1. Name and address of the data controller
The controller as defined within the General Data Protection Regulation (GDPR) and
within other national privacy legislation of the member states and other privacy
Hamburgisches WeltWirtschaftsInstitut gemeinnützige GmbH (HWWI)
Telefon +49 (0)40 34 05 76 – 0
Fax +49 (0)40 34 05 76 – 776
2. Name and address of the data protection officer
The data protection officer of the controller is:
24103 Kiel, Germany
Telefon: +49 431 22 18 86 96
3. Server statistics
3.1 Processed data
When visiting our website, the following data is transferred by the browser and recorded by us:
- date and time of the query
- difference towads Greenwich Mean Time (GMT)
- content of the query (specific site)
- access status / HTTP status code
- amount of transferred data
- referrer website
- operating system and desktop environment
- language and version of used browser software
The data will also be saved within the log files of our system.
3.2 Legal basis
The legal basis for temporarily saving the data and the corresponding log files is art. 6 sec.1 f GDPR.
The process of temporarily saving the IP address is necessary in order to enable the system to deliver the website to the device of the user. The IP address needs to remain saved for the duration of the session. Recording the data in log files serves the following purposes:
- evaluating the access rates of our website internally
- optimizing the presentation of our websiteidentifying and defending against malicious use
- The data stored in this log is not merged with other data available to us.
3.4 Duration and deletion
The data will be deleted as soon as it is not any more required for fulfilling the purposes listed above. When initially recording the data for providing the website, this is the case at the end of the user session. Our server logs are saved for a duration of 30 days and deleted afterwards.
3.5 Right to object
Recording the data for providing the website and saving that data in log files is essential for operating the website. Hence, there is no possibility to object to the processing activity.
4. Application process
4.1 Processed data
During the application process, we only collect the data that you provide us with. Note: When sending your job application to us via e-mail, this happens unencrypted. We inform you that the transfer of unencrypted information is not safe in terms of data protection. As of now, we cannot provide you with an alternative, encrypted electronic transfer.
4.2 Legal basis
The data you provide us with through the application process is processed on the legal basis of § 26 BDSG (Bundesdatenschutzgesetz), section 1 in particular. This regulation allows processing activities that are necessary for the purposes of making a decision about entering an employment relationship. Should your data be needed for the purposes of defending our legal interests after the completion of the application process, your data will be processed under the conditions of excercising our legitimate interests under art. 6 sec. 1 lit. f GDPR. Those interests then consist of asserting, or defending against, legal claims.
After receiving your application, we use the data provided by you to determine if you are suited for the job opening and to carry out the application process. Suitable applications will be forwarded internally to the person responsible for the department in question. Then, the further procedure for the application is determined. Access to your data is granted solely to the persons within the company that need it in order to properly carry out the application process. Your data is processed exclusively on data centers within the Federal Republic of Germany.
4.4 Duration of storage and deletion
In case we have an ongoing interest in your profile despite not choosing you for the current opening, we will ask for your permission for further saving and processing your data in order to consider you for other job offers within our company. This process will only take place with your consent. Should you not give your consent within two months, we will delete your data automatically. In all other cases, we will delete your data immediately as soon as we reject your application. In case you consent to further processing as desbribed above, we will include your data into our pool of applicants on the legal basis of art. 6 sec. 1 lit. a GDPR. Your data is deleted from our data base after 2 years. Should your application result in an employment, your data will be transferred to our human resources department for further processing.
4.5 Right to object
You may withdraw your consent for further processing without affecting the lawfulness
of processing prior to the withdrawal. Please send us an e-mail to firstname.lastname@example.org
if you wish to withdraw your consent.
5. Login area
5.1 Processed data
Users have the option to create a user account. While doing so, the data necessary for the process is communicated to the user. If a user makes use of the functions regarding registry and login provided to him, his IP address as well as the usage of the login area and the time of a user action are logged. A transfer of this data generally does not occur except in cases where this is necessary for the pursuit of legal claims or if there is a legal obligation to do so, art. 6 sec. 1 lit. c, f GDPR.
5.2 Legal basis
The legal basis for collecting and processing the data is art. 6 sec. 1 lit. b GDPR to the extent the processing activity in question is necessary in order to fulfill a contractual obligation. In other cases, the basis is art. 6 sec. 1 lit. f GDPR.
