1. Privacy at a glance
The German Design Council is committed to protecting your data and adheres to current data protection guidelines. The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed below this text.
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section ‘Information on the data controller’ in this privacy policy.
What data is collected and when?
Your data is collected, on the one hand, when you provide it to us. This may include, for example, data that you enter into a contact form. We collect data when graduates register a university and submit their theses: depending on the enquiry, we collect title, first name, surname, university, degree, street, postcode, town, country, telephone number, email address and website.
Other data is collected automatically or with your consent when you visit the website via our IT systems. This consists primarily of technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you access this website.
Why do we collect your data?
The German Design Council collects your data for the purpose of performing the contract and fulfilling its pre-contractual and contractual obligations. This data collection and the associated data processing are necessary for the fulfilment of these obligations and are based on Article 6(1)(b) of the General Data Protection Regulation (GDPR). No data is disclosed to third parties. Invoices are stored for the duration of the statutory retention periods. The data is deleted as soon as it is no longer required for the purpose of its processing.
Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour. Where contracts can be concluded or initiated via the website, the data transmitted will also be processed for contractual offers, orders or other enquiries.
What rights do you have regarding your data?
You have the right at any time to obtain information, free of charge, about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to restrict the processing of your personal data. You also have the right to lodge a complaint with the relevant supervisory authority.
Analytics tools and third-party tools
When you visit this website, your browsing behaviour may be analysed for statistical purposes. This is primarily done using analytics tools. Please feel free to contact us at any time regarding this matter or if you have any further questions about data protection.
2. Hosting
We host the content of our website with the following provider:
Contabo GmbH
Welfenstraße 22
81541 Munich
Germany
(hereinafter ‘Contabo’)
We have entered into a data processing agreement (Contabo) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that Contabo processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. For further details, please refer to Contabo’s privacy policy: https://contabo.com/de/legal/privacy/
3. General information on the legal basis for data processing on this website
Where you have consented to the processing of your data, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, where special categories of data as defined in Article 9(1) of the GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR.
Where you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) of the TDDDG. Consent may be withdrawn at any time.
If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The relevant legal bases in each individual case are set out in the following paragraphs of this privacy policy.
Security vulnerabilities in data transmission
Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to guarantee complete protection of data against access by third parties.
Retention period
Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a valid request for erasure or withdraw your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, erasure will take place once these grounds no longer apply.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.
Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
If data processing is based on art. 6(1)( e or f of the gdpr, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on these provisions. you can find the relevant legal basis on which processing is based in this privacy policy. if you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims (objection under Article 21(1) of the GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to art. 21(2) gdpr).
Right to lodge a complaint with the competent supervisory authority
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place where the alleged infringement occurred. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.
Access, rectification and erasure
Within the framework of the applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, where applicable, a right to rectify or erase this data. You may contact us at any time regarding this matter or any further questions on the subject of personal data.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. You may contact us at any time to do so. The right to restriction of processing applies in the following cases:
If you dispute the accuracy of your personal data held by us, we generally need time to verify this. For the duration of this verification, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data has been or is being carried out unlawfully, you may request the restriction of data processing instead of erasure.
If we no longer require your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
If you have lodged an objection under Article 21(1) of the GDPR, a balancing of interests between yours and ours must be carried out. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.
Objection to promotional emails
We hereby object to the use of contact details published in accordance with the legal notice requirement for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example via spam emails.
Cookies
Our website uses so-called ‘cookies’. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
Enquiries by email or telephone
If you contact us by email or telephone, your enquiry, including all personal data contained therein (name, enquiry), will be stored and processed by us for the purpose of dealing with your request. We will not disclose this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) where this has been requested; consent may be withdrawn at any time.
The data you send to us via contact enquiries will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been fully processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
4. Recipients of personal data
As part of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in the transfer pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer.
When using data processors, we only pass on personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.
