Data Protection Information

Thank you for your interest in figawa. The protection of your personal data is important to us. You will find information on how we handle your data, which is collected through your use of our website in the following text. The use of figawa's internet pages is basically possible without any indication of personal data. However, if a person concerned wishes to make use of the services of our association via our website, it may be necessary to process personal data. 

If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the person concerned. Your data will be processed in accordance with the statutory provisions on data protection.

Insofar as links are made to other websites, we have neither influence nor control over the linked content and the data protection regulations there. We recommend that you check the data protection declarations on the linked websites to determine whether and to what extent personal data is collected, processed, used or made available to third parties.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is not possible.

Responsible body within the meaning of data protection law

figawa e.V.
Marienburger Str. 15, 50968 Cologne, GERMANY 
+49 221 37669 20

Contact details of the data protection officer

Our privacy policy is intended to be simple and understandable for everyone. As a rule, the data protection declaration uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

1. Data processing by visiting our website

When you access our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • Visited domain
  • Date and time of the request
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP address of the requesting computer
  • Transferred data volume

We collect the listed data in order to guarantee a smooth connection establishment of the website and to enable a comfortable use of our website by the users. The log file also serves to evaluate system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 Para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. There is no evaluation of this data except for statistical purposes in anonymous form. This data is not merged with data from other data sources.

SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as a site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

2. Use and transmission of personal data

General information

If you have provided us with personal data, we will use it to answer your questions, to advise and process your membership in the association and for technical administration. Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of processing the contract, for billing purposes or if you have given your prior consent. You have the right to revoke your consent with effect for the future at any time, see also section 8 on your rights affected.

Membership processing

Within the scope of your membership or application for membership, we collect and store the personal data transmitted by you for the purpose of contract processing, e.g. billing.

The data will be forwarded to financial institutions as part of the billing process. The accounting data is transferred to the tax office and the tax office within the scope of the tax law requirements. Within the framework of association events, the data may be passed on to the conference hotel or to an organiser commissioned by us.

The legal basis for the collection and processing of data within the framework of membership and events is Art. 6 I (b) GDPR. The legal basis for the transfer of data to the tax office and tax office is Art. 6 I (c) GDPR.

The deletion of this data takes place after the expiry of the applicable legal storage obligations. Insofar as we are not subject to any legal storage obligations, the data will be deleted when the purpose ceases to apply.

Contacting us by e-mail

If you send us enquiries via e-mail, your details from your e-mail, including the contact data provided by you there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. In no case will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f GDPR and, if applicable, Art. 6 Para. 1 lit. b GDPR, insofar as your request is aimed at the conclusion of a contract. Your data will be deleted after your request has been processed, unless there are legal obligations to retain it.

3. Online events and webinars (Microsoft Teams)

In the following we would like to inform you about the processing of personal data in connection with the use of "Microsoft Teams".

a)    Purpose of the processing
We use "Microsoft Teams" to host online events and webinars (hereinafter: "online meetings"). "Microsoft Teams" is a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft").

b)    Controller
The controller for data processing within the meaning of the GDPR that is directly related to the organisation of "online meetings" is the company named at the beginning of this Privacy Policy.

Note: If you access the "Microsoft Teams" website, the provider of "Microsoft Teams" is responsible for data processing. However, you only need to access the "Microsoft Teams" website in order to download the software for using "Microsoft Teams".

If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. In this case, the service will also be provided via the "Microsoft Teams" website.

c)    Which data is processed?
When using "Microsoft Teams", different types of data is processed. The scope of the data processing also depends on the information you provide before or during participation in an "online meeting".

The following personal data can be subject to processing:

  • User information: e.g. display name, e-mail address, profile picture (optional), preferred language 
  • Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
  • When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.
  • Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your device and from any video camera of your device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Microsoft Teams" applications.
  • In case of recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat. If we want to record "online meetings", we will inform you transparently in advance and - if necessary – ask for your consent.
  • In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.  

d)    Scope of processing
We use "Microsoft Teams" to host "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary – ask for your consent.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content in individual cases.  

e)    Legal basis of the processing
The legal basis for processing personal data to host "online meetings" is Art. 6 para. 1 s. 1 lit. b GDPR, insofar as the meetings are hosted within the performance of a contract.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR. In this case, we have a legitimate interest in the effective performance of "online meetings".

