Thank you for your interest in our company. Data protection is a particularly high priority for the management of VDI/VDE Innovation + Technik GmbH. The webpages of VDI/VDE Innovation + Technik GmbH can be used without having to specify any personal data. However, should a data subject wish to use special enterprise services through our website, the processing of personal data may be required. Should the processing of personal data be necessary and there is no legal basis for such processing, we will generally ask the data subject for consent.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject will always be in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection laws applicable to VDI/VDE Innovation + Technik GmbH. The purpose of this data protection statement is to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. This statement also informs data subjects of the rights they are entitled to.
As the controller, VDI/VDE Innovation + Technik GmbH has implemented numerous technical and organisational measures to ensure the best possible protection of personal data processed through this website. However, the electronic transmission of data can, in principle, have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us through alternative means, for example, by telephone.
1. Definitions
VDI/VDE Innovation + Technik GmbH’s data protection statement is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection statement should be clear and understandable to the general public, as well as our customers and business partners. To ensure this, we will start with an explanation of the terminology we use.
2. Name and address of the controller
For the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in EU Member states and other provisions related to data protection, the controller is:
VDI/VDE Innovation + Technik GmbH
Steinplatz 1
10623 Berlin
Deutschland
Tel.: +49 (0)303100780
Email: vdivde-it@vdivde-it.de
You can contact our data processing officer at Datenschutz@vdivde-it.de
3. Cookies and web analytics using Matomo
3.1 Technically necessary cookies
The websites of VDI/VDE Innovation + Technik GmbH use technically necessary cookies. Cookies are text files that are stored on a computer system through a web browser.
Many websites and servers use cookies. Many cookies contain a so-called Cookie ID. A Cookie ID is a unique identifier for the cookie. It consists of a sequence of characters through which websites and servers can be assigned to the specific web browser in which the cookie was saved. This allows the visited websites and servers to distinguish the individual browser of the affected person from other web browsers which contain different cookies. A specific web browser can be recognized and identified via the unique cookie ID.
The cookies that we use are technically necessary cookies that enable you to use our website and the services we offer on it. Some of the features on our website require the browser to be identified even after moving on to a new page.
The specified purposes represent our legitimate interest in processing of data; the legal basis is Art. 6(1) subparagraph 1, point (f) GDPR. The data are not combined with other personal data and are not used for advertising purposes. Session cookies are deleted at the end of the respective browser session, at the latest after seven days.
You can disable the saving of all cookies by our website at any time using a corresponding setting on the web browser being used, and thus permanently disable the saving of cookies. Furthermore, already saved cookies can be deleted at any time using a web browser or other software program. This is possible in all popular web browsers. Support for changing your cookie settings is available e.g. via the help function of your web browser. Further information in this regard and regarding cookies in general is available e.g. at http://www.youronlinechoices.com/de/ and http://www.allaboutcookies.org/ge/.
Please note that you may not be able to use all functions of our website to their full extent if you don't accept any cookies.
3.2 Web analytics using Matomo
We use the Open-Source-Software Matomo (www.matomo.org) web analytics software for statistical analysis of the user behaviour on our website. We use Matomo without cookies and "Device Fingerprinting", but rather with the function con-fig_id (more information on this is available at https://matomo.org/faq/general/how-is-the-visitor-config_id-processed/). The data processing allows us to recognize returning users, to analyse their behaviour on our website, to optimize our website and to measure its reach. These purposes represent our legitimate interests in data processing. The legal basis is Art. 6(1) subparagraph 1, point (f) GDPR.
When you access our website, Matomo stores information about your behaviour on our website (more information on this is available at https://matomo.org/privacy-policy/ and https://matomo.org/faq/general/faq_18254/):
- anonymised IP address (the last byte is truncated, so that we cannot assign the IP address to a specific user)
- User-ID (optional)
- Device information (device type; operating system; screen resolution; language; country in which you are located; time within the time zone in which you are located; browser type; User-Agent-Header)
- Title of the accessed page (Page Title)
- URL of the accessed page (Page URL)
- URL of the page accessed before the currently accessed page (referrer URL)
- Files which were clicked on and downloaded (download)
- Links to an external domain which were clicked on (outlink)
- Generation time of the pages (the time which the web server requires in order to generate the pages and then download them by the user: page speed)
- User location: Country, region, city, approximate geographic latitude and longitude (Geo location)
The information in the pseudonymous user profile is not used to personally identify the visitor of this website. They are not combined with personal data about the owner of the pseudonym.
4. Collection of general data and information (log files)
VDI/VDE Innovation + Technik GmbH's website collects a variety of general data and information every time a data subject or an automated system visits the website. These general data and information are stored on the server in log files. The following information can be collected:
- user browser types and versions;
- operating system of the requesting system;
- webpage from which a requesting system accesses our webpage (referrer);
- subordinate webpages on our website that are accessed by a requesting system;
- date and time the webpage is requested;
- internet service provider of the requesting system;
- other similar data and information that are used in the event of an attack on our information technology systems.
The use of these general data and information does not enable VDI/VDE Innovation + Technik GmbH to trace the data back to the data subject. Rather, this information is needed to:
- ensure the contents of our website work properly;
- optimise the contents of our website and its promotion;
- ensure the continued functioning of our information technology systems and the technology of our website as well as to
- provide law enforcement agencies with the necessary information for prosecution in the event of a cyberattack.
