Privacy Policy

The following information provides an overview of what personal data may be collected when you visit our website, why this data is processed, and on what legal basis. Personal data is any data that can be used to identify you personally by us or by third parties.

General information, in particular about us and your rights, can be found below in section 1. Specific information that only applies to individual parts of our offering is provided in the following sections.

1. General information
    a) Responsible body
    b) Data protection officer
    c) Your rights
2. Data collection when you visit our website
    a) Transmission of content
    b) Transmission to other service providers Plugins and tools
    c) Social media
    d) IT security and optimization of the offer
    e) Cookies
3. Forms
4. Newsletters and press releases
5. Registration for events
6. Data collection by email, telephone, or fax
7. Audio and video conferences
8. Data collection when you visit our offers on other platforms/social media
9. Data collection through the use of ISOE cloud services

 

1. General information

As the operator of this website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

a) Responsible body

The responsible body for data processing on this website can be found in the legal notice at this link.

b) Data protection officer

We have appointed a data protection officer for our company, who you can contact directly by email at dsb@isoe.de.

c) Your rights

i. Information, blocking, deletion, and correction

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correction, blocking, or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of personal data.

ii. Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice.

The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we will generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you require it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

iii. Right to object

If the data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21 (2) GDPR).

iv. Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. To do so, simply send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

v. Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

vi. Right to data portability

You have the right to have data that we process based on your consent or in fulfillment of a contract delivered to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

 

2. Data collection when visiting our website

We host the content of our website with the following provider:

Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

a) Transmission of content

For the purpose of transmitting the website you have accessed, your browser also transmits the following information, among other things:

  • Your IP address (a string of numbers that identifies your computer connection on the Internet), the website you accessed and the time of access
  • Information about your device, such as the browser used, connection speed or screen size

This processing is carried out in the interest of transmitting content to you at your request and displaying it optimally. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The above-mentioned data will not be stored for the purpose of transmission after the transmission process has been completed.

b) Transmission to other service providers Plugins and tools

When you visit this website, your surfing behavior may be statistically evaluated. This is done with our open source web analysis tool Matomo (formerly Piwik) in order to better understand user behavior on our site and to continuously improve our offer. Processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our interest lies in the statistical analysis of user behavior to optimize the content and usability of our website.

Matomo is configured by us so that no cookies are set. Processing is anonymized by shortening the IP address and without assignment to an individual user profile. Your IP address is shortened immediately after collection. This means that no personal association is possible. The last two octets of the IP address (e.g., 192.168.xxx.xxx) are anonymized.

The information generated by Matomo is processed exclusively on our own servers in Germany and is not passed on to third parties. All data collected is automatically deleted after 12 months. Further information on data processing by Matomo can be found at https://matomo.org/privacy-policy/

c) Social media

Plugins from social media (e.g., LinkedIn, Instagram, Bluesky, etc.) are used on our websites. You can usually recognize the plugins by the respective social media logos. To ensure data protection on our website, we only use these plugins in conjunction with the so-called “Shariff” solution. This application prevents the plugins integrated into our website from transferring data to the respective provider when you first visit the website.

Only when you activate the respective plugin by clicking on the corresponding button is a direct connection to the provider's server established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our website with your IP address. If you are logged into your respective social media account (e.g., Facebook) at the same time, the respective provider can assign the visit to our website to your user account.

You can find more detailed information on the data processed by the respective external provider in section 8 of this privacy policy.

Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future.

d) IT security and optimization of the offer

The website provider automatically collects and stores information in so-called server log files, which your browser transmits while surfing. These are:

  • browser type and browser version
  • operating system used
  • “Referrer” URL, i.e., a link to the page from which you came to us
  • host name of the accessing computer
  • time of the server request
  • your IP address without the last three digits

This data is not merged with other data sources during normal operation. We only receive anonymized statistical data.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in the technically error-free presentation and optimization of our website, as well as in the investigation of any intentional impairments to our website.

The data is stored anonymously by our provider—provided no malfunctions are detected—and deleted after 12 months.

e) Cookies

Our websites do not normally use cookies. The exception is the use of forms. Cookies are small text files that are stored on your device and saved by your browser.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. However, if cookies are deactivated, the functionality of the form may be restricted.

