Privacy Policy
The following information provides an overview of which personal data may be collected when you visit our website, why this data is processed and on what legal basis. Personal data is any data that can be used to personally identify you by us or by third parties.
General information, in particular about us and your rights, can be found below under 1); special information that only applies to individual parts of our offering is presented in the following points.
1) General information
a) Responsible body
b) Data protection officer
c) Your rights
2) Data collection when visiting our website
a) Transmission of content
b) Transmission to other service providers, plugins and tools
c) Social media
d) IT security and optimization of the offer
e) Cookies
3) Forms
4) Newsletter
5) Registration for events
6) Data collection by email, telephone or fax
7) Audio and video conferences
8) Data collection in the context of visiting our offers on other platforms/social media
9) Data collection on the use of ISOE cloud services
1) General information
As the operator of this website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data are collected. Personal data are data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g. when communicating by email) can have security gaps. It is not possible to protect data completely from third-party access.
Objection to advertising e-mails
We hereby object to the use of contact data published in accordance with the imprint obligation to send unsolicited advertising and information material. The site operators expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example by spam e-mails.
a) Responsible body
Please refer to the imprint at this link for the responsible body for data processing on this website.
b) Data protection officer
We have appointed a data protection officer for our company, who can be contacted directly by email at dsb@isoe.de.
c) Your rights
i. Information, blocking, deletion and correction
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified, blocked or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time at the address provided in the imprint.
ii. Right to restriction of data processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to restriction of processing applies in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
- If you have objected to processing pursuant to Article 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
iii. Right of objection
If data processing is carried out on the basis of Art. 6 (1) lit. e or f GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including profiling based on those provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims (objection according to art. 21 para. 1 DSGVO).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection in accordance with Art. 21 (2) GDPR).
iv. Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. To do so, an informal email notification to us is sufficient. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.
v. Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged violation. The right to lodge a complaint exists regardless of any other administrative or judicial remedies.
vi. Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
2) Data collection when visiting our website
We host the contents of our website with the following provider: Mittwald
The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter Mittwald).
For details, please refer to Mittwald's privacy policy: https://www.mittwald.de/datenschutz.
The use of Mittwald is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) point f GDPR and Section 25 (1) TDDDG, provided that the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
Contract data processing
We have concluded a contract for contract data processing for the use of the above-mentioned service. This is a contract prescribed by data protection law that ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address line changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
a) Transmission of content
For the purpose of transmitting the website you have accessed, your browser also sends the following information, among other things:
- Your IP address (a series of numbers that identifies your computer connection on the internet), the website accessed and the time of access
- Information about your device, such as the browser used, connection speed or screen size
This processing is carried out in the interest of providing you with content in response to your request and displaying it in the best possible way. This is a legitimate interest within the meaning of Art. 6 (1) point f GDPR.
The above data will not be stored after the transmission process for the purpose of transmission.
b) Transmission to other service providers, plugins and tools
When you visit this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.
c) Social media
Our websites use social media plugins (e.g. Facebook, BlueSky, etc.). You can usually recognize the plugins by the respective social media logos. To ensure data protection on our website, we only use these plugins together with the so-called “Shariff” solution. This application prevents the plugins integrated into our website from transferring data to the respective provider the first time you enter the website. A direct connection to the provider's server is only established when you activate the respective plugin by clicking the associated button (consent). As soon as you activate the plug-in, the respective provider receives the information that you have visited our website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to our website to your user account. You can find more detailed information about the data processed by the respective external provider in section 8 of this data protection declaration.
Activating the plug-in constitutes consent within the meaning of Article 6(1)(a) GDPR. You can revoke this consent at any time with effect for the future.
d) IT security and optimization of the offer
The website provider automatically collects and stores information in so-called server log files, which your browser transmits while surfing. These are:
- Browser type and browser version
- operating system used
- “Referrer” URL, i.e. a link to the page from which you came to us
- host name of the accessing computer
- time of the server request
- your IP address without the last three digits
This data is not merged with other data sources during normal operation. We only receive anonymized statistical data. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in a technically error-free presentation and the optimization of our website, as well as tracking in the event of intentional interference with our web offer. The data is stored anonymously by our provider – provided that no disruptions are detected – and deleted after 60 days. (https://www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo)
e) Cookies
Our websites do not normally use cookies. An exception to this is the use of forms. Cookies are small text files that are stored on your device and saved by your browser. You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. However, if you disable cookies, the functionality of the form may be limited. The cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. form entries) are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.
