Privacy policy

Publication director of this Platform is the Hertie School.

The CIVICA Alliance means the following Partners:

INSTITUT D’ETUDES POLITIQUES DE PARIS – a public scientific cultural and professional establishment registered under the SIREN number 197 534 316 managed by virtue of the provisions of article L758-1 of the French education code by FONDATION NATIONALE DES SCIENCES POLITIQUES- SCIENCES PO, represented by Bénédicte Durand,
the Coordinator, 

EUROPEAN UNIVERSITY INSTITUTE, established in VIA DEI ROCCETTINI 9, FIESOLE, 50014, Italy, 

HANDELSHOGSKOLAN I STOCKHOLM – STOCKHOLM SCHOOL OF ECONOMICS, established in Sveavägen 65, Stockholm SE11383, Sweden, VAT number: SE802006207401

THE HERTIE SCHOOL GEMMEINNUTZIGE GMBH (Hertie School), established in FRIEDRICHTRASSE 180, BERLIN 10117, Germany, VAT number: DE241828668,

Közép-európai Egyetem (Central European University), Seat: 1051-Budapest, Nador u. 9., Hungary, Tax number: 18118463-2-44, EU VAT number: HU18118463, Registration number: FI27861,

CEU GmbH - CEU Central European University Private University, Seat: 1100-Wien, Quellenstrasse 51, Austria, Tax number: 09 339/3288, EU VAT number: ATU73982639, Registration number: FN 502313x

Jointly referred to as: Central European University, or CEU,

THE LONDON SCHOOL OF ECONOMICS AND POLITICAL SCIENCE, established in Houghton Street 1, London W2CA 2AE, United Kingdom, VAT number: GB629588094,

SCOALA NATIONALA DE STUDII POLITICE SI ADMINISTRATIVE, NATIONAL UNIVERSITY OF POLITICAL STUDIES AND PUBLIC ADMINISTRATION, established in STRADA POVERNEI, NR. 6, SECTOR 1, BUCURESTI 010643, Romania, VAT number: RO9510194

UNIVERSITA COMMERCIALE LUIGI BOCCONI – BOCCONI UNIVERSITY, established in VIA SARFATTI 25, MILANO 20136, Italy, VAT number: IT03628350153,

SZKOLA GLOWNA HANDLOWA W WARSZAWIE (SGH), established in AL NIEPODLEGLOSCI 162, WARSZAWA 02 554, Poland

IE UNIVERSIDAD, established in CALLE CARDENAL ZUÑIGA 12, SEGOVIA 40003, Spain, VAT number G-40155384.

Hereinafter, jointly referred to “CIVICA Alliance” or ”Partners”, or individually, referred to as “Partner”.

The partners of the CIVICA project herewith inform you about the processing of personal data within this CIVICA Public Website (hereinafter “CIVICA Public Website”) for which all partners of the CIVICA project are responsible in the sense of the EU General Data Protection Regulation (GDPR). All CIVICA partners jointly determine the purposes and means of the processing of the personal data on the CIVICA Public Website and have entered into ‎an agreement for that purpose. You may request to see the essential contractual provisions of this agreement.  

According to the agreement, Hertie School, Friedrichstraße 180, 10117 Berlin, Germany is responsible to ensure the fulfilment of rights of the CIVICA Public Website visitors. However you ‎may contact either Hertie School or any other CIVICA Partner regarding any claims or complaints.‎

A full list of all CIVICA partners and the details of their data protection officers can be found here.

You can address all of your data protection requests to the following e-mail address: dpo(at)civica.eu

Below we have compiled the most important information on typical data processing for you. For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, only personal data within the meaning of the GDPR are meant.

