Privacy Policy
Information to be provided pursuant to Art. 12, 13 et seq. of the GDPR
Name and address of controller
We are pleased about your interest in the work of WGMB and would like you to feel safe when visiting our website, in particular with regard to the protection of your personal data. As the operator of this website, we take this aspect very seriously. We treat all data confidentially and according to the legal data protection regulations. Your contact and the controller within the meaning of the General Data Protection Regulation of the European Union (“GDPR”), national data protection laws of the member states, and other data protection regulations is:
WGMB Wissenschaftliche Gesellschaft
für Management und Beratung mbH
Fritz-Schäffer-Straße 1
53113 Bonn
Germany
www.wgmb.org
datenschutz(at)wgmb.org
(hereinafter referred to as “we”, “us”, “our” or “WGMB”).
Personal data
The use of our website is always possible without providing personal data. Insofar as personal data is collected on our pages (e.g. name, address or e-mail addresses), this information is always provided on a voluntary basis. We generally use the personal data provided by you to answer your enquiries, process your orders or provide you with access to specific information or offers. This data will not be passed on to third parties without your explicit consent. However, we would like to point out that data transmission via the Internet (e.g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is therefore not possible.
Legal basis
In cases where we seek your consent to process personal data, the legal basis for doing so is set out in Art. 6(1)(a) of the GDPR. In cases where we process personal data in the execution of a contract between you and us, the legal basis for doing so is set out in Art. 6(1)(b) of the GDPR. This also applies to processing operations necessary for the implementation of pre-contractual measures. In cases where personal data must be processed to comply with a legal obligation that we are subject to, the legal basis for doing so is set out in Art. 6(1)(c) of the GDPR. In cases where your vital interests, or those of another natural person, require the processing of personal data, the legal basis for doing so is set out in Art. 6(1)(d) of the GDPR. In cases where the processing of personal data is necessary for the purposes of the legitimate interests pursued by us or a third party and those interests are not overridden by your interests, fundamental rights and freedoms, the legal basis for doing so is set out in Art. 6(1)(f) of the GDPR.
Deletion and storage period
Your personal data will be deleted or blocked if they are no longer required for the purposes for which they were stored or otherwise processed. In addition, data may be stored to meet the legal obligations stipulated by the European or national legislator in EU regulations, laws or other standards that we are subject to. Data will also be blocked or deleted if the storage period stipulated in the above-mentioned regulations, laws or standards expires unless longer storage is necessary for the purpose of entering into or performing a contract.
Log files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
– IP address,
– date and time of the request,
– time zone difference to Greenwich Mean Time (GMT),
– content of the request (concrete page),
– access status/http status code,
– the amount of data transferred in each case,
– website from which the request comes,
– browser software and version,
– operating system and its user interface.
This data is collected in order to enable you to visit our website and to guarantee permanent system security. It is also used for technical administration. All this data cannot be assigned to any particular person. A consolidation with other data sources is not carried out. However, we reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
Legal basis
The legal basis for processing your personal data in the context of website provision and the creation of log files is set out in Art. 6(1)(f) of the GDPR.
Deletion and storage period
Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed. In cases where your personal data are collected for the purpose of providing the website, they will be deleted each time a session ends. If personal data are stored in log files, they will be deleted after seven days at the latest. Recording your personal data for the purpose of providing the website and storing your personal data in log files are essential for the operation of the website. You therefore have no right to raise any objection to these activities.
Cookies
Our website uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user calls up a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
The use of cookies required for technical purposes is designed to simplify your use of our website. Some features of our website cannot be offered without the use of cookies. For these features it is necessary that your internet browser is recognised even after a page change. The user data collected through cookies required for technical purposes will not be used to create user profiles. Such processing is therefore necessary for the purposes of the legitimate interests pursued by us as referred to in Art. 6(1)(f) of the GDPR.
When calling up our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this context is obtained. In this context, a reference is also made to this data protection declaration.
Legal basis
The legal basis for processing your personal data in the context of using cookies required for technical purposes is set out in Art. 6(1)(f) of the GDPR.
Deletion and storage period
Cookies are stored on your computer and transmitted to our website from your computer. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. You can delete cookies that have already been saved at any time. This can also be done automatically. If you deactivate cookies in your browser settings for our website, you may not be able to fully use all of the website’s features.
