Data Protection Policy

Introduction

We thank you for your interest in the subject of data protection. We are highly committed to protecting your privacy and your personal data. The information below provides details of the nature, extent and purpose of collecting, processing and using your personal data while you are using our website. If you have any further questions concerning data protection, feel free to contact our data protection officer, as listed below.

The meaning of “personal data” is defined in the General Data Protection Regulation (GDPR). According to this regulation, personal data includes all information that refers to an identified or identifiable natural person. This can include for example, your rightful name, your address, your telephone number or your date of birth. Even information on how you can use this or other websites may contain personal data.

Logfiles

Purpose of the processing

The access log of our webserver has been fully deactivated. But our system does use certain security plugins from WordPress which protect our website from attack and misuse. Normal, non-damaging website accesses are usually not logged by the plugins. However, as soon as there is the suspicion that our system is subject to an attack, data relating to the visitor’s computer system are automatically logged for forensic purposes and stored in firewall logs. The data stored includes the IP address, the data and time, the browser user agent and the reason for the suspicious activity.

The capturing of logfiles serves to record averted or damaging website attacks, to secure forensic activities and to secure and stabilize our website.

Legal basis

The legal basis for this is Article 6.1(f) GDPR.

Legitimate interests

The purposes mentioned also include the legitimate interests in data processing within the meaning of Article 6.1(f) GDPR.

Data storage – duration

Data is deleted when it is no longer necessary to achieve the purpose for which it was captured. As a rule, this is the case after one month at the latest.

Objection

If data is captured in the extent described, this has become necessary to secure and to operate the website. There is, therefore, no opportunity to raise objection.

Personal data with consent granted

As soon as we have your consent to process personal data, Article 6.1(a) GDPR serves as the legal basis for processing your personal data.

When processing your personal data to perform a contract between you and ISDC – International Security and Development Center gGmbH, Article 6.1(b) GDPR serves as the legal basis. This also applies to processes required to conduct pre-contractual activities.

Legal basis

When processing personal data to perform a legal obligation to which ISDC is party, Article 6.1(c) GDPR serves as the legal basis.

Legitimate interests

Article 6.1(f) GDPR provides the legal basis for processing when the processing is necessary for the purposes of the legitimate interests pursued by ISDC or by a third party and where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

Data storage – duration

Your personal data will be deleted or the processing will be restricted as soon as the data has met the purpose for which it was stored. Storage of the data beyond this may be possible if this is stipulated by European or national legislators in EU directives, laws or other regulations to which the controller is subject. The data will be deleted or its processing will be restricted when a prescribed deadline expires, unless it is necessary to continue storing the data to conclude or perform a contract.

Cookies

Purpose of the processing

Cookies are small text files that are stored on your computer when you visit our website; they allow us to reassign your browser. Cookies store information such as your language setting, the duration of your visit to our website or the information you enter there.

There are different types of cookies. Session cookies are temporary cookies that are stored in the user’s internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeated visits and stored in the user’s browser for a predefined time. First-party cookies are set by the website the user visits. Only this website may read information from cookies. Third-party cookies are set by organizations that are not operators of the website that the user visits. These cookies are used by marketing companies, for example.

The cookies used on this website are:

  • _gac: Persistent third-party cookies for the purpose of recognizing visits to websites. The storage period is 3 months.
  • PHPSESSID: First-party session cookies for the purpose of identifying the user’s current session on our website. The storage time is identical to the current session.
  • _uetsid: Persistent third party cookies for the purpose of analysing user activity on our website. The storage period is 30 minutes.

Legal basis

Article 6.1(f) GDPR provides the legal basis for deploying cookies.

Legitimate interests

We use cookies to duly operate the website, to provide basic functionalities and to tailor our website to preferred areas of interest. This is also the legitimate interest in data processing within the meaning of Article 6.1(f) GDPR.

Data storage – duration

Please see above for the duration of data stored as a result of the use of cookies.

Objection

You can delete cookies already stored on your end device at any time. If you wish to avoid the deployment of cookies, you can refuse to accept cookies in your browser. Check your browser manual to see how this works in detail.

Personal data resulting from your query

We also collect your personal data when you yourself give your approval to do so – for example when you want us to contact you. Of course, personal data transferred in this manner is solely used for the purpose intended: for example, to establish contact.

