General Data Privacy Policy

The Inter­na­tio­nal Data Spaces Asso­cia­ti­on takes the pro­tec­tion of per­so­nal data very serious­ly. We want you to know when we store which data and how we use it. As an asso­cia­ti­on we are sub­ject to the pro­vi­si­ons of the Federal Data Pro­tec­tion Act (BDSG) and the Tele­me­dia Act (TMG).

We have taken tech­ni­cal and orga­ni­sa­tio­nal mea­su­res to ensu­re that the data pro­tec­tion regu­la­ti­ons are obser­ved both by us and by exter­nal ser­vice pro­vi­ders.

Per­so­nal data are infor­ma­ti­on that can be used to deter­mi­ne a user's iden­ti­ty. This inclu­des infor­ma­ti­on such as user name, address, pos­tal address and tele­pho­ne num­ber. Infor­ma­ti­on that is not direct­ly asso­cia­ted with the real iden­ti­ty of the user (such as favou­rite web­sites or num­ber of users of a site) is not inclu­ded. Users can use our online offe­ring without dis­clo­sing their iden­ti­ty. Per­so­nal data is only collec­ted if the user pro­vi­des it of his or her own accord – for examp­le when regis­tering, making an enqui­ry via the con­ta­ct page or sub­mit­ting an online app­li­ca­ti­on.

Access to this data is only pos­si­ble for a few spe­cial­ly aut­ho­ri­sed per­sons who are invol­ved with the tech­ni­cal or edi­to­ri­al sup­port of the ser­vers. In con­nec­tion with user access, data are stored on our ser­vers for secu­ri­ty pur­po­ses which may allow iden­ti­fi­ca­ti­on (for examp­le IP address, date, time and pages view­ed). The­se data are not uti­li­zed in a per­so­na­li­sed form. We reser­ve the right to sta­tis­ti­cal­ly eva­lua­te anony­mi­sed data records.

The IP address is stored for data secu­ri­ty rea­sons in order to gua­ran­tee the sta­bi­li­ty and ope­ra­tio­nal secu­ri­ty of our sys­tem.

1    Name and Address of the controller

Con­trol­ler for the pur­po­ses of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR), other data pro­tec­tion laws app­li­ca­ble in Mem­ber sta­tes of the Euro­pean Uni­on and other pro­vi­si­ons rela­ted to data pro­tec­tion is:

Inter­na­tio­nal Data Spaces e. V.
Emil-Fig­ge-Str. 80
44227 Dort­mund, Ger­ma­ny
Pho­ne: +49 (0) 231 70096 – 501
info@internationaldataspaces.org
Web­site: www.internationaldataspaces.org

2     Disclosure of personal information to third parties

We do not pass on per­so­nal infor­ma­ti­on to third par­ties without the users’ expli­cit con­sent. Should data be pas­sed on to ser­vice pro­vi­ders wit­hin the scope of order data pro­ces­sing, they are bound by the BDSG and other legal regu­la­ti­ons. In so far as we are legal­ly obli­ged to or obli­ged to do so by court order, we will trans­fer your data to such bodies that are legal­ly enti­t­led to recei­ve such infor­ma­ti­on.

3     Right of withdrawal

Per­so­nal user data can be dele­ted at any time on request. We set "coo­kies" (small files with con­fi­gu­ra­ti­on infor­ma­ti­on) in the majo­ri­ty of the inter­net pages we main­tain accord­ing to the spe­ci­fi­ca­ti­ons of the Infor­ma­ti­onge­mein­schaft zur Fest­stel­lung der Ver­brei­tung von Wer­be­trä­gern e. V. – IVW (Ger­man Audit Bureau of Cir­cu­la­ti­on) and for mea­su­ring access to adver­ti­sing media. They help to deter­mi­ne the fre­quen­cy of use and the num­ber of users of our web­sites. We do not collect any per­so­nal data via coo­kies. In some are­as of our web­site we use coo­kies to imple­ment user func­tions. Our web­site can also be used without coo­kies. Most brow­sers are set to accept coo­kies auto­ma­ti­cal­ly. Howe­ver, the user can deac­ti­va­te the sto­rage of coo­kies or set his or her brow­ser in a way that he or she is infor­med as soon as coo­kies are sent.

4     Children

Per­sons under the age of 18 should not trans­mit any per­so­nal data to us without the con­sent of their par­ents or legal guar­di­ans.

5    Links

Our web­site may con­tain links to other web­sites. We have no influ­ence over whe­ther their ope­ra­tors com­ply with the data pro­tec­tion regu­la­ti­ons.

6    Reserve the right to change

The rapid deve­lo­p­ment of the inter­net requi­res adjus­t­ments to the data pro­tec­tion decla­ra­ti­on from time to time. We will inform you of any necessa­ry chan­ges.

7    Cookies

Our Inter­net pages use coo­kies. Coo­kies are text files that are stored in a com­pu­ter sys­tem via an Inter­net brow­ser.

Many Inter­net sites and ser­vers use coo­kies. Many coo­kies con­tain a so-cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a cha­rac­ter string through which Inter­net pages and ser­vers can be assi­gned to the spe­ci­fic Inter­net brow­ser in which the coo­kie was stored. This allows visi­ted Inter­net sites and ser­vers to dif­fe­ren­tia­te the indi­vi­du­al brow­ser of the dats sub­ject from other Inter­net brow­sers that con­tain other coo­kies. A spe­ci­fic Inter­net brow­ser can be reco­gni­zed and iden­ti­fied using the uni­que coo­kie ID.

Through the use of coo­kies, the IDSA can pro­vi­de the users of this web­site with more user-friend­ly ser­vices that would not be pos­si­ble without the coo­kie set­ting.