The cookies that are necessary for the electronic communication process or for the provision of certain functions you have requested (e.g., form entries) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.

 

3. Forms

If you send us inquiries via web forms (information requests, registrations, etc.) using the forms provided there, your details from the web form, including the contact details you provided there (if requested), will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of the data entered in the respective form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. To do so, simply send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you enter in the form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for which it was collected no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

 

4. Newsletters and press releases

If you would like to receive our newsletter/press releases (hereinafter referred to as “newsletter”) offered on our website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use the following newsletter service provider to send out our newsletters:

CleverReach

The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter (e.g., email address) will be stored on CleverReach's servers in Germany or Ireland.

Our newsletters sent via CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it is also possible to analyze whether a link is opened. This data is only stored in anonymized form. For more information on data analysis by CleverReach newsletters, please visit https://www.cleverreach.com/de/funktionen/reporting-und-tracking/

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

The data you provide us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to storage if your interests outweigh our legitimate interest.

For more details, please refer to CleverReach's privacy policy at https://www.cleverreach.com/de/datenschutz/.

 

5. Registration for events

For the organization and registration of our (free) events, we use the event tool pretix, a service provided by rami.io GmbH, Markgräfler Straße 16, 69126 Heidelberg, Germany.

When you register for an event via our website, the data you enter (e.g., name, institution, department, email address, telephone number, etc.) is transmitted to pretix via an embedded form and processed there on our behalf. The processing is carried out exclusively for the purpose of processing the event registration and for communication in connection with the respective event.

The data entered during registration will be processed on the basis of your consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time. To do so, simply send us an informal email. The legality of the data processing that has already taken place remains unaffected by the revocation.

The data collected during registration will be deleted no later than 60 days after the event, unless you have consented to further use, e.g., to be informed about similar events organized by ISOE. Statutory retention periods remain unaffected.

Pretix may use cookies for technical implementation, e.g. to manage sessions or prevent multiple entries. Your data will not be used for advertising purposes.

Further information on data processing by pretix can be found at https://pretix.eu/about/de/privacy.

 

6. Data collection by email, telephone, or fax

If you contact us by email, telephone, or fax, your request, including all personal data arising from it (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of inquiries addressed to us.

The data you send us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for which it was collected no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

 

7. Audio and video conferences

Data processing

We use online conference tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).

Furthermore, the tool provider processes all technical data required for the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or made available in any other way within the tool, it will also be stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing partners or to offer certain services (Art. 6 (1) lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our institution (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR).. If consent has been requested, the tools in question will be used on the basis of this consent; consent can be revoked at any time with future effect.

During the video conference, usage and traffic data will be stored (Section 2 (2) No. 3 and Section 9 of the German Telecommunications and Telemedia Data Protection Act (TTDSG), Section 3 No. 70 of the German Telecommunications Act (TKG)), i.e. data that is collected, processed, or used during the provision or use of a telecommunications service and that is required for the functioning of the program due to the nature of the system (name, link used, IP address, operating system and browser version, time and end of the connection, number of participants).

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage, or the purpose for which it was collected no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use the following conference tools:

Jitsi Meet

We use Jitsi Meet. When you communicate with us via Jitsi Meet, all data associated with this communication process is processed exclusively on our servers (on premise).

BigBlueButton

We use BigBlueButton. When you communicate with us via BigBlueButton, all data associated with this communication process is processed exclusively on servers within the European Union or a third country that is secure under data protection law.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service.

Recording of conferences

We may record the video and audio conferences we conduct on BigBlueButton. We will ask for your consent in advance.