The data collected throughout the registry process is processed for the purposes of enabling the user to access and use the content provided in the login area. The users may be informed of affairs related to the registry or the content provided (like changes to the given content or technical issues with the platform) via e-mail. Our legitmate interest for saving the IP address is to protect ourselves from misuse and other illegitimate access.
5.4 Duration of storage and deletion
In case you have discontinued your user account, the data concerning your user account will be deleted to the extent we are not required to retain your data due to legal reasons based on legislation regarding trade or taxes. Any such data will be stored following art. 6 sec. 1 lit. c GDPR. In case of a termination of the contractual realtionship, users should make sure to save the data that is stored for the duration of the contract before the end of this period. We are entitled to delete any data that is stored for the purpose and the duration of the contractpermanently. The IP addresses collected will be deleted or anonymised 7 days after collection.
5.5 Users‘ rights
At any time, a user can demand access to the data processed by us for the purposes of the user registry and may demand deletion of said data. The remaining rights listed in section 10 remain unaffected.
6. Contact form
6.1 Processed data
In case you provide this information within our contact form, we collect your name and your e-mail address as well as the purpose of your inquiry. You may also provide us with further information like your address or your telephone number if you wish.
6.2 Legal basis
The legal basis for collecting the data is art. 6 sec. 1 lit. b GDPR, to the extent it is necessary for preparing to enter a contract or for the performance of an existing contract with the user. In other cases, the legal basis is our legitimate interest in processing the data following art. 6 sec. 1 lit. f GDPR.
The data is collected exclusively for the purposes of processing your request and to inform you of our services. A transfer of your data or usage for other purposes does not occur.
6.4 Duration of storage and deletion
The data collected through the contact form will be deleted within a year in case no contractual relationship or other legitimate reason for extended storage has been established in the meantime.
6.5 Users‘ rights
At any time, a user may send an e-mail demanding the deletion of data to email@example.com, which we will comply with immediately. Your further rights as listed in section 10 remain unaffected.
7.1.1 Processed data
For our newsletter, we collect your e-mail address. Subscribing to our newsletter is done via the so-called double-opt-in procedure. This means that you will receive an e-mail after registering, asking you to verify your subscription. This verification process is necessary to ensure that nobody can register a foreign e-mail address. This encompasses collecting the date and time of registry and verification as well as the corresponding IP address. Also changes to your data stored with the e-mail service provider are recorded.
7.1.2 Legal basis:
The legal basis for dispatching the newsletter and the related performance measurement is the consent of the recipient, art. 6 sec. 1 lit. a GDPR or is found in our legitimate interest to optimize coverage and performance following art. 6 sec. 1 lit. f DPR in connection with § 7 Abs. 3 UWG. The process of logging the subscription and verification of registry is based on our legal obligation to be able to demonstrate consent for processing the data. The legal basis thus is art. 6 sec. 1 lit. c GDPR.
We use your e-mail address for dispatching our newsletter, e-mails and further electronic notifications with advertising information (hereinafter: „newsletter“) only within the scope of the consent given by the recipient or as legally permitted. The description of contents provided when subscribing to the newsletter determines the extent of the consent given by the user. Otherwise, the newsletter contains information about us and the services provided by us. Our interest in logging the registry and verifcation process serves the purpose of providing a user friendly and safe newsletter system that serves our business interests and the expectations of the user as well as allowing us to document the consent of the user.
7.2 Duration of storage and deletion
The data collected will be held until the given consent is withdrawn. To be able to prove that consent was given at an earlier point in time we may store the documentation of your consent for up to three years after the withdrawal following our legal obligation to substantiate valid consent. Processing this data is then limited to the defence against possible legal claims. An individual request for deletion remains possible if the request confirms that consent had been given at an earlier point in time.
7.2.1 Users‘ rights
You may cancel your subscription to our newsletter at any point in time. A link for cancelling your newsletter subscription may be found at the end of every newsletter received.