By means of a coo­kie, the infor­ma­ti­on and offers on our web­site can be opti­mi­zed with the user in mind. Coo­kies allow us, as pre­vious­ly men­tio­ned, to reco­gni­ze our web­site users. The pur­po­se of this reco­gni­ti­on is to make it easier for users to uti­li­ze our web­site. The web­site user that uses coo­kies, e.g. does not have to enter access data each time the web­site is acces­sed, becau­se this is taken over by the web­site, and the coo­kie is thus stored on the user's com­pu­ter sys­tem. Ano­t­her examp­le is the coo­kie of a shop­ping cart in an online shop. The online store remem­bers the arti­cles that a cus­to­mer has pla­ced in the vir­tu­al shop­ping cart via a coo­kie.

The data sub­ject may, at any time, pre­vent the set­ting of coo­kies through our web­site by means of a cor­re­spon­ding set­ting of the Inter­net brow­ser used, and may thus per­ma­nent­ly deny the set­ting of coo­kies. Fur­ther­mo­re, alrea­dy set coo­kies may be dele­ted at any time via an Inter­net brow­ser or other soft­ware pro­grams. This is pos­si­ble in all popu­lar Inter­net brow­sers. If the data sub­ject deac­ti­va­tes the set­ting of coo­kies in the Inter­net brow­ser used, not all func­tions of our web­site may be ent­i­re­ly usable.

8    Subscription to our newsletters

On our web­site, users are given the oppor­tu­ni­ty to sub­scri­be to our enterprise's news­let­ter. The input mask used for this pur­po­se deter­mi­nes what per­so­nal data are trans­mit­ted, as well as when the news­let­ter is orde­red from the con­trol­ler.

The IDSA informs its cus­to­mers and busi­ness part­ners regu­lar­ly by means of a news­let­ter about enter­pri­se offers. The enterprise's news­let­ter may only be recei­ved by the data sub­ject if (1) the data sub­ject has a valid e‑mail address and (2) the data sub­ject regis­ters for the news­let­ter ship­ping. A con­fir­ma­ti­on e‑mail will be sent to the e‑mail address regis­tered by a data sub­ject for the first time for news­let­ter ship­ping, for legal rea­sons, in the dou­ble opt-in pro­ce­du­re. This con­fir­ma­ti­on e‑mail is used to pro­ve whe­ther the owner of the e‑mail address as the data sub­ject is aut­ho­ri­zed to recei­ve the news­let­ter.

During the regis­tra­ti­on for the news­let­ter, we also store the IP address of the com­pu­ter sys­tem assi­gned by the Inter­net ser­vice pro­vi­der (ISP) and used by the data sub­ject at the time of the regis­tra­ti­on, as well as the date and time of the regis­tra­ti­on. The collec­tion of this data is necessa­ry in order to under­stand the (pos­si­ble) misu­se of the e‑mail address of a data sub­ject at a later date, and it the­re­fo­re ser­ves the aim of the legal pro­tec­tion of the con­trol­ler.

The per­so­nal data collec­ted as part of a regis­tra­ti­on for the news­let­ter will only be used to send our news­let­ter. In addi­ti­on, sub­scri­bers to the news­let­ter may be infor­med by e‑mail, as long as this is necessa­ry for the ope­ra­ti­on of the news­let­ter ser­vice or a regis­tra­ti­on in ques­ti­on, as this could be the case in the event of modi­fi­ca­ti­ons to the news­let­ter offer, or in the event of a chan­ge in tech­ni­cal cir­cum­s­tan­ces. The­re will be no trans­fer of per­so­nal data collec­ted by the news­let­ter ser­vice to third par­ties. The sub­scrip­ti­on to our news­let­ter may be ter­mi­na­ted by the data sub­ject at any time. The con­sent to the sto­rage of per­so­nal data, which the data sub­ject has given for ship­ping the news­let­ter, may be revo­ked at any time. For the pur­po­se of revo­ca­ti­on of con­sent, a cor­re­spon­ding link is found in each news­let­ter. It is also pos­si­ble to unsub­scri­be from the news­let­ter at any time direct­ly on the web­site of the con­trol­ler, or to com­mu­ni­ca­te this to the con­trol­ler in a dif­fe­rent way.

9   Newsletter-Tracking

The news­let­ter of the IDSA con­tains so-cal­led tracking pixels. A tracking pixel is a minia­tu­re gra­phic embed­ded in such e‑mails, which are sent in HTML for­mat to enab­le log file record­ing and ana­ly­sis. This allows a sta­tis­ti­cal ana­ly­sis of the suc­cess or fail­u­re of online mar­ke­ting cam­pai­gns. Based on the embed­ded tracking pixel, the IDSA may see if and when an e‑mail was ope­ned by a data sub­ject, and which links in the e‑mail were cal­led up by data sub­jects.

Such per­so­nal data collec­ted in the tracking pixels con­tai­ned in the news­let­ters are stored and ana­ly­zed by the con­trol­ler in order to opti­mi­ze the ship­ping of the news­let­ter, as well as to adapt the con­tent of future news­let­ters even bet­ter to the inte­rests of the data sub­ject. The­se per­so­nal data will not be pas­sed on to third par­ties. Data sub­jects are at any time enti­t­led to revo­ke the respec­ti­ve sepa­ra­te decla­ra­ti­on of con­sent issued by means of the dou­ble-opt-in pro­ce­du­re. After a revo­ca­ti­on, the­se per­so­nal data will be dele­ted by the con­trol­ler. The IDSA auto­ma­ti­cal­ly regards a with­dra­wal from the rece­i­pt of the news­let­ter as a revo­ca­ti­on.

9   Contact possibility via the website

The web­site of the IDSA con­tains infor­ma­ti­on that enab­les a quick elec­tro­nic con­ta­ct to our enter­pri­se, as well as direct com­mu­ni­ca­ti­on with us, which also inclu­des a gene­ral address of the so-cal­led elec­tro­nic mail (e‑mail address). If a data sub­ject con­ta­cts the con­trol­ler by e‑mail or via a con­ta­ct form, the per­so­nal data trans­mit­ted by the data sub­ject are auto­ma­ti­cal­ly stored. Such per­so­nal data trans­mit­ted on a vol­un­ta­ry basis by a data sub­ject to the data con­trol­ler are stored for the pur­po­se of pro­ces­sing or con­ta­c­ting the data sub­ject. The­re is no trans­fer of this per­so­nal data to third par­ties.

