This section provides you with information on how personal data are processed by the operator of the website, the Office of the CDR Initiative.
Personal data are information about or relating to a person (e.g. name, address, postal address, telephone number, IP address) that can be used to ascertain the identity of that person. Personal data are any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly – in particular by linking them to an identifier such as a name, identification number, location data or an online identifier.
1. Controller and data protection officer
Controller pursuant to General Data Protection Regulation (GDPR)
Office of the CDR Initiative
ConPolicy - Institute for Consumer Policy
Tel: +49 (0)30 / 235 9116 – 60
Fax: +49 (0)30 / 235 9116 – 69
2. Data processing for visits to this website
Every time you visit our website, data is collected that are necessary for security reasons and to provide and optimise a functional website as well as our content and services. These include the following:
- your IP address,
- name of the file accessed,
- date and time of access,
- amount of data transmitted,
- notification of whether the file was accessed successfully.
The data are temporarily processed in a log file. Prior to storage, each data record is anonymised by changing the IP address.
The anonymised data are stored on a server provided by „webhub GmbH“ past the time of your visit to the website. These data are analysed and are required in the event of attacks on the communications technology.
Data collected from visits to the website www.cdr-initiative.de and stored in log files are shared with third parties only if we are legally obliged to do so, or if needed for legal or criminal proceedings in cases of attacks. Otherwise, these data are not shared with third parties.
Accessing individual pages generates transient cookies to facilitate navigation. These session cookies contain no personal data and expire at the end of the session.
The website does not make use of technology that allows user access behaviour to be monitored, such as Java applets or activeX controls.
3. Web analytics with Fathom
The use of this analysis tool is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. Fathom’s data protection policy
4. Processing of personal data when you submit details and make enquiries
Whenever you submit details or make enquiries, we only process the data that are necessary to communicate with you and to appropriately document the administrative activities of the Office of the CDR Initiative. This includes in particular personal information (e.g. surname, first name, address, e-mail address, etc.) that we have directly received from you, as well as information about the method you chose to contact us. The processing of this data is necessary in carrying out our responsibilities (see Article 6 (1) (e) and (3) (b) of the General Data Protection Regulation (GDPR) in conjunction with section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)).
We will only share the data received from you with third parties if you have given your explicit consent thereto, or if we are required to do so by law or by reason of a court decision. The storage of submitted details and enquiries in electronic form – as well as in paper form – is carried out in accordance with the relevant statutory periods. As a rule, the respective retention periods are 10 years.
a) Newsletter mailing
If you sign up to be on the CDR Initiative's newsletter mailing list, your e-mail address, your choice of newsletter and your individually selected user name (optional) will be stored on a server. The processing of the data is carried out on the basis of your consent pursuant to Article 6 (1) (a) GDPR. We use these data to send out the newsletters. We do not share your data with third parties and do not use them for any other internal purposes.
When you register, your data are stored on our server and an e-mail confirming the registration is sent to the e-mail address you provided; this e-mail contains a link which you must click on in order to finalise the registration. If you do not click on the link to finalise registration, the data will be deleted after 24 hours. Furthermore, if you choose to cancel the newsletter subscription, your data will be deleted immediately.
b) Event registration
On our registration page you can register for a specific event. For this we need your personal data (title, name, organization, email address). The information for the items marked as mandatory fields are required so that we can write to you correctly and send you the access data before the event. We process the remaining voluntary information in order to improve our public relations work and, if necessary, to better address interested groups. With the registration you also assure that you only enter your own data. For certain events, further personal data may be requested due to organizational, contractual and/or legal requirements, such as health data (e.g. in the context of current hygiene and protection regulations, in the case of food intolerance), nationality or identification data.
Your data will be used exclusively for the specific event and will only be processed for as long as it is required for the implementation of our event. Upon completion of the event, the personal data will be irrevocably deleted after a maximum of six weeks. Exceptions exist only if you have registered for the newsletter.
As part of our press and public relations work, pictures and films are taken at events, on which you may be recognizable. You can object to the recording and/or publication on the Internet and in social media. Please use the above contact details of the CDR Initiative office for your objection.
The processing of your data in the context of a registration is necessary for the implementation of the event. The basis of the data processing is thus Art. 6 para. 1 lit b) GDPR (contract performance as well as pre-contractual measures).
For the organization and implementation of events and participant management, we work with external service providers. If personal data must be processed in the process, we have taken technical and organizational measures to ensure that the regulations on data protection are also observed by the external service providers. In individual cases, depending on the event, it may be necessary for a main service provider to award further contracts to subcontractors with whom an order processing contract has also been concluded. Any further transfer of personal data to other recipients will only take place if you have expressly consented or if we are obliged to do so by a legal provision or court order.
5. Rights of data subjects
Responsibility for the processing of personal data lies with the Office of the CDR Initiative. Data subjects therefore have the following rights under the GDPR:
a) Right of access – Article 15 GDPR
The right of access gives data subjects comprehensive access to data concerning them and to several other key criteria, such as the purpose of processing or the duration of storage. Exceptions to this right are governed by section 34 BDSG (Federal Data Protection Act).
b) Right to rectification – Article 16 GDPR
The right to rectification enables data subjects to have inaccurate personal data concerning them corrected.
c) Right to erasure – Article 17 GDPR
The right to erasure enables data subjects to have the controller erase personal data concerning them. However, such data may be erased only if they are no longer necessary, if they were processed unlawfully, or if consent to their processing has been withdrawn. Exceptions to this right are governed by section 35 BDSG.
d) Right to restriction of processing – Article 18 GDPR
The right to restriction of processing enables data subjects to temporarily prevent further processing of personal data concerning them. Such restrictions mainly occur during the examination period of other rights being exercised by the data subject.
e) Right to data portability – Article 20 GDPR
The right to data portability enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to have this data transmitted to another controller.
f) Right to object – Article 21 GDPR
The right to object enables data subjects to object in a particular situation to further processing of personal data concerning them where such processing is based on the performance of public responsibilities or on public or private interests. According to section 36 BDSG, this right does not apply if the respective public body is obliged by law to process the data.
g) Right to withdraw consent
If the personal data are processed on the basis of your consent (Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of the processing based on your provided consent remains unaffected until notification has been received that your consent has been withdrawn.
6. Possibility to submit a complaint
You can submit a complaint regarding the processing of data by the Office of the CDR Initiative to the Berlin Commissioner for Data Protection and Freedom of Information. He can be reached as follows:
Berlin Commissioner for Data Protection and Freedom of Information
Phone: +49 (0)30 13889-0
Fax: +49 (0)30 21550