1. Controller responsible for data processing and its data protection officer
This website and the services offered on it are operated by the processor:
VDI Zentrum Ressourceneffizienz GmbH
(hereinafter ‟VDI ZRE”)
on behalf of the Federal German Ministry for the Environment, Nature Conservation and Nuclear Safety (BMU). BMU is the controller responsible for data processing. Contact details of the controller are: Email: poststelle[at]bmu.bund.de, Mail: Stresemannstraße 128 - 130, 10117 Berlin, Phone: +49 (0) 30 18 305-0.
The data protection officer of BMU is Dr. Marcus Schroeder, who can be contacted per mail under the same address as BMU, by phone under +49 (0) 30 18 305-4550 or via the contact form on the Website of BMU: https://www.bmu.de/en/federal-environment-ministry-disclaimer-and-privacy-policy/.
2. General information
Our goal when developing this website was to ensure that we collect as little of your data as possible. You can, in principle, visit our website without having to provide us with any personal data. Your personal data will not need to be processed unless and until you decide to use a specific service (e.g. a contact form). We always ensure that any processing of your personal data complies with the applicable legislation or is based on your explicit consent. We apply the rules set out in the GDPR which entered into effect on 25 May 2018 as well as the relevant domestic legislation, including the Federal Data Protection Act, the Telemedia Act and other more specialized laws.
‟Personal data” means any information relating to an identified or identifiable natural person (‟data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‟Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‟Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
‟Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‟Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‟Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‟Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‟Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
‟Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subjectʼs wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
In certain circumstances we will collect specific personal data when you visit our website, for which we require your consent. We will, for instance, collect your persona data if you use our contact form to write to us. We also need your consent to set cookies which are not strictly technically necessary to operate the website.
Declaration of consent
5. Processing of personal data: purpose and legal basis
Your personal data are always processed for a specific purpose. In sum, we process your personal data for the following purposes:
· to be able to process your contact request (e.g. email address, first name, family name)
· to monitor the activities of the project “Kompetenzzentrum für Ressourceneffizienz“ in regard to general contact requests, communications and the provision of information
· for the technical implementation of our website and to be able to provide you with information from and around the project “Kompetenzzentrum für Ressourceneffizienz“ on this website (e.g. IP address, cookies, browser information)
The specific purposes are described in the relevant sections below (e.g. regarding the contact form, web analysis).
The following applies with regard to the legal basis for the processing of your personal data:
Where the processing of personal data is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract with us, the processing is based on point (b) of Article 6(1) of the GDPR. If we obtain your consent to the processing of your personal data, in accordance with point (a) of Article 6(1) of the GDPR, your consent forms the legal basis for the data processing. Data processing is also permissible when we process your data based on a necessity for the performance of a task carried out in the public interest within the meaning of point (e) of Article 6(1) of the GDPR, except where these are overridden by your interests or fundamental rights and freedoms in relation to the processing of your personal data. In this case, the public interest derives from the successful implementation of the German Sustainability and Resource Efficiency Policy. A further legal basis is the necessity for compliance with a legal obligation to which the controller (or its processor) is subject according to point (c) of Article 6(1) of the GDPR. Where we task external service providers with the data processing, your personal data are processed on the basis of Article 28 of the GDPR.
6. Collection of personal data
When you use our website merely for informational purposes, that is if you do not register or transmit information for another reason, we only collect those personal data which your browser transmits to our server. Whenever you view content on our website, we collect the following data for technical reasons so as to be able to display our website and to ensure its stability and security (the legal basis being point (e) of Article 6(1) GDPR):
- IP address
- date and time of request
- time zone difference to Greenwich Mean Time (GMT)
- content of page requested (specific page)
- access status/HTTP status code
- data volume transmitted in each instance
- website making request
- operating system and interface
- browser software language and version
Our website collects and stores information using browser cookies.
What are cookies?
Cookies are small text files which are stored on your medium and save certain settings and data which your browser shares with our system. A cookie generally contains the name of the domain from which the cookie data were sent, information about the age of the cookie and an alphanumerical identifier.
- Cookies enable our systems to recognize a userʼs device and make any default settings immediately available. As soon as a user accesses the platform, a cookie is transmitted to the hard drive on the userʼs device. Cookies help us to improve our website and to offer you a better, tailor-made service. They enable us to identify your computer or (mobile) device if you return to our website as well as to store information about your preferred activities on our website and to gear our website to your specific interests
- to speed up the processing of your requests.