Web tracking and web analysis by Matomo (formerly PIWIK)
On our website we use the open source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software sets a cookie on the user’s computer (for cookies see above). If individual pages of our website are accessed, the following data is stored:
– Two bytes of the IP address of the user’s calling system.
– The website accessed.
– The website from which the user accessed the called website (referrer).
– The subpages that are accessed from the accessed website.
– The time spent on the website.
– The frequency with which the website is accessed.
The software is set so that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.
Processing such data enables us to analyse your surfing patterns. By evaluating the collected data, we are able to compile information on your use of specific components of our website. This helps us to continuously improve our website and its user-friendliness. Such processing is therefore necessary for the purposes of the legitimate interests pursued by us, as referred to in Art. 6(1)(f) of the GDPR. By anonymizing your IP address, your interest in protecting your personal data is sufficiently taken into account.
Legal basis
The legal basis for processing your personal data is set out in Art. 6(1)(f) of the GDPR.
Deletion and storage period
Your personal data will be deleted once they are no longer required for the above-mentioned purposes. In our case, this will be after 180 days. More detailed information on the privacy settings of the Matomo software may be found at: https://matomo.org/docs/privacy/
Contact form and contact via e-mail
The contact form on our website can be used for electronic enquiries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:
– name,
– concern,
– e-mail address,
– message.
At the time the message is sent, the following data will also be stored:
– IP address of the user,
– date and time.
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration. Alternatively, you can contact us via e-mail. In this case the personal data of the user transmitted with the e-mail will be stored.
In the context of you contacting us via the contact form or by email, your personal data is processed for the sole purpose of handling your contact request.
Legal basis
The legal basis for processing your personal data transmitted by using the contact form or sending an email is set out in Art. 6(1)(f) of the GDPR. In cases where you use the contact form or send an email with a view to entering into a contract, Art. 6(1)(b) of the GDPR provides an additional legal basis for processing.
Deletion and storage period
Your personal data will be deleted once they are no longer required for the purpose for which they were collected or otherwise processed. Personal data transmitted via the contact form or by email will be deleted each time a dialogue with you is over. A dialogue is deemed over when it can be inferred from the circumstances that the facts in question have finally been clarified between you and us.
You may at any time object to the processing of your personal data in the future in the context of contacting us via the contact form or e-mail. In this we cannot continue a dialogue with you.
The revocation of the consent and the contradiction to the storage can be informally carried out by e-mail:
datenschutz(at)wgmb.org
All personal data stored in the process of your contacting us will be erased.
Google Web Fonts (local hosting)
This website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. A direct connection to Google servers will not be established.
Further information
For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google’s privacy policy at https://www.google.com/policies/privacy/.
YouTube
Our website uses plugins from YouTube, a subsidiary of Google. The operator of the YouTube services is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When you visit one of our pages that contains a YouTube plug-in, a connection is established to the YouTube server. In this way, YouTube receives information about which of our pages you have visited. If you are logged into your YouTube account, YouTube can associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube to make our site attractive. For this purpose, our legitimate interest lies in the processing of personal data pursuant to Art. 6(1)(f) of the GDPR.
Legal basis
The legal basis for the processing of personal data using Google Web Fonts is Art. 6(1)(f) of the GDPR.
Further information
Further information on YouTube’s handling of user data can be found in YouTube’s privacy policy at https://www.google.de/intl/de/policies/privacy.
Links
If you use external links that are provided on our website, this data protection declaration does not extend to these links. When we provide links, we endeavour to ensure that they also comply with our data protection and security standards. However, we have no control over compliance with data protection and security regulations by other providers. For this reason, please inform yourself on the websites of the providers concerned about the data protection declarations provided there.
Your rights
If your personal data are processed by us, you are a data subject within the meaning of the GDPR and have the following rights:
Right of access
You shall have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed by us.
