General Notes

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. For detailed information on the subject of data protection, please refer to the data protection notes listed in the following text.

Of course, the protection of your personal data as well as fair and transparent data processing are important to us. In the following, we would like to provide you with the information in accordance with Art. 13 and 14 GDPR, which you need to check and exercise your data protection rights. We are to be described as responsible in the sense of the General Data Protection Basic Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other data protection regulations for our website and the associated data processing. Comprehensive information on our organisation can be found in the imprint.

The following data protection declaration is divided into the following four sections:

  1. Information on the person responsible
  2. Data processing on our website
  3. Data processing within the scope of our business performance
  4. Rights of data subjects

1. Data on the Person Responsible

Person responsible for data collection:

ISDC – International Security and Development Center gGmbH
Director: Prof. Dr. Tilman Brück
Address: Auguststr. 89, 10117 Berlin, Germany
Tel: +49-30-2064 8902
Email: hello ((at)) isdc.org

Data Protection Officer

GFAD Datenschutz GmbH 
Data Protection Officer
Huttenstraße 34/35
10553 Berlin, Germany
Tel.: +49 (0)30 269 111-1
Email: datenschutz@gfad.de

2. Data Processing on our Website

Data Security on our Website

We use a valid SSL certificate for the security of our website. A website encrypted with SSL transmits personal data encrypted to the server so that it is impossible for third parties to intercept or read them. Our identity is verified by a certificate. Depending on your browser, you can tell by the green address bar and/or the lock that a secure connection exists. By clicking on the lock or the green address bar you can read our online proof of identity. By encrypting the transmission, you can assume that the data you enter can only be read by us. You can see from the address bar that you are connected to our server and that it is not the site of a third-party provider.

Protection of Minors

Our offer is basically directed at adults. Persons under 18 years of age may not transmit personal data to us without the consent of their parents or legal guardians.

Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which we use for the purpose of operating this online offer.

For this purpose, we, or our hosting service provider on our behalf, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR. The data processing of our hosting service provider is carried out within the framework of a contract processing agreement in accordance with Art. 28 GDPR.

Provision of the Website and Log Files

The entry of personal data is not necessary for purely informational use, i.e. unless you provide us with information in some other way, our website.

Nevertheless, every time you visit our website, in addition to information from the system of the calling computer or end device of the user, personal data is automatically collected, which your browser transmits to our server. The following data, which is technically necessary for us to display our website, is collected by us:

  • Information about the browser type and the version used
  • The Internet service provider of the user
  • The IP address of the user
  • The operating system of the user’s end device
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • The previous website from which the user accesses our website
  • Operating system and its interface
  • Language and version of the browser software

The legal basis for the temporary storage of this data in so-called log files are our legitimate interests as the responsible website operator in accordance with Art. 6 para. 1 lit. f. GDPR, to guarantee the technical presentation as well as stability and security of the website.

The temporary storage of the user’s IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session. The storage of the above-mentioned data in the log files is done to ensure the functionality of our website. In addition, this data serves us to optimise the website and to ensure the security of our information technology systems (e.g. attack detection). An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned data is deleted as soon as it is no longer required for the purpose of its collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. In the case of storage of the data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible if there are indications of an illegal attack on our systems.

Cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard disk, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective. We also use cookies to identify you for subsequent visits. The legal basis for the use of cookies is our legitimate interest according to Art. 6 Para. 1 lit. f. GDPR to make our website more user-friendly.

This website uses the following types of cookies, the scope and function of which are explained below:

Transient cookies

These cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent Cookies

These cookies are automatically deleted after a preset period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. 

Third party cookies

For the further development and improvement of our online offer, we use tools from third parties who also use cookies, on the legal basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR. Further information on the third-party tools we use on our website is listed separately below in our data protection information.

Prevention of cookies

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website if you do so.

Online Survey “lifewithcorona”

Participation in this survey is voluntary. The processing of your entered data is based on your given consent in accordance with Art. 6 Para. 1 lit. a GDPR for statistical and scientific evaluation. The provision of your name and e-mail address is voluntary. Anonymous participation is possible. Other information, however, is required for evaluation for scientific purposes as mandatory data and is marked as such. You can withdraw your consent at any time with effect for the future by sending an e-mail to hello@isdc.org. The data you have entered will remain with us until you request us to delete it, revoke your consent to its storage or until the purpose for which it was stored ceases to apply. Mandatory legal provisions, in particular retention periods, remain unaffected.