In addition, your personal data may be processed on the legal basis of your given consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR (e.g. when webinars are recorded).

f)    Recipients / transfer of data
Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure.

Other recipients: The provider of "Microsoft Teams" necessarily obtains knowledge of the above-mentioned data to the extent that this is specified in our data processing agreement with "Microsoft Teams". We have concluded a data processing agreement with the provider in which we commit him to protect the data of our customers and not to pass it on to third parties.

g)    Data processing outside the European Union
Microsoft uses international sub-processors and is linked with other companies in countries outside the EU. As a result, personal data may be transferred to the U.S., among other countries, which means that additional appropriate safeguards are required to ensure the level of data protection under the GDPR. In order to meet this requirement, Microsoft has agreed standard contractual clauses with its affiliated companies and sub-processors in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data privacy can be found in Microsoft’s Privacy Policy via the following link: 

3.a Use of the "figawa-Netzwerk" (figawa-network for members)

We would like to inform you about the processing of personal data in connection with the use of our member network provided by figawa Service GmbH on behalf of figawa.

a) Purpose of processing
figawa Service GmbH uses the tixxt tool to provide an online communication platform for figawa members. Tixxt is a service provided by mixxt GmbH, Adenauerallee 134, 53113 Bonn, Germany, Tel .: +49 (0) 228299799771, Email:, Website:

b) Data controller
The data controller for the processing of personal data related to the use of the figawa network is the entity mentioned at the beginning of this privacy policy.

Note: If you visit the tixxt website (, mixxt GmbH is responsible for the data processing. Further information on data protection at tixxt can be found at

c) What data is processed?
Various types of data are processed when using the figawa network. The extent of the data depends on the information you voluntarily provide when using the network.

The following personal data is subject to processing:

  • User information: Company name and address, company website (optional), first and last name, business email address of the registering user, profile picture (optional), telephone number (optional), position (optional), membership in technical regulatory bodies (optional), additional personal information (optional).
  • Usage data: e.g., visited web pages, interests in content, access times.
  • Technical data: e.g., browser, IP addresses, operating system.
  • Text and image files: You have the option to post content or links to external content. In this regard, the text entries you make or the image files you upload are processed to display them in the figawa network and, if necessary, to log them.

d) Scope of processing
The user's master data, profile information, and membership in committees are stored permanently in the network and made accessible to other users upon completion of the registration process. When the user relationship ends, this information is anonymized. The content posted by users in the network is stored permanently and made accessible to other users of the figawa network.

e) Legal basis for data processing
The legal basis for data processing in connection with the use of the figawa network is the membership in the association, as a contractual relationship within the meaning of Art. 6 (1) (b) GDPR.

If there is no contractual relationship, the legal basis is Art. 6 (1) (f) GDPR. We have a legitimate interest in the effective preparation of important technical committee meetings for our association work.

Furthermore, the processing of your personal data can also be based on your consent given during the registration process for the figawa network, in accordance with Art. 6 (1) (a) GDPR.

f) Recipients / Data disclosure
Personal data processed in connection with the use of the figawa network is generally not disclosed to third parties who do not have access to this network, unless they are intended for disclosure.

Please note that the content you post in the network, similar to content exchanged during personal or digital meetings, is often intended for communication with customers, prospects, or third parties and is therefore intended for disclosure.

Other recipients: The provider of tixxt necessarily becomes aware of the aforementioned data to the extent provided for in our data processing agreement with figawa Service GmbH and the corresponding data processing agreement between figawa Service GmbH and mixxt GmbH.

