Privacy Notice

Privacy Notice

INTRODUCTION

This Privacy Notice sets out how Heidelberg International Professional Women’s Forum (HIP) e.V., a registered association (in German “eingetragener Verein”), registered with the Amtsgericht Mannheim under number (“Geschäftsnummer”) VR 702902, with registered address at Kleiberweg 16, 69168 Wiesloch, 69115 Heidelberg, tax identification number (“Steuernummer”) 32489-46079, hereinafter the “Controller”, “HIP” or “we”, uses and protects your personal data.

1. IMPORTANT INFORMATION AND WHO WE ARE (Section 1)

2. TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU (Section 2)

3. HOW IS YOUR PERSONAL DATA COLLECTED? (Section 3)

4. HOW WE USE YOUR PERSONAL DATA (Section 4)

5. DISCLOSURES OF YOUR PERSONAL DATA (Section 5)

6. INTERNATIONAL TRANSFERS (Section 6)

7. DATA SECURITY (Section 7)

8. DATA RETENTION (Section 8)

9. YOUR LEGAL RIGHTS (Section 9)

10. CONTACT DETAILS (Section 10)

11. COMPLAINTS (Section 11)

12. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES (Section 12)

13. THIRD PARTY LINKS (Section 13)

  1. IMPORTANT INFORMATION AND WHO WE ARE

We respect your privacy and are committed to protecting it by complying with the practices described in this notice (the “Privacy Notice”).

This Privacy Notice describes:

  • How we collect, use, disclose, and protect the personal data of our members and Website users (“you“).
  • Describes the types of information we may collect from you or that you may provide when you visit the Website https://hipwf.com, and any related domains or subdomains from time to time (our “Website“).
  • Our practices for collecting, using, maintaining, protecting, and disclosing that information.

We will only use your personal data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and used for limited purposes.

This Privacy Notice applies to personal data we collect, use, or disclose about you:

  • on this Website;
  • in our live, in person or online events;
  • on other landing pages or through other digital or paper-based forms, that link or refer to this Privacy Notice from time to time;
  • on our social media platforms;
  • in email, text, and through other communication means and channels between you and us;
  • when you interact with our advertising and/or other applications on third-party websites and services, if those applications or advertising services include links to this Privacy Notice,

all of the above collectively hereinafter referred to as the “Assets”.

This Privacy Notice applies to personal data collected through our Assets from time to time, regardless of the country where they are collected.

Please read this Privacy Notice carefully to understand our practices for collecting, processing, and storing your personal data. If you do not agree with our practices, your choice is not to use our Assets. By accessing or using the Assets, you indicate that you understand, accept, and consent to the practices described in this Privacy Notice.

This Privacy Notice may change from time to time (see Section 12). Your continued use of these Assets after we make changes indicates that you accept and consent to those changes, so please check the Privacy Notice periodically for updates. We will notify you in advance of any material changes to this Privacy Notice and obtain your consent to any new ways that we collect, use, and disclose your personal data, in as much as such consent is required by law.

TREATMENT OF CHILDREN’S PERSONAL DATA

Our Assets are not intended for children under 18 years of age. No one under age 18 may provide any personal data to or on the Assets. We do not knowingly collect personal data from children under 18. If you are under 18, do not use or provide any information through the Assets or on or through any of its features/register through the Assets, make any purchases through the Assets, use any of the interactive or public comment features of the Assets, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 18 without verification of parental consent, we will delete that information. 

CONTROLLER

For data protection purposes, we are the data controllers of your personal data, that you submit to us, only in as much as described herein.

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights (Section 9), please contact us using the information set out in the contact details section (Section 10).