10   Routine erasure and blocking of personal data

The data con­trol­ler shall pro­cess and store the per­so­nal data of the data sub­ject only for the peri­od necessa­ry to achie­ve the pur­po­se of sto­rage, or as far as this is gran­ted by the Euro­pean legis­la­tor or other legis­la­tors in laws or regu­la­ti­ons to which the con­trol­ler is sub­ject to.

If the sto­rage pur­po­se is not app­li­ca­ble, or if a sto­rage peri­od pre­scri­bed by the Euro­pean legis­la­tor or ano­t­her com­pe­tent legis­la­tor expi­res, the per­so­nal data are rou­ti­nely blo­cked or era­sed in accordance with legal requi­re­ments.

11   Data protection provisions about the application and use of Facebook

On this web­site, the con­trol­ler has inte­gra­ted com­pon­ents of the enter­pri­se Face­book. Face­book is a social net­work.

A social net­work is a place for social mee­tings on the Inter­net, an online com­mu­ni­ty, which usual­ly allows users to com­mu­ni­ca­te with each other and inter­act in a vir­tu­al space. A social net­work may ser­ve as a plat­form for the exchan­ge of opi­ni­ons and expe­ri­en­ces, or enab­le the Inter­net com­mu­ni­ty to pro­vi­de per­so­nal or busi­ness-rela­ted infor­ma­ti­on. Face­book allows social net­work users to inclu­de the crea­ti­on of pri­va­te pro­files, upload pho­tos, and net­work through friend requests.

The ope­ra­ting com­pa­ny of Face­book is Face­book, Inc., 1 Hacker Way, Men­lo Park, CA 94025, United Sta­tes. If a per­son lives out­side of the United Sta­tes or Cana­da, the con­trol­ler is the Face­book Ire­land Ltd., 4 Grand Canal Squa­re, Grand Canal Har­bour, Dub­lin 2, Ire­land.

With each call-up to one of the indi­vi­du­al pages of this Inter­net web­site, which is ope­ra­ted by the con­trol­ler and into which a Face­book com­po­nent (Face­book plug-ins) was inte­gra­ted, the web brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly promp­ted to down­load dis­play of the cor­re­spon­ding Face­book com­po­nent from Face­book through the Face­book com­po­nent. An over­view of all the Face­book Plug-ins may be acces­sed under https://developers.facebook.com/docs/plugins/. During the cour­se of this tech­ni­cal pro­ce­du­re, Face­book is made awa­re of what spe­ci­fic sub-site of our web­site was visi­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on Face­book, Face­book detects with every call-up to our web­site by the data subject—and for the ent­i­re dura­ti­on of their stay on our Inter­net site—which spe­ci­fic sub-site of our Inter­net page was visi­ted by the data sub­ject. This infor­ma­ti­on is collec­ted through the Face­book com­po­nent and asso­cia­ted with the respec­ti­ve Face­book account of the data sub­ject. If the data sub­ject clicks on one of the Face­book but­tons inte­gra­ted into our web­site, e.g. the "Like" but­ton, or if the data sub­ject sub­mits a com­ment, then Face­book matches this infor­ma­ti­on with the per­so­nal Face­book user account of the data sub­ject and stores the per­so­nal data.

Face­book always recei­ves, through the Face­book com­po­nent, infor­ma­ti­on about a visit to our web­site by the data sub­ject, whenever the data sub­ject is log­ged in at the same time on Face­book during the time of the call-up to our web­site. This occurs regard­less of whe­ther the data sub­ject clicks on the Face­book com­po­nent or not. If such a trans­mis­si­on of infor­ma­ti­on to Face­book is not desi­ra­ble for the data sub­ject, then he or she may pre­vent this by log­ging off from their Face­book account befo­re a call-up to our web­site is made.

The data pro­tec­tion gui­de­li­ne publis­hed by Face­book, which is avail­ab­le at https://facebook.com/about/privacy/, pro­vi­des infor­ma­ti­on about the collec­tion, pro­ces­sing and use of per­so­nal data by Face­book. In addi­ti­on, it is exp­lai­ned the­re what set­ting opti­ons Face­book offers to pro­tect the pri­va­cy of the data sub­ject. In addi­ti­on, dif­fe­rent con­fi­gu­ra­ti­on opti­ons are made avail­ab­le to allow the eli­mi­na­ti­on of data trans­mis­si­on to Face­book. The­se app­li­ca­ti­ons may be used by the data sub­ject to eli­mi­na­te a data trans­mis­si­on to Face­book.

12   Data protection provisions about the application and use of LinkedIn

The con­trol­ler has inte­gra­ted com­pon­ents of the Lin­kedIn Cor­po­ra­ti­on on this web­site. Lin­kedIn is a web-based social net­work that enab­les users with exis­ting busi­ness con­ta­cts to con­nect and to make new busi­ness con­ta­cts. Over 400 mil­li­on regis­tered peop­le in more than 200 coun­tries use Lin­kedIn. Thus, Lin­kedIn is cur­r­ent­ly the lar­gest plat­form for busi­ness con­ta­cts and one of the most visi­ted web­sites in the world.

The ope­ra­ting com­pa­ny of Lin­kedIn is Lin­kedIn Cor­po­ra­ti­on, 2029 Stier­lin Court Moun­tain View, CA 94043, UNITED STATES. For pri­va­cy mat­ters out­side of the UNITED STATES Lin­kedIn Ire­land, Pri­va­cy Poli­cy Issu­es, Wil­ton Pla­za, Wil­ton Place, Dub­lin 2, Ire­land, is respon­si­ble.