We cooperate with third-party providers which support us in making our website and the services we offer on it more interesting for you. That is why these partner companiesʼ (third-party providersʼ) cookies are eventually stored on your hard drive when you visit our website. These cookies are automatically deleted after a specified period.
Cookies that are strictly technically necessary to operate the website are set on the legal basis of point (e) of Article 6(1) of the GDPR, when you access our website. The public interest derives from the necessity to provide content on websites contributing to the implementation of the German Sustainability and Resource Efficiency Policy. The eventual use of further cookies usually presupposes your consent, that you can give or withdraw at any time by using the cookie-mask which is particularly provided for this purpose. The legal basis therefore is point (a) of Article 6(1) of the GDPR. Cookies for which your consent is required will not automatically be set at the moment you access the website. This can lead to limitations concerning the basically available bundle of possible functions provided by the website.
The outline below lists all the cookies we use:
Cookie-Consent with Cookiebot
Our website uses the Consent Management-Plattform Cookiebot of the enterprise Cybot to receive your consent to save specific cookies in your browser and to document it according to the current data protection regulation. This technology is provided by the enterprise Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereafter “Cybot”).
When you access our website, Cookiebot-/ Cybot-Cookies will be saved in your browser. They contain stored information about the consent you gave or its withdrawal for certain cookies. Cybot doesn’t sell, trade or transfer personal data to third parties, but may transfer data to trustworthy partners or subcontractors. Data is also transferred in case of necessity to do so according to current regulation.
The stored data is exclusively processed in the European Economic Area. It is hosted in an Azure data processing centre of the cloud computing service provider of Cybot (Microsoft Ireland Operations Ltd in Dublin). You can get information about the “Azure Regions” under azure.microsoft.com/de-de/global-infrastructure/regions/ . Cookiebot will delete all end user data 12 months after registration or directly after the cancellation of the Cookiebot-Services.
The stored data will be saved until you request us to delete it or until you delete the Cookiebot-/ Cybot-Cookies by yourself or in case the purpose for the data storage has expired. Retention periods laid down in legal regulations remain unaffected. You can find detailed information about the processing of data by Cookiebot-/ Cybot-Cookies under www.cookiebot.com/de/privacy-policy/ and www.cookiebot.com/de/cookie-declaration/
Can I decide whether or not cookies are used?
Should you not wish browser cookies to be used, you can set your browser to not accept cookies. Please note, however, that if you do so then you may not be able to use all the features on our website. If you only wish to accept our own cookies but not those of our service providers or partners, please select ‟Block third-party cookies” in your browser. We accept no responsibility for the use of third-party cookies.
8. How to contact us (using the contact form)
There are various ways in which you can contact us. When you contact us, we will store the personal data you transmit to us so as to be able to respond to all general enquiries sent to the VDI ZRE via the online contact form or publicly available email addresses by telephone, email or the online form. The first purpose of this data processing is to be able to handle each contact request and all communications resulting from it. The second purpose is to monitor the activities of the project „Kompetenzzentrum für Ressourceneffizienz“. This monitoring serves the following purposes: project reporting to demonstrate the proper use of public funds; external project evaluation to analyse the effective use of public funds; and internal adjustment and optimization of the range of services offered.
The legal basis for data processing when responding to contact requests is the data subjectʼs consent to data processing for the aforementioned purposes in accordance with point (a) of Article 6(1) of the GDPR. Only an email address and the content of the email are required to be able to deal with a request. Should you wish to, you can also transmit your first name and family name for the same purpose and so that you can be addressed by name. The retention period for personal data for the aforementioned purpose is first and foremost determined by the duration of the communications with the VDI ZRE resulting from your contact request. Personal data is deleted in the event that information relevant to the monitoring is extracted within an implementation period of one year after the end of the duration of the project „Kompetenzzentrum für Ressourceneffizienz“ at the latest.
The legal basis for data processing for the purpose of project monitoring is the necessity for the performance of a task carried out in the public interest within the meaning of point (e) of Article 6(1) of the GDPR. The public interest derives from the necessity to document the activities of this implementation mechanism of the German Sustainability and Resource Efficiency Policy, carried out on behalf of the Federal German Ministry of the Environment. Data which may possibly be stored at a later point in time for monitoring purposes are anonymized, i.e. can no longer be attributed to a specific data subject and are no longer subject to the provisions of the GDPR.
