As of March 15, 2019
IMP³ROVE takes data protection very seriously. When processing personal and business data which is collected during your visit to the website www.imp3rove.de, the provisions of the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”) are always complied with by us. Your data is not published or forwarded to third parties by us without your consent.
The following sections offer an overview of how we guarantee compliance with these provisions, what data is saved by us during your visit to the IMP³ROVE assessment and benchmarking tool, https://app.imp3rove.de/, how it is used and for what purpose.
2. CONTACT INFORMATION
2.1 Contact details of the party responsible
The party responsible in the sense of the GDPR is:
IMP³ROVE – European Innovation Management Academy EWIV
Tel.: +49 (0)211 1377-0
Local Court of Dusseldorf: HRA 23017
VAT-ID pursuant to § 27a of the VAT Act: DE 296000326
Dr. Nils Dülfer, firstname.lastname@example.org
Dr. Martin Ruppert, email@example.com
2.2 Personal and business data
“Personal data” is all of the information which pertains to an identified or identifiable natural person, such as your first and last names, your function and position within your organisation, the language spoken and preferred by you. “Business data” is all of the information concerning your organisation, such as the name and address of the organisation, branch, industry sector, age of the organisation and the number of the employees.
We only process personal data of the users of our website insofar as this is necessary for the proper provision of the website as well as our content and services. Processing personal data of the users of our website is done in principle after consent has been granted by the respective user. Exceptions apply in cases where prior obtaining of a consent is not possible for factual reasons or the processing of the data is permitted by statutory provisions.
Forwarding personal data of the users of our website to third parties takes place as a matter of principle only on the basis of a consent from the user, or only if and insofar as a transfer is necessary for the fulfilment of a contract entered into with the user of the website. Exceptions only apply if the transfer is permitted by other statutory provisions or if we are obliged to transfer due to statutory provisions. This can be in particular the granting of information for purposes of criminal prosecution, to avert danger, or to enforce intellectual property rights. In the following concerning the respective processing, you will find more details regarding transfers to third parties.
3. DATA PROCESSING
3.1 Data supplied for use with your consent
You have the possibility of registering on our website, supplying personal data, and creating a user account. For this purpose, you supply us with your email address when to which we send an email with a link which will activate your account and finalise the registration process. We use this process in order to protect ourselves and you against misuse of the function, and to guarantee that only people who have access to the email account register on our website. The legal basis for the processing of your email address is Art. 6, paragraph 1, sentence 1, f of the GDPR.
In the course of registration, you enter your data into the input fields intended for this (“user data”). Entry of your data into fields which are marked with an asterisk (*) is necessary in particular in order to use the user account for other purposes (see below). In addition to the data entered, the date and the time of your registration are saved.
In the framework of the registration process, consent is obtained from the user to processing of the user data. The legal basis for the processing of the user data is Art. 6 paragraph 1, sentence 1 a of the GDPR.
You can revoke your consent at any time with effect for the future, by deleting your user account under “Profile”. In such case, certain functions of the website for which registration is necessary will no longer be available to you until re-registration.
The user data will be saved as long as the user account exists, in principle. Upon deletion of the user account, the data is anonymised. The situation is different insofar as pursuant to Art. 6 paragraph 1, sentence 1 c of the GDPR we must save the data for a longer period due to tax-law and commercial-law storage and documentation obligations.
3.2 Making the website available
3.2.1 When you visit the website www.imp3rove.de, our webserver creates a temporary entry of every access and stores it in a log file. For organisational and technical reasons, the following data is logged:
· Browser type and version
· Operating system
· URL requested and type of access;
· URL of the website from which the user has arrived at the IMP³rove platform (referrer)
· IP address
The abovementioned data will be deleted after five weeks.
The logging of this data serves in the usage of the website (connection establishment), system security, technical administration of the network infrastructure and the optimisation of our Internet services. In particular, a storage duration of five weeks is necessary for the guaranteeing of continuing system security, because only in such way can system errors be found, viewed in the whole context, and rectified.
The legal basis for the processing of this data is Art. 6 paragraph 1, sentence 1 f of the GDPR. Because the processing is absolutely necessary in order to make the website available, you are not entitled to an objection right pursuant to Art. 21 paragraph 1 of the GDPR.
In particular, a certain type of cookies, so-called “session cookies”, contains a characteristic character string, which enables a clear identification of the browser if the website is accessed again. This cookies are usually deleted as soon as a session ends, e.g. when a user who is logged on logs off or out.
· pseudonymised session IDs (session cookies)
· type of device
· whether “share” buttons from social media are shown
If you log on with your user account, additional pseudonymised session IDs as well as your email address are saved in cookies. This is necessary to provide the functions available only to a registered user who is logged in.
The legal basis for this processing of personal data is Art. 6 paragraph 1, sentence 1 f) of the GDPR. You can object to the processing for the future by deactivating the storage of cookies in your browser’s configuration.
Because the cookies are stored on your computer, you have full control over how long the cookies and the data with them are stored for. Usually, the cookies sent by us are deleted at the end of a session.
