With the following information, we offer you an overview of how we process your personal data and your rights.
1. Who is responsible for handling data and whom can I contact?
The controller is:
Deutsches Institut für Wirtschaftsforschung e.V. (DIW Berlin)
Phone +49-30-897 89-0
Fax +49-30-897 89-200
You can also contact our external data protection officer:
Data Protection Officer
Budapester Str. 31
2. To whom does this data privacy statement apply?
3. Which data do we use?
In principal, you can visit our website without informing us of your identity, unless you send us an e-mail or a message via a contact form, advertise with use, or apply to join us or use our online services. In doing so, we process only the data necessary to answer your request or to provide our services. The relevant input form makes it clear which data are collected. The necessary data are marked as mandatory fields. If we ask for further information, it is voluntary information. We use this information to personalise our offers or better suit it to your needs. In all other cases we only use the data required to contact you.
4. For what purposes and on what legal basis do we use your data?
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and Federal Data Protection Act (FDPA). Please also refer to our information on your right of objection according to Article 21 of the GDPR.
a) For the fulfilment of contractual obligations (Art. 6 (1) b of the GDPR)
Personal data are processed to produce a contract and to implement pre-contractual measures at your request.
- Your registration or service requests
b) In the context of balancing interests (Art. 6 (1) f of the GDPR)
If necessary, we process your data in addition to the actual fulfilment of the contract for the protection of our legitimate interests or the interests of third parties.
- Asserting legal claims and defence in legal disputes
- Ensure IT security
- For direct marketing purposes
- Processing your application
- Answering your request
c) Subject to your consent (Art. 6 (1) a of the GDPR)
Provided you give your consent for your personal data to be processed for specific purposes, the lawfulness of this processing is assigned on the basis of your consent. Consent that has been given can be revoked at any time. Please note that revocation only applies to the future. Any processing of data that occurred before the revocation of consent is not affected.
- in order to execute a contract or a survey,
- sending press releases and newsletters: We use the so-called double opt-in procedure for sending out newsletters. This means that we only send you an e-mail newsletter once you have expressly agreed to receive newsletters. The option to directly unsubscribe from these newsletters is included in each newsletter e-mail.
d) Due to legal requirements (Art. 6 (1) c of the GDPR) or in the public interest (Art. 6 (1) e of the GDPR)
As a company, we are also subject to various legal obligations (such as the German Commercial Code and Tax Code).
The legal basis for processing your personal data in this application procedure is primarily Article 26 of the GDPR in the version applicable as of 25.05.2018. Thereafter, the processing of data shall be permitted only if required in connection with a decision regarding the establishment of a business relationship. If any data may be required after completion of the application procedure or for prosecution, the data may be processed on the basis of the conditions of Article 6 of the GDPR, in particular for safeguarding legitimate interests in accordance with Article 6 (1) f of the GDPR. Our interest is then in the assertion or the defence of claims.
In sending your application, you agree to us storing and processing your data for the purpose of application, job appointment and recruitment. You can revoke this consent and withdraw your application at any time.
We only process the personal data in your application for the purpose of the application procedure and job appointment process. The relevant employees of our human resources department in cooperation make Job appointments with departmental managers.
Your data will be deleted six months after completion of your application procedure, unless you agree to your data being stored for a longer period of time, in order to consider you for a future job appointment, for example. In the event of your recruitment, your data will be added to our personnel files.
5. Who receives my data?
Within BERA, access to your data is granted to the members that require this data to fulfil our contractual and legal obligations or in the context of balancing interests. Service providers and agents employed by us can also be granted access to data for these purposes, so long as they maintain confidentiality and observe our data protection policies. Data will only be passed on to third parties exclusively within the framework of the provisions of the GDPR and FDPA.
6. Are data transmitted to third countries?
No data will be passed on to countries outside of the EU or the European Economic Area (so-called non-member states).
7. How long will my data be stored for?
We will process and store your personal data so long as these are necessary to fulfil our contractual and legal obligations or in the context of balancing interests. If the data are no longer needed for these purposes, they will be deleted on a regular basis, unless further short-term processing is needed to comply with commercial and tax law retention periods, such as those of the German Commercial Code and Tax Code. The periods of retention or documentation specified in these codes amount to six to ten years.