9. Third-party services and content
Our website uses the content, services and deliverables of other providers. This includes videos supplied by YouTube. It is essential that the userʼs IP address is transmitted so that these data can be called up and displayed in a userʼs browser. Providers (‟third-party providers”) are therefore aware of each userʼs IP address.
Although we make every effort only to use third-party providers which need an IP address solely in order to be able to deliver content, we have no influence on whether that IP address is stored or not. This then serves statistical purposes, for instance. Should we learn that the IP address is in fact stored, we will inform you of that fact.
Use of YouTube
Our website uses YouTube embedded links in order to be able to embed and display video content. YouTube is operated by Google. The provider of the video portal is YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. If you are located within the European Economic Area or Switzerland, Google Ireland Limited – Gordon House, Barrow Street, Dublin 4, Ireland – is the company related with Google, which is responsible for processing your data and for compliance with the relevant data protection regulation.
When you access a page with an integrated YouTube iFrame, a connection is established to YouTubeʼs servers. YouTube then knows which of our websites you have called up.
YouTube can directly link your surfing behaviour to your personal profile if you are logged in to your YouTube account. You can prevent this occurring by first logging out of your account.
Wherever your consent is legally required for the setting of individual cookies, the cookies will not be set without your consent. In these cases point (a) of Article 6(1) of the GDPR is the legal basis for data processing. Some of the functions and features of our website may not function at all or not function in an appropriate way if the users’ consent for the associated data processing is not given.
Use of Google Maps
Our website uses Google Maps to incorporate and display map content. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Whenever you make use of an embedded map provided by Google Maps your IP address will be recorded. This information is generally transmitted to and stored on one of Googleʼs servers in the United States. Google then knows your IP address, even if you have no user account which you have logged in to. If you are logged in to your user account, Google can directly link your surfing behaviour to your personal profile. You can prevent this occurring by first logging out of your account. The provider of this page has no influence on this data transmission.
We use Google Maps in the interests of presenting our online services in a visually appealing way and to ensure that the places we cite on our website are easy to find. Wherever your consent is legally required for the setting of individual cookies, the cookies will not be set without your consent. In these cases point (a) of Article 6(1) of the GDPR is the legal basis for data processing. Some of the functions and features of our website may not function at all or not function in an appropriate way if the users’ consent for the associated data processing is not given.
Use of Matomo
Our website uses the open source web analytics software Matomo.
The information concerning the use of this website which is stored in the Matomo cookie is not disclosed to others.
The „Kompetenzzentrum für Ressourceneffizienz“ is a publicly funded project. For this reason it is necessary to collect evidence on the fact that the publicly funded offers are really used and that the spending of these public funds has had an impact. Tracking the usage of the website content is a precondition for a reliable project monitoring and the project’s proper evaluation. In consequence we kindly ask you to give us your consent to track your surfing behaviour on our website by using the cookie-mask integrated in this website.
10. Presence on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers also within social networks and to offer you further ways to contact us and to inform yourself about our offers. In the following, we inform you about which data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.
Data that we process from you
If you wish to contact us via Messenger or via Direct Message via the respective social network, we generally process your user name via which you contact us and, if applicable, store further data provided by you insofar as this is necessary to process/respond to your request.
The legal basis is Art. 49 (1) sentence 1 a) GDPR (the transfer is based on your consent). If you contact us via the respective networks, you express your consent to the ensuing data processing.
(Static) usage data we receive from social networks
We receive automatically provided statistics concerning our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, information on page activities and post interactions, reach, video views, and information on the proportion of men/women among our fans/followers.
The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us via this.
What data the social networks process from you
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and, to this extent, no user account for the respective social network is required.
Insofar as you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.
We have no influence on the data processing by the social networks within the scope of their use by you. To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixel/web beacons and similar technologies), on the basis of which advertising based on your interests is played both within and outside the respective social network. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.
On our sites we use depictions of social media buttons in form of a static link to our social media presences on the respective platforms. For this website these are the following:
YouTube – More information: policies.google.com/privacy
Twitter – More information: twitter.com/de/privacy
LinkedIn – More information: www.linkedin.com/legal/privacy-policy
Xing – More information: https://privacy.xing.com/de/datenschutzerklaerung
Type and scope of processing
We have integrated YouTube Video on our website. YouTube Video is a component of the YouTube, LLC's video platform, where users can upload content, share it over the Internet, and receive detailed statistics.
YouTube Video allows us to integrate content from the platform into our website.
When you access this content, you connect to YouTube, LLC servers, , transmitting your IP address and, if applicable, browser data such as your user agent.
