Skip to content

Data protection policy

This section provides you with information on how personal data are processed by the operator of the website, the Office of the CDR Initiative.

Personal data are information about or relating to a person (e.g. name, address, postal address, telephone number, IP address) that can be used to ascertain the identity of that person. Personal data are any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly – in particular by linking them to an identifier such as a name, identification number, location data or an online identifier.

1. Controller and data protection officer

Controller pursuant to General Data Protection Regulation (GDPR)

Office of the CDR Initiative
operated by
ConPolicy - Institute for Consumer Policy
Crellestr. 28
10827 Berlin
Tel: +49 (0)30 / 235 9116 – 60
Fax: +49 (0)30 / 235 9116 – 69

2. Data processing for visits to this website

Every time you visit our website, data is collected that are necessary for security reasons and to provide and optimise a functional website as well as our content and services. These include the following:

  • your IP address,
  • name of the file accessed,
  • date and time of access,
  • amount of data transmitted,
  • notification of whether the file was accessed successfully.

The data are temporarily processed in a log file. Prior to storage, each data record is anonymised by changing the IP address.

The anonymised data are stored on a server provided by „webhub GmbH“ past the time of your visit to the website. These data are analysed and are required in the event of attacks on the communications technology.

Data collected from visits to the website and stored in log files are shared with third parties only if we are legally obliged to do so, or if needed for legal or criminal proceedings in cases of attacks. Otherwise, these data are not shared with third parties.

Accessing individual pages generates transient cookies to facilitate navigation. These session cookies contain no personal data and expire at the end of the session.

The website does not make use of technology that allows user access behaviour to be monitored, such as Java applets or activeX controls.

3. Web analytics with Fathom

This website uses the web analytics service Fathom. Fathom does not use cookies and does not store any personal information about you.

The use of this analysis tool is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. Fathom’s data protection policy

4. Processing of personal data when you submit details and make enquiries

Whenever you submit details or make enquiries, we only process the data that are necessary to communicate with you and to appropriately document the administrative activities of the Office of the CDR Initiative. This includes in particular personal information (e.g. surname, first name, address, e-mail address, etc.) that we have directly received from you, as well as information about the method you chose to contact us. The processing of this data is necessary in carrying out our responsibilities (see Article 6 (1) (e) and (3) (b) of the General Data Protection Regulation (GDPR) in conjunction with section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)).

We will only share the data received from you with third parties if you have given your explicit consent thereto, or if we are required to do so by law or by reason of a court decision. The storage of submitted details and enquiries in electronic form – as well as in paper form – is carried out in accordance with the relevant statutory periods. As a rule, the respective retention periods are 10 years.

a) Newsletter mailing

If you sign up to be on the CDR Initiative's newsletter mailing list, your e-mail address, your choice of newsletter and your individually selected user name (optional) will be stored on a server. The processing of the data is carried out on the basis of your consent pursuant to Article 6 (1) (a) GDPR. We use these data to send out the newsletters. We do not share your data with third parties and do not use them for any other internal purposes.

When you register, your data are stored on our server and an e-mail confirming the registration is sent to the e-mail address you provided; this e-mail contains a link which you must click on in order to finalise the registration. If you do not click on the link to finalise registration, the data will be deleted after 24 hours. Furthermore, if you choose to cancel the newsletter subscription, your data will be deleted immediately.

b) Event registration

On our registration page you can register for a specific event. For this we need your personal data (title, name, organization, email address). The information for the items marked as mandatory fields are required so that we can write to you correctly and send you the access data before the event. We process the remaining voluntary information in order to improve our public relations work and, if necessary, to better address interested groups. With the registration you also assure that you only enter your own data. For certain events, further personal data may be requested due to organizational, contractual and/or legal requirements, such as health data (e.g. in the context of current hygiene and protection regulations, in the case of food intolerance), nationality or identification data.
Your data will be used exclusively for the specific event and will only be processed for as long as it is required for the implementation of our event. Upon completion of the event, the personal data will be irrevocably deleted after a maximum of six weeks. Exceptions exist only if you have registered for the newsletter.
As part of our press and public relations work, pictures and films are taken at events, on which you may be recognizable. You can object to the recording and/or publication on the Internet and in social media. Please use the above contact details of the CDR Initiative office for your objection.
The processing of your data in the context of a registration is necessary for the implementation of the event. The basis of the data processing is thus Art. 6 para. 1 lit b) GDPR (contract performance as well as pre-contractual measures).
For the organization and implementation of events and participant management, we work with external service providers. If personal data must be processed in the process, we have taken technical and organizational measures to ensure that the regulations on data protection are also observed by the external service providers. In individual cases, depending on the event, it may be necessary for a main service provider to award further contracts to subcontractors with whom an order processing contract has also been concluded. Any further transfer of personal data to other recipients will only take place if you have expressly consented or if we are obliged to do so by a legal provision or court order.

