Data Policy


At Institut für Wirtschaftsgestaltung, we believe that data protection should be transparent, easy to understand and, above all, fair for all parties. For this reason, we would like to inform you in this Privacy Policy which Personal Data we collect from you and use, whether and, if so, to which third parties this data is passed on, how long we store the data and what rights you have should you not agree with our handling.

Who is responsible for data processing?

The person responsible for data processing is Institut für Wirtschaftsgestaltung of Kluckstraße 35, 10785 Berlin, Germany (“we”, “us”, or “our”).

If you have any questions about this policy or our data protection practices, please email us using buero@ifw01.de, call +49 (0) 30 233 612 59 or write to us at the above address..

What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address.

How do we use your Personal Data

In principle, we will only use your Personal Data in accordance with applicable data protection laws, in particular Germany’s Federal Data Protection Act” (Bundesdatenschutzgesetz) (“BDSG”), the General Data Protection Regulation (“GDPR”), and only as described in this Privacy Policy.

All Personal Data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the BDSG and the GDPR or only with your consent. In particular, we only process and collect Personal Data if:

  • you have given your consent,
  • the data is necessary for the fulfillment of a contract / pre-contractual measures,
  • the data is necessary for the fulfillment of a legal obligation, or
  • the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Processing of Automatically Collected Data

Hosting

To provide our website, we use the services of manitu GmbH, Welvertstraße 2, 66606 St. Wendel, Germany who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.

Collection of access data and log files

We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.

Cookies

What exactly are cookies?

A cookie is a small simple file that is sent along with pages of our website and stored by your browser on the hard drive of your computer or other device. The information stored in it may be returned to our servers (or to the servers of the relevant third parties) on a subsequent visit. Doing so, Cookies transmit small amounts of data about your device to our web server and enable our website to recognize your computer, smartphone, or other device.

Depending on who you ask, cookies can be classed as third party and first party cookies (for example set by us as the website operator or by a third party providing a specific service which uses cookies) or how long a cookie remains stored. When classifying cookies according to their lifespan, we may refer to cookies as session cookies or persistent cookies:

Session cookies

A session cookie is deleted when you close the website in question. A session cookie allows a website to recognise you while you browse the website, but the cookie is deleted when you log out or close the website in your browser.

Permanent cookies

A persistent cookie recognizes you again and again for a set period of time. It remains stored on your device or in your browser for this period (which can be minutes, days, or months) after you have logged out or closed the browser. Persistent cookies are used, for example, to store certain settings you have made on a website (such as your preferred language). 

What types of cookies are there?

We can distinguish between 4 types of cookies:

Essential or Necessary cookies

These cookies are essential or necessary to ensure that our website works properly and is secure so that you can navigate our website and use its features. Without these cookies, certain features of our website would not be available, and you would not be able to use certain services.

Functional cookies

Functional cookies allow a website to remember the options you have selected (including user ID, consents you have given and/or your preferred language), your username if applicable, and any custom settings you have made (e.g., font sizes) or personalization options you have selected when browsing.

Analysis and performance cookies

Analysis and performance cookies are used to monitor and improve the function and service of a website. They can also help us track down problems you may encounter when using an online service. Analysis and performance cookies may be used to facilitate online surveys, record visitor numbers, and provide other website analytics metrics.

Advertising cookies

These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.

Why do we provide information about cookies?

The provision of information about our use of cookies is required and set out in the German Data Protection and Privacy in Telecommunications and Telemedia Act (TTDSG) which implements the Privacy and Electronic Communications Directive (PECD). Accordingly, the use of functional, analysis and performance or advertising cookies (“non-essential cookies”) require your consent and thus the legal basis for the collection of your Personal Data through analysis and performance cookies, is your consent.

However, as we think it is important that you should have full control over your privacy online, we refrained from placing non-essential cookies on our website and as such we are not required to obtain any consents. Nonetheless, this may change, and we ask you to regularly check this policy for any updates.

Content Management System

We use the Content Management System (CMS) of WordPress, a service provided by Automattic Inc, 60 29th Street Suite 343 San Francisco, CA 94107 US to publish and maintain the created and edited Content and texts on our website. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. The legal basis for this processing is our legitimate interest.

Google Tag Manager

We use Google Tag Manager, which allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal Data is collected. Google Tag Manager triggers other tags that may collect data but does not itself access this data. The legal basis for using Google Tag Manager is our legitimate interest.

Google Fonts

We use Google Fonts by Google LLC of 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA and Google Ireland Ltd of Gordon House, Barrow Street, Dublin 4, Ireland on our website to display external fonts. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed. The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted. This represents a legitimate interest.

Font Awesome

We integrate Font Awesome of Fonticons Inc, 307 S Main St Ste 202 Bentonville, AR, 72712-9214 United States, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interest.

Data processing when you submit it to our website

Contacting us

If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations and/or our overriding legitimate interest in processing your request.

Downloading our e-book

When you go ahead and download our ebook, your IP address is requested and logged for documentation purposes by WordPress. This is a mere technical process and required to make our e-book available for download to your device or depending on your browser available for viewing. The basis for this storage is the provision of a contract according and our legitimate interest.

Transfer of Personal Data

We will not disclose or otherwise distribute your Personal Data to third parties unless this:

  • is necessary for the performance of our services,
  • you have consented to the disclosure,
  • or the disclosure of data is permitted by the BDSG and the GDPR.

However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of the BDSG and the GDPR. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfillment of reporting obligations.

The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the BDSG and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organizational measures, and additional controls by us.

We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfill our legitimate interests.

Automated decision-making

Automated decision-making including profiling does not take place at Institut für Wirtschaftsgestaltung.

Direct marketing in the context of a customer relationship

Insofar as you have also given us your separate consent to process your data for consulting, marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

Your data subject rights

These rights are standardized in the BDSG and the GDPR. These include:

  • the right to information,
  • the right to rectification,
  • the right to erasure,
  • the right to restriction of data processing,
  • the right to data portability,
  • the right to object to data processing,
  • the right to revoke any consent you have given, and
  • the right to lodge a complaint with the competent supervisory authority.

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

Security

State-of-the-art internet technologies are used to ensure the security of your data. During your visit of our website, your details are secured with SSL encryption. For secure storage of your data, our systems are protected by firewalls that prevent unauthorized access from outside. In addition, technical and organizational security measures are used to protect the Personal Data you have provided against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

Updating your information

If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

Withdrawing your consent

You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Access Request

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

Complaint to a supervisory authority

You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The Berlin DPA (Berliner Beauftragte für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the state of Berlin. The Berlin DPA`s contact details can be found on www.datenschutz-berlin.de.

 

Personal information and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

 

Changes, Contact and Effective Date

We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us using the details provided above. The effective date of this policy is Wednesday, 7th June, 2023.