7.3 Service provider for dispatching the newsletter
7.4 Performance measurement
The newsletters may contain a so-called „web-beacon“. This is a file the size of a pixel that informs us via our service provider 1&1 that the newsletter has been opened. This transfer of data contains information concerning the employed browser and operating system as well as your IP address and the time of access to the newsletter. This information is used for improving our services either by technical means or by better understanding our target audience and its reading preferences also in terms of current location (determined via IP address) and/or time of access. As part of these statistical measurements, also the links that are opened are logged. These evaluations are done for the purposes of adapting our content to the preferences and interests of our customers or for sending out content adapted to specific target groups.
8. Online presences on social media
We provide an online presence on the platforms Facebook, Twitter, Instagram, LinkedIn and YouTube to interact with the active customers, interested parties and users on these platforms and to inform them of our services. When visiting our respective presences on these platforms, the terms and conditions and data processing policies of the respective
9. Third party services
Our website includes videos from „YouTube“, provided by the service provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
9.2 Google Maps
We incorporate maps of the service „Google Maps“ on our website, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data includes IP addresses and data concerning the location of the user. Location data however is not collected without the consent of the user (e.g. through the preferences set on a given mobile device). The data may be processed within the USA. Google is part of the EU-US Privacy Shield.
We use so-called cookies on some of our web offers, among other things in order to be able to offer you website-specific services, to be able to recognize you during a repeated visit to our website, and/or to be able to adapt our offer to your personal preferences.
Cookies are small text files that are stored on a visitor’s computer and contain data on the respective user to enable access to various functions. Our website uses both session cookies and permanent cookies. A session cookie is temporarily stored on the computer you use while you navigate through the website. A session cookie is deleted when you close your internet browser or when your session expires after a certain time. A permanent cookie remains on your computer until it is deleted. Storing a cookie ensures that you do not have to re-enter your personal settings and preferences each time you visit. This saves you time and makes using our website more convenient for you.
The use of the aforementioned cookies is in the interest of a uniform presentation and functionality of our websites. The basis for data processing is Art. 6 Para. 1 letter f DSGVO, which permits the processing of data for the purpose of safeguarding the legitimate interests of the person responsible, unless the interests or fundamental rights and freedoms of the person concerned outweigh these.
11 Google Analytics
However, since IP anonymisation is activated on our website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.
Google has carried out certification in accordance with the current EU-US Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and thus created the legal prerequisites for the appropriateness of the level of data protection also for the provision of the Google Analytics service by way of order processing. We have concluded a contract with Google for contract processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
The storage of Google cookies and the evaluation for statistical purposes is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the analysis of user behaviour in order to optimise both our offer and, where applicable, advertising for our services.
12. Users‘ rights
12.1 Right of access by the data subject
You have the right to access the information collected about you free of remuneration. In case you exercise this right, we will inform you in writing and as legally required which personal data we have stored about you. This information also contains the data source and recipients of the data as well as the purposes of the processing activities.
12.2 Right to rectification
You have the right to demand correction of our data about you in case the data we store about you is incorrect. You can also demand that we limit our processing activities e.g. in case you dispute the accuracy of the personal data stored about you.
12.3 Right to restriction of processing
You may also restrict the usage of your personal data under certain circumstances. In order to make sure that this restriction is taken into account at any time, your data needs to be kept in a lock file or blacklist.
12.4 Right to erasure
You may also demand deletion of your personal data in case no legal obligation for further storage exists. In case such an obligation exists, we will restrict your personal data if you wish so. In case the legal requirements are met, we will delete your personal data irrespective of a request from your side to do so.
12.5 Right to data portability
You are entitled to receive a copy of your personal data processed in a structured, commonly used and machine-readable format that allows the transfer to another controller.
12.6 Right to lodge a complaint with a supervisory authority
You have the right to address a supervisory authority with a complaint you may have concerning our processing activities. The competent supervisory authority for us is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Prof. Dr. Johannes Caspar
Klosterwall 6 (Block C), 20095 Hamburg, Germany
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
12.7 Right to object
You may at any time object to the usage of your data for internal purposes with regard to future processing. Simply send a corresponding e-mail to firstname.lastname@example.org. This objection however has no bearing on past processing activities undertaken by us. Data processing based on other legal grounds however (e.g. necessity for the performance of a contract) remain unaffected (see above).
13. No automated individual decision-making
While using our services, you are not subject to any exclusively automatic decisionmaking process – including profiling – that takes legal effect or affects you significantly in any similar manner.