With each call-up to one of the indi­vi­du­al pages of this Inter­net site, which is ope­ra­ted by the con­trol­ler and on which a Lin­kedIn com­po­nent (Lin­kedIn plug-in) was inte­gra­ted, the Inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly promp­ted to the down­load of a dis­play of the cor­re­spon­ding Lin­kedIn com­po­nent of Lin­kedIn. Fur­ther infor­ma­ti­on about the Lin­kedIn plug-in may be acces­sed under https://developer.linkedin.com/plugins. During the cour­se of this tech­ni­cal pro­ce­du­re, Lin­kedIn gains know­ledge of what spe­ci­fic sub-page of our web­site was visi­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on Lin­kedIn, Lin­kedIn detects with every call-up to our web­site by the data subject—and for the ent­i­re dura­ti­on of their stay on our Inter­net site—which spe­ci­fic sub-page of our Inter­net page was visi­ted by the data sub­ject. This infor­ma­ti­on is collec­ted through the Lin­kedIn com­po­nent and asso­cia­ted with the respec­ti­ve Lin­kedIn account of the data sub­ject. If the data sub­ject clicks on one of the Lin­kedIn but­tons inte­gra­ted on our web­site, then Lin­kedIn assigns this infor­ma­ti­on to the per­so­nal Lin­kedIn user account of the data sub­ject and stores the per­so­nal data.

Lin­kedIn recei­ves infor­ma­ti­on via the Lin­kedIn com­po­nent that the data sub­ject has visi­ted our web­site, pro­vi­ded that the data sub­ject is log­ged in at Lin­kedIn at the time of the call-up to our web­site. This occurs regard­less of whe­ther the per­son clicks on the Lin­kedIn but­ton or not. If such a trans­mis­si­on of infor­ma­ti­on to Lin­kedIn is not desi­ra­ble for the data sub­ject, then he or she may pre­vent this by log­ging off from their Lin­kedIn account befo­re a call-up to our web­site is made.

Lin­kedIn pro­vi­des under https://www.linkedin.com/psettings/guest-controls the pos­si­bi­li­ty to unsub­scri­be from e‑mail messages, SMS messages and tar­ge­ted ads, as well as the abi­li­ty to mana­ge ad set­tings. Lin­kedIn also uses affi­lia­tes such as Eire, Goog­le Ana­ly­tics, Blue­Kai, Dou­ble­Click, Niel­sen, Coms­core, Elo­qua, and Lota­me. The set­ting of such coo­kies may be denied under https://www.linkedin.com/legal/cookie-policy. The app­li­ca­ble pri­va­cy poli­cy for Lin­kedIn is avail­ab­le under https://www.linkedin.com/legal/privacy-policy. The Lin­kedIn Coo­kie Poli­cy is avail­ab­le under https://www.linkedin.com/legal/cookie-policy.

13   Data protection provisions about the application and use of Xing

On this web­site, the con­trol­ler has inte­gra­ted com­pon­ents of XING. XING is an Inter­net-based social net­work that enab­les users to con­nect with exis­ting busi­ness con­ta­cts and to crea­te new busi­ness con­ta­cts. The indi­vi­du­al users can crea­te a per­so­nal pro­fi­le of them­sel­ves at XING. Com­pa­nies may, e.g. crea­te com­pa­ny pro­files or publish jobs on XING.

The ope­ra­ting com­pa­ny of XING is XING SE, Damm­tor­stra­ße 30, 20354 Ham­burg, Ger­ma­ny.

With each call-up to one of the indi­vi­du­al pages of this Inter­net site, which is ope­ra­ted by the con­trol­ler and on which a XING com­po­nent (XING plug-in) was inte­gra­ted, the Inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly promp­ted to down­load a dis­play of the cor­re­spon­ding XING com­po­nent of XING. Fur­ther infor­ma­ti­on about the XING plug-in the may be acces­sed under https://dev.xing.com/plugins. During the cour­se of this tech­ni­cal pro­ce­du­re, XING gains know­ledge of what spe­ci­fic sub-page of our web­site was visi­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on XING, XING detects with every call-up to our web­site by the data subject—and for the ent­i­re dura­ti­on of their stay on our Inter­net site—which spe­ci­fic sub-page of our Inter­net page was visi­ted by the data sub­ject. This infor­ma­ti­on is collec­ted through the XING com­po­nent and asso­cia­ted with the respec­ti­ve XING account of the data sub­ject. If the data sub­ject clicks on the XING but­ton inte­gra­ted on our Inter­net site, e.g. the "Share"-button, then XING assigns this infor­ma­ti­on to the per­so­nal XING user account of the data sub­ject and stores the per­so­nal data.

XING recei­ves infor­ma­ti­on via the XING com­po­nent that the data sub­ject has visi­ted our web­site, pro­vi­ded that the data sub­ject is log­ged in at XING at the time of the call to our web­site. This occurs regard­less of whe­ther the per­son clicks on the XING com­po­nent or not. If such a trans­mis­si­on of infor­ma­ti­on to XING is not desi­ra­ble for the data sub­ject, then he or she can pre­vent this by log­ging off from their XING account befo­re a call-up to our web­site is made.

The data pro­tec­tion pro­vi­si­ons publis­hed by XING, which is avail­ab­le under https://www.xing.com/privacy, pro­vi­de infor­ma­ti­on on the collec­tion, pro­ces­sing and use of per­so­nal data by XING. In addi­ti­on, XING has publis­hed pri­va­cy noti­ces for the XING share but­ton under https://www.xing.com/app/share?op=data_protection.

14   Data protection provisions about the application and use of Twitter

On this web­site, the con­trol­ler has inte­gra­ted com­pon­ents of Twit­ter. Twit­ter is a mul­ti­lin­gu­al, publicly-acces­si­ble micro­blog­ging ser­vice on which users may publish and spread so-cal­led ‘tweets,’ e.g. short messages, which are limi­ted to 280 cha­rac­ters. The­se short messages are avail­ab­le for ever­yo­ne, inclu­ding tho­se who are not log­ged on to Twit­ter. The tweets are also dis­play­ed to so-cal­led fol­lo­wers of the respec­ti­ve user. Fol­lo­wers are other Twit­ter users who fol­low a user's tweets. Fur­ther­mo­re, Twit­ter allows you to address a wide audi­ence via hash­tags, links or ret­weets.