  1. Visitors of the CIVICA Public Website
  2. CIVICA students with access to CIVICA Private Website
  3. CIVICA and CIVICA Research Newsletter Recipients
  4. CIVICA Event and Courses Participants
  5. CIVICA Online Event Participants via Zoom
  6. CIVICA Online Event Participants via ClickMeeting
  7. Communication Partners and Interested Parties
  8. Rights of Data Subjects and Further Information

§ 1 Visitors of the CIVICA Public Website

1.1. Server-log data

When using CIVICA Public Website, certain information is sent to the server of our website by the browser used on your device for technical reasons. This data is stored and processed on our server.

  1. We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies. A change of purpose is not planned.
  2. The data processed is HTTP data: HTTP data is protocol data that is generated for technical reasons when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).
  3. The legal basis for the processing is our legitimate interest in the operation of an Internet presence and the communication with communication partners in accordance with Article 6 (1) (f) GDPR.
  4. The data is automatically transmitted by the browser of the website visitor.
  5. Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
  6. IP addresses stored on the server will be deleted after 7 days. Backups are stored for 4 weeks.
  7. Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.2. Essential cookies

We use cookies on the website of the CIVICA Private Website. Cookies are small text files that can be stored on your device via the browser when you visit the website. When you visit a website repeatedly with the same device, we can read and process the information stored in cookies. In doing so, we use processing and storage functions of the browser of your device and collect information from the memory of the browser of end device.

In the structure of this Privacy Policy, we differentiate between essential cookies, statistic cookies and media from third party providers. Cookies that are technically required for the functioning of the website (essential cookies) cannot be deactivated via the cookie management function of this website. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not function or no longer function properly if you generally deactivate cookies in your browser.

Consent Cookies

  1. We use consent cookies to store your consent, possible revocation of consent and objections to the use of cookies on our website.
  2. The purpose of data processing is to store user choices on cookies (consent, revocation, opt-out). A change of this purpose is not planned.
  3. The processed data are:

    i. HTTP data: HTTP data is protocol data that is generated for technical reasons when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).

    ii. User choice on cookies: User choice on individual cookies or groups of cookies. Time of choice and last visit.
     
  4. The legal basis for the processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is the simple and reliable control of cookies in accordance with the user's choice.
  5. The data is provided actively by the user (choice on cookies) or is automatically transmitted by the browser of the user (protocol data, time stamp).
  6. Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
  7. The data will be deleted after two weeks.
  8. Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

1.3. Statistic Cookies

a. Google Tag Manager

If you have given your consent, we use the Google Tag Manager on our website. The Google Tag Manager is no a Statistic Cookie itself. The Google Tag Manager enables us to manage cookies and control their placement. This enables us to implement, for example, your consent, a revocation of consent or an opt-out. The Google Tag Manager does not set its own cookies and does not process data stored in cookies.

You can deactivate the data processing by Google Tag Manager at any time in our "cookie board".

  1. The purpose of the data processing is to control the placement of cookies on our website and to ensure the security of the application. A change of purpose is not planned.
  2. The processed data is HTTP data: HTTP data is protocol data that is generated for technical reasons when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).
  3. The legal basis for the processing is Article 6 (1) (a) GDPR (consent).
  4. The data is automatically transmitted by the browser of the user.
  5. The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. The basis for data processing in the USA is your consent granted through the cookie banner (Article 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future through the Cookie Board [insert Link].
  6. IP addresses will not be stored. Pseudonymous usage data will be deleted after 14 days.
  7. Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.

b. Google Analytics

If you have given your consent, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can analyze the user behaviour of visitors on our website in pseudonymized and anonymised form. We don't perform cross-site tracking within the context of Google Analytics.

