Duty to provide information when collecting personal data pursuant to Article 13 GDPR
Thank you for visiting the Oeko-Institut website and taking an interest in our work. We take the protection of your personal data very seriously. We would like to explain to you what kind of information the Oeko-Institut collects during your visit to our website and during further processing, and how it is used.
The Oeko-Institut is an independent, private environmental research institute. Its legal form is that of a registered association. In the following sections we refer to the website of the Oeko-Institut as the institute's website and in some places refer specifically to the association and thus to the processing of the data of association members.
1. Controller details
Merzhauser Strasse 173
+49 761 45295-0
2. Person in charge of data protection
Should you have any questions regarding data protection, please contact our data protection officer Silvia Schütte at datenschutz--at--oeko.de or at the postal address given above.
3. Processing your personal data – purposes and legal basis
Data processing on our website
In order to be able to optimise our homepage, we evaluate user behaviour and collect and store data for this purpose (Article 6 (1) lit. f GDPR). We use the open source software "Matomo" (www.matomo.org) from the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Cookies are utilised to this end. Cookies are small text files that are stored locally in the cache of the site visitor's internet browser. We use the anonymisation function of Mamoto ("anonymizeIP plugin"), which truncates the IP address. The data collected by means of the Matomo technology are processed on our servers.
The anonymised information generated by the cookies is not used to identify you personally, nor is it used to track your internet activity. It is not merged with personal data from other sources and cannot be used to create a user profile.
If you do not wish the data relating to your visit to be stored and analysed, you may opt out at any time. Simply click the button and an opt-out cookie will be placed in your browser. Opting out means that Matomo may not collect data during your visit. You should be aware that if you delete all cookies, your opt-out will not be saved and you will need to opt out again on future visits to our website.
If you wish to opt out, please uncheck the relevant box in the cookie banner to place the Matomo deactivation cookie in your browser.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website to protect the contact form from abusive automated crawling and spam. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
reCAPTCHA is used to check whether the data entered in our contact form has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the website visitor’s behaviour, based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates a variety of information, e.g. the IP address. The data collected during the analysis will be forwarded to Google.
reCAPTCHA analytics run in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Article 6 (1) lit. f GDPR. It is in our legitimate interest to protect our website from abusive automated crawling and spam.
Social media share button plugins
Only (external) social media share button plugins for Facebook, Twitter, LinkedIn and Google+ are used. Clicking on these buttons does not activate “like” functions or similar, and none of your personal data are shared. Instead, by clicking, you open a window to the share function and the current page’s URL. Any further activity then takes place via the relevant operator’s website.
If you subscribed to the eco@work newsletter on our website, we will use your e-mail address to regularly send you the newsletter and interesting facts about the institute. The legal basis for sending the newsletter is your consent in accordance with Article 6(1)(1a) GDPR. You may revoke your consent at any time to stop receiving the newsletter. To do so, you can click on "unsubscribe" at the bottom of the newsletter e-mail, or you can write to us at datenschutz--at--oeko.de or by post. We use the Rapid Mail service to send the newsletter.
We also use a double opt-in registration system with an online form for Oeko-Institut events (see newsletter) at www.oeko.de. The personal data requested (generally name, institution, job title, e-mail address) are used solely for the purpose of organising the event in question (name badges, compiling a list of participants).
Photos of events
Photos of institute events (e.g. annual conference) are published on our website for the purpose of external presentation. The legal basis for the publication of photos of adults on our website is our institute’s legitimate interest pursuant to Article 6 (1) (1 f) GDPR, as described below:
- Photos related to events due to our legitimate interest in reporting on the event;
- Photographs of the audience who attended the event or photographs in which people appear only in the background, on the basis of our legitimate interest in reporting on the event and its success.
Pursuant to Article 21(1) GDPR you may object to the use of a photo in which you can be seen. The institute will examine whether there are compelling legitimate grounds for the processing which override your interests, rights and freedoms. If there are no such grounds, the relevant photo will be deleted.
Other photos in which an adult person (presenter or audience member) is the focus or in which a single person was specifically photographed will only be published with the subject’s consent (Article 6(1)(1a) GDPR). Subjects may withdraw their consent at any time with effect for the future.
You can also complete an online form, with a double opt-in (see newsletter), to subscribe to our press releases. The personal data requested (mandatory: e-mail address; optional: company/name) are used solely to send out the press releases. The e-mail addresses provided on the online forms are stored in our protected profile on Zimpel-online, the system used to distribute our press releases. The press releases always contain a link enabling you to delete or update your information.
Data processing within the association
Membership data (first name, surname, postal address, other voluntary details such as date of birth, telephone number or e-mail address as well as relevant banking information) are processed by the respective officers of our association solely for the fulfilment of tasks assigned to them. Specifically, this means:
- If the Committee needs membership data to carry out its tasks, it may access all membership data required for this purpose.
- This includes, in particular, the association’s correspondence, the membership magazine mailing list and other activity reports.
- The Finance and Accounting Department processes membership data relevant to the collection of membership fees. The cash auditor processes membership data relevant for the cash audit. These include first name, surname, postal address and banking details including payment data and, where members issued a direct debiting mandate to the association, access to direct debit authorisations including signatures.
The association's office processes the membership data for membership administration and liaison. The current membership data, insofar as they relate to invoicing, must be retained for the duration of membership and for a further ten years following cessation of membership in accordance with Article 147 (1)(4)(3)(1) of the German Fiscal Code (Abgabenordnung).
The purpose of processing membership data is the pursuit of the association's purpose and its administration. The legal basis is the membership in the association (Article 6 (1) b) GDPR).
Use and disclosure of personal data
The personal data provided by you are logged solely for administrative purposes, e.g. to manage our list of members or subscriptions to our newsletters. We never pass on, sell or otherwise disclose your personal data to third parties. When you send us an e-mail, your e-mail address is used solely for corresponding with you and for no other purpose.
The Oeko-Institut takes all necessary technical and organisational measures to protect your personal data against loss or misuse. Users who contact the Oeko-Institut by e-mail are made aware that the confidentiality of information contained in unencrypted e-mails cannot be guaranteed.
When we process your personal data, you have the following data subject rights:
- The right of access to the data processed and a right to a copy of the data processed;
- The right to correction if we process inaccurate data concerning you;
- The right to erasure, unless exceptions apply as to why we are still storing the data, for example, retention obligations or statutes of limitation;
- The right to restriction of the processing of data;
- The right to withdraw consent to data processing at any time;
- The right to object to processing of data in the public or legitimate interest;
- The right to data portability;
- The right to lodge a complaint with the competent supervisory authority in case you consider that we are not processing your data in accordance with the applicable regulations. The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg is responsible for our association. However, if you are in another state (Land) of Germany or outside of Germany, you may also contact the data protection authority in your location.