The ope­ra­ting com­pa­ny of Twit­ter is Twit­ter Inter­na­tio­nal Com­pa­ny, One Cum­ber­land Place, Feni­an Street Dub­lin 2, D02 AX07, Ire­land.

With each call-up to one of the indi­vi­du­al pages of this Inter­net site, which is ope­ra­ted by the con­trol­ler and on which a Twit­ter com­po­nent (Twit­ter but­ton) was inte­gra­ted, the Inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly promp­ted to down­load a dis­play of the cor­re­spon­ding Twit­ter com­po­nent of Twit­ter. Fur­ther infor­ma­ti­on about the Twit­ter but­tons is avail­ab­le under https://about.twitter.com/de/resources/buttons. During the cour­se of this tech­ni­cal pro­ce­du­re, Twit­ter gains know­ledge of what spe­ci­fic sub-page of our web­site was visi­ted by the data sub­ject. The pur­po­se of the inte­gra­ti­on of the Twit­ter com­po­nent is a retrans­mis­si­on of the con­tents of this web­site to allow our users to intro­du­ce this web page to the digi­tal world and incre­a­se our visi­tor num­bers.

If the data sub­ject is log­ged in at the same time on Twit­ter, Twit­ter detects with every call-up to our web­site by the data sub­ject and for the ent­i­re dura­ti­on of their stay on our Inter­net site which spe­ci­fic sub-page of our Inter­net page was visi­ted by the data sub­ject. This infor­ma­ti­on is collec­ted through the Twit­ter com­po­nent and asso­cia­ted with the respec­ti­ve Twit­ter account of the data sub­ject. If the data sub­ject clicks on one of the Twit­ter but­tons inte­gra­ted on our web­site, then Twit­ter assigns this infor­ma­ti­on to the per­so­nal Twit­ter user account of the data sub­ject and stores the per­so­nal data.

Twit­ter recei­ves infor­ma­ti­on via the Twit­ter com­po­nent that the data sub­ject has visi­ted our web­site, pro­vi­ded that the data sub­ject is log­ged in on Twit­ter at the time of the call-up to our web­site. This occurs regard­less of whe­ther the per­son clicks on the Twit­ter com­po­nent or not. If such a trans­mis­si­on of infor­ma­ti­on to Twit­ter is not desi­ra­ble for the data sub­ject, then he or she may pre­vent this by log­ging off from their Twit­ter account befo­re a call-up to our web­site is made.

The app­li­ca­ble data pro­tec­tion pro­vi­si­ons of Twit­ter may be acces­sed under https://twitter.com/privacy?lang=en.

15   Data protection provisions about the application and use of Youtube

On this web­site, the con­trol­ler has inte­gra­ted com­pon­ents of You­Tube. You­Tube is an Inter­net video por­tal that enab­les video publis­hers to set video clips and other users free of char­ge, which also pro­vi­des free viewing, review and com­men­ting on them. You­Tube allows you to publish all kinds of vide­os, so you can access both full movies and TV broad­casts, as well as music vide­os, trai­lers, and vide­os made by users via the Inter­net por­tal.

The ope­ra­ting com­pa­ny of You­Tube is Goog­le Ire­land Limi­ted, Gor­don House, Bar­row Street, Dub­lin, D04 E5W5, Ire­land.

With each call-up to one of the indi­vi­du­al pages of this Inter­net site, which is ope­ra­ted by the con­trol­ler and on which a You­Tube com­po­nent (You­Tube video) was inte­gra­ted, the Inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly promp­ted to down­load a dis­play of the cor­re­spon­ding You­Tube com­po­nent. Fur­ther infor­ma­ti­on about You­Tube may be obtai­ned under https://www.youtube.com/yt/about/en/. During the cour­se of this tech­ni­cal pro­ce­du­re, You­Tube and Goog­le gain know­ledge of what spe­ci­fic sub-page of our web­site was visi­ted by the data sub­ject.

If the data sub­ject is log­ged in on You­Tube, You­Tube reco­gni­zes with each call-up to a sub-page that con­tains a You­Tube video, which spe­ci­fic sub-page of our Inter­net site was visi­ted by the data sub­ject. This infor­ma­ti­on is collec­ted by You­Tube and Goog­le and assi­gned to the respec­ti­ve You­Tube account of the data sub­ject.

You­Tube and Goog­le will recei­ve infor­ma­ti­on through the You­Tube com­po­nent that the data sub­ject has visi­ted our web­site, if the data sub­ject at the time of the call to our web­site is log­ged in on You­Tube; this occurs regard­less of whe­ther the per­son clicks on a You­Tube video or not. If such a trans­mis­si­on of this infor­ma­ti­on to You­Tube and Goog­le is not desi­ra­ble for the data sub­ject, the deli­very may be pre­ven­ted if the data sub­ject logs off from their own You­Tube account befo­re a call-up to our web­site is made.

YouTube's data pro­tec­tion pro­vi­si­ons, avail­ab­le at https://www.google.com/intl/en/policies/privacy/, pro­vi­de infor­ma­ti­on about the collec­tion, pro­ces­sing and use of per­so­nal data by You­Tube and Goog­le.