You can deactivate the data processing by Google Analytics at any time in our "cookie board". Alternatively, you can install a browser plug-in from Google which prevents data collection by Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en

  1. The purpose of data processing is to analyze user behaviour and to measure the reach of our website and advertisements to optimize our website.
  2. The processed data are:

    i. Google Analytics HTTP data:
    This is protocol data that is generated for technical reasons when using the web analysis tool Google Analytics via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes anonymised IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.

    ii. Google Analytics device data:
    Data generated by the web analysis tool Google Analytics and assigned to your device: This includes a unique ID for the (re-)recognition of returning visitors (so-called "client ID") as well as certain technical parameters for controlling data collection for web analysis.

    iii. Google Analytics measurement data:
    Device-related raw data (so-called "dimensions" and " measurement results"), which are collected and analyzed by the web analysis tool Google Analytics when using our website: This includes, above all, information about the sources through which visitors reach our website, information about the location, the browser and the device used, information about the use of the website (in particular page views, frequency of visits and length of stay on accessed pages) as well as information about the fulfilment of certain purposes (in particular transactions in the online shop). The data is assigned to the client ID assigned to your device. As a result, device-related usage profiles are created in which all device-related raw data is combined into a client ID. The data that we collect using Google Analytics does not enable us to identify you personally (i.e. by your civil name). We also do not merge the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

    iv. Google Analytics report data:
    Data contained in aggregated segment and device-related reports generated by the Google Analytics web analysis tool based on the analysis of device-related raw data.
     
  3. The legal basis for the processing is Article 6 (1) (a) GDPR (consent).
  4. Data is automatically transmitted by the browser of the user.
  5. The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. The basis for data processing in the USA is your consent granted through the cookie banner (Article 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future through the Cookie Board [insert Link].
  6. The data will be deleted after 14 months.
  7. The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot make web analysis using Google Analytics.

1.4. Media

a. YouTube Embedding (Privacy Enhanced Mode)

By activating the checkboxes in the cookie banner or cookie board for "YouTube" in the category  “Media" to play the content, you agree that we allow Google, as provider of the YouTube service, to collect data for its own purposes. The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. You can deactivate the data processing at any time in our "cookie board".

We then integrate videos stored at Youtube on our website. During this integration, the contents of the YouTube website are displayed in parts of a browser window. The integration of Youtube content is carried out in the so-called "extended data protection mode". This is provided by Google as the provider of YouTube, thus ensuring that no data is transmitted to Google and no cookies are stored on your device before you click in the cookie banner or cookie board to play the video.

As soon as you activate the corresponding checkbox in the cookie banner or cookie board, the video is loaded from Youtube. Technically, the same thing happens then as if would happen if you clicked a link to go to the Youtube website: Youtube receives all information that your browser automatically transmits (including your IP address). Furthermore, Youtube sets its own cookies on your device. This also happens if you do not have a Youtube user account. If you are logged in at Youtube or Google, your data will be assigned directly to your account. If you do not want the assignment to your user account at Youtube or Google, you have to log out at Youtube and Google before activation the corresponding checkboxes in the cookie banner or cookie board.

The collection and processing of this data is the sole responsibility of responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider.

We have no knowledge of further details on the processing of personal data or a possible data processing in the USA in the area of data controllership of Google. Hertie School has no influence on the data processing of Google.

Information on the processing of personal data by Google can be found in the Google Privacy Policy: https://policies.google.com/privacy

b. Twitter

By activating the checkboxes in the cookie banner or in the cookie board to display “Twitter Content”, in the category "Media" to display Twitter content, you agree that we allow Twitter to collect data for its own purposes. We do this by including content stored on Twitter in our website. During this integration, content from the Twitter website is displayed in parts of a browser window. Before activating the corresponding checkboxes in the cookie banner or cookie board to display Twitter content, no data will be transmitted to Twitter and no cookies will be stored on your device. You can deactivate the data processing at any time in our "cookie board".

As soon as you activate the corresponding checkboxes in the cookie banner or in the cookie board for displaying Twitter content, the content will be loaded from Twitter. Technically, the same thing happens then as would happen if you clicked a link to go to the Twitter website: Twitter receives all information that your browser automatically transmits (including your IP address). Twitter also sets its own cookies on your device. This also happens if you do not have a Twitter user account. If you are logged in to Twitter, your data will be assigned directly to your account. If you do not want your account to be assigned to your Twitter user account, you must log out of Twitter before you activate the checkboxes in the cookie banner or cookie board.