  1. THE TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU

As used in this Privacy Notice, “personal data” means any information that can be used to individually identify you directly or indirectly, alone or along with other information, or contact you online or elsewhere. The categories and volume of personal data that we collect vary depending on the activities in relation to which the data is collected.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  1. Identity Data includes first name, last name, username or similar identifier, title, your image and/or voice.
  2. Contact Data includes billing address, delivery address, email address and telephone numbers.
  3. Business or career-related information namely information that related to your business or duties as an employee, including: job title, duties, team, business address, business email address, business telephone number;
  4. Financial Data includes bank account and payment card details. 
  5. Transaction Data includes details about payments to and from you and other details of services you have acquired from us/signed up for.
  6. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access the Assets and/or Assets.
  7. Profile Data includes your username, social media profile page/handles, but also purchases or orders made by you, your interests, preferences, feedback and survey responses.
  8. Usage Data includes information about how you interact with and use our Assets and services.
  9. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific Asset feature in order to analyse general trends in how users are interacting with our Assets to help improve the Assets and our service offering.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

  • Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • sign up to become a member of HIP;
    • register for one of our events (in person or online);
    • create an account in our Membership Directory;
    • subscribe to our Newsletter or other publications;
    • request marketing to be sent to you;
    • enter a competition, promotion or survey; 
    • give us feedback or contact us; or
    • sign up to become a member of our social media communities.
  • Automated technologies or interactions. As you interact with our Assets, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other Assets employing tracking technologies (cookies).
  • Identity and Contact Data is collected through cloud storage for file sharing and collaboration services providers such as Google Drive® –read more here.
  • Identity, Contact, Financial and Transaction Data is collected through providers of accounting, payment and membership management services such as easyVerein® based in the EU.
  • Identity, Contact, Financial and Business Data is collected through cloud service providers such as IONOS® based inside and outside of the EU – read more here.
  • Identity and Contact Data is collected through email marketing and automation software such as Mailchimp® based outside the EU, in the United States and in other international locations to provide services to Mailchimp® – read more here.
  • Identity and Contact Data is collected through content management systems for creating and maintaining the Website, such as WordPress and related plugins – read more here.
  • Identity, Contact Data, Business or career related information, Profile Data is collected through Community Box® for creating and maintaining the Membership Directory – read more here
  • Identity, Profile Data is collected through our social media pages and groups – read more here: Facebook®, Instagram®, LinkedIn ®.

Information you provide to us

The information we collect directly from you on or through our Assets may include:

  • Information that you provide by filling in forms on our Website or through any of our other Assets, including when signing up to our Newsletter. This includes information provided at the time of registering to use our Website, subscribing to our service, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website or an Asset.
  • Information that you provide by registering for one of our events, in person or online.
  • Information that you provide by registering in our Member Directory.
  • Details of transactions you carry out through our Website, including when you register to become a member of HIP, or other Assets and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Assets.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Invoices and tax records, as required under tax law provisions.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Your search queries on the Website.

You may also provide information to be published or displayed (hereinafter, “posted“) on public areas of the Assets or transmitted to other users of the Assets or third parties (collectively, “User Contributions“). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages/you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect. Additionally, we cannot control the actions of other users of the Website or any other Asset for that matter with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that unauthorized persons will not view your User Contributions.

4. HOW WE USE YOUR PERSONAL DATA

LEGAL BASIS

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

  • Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure member experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

 Purpose/Use  Type of data  Legal basis
To register you as a new member and to manage your membership (a) Identity Data
(b) Contact Data
(d) Financial Data
(e) Transaction Date		 Performance of a contract with you
To register you in our Member Directory and to manage your membership (a) Identity Data
(b) Contact Data
(c) Business or career related information
(g) Profile Data		 Performance of a contract with you
To register you for one of our events (online or offline/in person) (a) Identity Data
(b) Contact Data		 Performance of a contract with you
Record & publish images of you and/or audio recordings on/through our
Assets		 (a) Identity Data
(c) Business or career related information
(g) Profile Data		 Consent
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us		 (a) Identity Data
(b) Contact Data
(e) Transaction Data
(i) Marketing and Communications		 (a) Performance of a contract with you
(b) Necessary for our legitimate
interests (to recover debts due to us)
To manage our relationship with you which will include:
(a) Notifying you about changes to our Terms or Privacy Notice
(b) Dealing with your requests, complaints and queries		 (a) Identity Data
(b) Contact Data
(g) Profile Data
(i) Marketing and Communications		 (a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you
To enable you to partake in a prize draw, competition or complete a survey (a) Identity Data
(b) Contact Data
(g) Profile Data
(h) Usage Data
(i) Marketing and Communications		 (a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how members use
our services, to develop them and
grow our business)
To administer and protect our activity and Assets (including troubleshooting,
data analysis, testing, system maintenance, support, reporting and
hosting of data).		 (a) Identity Data
(b) Contact Data
(f) Technical Data		 (a) Necessary for our legitimate
interests (for running our business, to
prevent fraud, and in the context of a
business restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant Assets, content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you. (a) Identity Data
(b) Contact Data
(g) Profile Data
(h) Usage Data
(i) Marketing and Communications
(f) Technical Data		 Necessary for our legitimate interests
(to promote HIP’s mission, vision and
objectives, to study how members use
our services, to develop them, to grow
our activity and to inform our
marketing strategy)
To use data analytics to improve our Assets, services, member relationships and experiences and to measure the effectiveness of our services, systems,
communications and marketing.		 (f) Technical Data
(h) Usage Data		 Necessary for our legitimate interests
(to define types of members for our
services, to keep our Assets updated
and relevant, to develop our business
and to inform our marketing strategy)
To send you relevant marketing communications and make personalised
suggestions and recommendations to you about goods or services that may be of interest to you based on your Profile Data.		 (a) Identity Data
(b) Contact Data
(f) Technical Data
(h) Usage Data
(g) Profile Data
(i) Marketing and Communications		 Consent, having obtained your prior
consent to receiving direct marketing
communications