16  Legal basis for the processing

Art. 6(1) lit. a GDPR ser­ves as the legal basis for pro­ces­sing ope­ra­ti­ons for which we obtain con­sent for a spe­ci­fic pro­ces­sing pur­po­se. If the pro­ces­sing of per­so­nal data is necessa­ry for the per­for­mance of a con­tract to which the data sub­ject is par­ty, as is the case, for examp­le, when pro­ces­sing ope­ra­ti­ons are necessa­ry for the sup­ply of goods or to pro­vi­de any other ser­vice, the pro­ces­sing is based on Arti­cle 6(1) lit. b GDPR. The same app­lies to such pro­ces­sing ope­ra­ti­ons which are necessa­ry for car­ry­ing out pre-con­trac­tu­al mea­su­res, for examp­le in the case of inqui­ries con­cer­ning our pro­ducts or ser­vices. Is our com­pa­ny sub­ject to a legal obli­ga­ti­on by which pro­ces­sing of per­so­nal data is requi­red, such as for the ful­fill­ment of tax obli­ga­ti­ons, the pro­ces­sing is based on Art. 6(1) lit. c GDPR. In rare cases, the pro­ces­sing of per­so­nal data may be necessa­ry to pro­tect the vital inte­rests of the data sub­ject or of ano­t­her natu­ral per­son. This would be the case, for examp­le, if a visi­tor were inju­red in our com­pa­ny and his name, age, health insuran­ce data or other vital infor­ma­ti­on would have to be pas­sed on to a doc­tor, hos­pi­tal or other third par­ty. Then the pro­ces­sing would be based on Art. 6(1) lit. d GDPR. Final­ly, pro­ces­sing ope­ra­ti­ons could be based on Arti­cle 6(1) lit. f GDPR. This legal basis is used for pro­ces­sing ope­ra­ti­ons which are not cove­r­ed by any of the abo­ve­men­tio­ned legal grounds, if pro­ces­sing is necessa­ry for the pur­po­ses of the legi­ti­ma­te inte­rests pur­sued by our com­pa­ny or by a third par­ty, except whe­re such inte­rests are over­rid­den by the inte­rests or fun­da­men­tal rights and free­doms of the data sub­ject which requi­re pro­tec­tion of per­so­nal data. Such pro­ces­sing ope­ra­ti­ons are par­ti­cu­lar­ly per­mis­si­ble becau­se they have been spe­ci­fi­cal­ly men­tio­ned by the Euro­pean legis­la­tor. He con­si­de­red that a legi­ti­ma­te inte­rest could be assu­med if the data sub­ject is a cli­ent of the con­trol­ler (Reci­tal 47 Sen­tence 2 GDPR).

17  Rights of the data subject

a) Right of con­fir­ma­ti­on

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler the con­fir­ma­ti­on as to whe­ther or not per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to avail hims­elf of this right of con­fir­ma­ti­on, he or she may, at any time, con­ta­ct any employee of the con­trol­ler.

b) Right of access

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler free infor­ma­ti­on about his or her per­so­nal data stored at any time and a copy of this infor­ma­ti­on. Fur­ther­mo­re, the Euro­pean direc­ti­ves and regu­la­ti­ons grant the data sub­ject access to the fol­lowing infor­ma­ti­on:

the pur­po­ses of the pro­ces­sing;
the cate­go­ries of per­so­nal data con­cer­ned;
the reci­pi­ents or cate­go­ries of reci­pi­ents to whom the per­so­nal data have been or will be dis­c­lo­sed, in par­ti­cu­lar reci­pi­ents in third coun­tries or inter­na­tio­nal orga­ni­sa­ti­ons;
whe­re pos­si­ble, the envi­sa­ged peri­od for which the per­so­nal data will be stored, or, if not pos­si­ble, the cri­te­ria used to deter­mi­ne that peri­od;
the exis­tence of the right to request from the con­trol­ler rec­ti­fi­ca­ti­on or era­su­re of per­so­nal data, or restric­tion of pro­ces­sing of per­so­nal data con­cer­ning the data sub­ject, or to object to such pro­ces­sing;
the exis­tence of the right to lodge a com­p­laint with a super­vi­so­ry aut­ho­ri­ty;
whe­re the per­so­nal data are not collec­ted from the data sub­ject, any avail­ab­le infor­ma­ti­on as to their source;
the exis­tence of auto­ma­ted decisi­on-making, inclu­ding pro­filing, refer­red to in Arti­cle 22(1) and (4) of the GDPR and, at least in tho­se cases, mea­ning­ful infor­ma­ti­on about the logic invol­ved, as well as the signi­fi­can­ce and envi­sa­ged con­se­quen­ces of such pro­ces­sing for the data sub­ject.
Fur­ther­mo­re, the data sub­ject shall have a right to obtain infor­ma­ti­on as to whe­ther per­so­nal data are trans­fer­red to a third coun­try or to an inter­na­tio­nal orga­ni­sa­ti­on. Whe­re this is the case, the data sub­ject shall have the right to be infor­med of the appro­pria­te safe­guards rela­ting to the trans­fer.

If a data sub­ject wis­hes to avail hims­elf of this right of access, he or she may, at any time, con­ta­ct any employee of the con­trol­ler.

c) Right to rec­ti­fi­ca­ti­on

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler without undue delay the rec­ti­fi­ca­ti­on of inac­cu­ra­te per­so­nal data con­cer­ning him or her. Taking into account the pur­po­ses of the pro­ces­sing, the data sub­ject shall have the right to have incom­ple­te per­so­nal data com­ple­ted, inclu­ding by means of pro­vi­ding a sup­ple­men­ta­ry state­ment.

If a data sub­ject wis­hes to exer­cise this right to rec­ti­fi­ca­ti­on, he or she may, at any time, con­ta­ct any employee of the con­trol­ler.

d) Right to era­su­re (Right to be for­got­ten)

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler the era­su­re of per­so­nal data con­cer­ning him or her without undue delay, and the con­trol­ler shall have the obli­ga­ti­on to era­se per­so­nal data without undue delay whe­re one of the fol­lowing grounds app­lies, as long as the pro­ces­sing is not necessa­ry:

