LEGAL NOTICE (IMPRESSUM) AND
PRIVACY POLICY (DATENSCHUTZERKLÄRUNG)

 
1. Legal Notice (Impressum)
 
The International Association of Paper Makers and Artists (IAPMA) e.V. is a registered non-profit association under German law. The association is registered with the District Court of Dresden under registration number VR 11769.
 
IAPMA e.V. is registered at:
 
IAPMA e.V.
c/o Fides Linien
Franziska-Tiburtius-Strasse 4a
01326 Dresden
Germany
 
Contact:
Phone: +49 351 82614425
Email: contact@iapma.info
Website: www.iapma.info
 
The persons responsible for editorial content pursuant to § 18 para. 2 German Media State Treaty (MStV) are the Board of Directors of IAPMA e.V.
 
 
2. Privacy Policy (GDPR Information pursuant to Articles 13 and 14 GDPR)
 
2.1. Controller
 
The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
 
IAPMA e.V.
c/o Fides Linien
Franziska-Tiburtius-Strasse 4a
01326 Dresden
Germany
 
Email: contact@iapma.info
Phone: +49 351 82614425
 
2.2. General Principles of Processing
 
We process personal data in accordance with the principles set out in Article 5 GDPR, including lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality.
 
Personal data is processed only where at least one legal basis under Article 6(1) GDPR applies.
 
Where processing is based on legitimate interests pursuant to Article 6(1)(f) GDPR, these interests have been carefully balanced against the rights and freedoms of the data subjects.
 
2.3. Categories of Personal Data
 
Depending on your interaction with our website or association, we may process the following categories of personal data:

• Identity data (e.g. name)
• Contact data (e.g. email address, postal address, telephone number)
• Technical data (e.g. IP address, browser type, operating system, device information)
• Usage data (e.g. pages visited, timestamps and navigation patterns)
• Communication data (e.g. emails, contact form submissions)
• Membership-related information where applicable

We process only the personal data necessary for the respective purpose.
 
2.4. Hosting and Server Log Files
 
When accessing our website, technical information is automatically processed by our hosting provider to ensure the security, stability and proper functioning of the website.

This may include:

• IP address
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL

The legal basis for this processing is Article 6(1)(f) GDPR.
 
Server log files are generally retained for a maximum of 30 days unless a longer retention period is required for security investigations or compliance with legal obligations.
 
2.5. Cookies and Consent Management
 
This website uses cookies.
 
Essential cookies are required for the operation and security of the website and are processed on the basis of Article 6(1)(f) GDPR.
 
Non-essential cookies, including analytics or marketing cookies, are only activated after you have given your explicit consent pursuant to Article 6(1)(a) GDPR and, where applicable, § 25 TTDSG.
 
Consent is obtained before non-essential cookies are stored and may be withdrawn at any time via the cookie settings available on the website.
 
No non-essential cookies are placed before consent has been given.
 
2.6. Google Analytics
 
Where activated, this website uses Google Analytics provided by Google Ireland Limited to analyse website usage and improve our online services.
 
Google may process personal data in third countries, including the United States. Such transfers are safeguarded through the European Commission's Standard Contractual Clauses pursuant to Article 46 GDPR together with supplementary technical and organisational measures where required under the Schrems II judgment.
 
IP anonymisation is enabled so that IP addresses are shortened within the European Union before transmission.
 
Google Analytics is activated only after your explicit consent through our cookie banner. Consent may be withdrawn at any time.
 
Users may additionally prevent Google Analytics from collecting data by installing the browser add-on available at:
https://tools.google.com/dlpage/gaoptout
 
2.7. Contact via Email or Contact Form
 
If you contact us by email or via the contact form, we process the information you provide solely for the purpose of responding to your enquiry.
 
The legal basis is:

• Article 6(1)(b) GDPR where your enquiry relates to contractual or pre-contractual matters; or
• Article 6(1)(f) GDPR where processing is necessary for our legitimate interest in handling communications.

Personal data is deleted once the enquiry has been fully processed unless statutory retention obligations apply.
 
2.8. Newsletter
 
If you subscribe to our newsletter, we process your email address to provide information about IAPMA activities.
 
Subscriptions are confirmed using a double opt-in procedure.
 
The legal basis is Article 6(1)(a) GDPR.
 
For legal verification purposes, we also record the date, time, IP address and confirmation of the subscription process.
 
You may withdraw your consent at any time by using the unsubscribe link included in every newsletter.
 