DIRECT MARKETING

During the registration process through our Assets when your personal data is collected, you will be asked to indicate your preferences for receiving direct marketing communications from us via email. We may also analyse your Identity, Contact, Technical, Usage and Profile Data to form a view which events, offers or services may be of interest to you, so that we can then send you relevant marketing communications.

THIRD-PARTY MARKETING

We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

OPTING OUT OF MARKETING

You can ask to stop sending you marketing communications at any time by logging into the Assets and checking or unchecking relevant boxes to adjust your marketing preferences, or by following the opt-out links within any marketing communication sent to you or by contacting us via email at info@hipwf.com, as the case may be from time to time.

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or member support service purposes for example relating to order confirmations for an event, appointment reminders, updates to our Terms, checking that your contact details are correct, etc.

5.DISCLOSURES OF YOUR PERSONAL DATA

We may share your personal data where necessary with the parties set out below for the purposes set out in the table Purposes for which we will use your personal data above.

We may share your personal data with:

  • Business partners, suppliers, service providers, sub-contractors, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization).
  • Advertisers and advertising networks that require the data to select and serve relevant ads to you and others. We do not disclose data about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 women aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in a specific location). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.
  • To fulfil the purpose for which you provide it.
  • For any other purposes that we disclose when you provide the data.
  • With your consent.

We may also disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • To a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.
  • To comply with any court order, law, or legal process, including responding to any government or regulatory request.
  • To enforce or apply our terms of use [link] and other agreements.
  • To protect the rights, property, or safety of our business, our employees, our members, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity, fraud protection, and credit risk reduction.

We may share non-personal data without restriction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. INTERNATIONAL TRANSFERS

We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the EU to countries which have laws that do not provide the same level of data protection as the EU law.

Whenever we transfer your personal data out of the EU to service providers, we ensure a similar degree of protection is afforded to it.

We will transfer your personal data to countries that have been deemed by the EU to provide an adequate level of protection for personal data. Where that is not the case, we may use specific standard contractual terms approved for use in the EU, which give the transferred personal data the same protection as it has in the EU. To obtain a copy of these contractual safeguards, please contact us at info@hipwf.com.

7. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

However, due to the nature of the internet, HIP cannot guarantee complete protection of personal data when published online. Therefore, by granting your consent for us to collect and process your personal data, as described herein, you acknowledge the potential risks and hereby acknowledge that you are aware that:

●      Personal data may be accessed from jurisdictions outside of the European Economic Area (EEA) that do not provide a level of data protection equivalent to that of the Federal Republic of Germany.

●      The confidentiality, integrity, authenticity, and availability of personal data published on the internet cannot be fully guaranteed.

