Imprint and data protection
Tel.: +49 (201) 8149229
With this data protection declaration we would like to inform you about the scope, type and purpose of the processing of personal data (hereinafter referred to as “data”) on this website and the related content from us and third parties. A precise definition of the terms, such as "personal data" or "processing", can be found in Art. 4 of the General Data Protection Regulation (GDPR).
Responsible: Prof. Dr. Christoph M. Schmidt
Company: RWI - Leibniz Institute for Economic Research e.V.
Contact person: Prof. Dr. Christoph M. Schmidt
Address: Hohenzollernstr. 1-3, 45128 Essen
Types of data processed:
Contact details (e.g., email, phone numbers)
Usage data (e.g. websites visited, access times)
Meta / communication data (e.g. device information, IP addresses)
Processing of special categories of data (Art. 9 Para. 1 GDPR):
In principle, no special categories of data are processed, unless these are added to the processing by the user, e.g. entered in online forms or emails.
Categories of persons affected by the processing:
Customers, prospects and suppliers
Visitors and users of the online offer
1. Legal bases according to Art. 13 GDPR
If the legal basis for data processing is not mentioned in this data protection declaration, the following applies: The legal basis for processing to fulfill our services and carry out contractual measures as well as answering inquiries is Art. 6 Para. 1 lit.b GDPR, the legal basis for obtaining data of consent is Art. 6 Paragraph 1 lit. a and Art. 7 GDPR, the legal basis for processing to safeguard our legitimate interests is Art. 6 Paragraph 1 lit.f GDPR and the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR. If the vital interests of a data subject or another natural person make it necessary to process personal data, Article 6 (1) (d) GDPR is the legal basis.
Please inform yourself regularly about the content of our data protection declaration. This will be adjusted as soon as changes to the data processing carried out by us make this necessary. If a change requires your cooperation (e.g. consent), we will inform you proactively.
3. Security measures according to Art. 32 DGGVO
a) In order to ensure an appropriate level of protection, we take into account the implementation costs, the state of the art and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, suitable technical and organizational measures. This includes, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, ensuring availability and their separation. We have set up procedures that guarantee the exercise of the rights of data subjects, the deletion of data and a response to data threats. We also take the protection of personal data into account when selecting hardware, software and procedures as well as through data protection-friendly default settings (Art. 25 GDPR). b) These security measures include the encrypted transmission of data between your browser and our server (https / SSL encryption).
4. Cooperation with contract processors and third parties
a) If we grant third parties access to data, this is done exclusively on the basis of legal permission, for example if you have consented, if there is a legal obligation or on the basis of our legitimate interest. b) Should we commission third parties to process data on the basis of an "order processing contract", Art. 28 GDPR is the basis for this.
5. Transfer to third countries
Subject to legal or contractual permissions, we only have data processed in a third country outside the European Union (EU) or the European Economic Area (EEA) if special conditions are met in accordance with Art. 44 ff. GDPR, e.g. on the basis of officially recognized guarantees that that a similar level of data protection as in the EU is observed. Furthermore, processing or disclosure or transfer to third parties only takes place if it is necessary to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interest.
6. Data Subject Rights
a) According to Art. 15 GDPR, you have the right to request information as to whether personal data is being processed, information about this data and a copy of the data. b) According to Art. 16 GDPR, you also have the right to request the completion of the data concerning you or the correction of incorrect data concerning you. c) Furthermore, in accordance with Art. 17 GDPR, you have the right to demand that your data be deleted immediately or, alternatively, restricted processing in accordance with Art. 18 GDPR. d) According to Art. 20 GDPR, you can also request that data that you have made available to us be received in a structured, common and machine-readable format, and you have the right to transfer this data to another person in charge without hindrance from us, to be transmitted, provided that the processing is based on consent or on a contract and is carried out using automated procedures. By exercising the right to data portability, you can have the personal data transmitted directly from us to another person responsible, as far as this is technically feasible. Exercising the right to data portability does not affect the right to erasure (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task assigned to us that is in the public interest or is carried out in the exercise of official authority. e) In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.
7. Right of withdrawal
You have the right to revoke your consent in accordance with Art. 7 Paragraph 3 GDPR with effect for the future.
8. Right to Object
According to Art. 21 GDPR, you can object to the future processing of your data at any time. This objection can in particular be made against processing for direct marketing purposes.
9. Deletion of data
a) Unless expressly stated otherwise in this data protection declaration, data processed by us will be deleted in accordance with Art. 17 and 18 GDPR or their processing will be restricted as soon as the data is no longer required for its intended purpose and the deletion does not contradict any statutory retention requirements. Restricted data will be blocked and not processed for other purposes. This concerns data that must be kept for tax or commercial reasons. b) According to legal requirements, the storage takes place for 6 years according to § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years according to § 147 Abs. 1 AO (books, records, Management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
10. Provision of contractual services
a) We process inventory data (e.g. names and addresses as well as contact details of visitors), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Paragraph 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
11. Contacting us
a) When contacting us (e.g. by email or contact form), the information provided by the user will be processed to process the request in accordance with Article 6 (1) (b) GDPR. b) The information provided can be saved in a customer relationship management system (CRM system) or comparable organizational tools. c) We delete the requests when they are no longer required. We regularly review the requirement every two years. If customers have a customer account, we will save the conversation permanently until the customer account is deleted. In the case of statutory archiving obligations, for example when concluding a contract during the course of the conversation, the data is deleted after it has expired.
12. Collection of access data and log files
a) We collect data on access to the server on which this website is located on the basis of our legitimate interest in accordance with Art. 6 Paragraph 1 lit. The following data is stored: Name of the page accessed, file, date and time of access, amount of data transferred, notification of successful access, browser and version used, the user's operating system, the page that led to the visit, if applicable, IP address and the provider to which the data was sent back. b) Log file information is primarily stored for security reasons (e.g. to investigate acts of abuse or fraud) for a maximum of seven days. This does not apply to data whose further storage is necessary for evidence purposes. c) Our website is owned by the hosting service provider
which provides platform services, computing capacity, storage space and database services, security services and technical maintenance services for us. We have concluded an order processing contract with them. In order to properly display our website, the user establishes connections to the provider's web servers, which also transmit your IP address. The data processing is carried out for the purpose of ensuring the operational readiness of our website, in which we have a legitimate interest in accordance with Art. 6 Paragraph 1 lit.
13. Integration of services and content from third parties
a) We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. To offer content and services such as videos or fonts on our website (hereinafter uniformly referred to as “content”). This assumes that the providers of this content become aware of the IP address of the users, since they would not be able to send the content to their browser without the IP address. This is necessary for the presentation of the content. We endeavor to only use content whose respective provider only uses the IP address to deliver the content and does not save it for other purposes. Content from these providers can use so-called pixel tags (invisible graphics, known as "web beacons") for statistical or marketing purposes. This allows information such as the number of visitors to this website to be evaluated. This pseudonymous information can be stored in cookies on the user's device and contain, among other things, technical information about the browser used, the user's operating system, referring websites, visiting time and other information about the use of our online offer. It is also possible for the provider to combine the data with information from other sources.