Data protection at a glance
The following information provides an overview of the personal data that may be collected when you visit our website. It tells you what these data are processed for and the legal basis for it. Personal data are all data with which you can be personally identified either by us or by third parties.
Under 1) you find general information, in particular about us and concerning your personal rights. Specific information with regard to individual parts of our website offer, is given under the subsequent points.
1) General notes
a) Responsible body
b) Data protection officer
c) Your rights
2) Data collection during the visit of our website
a) Transmission of the contents
b) Transmission to other service providers Plugins and tools
c) Social media
d) IT security and optimization of the offer
e) cookies
3) Forms
4) Newsletter
5) Registration for events
6) Data collection by e-mail, telephone or fax
7) Data flow within the framework of our Jitsi-Meet video and telephone conference software
8) Data collection in the context of visiting our offers on other platforms/social media
9) Data collection via the use of ISOE cloud services
1) General notes
As operators of this website we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration.
When you visit this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains what kind of data we collect and what we use them for. It also explains how we go about it and for what purpose.
We would like to point out that there are security gaps when it comes to data transmission over the Internet (e.g. communication by e-mail). A comprehensive protection of data against access by third parties is not possible.
a) Responsible body
Please refer to the imprint under the following link to find out who is responsible for the data processing of this website.
b) Data protection officer
We have appointed a data protection officer for our company, whom you can contact by e-mail directly at dsb(at)isoe.de.
c) Your rights
i. Information, blocking, erasure and correction
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, their origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.
ii. Right to limitation of processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint.
The right to restrict processing exists in the following cases:
- If you dispute the correctness of your personal data stored with us, we usually need time to check this. For the duration of the review, you have the right to demand the restriction of the processing of your personal data.
- If the processing of your personal data was/is unlawful, you can demand the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you do need it to exercise, defend or assert legal claims, you have the right to demand restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection in accordance with Art. 21 para. 1 DSGVO, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests outweigh the interests of the parties concerned, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, these data - apart from their storage - may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
iii. Right of objection
If the data processing is carried out on the basis of Article 6 paragraph 1 letter e or f FADP, you have the right to object to this processing of your personal data at any time for reasons arising from your particular situation, including profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process the personal data concerned unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims (objection under Art. 21 para. 1 DSGVO).
iv. Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can revoke any consent already given at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
v. Right of appeal to the responsible supervisory authority
In the event of infringements of the DSGVO, you have a right of appeal to a supervisory authority, in particular of the country in which you normally live or the country of your place of work or the country of the suspected infringement. This right of appeal is without prejudice to other administrative or judicial remedies.
vi. Right to data portability
You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible.
a) Transmission of the contents
For the purpose of transmitting the website you have called up, your browser will also send the following information, among others:
- Your IP address (a number that identifies your computer connection on the Internet), the website you are visiting and the time of your visit
- Information about your terminal device, for example the browser used, connection speed or screen size
This processing is carried out in the interest of transmitting content to you at your request and presenting it in the best possible way. This is a legitimate interest within the meaning of Art. 6 para. 1 letter f DSGVO.
The above-mentioned data will not be stored for the purpose of transmission once the transmission process is complete.
b) Transmission to other service providers Plugins and tools
YouTube
Our website uses content from the YouTube page operated by Google. The site is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our sites equipped with a YouTube plug-in, a connection is established to the YouTube servers. This tells the YouTube server which of our pages you have visited. This is only done with your consent. We use a two-click solution here.
Furthermore, YouTube can store various cookies on your end device. With the help of these cookies, Youtube can obtain information about visitors to our website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your device until you delete them.
If you are logged in to your YouTube account, you allow YouTube to associate your browsing habits directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO. Further information on the handling of user data can be found in the YouTube privacy policy at: https://policies.google.com/privacy?hl=de.
c) Social media
Our websites use plugins from social media (e.g. Facebook, Twitter, Google, Instagram+ etc.).
You can usually recognize the plugins by the respective social media logos. In order to guarantee data protection on our website, we only use these plugins together with the so-called "Shariff" solution. This application prevents the plugins integrated on our website from transferring data to the respective provider as soon as you enter the website for the first time.
Only when you activate the respective plugin by clicking the corresponding button, a direct connection to the provider's server is established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our website with your IP address. If you are simultaneously logged into your respective social media account (e.g. Facebook), the respective provider can assign the visit to our website to your user account.
You will find more detailed information on the data processed by the respective external provider in section 8 of this data protection declaration.
Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke this consent at any time with effect for the future.
d) IT security and optimization of the offer
The provider of the website automatically collects and stores information in so-called server log files, which your browser transmits when you surf. These are:
- Browser type and browser version
- Operating system used
- "Referer" URL, i.e. a link to the page from which you came to us
- Host name of the accessing computer
- Time of the server request
- Your IP address without the last three digits
A consolidation of this data with other data sources is not carried out in regular operation. We only receive anonymous statistical data.
The collection of this data is based on Art. 6 para. 1 lit. f DSGVO and serves our legitimate interest in a technically error-free presentation and the optimization of our website, as well as tracking in case of intentional impairment of our web offer.
The data will be stored anonymously by our provider – provided no malfunctions are detected – and deleted after 60 days. (https://www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo)
e) Cookies
Our websites do not normally use cookies. An exception is the use of forms. Cookies are small text files that are stored on your device and saved by your browser.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies when closing the browser. However, if you deactivate cookies, the functionality of the form may be limited.
The cookies that are required to carry out the electronic communication process or to provide certain functions you request (e.g. form entries) are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of his services.
3) Forms
If you send us inquiries via web form (information requests, registrations etc.) using the forms made available , your details from this form, including the contact details you provide us with (if requested), will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The processing of the data entered in the respective form is therefore exclusively based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing operations carried out up to the time of revocation remains unaffected by the revocation.
The data entered by you in the contact form will remain with us until you request us to delete them, revoke your consent to their storage or when the purpose for which they were stored ceases to apply (e.g. after your enquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
4) Newsletter
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will only be collected on a voluntary basis. We use these data exclusively for sending the requested information and do not pass them on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of these data, your e-mail address as well as its use for sending the newsletter at any time, for example by using the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you have provided us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after the newsletter has been cancelled, at the latest after 60 days. Data that has been stored by us for other purposes remains unaffected by this.
5) Registration for events
On our website you can register for events. We will use the data provided for these specific cases only for the purpose of organizing the respective event. The mandatory data requested during registration must be provided in full. Otherwise registration will be refused.
The data entered during registration will be processed on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke any consent you have given at any time. All you need to do is send us an informal notification by e-mail. The legality of the data processing already carried out remains unaffected by the revocation.
The data collected during registration will be deleted at the latest 60 days after the event, unless you have agreed to further use, e.g. to be informed about similar ISOE events. Legal retention periods remain unaffected.
6) Data collection by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
This data are processed on the basis of Art. 6 para. 1 lit. b DSGVO, provided your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Art. 6 para. 1 lit. a DSGVO) and/or on our legitimate interests (Art. 6 para. 1 lit. f DSGVO), as we have a legitimate interest in the effective processing of the inquiries addressed to us.
The data you send us via contact requests will remain with us until you request us to delete them, revoke your consent to their storage or the purpose for which they were stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
7) Data flow within the framework of our Jitsi-Meet video and telephone conference software
If you participate in one of our online meetings via video and/or voice transmission, the IP address you use is recorded at that time and deleted after 60 days at the latest. Other data will not be stored.
To provide you with the address of the platform, we use your e-mail address that we received from you in advance. It is subject to the above mentioned measures for the protection of your personal data.
8) Data collection in the context of visiting our offers on other platforms/social media
We maintain an online presence on Twitter to showcase the ISOE's activities and communicate with interested parties. Twitter is a service of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may pose increased risks to users in that, for example, it may be more difficult to access user data at a later date. We also do not have access to this user data. The access option lies exclusively with Twitter.
The data protection information of Twitter can be found at https://twitter.com/de/privacy
We also present ISOE and its activities on the Facebook platform. On this social media platform, we share responsibility with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Facebook's data protection officer can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970
We have regulated the joint responsibility in an agreement regarding the respective obligations in terms of the GDPR. This agreement, from which the mutual obligations arise, can be accessed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of personal data that thereby takes place and is reproduced below is Art. 6 (1) lit. f DSGVO. Our legitimate interest is the analysis, communication and verification of how our activities are received by users.
The legal basis may also be the user's consent pursuant to Art. 6 (1) a DSGVO vis-à-vis the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) DSGVO.
When calling up our online presence on the Facebook platform, data of the user (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as operator of the platform in the EU.
This user data is used for statistical information about the use of our presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create profiles of users. Based on these profiles, it is possible for Facebook Ireland Ltd., for example, to advertise users within and outside of Facebook based on their interests. If the user is logged into his account on Facebook at the time of the call, Facebook Ireland Ltd. can also link the data with the respective user account.
In the event that the user contacts us via Facebook, the user's personal data entered on this occasion will be used to process the request. The user's data will be deleted by us, provided that the user's inquiry has been conclusively answered and there are no legal retention obligations, such as in the case of subsequent contract processing, to the contrary.