Purpose and legal basis
The use of this service aims at a low-threshold and attractive presentation of resource efficiency knowledge. The use of the service is based on your consent in accordance with Art. 6 sec. 1 lit. a. and Art. 49 sec. 1 lit. a. GDPR. Before you give your consent using the respective interface, no data is transferred.
11. Data security
Unfortunately, 100 per cent security can never be guaranteed whenever information is transmitted via the internet. That is why we are unable to guarantee the security of any data transmitted to our website via the internet.
However, we implement technical and organizational measures to safeguard our website against loss, destruction, access, amendment or dissemination of your data by unauthorized individuals.
In particular, we only transmit your personal data in encrypted form using the SSL/TLS (Secure Sockets Layer/ Transport Layer Security) coding system. We continuously improve our security measures in line with technological developments.
12. Rights of the data subject
You have the right
- under Article 15 of the GDPR to obtain confirmation as to whether or not we are processing personal data relating to you. More specifically, you have the right to information about the purposes for which your personal data are being processed; the category of personal data being processed; the categories of recipients to whom your personal data have been or will be disclosed; the envisaged period for which your personal data will be stored; the existence of the right to request correction or erasure of your personal data or restriction of the processing or to object to such processing; the right to lodge a complaint; where the personal data are not collected from the data subject, information as to their source; and the existence of automated decision-making, including profiling and, possibly, meaningful information about the logic involved;
- under Article 16 of the GDPR to obtain the immediate rectification and/or completion of incorrect or incomplete personal data concerning you;
- under Article 17 of the GDPR to the erasure of personal data concerning you which we have stored, unless they are required for the purposes of the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, on the grounds of a public interest or the establishment, exercise or defence of legal claims;
- under Article 18 of the GDPR to obtain restriction of the processing of your personal data where you contest the accuracy of the data, the processing is unlawful but you oppose the erasure and we no longer require the data but you require them for the establishment, exercise or defence of legal claims or you object to the processing in accordance with Article 21 of the GDPR;
- under Article 20 of the GDPR to data portability, that is the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and to have these transmitted to another controller;
- under Article 7(3) of the GDPR to withdraw your consent at any time. The consequence of withdrawal of consent is that we will in future no longer process those data on which the consent is based; and
- under Article 77 of the GDPR to lodge a complaint with a supervisory authority. You will usually be able to turn to the supervisory authority of your habitual residence, place of work or seat of our company.
- Right to object
In so far as your personal data are processed on the basis of a public interest pursuant to point (e) of Article 6(1) of the GDPR, you have the right, under Article 21 of the GDPR, to object to the processing of your personal data where grounds relating to your particular situation or the objection is directed against direct marketing. In the latter case you have the general right to object, which we will implement without you needing to cite any specific situation.
Should you wish to make use of your right to withdraw consent or to object, simply send an email to: datenschutz[at]vdi-zre.de or use the cookie mask in case of cookies.
13. Disclosure of personal data
Your personal data are disclosed as described in the following.
Our website is hosted by an external service provider based in Germany. This ensures that your data are processed within the European Economic Area. This is necessary in order to be able to operate the website and for the establishment, implementation and execution of the existing user contract. Your consent is not required.
Your data are disclosed where we are authorized or obliged on the basis of statutory provisions and/or official or court orders to pass on those data. This may, in particular, occur in the context of a criminal prosecution, to avert a threat or assert intellectual property rights.
Where the required data are transmitted to a service provider, the provider will only have access to your personal data to the extent necessary in the fulfilment of its tasks. The service provider is under the obligation to comply with data protection legislation, in particular the GDPR, when handling your personal data.
Over and above the aforementioned situations, we will not transmit any of your data to third parties without your consent. In particular, we will not transfer personal data to any offices in third countries or to any international organizations.
14. Retention period
Unless stated otherwise, processed personal data will always be deleted as soon as they are no longer required to fulfil the original purpose and no statutory retention period applies. Ultimately, the period for which your personal data will be stored is dictated by which statutory retention period applies. After the end of the respective period the relevant data are routinely deleted. Where statutory retention obligations apply, processing is restricted by means of blocking the data.
15. References and links
Third-party service providers may apply their own, different rules to the collection, processing and use of personal data. We therefore advise that you visit such third-party websites before entering personal data to find out how they handle personal data.
17. Data protection officer of the processor VDI ZRE
VDI ZRE has appointed a data protection officer:
As at: June 2020