However, it is always possible to use our website without the usage of cookies. However, please note that most browsers are programmed in such a way that in their standard configuration cookies are accepted. You can prevent this by changing the corresponding configurations in your browser. However, if you configure your browser in such a way that all cookies are rejected, the usage of certain functions on our website might be limited thereby.
4. INFORMATION ABOUT WEB ANALYSIS
The website and the assessment and benchmarking tool do not have any web-analysis program integrated.
We send newsletters, emails and other electronic communications with advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipient or a statutory permission.
Double opt-in and recording: Registering for our newsletter is done in a so-called double opt-in procedure. This means that after registering, you receive an email in which you are asked to confirm your registration. This confirmation is necessary in order that nobody is able to register using someone else’s email address. Registering for the newsletter is recorded in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time and date of the registration and the confirmation, and also the IP address. The changes to your data saved at the delivery provider are also recorded.
Sending the newsletter is done via the service “Mailchimp” (hereinafter referred to as the “delivery provider”), a newsletter dispatch platform of the US-provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can inspect the data protection provisions of the delivery provider here: https://mailchimp.com/legal/privacy/. We have entered into a data-processing contract with “Mailchimp”.
The email addresses of our newsletter recipients, and also their other data described in the framework of this notice, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and to evaluate the newsletter on our behalf. Moreover, according to its own information MailChimp can use that data for optimisation or improvement of its own services, e.g. for technical optimisation of the sending and the presentation of the newsletter or for financial purposes, in order to determine what countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.
MailChimp is certified under the US-EU “Privacy Shield” data protection treaty and has thus undertaken to comply with the EU data protection stipulations. Furthermore, we have entered into an order-processing agreement with MailChimp.
In order to register for the newsletter, it is sufficient for you to supply your email address. As an option, we ask you to supply your first and last names. This information serves merely to personalise the newsletter.
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is called up when the newsletter is opened from the server of the delivery provider. In the framework of this retrieval, firstly technical information, such as information on the browser and your system, and also your IP address and the time & date of the retrieval, is collected. This information is used for the technical improvement of the service on the basis of the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the assistance of the IP addresses) or the access times. The statistical collections also include the determination whether the newsletters are opened, when they are opened, and what links are clicked on. This information can be assigned to the individual newsletter recipients, for technical reasons. However, we are not trying, and neither is the delivery provider, to monitor individual users. Rather, the analyses serve us in identifying our users’ reading habits and in us adjusting our content to them, or sending different content in accordance with our users’ interests. In the framework of granting your consent to receiving the newsletter, you declare yourself in agreement with the above-described analysis.
You can terminate receipt of our newsletter at any time, i.e. you can revoke your consents at any time. At the end of each newsletter, you will find a link to terminate the newsletter.
IMP³ROVE has implemented technical and organisational security measures in order to protect saved personal and company-specific data against unintended or intentional manipulation, loss or destruction as well as any access by unauthorised parties. Our security measures are continuously improved in the framework of technical progress. Confidential data which is transmitted via the Internet to the IMP³rove platform is protected with an encryption of at least 128 bits per transport layer security (TLS) The TLS encryption protects all of the user data and transmits content which is exchanged between the browser and the server.
Once the user data has been transmitted, it stays on a server which is protected both physically and also electronically.
7. LINKS TO WEBSITES WHICH ARE OPERATED BY THIRD PARTIES
Our website can contain links to other websites by other providers. We would like to make it clear that these data protection provisions exclusively apply for the websites operated by IMP³ROVE. In no way can we influence practices by other providers with regard to data protection, and we conduct no check whatsoever in order to guarantee that they are complying with the applicable statutory provisions. Therefore, please read the data protection provisions of the other providers on their respective websites.
8. RIGHT TO INFORMATION AND CONTACT DETAILS
If your personal data is processed, you are the person affected in the sense of the GDPR and you are entitled to the following rights:
8.1 Information right
You can request a confirmation from us as to whether personal data pertaining to you is being processed by us.
If such processing is taking place, you can request details from us about the following information:
- the purposes for which the personal data is being processed;
- the categories of personal data which are processed;
- the recipients and/or the categories of recipients to whom the personal data pertaining to you has been disclosed or will be disclosed;
- the planned duration of the storage of the personal data pertaining to you or, if no specific details are possible in this respect, criteria for the determination of the storage period;
- the existence of a right to correction or deletion of the personal data pertaining to you, a right to limit the processing by the party responsible or a right to object to the processing;
- the existence of a right to complain to a supervisory authority;
- all available information concerning the origin of the data, if the personal data is not collected form the person affected.
8.2 Right to correction
You have a right to correction and/or completion insofar as the processed personal data pertaining to you is incorrect or incomplete. We will make the correction without undue delay.