The collection and processing of this data is the sole responsibility of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We have no knowledge of further details of the processing of personal data or data processing in the USA in the area of data controllership of Twitter. Hertie School has no influence on the data processing of Twitter.

Information on the processing of personal data by Twitter can be found in the Twitter Privacy Policy: https://twitter.com/de/privacy

c. LinkedIn Insight Tag

If the corresponding consent has been given, we use the so-called "LinkedIn Insight Tag". Cookies from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland („LinkedIn“) are used for this purpose. The " LinkedIn Insight Tag" enables LinkedIn, among other things, to collect information about your activities on our website. By integrating the " LinkedIn Insight Tag", we enable LinkedIn to collect personal data. 
However, we do not receive any information with which you can be personally identified. The collection and processing of this data takes place after your consent exclusively in the area of responsibility of LinkedIn. LinkedIn provides us with the evaluations or further information created on the basis of the collected data only in aggregated, anonymized form. We cannot assign the information provided to us to any natural person. 
We have no knowledge of the details of the processing of personal data in LinkedIn's area of data controllership. Information about the processing of personal data by LinkedIn can be found in LinkedIn's data policy: https://www.linkedin.com/legal/privacy-policy/

You can deactivate data processing by LinkedIn on our website at any time in our Individual privacy settings button. Alternatively, you can disable LinkedIn Insight Tag for the browser you are currently using by deactivating the storage of cookies in the browser settings. You can also use www.linkedin.com/psettings/guest-controls/retargeting-opt-out  to disable the setting of LinkedIn cookies.

The data controller is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
(i)    The purpose of the LinkedIn Insight Tag is to enable LinkedIn to collect and process your usage data on our website. The purposes of processing by LinkedIn are determined solely by LinkedIn www.linkedin.com/legal/privacy-policy/.
(ii)    According to LinkedIn the processed data are: 

  • LinkedIn Insight Tag HTTP data:
    This is log data that is technically generated when the LinkedIn Insight Tag is used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.
  • LinkedIn Insight Tag device data:
    Data that is assigned to your end device by the LinkedIn Insight Tag: This includes a unique ID for (re)recognizing returning visitors.
  • LinkedIn Insight Tag Event data:
    Data that LinkedIn collects through the LinkedIn Insight Tag by associating it with the unique visitor ID of each visitor contained in the LinkedIn Insight Tag device Data: This includes actions that take place on the website. These include, for example, conversions, link clicks, button clicks, page views. This also includes information associated with the respective actions recorded. This includes, for example, the submission of contact information or download of documents.
  • LinkedIn Insight Tag analysis data:
    Data that LinkedIn generates based on the information collected by the LinkedIn Insight Tag by associating it with your unique user ID contained in the LinkedIn Insight Tag device data: This includes information about the effectiveness of LinkedIn ads and associations of users to target groups for LinkedIn ads. LinkedIn may generate other data based on the information collected for its own purposes or for the purposes of third parties. We have no knowledge of the details of the data generated by LinkedIn. 

(iii)   The legal basis for enabling LinkedIn to collect personal data via our website is your consent (Article 6 (1) (a) GDPR, Section 25 (1) TTDSG). We do not process personal data in our area of responsibility. We have no knowledge of the details of the processing of data in LinkedIn's area of data controllership, in particular of the legal basis used by LinkedIn for the processing. 
(iv)    The LinkedIn Insight Tag Analysis data is generated independently by LinkedIn. We do not know whether LinkedIn uses other data sources. 
(v)    The recipient of the data collected via our website is LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland) as the controller for the collection and processing of personal data. LinkedIn Ireland Unlimited Company uses LinkedIn Corporation in the USA (1000 W. Maude Avenue, Sunnyvale, CA 94085, USA) as a service provider. As an independent controller, LinkedIn Ireland Unlimited Company bears the responsibility for ensuring appropriate data protection guarantees for the transfer of data. 
(vi)    We do not collect or store this data ourselves. The collection and processing of this data is the responsibility of LinkedIn. We have no knowledge about the storage period. 
(vii)    The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation for you to provide the data. In the event that the data is not provided, LinkedIn cannot offer the LinkedIn Insight Tag function.
(viii)    We do not use automated decision-making in our area of responsibility. We have no knowledge of the details of the processing of data in LinkedIn's area of data controllership, in particular of any automated decision-making.
 

