Privacy Policy

 

The InData Working Group is the operator of this website and the respective services on offer. The InData Working Group takes data protection very seriously. Principally, use of the InData Working Group website is possible without providing any personal data. However, insofar as a user wishes to make use of specific services on our website, commensurate processing of personal data may be required. Where the processing of personal data is required and there is no legal basis for such, the InData Working Group will generally obtain the consent of the user (data subject) in question.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is carried out in line with the General Data Protection Regulation in all cases and in accordance with specific regional data protection provisions incumbent upon the InData Working Group. The aim of this privacy statement is to inform users of our website of the nature, extent and purpose of the personal data that is collected, used and processed by the InData Working Group. In addition, this privacy statement also explains the rights afforded to data subjects.

As the processing controller, the InData Working Group has implemented numerous technical and organisational measures to ensure the most comprehensive protection possible for personal data processed via this website. Notwithstanding this, Internet-based data transmissions may present security vulnerabilities, with the result that absolute protection cannot be guaranteed. For this reason, any data subject may choose to convey personal data to the InData Working Group using alternative methods such as by telephone or by post.

 

1. Definitions

The InData Working Group privacy statement draws on terminology used by European regulators in enacting the General Data Protection Regulation (GDPR). Our privacy statement is intended to be easy to read and understandable for the public and our members and business partners alike. In the interests of achieving this, we wish to clarify the terms used in advance.

Amongst others, the following terms are used in this privacy statement:

a) Personal data

Personal data means information regarding an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the processing controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

e) Controller or processing controller

Controller or processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

f) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

g) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.

h) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

i) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

2. Name and address of the processing controller

Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in Member States of the European Union and other provisions of a data protection nature is:

Oliver Kusche
Oliver Kusche Research & Consulting
Kaiserstr. 183
76133 Karlsruhe
Germany

VAT ID DE213119920

Tel +49 (0)721 7540-3959 
Fax +49 (0)721 6698-2105
ops [at] indata.network 

 

3. What data will be recorded during my visit to the InData website?

Every time a user accesses a page on our website and every time a file is retrieved, access data relating to these events is stored in a log file on our server:

  • IP address of the requesting computer

  • Website from which the file was requested

  • Date and time of access

  • Browser type and settings

  • Operating system

  • Pages accessed by you

  • Data volume transferred

  • Access status (file transfer, file not found etc.)

The InData Working Group cannot identify the data subject through the use of this general data and information. Rather, this information is required for the purpose of (1) correctly delivering the content of our website, (2) optimising our website content, (3) safeguarding the permanent functionality of our IT systems and our website technology and (4) providing law enforcement agencies with the requisite information for criminal prosecution in the event of cyber attack. This anonymously collected data and information is consequently analysed by the InData Working Group for statistical purposes and also with the aim of enhancing data protection and data security in order to ultimately secure an optimum level of protection for personal data processed by the InData Working Group. Anonymous data on server log files is stored separately from all personal data provided by a data subject.

4. Routine erasure and blocking of personal data

The processing controller will process and store personal data relating to the data subject solely for the period necessary to achieve the intended purpose of storage or insofar as provided for by European regulators or other legislative bodies in laws or regulations incumbent upon the processing controller.

Personal data will be routinely blocked or erased in accordance with the pertinent statutory provisions where the intended purpose of storage no longer applies or the applicable storage period prescribed by European regulators or other competent legislative authorities has expired.

 

5. Rights of the data subject

a) Right of confirmation

Every data subject has the right granted by the European regulators to require confirmation from the processing controller as to whether or not personal data concerning the respective data subject is being processed. Any data subject wishing to exercise this right of confirmation may submit a commensurate request to the operator of this website at any time.

b) Right of access

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require the processing controller to provide free-of-charge access at any time to personal data stored in relation to the data subject and also obtain a copy of such information. Moreover, the European regulators have afforded the data subject a right to the following information:

  • The purposes of the processing

  • The categories of personal data concerned

  • The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations

  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

  • The right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing

  • The right to lodge a complaint with a supervisory authority

  • Where the personal data is not collected from the data subject: all available information regarding its source

  • The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

In addition, the data subject also has the right to know whether personal data has been transferred to a third country or international organisation. Where this is indeed the case, the data subject has the residual right to be informed of the appropriate safeguards relating to the transfer.