These details are provided voluntarily and, in these cases, are initiated by you yourself. Provided the details supplied are details of communication channels (such as email address, phone number), we will use these channels to contact you to deal with your query.

Purpose of the processing

The purpose of processing your data in this sense is to deal with and answer your query.

Legal basis

The legal basis for processing the data you entered to establish contact with us is Article 6.1(f) GDPR.

Legitimate interests

The purpose described also represents the legitimate interest in processing your data.

Data storage – duration

We will delete the data we received from you in for example establishing contact either as soon as it is no longer required to fulfil the purpose for storing it, as soon as your query has been dealt with in full and no further communication with you is necessary, or if you wish us to delete the data.

Objection

You can refer to our data protection officer at any time with respect to deleting the data to your query (see below for contact details). However, this might also mean that we cannot fully deal with your query.

Job applications

You can apply for an employment position at ISDC electronically. Please note that unencrypted emails sent are not protected against third-party access. Therefore, to secure your data we offer you the option of downloading our public key and of encrypting your email together with your application documents.

Your details are used solely to process your application and in reaching a decision on an employment relationship.

Provided an employment relationship is established between you and ourselves, pursuant to Article 26.1 of the German Federal Data Protection Act, we can further process the personal data we have already received from you for the purpose of the employment relationship, if this is necessary to carry out the employment.

Purpose of the processing

Data is gathered for the purpose of processing your application and in justifying any future employment relationship.

Legal basis

The legal basis for this can be found in § 26.1 German Federal Data Protection Act in connection with § 8.2 German Federal Data Protection Act. If you consent to us storing your data for a longer period of time in order to take your application into consideration at a later point in time, Article 6.1(a) GDPR serves as the legal basis. Your personal data may be continued to be processed if this is necessary to defend against legal claims asserted from the application procedure. The legal basis in the event of this can be found in Article 6.1(f) GDPR. There will also be a legitimate interest in processing your data should we need to defend ourselves against any legal claims arising from the application procedure.

Data storage – duration

Personal data is deleted no later than six months after the conclusion of the application process, unless you have given us your express consent to store your data for a longer period of time.

Google maps

Article 6.1(f) GDPR provides the legal basis for using Google maps.

We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, users’ IP addresses and location data, but these are not collected without their consent (usually as part of the settings of their mobile devices). The data may be processed in the USA.

Transferring data to third parties

We generally do not transmit your data to third parties, unless we are legally obliged to do so. Should external service providers come into contact with your personal data, we shall have made use of legal, technical and organisational measures and regular monitoring to ensure that such persons comply with the relevant data protection regulations. Furthermore, these service providers may only use your data in accordance with our mandate.

Your rights

We will inform you gladly whether and which of your personal data is processed by us and for what purposes (Article 15 of the GDPR). Furthermore, given the respective legal conditions, you have to the right to rectification (Article 16 GDPR), the right to restrict processing (Article 18 GDPR), the right to erasure (Article 17 GDPR), the right to object (Article 21 GDPS) and the right to data portability (Article 20 GDPR).

Irrespective of these rights and the possibility of asserting another administrative or legal redress, you also have the possibility at any time of asserting your right to complain to a supervisory authority, in particular, in the member state of your place of domicile, of your place of work or of the location of the alleged infringement if you are of the view that the processing of personal data affecting you infringes legal data protection regulations (Article 77 GDPR).

Controller

The controller within the meaning of the General Data Protection Regulation is:

ISDC – International Security and Development Center gGmbH
Auguststr. 89, 10117 Berlin, Germany
Tel: +49-30-2064 8902
Director/Geschäftsführer: Prof. Dr. Tilman Brück
Registergericht: AG Charlottenburg HRB 160824B
VAT/USt-IdNr: DE296393219

Data protection officer

For all these matters you can contact our data protection officer who is available at the address mentioned above and at the following email address:

datenschutz@gfad.de

Links to websites of other providers

Our website may contain links to websites of other providers. This privacy statement does not cover such external websites. If the use of internet websites of other providers is associated with the collecting, processing and use of personal data, please refer to the data protection policy of the respective provider.

Amendments to this data protection policy

We reserve the right to amend this data protection policy at any time, taking account of applicable data protection regulations.

 

Last updated: December 2018.