The per­so­nal data are no lon­ger necessa­ry in rela­ti­on to the pur­po­ses for which they were collec­ted or other­wi­se pro­ces­sed.
The data sub­ject with­draws con­sent to which the pro­ces­sing is based accord­ing to point (a) of Arti­cle 6(1) of the GDPR, or point (a) of Arti­cle 9(2) of the GDPR, and whe­re the­re is no other legal ground for the pro­ces­sing.
The data sub­ject objects to the pro­ces­sing pur­suant to Arti­cle 21(1) of the GDPR and the­re are no over­ri­ding legi­ti­ma­te grounds for the pro­ces­sing, or the data sub­ject objects to the pro­ces­sing pur­suant to Arti­cle 21(2) of the GDPR.
The per­so­nal data have been unlaw­ful­ly pro­ces­sed.
The per­so­nal data must be era­sed for com­pli­an­ce with a legal obli­ga­ti­on in Uni­on or Mem­ber Sta­te law to which the con­trol­ler is sub­ject.
The per­so­nal data have been collec­ted in rela­ti­on to the offer of infor­ma­ti­on socie­ty ser­vices refer­red to in Arti­cle 8(1) of the GDPR.
If one of the afo­re­men­tio­ned rea­sons app­lies, and a data sub­ject wis­hes to request the era­su­re of per­so­nal data stored by the IDSA, he or she may, at any time, con­ta­ct any employee of the con­trol­ler. An employee of IDSA shall prompt­ly ensu­re that the era­su­re request is com­plied with immedia­te­ly.

Whe­re the con­trol­ler has made per­so­nal data public and is obli­ged pur­suant to Arti­cle 17(1) to era­se the per­so­nal data, the con­trol­ler, taking account of avail­ab­le tech­no­lo­gy and the cost of imple­men­ta­ti­on, shall take rea­son­ab­le steps, inclu­ding tech­ni­cal mea­su­res, to inform other con­trol­lers pro­ces­sing the per­so­nal data that the data sub­ject has reques­ted era­su­re by such con­trol­lers of any links to, or copy or repli­ca­ti­on of, tho­se per­so­nal data, as far as pro­ces­sing is not requi­red. An employees of the IDSA will arran­ge the necessa­ry mea­su­res in indi­vi­du­al cases.

e) Right of restric­tion of pro­ces­sing

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler restric­tion of pro­ces­sing whe­re one of the fol­lowing app­lies:

The accu­ra­cy of the per­so­nal data is con­tes­ted by the data sub­ject, for a peri­od enab­ling the con­trol­ler to veri­fy the accu­ra­cy of the per­so­nal data.
The pro­ces­sing is unlaw­ful and the data sub­ject oppo­ses the era­su­re of the per­so­nal data and requests ins­tead the restric­tion of their use ins­tead.
The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of the pro­ces­sing, but they are requi­red by the data sub­ject for the estab­lish­ment, exer­cise or defence of legal claims.
The data sub­ject has objec­ted to pro­ces­sing pur­suant to Arti­cle 21(1) of the GDPR pen­ding the veri­fi­ca­ti­on whe­ther the legi­ti­ma­te grounds of the con­trol­ler over­ri­de tho­se of the data sub­ject.
If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to request the restric­tion of the pro­ces­sing of per­so­nal data stored by the IDSA, he or she may at any time con­ta­ct any employee of the con­trol­ler. The employee of the IDSA will arran­ge the restric­tion of the pro­ces­sing.

f) Right to data por­ta­bi­li­ty

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor, to recei­ve the per­so­nal data con­cer­ning him or her, which was pro­vi­ded to a con­trol­ler, in a struc­tu­red, com­mon­ly used and machi­ne-read­a­ble for­mat. He or she shall have the right to trans­mit tho­se data to ano­t­her con­trol­ler without hin­dran­ce from the con­trol­ler to which the per­so­nal data have been pro­vi­ded, as long as the pro­ces­sing is based on con­sent pur­suant to point (a) of Arti­cle 6(1) of the GDPR or point (a) of Arti­cle 9(2) of the GDPR, or on a con­tract pur­suant to point (b) of Arti­cle 6(1) of the GDPR, and the pro­ces­sing is car­ri­ed out by auto­ma­ted means, as long as the pro­ces­sing is not necessa­ry for the per­for­mance of a task car­ri­ed out in the public inte­rest or in the exer­cise of offi­cial aut­ho­ri­ty ves­ted in the con­trol­ler.

Fur­ther­mo­re, in exer­cis­ing his or her right to data por­ta­bi­li­ty pur­suant to Arti­cle 20(1) of the GDPR, the data sub­ject shall have the right to have per­so­nal data trans­mit­ted direct­ly from one con­trol­ler to ano­t­her, whe­re tech­ni­cal­ly fea­si­ble and when doing so does not adver­se­ly affect the rights and free­doms of others.

In order to assert the right to data por­ta­bi­li­ty, the data sub­ject may at any time con­ta­ct any employee of the IDSA.

g) Right to object

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to object, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, at any time, to pro­ces­sing of per­so­nal data con­cer­ning him or her, which is based on point (e) or (f) of Arti­cle 6(1) of the GDPR. This also app­lies to pro­filing based on the­se pro­vi­si­ons.

The IDSA shall no lon­ger pro­cess the per­so­nal data in the event of the objec­tion, unless we can demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject, or for the estab­lish­ment, exer­cise or defence of legal claims.

If the IDSA pro­ces­ses per­so­nal data for direct mar­ke­ting pur­po­ses, the data sub­ject shall have the right to object at any time to pro­ces­sing of per­so­nal data con­cer­ning him or her for such mar­ke­ting. This app­lies to pro­filing to the extent that it is rela­ted to such direct mar­ke­ting. If the data sub­ject objects to the IDSA to the pro­ces­sing for direct mar­ke­ting pur­po­ses, the IDSA will no lon­ger pro­cess the per­so­nal data for the­se pur­po­ses.

In addi­ti­on, the data sub­ject has the right, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, to object to pro­ces­sing of per­so­nal data con­cer­ning him or her by the IDSA for sci­en­ti­fic or his­to­ri­cal rese­arch pur­po­ses, or for sta­tis­ti­cal pur­po­ses pur­suant to Arti­cle 89(1) of the GDPR, unless the pro­ces­sing is necessa­ry for the per­for­mance of a task car­ri­ed out for rea­sons of public inte­rest.