2.9. Data Recipients and Processors
 
Personal data is disclosed only where necessary for operational purposes or where required by law.
 
Recipients may include:

• Hosting providers
• IT service providers
• Newsletter service providers
• Analytics providers (where consent has been given)

All processors are engaged under data processing agreements pursuant to Article 28 GDPR.
Personal data is never sold or transferred for commercial third-party purposes.
 
2.10. International Data Transfers
 
Where personal data is transferred outside the European Economic Area (EEA), including to the United States, such transfers take place only where appropriate safeguards exist. These safeguards include Standard Contractual Clauses pursuant to Article 46 GDPR together with supplementary technical and organisational measures where necessary. International transfers are assessed in accordance with the requirements established by the Court of Justice of the European Union in the Schrems II decision.
 
2.11. Storage Limitation and Data Retention
 
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable legal obligations.
 
Member Profile and Data Deletion Policy
 
As part of our commitment to data protection and in accordance with the GDPR, we ensure that personal data associated with membership is deleted once it is no longer required. Following the termination of membership, your personal profile on our website—including your name, role, profile photograph, biography and any other information you have provided—will normally be deleted within 365 days.
 
This retention period allows for internal administrative processing and the completion of membership-related procedures. During this period, your profile will no longer be actively published or promoted and will only remain accessible for internal administrative purposes. Should you renew your membership within this 365-day period, your profile and associated information will remain unchanged and continue to be displayed on the website.
 
Data Deleted After 365 Days
 
Unless legal obligations require otherwise, the following information will be permanently removed:
 
·       Name and contact details
·       Role or position within the association
·       Profile photograph
·       Biography
·       Additional personal content associated with your membership
·       Member Gallery content
 
The legal basis for this processing is Article 6(1)(b) and Article 6(1)(f) GDPR.

Once membership has ended and the administrative retention period has expired, the purpose for processing this personal data no longer exists and the relevant information will be permanently deleted.
 
Payment and Accounting Records
 
Certain payment-related information must be retained to comply with German tax and commercial law.
 
This includes, where applicable:

• Name of the member or payer
• Membership fee amount
• Date of payment
• Payment reference or transaction information

These records are retained for six to ten years in accordance with the retention obligations under the German Fiscal Code (Abgabenordnung – AO) and the German Commercial Code (Handelsgesetzbuch – HGB). During this period, deletion is not legally permitted.
 
Exceptions
 
In exceptional cases, limited personal data may be retained for historical, archival or organisational documentation purposes, for example where former board members or members have made significant contributions to the association.

Such retention will only occur where:

• a documented legitimate interest of the association exists;
• only the minimum amount of personal data is retained;
• the retained information is no longer publicly accessible without the individual's prior consent.

Where applicable, affected individuals will be informed separately.
 
2.12. Rights of Data Subjects
 
Under the GDPR you have the right to:

• Access your personal data (Article 15 GDPR)
• Request rectification (Article 16 GDPR)
• Request erasure (Article 17 GDPR)
• Request restriction of processing (Article 18 GDPR)
• Receive your personal data in a portable format (Article 20 GDPR)
• Object to processing (Article 21 GDPR)
• Withdraw consent at any time (Article 7(3) GDPR)

You may also:

• Request confirmation that your personal data has been deleted;
• Request early deletion where legally permissible;
• Object to further processing of your personal data.

To exercise any of your rights, please contact: contact@iapma.info
 
2.13. Right to Lodge a Complaint
 
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. You may exercise this right with the supervisory authority in the EU Member State of your habitual residence, your place of work or the place of the alleged infringement.

As IAPMA e.V. is established in the Free State of Saxony, Germany, the competent supervisory authority for the association is the Saxon Data Protection and Transparency Commissioner (Sächsischer Datenschutz- und Transparenzbeauftragter).
 
2.14. Automated Decision-Making
 
No automated decision-making or profiling within the meaning of Article 22 GDPR takes place.
 
2.15. External Content and Third-Party Services
 
This website may include embedded content or services provided by third parties, such as video platforms or social media services.
 
These providers may process personal data independently when their content is accessed. Such processing is carried out under the responsibility of the respective provider and in accordance with its own privacy policy.
 
2.16. Data Security
 
We implement appropriate technical and organisational measures pursuant to Article 32 GDPR to ensure a level of security appropriate to the risk and to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access.
 
2.17. Changes to this Privacy Policy
 
This Privacy Policy may be amended from time to time to reflect changes in legal requirements, technical developments or organisational processes.
 
The latest version published on this website shall apply.