Contact Information of the Controller (Party Responsible for the Processing of Personal Data)
Institut für ökologische Wirtschaftsforschung GmbH (a Non-Profit Institution)
Potsdamer Str. 105
D-10785 Berlin
Represented by the Scientific Director, Thomas Korbun, and the Financial Director, Marion Wiegand.
Telephone: +49-(0)30–884 594-0
Fax: +49-(0)30–882 54 39
E-Mail: mailbox(at)ioew.de
Contact Information of the Data Protection Officer
DATENCOACH.DE für fachgerechte Datenhaltung UG (Limited Liability)
Ralf Petersen
Köpenicker Str. 95 A
12355 Berlin
Telephone: +49-(0)30–884 59 4-0
E-Mail: datenschutz(at)ioew.de
How do we Acquire your Personal Data?
The collection of your personal data inherently begins with you. Processing of the data you submit is necessary for the fulfilment of obligations arising out of the contractual relationship you establish with us.
Processing of your personal data is necessary in the course of pre-contractual measures (i.e. the collection of address and contact information from you as an interested party). Without the provision and processing of this data, no contract can be concluded.
In order to render our services, it may be necessary to process personal data permissively obtained from other companies or parties, e.g. the tax authorities or your business associates, etc., according to the respective purpose.
Furthermore, we may process personal data permissively obtained from publicly available sources, e.g. Internet websites, which are used solely for the respective contractual purpose.
Purposes and Legal Basis for the Processing of Personal Data
The personal data so entrusted with us will be processed in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG – the Federal Data Protection Act of Germany):
On the Basis of Consent Given (Pursuant to Art. 6(1)(a) of the GDPR)
The purposes for the processing of your personal data are based on the consent you have given us. You may withdraw your consent with future effect at any time. Consent given prior to the commencement date of the GDPR (25 May 2018) may also be withdrawn. The processing of data occurring prior to withdrawal of consent remains unaffected by the revocation. For example: delivery of a newsletter.
For the Fulfilment of Contractual Obligations (Pursuant to Art. 6(1)(b) of the GDPR)
The purposes of data processing arise with the initiation of measures necessary prior to entering a contractually regulated business relationship as well as in the performance of the contract concluded with you.
To Comply with Legal Obligations (Pursuant to Art. 6(1)(c) GDPR) or for the Performance of Tasks Carried out in the Public Interest (Pursuant to Art. 6(1)(e) of the GDPR)
Purposes of data processing here include those arising from legal requirements or those that are in the public interest (e.g. compliance with document retention regulations, proof of compliance with information and disclosure requirements).
For the Purposes of Legitimate Interests (Pursuant to Art. 6(1)(f) of the GDPR)
Purposes of processing may arise in the pursuit of our legitimate interests. It may be necessary to process your personal data beyond the requirements of contractual performance. In the pursuance of our legitimate interests, further processing of your personal data may be justified to the extent that such interests are not superseded by your own interests or fundamental rights and freedoms. Such legitimate interests may specifically include: assertion of legal claims, defence against liability claims, and prevention of criminal offenses.
Who Receives your Personal Data?
Access to your personal data is provided to those departments within our company authorized to process the data and having a legitimate need for the purpose of fulfilling contractual and legal obligations.
In fulfilment of our contract with you, the personal data entrusted with us will only be shared with those agencies and authorities where a legal obligation exists, for example revenue services, social insurance agencies, regulatory authorities, or in the case of a court order or subpoena.
In the course of the provision of services, we may rely upon various data processors to fulfil contractual obligations, e.g. data service centres, IT service partners, document-shredding companies, etc. These data processors are contractually obligated to observe requirements of professional confidentiality and comply with the provisions of the GDPR and BDSG.
Will your Personal Data be Transmitted to a Third Country or International Organizations?
Under no circumstances will your personal data be transmitted to a third country or international organization. At your specific request, however, we may transfer your personal data to another country or international organization, but only with your written permission and release from confidentiality.
Does Automated Decision-Making Processing, Including Profiling, occur?
Pursuant to Art. 22 of the GDPA, no decision-making based solely on the automated processing of your personal data, including profiling, is employed.
Duration of Processing (Criteria for Deletion)
Your personal data will be retained for processing for until attainment of the contractually agreed upon purpose, as a rule, for the duration of the contractual relationship. After termination of the contractual relationship, your personal data will be processed as necessary to comply with statutory record retention requirements or to safeguard our legitimate interests. After expiry of the statutory retention periods and/or cessation of our legitimate interests, your personal data will be deleted.
Anticipated retention periods with respect to statutory retention obligations and safeguarding of our legitimate interests:
Information About your Rights
- The purposes for which the personal data were collected have lapsed.
- You withdraw your consent to the processing; there is no other legal ground for the processing.
- You object to the processing; there is no other legal ground for the processing.
- The personal data have been unlawfully processed.
- Compliance with a legal obligation in Union or Member State law to which the controller is subject compels erasure of the personal data.
- The personal data were collected in the context of an offer of information society services pursuant to Art. 8(1).
Withdrawal of consent pursuant to Art. 7(3) GDPR: If processing is based on your consent pursuant to Art. 6(1)(a) or Art. (2)(a) (processing of special categories of personal data), you are entitled to withdraw purpose-bound consent at any time without affecting the lawfulness of processing based on the consent before its withdrawal.