In order to exer­cise the right to object, the data sub­ject may con­ta­ct any employee of the IDSA. In addi­ti­on, the data sub­ject is free in the con­text of the use of infor­ma­ti­on socie­ty ser­vices, and not­with­stan­ding Direc­ti­ve 2002/58/EC, to use his or her right to object by auto­ma­ted means using tech­ni­cal spe­ci­fi­ca­ti­ons.

h) Auto­ma­ted indi­vi­du­al decisi­on-making, inclu­ding pro­filing

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor not to be sub­ject to a decisi­on based sole­ly on auto­ma­ted pro­ces­sing, inclu­ding pro­filing, which pro­du­ces legal effects con­cer­ning him or her, or simi­lar­ly signi­fi­cant­ly affects him or her, as long as the decisi­on (1) is not is necessa­ry for ent­e­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) is not aut­ho­ri­sed by Uni­on or Mem­ber Sta­te law to which the con­trol­ler is sub­ject and which also lays down sui­ta­ble mea­su­res to safe­guard the data subject's rights and free­doms and legi­ti­ma­te inte­rests, or (3) is not based on the data subject's expli­cit con­sent.

If the decisi­on (1) is necessa­ry for ent­e­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) it is based on the data subject's expli­cit con­sent, the IDSA shall imple­ment sui­ta­ble mea­su­res to safe­guard the data subject's rights and free­doms and legi­ti­ma­te inte­rests, at least the right to obtain human inter­ven­ti­on on the part of the con­trol­ler, to express his or her point of view and con­test the decisi­on.

If the data sub­ject wis­hes to exer­cise the rights con­cer­ning auto­ma­ted indi­vi­du­al decisi­on-making, he or she may, at any time, con­ta­ct any employee of the IDSA.

i) Right to with­draw data pro­tec­tion con­sent

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to with­draw his or her con­sent to pro­ces­sing of his or her per­so­nal data at any time.

If the data sub­ject wis­hes to exer­cise the right to with­draw the con­sent, he or she may, at any time, con­ta­ct any employee of the IDSA.

18   Google Analytics

If you have given your con­sent, Goog­le Ana­ly­tics, a web ana­ly­sis ser­vice of Goog­le Ire­land Limi­ted ("Goog­le") is used on this web­site. The use inclu­des the "Uni­ver­sal Ana­ly­tics" ope­ra­ting mode. This makes it pos­si­ble to assign data, ses­si­ons and inter­ac­tions across mul­ti­ple devices to a pseud­ony­mous user ID and thus ana­ly­ze a user's acti­vi­ties across devices.

Goog­le Ana­ly­tics uses "coo­kies", which are text files pla­ced on your com­pu­ter, to help the web­site ana­ly­ze how users inter­act with the site. The infor­ma­ti­on gene­ra­ted by the coo­kie about your use of this web­site is usual­ly trans­fer­red to a Goog­le ser­ver in the USA and stored the­re. Howe­ver, if IP anony­mi­sa­ti­on is acti­va­ted on this web­site, Goog­le will redu­ce your IP address wit­hin Mem­ber Sta­tes of the Euro­pean Uni­on or in other sta­tes par­ty to the Agree­ment on the Euro­pean Eco­no­mic Area befo­re­hand. We would like to point out that on this web­site Goog­le Ana­ly­tics has been exten­ded to inclu­de IP anony­mi­sa­ti­on in order to ensu­re anony­mous collec­tion of IP addres­ses (so-cal­led IP mas­king). The IP address trans­mit­ted by your brow­ser in the con­text of Goog­le Ana­ly­tics is not mer­ged with other Goog­le data. For more infor­ma­ti­on on terms of use and data pro­tec­tion, plea­se visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

Pur­po­ses of the Pro­ces­sing
On behalf of the ope­ra­tor of this web­site, Goog­le will use this infor­ma­ti­on to eva­lua­te your use of the web­site, to com­pi­le reports on web­site acti­vi­ty and to pro­vi­de the web­site ope­ra­tor with other ser­vices rela­ted to web­site and Inter­net use.

Legal Basis
The legal basis for the use of Goog­le Ana­ly­tics is your con­sent in accordance with Art. 6 para. 1 lit. a GDPR.

Reci­pi­ents or Cate­go­ries of Reci­pi­ents
The reci­pi­ent of the collec­ted data is Goog­le.

Trans­fer to Third Coun­tries
Per­so­nal data will be trans­fer­red to the USA under the EU-US Pri­va­cy Shield on the basis of the Euro­pean Commission's ade­quacy decisi­on. You can down­load the cer­ti­fi­ca­te here.

Dura­ti­on of Data Sto­rage
The data sent by us and lin­ked to coo­kies, user-iden­ti­fiers (e.g. User-IDs) or adver­ti­sing-iden­ti­fiers are auto­ma­ti­cal­ly dele­ted after 14 mon­ths. Data who­se reten­ti­on peri­od has been reached is auto­ma­ti­cal­ly dele­ted once a mon­th.

Rights of the Per­sons affec­ted
You can revo­ke your con­sent at any time with effect for the future by blo­cking the sto­rage of coo­kies by set­ting your brow­ser soft­ware accord­in­gly; howe­ver, we would like to point out that in this case you may not be able to use all func­tio­n­a­li­ties of this web­site to their full extent.

You can also pre­vent Goog­le from collec­ting the data gene­ra­ted by the coo­kie and rela­ting to your use of the web­site (inclu­ding your IP address) and from pro­ces­sing this data by Goog­le by down­loading and instal­ling the Brow­ser Add-on. Opt-out coo­kies will pre­vent future collec­tion of your data when you visit this web­site. To pre­vent Uni­ver­sal Ana­ly­tics from collec­ting data across dif­fe­rent devices, you must opt-out on all sys­tems used. If you click here, the opt-out coo­kie will be set:

Dis­able Goog­le Ana­ly­tics