d. Instagram 

By activating the checkboxes in the cookie banner or clicking the “accept” button on the website to display “Instagram Content”, you agree that we allow Meta Platforms Ireland Ltd. as the provider of Instagram to collect data for its own purposes. We do this by including content stored on Instagram in our website. During this integration, content from the Instagram is displayed in parts of a browser window. Before activating the corresponding checkboxes or buttons to display Instagram content, no data will be transmitted to Meta Platforms Ireland Ltd. and no cookies will be stored on your device.

As soon as you activate the corresponding checkboxes or buttons for displaying Instagram content, the content will be loaded from Instagram. Technically, the same thing happens then as would happen if you clicked a link to go to the Instagram site: Meta Platforms Ireland Ltd.  receives all information that your browser automatically transmits (including your IP address). Meta Platforms Ireland Ltd.  also sets its own cookies on your device. This also happens if you do not have a Instagram user account. If you are logged in to Instagram, your data will be assigned directly to your account. If you do not want your account to be assigned to your Instagram user account, you must log out of Instagram before you activate the checkboxes in the cookie banner or cookie board.

The collection and processing of this data is the sole responsibility of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland).

We have no knowledge of further details of the processing of personal data or data processing in the USA in the area of data controllership of Meta Platforms Ireland Ltd.. CIVICA has no influence on the data processing of Meta Platforms Ireland Ltd..

Information on the processing of personal data by Meta Platforms Ireland Ltd.  can be found in the Instagram Privacy Policy: https://privacycenter.instagram.com/policy  and in the Instagram Cookie Policy: https://help.instagram.com/1896641480634370?ref=ig&cms_id=1896641480634370

§ 2 CIVICA students with access to CIVICA Private Website

CIVICA students who have been authenticated have access to the CIVICA Private Website. In this regard, we kindly ask you to read the separate Privacy Policy of the CIVICA Private Website.

§ 3 CIVICA and CIVICA Research Newsletter Recipients

If you subscribe to our newsletter, we will send you information about the CIVICA or CIVICA Research projects.

  1. If you subscribe to our newsletter, we process your data for the purpose of sending the newsletter. A change of purpose is not planned.
  2. The processed data are:
  • Name
  • E-mail address
  • Affiliation to the CIVICA partner
  1. The legal basis for the processing of newsletter data is Article 6 (1) (a) GDPR (consent).
  2. Data is actively provided by the data subject.
  3. We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. To send out the newsletter we are using the service provider Clever Reach GmbH & Co. KG, Schafjückenweg 2, 26180 Rasede, Germany within the framework of a data processing agreement. Clever Reach GmbH & Co. KG uses service providers in the USA. The basis for data processing in the USA is your consent (Article 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future.
  4. Data regarding newsletters will be deleted when you unsubscribe from the newsletters. Please use the “Unsubscribe” link at the bottom of the newsletter.
  5. The provision of data is required to receive newsletters. Without the provision, they cannot be sent.

§ 4 CIVICA Event or Courses Participants

The CIVICA partners are also Joint Controllers for the CIVICA events or courses and the corresponding data processing. The implementation of the respective event or course is then carried out by the individual CIVICA partners, which are specified within the registration processes.