Gravity Forms
We have integrated Gravity Forms on this website. The provider is:
Rocketgenius, 1620 Centerville Turnpike, Suite 102, Virginia Beach, VA 23464-6500, United States.
Jotform
We have integrated Jotform on this website. The provider is Jotform Inc., 111 Pine St., Suite 1815, San Francisco, California 94111, USA (hereinafter “Jotform”).
Jotform and Gravity Forms enable us to create online forms to collect messages, inquiries, and other input from our website visitors. All data you enter is processed on Jotform’s servers.
The use of Jotform and Gravity Forms is based on our legitimate interest in providing a user-friendly way to handle your inquiries (Art. 6(1)(f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The data you enter in the form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—especially retention periods—remain unaffected.
Data transfers to the USA are secured by EU Standard Contractual Clauses that we have concluded with Jotform. Details can be found here:
https://www.jotform.com/gdpr-compliance/dpa/
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards. Further information is available from the provider at:
https://www.dataprivacyframework.gov/participant/6788
Data Processing Agreement
We have concluded a data processing agreement for the use of the above-mentioned services from Jotform and Gravity Forms. This is a contract required under data protection law, ensuring that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.
Salesforce Sales Cloud
We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter “Salesforce”).
Salesforce Sales Cloud is a CRM system and enables us, amongst other things, to manage existing and potential customers as well as customer contacts, and to organise sales and communication processes. The use of the CRM system also enables us to analyse our customer-related processes. Customer data is stored on Salesforce’s servers. In this context, personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.
Details on the functions of Salesforce Sales Cloud can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/.
The use of Salesforce Sales Cloud is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring customer management and customer communication are as efficient as possible. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Salesforce has Binding Corporate Rules (BCR) that have been approved by the French data protection authority. These are binding internal company rules that legitimise the internal transfer of data to third countries outside the EU and the EEA. Further details can be found here: https://www.salesforce.com/de/blog/ 2020/07/the-binding-corporate-rules-of-salesforce-meet-the-highest-da.html.
For further details, please refer to Salesforce’s privacy policy: https://www.salesforce.com/de/company/privacy/.
The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5959.
Data processing
We have entered into a data processing agreement (Salesforce) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Social media
In addition to our website, we are active on Instagram, Google+, YouTube and LinkedIn. On our website, you can access these social networks directly via the integrated social media buttons. We use your data for this purpose solely to provide you with access to the relevant page; we do not obtain your login details.
Functions of the Instagram service are integrated into this website. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information that you have visited this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it is used by Instagram.
Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Details of Instagram’s privacy policy can be found here: help.instagram.com/478745558852511
You can find details of the privacy policies for Google+ and YouTube here: www.google.de/policies/privacy
You can find details of the privacy policy for LinkedIn here: www.linkedin.com/legal/privacy-policy?_l=de_DE
You can find details of the privacy policy for Facebook here: www.facebook.com/about/privacy/your-info
5. Analytics tools
We use Google Search Console to monitor and improve our website’s performance in Google search results. In doing so, Google collects certain data, such as search queries, clicks, impressions and technical information regarding the indexing and crawling of the website. Google processes this data in accordance with the Google Privacy Policy.
The data collected by Google helps us to optimise the visibility of our website and identify technical issues. We have no influence over the processing of this data by Google.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Further information on Google’s privacy policy and how to manage your own data can be found on the above-mentioned page https://support.google.com/analytics/answer/6004245?hl=de.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.
JavaScript
We use a simple JavaScript plug-in on this website, which enables a simple frequency count over the last 14 days.
6. Information regarding the data controller
The data controller responsible for data processing on this website is:
LOCKL VERNEY Solicitors
Dr Martin Lockl, Solicitor
Myliusstrasse 51
60323 Frankfurt am Main
Telephone: +49 69 9799 5767
Fax: +49 69 9799 5768
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
General contact
German Design Council Foundation / Stiftung Rat für Formgebung
Friedrich-Ebert-Anlage 49
60327 Frankfurt am Main
info@gdc.de