Privacy Policy
Data protection and data security have a high priority for us. What this means in detail is explained here in conformity with the new basic data protection regulation (GDPR).
1. Privacy policy of the IWW Water Centre
1.1 Preface
The B-WaterSmart project website is hosted and maintained by project partner IWW Water Centre (hereinafter: IWW). We take the protection of your personal data very serious. But what does this mean in concrete terms? In the following, we would like to give you an insight into what personal data we collect from you and how we process it. You will also find an overview of the rights to which you are entitled under current data protection legislation. In addition, we will give you the names of your contact persons in case you have any further questions.
1.1.1 Who are we?
IWW Rheinisch-Westfälisches Institut für Wasserforschung gemeinnützige GmbH
Moritzstr. 26
45476 Mülheim an der Ruhr
Germany
Phone: +49 208 40303-0
Fax: +49 208 40303-80
E-mail: info@iww-online.de
Lothar Schüller (Managing Director)
We take all measures required under applicable data protection law to ensure the protection of your personal data. If you have any questions regarding data processing in our association and the exercise of your rights, you can also contact our data protection officer free of charge.
Helmut Pelster
SIC GmbH
Harscheidweg 18a
45472 Mülheim
Germany
1.2 Scope of application of the privacy statement
By processing personal data, the legislator understands activities such as the collection, recording, organisation, organisation, storage, adaptation or alteration, reading, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction of personal data. Personal data is any information relating to an identified or identifiable natural person. This privacy policy deals with the personal data of customers, members, interested parties or visitors.
1.3 What personal data do we process?
Your personal data is collected by us when you contact us, e.g. as an interested party. This can happen, for example, by registering for our online services or by contacting us via our communication channels. The following types of personal data are processed by us:
Information for personal identification e.g. first name and surname, e-mail address, company-related data e.g. company name, department, activity and data on your online behaviour e.g. IP addresses, user names, data on your visits to our website, actions carried out on our websites, place of access and other information comparable to these data categories.
1.3.1 Sensitive data
Sensitive data, i.e. special categories of personal data such as information on health, political opinions, and religious or trade union affiliation, are not collected through this channel.
1.3.2 Personal data of minors
Personal data of children or minors are only collected if they use our communication channels. Insofar as personal data of minors have been processed without the consent of a parent or legal guardian, they will be deleted immediately.
1.3.3 Use of cookies
Cookies are files that are placed on your computer by our websites while you are visiting the site. These files store information that makes your use of this site more efficient. We use Matomo as a web analysis service to analyse the user behaviour on the web pages. For this analysis, the usage information generated by the cookie (including the shortened IP address of the user) is transferred to our servers and stored for usage analysis purposes. We use the usage analysis to optimise our own websites, customer contact and other advertising measures, as well as for market research purposes. During this process, the user’s IP address is immediately shortened so that the identification of the user via the IP address is no longer possible. Any user who does not agree with the storage and evaluation of his anonymised user data on his visit to our website can object to this storage and use at any time.
1.4 What do we process your personal data for – and on what legal basis?
1.4.1 Newsletter
You have the possibility to register for our newsletter via our website. To send the newsletter, we only need your e-mail address. All other details are voluntary and only serve to personalise the newsletter. You will only receive our newsletter after the successful completion of a double opt-in procedure. You have the right to cancel the newsletter at any time. A corresponding link is implemented in every newsletter. If you cancel our newsletter, we will immediately delete your contact data from our newsletter distribution list.
The legislator has certain requirements regarding the validity of electronic consent, as used for registration for the newsletter. These include the recording of your declaration of consent. We therefore log the date and time of consent, the text of the declaration of consent, your e-mail address and all other voluntary details. We also log the date and time of the click on the confirmation link and the link in the confirmation e-mail. We collect this information solely in order to comply with legal obligations.
IWW uses Mailchimp for the registration to and sending of newsletters. Your data will be stored there. Their data protection regulations can be found here.
By subscribing to our newsletters, you agree to receive them and to the procedures described.
1.4.2 Social media buttons and plugins
1.4.2.1 Twitter
Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter in the process.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. You can find further information on this in the Twitter privacy policy.
You can change your privacy settings on Twitter in your personal account settings.
