Mitglied werden
Service

Privacy Guidelines

Duty to provide information when collecting personal data pursuant to Article 13 GDPR

Thank you for visiting the Oeko-Institut website and taking an interest in our work. We take the protection of your personal data very seriously. We would like to explain to you what kind of information the Oeko-Institut collects during your visit to our website and during further processing, and how it is used.

The Oeko-Institut is an independent, private environmental research institute. Its legal form is that of a registered association. In the following sections we refer to the website of the Oeko-Institut as the institute's website and in some places refer specifically to the association and thus to the processing of the data of association members.

1. Controller details

Öko-Institut e.V.
Merzhauser Strasse 173
79100 Freiburg
Germany
+49 761 45295-0
info@oeko.de

2. Person in charge of data protection

Should you have any questions regarding data protection, please contact our data protection officer Silvia Schütte at datenschutz@oeko.de or at the postal address given above.

3. Processing your personal data – purposes and legal basis

Data processing on our website

Matomo

We use the web analytics service Matomo to statistically evaluate the use of our website. Matomo is generally operated without the use of cookies. Among other things, the pages accessed, the date and time of access, and abbreviated IP addresses are processed. The IP address is anonymised before storage, so that individual users cannot be identified. This data is processed on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the data protection-friendly analysis of the use of our website in order to improve our content and offers.

In addition, we ask users for their consent in accordance with Art. 6 (1) lit. a GDPR to set a cookie that enables the recognition of returning visitors. This cookie is used exclusively for statistical purposes and is only set if the relevant consent is given. Consent is voluntary and can be revoked at any time with effect for the future.

The data collected with Matomo is not passed on to third parties, is not merged with other data sources and is processed exclusively on our own servers.

Change or view my consent

Social media share button plugins

Only (external) social media share button plugins for Facebook, Twitter, LinkedIn and Google+ are used. Clicking on these buttons does not activate “like” functions or similar, and none of your personal data are shared. Instead, by clicking, you open a window to the share function and the current page’s URL. Any further activity then takes place via the relevant operator’s website.

Newsletter

If you subscribed to the eco@work newsletter on our website, we will use your e-mail address to regularly send you the newsletter and interesting facts about the institute. The legal basis for sending the newsletter is your consent in accordance with Article 6(1)(1a) GDPR. You may revoke your consent at any time to stop receiving the newsletter. To do so, you can click on "unsubscribe" at the bottom of the newsletter e-mail, or you can write to us at datenschutz--at--oeko.de or by post. We use the Rapid Mail service to send the newsletter.

Events

We also use a double opt-in registration system with an online form for Oeko-Institut events (see newsletter) at www.oeko.de. The personal data requested (generally name, institution, job title, e-mail address) are used solely for the purpose of organising the event in question (name badges, compiling a list of participants).

Photos of events

Photos of institute events (e.g. annual conference) are published on our website for the purpose of external presentation. The legal basis for the publication of photos of adults on our website is our institute’s legitimate interest pursuant to Article 6 (1) (1 f) GDPR, as described below:

  • Photos related to events due to our legitimate interest in reporting on the event;
  • Photographs of the audience who attended the event or photographs in which people appear only in the background, on the basis of our legitimate interest in reporting on the event and its success.

Pursuant to Article 21(1) GDPR you may object to the use of a photo in which you can be seen. The institute will examine whether there are compelling legitimate grounds for the processing which override your interests, rights and freedoms. If there are no such grounds, the relevant photo will be deleted.

Other photos in which an adult person (presenter or audience member) is the focus or in which a single person was specifically photographed will only be published with the subject’s consent (Article 6(1)(1a) GDPR). Subjects may withdraw their consent at any time with effect for the future.

Press releases

You can also complete an online form, with a double opt-in (see newsletter), to subscribe to our press releases. The personal data requested (mandatory: e-mail address; optional: company/name) are used solely to send out the press releases. The e-mail addresses provided on the online forms are stored in our protected profile on Zimpel-online, the system used to distribute our press releases. The press releases always contain a link enabling you to delete or update your information.

Data processing within the association

Membership data (first name, surname, postal address, other voluntary details such as date of birth, telephone number or e-mail address as well as relevant banking information) are processed by the respective officers of our association solely for the fulfilment of tasks assigned to them. Specifically, this means:

  • If the Committee needs membership data to carry out its tasks, it may access all membership data required for this purpose.
  • This includes, in particular, the association’s correspondence, the membership magazine mailing list and other activity reports.
  • The Finance and Accounting Department processes membership data relevant to the collection of membership fees. The cash auditor processes membership data relevant for the cash audit. These include first name, surname, postal address and banking details including payment data and, where members issued a direct debiting mandate to the association, access to direct debit authorisations including signatures.

The association's office processes the membership data for membership administration and liaison. The current membership data, insofar as they relate to invoicing, must be retained for the duration of membership and for a further ten years following cessation of membership in accordance with Article 147 (1)(4)(3)(1) of the German Fiscal Code (Abgabenordnung).

The purpose of processing membership data is the pursuit of the association's purpose and its administration. The legal basis is the membership in the association (Article 6 (1) b) GDPR).

Use and disclosure of personal data

The personal data provided by you are logged solely for administrative purposes, e.g. to manage our list of members or subscriptions to our newsletters. We never pass on, sell or otherwise disclose your personal data to third parties. When you send us an e-mail, your e-mail address is used solely for corresponding with you and for no other purpose.

Security

The Oeko-Institut takes all necessary technical and organisational measures to protect your personal data against loss or misuse. Users who contact the Oeko-Institut by e-mail are made aware that the confidentiality of information contained in unencrypted e-mails cannot be guaranteed.

Your rights

When we process your personal data, you have the following data subject rights:

  • The right of access to the data processed and a right to a copy of the data processed;
  • The right to correction if we process inaccurate data concerning you;
  • The right to erasure, unless exceptions apply as to why we are still storing the data, for example, retention obligations or statutes of limitation;
  • The right to restriction of the processing of data;
  • The right to withdraw consent to data processing at any time;
  • The right to object to processing of data in the public or legitimate interest;
  • The right to data portability;
  • The right to lodge a complaint with the competent supervisory authority in case you consider that we are not processing your data in accordance with the applicable regulations. The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg is responsible for our association. However, if you are in another state (Land) of Germany or outside of Germany, you may also contact the data protection authority in your location.