KOBO Toolbox

To conduct the online survey we use the open source tool KOBO Toolbox at Harvard Humanitarian Initiative 14 Story St, 2nd floor, Cambridge, MA 02138, USA, which is hosted on the servers of Github Inc, 88 Colin P Kelly Jr. Street, San Francisco, CA 94107, USA. Github Inc. is certified according to the US Privacy Shield, thus ensuring an adequate level of EU data protection. KOBO Toolbox itself uses Google Analytics and Double click, services of Google LLC, for web analysis. Google LLC is also certified according to the US-Privacy-Shield. By participating in the online survey you agree to the use of the KOBO Toolbox. Processing by KOBO Toolbox is thus subject to your consent in accordance with Art. 6 Para. 1 lit. f GDPR.

Google Analytics

KOBO Toolbox uses functions of the web analysis service Google Analytics on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR in the context of participation in the online survey for statistical analysis of user behaviour for optimisation and marketing purposes. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the responsible “Data Controller” since 22.01.2019. Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. This data is stored for 14 months before it is automatically deleted. The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website in order to compile online reports for us which show the activities on our website and to provide further services in connection with the use of our website. Google Analytics is considered a data processor in the sense of the GDPR, as data for website operators is collected and processed in Google Analytics in accordance with their instructions. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the data controller since 22.01.2019.

Data protection and data security in Google Analytics

As evidenced by the Privacy Shield certification, Google is committed to complying with the EU-US Privacy Shield Agreement published by the US Department of Commerce regarding the collection, use and retention of personal data from EU Member States. In addition, Google Analytics and Google Analytics 360 have been certified to the independent security standard ISO 27001. ISO 27001 is one of the most widely recognized standards in the world. The certification applies to the systems provided through Google Analytics and Google Analytics 360.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will process this information in order to statistically evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. The person responsible for processing uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the person concerned is shortened and anonymised by Google if the access to our Internet pages is from a member state of the European Union or from another state that is a party to the Agreement on the European Economic Area.

Browser Add-on

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available under the following link to deactivate Google Analytics: tools.google.com/dlpage/gaoptout

Opposition to data collection

If you do not want your website activity to be available for Google Analytics, you can install the browser add-on to disable Google Analytics by following the link tools.google.com/dlpage/gaoptout. An opt-out cookie is set to prevent the collection of your data during future visits to this website by the Java Script (gtag.js, ga.js, analytics.js and dc.js) executed on websites that share activity data with Google Analytics.

You can also prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can find more information on how Google Analytics handles user data in the Google privacy policy: support.google.com/analytics/answer/6004245

Double Click

KOBO Toolbox still uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to deliver ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to help identify which ads are shown in which browser and to prevent them from being shown more than once. DoubleClick may also use cookie IDs to track conversions related to ad requests. For example, if a user sees a DoubleClick ad and then later visits the advertiser’s website using the same browser and makes a purchase. According to Google, DoubleClick cookies do not contain any personal information. Because of the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of these tools and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and save it. You can prevent this tracking process in a number of ways: a) by adjusting your browser software to prevent you from receiving third-party ads, in particular by disabling third-party cookies; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google. de/settings/ads, this setting being deleted when you delete your cookies; c) by disabling interest-based ads from providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent. The legal basis for the processing of your data is your consent to participate in the online survey in accordance with Art. 6 para. 1 lit. a GDPR for the purpose of improving advertising campaigns. Further information on DoubleClick by Google is available at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, and on data protection at Google in general: https://www.google. de/intl/en/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has certified itself under the EU-US Privacy Shield to ensure an adequate level of EU data protection. The certification can be viewed at https://www.privacyshield.gov/EU-US-Framework. For Google’s services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, has been the responsible “Data Controller” since January 22, 2019.

Social Media Buttons

We currently use the following social media buttons: [Facebook, Twitter, Instagram]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the buttons. You can recognize the provider of the button by its logo. We give you the opportunity to communicate directly with the provider of the button. Only if you click on the marked field and thereby activate it, the provider will receive the information that you have called up the corresponding website of our online offer. In the case of Facebook, the IP address is anonymised immediately after it has been collected, according to the respective provider in Germany. By activating the button, your personal data is transmitted to the respective provider and stored there (in the case of US providers in the USA). Since the provider collects the data in particular via cookies, we recommend that you delete all cookies before clicking the button via the security settings of your browser. We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information about the deletion of the collected data by the provider. The provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective provider in order to exercise this right. Via the buttons we offer you the possibility to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for use is Art. 6 Paragraph 1 S. 1 lit. f GDPR. The data is passed on regardless of whether you have an account with the provider and are logged in there. If you are logged in with the provider, your data collected by us will be assigned directly to your account with the provider. If you click on the activated button and, for example, link to the page, the provider also saves this information in your user account and publicly communicates it to your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can then avoid being assigned to your profile with the provider. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options for protecting your privacy. Addresses of the respective providers and URL with their data protection information:

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy . LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .

Facebook, Instagram, Whatsapp: Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php ; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/ EU-US Framework.

Twitter Button

We use “Twitter Button” on our website, a service provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter referred to as: “Twitter”). Twitter Button stores and processes information about your user behaviour on our website. Twitter Button uses cookies, i.e. small text files which are stored locally in the cache of your web browser on your end device and which enable an analysis of your use of our website.

We use Twitter Button for marketing and optimisation purposes, in particular to analyse the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third party provider. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of the above-mentioned information by Twitter by setting an opt-out cookie on one of the websites linked below:

– https://twitter.com/personalization

– http://optout.aboutads.info/?c=2#!/

Please note that this setting will be deleted if you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java-Script in your browser. In addition, you can prevent the execution of Java-Script code as a whole by installing a Java-Script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). We would like to point out that in this case you may not be able to use all functions of our website to their full extent.

In addition, Twitter has submitted to the Privacy-Shield-Agreement between the European Union and the USA and has been certified. As a result, Twitter undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Third Party Information: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. For more information about the third party’s privacy practices, please visit the following website: https://twitter.com/de/privacy

Instead of integrating the service, we use the so-called “Shariff solution” on our website. This ensures that your personal data is not transferred to the third party provider when you access our website. Your personal data will only be processed by the third party provider when you click on the respective button of the third party provider. For details of the type and scope of data processing, please refer to the third-party provider’s data protection declaration linked above.

Twitter Syndication

We use on our website “Twitter Syndication”, a service provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter referred to as: “Twitter”). Twitter Syndication stores and processes information about your user behaviour on our website. Twitter Syndication uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and which enable an analysis of your use of our website.

We use Twitter Syndication for marketing and optimisation purposes, in particular to analyse the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third party provider. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of the above-mentioned information by Twitter by setting an opt-out cookie on one of the websites linked below:

– https://twitter.com/personalization

– http://optout.aboutads.info/?c=2#!/

Please note that this setting will be deleted if you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java-Script in your browser. In addition, you can prevent the execution of Java-Script code as a whole by installing a Java-Script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). We would like to point out that in this case you may not be able to use all functions of our website to their full extent.

In addition, Twitter has submitted to the Privacy-Shield-Agreement between the European Union and the USA and has been certified. As a result, Twitter undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Third Party Information: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. For more information about the third party’s privacy practices, please visit the following website: https://twitter.com/de/privacy

Social Media Share Buttons

We currently use the following social media share buttons: [Facebook, Facebook Messenger,  LinkedIn, Skype, Telegram, Twitter, WhatsApp]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the buttons. You can recognize the provider of the button by its logo. We give you the opportunity to communicate directly with the provider of the button. Only if you click on the marked field and thereby activate it, the provider will receive the information that you have called up the corresponding website of our online offer. In the case of Facebook, the IP address is anonymised immediately after it has been collected, according to the respective provider in Germany. By activating the button, your personal data is transmitted to the respective provider and stored there (in the case of US providers in the USA). Since the provider collects the data in particular via cookies, we recommend that you delete all cookies before clicking the button via the security settings of your browser. We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information about the deletion of the collected data by the provider. The provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective provider in order to exercise this right. Via the buttons we offer you the possibility to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for use is Art. 6 Paragraph 1 S. 1 lit. f GDPR. The data is passed on regardless of whether you have an account with the provider and are logged in there. If you are logged in with the provider, your data collected by us will be assigned directly to your account with the provider. If you click on the activated button and, for example, link to the page, the provider also saves this information in your user account and publicly communicates it to your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can then avoid being assigned to your profile with the provider. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options for protecting your privacy. Addresses of the respective providers and URL with their data protection information:

For the use of the services an existing account with the respective provider is required. Responsible provider of the Messenger is

Facebook Messenger the Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA with the privacy policy available at www.facebook.com/about/privacy.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy . LinkedIn has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework .

Facebook and Instagram: Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php ; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/ EU-US Framework.