3) Forms
If you send us enquiries via the forms used in the web forms (requests for information, registrations, etc.), we will store the information you provide in the web form, including the contact details you provide there (if requested), for the purpose of processing the request and in case of follow-up questions. We will not share this information without your consent. The processing of the data entered into the respective form is thus exclusively based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal message by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
4) Newsletter
Newsletter data
If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use newsletter service providers to process the newsletter, which are described below.
CleverReach
This website uses CleverReach to send out its newsletters. The provider of this service is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service which organizes and analyzes the distribution of newsletters. The data you enter to subscribe to the newsletter (e.g. your email address) is stored on CleverReach servers in Germany and Ireland.
Sending our newsletter with CleverReach enables us to analyze the behavior of newsletter recipients. Among other things, we can see how many recipients have opened the email containing the newsletter and how often various links in the newsletter are clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. Further information on data analysis using CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
The data processing is carried out on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). The storage in the blacklist is indefinite. You can object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the CleverReach data protection policy at: https://www.cleverreach.com/de/datenschutz/
Contract data processing
We have concluded a contract for the use of the above-named service. This is a contract that is required under data protection law and ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.
5) Registration for events
You can register for events on our website. We use the data entered for this purpose only for the organization of the respective event. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. The data entered during registration is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will delete the data collected during registration no later than 60 days after the event, unless you have agreed to further use, e.g. to be informed about similar ISOE events. Legal retention periods remain unaffected.
6) Data collection by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not share this information without your consent. The processing of these data is based on Art. 6 para. 1 lit. b DSGVO, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), since we have a legitimate interest in the effective processing of the requests addressed to us. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
7) Audio and video conferences
Data processing
We use online conferencing tools, among other things, to communicate with our customers. The tools we use in detail are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the provider of the respective conferencing tool. The conference tools collect all the data that you provide/use to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata). Furthermore, the tool provider processes all technical data required to handle the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.
If content is exchanged, uploaded or otherwise provided within the tool, this is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service. Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For more information on data processing by the conferencing tools, please refer to the privacy policies of the tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools are deleted from our systems as soon as you request us to delete them, revoke your consent to store them or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. We have no influence over the storage duration of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conference tools:
Jitsi Meet
We use Jitsi Meet. If you communicate with us via Jitsi Meet, all data associated with this communication process is processed exclusively on our servers (on-premise).
BigBlueButton
We use BigBlueButton. If you communicate with us via BigBlueButton, all data associated with this communication process is processed exclusively on servers within the European Union or a third country that is secure in terms of data protection.
Recording of conferences
We may record the video and audio conferences that we conduct on BigBlueButton.
Data processing agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.
8) Data collection when visiting our offers on other platforms/social media
This data protection declaration applies to the following social media sites
https://de.linkedin.com/company/isoe-institut-fuer-sozial-oekologische-forschung
https://www.instagram.com/isoe_institut/
BlueSky
https://bsky.app/profile/isoe-institut.bsky.social
Mastodon
https://mastodon.social/@isoewikom
https://www.facebook.com/ISOE.Forschungsinstitut
Vimeo
Flickr
https://www.flickr.com/photos/102295333@N04/albums/
ResearchGate
https://www.researchgate.net/institution/Institute-for-Social-Ecological-Research
Data processing by social networks
We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.
Social networks such as Facebook, Instagram, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-related processing operations are triggered. Specifically:
If you are logged into your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is done, for example, by cookies being stored on your end device or by recording your IP address. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This way, interest-based advertising can be displayed to you both within and outside of the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in. Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media sites are designed to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).