5. Rights of data subjects

Responsibility for the processing of personal data lies with the Office of the CDR Initiative. Data subjects therefore have the following rights under the GDPR:

a) Right of access – Article 15 GDPR

The right of access gives data subjects comprehensive access to data concerning them and to several other key criteria, such as the purpose of processing or the duration of storage. Exceptions to this right are governed by section 34 BDSG (Federal Data Protection Act).

b) Right to rectification – Article 16 GDPR

The right to rectification enables data subjects to have inaccurate personal data concerning them corrected.

c) Right to erasure – Article 17 GDPR

The right to erasure enables data subjects to have the controller erase personal data concerning them. However, such data may be erased only if they are no longer necessary, if they were processed unlawfully, or if consent to their processing has been withdrawn. Exceptions to this right are governed by section 35 BDSG.

d) Right to restriction of processing – Article 18 GDPR

The right to restriction of processing enables data subjects to temporarily prevent further processing of personal data concerning them. Such restrictions mainly occur during the examination period of other rights being exercised by the data subject.

e) Right to data portability – Article 20 GDPR

The right to data portability enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to have this data transmitted to another controller.

f) Right to object – Article 21 GDPR

The right to object enables data subjects to object in a particular situation to further processing of personal data concerning them where such processing is based on the performance of public responsibilities or on public or private interests. According to section 36 BDSG, this right does not apply if the respective public body is obliged by law to process the data.

g) Right to withdraw consent

If the personal data are processed on the basis of your consent (Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of the processing based on your provided consent remains unaffected until notification has been received that your consent has been withdrawn.

6. Possibility to submit a complaint

You can submit a complaint regarding the processing of data by the Office of the CDR Initiative to the Berlin Commissioner for Data Protection and Freedom of Information. He can be reached as follows:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Phone: +49 (0)30 13889-0
Fax: +49 (0)30 21550

7. Social media integration: YouTube

Consent for third-party content: Users also have the option of permanently consenting to the display of embedded content from third-party providers. Once selected, this option is then permanently stored in the user's internet browser. Consent can be revoked here at any time:

Details of individual third-party providers: You can consult the data protection information of the individual third-party providers using the following links.

YouTube Content from YouTube: Via the YouTube player, videos are integrated into the website. For Google's data protection information, please see here.

Inhalte von Youtube: Mit dem YouTube-Player werden Videos in das Internetangebot integriert. Zu den Datenschutzhinweisen von Google:

8. Information on the use of cookies

Extent of processing of personal data

We integrate and use cookies on various pages in order to enable certain functions on our website and to integrate external web services. Cookies are small text files that your browser can store on the device you are using to access the website. These text files contain a unique string of characters that clearly identifies the browser when you return to our website. The process of saving a cookie file is also referred to as "setting a cookie". Cookies can be set both by the website itself and by external web services.

Legal basis for the processing of personal data

Article 6(1)(f) of the GDPR (legitimate interest), Article 6(1)(a) and Article 9(2)(a) of the GDPR (consent).

The relevant legal basis is set out in the cookie table below.

In general, where cookies are used on the basis of a legitimate interest, our legitimate interest is to ensure the functionality of our website and the services it hosts (technically necessary cookies). Additionally, the cookies may serve to increase the user-friendliness of the website and to make it possible to address visitors more individually. Here we have struck a balance between your interests and our interests.

Through the use of cookie technology, we can only identify, analyse and trace individual website visitors if the website visitor has consented to the cookie being used in accordance with Article 6(1)(a) of the GDPR.

Purpose of data processing

The cookies are set by our website or by external web services to maintain the full functionality of our website, to improve user-friendliness or to pursue the stated purpose with your consent. Cookie technology also enables us to recognise individual visitors using pseudonyms, such as an individual or random ID, so that we can offer more individual services. Details are provided in the table below.

Term of the storage

The cookies listed below are stored in your browser until they are deleted or, in the case of a session cookies, until the session has expired. Details are provided in the following table:

Cookie name




Website operator


This cookie is required for our website’s functioning. Without this cookie, it is not possible to use our website.

Legal basis

Legitimate interest

Retention period



Basis functionality

Cookie name




Website operator


This cookie is required for our website’s functioning. Without this cookie, it is not possible to use our website.

Legal basis

Legitimate interest

Retention period



Basic functionality

Cookie name




Website operator


Cookie that stores the user's decision about the cookie banner.

Legal basis

Fulfilment of legal obligations

Retention period

Approx. 12 months


Cookie banner

9. Cookie settings

© 2024 Office of the CDR Initiative