Telegram Messenger the Telegram Messenger LLP, 71-75 Shelton Street, Covent Garden, London, United Kingdom with the privacy policy available at https://telegram.org/privacy

WhatsApp Button:

Our mobile offerings also give you the ability to recommend content from websites to others via WhatsApp. When using this function, you as the sender will send a WhatsApp message with a content of your choice to a recipient of your choice. Data is only sent to WhatsApp if you actively use this function. For details about WhatsApp’s privacy policy, please visit: http://www.whatsapp.com/legal/.

Skype button

If you contact us via Skype, we collect your Skype Name and any other information you voluntarily provide. Skype is a service provided by Skype Communications S.à r.l. (a wholly owned subsidiary of Microsoft Corporation based in Luxembourg) that allows you to send and receive voice, video and instant messages. As part of providing these features, Microsoft collects, uses and shares personal information about the user, including information about Skype communications (the time and date of the communication, the numbers or user names that are part of the communication). For more information, please refer to the “Skype” section at https://privacy.microsoft.com/de-de/privacystatement/abrufen. There is a Skype button on our website. It is simply a regular web link (HTML hyperlink). Only when you open the Skype app installed on your terminal device is it possible to use this communication channel in accordance with Microsoft’s Skype Terms of Use.

Contact by e-mail

We can be contacted via the e-mail addresses provided. In this case, the personal data of the sender, i.e. the user, transmitted with the inquiry will be stored. In this context, we would like to point out that the transmission as unencrypted e-mail has certain security risks, as reading or unauthorized access cannot be excluded. The processing of this data, which is transmitted in the course of sending an enquiry, takes place on the legal basis of Art. 6 Par. 1 lit. f. GDPR of our legitimate interests to answer your request satisfactorily. If the enquiry aims at the fulfilment of an existing contract or the conclusion of a new contract, the additional legal basis for processing is Art. 6 para. 1 lit. b. GDPR for the initiation/fulfilment of a contract. The processing of this personal data serves us solely to process the contact.  Your data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent by e-mail, this is the case when the respective request has been answered and the conservation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified and no contract has been concluded. Inquiries regarding the contractual relationship will be stored for the duration of the existing contractual relationship Membership.

All personal data stored in the course of the contact will be deleted in this case, unless there are no legal retention periods to the contrary.

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfill their contractual and legal obligations.

External service providers (contract processors)

Your data will be passed on to service partners, e.g. IT and software service providers for maintenance and support in order to help us provide our services.

A processing of your personal data by commissioned service providers is carried out within the scope of order processing according to Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer data to a third country if the special requirements of Art. 44 ff. GDPR. In other words, processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

3. Data processing within the scope of our business services

Contractual services with business partners

We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose of such processing and the necessity of processing it, shall be determined by the underlying contractual relationship. The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). As a matter of principle, we do not process special categories of personal data, unless they are part of a commissioned or contractual processing. We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their disclosure, if this is not evident to the contractual partners. Disclosure to external persons or companies will only be made if it is necessary within the framework of a contract. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client and the statutory requirements.

When using our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests of the users in protection against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties, unless it is necessary to pursue our claims in accordance with Art. 6 Para. 1 lit. f. GDPR or there is a legal obligation to do so in accordance with Art. 6 Paragraph 1 lit. c. GDPR.

The data will be deleted when the data is no longer required to fulfil contractual or legal obligations of care and handling of possible warranty and comparable obligations, whereby the necessity of keeping the data will be reviewed every three years. In all other respects, the statutory storage obligations shall apply.

Direct advertising

If we receive your e-mail address and postal address in the course of concluding a contract, we may use this data to inform you by e-mail and by post from now on about our own similar product and service offers. If you do not wish to receive further advertising information by e-mail or post, you can object to the advertising use of your contact data at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates. You can send your objection by post or e-mail to the following contact addresses.

ISDC – International Security and Development Center gGmbH
Director: Professor Tilman Brück
Address: Auguststr. 89, 10117 Berlin
Phone: +49-30-2064 8902
Email: hello ((at)) isdc.org

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfill their contractual and legal obligations.

External service providers (contract processors)

Your data will be passed on to service partners, e.g. IT and software service providers for maintenance and support in order to help us provide our services.

A processing of your personal data by commissioned service providers is carried out within the scope of order processing according to Art. 28 GDPR.