8. DATA RETENTION

HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law (Section 147, Abgabenordnung/AO; Section 257, Handelsgesetzbuch/HGB) we have to keep basic information about our members (including Contact, Identity, Financial and Transaction Data) for six (6) or ten (10) years (depending on the document) after the end of the year in which we made the final entry, unless related laws permit shorter retention periods, for tax purposes:

  • accounts and records, inventories, annual financial statements, situation reports, the opening balance sheet, and related operating instructions and organizational documents needed for their understanding;
  • trade and business letters; and
  • accounting records and any tax-related documents.

To comply with the German Civil Code (Section 195, BürgerlichesGesetzbuch-GB) we should retain contracts, invoices, shipment slips, and related communications for three (3) years after the end of the year in which the contract expires.

In some circumstances you can ask us to delete your data: see Section 9 below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. YOUR LEGAL RIGHTS

You will, at all times, have the following rights as to your personal data processed by us (the “Rights”):

  1. Right to basic information. You have the right to be provided with information on the identity of the controller, the controller’s reasons for processing their personal data and other relevant information necessary to ensure the fair and transparent processing of your personal data.
  2. Right of access. You have the right to confirmation of whether, and where, we are processing your personal data, information about the purposes of the processing, information about the categories of data being processed, information about the categories of recipients with whom the data may be shared, information about the period for which the data will be stored (or the criteria used to determine that period, information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing, information about the existence of the right to complain to the Data Protection Authority, where the data were not collected from you, information as to the source of the data, information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.
  3. Right to rectification. You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
  4. Right to erasure (‘right to be forgotten’). You have the right to obtain from us the erasure of your personal data without undue delay and we shall have the obligation to erase your personal data without undue delay if: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent on which the processing is based, if there is no other legal ground for the processing; (c) you object to the processing pursuant to your opposition right and there are no overriding legitimate grounds for the processing, or you object against the processing of your data for direct marketing purposes; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in EU or other law applicable to us. Notwithstanding the above, we may continue to lawfully process your personal data to the extent that processing is necessary: (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; (c) for the establishment, exercise or defense of legal claims.
  5. Right to restriction of processing. You have the right to obtain from us restriction of processing where one of the following applies: (a) if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; (d) you objected to processing pending the verification whether our legitimate grounds of override those claimed by you.
  6. Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where: (a) the processing is based on consent or on a contract; and (b) the processing is carried out by automated means.
  7. Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on the legitimate interests of ours or of a third party. However, we have the right to prove that we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the purpose of the processing is for the establishment, exercise or defense of legal claims.
  8. Right not to be subject to a decision based solely on automated processing.  Unless the decision (a) is necessary for entering into, or performance of, a contract between the you and us; (b) is authorized by the Union law or the law applicable to us; or (c) is based on your explicit consent, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

We will give effect to the rights of access, rectification, erasure and the right to object free of charge. we may charge a reasonable fee for repetitive requests, or requests which we find manifestly unfounded or excessive or for further copies.

We will respond to you in a time frame of thirty (30) days after receiving a request from you made under those rights. If we receive large numbers of requests, or especially complex requests, the time limit may be extended by a maximum of two further months.

If we will not meet this deadline, you may complain to the competent Data Protection Authority in Germany and may seek a judicial remedy. Please note that Germany does not have one central supervisory authority for data protection law, as per Article 56 of the GDPR, but authorities in each of the sixteen German federal states (Länder) that are competent for the public and the private sector in the respective state. Check the full list here to file a complaint with the competent Data Protection Authority in your state of habitual residence, place of work or place of alleged infringement (Article 77 of the GDPR/DSGVO).

NO FEE USUALLY REQUIRED

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. CONTACT DETAILS

If you have any questions about this Privacy Notice or about the use of your personal data or you want to exercise your privacy rights, please contact us at info@hipwf.com.

11. COMPLAINTS

You have the right to make a complaint at any time to the competent Data Protection Authority in Germany (see Section 9) We would, however, appreciate the chance to deal with your concerns before you approach the DPA, so please contact us in the first instance.

12. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

We keep our Privacy Notice under regular review. This version was created on 20 March 2025. Historic versions are archived and can be obtained by contacting us at info@hipwf.com.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

13. THIRD-PARTY LINKS

This Website and our Assets may include links to third-party websites, assets, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party assets and are not responsible for their privacy statements or practices. When you leave our Website, we encourage you to read the privacy notice of every website you visit.