1.4.2.2 LinkedIn
IWW uses the information service, technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, for our LinkedIn profile.
Please note that you use this LinkedIn site and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). When you visit our LinkedIn site, LinkedIn records, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the LinkedIn site, with statistical information about the use of the LinkedIn site. LinkedIn provides more information about this in their privacy policy.
The information collected about you in this context will be processed by LinkedIn Inc. and may be transferred to countries outside the European Union. LinkedIn’s data use policy describes in general terms what information LinkedIn receives and how it uses it. You will also find information on how to contact LinkedIn and on how to place advertisements. The Data Use Policy is available here.
LinkedIn does not specifically and clearly state how LinkedIn will use data from visits to LinkedIn sites for its own purposes, the extent to which activities on the LinkedIn site are attributed to individual users, the length of time LinkedIn will retain this data, and whether data from a visit to the LinkedIn site will be shared with third parties.
When you access a LinkedIn page, the IP address assigned to your terminal device is transmitted to LinkedIn. According to LinkedIn, this IP address is anonymised (in the case of “German” IP addresses) and deleted after 90 days. LinkedIn also stores information about the end devices of its users (e.g. as part of the “registration notification” function); LinkedIn may thus be able to assign IP addresses to individual users.
If you are currently logged in to LinkedIn as a user, a cookie containing your LinkedIn identifier will be placed on your device. This enables LinkedIn to keep track of your visit to this site and how you have used it. This also applies to all other LinkedIn pages. LinkedIn buttons embedded in web pages enable LinkedIn to record your visits to these web pages and assign them to your LinkedIn profile. This data can be used to offer content or advertising tailored to your needs.
If you wish to avoid this, you should log out of LinkedIn or deactivate the “stay logged in” function, delete the cookies on your device, close your browser and restart it. This will delete LinkedIn information that identifies you directly. This allows you to use our LinkedIn site without revealing your LinkedIn identification. When you access interactive features of the site (Like, Comment, Share, Messages, etc.), a LinkedIn login screen will appear. Once you have logged in, LinkedIn will again recognise you as a specific user. Information on how to manage or delete information about you can be found on the LinkedIn support pages.
As the provider of the information service, we do not collect or process any other data from your use of our service.
1.4.2.3 YouTube
We include YouTube videos in enhanced privacy mode on our websites and use YouTube as a streaming service provider to ensure better performance. The relevant YouTube privacy policy can be found here.
If you want to be sure that no data about you is stored on YouTube, do not click on the embedded videos. You also have a right of objection to YouTube profiling, but to exercise this right you must contact YouTube directly.
1.4.2.4 Wordfence Security
The “Wordfence Security” service, which is operated by Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA, is used to secure our online offering. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) DSGVO The website uses the plugin to protect against viruses and malware and to defend against attacks by computer criminals. In order to recognize whether the visitor is a human or a robot, the PlugIn sets cookies. For the purpose of protection against brute force and DDoS attacks or comment spam, IP addresses are stored on Wordfence servers. IP addresses classified as harmless are placed on a white list. Wordfence Security secures our website and thus protects visitors to the website from viruses and malware. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The Live Traffic View option (real-time live traffic) of the PlugIn is switched off, as it is not mandatory. More information on the collection and use of data by Wordfence Security can be found in Defiant’s privacy policy: https://www.wordfence.com/privacy-policy/
1.4.3 Events
We offer the possibility to register for B-WaterSmart events on our website. For this purpose, we will save your name, the company you register for and your email address for a short period of time. Once the registration for the event closes, we will pass on said information to the host of the event and then delete the data from our servers again.
1.4.4 Measures that serve your safety
We use your personal data in the following cases, among others: In order to improve the reliability of our web applications, our IT support works closely with you in the event of technical problems. In this context, we also evaluate logs of page accesses, actions carried out, etc. in order to be able to guarantee IT security and to be able to record and prove facts in the event of possible legal disputes.
If you have consented to the processing of your personal data for one or more specific purposes, we are permitted to process your data. You can revoke this consent with a view to the future at any time without incurring any costs other than the transmission costs according to the basic tariffs (costs of your Internet connection). However, the revocation of consent does not affect the legality of the processing carried out up to the revocation.