8.3 Right to restrict processing
Subject to the following prerequisites, you can request restriction of the processing of the personal data pertaining to you:
- If you dispute to correctness of the personal data pertaining to you for a period which enables us to check the correctness of the personal data;
- If the processing is unlawful and you refuse deletion of the personal data and instead request restriction of the usage of the personal data;
- we no longer require the personal data for the purposes of the processing but you require it for the assertion, exercise or defence of legal claims; or
- If you have filed an objection to the processing pursuant to Article 21.1 of the GDPR and it is not yet certain whether our justified reasons outweigh your reasons.
If the processing of the personal data pertaining to you is restricted, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the right of another natural person or legal entity or for reasons of an important public interest of the Union or a member state.
If the restriction of the processing has been restricted pursuant to the abovementioned prerequisites, you will be informed by us before the restriction is lifted.
8.4 Right to deletion
8.4.1 Deletion obligation
You can request from us that the personal data pertaining to you be deleted without undue delay. We are obliged to delete this data without undue delay if one of the following reasons exists:
- The personal data pertaining to you is no longer necessary for the purposes for which it was collected or processed in another way.
- You revoke your consent on which the processing pursuant to Article 6 paragraph 1 a or Article 9 paragraph 2 a of the GDPR was based and there is a lack of another legal basis for the processing
- You file an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and there are no overriding justified reasons for the processing, or you file an objection to the processing pursuant to Article 21 paragraph 2 of the GDPR.
- The personal data pertaining to you has been processed unlawfully.
- The deletion of the personal data pertaining to you is necessary in order to fulfil a legal obligation pursuant to the law of the Union or the member state(s) to which the party responsible is subject.
- The personal data pertaining to you was collected in connection with services offered by the information company pursuant to Article 8 paragraph 1 of the GDPR.
The right to deletion does not exist insofar as the processing is necessary
- to exercise the right to free expression of opinion and information;
- in order to fulfil a legal obligation which requires the processing pursuant to the law of the Union or the member state(s) to which we are subject
- for reasons of the public interest in the area of public health pursuant to Article 9 paragraph 2 h and I as well as Article 9 paragraph 3 of the GDPR;
- for the assertion, exercise or defence of legal claims.
8.5 Right to data transferability
You have the right to receive in a structured, common and machine-readable format the personal data pertaining to you which you have provided to us. In addition, you have the right to transmit this data to another party responsible without impediment by the party responsible to whom the personal data has been provided, insofar as
- the processing is based on a consent pursuant to Article 6 paragraph 1 a of the GDPR or Article 9 paragraph 2 a of the GDPR or on a contract pursuant to Article 6 paragraph 1 b of the GDPR, and
- the processing is done with the assistance of automated processes
In exercise of this right, you also have the right to procure that the personal data pertaining to you is transmitted directly by one party responsible to another party responsible insofar as this is technically feasible. No freedoms or rights of other parties may be detrimentally affected thereby.
The right to data transferability does not apply for processing of personal data which is necessary in order to carry out a task which is in the public interest or in exercise of official authority which has been transferred to the party responsible.
8.6 Objection right
You have the right for reasons which arise from your special situation to file an objection at any time to the processing of the personal data pertaining to you which is done on the basis of Article 6 paragraph 1 e or f of the GDPR. We then no longer process the personal data pertaining to you, unless we can prove mandatory protection-worthy reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves in the assertion, exercise or defence of legal claims.
You have the option of exercising your objection right in connection with the usage of services by the information company – irrespective of Directive 2002/58/EC – by means of automated processes where technical specifications are used.
8.7 Right to revocation of the data protection-law consent declaration
You have the right to revoke your data protection-law consent declaration at any time. The revocation does not affect the lawfulness of the processing which took place on the basis of the consent until the revocation.
8.8 Right to complain to a supervisory authority
Irrespective of contrary administrative-law or judicial legal remedies, you are entitled to the right to complain to a supervisory authority, particularly in the member state of your place of residence, your workplace or the location of the alleged breach, if you are of the view that the processing of the personal data pertaining to you breaches the GDPR.
The supervisory authority to which the complaint is submitted will inform the complainant about the status and the outcome of the complaint, including the possibility of a judicial legal remedy pursuant to Article 78 of the GDPR.
The pertinent supervisory authority for data protection-law issues is
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein Westfalen
Kavalleriestr. 2-4, 40213 Düsseldorf
Telefon: +49 211 384240
Telefax: +49 211 3842410
8.9 Contact options
If you are a registered user of certain of IMP³ROVE’s services, in some cases we offer you the possibility of inspecting that data online and even deleting or modifying it yourself.
If you contact us by email, please note that the contents of unencrypted emails can be intercepted by third parties and read without permission. For this reason, we recommend sending confidential information in encrypted form or sending it by mail in the traditional way.
9. APPLICATION AND AMENDMENT OF THE DATA PROTECTION DECLARATION
This data protection provision has applied since March 2019.
To the extent to which our website develops further and new technologies are used, it might become necessary to amend the terms of the data protection provisions. IMP³ROVE hereby reserves the right to amend the data protection provisions at any time as of a date in the future. We recommend that you always read the respectively-current version.