  1. We process your data for the purpose of holding the event or course and for the documentation of the event or course by means of film and sound recordings and the use of the resulting recordings for the purpose of press and public relations work. A change of these purposes is not planned.
  2. The processed data are:

    i. surname, first name, e-mail address, affiliation, study program, final year, current institution and position
    overview of the selected event points

    ii. Bank and payment data for events or courses involving costs

    iii. film and sound recordings (if you have given your consent)
     
  3. The legal basis for the processing of data of participants in events and courses is Article 6 (1) (b) GDPR (contract to hold the event or course) and Article 6 (1) (c) GDPR (legal obligations, in particular tax and commercial law regulations). The legal basis for the production of image and sound recordings and its publication is your consent in accordance with Article 6 (1) (a) GDPR. Your consent is given voluntarily, Participation in the event is also possible without the provision of your consent for recordings.
  4. The data is provided by the event participants. The film and sound recordings are made by the individual CIVICA partner if you have given your consent.
  5. For the purpose of press and public relations work, the recipient of the image and sound recordings can be anyone, in particular journalists, media companies, press and photo agencies, members, employees, website visitors, users of social media. Banks and payment providers may be recipients of data for the processing of payments. We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. For the event registration process we are using the service provider Clever Reach GmbH & Co. KG, Schafjückenweg 2, 26180 Rasede, Germany within the framework of a data processing agreement. Clever Reach GmbH & Co. KG uses service provider in the USA. We also use the interaction tool of the service provider Mentimeter AB, Tulegatan 11, SE-113 86 Stockholm Sweden. Mentimeter AB uses service provider in the USA.The basis for data processing in the USA is your consent (Article 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future.
  6. When publishing film and sound recordings on the Internet (e.g. YouTube channel of CIVICA), data is regularly transferred to so-called third countries outside the European Union, which are to be regarded as unsafe third countries in terms of data protection. We have no influence on how the social media providers handle the data. We have no knowledge of whether and for what purposes the data is further processed in the third country.
  7. Archived film and sound recordings of the events as well as publications are generally not deleted. All data relevant to the contract and bookings will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract. Further data collected in the course of the event will be deleted six months after the event has taken place.
  8. The provision of personal data is contractually binding for participation in events or courses. It is not possible to participate in events or courses without providing personal data. The production of film and sound recordings is not obligatory for participation in the event.

§ 5 CIVICA Online Event and Courses Participants via Zoom

The CIVICA partners are also Joint Controllers for the CIVICA online events and courses and the corresponding data processing. The implementation of the respective event and course is then carried out by the individual CIVICA partners, which are specified within the registration processes.

  1. The purpose of the processing of participant data is to organize, carry out and document online events and courses of CIVICA via Zoom. If we point this out separately in the context of the individual online event and you give your consent, the online event will be recorded and the recordings will be used for the purpose of press and public relations work. A change of purpose is not planned.   
  2. The data processed are:

    i. Participant data and registration data:
    Name and surname, e-mail address, affiliation, study program, final year, current institution and position

    ii. Overview of the selected event or course points

    iii. Zoom conference data
    Name and e-mail address of the participants, Meeting meta data: Topic, IP address, device/hardware information, Telephone data: For dial-in with telephone, information on incoming and outgoing telephone number, country name, start and end time, additional connection data if necessary.

    iv. Communication data
    Within the online event, your communication data in the form of questions, requests to speak or vote, as well as chat content will be processed. You always decide yourself whether and in what form you want to participate.

    v. Audio and video data (and, in case of consent, the corresponding recordings)
    Within the online event and course via Zoom audio and video data of the participants will be processed. However, each person is always free to decide whether they want to switch on their camera and microphone, or whether they just want to communicate via the chat window. If we have obtained your consent in this regard, the online event and course will be recorded, including the audio and video data of the participants.

    vi. Payment data (only for online events with costs)
    For paid online events and courses, we also process payment data.
     