Where that is the case, you have the right to request the following information from us:
(1) The purposes for which your personal data are being processed;
(2) The categories of pesonal data concerned;
(3) The recipients or categories of recipient to whom your personal data have been, or will be, disclosed;
(4) The envisaged period for which your personal data will be stored, or, if precise information is not possible, the criteria used to determine that period;
(5) The existence of the right to request rectification or deletion of your personal data, the right to request a restriction on personal data processing, or the right to object to such processing;
(6) The right to lodge a complaint with a supervisory authority;
(7) Any available information as to the source of the data where the personal data are not collected from you;
(8) The existence of automated decision-making, including profiling, referred to in Art.22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to obtain access to your personal data and to request information as to whether your personal information will be disclosed to recipients in third countries or international organisations. If so, you shall have the right to be informed of the appropriate safeguards relating to the transfer pursuant to Art. 46 of the GDPR.
Right to rectification
Where your personal data processed by us are inaccurate or incomplete, you have the right to obtain the rectification and/or the right to have incomplete personal data completed. We are obliged to perform the rectification without undue delay.
Right to restriction of processing
You have the right to obtain restriction of processing of your personal data where one of the following applies:
(1) You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
(2) Our processing is unlawful and you oppose the deletion of personal data and request the restriction of their use instead;
(3) We no longer need your personal data for processing purposes, but you require them for the establishment, exercise or defence of legal claims, or
(4) You have objected to processing pursuant to Art. 21(1) of the GDPR and the verification as to whether our legitimate grounds override yours is still pending.
In cases where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
If you have obtained restriction of processing in accordance with the above requirements, we will inform you before the restriction of processing is lifted.
Right to deletion
A. Obligation to Delete
You have the right to obtain from us the deletion of your personal data without undue delay and we are obliged to delete you’re your personal data without undue delay in cases where one of the following applies:
(1) Your personal data are no longer required for the purposes for which they were collected or otherwise processed;
(2) You withdraw your consent on which the processing is based according to Art. 6(1)(a), or Art. 9(2)(a) of the GDPR, and there is no other legal ground for the processing;
(3) You object to data processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21(2) of the GDPR;
(4) Your personal data have been unlawfully processed;
(5) Your personal data have to be deleted to comply with a legal obligation under Union or Member State law to which we are subject;
(6) Your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
B. Informing third parties
In cases where we have made the personal data public and are obliged to delete them pursuant to Art. 17(1) of the GDPR, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform the controllers processing your personal data that you, the data subject, have requested the data deletion by such controllers of any links to, or copy or replication of those personal data.
C. Exceptions
The right to deletion does not apply if the processing of data is necessary
(1) To exercise the right of freedom of expression and information;
(2) To comply with a legal obligation, which requires processing by Union or Member State law to which we are subject; or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) of the GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR in so far as the right referred to in section d. above is likely to render impossible, or seriously impair, the achievement of the objectives of that processing, or
(5) To establish, exercise or defend legal claims.
Notification obligation
In cases where you have exercised your right to rectification, deletion or restriction of processing, we are obliged to inform all recipients to whom we have disclosed your personal data of such rectification, deletion or restriction of processing unless this proves to be impossible or would involve a disproportionate effort. You have the right to obtain information on those recipients.
Right to data portability
You have the right to receive the personal data, which you have provided us with, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from us, where
(1) The processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) or on a contract pursuant to Art. 6(1)(b); and
(2) The processing is carried out by automated means.
In exercising your right to data portability, you also have the right to have your personal data transmitted directly from us to another controller, where technically feasible. Your rights may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, at any time to any processing of your personal data, which is based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.
We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, or freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.
In cases where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
In cases where you object to processing for direct marketing purposes, your personal data will no longer be processed to such an end.
In the context of the use of information society services you may, notwithstanding Directive 2002/58/EC, exercise your right to object by automated means based on technical specifications.
Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time. This withdrawal of consent will not affect the lawfulness of processing based on consent before your withdrawal.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) Is necessary for enter into, or execute a contract between you and us;
(2) Is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) Is based on your explicit consent.
However, those decisions must not be based on the special categories of personal data referred to in Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to in (1) and (3), we will implement suitable measures to safeguard your rights, freedoms and justified interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State in which you are ordinarily resident, your place of work or the place where the alleged infringement took place, if you consider that processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform you of its progress and the outcome of your complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.
Questions and suggestions
If you have any further questions about our information on data protection and the processing of your personal data, you are welcome to contact us.
Please write to us:
WGMB Wissenschaftliche Gesellschaft
für Management und Beratung mbH
Fritz-Schäffer-Straße 1
53113 Bonn
Germany
or send an e-mail to
datenschutz(at)wgmb.org