1.5 Where we transfer data and why
1.5.1 Data use within IWW
Within IWW, only those bodies that require your personal data in order to fulfil our contractual or legal obligations or to protect our legitimate interests are granted access.
1.5.2 Use of data outside IWW
We respect the protection of your personal data and only pass on information about you if required by law, if you have given your consent, or to fulfil contractual obligations. For example, the following recipients may be legally obliged to pass on your personal data: public bodies or supervisory authorities, e.g. tax authorities, customs authorities, judicial and law enforcement authorities, e.g. police, courts, public prosecutors, lawyers or notaries, e.g. for legal disputes, auditors.
1.6 Deletion periods
In accordance with the applicable data protection regulations, we do not store your personal data for longer than we need it for the purposes of the respective processing. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted or blocked for use by us, unless its temporary storage is still necessary. The following reasons can be given for further storage to obtain evidence in the event of legal disputes under the statutory limitation rules. Limitation periods may be up to 30 years in civil law, with the regular limitation period after three years.
1.7 Your rights
In the context of processing your personal data, you are also entitled to certain rights. More detailed information can be found in the relevant provisions of the basic data protection regulation (Articles 15 to 21).
1.7.1 Right of access and rectification
You have the right to receive information from us about which of your personal data we process. If this information is not (or no longer) correct, you can request us to correct the data, and in the case of incomplete information, supplement it. If we have passed on your data to third parties, we will inform the relevant third parties when the legal situation is appropriate.
1.7.2 Right to deletion
Under the following circumstances, you may request the immediate deletion of your personal data:
- when your personal data are no longer needed for the purposes for which they were collected
- if you have revoked your consent and there is no other legal basis for data processing
- if you object to the processing and there are no overriding legitimate reasons for processing
- if your data are processed unlawfully
- if your personal data must be deleted in order to comply with legal obligations
Please note that before deleting your data, we must check that there is no legitimate reason to process your personal data.
1.7.3 Right to limit processing (“right to block”)
For one of the following reasons, you may request us to restrict the processing of your personal data:
- if you dispute the accuracy of the data until we have had the opportunity to satisfy ourselves as to the accuracy of the data
- if the data are processed unlawfully but you request only a restriction on the use of the personal data instead of their deletion
- if we no longer need the personal data for the purposes of the processing, but you still need it to assert, exercise or defend legal claims
- if you have lodged an objection to the processing and it is not yet clear whether your legitimate interests outweigh ours.
1.7.4 Right of appeal
1.7.4.1 Right of objection on a case-by-case basis
If the processing is carried out in the public interest or on the basis of a balancing of interests, you have the right to object to the processing for reasons arising from your particular situation. In the event of an objection, we will not process your personal data unless we can demonstrate compelling reasons for processing your data that are worthy of protection, which outweigh your interests, rights and freedoms, or because your personal data is used to assert, exercise or defend legal claims. The objection does not preclude the lawfulness of the processing carried out prior to the objection. The objection can be made without any formality and should be addressed to:
IWW Centre Water
Moritzstr. 26
45476 Mülheim an der Ruhr
Germany
1.7.5 Right to data transferability
You have the right to receive on request personal data that you have given us for processing in a transferable and machine-readable format.
1.7.6 Right to appeal to the supervisory authority (Art. 77 DS-GVO)
We always try to process your enquiries and claims as quickly as possible in order to protect your rights accordingly. However, depending on the frequency of your enquiries, it may take up to 30 days before we can provide you with further information about your request. If it takes longer, we will inform you promptly of the reasons for the delay and discuss the further procedure with you. In some cases we are not allowed or unable to provide you with information. If legally permissible, we will inform you of the reason for the refusal to provide information. However, if you are not satisfied with our responses and reactions or if you believe that we are violating applicable data protection laws, you are free to lodge a complaint with both our data protection officer and the relevant supervisory authority. The supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Cavalry Route 2-4
40213 Düsseldorf
Germany
Phone: +49 (0) 211 384 24-0
e-mail: post office(at)ldi.nrw.de
1.8 data protection officer
Our data protection officer is available to you as a contact person for data protection-related matters:
Helmut Pelster
SIC GmbH
Harscheidweg 18a
45472 Mülheim
Germany
1.9 Version
This is a first version from 18.11.2022. We reserve the right to update our data protection declaration if necessary.