  3. The legal basis for the processing of participant data for the purpose of holding the online event or course via Zoom is your consent in accordance with Article 6 (1) (a) GDPR. The legal basis for the production of recordings and its publication is also your consent in accordance with Article 6 (1) (a) GDPR. Your consent is given voluntarily, participation in the event or course is also possible without the provision of your consent for recordings.
    You may revoke your given consent at any time with effect for the future. The revocation does not affect the lawfulness of the processing that took place before the revocation. Therefore, publications already made (e.g. on websites or in social media) will not be deleted.
  4. The data is provided by the participants. The Zoom conference data is also actively provided by the participants or automatically by the browser or devices of the participants. The audio or video data and communication data are automatically collected, the recordings of the audio and video data are made by the relevant CIVICA partner if you have given your consent.
  5. The recipients of the name, communication data and audio and video data are always the moderators and other participants of the respective CIVICA online event or course. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems, in particular the service provider Zoom (Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA) and Clever Reach (Clever Reach GmbH & Co. KG, Schafjückenweg 2, 26180 Rasede, Germany) for the event registration process. Clever Reach GmbH & Co. KG uses service provider in the USA.
    The basis for data processing in the USA is your consent (Article 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future. With Zoom we have concluded the EU standard contractual clauses so that Zoom may process your data only for our purposes.
    If you create your own profile and register accordingly when you log in to Zoom, Zoom is solely responsible for the processing of this personal data. We have no knowledge of further details of data processing in the area of data controllership of Zoom or a data processing in the USA. For information about the processing of personal data by Zoom please refer to the Zoom Privacy Policy: https://zoom.us/privacy.
    For the purpose of press and public relations work, the recipient of the image, sound and film recordings can be anyone, in particular journalists, media companies, press and photo agencies, members, employees, website visitors, users of social media. Banks and payment providers may be recipients of data for the processing of payments. We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
  6. When publishing recordings on the internet (e.g. YouTube channel of CIVICA), data is regularly transferred to so-called third countries outside the European Union, which are to be regarded as unsafe third countries in terms of data protection. We have no influence on how the social media providers handle the data. We have no knowledge of whether and for what purposes the data is further processed in the third country.
  7. Archived audio and video recordings of the events as well as publications are generally not deleted. All data relevant to the contract and bookings will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract. Zoom conference data and communication data will be usually deleted three months after the online event or course has taken place, unless otherwise specified in the context of the individual event or course. Further data collected during the event or course will be deleted six months after the event has taken place.
  8. The provision of data is contractually obligatory for participation in online events or courses via Zoom. Without the provision of data, participation in online events or courses via Zoom is not possible. The provision of communication, image, sound and video data as well as the production of image, sound and video recordings is not obligatory for participation in the online event.

§ 6 CIVICA Online Event and Course Participants via ClickMeeting

The CIVICA partners are also Joint Controllers for the CIVICA online events and courses and the corresponding data processing. The implementation of the respective event or course is then carried out by the individual CIVICA partners, which are specified within the registration processes.

  1. The purpose of the processing of participant data is to organize, carry out and document online events of CIVICA via ClickMeeting. If we point this out separately in the context of the individual online event and you give your consent, the online event will be recorded and the recordings will be used for the purpose of press and public relations work. A change of purpose is not planned.   
  2. The data processed are:

    i. Participant data
    Name and surname, e-mail address, affiliation, study program, final year, current institution and position

    ii. Overview of the selected event points

    iii. ClickMeeting conference data
    Name and e-mail address of the participants; Meeting meta data: Topic, IP address, device/hardware information; Telephone data: For dial-in with telephone, information on incoming and outgoing telephone number, country name, start and end time, additional connection data if necessary.

    iv. Communication data
    Within the online event, your communication data in the form of questions, requests to speak or vote, as well as chat content will be processed. You always decide yourself whether and in what form you want to participate.

    v. Audio and video data (and, in case of consent, the corresponding recordings)
    Within the online event or course via ClickMeeting audio and video data of the participants will be processed. However, each person is always free to decide whether they want to switch on their camera and microphone, or whether they just want to communicate via the chat window. If we have obtained your consent in this regard, the online event will be recorded, including the audio and video data of the participants.

    vi. Payment data (only for online events with costs)
    For paid online events, we also process payment data.
     