We have entered into data processing agreements with figawa Service GmbH and all our service providers, in which we oblige them to protect the data of our members and not disclose it to third parties. This obligation also applies to mixxt GmbH, which is employed as a subcontractor at our instruction.

g) Data processing outside the European Union
Neither figawa Service GmbH nor the commissioned mixxt GmbH engage international subcontractors or are affiliated with other companies based in countries outside the EU.

4. Web Analysis and Ad-Tracking

This website does not use tracking software.

5. Social-Media-Plug-ins

Sharing content on Facebook, Twitter, LinkedIn etc.

The content on our pages can be shared on social networks such as Facebook, Twitter or LinkedIn in compliance with data protection regulations. This page uses the eRecht24 Safe Sharing Tool. This tool establishes direct contact between networks and users only when the user actively clicks on one of these buttons.

This tool does not automatically transfer user data to the operators of these platforms. If the user is registered with one of the social networks, an information window appears when using the social buttons on Facebook, LinkedIn, Twitter & Co. in which the user can confirm the text before sending it. Our users can share the contents of this page in social networks in accordance with data protection regulations, without complete surfing profiles being created by the network operators. 

Google Maps

This page uses the Google Maps map service via an API. Provider is Google Inc.,1600 Amphitheatre Parkway Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

You can find more information on the handling of user data in Google's data protection declaration: 

6. Cookies

Our website uses cookies which are stored by the browser on your device and which contain certain settings for the use of the website (e.g. the current session). Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted when you close your browser. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies enable us to recognize your browser on your next visit. 

In some cases, the cookies are used to simplify website processes by saving settings (e.g. holding back already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. 

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. The cookie settings can be administered under the following links for the respective browsers. 

Internet Explorer:

You can also individually manage the cookies of many companies and functions that are used for advertising. To do this, use the appropriate user tools, available at or

Most browsers also offer a "do-not-track" feature that allows you to indicate that you do not want to be "tracked" by websites. If this feature is enabled, the browser will tell ad networks, websites and applications that you do not want to be tracked for behavior-based advertising and the like. For information and instructions on how to edit this feature, see the links below, depending on your browser provider:

Google Chrome: 
Mozilla Firefox:
Internet Explorer:

In addition, you can prevent the loading of scripts by default. NoScript allows you to run JavaScripts, Java and other plug-ins only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from your browser's provider (e.g. for Mozilla Firefox at:

Please note that if you disable cookies, the functionality of this website may be limited.

Cookie Settings

7. Data transfer and recipient

A transfer of your personal data to third parties does not take place, except

  • if we have explicitly pointed this out in the description of the respective data processing.
  • if you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR,
  • the disclosure according to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to pass on data pursuant to Art. 6 (1) sentence 1 lit. c GDPR, and
  • to the extent required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. If necessary, we have concluded contract processing agreements with them pursuant to Art. 28 GDPR. These are service providers for web hosting, sending e-mails, maintenance and servicing of our IT systems, etc. The service providers will not pass this data on to third parties.

8. Duration of storage of personal data

The duration of the storage of personal data is determined by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfilment or contract initiation or if we have a justified interest in further storage, the data will be deleted if you are no longer required for these purposes or if you make use of your right of revocation or objection.

9. Your rights

In the following you will find information on the rights of data subjects which the applicable data protection law grants you vis-à-vis the person responsible with regard to the processing of your personal data:

  • Information rights
    The right, pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details.
  • Right to rectification
    The right, pursuant to Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us.
  • Right to deletion
    The right to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • Right to limitation of data processing
    The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR.
  • Right to transferability
    The right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person.
  • Right to revoke the declaration of consent under data protection law
    Right to revoke consent granted pursuant to Art. 7 (3) GDPR: You have the right to revoke consent once granted for the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.
  • Right to complain to a supervisory authority
    The right to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which our registered office is located or, as the case may be, that of your usual place of residence or workplace.
  • Right of objection
    If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data if this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to state a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to

Objection to advertising mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.

Changes to our Data Protection Declaration

We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Date of this data protection declaration: June 2023