VDI/VDE Innovation + Technik GmbH analyses these anonymously collected data and information statistically and with the goal of increasing data protection and data security in our company with the aim of ensuring the highest level of protection possible for the personal data we process.
For the stated purposes, our legitimate interest is in data processing; the legal basis is Art 6, par 1, point (f) GDPR.
The anonymous data in the server log files are stored separately from the personal data provided by a data subject. The log files are deleted at the end each browser session and at the latest after seven days, unless their further storage is required for the above purposes.
5. Processing of data that you provide to us
As required by statutory provisions, VDI/VDE Innovation + Technik GmbH’s website contains information that enables you to contact us quickly through electronic means and to communicate directly with us, which also includes the provision of a general email address. If you contact us by email or by submitting a contact form (for example, to order a publication), the personal data you voluntarily submit will be automatically saved.
We process your data to answer your enquiry; the legal basis for data processing is Art 6, par 1, point (f) GDPR (our legitimate interest is in answering your enquiry).
Insofar as the processing of data is required in order to take steps prior to entering into a contract (for example, for enquiries about our products or services) or to perform a contract, the legal basis is Art 6, par 1, point (b) GDPR.
We process personal data that you provide to us in our capacity as project manager during project management work (for example, by uploading documents to a project website) in order to assist project implementation (for example, providing advice on funding, approving the funding application, support during the term of the project). In this respect, you are only required to provide the information that is necessary as specified by the ministry responsible for the funding programme and in accordance with the applicable statutory rules for the funding application.
The legal basis is Art 6, par 1, point (e) GDPR in conjunction with Art 3 BDSG (German Data Protection Act) in conjunction with Art 23 and 44 BHO (Federal Budget Code), Art 23 and 44 VV-BHO (Administrative Regulations on the Federal Budget Code), if we are the entrusted project manager, otherwise Art 6, par 1, point (b) GDPR.
The data from your enquiries will be deleted when the respective conversation ends and the issue in question has been resolved and legal, statutory or contractual retention periods have expired. Retention periods apply in particular if your enquiry results in a contract with us (Art 147 par 1, par 3 AO (German Fiscal Code), Art 257 par 1, par 4 HGB (German Commercial Code: 6-year retention period for correspondence relating to the formation of a contract, 10-year retention period for accounting records). For data that we obtain in our capacity as entrusted project manager, the retention periods laid down in accordance with Art 12 par 2 of the GGO (Joint Rules of Procedure of the Federal Ministries) in conjunction with the RegR (Registry Guidelines) apply.
6. Sharing your data
At VDI/VDE Innovation + Technik GmbH, access to your personal data will be granted to the departments that need it to perform our contractual and legal obligations.
In our capacity as project manager, we share your personal data with the ministry responsible for the funding programme and any other project managers, if this is necessary in order to assist implementation of the project. The legal basis is Art 6, par 1, point (e) GDPR in conjunction with Art 3 BDSG (German Data Protection Act) in conjunction with Art 23 and 44 BHO (Federal Budget Code), Art 23 and 44 VV-BHO (Administrative Regulations on the Federal Budget Code), if we are the entrusted project manager, otherwise Art 6, par 1, point (b) GDPR.
Data is transmitted to third countries (countries outside the European Economic Area – EEA) only if this is necessary for performing contracts or required by law or consent to do so has been given. Details in this regard are provided separately where stipulated by law.
We also share personal data when we are required to do so by law (Art 6, par 1, point (c) GDPR) or the data subject has given his or her consent (Art 6, par 1, point (a) GDPR). Under these conditions, recipients of personal data may, for example, be public authorities and institutions in the event of a legal or regulator obligation.
7. Your data protection rights
You have the right to obtain from VDI/VDE Innovation + Technik GmbH access to your personal data (Art 15 GDPR), the rectification of your personal data (Art 16 GDPR), the erasure of your personal data (Art 17 GDPR), the restriction of the processing of your personal data (Art 18 GDPR) and the portability of your personal data (Art 20 GDPR). The right of access and the right to erasure are subject to the restrictions in Art 34 and 35 German Data Protection Act.
You also have the right to object to the processing of your personal data by VDI/VDE Innovation + Technik GmbH (Art 21 GDPR).
Insofar as the processing of your personal data by VDI/VDE Innovation + Technik GmbH is based on consent (Art 6, par (1), point (a) GDPR), you can withdraw the consent at any time; the legality of the data processing performed on the basis of the consent remains unaffected until the consent is revoked.
Should you wish to assert these rights or have any questions concerning personal data, please do not hesitate to contact us at any time by email at Datenschutz@vdivde-it.de or using the contact information provided in Section 2.
Irrespective of this, you have the right to lodge a complaint with a supervisory authority - in particular in the EU Member State in which you reside, or work or the place of the alleged infringement - if you believe that the processing of your personal data violates the GDPR or other applicable data protection laws (Art 77 GDPR, Art 19 German Data Protection Act).
8. Obligation to provide data
As part of our business relationship, our processors must provide only those personal data that are needed to establish, conduct and terminate a business relationship or that we are required to collect by law. Without these data, we will be obliged to refuse entering into a contract or executing an order or may not be able to continue executing an existing contract and may even have to terminate it.
The provision of personal data is in part required by law (e.g. tax regulations) or may arise from contractual agreements (e.g. the processor's information).
9. No automated individual decision-making (Art 22 par 1 and 4 GDPR)
As a responsible company we refrain from automatic decision-making or profiling.