Controller and assertion of rights
If you visit one of our social media sites (e.g. Instagram), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can, in principle, protect your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Instagram).
Please note that despite our joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – especially retention periods – remain unaffected. We have no influence over the duration of storage of your data, which is stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their data protection declaration, see below).
Your rights
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, to data portability and to lodge a complaint with the relevant supervisory authority. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.
Social networks in detail
Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter: Meta). According to Meta, the data collected is also transferred to the United States and other third-party countries. We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement determines which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum
You can customize your advertising settings independently in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For details, please refer to Facebook's privacy policy:
https://www.facebook.com/about/privacy/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is obliged to comply with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/4452
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For details on how they handle your personal information, please refer to Instagram's privacy policy:
https://privacycenter.instagram.com/policy/.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5448
Vimeo
We have a profile on Vimeo. The provider is Vimeo, Inc., 555 West 18th Street, New York 10011, USA. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, according to Vimeo, on “legitimate business interests”. You can find details here: https://vimeo.com/privacy. For details on how they handle your personal data, please refer to Vimeo's privacy policy: https://vimeo.com/privacy.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Each DPF-certified company is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5711
Flickr
We provide image material via an account with Flickr Inc., 390 Fremont St, San Francisco, California 94105, US. When using certain interactive functions on flickr (e.g. the comment function or the “favorites” button), comments or the addition of favorites are visible to other users and to us as the provider of the flickr page. This means that direct user assignment can be carried out on the basis of the personal data disclosed. To do this, you need a Flickr account. You can find the complete flickr terms of use here: www.flickr.com/help/terms.
We would like to point out that flickr stores its users' data (e.g. personal information, IP address, etc.) and may also use this for business purposes. This may also result in the data being transferred outside the EU. According to its own statements, the provider has entered into data processing agreements based on EU standard contractual clauses. Information about which data is processed by the provider and for what purposes it is used can be found in the service's privacy policy at www.flickr.com/help/dpa
For more information about flickr's data processing, please refer to flickr's privacy policy at: www.flickr.com/help/privacy.
For information on how to change your privacy settings, please visit: https://help.flickr.com/en_us/change-your-privacy-settings-rygl6XoJm.
ResearchGate
We use the platform and services of ResearchGate GmbH, Chausseestr. 20, 10115 Berlin (hereinafter “ResearchGate”). Our company profile on ResearchGate is intended to provide general information about the institute. In this context, some of your personal data as a visitor to our profile is also processed. The use of our ResearchGate profile is at your own risk. ResearchGate is solely responsible for the operation of the platform. When you access our profile on ResearchGate, data processing by ResearchGate is unavoidable. This data processing is based on the corresponding specifications of the portal operator: https://www.researchgate.net/privacy-policy.
According to the ResearchGate privacy policy, personal data may also be processed by ResearchGate in the United States or other third countries. According to ResearchGate, personal data is also transferred to countries that do not have a comparable level of protection, but only in accordance with the requirements of the applicable legal data protection provisions.
When you visit our ResearchGate profile, ResearchGate collects personal data from users, e.g. by means of cookies and pixels. This may also occur for visitors who are not logged in to ResearchGate. Data processing by ResearchGate is based on the corresponding specifications of ResearchGate, which you can read here: https://www.researchgate.net/privacy-policy#Information-we-process-when-using-technologies-like-cookies-and-pixels.
If you access our profile while logged in with your own ResearchGate user account, we will receive information about your visit to our profile based on the general terms of use of ResearchGate. You can prevent this by accessing our profile without first logging in to ResearchGate. However, you may then not have access to all the information we have published, in accordance with the terms of use of the service. The legal basis for our data processing, if any, is Art. 6 para. 1 sentence 1 lit. b GDPR in accordance with the terms of use applicable to all ResearchGate users in connection with our performance of public duties, Art. 6 para. 1 sentence 1 lit. e GDPR.
In addition, you have the option, when using the general functionalities of ResearchGate (e.g. leaving comments or sharing posts), of triggering further data processing, which may also be on our profile. This automated data processing made possible by ResearchGate is beyond our control. We have no influence on the corresponding functionalities of the portal. The associated data processing is based on the terms of use of the service that apply to all users of the portal and thus on Art. 6 (1) sentence 1 b GDPR.