 

8. Data collection when visiting our offers on other platforms/social media

This privacy policy applies to the following social media sites:

LinkedIn
https://de.linkedin.com/company/isoe-institut-fuer-sozial-oekologische-forschung

Instagram
https://www.instagram.com/isoe_institut/

Bluesky
https://bsky.app/profile/isoe-institut.bsky.social

Mastodon
https://mastodon.social/@isoewikom

Facebook
https://www.facebook.com/ISOE.Forschungsinstitut

Vimeo
https://vimeo.com/isoevideos

Flickr
https://www.flickr.com/photos/102295333@N04/albums/

ResearchGate
https://www.researchgate.net/institution/Institute-for-Social-Ecological-Research

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, Instagram, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media sites triggers numerous data processing operations that are relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising may be displayed on all devices on which you are or have been logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presence is intended to ensure the most comprehensive presence possible on the Internet. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible party and assertion of rights

When you visit one of our social media sites (e.g., Instagram), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., Instagram).

Please note that despite our joint responsibility with the social media portal operators, we do not have complete control over the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

Storage period

The data collected directly by us via our social media presence will be deleted from our systems as soon as you request us to do so, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policy, see below).

Your rights

You have the right to obtain information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability, and the right to lodge a complaint with the competent supervisory authority. Furthermore, you may request the correction, blocking, deletion, and, under certain circumstances, the restriction of the processing of your personal data.

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.

We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum 

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads

The transfer of data to the US is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Details on how they handle your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Data transfers to the US are based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs

Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448

Vimeo

We have a profile on Vimeo. The provider is Vimeo, Inc., 555 West 18th Street, New York 10011, USA.

Data transfers to the US are based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests.” Details can be found here: https://vimeo.com/privacy

Details on how they handle your personal data can be found in Vimeo's privacy policy: https://vimeo.com/privacy

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5711

Flickr

We provide image material via an account with Flickr Inc., 390 Fremont St, San Francisco, California 94105, US.

When using certain interactive features on Flickr (e.g., the comment function or the “favorites” button), comments or the addition of favorites are visible to other users and to us as the provider of the Flickr page. This allows direct user identification based on the personal data disclosed. To do this, you need a Flickr account. The complete terms of use for Flickr can be found here: https://www.flickr.com/help/privacywww.flickr.com/help/terms

We would like to point out that Flickr stores its users' data (e.g., personal information, IP address, etc.) and may also use it for business purposes. This may also involve the transfer of data outside the EU. According to its own information, the provider has entered into data processing agreements based on the EU standard contractual clauses. Information about which data is processed by the provider and for what purposes can be found in the service's privacy policy at https://www.flickr.com/help/dpa

For more information on data processing by flickr, please refer to flickr's privacy policy at https://www.flickr.com/help/privacy

Information on how to change your privacy settings can be found at https://help.flickr.com/en_us/change-your-privacy-settings-rygl6XoJm.

ResearchGate

We use the platform and services of ResearchGate GmbH, Chausseestr. 20, 10115 Berlin (hereinafter “ResearchGate”). Our company profile on ResearchGate serves to provide general information about the institute. In this context, some personal data about you as a visitor to our profile on ResearchGate may also be processed.

The use of our ResearchGate profile is at your own risk. ResearchGate is solely responsible for the operation of the platform. When you visit our profile on ResearchGate, data processing by ResearchGate is inevitable. This data processing is governed by the relevant provisions of the portal operator: https://www.researchgate.net/privacy-policy

In accordance with the ResearchGate privacy policy, personal data may also be processed by ResearchGate in the USA or other third countries. According to its own information, ResearchGate also transfers personal data to countries that do not have a comparable level of protection, but only in accordance with the provisions of the applicable data protection regulations.

When you visit our ResearchGate profile, ResearchGate collects personal data from users, e.g. by means of cookies and pixels. This may also occur for visitors who are not logged in to ResearchGate. Data processing by ResearchGate is governed by ResearchGate's relevant provisions, which you can read here: https://www.researchgate.net/privacy-policy#Information-we-process-when-using-technologies-like-cookies-and-pixels

If you visit our profile while logged in to your own ResearchGate account, we will receive information about your visit to our profile based on ResearchGate's general terms of use. You can prevent this by visiting our profile without first logging in to ResearchGate. However, in accordance with the terms of use of the service, you may not be able to access all of the information we have published. The legal basis for our data processing in this regard is Art. 6 (1) (b) GDPR in accordance with the terms of use applicable to all users of ResearchGate in conjunction with our performance of public tasks, Art. 6 (1) (e) GDPR.