In order to process the data, Facebook Ireland Ltd. may also set cookies.
If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be fully used.
More details about the processing activities, their prevention and the deletion of the data processed by Facebook can be found in Facebook's data policy: https://www.facebook.com/privacy/explanation
It is not excluded that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
To present our activities as well as to communicate with interested parties, we operate a presence on the Instagram platform.
On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The data protection officer of Instagram can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970
We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, from which the mutual obligations arise, can be accessed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of personal data that thereby takes place and is reproduced below is Art. 6 (1) lit. f DSGVO. Our legitimate interest is in the analysis, communication as well as verification that our activities are attractive.
The legal basis may also be the user's consent pursuant to Art. 6 (1) lit. a DSGVO vis-à-vis the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) DSGVO.
When calling up our online presence on the Instagram platform, data of the user (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as operator of the platform in the EU.
This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create profiles of users. Based on these profiles, it is possible for Facebook Ireland Ltd., for example, to advertise users within and outside of Instagram based on their interests. If the user is logged into his account on Instagram at the time of the call, Facebook Ireland Ltd. can also link the data with the respective user account.
In the event that the user contacts us via Instagram, the user's personal data entered on this occasion will be used to process the request. The user's data will be deleted by us, provided that the user's inquiry has been conclusively answered and no legal retention obligations, such as in the case of subsequent contract processing, are opposed to this.
In order to process the data, Facebook Ireland Ltd. may also set cookies.
If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be fully used.
More details about the processing activities, their prevention and the deletion of data processed by Instagram can be found in the Instagram data policy: https://help.instagram.com/519522125107875
It is not excluded that the processing by Facebook Ireland Ltd. is also carried out via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
Linking social media via graphic or text link
We also promote presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection to the respective server of the social network from being automatically established when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network.
After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out here that processing of the data collected in this way takes place in the USA.
This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
The following social networks are integrated into our site by linking:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Privacy policy: https://www.facebook.com/policy.php
Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
Privacy policy: https://twitter.com/privacy
YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Privacy policy: https://policies.google.com/privacy
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Privacy policy: https://help.instagram.com/519522125107875
Vimeo
We use "Vimeo" on our website to display videos. This is a service of Vimeo, LL C, 555 West 18th Street, New York, New York 10011, USA, hereinafter referred to as "Vimeo".
Partial processing of user data takes place on Vimeo servers in the USA.
The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the quality improvement of our website.
If you visit a page of our website in which a video is embedded, a connection to the servers of Vimeo in the USA is established to display the video. For technical reasons, it is necessary for Vimeo to process your IP address. In addition, the date and time of your visit to our website are also recorded.
If you are logged in to Vimeo at the same time as you visit one of our websites in which a Vimeo video is embedded, Vimeo may assign the information collected in this way to your personal user account there. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your user account with Vimeo accordingly.
For the purpose of functionality and usage analysis, Vimeo uses the web analytics service Google Analytics. Google Analytics stores cookies on your end device via your Internet browser and sends information about the use of our website, in which a Vimeo video is embedded, to Google. It cannot be ruled out that Google processes this information in the USA.
If you do not agree to this processing, you have the option to prevent the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under the item "Cookies".
The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the quality improvement of our website and in the legitimate interest of Vimeo to statistically analyze user behavior for optimization and marketing purposes.
Vimeo offers further information on the collection and use of data as well as your rights and options for protecting your privacy at http://vimeo.com/privacy.
9) Data collection via the use of ISOE cloud services
ISOE provides a server accessible via the Internet as a so-called cloud service (also referred to as "Software as a Service") in a joint working context with cooperation partners of the Institute for the following purposes: Document processing and storage, project management, calendar management, spreadsheets and presentations, exchange of documents, content and information, forms or other content and information.
In this context, personal data may be processed and stored on our server to the extent that these are part of communication processes with us or are otherwise processed by us as described in the context of this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents. We also process usage data and metadata used for security purposes and service optimization. This also includes cookies for the smooth operation of the cloud.
Notes on legal basis: By using our cloud service, you consent to the processing of your data. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient and secure management and collaboration processes)
Types of data processed: inventory data (e.g., names, addresses); contact data (e.g., e-mail, phone numbers); content data (e.g., entries in online forms); usage data (e.g., web pages visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
Data subjects: Project partners, cooperation partners, ISOE employees, ISOE associates who receive access via their contact persons at ISOE.
Purposes of processing: project, office and organizational procedures.
Legal bases: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO); Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
The deletion of access meta data (IP address) takes place automatically after 90 days.
Deletion of meta data within Nextcloud (user, email, activities) occurs as soon as a user is deleted or never if they are part of a document processing (e.g. tracking of document processing).