BlueSky
We use the short message service Bluesky PBLLC, Seattle, WA US
You use the Bluesky short message service and its functions offered here at your own risk. This applies in particular to the use of the interactive functions (e.g. sharing, commenting). The data collected about you when using the service is processed by Bluesky PBLLC and may be transferred to countries outside the European Union. Information about this can be found here: https://bsky.social/about/support/privacy-policy#personal-information-use
The data you enter on Bluesky, in particular your username and the content published under your account, will be processed by us to the extent that we may share or comment on your posts or write posts that refer to your account. The data that you freely publish and distribute on Bluesky is thus made available to our followers. If you have concerns about how Bluesky PBLLC processes personal data, you can contact the lead supervisory authority for Bluesky PBLLC using the contact details listed on the website (https://bsky.social/about/support/privacy-policy#personal-information-share).
We process the personal data collected from you on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. If special categories of personal data are concerned, we process these data on the basis of your consent in accordance with Art. 9 para. 2 lit. a GDPR. The legal basis for the processing of the data is otherwise Article 6 (1) (1) (e), (2), (3) (1) (b) GDPR.
The data is assigned to the data in your Bluesky account or your Bluesky profile. We have no influence on the type and extent of the data processed by Bluesky PBLLC, the type of processing and use or the disclosure of this data to third parties. Information about which data is processed by Bluesky PBLLC and for what purposes it is used can be found in Bluesky's data protection declaration (https://bsky.social/about/support/network-services-privacy-policy). In addition, you can view your own data at Bluesky (https://bsky.social/about/support/network-services-privacy-policy#privacy-choices). You also have the option of requesting information via the archive requests: https://github.com/web3-storage/ipfs-car
More information about the collection, processing and storage of personal data by BlueSky can be found here: https://bsky.social/about/support/privacy-policy#personal-information-collect
Please refer to our data protection declaration for your rights of access according to Art. 15 DSGVO. You can restrict the processing of your data in the general settings of your Bluesky account and under the item “Privacy”. In addition, on mobile devices (smartphones, tablet computers), you can restrict Bluesky's access to contact and calendar data, photos, location data, etc. in the settings options available there.
Mastodon
We use Mastodon for communication. Please inform yourself about the use of your data at the server operator operated by the Mastodon gGmbH non-profit, https://mastodon.social/about
9. Data collection on the use of ISOE cloud services
ISOE provides a server that can be accessed via the internet as a so-called cloud service (also referred to as “software as a service”) in a shared working context with cooperation partners of the institute for the following purposes: document processing and storage, project management, calendar management, spreadsheets and presentations, exchange of documents, content and information, forms or other content and information.
In this context, personal data may be processed and stored on our server if it is part of communication processes with us or is otherwise processed by us as described in this data protection declaration. This data may include, in particular, master data and contact data of users, data on processes, contracts, other processes and their contents. We also process usage data and metadata, which are used for security purposes and to optimize our services. This also includes cookies for the smooth operation of the cloud.
Notes on legal bases: By using our cloud service, you consent to the processing of your data. Furthermore, their use can be a component of our (pre)contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administrative and collaboration processes).
Types of data processed: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Affected persons: project partners, cooperation partners, ISOE employees, ISOE associates who have access via their contact persons at ISOE.
Purposes of processing: project, office and organizational procedures.
Legal basis: Consent (Art. 6 Sect. 1 Clause 1 lit. a GDPR); performance of a contract and prior requests (Art. 6 Sect. 1 Clause 1 lit. b GDPR); legitimate interests (Art. 6 Sect. 1 Clause 1 lit. f GDPR).
Access metadata (IP address) is automatically deleted after 90 days.
Deletion of metadata within the Nextcloud (user, e-mail, activities) takes place as soon as a user is deleted or never if they are part of a document processing (e.g. tracking the processing of documents).
This data protection information was updated on March 26, 2025.