Data Protection
1. General information about the collection of personal data
Data protection has a high significance for the IAW. Therefore, the website of the IAW only collects a technically necessary minimum of personal data.
Processing personal data always takes place in strict compliance with the General Data Protection Regulation (GDPR) and the applicable country-specific data protection regulations.
This data protection statement informs about the type, scope and purpose of the personal data we collect while you are using our website. In addition, we provide information about your rights in this context.
If you contact us via e-mail, the personal data you provide will only be captured to the extent that it is necessary for your request. Any personal data resulting from your approach will be deleted as soon as further saving is no longer necessary. If there are statutory retention requirements, we then restrict further processing.
The IAW has taken a large number of technical and organizational measures to ensure the greatest possible security for the electronic transmission of personal data. Nevertheless, all forms of technical data transmission can leak in their security. Therefore, unfortunately, data protection cannot be completely guaranteed. Every person concerned is therefore free to transmit personal data in alternative ways, for example by telephone.
2. Provisions
The IAW's data protection statement is based on the terms defined by the European directives and regulators when the General Data Protection Regulation (GDPR) was defined. Our data protection statement claims to be legible and understandable. To ensure this, we would like to comment on the terminology used in advance.
For the purposes of this regulation, the terms are defined as followed.
- "Personal data” covers all information that relates to an identified or identifiable natural person (hereinafter "data subject"); a natural person who can be identified directly or indirectly, is regarded as identifiable. This includes in particular direct or indirect identification by means of assignment to an identifier such as a name, an identification number, location data, online identification or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person;
- “Processing” means any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction;
- "Restriction of processing" is defined as the labelling of stored personal data with the aim of restricting their future processing;
- “Profiling” means any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person. In particular it includes aspects relating to work performance, economic situation, health, to analyse or predict the preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person;
- "Pseudonymization" is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information. Additional Information is stored separately and is subject to technical and organizational measures that ensure that the personal data are not assigned to an identified or identifiable natural person;
- “File system” means any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is managed centrally, decentrally or according to functional or geographical criteria;
- "Person Responsible" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data; If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states;
- "Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible;
- “Recipient” means a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients; the processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in accordance with the purposes of the processing;
- “Third party" means a natural or legal person, authority, agency or other body, apart from the data subject, the person responsible, the processor and the persons authorized to process the personal data under the direct responsibility of the person responsible or the processor;
- "Compliance" of the person concerned means any voluntary, informed and unambiguous declaration of will in the form of a declaration or other unambiguous affirmative action with which the person concerned indicates that they agree with the processing their personal data;
- "Violation of the protection of personal data" is a breach of security that leads to destruction, loss or alteration, whether unintentional or unlawful, or to the unauthorized disclosure of or unauthorized access to personal data that is transmitted, stored or otherwise processed were;
- "Genetic data" means personal data on the inherited or acquired genetic characteristics of a natural person, which provide clear information about the physiology or health of this natural person and in particular have been obtained from the analysis of a biological sample of the natural person concerned;
- “Biometric data” is personal data obtained using special technical processes relating to the physical, physiological or behavioural characteristics of a natural person, which enable or confirm the unique identification of this natural person, such as facial images or dactyloscopy data;
- "Health data" means personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information about their state of health can be obtained;
- “Supervisory authority” is an independent state body set up by a member state in accordance with Art. 51 GDPR;
3. Your rights
As the data subject, you have the right to request confirmation from the person responsible as to whether personal data related to you is being processed. If this is the case, you have the right to obtain information about this personal data and the following additional information:
- the purposes of the processing;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be retained or, if this is not possible, the criteria for determining this duration;
- the existence of a right to correction or deletion of your personal data or to restriction of processing by the person responsible or a right to object to this processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- if the personal data are not collected from the data subject, all available information on the origin of the data;
- the existence of automated decision-making including profiling in accordance with Article 22 paragraphs 1 and 4 and - at least in these cases - meaningful information about the logic involved, the range, and intended consequences of such processing for the data subject.
4. Collection of personal data during a visit to our website
During your use of the website, we only collect personal data that your data terminal transmits to our server. When you visit our website, we only collect data that is technically necessary to display our website to you and to guarantee the stability and security of the usage (according to Art. 6 para. 1 p. 1 lit. f GDPR):
- operating system
- Browser software
- language
- Date and time of the request
- Content of the request
- IP address
- amount of data transferred in each case
- SessionID
- Website from which the request came
- HTTP status code
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We do not evaluate the flow of visitors to our website. However, we reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.
5. Objection or revocation against the processing of your data
You can revoke your consent to the processing of your personal data at any time.
6. Delivery of IAW news and other publications
On the IAW website, users are given the opportunity to order IAW news and other publications from the institute. We also offer to you to draw your attention to events at the institute. You can use this form (in German) to control which of these options you use and which personal data you give us for this purpose.
For legal reasons, we ask you to send a confirmation e-mail in line with the double opt-in procedure the first time you contact us by e-mail. This confirmation e-mail is used to ensure that the owner of the e-mail address has authorized the receipt of the publications and invitations.
The personal data collected as part of a registration will only be used to send our publications and invitations. This data is not passed on to third parties. The dispatch of the publications and invitations can be recalled at any time. The consent to the storage of personal data that the person concerned has given us for dispatch can be revoked at any time. There is a corresponding link in every email for the purpose of withdrawing consent. It is also possible to unsubscribe directly on the website at any time using the corresponding form or to inform the person responsible for processing in another way.
7. Name and address of those responsible for processing
Responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
Institute for Applied Economic Research (IAW) e.V.
Schaffhausenstraße 73
72072 Tübingen
Germany
Phone: +49 7071 9896 0
Email: iaw@iaw.edu
Website: www.iaw.edu
8. Name and address of the data protection official
The data protection official in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:
Dr. Andreas Koch
Phone: +49 7071 9896 12
Email: datenschutz@iaw.edu
The deputy data protection official is:
Dr. Philipp Kugler
Phone: +49 7071 9896 32
Email: datenschutz@iaw.edu
Any person concerned can contact our data protection official directly.