BaFin will select the participants who match the predefined target group. If more registrations are received from one institution or company than there are places available, participants of the same the institution or company may swap places. In this case, BaFin forwards, upon request, the names and contact details of the registered persons within the institution or company. By registering, you give your consent to the procedure described above, which ensures that places are, to the greatest extent possible, allocated according to the target group.

In individual cases, BaFin may make use of certain activities of processors that use the data only to carry out these activities on behalf of BaFin. Processors are strictly bound by BaFin’s instructions and are not permitted to process the data for their own purposes.

Using the networking function of the app:

Data recipients are all persons registered for the networking function of the app.

7. Time period for storing your data

Events:

BaFin hosts most of its events annually or biennially, but there are also one-time events and events that are held at irregular intervals focussing on current topics or in response to specific situations. How long your data are stored depends on the frequency of the event. If an event is held annually, the data are in general deleted as at 31 December of the following year. In the case of biennial events, the retention period is extended accordingly (e.g. data collected for a biennial event held in June 2020 will be deleted at the end of 2022).

Using the networking function of the app:

Information concerning the time period for storing your data can be found in the data protection information of the LineUpr app.

8. Your rights as a data subject

In principle, as a data subject, you have the right of access to personal data (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object to the processing (Article 21 of the GDPR), and you have the right to withdraw your consent at any time. Moreover, you have a right to lodge a complaint with the data protection authority competent for BaFin, i.e. the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit).

9. Automated individual decision-making, including profiling

There is no automated individual decision-making.

10. Basis for the provision of your data and consequences in the event of failure to provide your personal data

Events:

Without the provision of contact details, it is not possible to participate in events organised by BaFin.

Using the networking function of the app:

It is not possible to use the networking function of the app without your contact data being shared with others. Using the networking function is voluntary. All other app contents can be viewed without creating a user account.