Privacy statement

The IASS is committed to ensuring that your personal data are protected. We strictly observe the requirements of relevant privacy laws. Personal data is only collected insofar as it is necessary for the operation of this website. Under no circumstances will information collected through this website be sold or forwarded to third parties without authorisation.

This privacy statement outlines the types of data that we collect, the purposes for which it is used, and how it is protected.

Data collected on this website

a. Types of personal data that we collect and process

  • Web server log Browser type / version, operating system, HTTP referer (previously visited web-page), IP address, date and time of the server inquiry, local URL, getParameter, and error events (if applicable)

b. Sources of personal information

  • Personal data is collected through our website during server communications and when you enter data for a particular purpose (see above).

c. Retention period / Criteria for data retention

  • Web server logs up to 3 months

d. How will your personal information be used?

  • Web server logs Personal data are retained in accordance with the German Telecommunications Act (TKG) in order to protect network integrity and safeguard against faults.

e. Legal basis for the collection and processing of personal information

  • Web server logs: the processing of this information is necessary for the purposes of the legitimate interests pursued by the website controller in accordance with point (f) of Article 6(1) of the General Data Protection Regulation (EU) 2016/679), hereafter referred to as GDPR.

f. Automated decision-making

  • Automated decision-making technologies are not employed on this website.

g. Transfer of data to third parties or international organisations

  • We do not use the services of international service providers.

h. Your right to notification

  • You have the right to be notified with respect to any personal data relating to you that we collect and process. In such cases, it is your right to be informed of: the purposes of the processing for which the personal data are intended; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period; the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; and, where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer. Please note that you have the right to request and obtain a single copy of the personal data undergoing processing. A reasonable fee based on our administrative costs may be levied for any further copies that you request. Your right to obtain a copy of this data shall not adversely affect the rights and freedoms of others.

i. Your right to rectification

  • You have the right to have any inaccurate personal data relating to your person rectified without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of a supplementary statement.

j. Your right to erasure

  • You have the right to require that we erase, without undue delay, any personal data about you; in addition to this, your personal data must be erased without undue delay where any of the following applies: the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw your consent on which the processing is based according to point (a) of Article 6(1) (GDPR), or point (a) of Article 9(2) (GDPR), and where there is no other legal ground for the processing; where you objects to the processing pursuant to Article 21(1) (GDPR) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) (GDPR); the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the IASS is subject; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). This shall not apply to the extent that this is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing in accordance with a European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims.

k. Your right to restriction of processing

  • You have the right to require that we restrict the processing of your personal data where one of the following applies: the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of processing, but these are required by you for the establishment, exercise or defence of legal claims; you object to processing pursuant to Article 21(1) of the GDPR pending verification whether our legitimate grounds override those of the data subject (you). If such a restriction is put in place, you will be informed before it is lifted.

l. Your right to object to the processing

  • You have the right to object, at any time, on grounds relating to your particular situation, to the processing of your personal data in accordance with points (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. Such data will no longer be processed unless we are able to demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data concerning for such purposes. This also applies to profiling to the extent that it is related to such direct marketing. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning your person, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

m. Your right to data portability

  • You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance, where: the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and the processing is carried out by automated means. In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another technically feasible and when doing so does not adversely affect the rights and freedoms of others. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Your right to data portability shall not adversely affect the rights and freedoms of others.
     

n. Your right to withdraw consent

  • You have the right to withdraw at any time your consent to the future processing of personal data pursuant to point (a) of Article 6(1) or point (a) of Article 9(2). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

o. Your right to lodge an official complaint

  • Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data relating to your person infringes upon current privacy legislation.

To lodge a complaint, contact:

Commissioner for the Protection of Data and Freedom of Information in Brandenburg
Dagmar Hartge
Stahnsdorfer Damm 77
14532 Kleinmachnow

Telephone: 033203/356-0
Fax: 033203/356-49
E-mail: Poststelle@LDA.Brandenburg.de


p. Transmission of Personal Data

  • Your personal data will not be disclosed to third parties, unless necessary to fulfil back office requirements. Any transmission of data will be limited to the necessary minimum. Insofar as the IASS is obliged legally or by court order to transmit your personal data, we will only disclose them to authorities entitled to receive these data as specified by law.

q. Cookies

  • This website uses so-called cookies. These serve to make our websites more user-friendly, effective and safe. Cookies are small text files which are stored on your computer and saved by your browser. The majority of cookies we use are so-called “session cookies”. Cookies will not harm your computer and do not contain viruses.

The following entity is responsible for processing personal data:

Institute for Advanced Sustainability Studies e.V. (IASS) Berliner Straße 130
14467 Potsdam

Telephone: +49 331 28822-300

Fax: +49 331 28822-310

Email: info(at)iass-potsdam.de

If you have specific questions regarding the protection of your data, please contact the responsible data protection officer:

Mrs Eva Grübel-Hoffmann

ITM Ges. für IT-Management mbH Bürgerstraße 81
D-01127 Dresden

Telephone: +49 351 30711875

Email: dsb(at)itm-dl.de

Definitions

personal data

personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Data subject

A data subject is any identified or identifiable natural person whose data are processed by the data controller.

processing

processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

restriction of processing

restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;

profiling

profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

pseudonymisation

pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

controller

controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
 
processor

processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

recipient

recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

third party

third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

consent

consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her