List of active policies
for the Second One Health EJP Continuing Professional
"Digital innovations for One Health practitioners"
from 15th to 19th February 2021
1. Data Controller
The German Federal Institute for Risk Assessment is the data controller in accordance with Art. 4 (7) GDPR and therefore responsible for processing your data.
You can find our contact details below:
German Federal Institute for Risk Assessment (BfR)
Max-Dohrn-Str. 8 – 10
Tel: +49 (0)30-18412-22405
Fax: +49 (0)30-18412-622405
Should you have any questions concerning the processing of your data and data protection, please contact our officially assigned Data Protection Officer:
Data Protection Officer
German Federal Institute for Risk Assessment
Max-Dohrn-Straße 8 – 10
2. Categories of personal data being processed.
The categories of personal data, which might be processed by using the e-learning platform (https://bfr-elearning.de/) can be divided the following way:
a) Data required for registration:
· First name, surname, email of the user
· registration name, usually awarded by operators
· personal password
· town, country
b) Data required for conduct the e-learning:
· attended course events
· activities in courses (only visible for course-lecturers)
· completed learning activities (only visible for course-lecturers/trainers)
· learning outcomes (only visible for course-lecturers/trainers)
c) Data required to solve technical problems:
· date and time of login
· IP address
d) Data Voluntarily added by users
· other data that the user upholds in his/her profile
· Forum contributions
3. Purpose and legal basis for processing
The legal basis for the processing of personal data, which is required for registration, in order to conduct the e-learning and for solving technical problems is Art. 6 (1) b) GDPR.
Voluntarily added information, which is not necessary in order to conduct the course is being processed based on Art. 6 (1) a) GDPR.
4. Duration of processing
The data in your user profile will be stored until the user profile is deleted. The user profiles will be deleted once the E-learning is closed. Log-filed, which are being processed in order to solve technical issues will be automatically deleted after 35 days.
Irrespectively of that, you may withdraw from the event and request the deletion of your data at any given moment.
A List of Participants will be shared with our partnering institution the One Health EJP Communications Team at the University of Surrey.
6. Data Transfers to third countries
Data might be shared with our partnering Organization, the University of Surrey, which is located in the UK. The current Brexit Trade and Cooperation Agreement does not require any additional compliance measures to be taken. Should the Agreement no longer apply and should no adequacy decision be issued by then, we will enter into EU Standard Contractual Clauses with our partner.
7. What data subject rights do I have?
You have the following rights towards the BfR with regard to your personal data:
• the right of access in accordance
with Article 15 GDPR
• the right to rectification in accordance with Article 16 GDPR
• the right to erasure in accordance with Article 17 GDPR
• the right to restriction of processing in accordance with Article 18 GDPR
• the right to object from Article 21 GDPR
• the right to data portability from Article 20 GDPR
The restrictions in accordance with Articles 34 and 35 BDSG apply to the rights of access and to erasure.
You can revoke your consent at any time with future effect.
You may assert the aforementioned rights at email@example.com or by post using the BfR address stated at the beginning of this data protection declaration.
Furthermore, based on Article 77 GDPR in conjunction with Article 19 BDSG, you have the right to lodge a complaint with the supervisory authority for data protection (German Federal Commissioner for Data Protection and Freedom of Information).
You can also contact our Data Protection Officer (firstname.lastname@example.org) with any queries and complaints.