8. Which privacy rights do I have?
- the right of access by the data subject under Article 15 of the GDPR,
- the right to rectification under Article 16 of the GDPR,
- the right to erasure under Article 17 of the GDPR,
- the right to restriction of processing under Article 18 of the GDPR,
- the right to data portability under Article 20 of the GDPR,
- the right to object under Article 21 of the GDPR.
In addition, there is a right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with Article 19 FDPA).
A list of German supervisory authorities and their contact details can be found by following this link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
You may revoke any consent given to us for the processing of personal data at any time. Please note that revocation only applies to the future. Any processing of data that occurred before the revocation of consent is not affected. Please also refer to our information on your right of objection according to Article 21 of the GDPR.
To exercise your rights, please use the above-mentioned contact details for our data protection officer.
9. Is there an obligation to provide data?
In the context of our business relationship or the ordering of services, you must provide the personal data necessary for us to conduct the business relationship or provide a service and fulfil related contractual obligations, or the personal data we are legally obligated to collect. Without these data, as a general rule, we must decline completion of the contract or execution of the order, or may no longer be able to carry out an existing contract and may therefore terminate this contract.
10. Is there any automated decision-making such as profiling?
In general, we do not use any fully automated decision-making such as profiling in accordance with Article 22 of the GDPR.
11. Information on your right of objection under Article 21 of the GDPR
a) Right to object in individual cases
You have the right to object to processing of your personal data for reasons arising from your particular situation. The precondition for this is that the processing of data is being done in the public interest or on the basis of a balancing of interests. This also applies to profiling. In the event of any objection, we will no longer process your personal data, unless we can prove compelling legitimate grounds for the processing of these data that outweigh your interests, rights and freedoms. Alternatively, your personal data may serve the establishment, exercise or defence of legal claims.
b) Objection to the processing of your data for direct marketing
If your personal data are processed for our direct marketing, you have the right to object to this at any time; this also applies to profiling when this is associated with direct marketing. In the event of an objection, we will no longer process your personal data for these purposes. An objection can be filed in any form and should preferably be directed to the above-mentioned contact details for our data protection officer.
12. Which data are processed in the use of the website?
a) Usage-related information
We receive usage data whenever anyone visits our website. These include information such as the screen resolution, the browser version, the Internet connection, the operating system, the language, the installed plug-in, the origin in terms of country/region, and the search engine. The stored data are analysed for statistical purposes and to optimise our web pages. Data are not passed on to third parties and no user-related analysis is carried out. We also store the connection data related to our website (IP addresses) for a short period of a few days to ensure IT security.
So-called session cookies are used when visiting individual web pages to facilitate navigation. These cookies expire once the session has ended and contain no personal data, which means that the contents of the cookies are not subject to user-related analysis. You can configure your browser to forbid cookies or only allow cookies in individual cases.
Cookies that are necessary to communicate electronically or to provide certain functions are stored on the basis of Article 6 (1) f of the GDPR. In this case, cookies are stored so that we can provide our services without technical issues and in an optimised manner. The functionality of our website may be restricted through the deactivation of cookies.
c) Matomo (formerly called Piwik)
This website uses the open source web analysis service Matomo. Matomo uses so-called „cookies,“ which are text files that are stored on your computer and that make it possible to analyse your use of this website. In conjunction with this, the information about the use of this website generated by the cookie will be archived
on our server. Prior to archiving, the IP address will first be anonymized. Matomo cookies will remain on your device until you delete them.
The storage of Matomo cookies and the use of this analysis tool are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
The information generated by cookies concerning the use of this website shall not be shared with any third parties. You may prevent the storage of cookies at any time by making pertinent changes to your browser software settings; however, we have to point out that in this case you may not be able to use all of the functions of this website to their fullest extent. If you do not consent to the storage and use of your data, you have the option to deactivate the storage and use of such data here. In this case, an opt out cookie will be placed in our browser, which prevent the storage of usage data by Matomo. If you delete your cookies, this will also result in the deletion of the Matomo opt out cookie. Hence, you will have to reactivate the opt out when you return to visit this website.
13. How safe is my data?
To protect the personal data of our customers and prospective customers, we use a safe online transmission protocol: so-called “Secure Socket Layer” (SSL)transmission. All information transmitted with this safe protocol is encrypted before they are sent. Your personal data are only processed by data centres and computers protected by industry standard security technology (such as firewalls, password protection, and access controls).
14. Links to websites of other providers