Any data subject wishing to exercise this right of access may submit a commensurate request to a member of the InData Working Group staff at any time.

c) Right to rectification

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require rectification without delay of inaccurate personal data relating to the data subject. Moreover, taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Any data subject wishing to exercise this right of rectification may submit a commensurate request to a member of the InData Working Group staff at any time.

d)    Right to erasure (right to be forgotten)

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require the controller to erase personal data concerning the data subject without undue delay where one of the following grounds applies and processing is unnecessary:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed

  • The data subject withdraws consent on which the processing is based according to Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal ground for the processing

  • The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR

  • The personal data has been unlawfully processed

  • Erasure of the personal data is required for compliance with a legal obligation in accordance with European Union or Member State law to which the controller is subject

  • The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR

Wheresoever one of the above-stated grounds applies, any data subject wishing to arrange for the erasure of personal data stored by the InData Working Group may request such from a member of the InData Working Group staff at any time, whereupon the InData Working Group will duly carry out commensurate erasure without delay.

e) Right to restriction of processing

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require the restriction of processing by the controller of personal data concerning the data subject where one of the following conditions applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data

  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead

  • The controller no longer needs the personal data for the purposes of processing; however, the data is required by the data subject for the establishment, exercise or defence of legal claims

  • The data subject has objected to processing pursuant to Article 21 (1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject

Wheresoever one of the above-stated grounds applies, any data subject wishing to facilitate restriction of personal data stored by the InData Working Group may request such from a member of the processing controller’s staff at any time, whereupon the InData Working Group will arrange for restriction of processing.

f) Right to data portability

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to receive the respective personal data which they have provided to a controller, in a structured, commonly used and machine-readable format. In addition, the data subject has the right to transmit such data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and the processing is carried out by automated means, provided the processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Moreover, in exercising their right to data portability pursuant to Art 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and insofar as not adversely affecting the rights and freedoms of others.

To exercise the right to data portability, the data subject may request such from a member of the InData Working Group staff at any time.

g) Right to object

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to object at any time on grounds relating to their particular situation to the processing of personal data concerning the data subject based on Article 6 (1) (e) or (f) GDPR.

In the event of objection, the InData Working Group will no longer process the personal data, save for where the InData Working Group demonstrates compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

To exercise the right of objection, the data subject may request such directly from a member of the InData Working Group staff. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.

h) Right to withdraw data protection consent

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to withdraw their consent for the processing of personal data at any time.

Data subjects wishing to exercise this right of withdrawal of consent may submit a commensurate request to a member of the InData Working Group staff at any time.

6. Period for which personal data will be stored

The criterion determining the period for which personal data may be stored is the respective statutory period of storage. Following expiry of this period, the corresponding data will be routinely erased provided it is no longer required for the purposes of initiating or performing a contract.

 

7. Cookies

The InData Working Group uses session cookies on its website. The respective data is not permanently stored. The use of temporary cookies offers you the advantage of not having to re-enter your personal data every time you fill out one of the various forms on our website. The cookies are automatically deleted upon closing down the browser.

Cookies do not damage your computer hard-drive and cannot be used to transfer personal data to the InData Working Group.

The default setting on most browsers automatically accepts cookies. Nevertheless, you can deactivate the storage of cookies or set your browser to notify you whenever cookies are sent.

Where cookies have been deactivated, a so-called session ID is used to identify the respective person during corresponding access to our website. No data is stored on your computer. The session ID is deleted upon terminating your access

 

8. Google Analytics web analysis service

This website uses Google Analytics, a web analysis service provided by Google Inc (‘Google’). Google Analytics uses so-called ‘cookies’ (see 10 above), text files that are stored on your computer to analyse your use of the website. Information generated by the cookie regarding your use of our website, such as

  • browser type/version;

  • operating system used;

  • referrer URL (page previously accessed);

  • host name of the accessing computer (IP address) and

  • time of server request

is generally transmitted to and stored by Google on a server in the USA. The InData Working Group has activated IP anonymisation. Consequently, within European Union Member States or other states that are party to the European Economic Area Agreement, Google first shortens your IP address on this website.

Only in exceptional cases will the full IP address be transmitted to and shortened by Google on a server in the USA. On behalf of the operator of this website, Google will use this information to analyse your use of the website, create reports on website activity and provide additional services to the website operator associated with use of the website and the Internet.

The IP address sent from your browser within the scope of Google Analytics will not be combined with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, please be aware that this may mean you are unable to use the full functionality of the website.

You can also prevent the collection of data generated by the cookie regarding your use of the website (including your IP address) and the processing of such by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

 

9. Transfer of personal data to third parties

The InData Working Group uses personal data solely for internal purposes within the course of customer relations. Personal data is not forwarded to third parties without your required consent.

Personal data will only be collected and transferred to state institutions and authorities entitled to receive such data within the scope of applicable law or where we are obliged to do so by court order. The InData Working Group requires that all employees and service provider companies maintain secrecy and comply with data protection provisions. The same will also apply for all future employees or business partners.