In addition, when using the general functions of ResearchGate (e.g., leaving comments or sharing posts), you have the option of triggering further data processing, including on our profile. This automated data processing enabled by ResearchGate is beyond our control. We have no influence on the corresponding functions of the portal. The associated data processing is governed by the terms of use of the service applicable to all users of the portal and thus by Art. 6 para. 1 sentence 1 lit. b GDPR.

Bluesky

We use the short message service Bluesky PBLLC, Seattle, WA US

You use the Bluesky short message service offered here and its functions at your own risk. This applies in particular to the use of interactive functions (e.g., sharing, commenting).

The data collected about you when using the service is processed by Bluesky PBLLC and may be transferred to countries outside the European Union. Information on this can be found here: https://bsky.social/about/support/privacy-policy#personal-information-use

The data you enter on Bluesky, in particular your username and the content published under your account, will be processed by us to the extent that we may share or comment on your posts or write posts that refer to your account. The data you freely publish and distribute on Bluesky will thus be made available to our followers.

If you have any concerns about the processing of personal data by Bluesky PBLLC, you can contact the supervisory authority responsible for Bluesky PBLLC using the contact details listed on the website (https://bsky.social/about/support/privacy-policy#personal-information-share).

We process the personal data collected from you on the basis of your consent in accordance with Art. 6 (1) sentence 1 letter a GDPR. If special categories of personal data are affected, we process this data on the basis of your consent in accordance with Art. 9 (2) letter a GDPR. The legal basis for the processing of the data is otherwise Art. 6 para. 1 sentence 1 lit. e), 2, 3 sentence 1 lit. b) GDPR

The data will be assigned to your Bluesky account or your Bluesky profile. We have no influence on the type and scope of data processed by Bluesky PBLLC, the type of processing and use, or the transfer of this data to third parties. Information about which data is processed by Bluesky PBLLC and for what purposes can be found in Bluesky's privacy policy (https://bsky.social/about/support/network-services-privacy-policy). You can also view your own data at Bluesky (https://bsky.social/about/support/network-services-privacy-policy#privacy-choices). Furthermore, you have the option of requesting information via the archive requests: https://github.com/web3-storage/ipfs-car

More information on the collection, processing, and storage of personal data by Bluesky can be found here: https://bsky.social/about/support/privacy-policy#personal-information-collect

Your rights to information under Art. 15 GDPR can be found in our privacy policy.

You can restrict the processing of your data in the general settings of your Bluesky account and under “Privacy.” In addition, on mobile devices (smartphones, tablet computers), you can restrict Bluesky's access to contact and calendar data, photos, location data, etc. in the settings options there.

 

9. Data collection through the use of ISOE cloud services

ISOE provides a server accessible via the Internet as a so-called cloud service (also referred to as “Software as a Service”) in collaboration with cooperation partners of the Institute for the following purposes: Document processing and storage, project management, calendar management, spreadsheets and presentations, exchange of documents, content and information, forms or other content and information.

In this context, personal data may be processed and stored on our server to the extent that it is part of communication processes with us or is otherwise processed by us as described in this privacy policy. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their contents. We also process usage data and metadata, which are used for security purposes and to optimize our services. This also includes cookies for the smooth operation of the cloud.

Information on legal bases: By using our cloud service, you consent to the processing of your data. Furthermore, their use may be part of our (pre-)contractual services, provided that the use of cloud services has been agreed upon in this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient and secure administrative and collaboration processes).

Types of data processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses)

Data subjects: Project partners, cooperation partners, ISOE employees, ISOE associates who gain access via their contact persons at ISOE

Purposes of processing: Project, office, and organizational procedures

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR);

Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Access metadata (IP address) is automatically deleted after 90 days.

Meta data within Nextcloud (user, email, activities) is deleted as soon as a user is deleted or never if it is part of document processing (e.g., tracking document processing).

 

This privacy policy was updated on June 25, 2025.