Other service providers, partners and third parties

We may cooperate with other partners if it is necessary to fulfil our service offers or if we are legally obliged to release data. These may be the following partners or third parties:

  • Credit institutions and payment service providers
  • Credit agencies
  • Disclosure to public authorities or by court order
  • Advertising agencies
  • Document shredding company, logistics
  • Consulting and advisory services, certified public accountant
  • Insurance
  • Law firms and competent jurisdiction
  • Service company

It is important to us to process your data within the EU. However, it may happen that we use service providers who operate outside the EU. In these cases, we ensure that an adequate level of data protection is established before your personal data is transferred. This means that a level of data protection comparable to the standards within the EU is achieved through EU standard contracts or an EU adequacy finding, such as the EU Privacy Shield.

Origin of personal data

We process personal data that we receive in the course of our business relationship. In addition, to the extent necessary for the provision of our services and the fulfilment of contracts, we process personal data which we have received from other third parties (e.g. credit agencies) in an admissible manner (e.g. for the execution of orders, the fulfilment of contracts or on the basis of consents given by you). In addition, we process personal data that we have permissibly obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media).

Categories of personal data

We process the following categories of personal data about you:

Personnel master data (name, address and other contact data, date of birth), if applicable order and contract data (e.g. delivery order), payment data, data from the fulfilment of our contractual obligations, advertising and sales data, documentation data (data from consulting and service discussions) and comparable data.

Storage of data

Where necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and execution of a contract. We also store personal data insofar as we are legally obliged to do so. Corresponding proof and storage obligations result from the German Commercial Code and the German Fiscal Code. The periods of retention or documentation assigned there are six years in accordance with the requirements of commercial law under § 257 HGB and up to ten years due to tax requirements under § 147 AO. We delete personal data of the person concerned as soon as the purpose of the storage no longer applies and legal retention periods do not prevent deletion.

4. Rights of affected persons

Rights of data subjects

If a user’s personal data is processed, the user is a “data subject” in the sense of the GDPR. He is entitled to the following rights against us as the person responsible:

  • Right to information
  • Right of rectification
  • Right to restrict processing
  • Right of cancellation
  • Right to information
  • Right to data portability
  • Right of objection
  • Right of revocation of the declaration of consent under data protection law
  • Right to complain to a data protection supervisory authority

Information, blocking, erasure and correction

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the text above.

Right to limitation of processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:

– If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to demand the restriction of the processing of your personal data.

– If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.

– If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.

– If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests outweigh the interests of both parties, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data transferability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke a previously given consent at any time. For this purpose an informal notification by e-mail to us is sufficient. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If the data processing is carried out on the basis of Article 6 paragraph 1 letter e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. You will find the respective legal basis on which processing is based in this Data Protection Declaration. If you object, we will no longer process your personal data concerned unless we can prove that there are compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 Para. 1 GDPR).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection under Art. 21 para. 2 GDPR).

Right of appeal to a supervisory authority

In the event of infringements of the GDPR, those concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place where the alleged infringement was committed. This right of appeal is without prejudice to other administrative or judicial remedies.

Rights relating to data processing on the basis of legitimate interest

Under Article 21 paragraph 1 of the GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 paragraph 1 letter e GDPR (data processing in the public interest) or Article 6 paragraph 1 letter f GDPR (data processing to safeguard a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Rights in the case of direct mail

If we process your personal data in order to carry out direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling, in so far as it is connected with such direct advertising, in accordance with Art. 21 Par. 2 GDPR.

If you object to processing for the purpose of direct advertising, we will no longer process your personal data for these purposes. The objection can be made without any formality and should be addressed, if possible, to ISDC – International Security and Development Center gGmbH, Auguststr. 89, 10117 Berlin, Email: hello@isdc.org

Legal or contractual provisions providing the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). For the conclusion of a contract it is necessary that you provide us with personal data. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to execute an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. If you do not provide the data, we may not enter into the desired business relationship. Prior to the provision of personal data by the person concerned, the person concerned may contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

Automated decision making, profiling

As a matter of principle, we do not use exclusively automated decision-making within the meaning of Art. 22 GDPR to establish and conduct a business relationship.

Objection to advertising e-mails

The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertising and information material is hereby contradicted. The operators of the website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.

Changes to the privacy policy

This data protection declaration is continuously updated in the course of the further development of the Internet or our offer. We will announce changes on this page in good time. In order to keep yourself informed about the current status of our data use regulations, this page should be called up regularly.

Current status: March 2020

LinkedIn