  3. The legal basis for the processing of participant data for the purpose of holding the online event or course via ClickMeeting is your consent in accordance with Article 6 (1) (a) GDPR. The legal basis for the production of recordings and its publication is also your consent in accordance with Article 6 (1) (a) GDPR. Your consent is given voluntarily, participation in the event is also possible without the provision of your consent for recordings.
    You may revoke your given consent at any time with effect for the future. The revocation does not affect the lawfulness of the processing that took place before the revocation. Therefore, publications already made (e.g. on websites or in social media) will not be deleted.
  4. The data is provided by the participants. The ClickMeeting conference data is also actively provided by the participants or automatically by the browser or devices of the participants. The audio or video data and communication data are automatically collected, the recordings of the audio and video data are made by the relevant CIVICA partner if you have given your consent.
  5. The recipients of the name, communication data and audio and video data are always the moderators and other participants of the respective CIVICA online event. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems, in particular the service provider ClickMeeting (ClickMeeting sp. z o.o., Arkonska 6/A4, 80-387 Gdansk, Poland) and Clever Reach (Clever Reach GmbH & Co. KG, Schafjückenweg 2, 26180 Rasede, Germany) for the event registration process. Click Meeting and Clever Reach GmbH & Co. KG are using service provider in the USA. The basis for data processing in the USA is your consent (Article 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably not possible in the USA. You can withdraw your given consent at any time with effect for the future.
    For the purpose of press and public relations work, the recipient of the audio and film recordings can be anyone, in particular journalists, media companies, press and photo agencies, members, employees, website visitors, users of social media. Banks and payment providers may be recipients of data for the processing of payments. We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
  6. When publishing recordings on the internet (e.g. YouTube channel of CIVICA), data is regularly transferred to so-called third countries outside the European Union, which are to be regarded as unsafe third countries in terms of data protection. We have no influence on how the social media providers handle the data. We have no knowledge of whether and for what purposes the data is further processed in the third country.
  7. Archived audio and video recordings of the events as well as publications are generally not deleted. All data relevant to the contract and bookings will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract. ClickMeeting conference data and communication data will be usually deleted three months after the online event has taken place, unless otherwise specified in the context of the individual event. Further data collected in the course of the event will be deleted six months after the event has taken place.
  8. The provision of data is contractually obligatory for participation in online events and courses via ClickMeeting. Without the provision of data, participation in online events and courses via ClickMeeting is not possible. The provision of communication, image, sound and video data as well as the production of image, sound and video recordings is not obligatory for participation in the online event or course via ClickMeeting.

§ 7 Communication Partners and Interested Parties

  1. The purpose of the processing is the preparation and execution of a contractual relationship or other communication. A change of purpose is not planned.
  2. Processed data are name, contact data, communication details, time stamp of communication as well as technical metadata of communication.
  3. The legal basis for processing is Article 6 (1) (b) GDPR (contract or contract initiation) in the case of contracts with natural persons, whereas for contracts with legal persons Article 6 (1) (f) GDPR (legitimate interest, namely communication with contact persons relevant to the contract) and in all cases Article 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions). For simple communication, the legal basis is Article 6 (1) (f) GDPR (legitimate interest, namely documentation of communication processes).
  4. Contact data is actively provided by the data subject. Communication metadata and communication data are automatically collected.
  5. Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract or order. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
  6. Data of contract partners and service providers will be deleted ten calendar years after termination of the contract or order. Inquiries and communication will be deleted automatically after ten calendar years.
  7. The processing of contact data of the service providers and business partners is necessary to execute the contract or order. If the data is not provided, the communication may be considerably disturbed. For interested parties, the provision of data is obligatory. Without the provision of data, communication is not possible.

§ 8 Rights of Data Subjects and Further Information

  1. We do not use any methods of automated individual decision-making.
  2. You have the right to request information at any time about all your personal data which we are processing.
  3. If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
  4. You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
  5. If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
  6. You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.
  7. If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
  8. If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
  9. If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.
  10. Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.

 

Last updated: October 2023