The IASS is committed to ensuring that your personal data are protected. We strictly observe the requirements of relevant privacy laws. Personal data is only collected to the extent necessary on this website. Under no circumstances will information collected through this website be sold or forwarded to third parties without authorisation.
This privacy statement outlines the types of data that we collect, the purposes for which it is used, and how it is protected.
Data collected on this website
a. Types of personal data that we collect and process
- Web server log
Browser type / version, operating system, HTTP referer (previously visited web-page), IP address, date and time of the server inquiry, local URL, getParameter, and error events (if applicable)
- The following information is collected when you register for the IASS newsletter:
e-mail address, first and surname(s), consent-related data (use of the confirmation and consent link, time stamp, IP address)
- The following information is collected when you register to attend an event:
salutation, title, first and surname(s), e-mail address, professional affiliation, nationality
b. Sources of personal information
Personal data is collected through our website during server communications and when you enter data for a particular purpose (see above).
c. Retention period / Criteria for data retention
- Web server logs
up to 3 months
- Registration for the IASS newsletter:
24 hours following activation of the double opt-in link. Personal data are deleted immediately when a user unsubscribes from the newsletter.
- Registration to attend an event:
We may use your e-mail address for future invitations to events of the IASS on the same or a similar topic, unless you have objected this use. You have the right to object this use of your e-mail address at any time, without incurring costs other than the transmission costs according to the basic rates. Please contact: firstname.lastname@example.org.
d. How will your personal information be used?
- Web server logs
Personal data are retained in accordance with the German Telecommunications Act (TKG) in order to protect network integrity and safeguard against faults.
- Information collected when you register for the IASS newsletter is used exclusively to manage newsletter distribution.
- Information collected when you register to attend an IASS event is used to deliver invitations and manage events; contact data may also be retained for use in connection with future events.
e. Legal basis for the collection and processing of personal information
- Web server logs:
the processing of this information is necessary for the purposes of the legitimate interests pursued by the website controller in accordance with point (f) of Article 6(1) of the General Data Protection Regulation (EU) 2016/679), hereafter referred to as GDPR.
- Newsletter registration:
consent pursuant to point (a) Article 6(1) of the GDPR
- Registration to attend an IASS event:
the processing of this information is necessary for the purposes of the legitimate interests pursued by the website controller in accordance with point (f) of Article 6(1) of the GDPR.
f. Automated decision-making
Automated decision-making technologies are not employed on this website.
g. Transfer of data to third parties or international organisations
We do not use the services of international service providers.
h. Your right to notification
You have the right to be notified with respect to any personal data relating to you that we collect and process. In such cases, it is your right to be informed of: the purposes of the processing for which the personal data are intended; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period; the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; and, where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer. Please note that you have the right to request and obtain a single copy of the personal data undergoing processing. A reasonable fee based on our administrative costs may be levied for any further copies that you request. Your right to obtain a copy of this data shall not adversely affect the rights and freedoms of others.
i. Your right to rectification
You have the right to have any inaccurate personal data relating to your person rectified without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of a supplementary statement.
j. Your right to erasure
You have the right to require that we erase, without undue delay, any personal data about you; in addition to this, your personal data must be erased without undue delay where any of the following applies: the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw your consent on which the processing is based according to point (a) of Article 6(1) (GDPR), or point (a) of Article 9(2) (GDPR), and where there is no other legal ground for the processing; where you objects to the processing pursuant to Article 21(1) (GDPR) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) (GDPR); the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the IASS is subject; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). This shall not apply to the extent that this is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing in accordance with a European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims.
k. Your right to restriction of processing
You have the right to require that we restrict the processing of your personal data where one of the following applies: the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of processing, but these are required by you for the establishment, exercise or defence of legal claims; you object to processing pursuant to Article 21(1) of the GDPR pending verification whether our legitimate grounds override those of the data subject (you). If such a restriction is put in place, you will be informed before it is lifted.
l. Your right to object to the processing
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of your personal data in accordance with points (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. Such data will no longer be processed unless we are able to demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data concerning for such purposes. This also applies to profiling to the extent that it is related to such direct marketing. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning your person, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
m. Your right to data portability
You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance, where: the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and the processing is carried out by automated means. In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another technically feasible and when doing so does not adversely affect the rights and freedoms of others. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Your right to data portability shall not adversely affect the rights and freedoms of others.
n. Your right to withdraw consent
You have the right to withdraw at any time your consent to the future processing of personal data pursuant to point (a) of Article 6(1) or point (a) of Article 9(2). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
o. Your right to lodge an official complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data relating to your person infringes upon current privacy legislation.
To lodge a complaint, contact:
Commissioner for the Protection of Data and Freedom of Information in Brandenburg
Stahnsdorfer Damm 77
p. Matomo Web Analysis
This web site uses Matomo, an open-source software for the statistical analysis of user activity on the site. Matomo uses so-called cookies, text files that are stored on your computer and which facilitate the analysis of your website use. Information that we collect about how you use the website is stored exclusively on an IASS web server. Matomo uses the PrivacyManager plugin to render the user’s IP address anonymous immediately after being processed and before it is stored by masking the last two sections of the address.
User data collected in this way are statistically analysed to improve the design of our website as needed. The data will be used only for this purpose and erased after evaluation.
For further information, please see: http://matomo.org
You can decide whether a web analysis cookie may be placed on your computer in order to allow the website operator to capture and analyse certain statistical data.
q. Social media features
Our website integrates a number of social media features. By clicking on one of the relevant buttons, you open the selected social network. In order to protect your personal data, we advise you to read the data protection information of the respective social networks carefully.
Our website currently uses the social media plug-ins for Twitter and YouTube.
r. Transmission of Personal Data
Your personal data will not be disclosed to third parties, unless necessary to fulfil back office requirements. Any transmission of data will be limited to the necessary minimum. Insofar as the IASS is obliged legally or by court order to transmit your personal data, we will only disclose them to authorities entitled to receive these data as specified by law.
s. PRIVACY NOTICE regarding film, photography and audio recordings produced at IASS events
This English translation is provided for information purposes only. The original German text is binding in all respects. In the event of discrepancies between the English and German versions, the German version shall prevail.
The following entity is responsible for processing personal data:
Institute for Advanced Sustainability Studies e.V. (IASS) Berliner Straße 130
Telephone: +49 331 28822-300
Fax: +49 331 28822-310
If you have specific questions regarding the protection of your data, please contact the responsible data protection officer:
Mrs Eva Grübel-Hoffmann
ITM Ges. für IT-Management mbH Bürgerstraße 81
Telephone: +49 351 30711875
personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
A data subject is any identified or identifiable natural person whose data are processed by the data controller.
processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
restriction of processing
restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;
profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her