1. Name of the Processing Activity
The data protection information is provided in connection with the registration for the online conference of the Main Model United Nations (MainMUN) in Frankfurt. MainMUN processes data in order to be able to hold the online conference.
2. Name and Contact Details of the Person Responsible
Dr. habil. Christian Tuschhoff
in his function as the dean of the Main Model United Nations
60323 Frankfurt am Main
4. Purposes and Legal Basis of Processing
Any data will be processed to organize and hold the respective online conference, to be able to carry out a statistical evaluation and preparation of the events. This is necessary to increase the efficiency of the conference organisation, measure the participants’ satisfaction and for statistical processing of products. Any data will be processed based on Art. 6 Para. 1 Letter b GDPR (contract / preliminary contract) or Art. 6 Para. 1 Letter e in conjunction with Art. 6 para. 3 sentences 1 letter b GDPR (sovereign task).
5. Recipients or categories of recipients of the personal data
6. Transfer of personal data to a third country
The provider of the registration service (mymun) as well as the organizer of MainMUN are based in Germany. Therefore, any adequate level of data protection is guaranteed by the EU standard contractual clauses.
The provider of the chat communication (Ryver) is based in the United States of America. Being a part of the EU-U.S. Privacy Shield Framework (https://www.privacyshield.gov/welcome) complies them to adhere to EU data protection standards when data is transferred to the United States of America. An adequate level of data protection is guaranteed by the EU standard contractual clauses.
The provider of the web conference (Zoom) is based in the United States of America. All data that is collected within the European Economic Area will only be transferred to a territory, which provides an adequate level of data protecting in accordance with the European Commission or appropriate measures will be taken to protect the data, including the European Commission Standard Contractual Clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087)
7. Duration of Storage of Personal Data
The data is deleted in compliance with the statutory retention periods, in relation to business letters after six years, in relation to invoicing after ten years, provided that participant data is not required beyond this in order to be able to issue duplicates or confirmations of participation.
8. Rights of data subjects
According to the EU General Data Protection Regulation, participants have the following rights: If personal data is processed, participants have the right to receive information about the data stored about them (Art. 15 GDPR). If incorrect personal data is processed, participants have the right to rectification (Art. 16 GDPR). If the legal requirements are met, participants can request the deletion or restriction of processing and object to processing (Articles 17, 18 and 21 GDPR). If participants have consented to the data processing or if there is a data processing contract and the data processing is carried out using automated procedures, they may have the right to data portability (Art. 20 GDPR). If participants make use of their above-mentioned rights it will be checked, whether the legal requirements are met. To exercise rights, please contact our official data protection officer at E-Mail: firstname.lastname@example.org. If there are any complaints about data protection law, participants can contact the responsible supervisory authority: State Commissioner for Data Protection and Freedom of Information Hessen P.O. Box 3163, 65021 Wiesbaden, Tel.: +49 611 1408 – 0 Fax: +49 611 1408 – 900/901, Email: email@example.com.
9. Right of withdrawal with consent
The participants may revoke their consent at any time for the future.