Privacy Policy and Disclaimer

Privacy Policy

In accordance with the European General Data Protection Regulation (GDPR)

 

Contact of the responsible party

International Civil Society Centre gGmbH

Agricolastraße 26

10555 Berlin, Germany

T +49 30 20 62 46 97 11

F +49 30 20 62 46 97 19

E mail@icscentre.org

 

Contact of the data protection officer

Peter Koblowsky

Agricolastraße 26

10555 Berlin, Germany

T +49 30 20 62 46 97 22

E pkoblowsky@icscentre.org

 

General information on data processing via icscentre.org

This Privacy Policy explains how the International Civil Society Centre (in short: “the Centre”) uses your personal data an which rights and options you have in this respect. It applies to Personal Data you provide to the Centre or which is derived from such data and to all pages and online services hosted on icscentre.org, the homepage of the Centre. It does not apply to pages or services hosted by other organisations to which we may link and whose privacy policies may differ. Please note that where this Policy explains applicable law and your rights, this applies only to personal data which is processed under the EU General Data Protection Regulation (“GDPR”). Where the processing of your personal data is not subject to this regulation, different rules may apply und your applicable law.

We do not collect personal data such as name, address, email contact, etc. via our website unless you voluntarily decide to provide us with these dates through a purpose-bound online form – e.g. by signing up to one of our events.

We do not sell or rent web-generated mailing lists or other personally identifiable information. We do not provide mailing lists to outside commercial agencies. Personal data will only be forwarded to partners with prior information and consent of concerned parties.

The use of published contact details by third parties for the purpose of sending unsolicited advertisements is strictly opposed by us. As website provider, we reserve the right to take legal action in case of unsolicited emailing, spam or sending any kind of advertising information.

Who is responsible for your personal data?

We, International Civil Society Centre gGmbH, Agricolastraße 26, 10555 Berlin, Germany will be responsible controller for any personal data you provide to us in connection with our business relationship.

Which categories of Personal Data do we collect?

We may collect and process in particular the following categories of personal data:

  • Private or work contact information, such as full name, address, telephone number, mobile phone number, fax number and email address, mobile device unique identifier and the IP address of your computer if you use our services online;
  • Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
  • Further business information necessarily processed in a business or other contractual relationship with the Centre or voluntarily provided by you, such as purchases, services and other business activities, feedback and any other information you may provide to us;
  • Information about your interests and preferences and other information obtained by website analytics tools, in particular your activities when you use our websites, or products or other services we offer to you online (such as downloadable content). This may include information about which content you download, click or view for how often and how long; (see section below on Google Analytics)
  • Special categories of Personal Data. In connection with the registration for and provision of access to an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.

For which purposes do we use your personal data?

We will process your personal data strictly only for the following purposes (“Permitted Purposes“):

  • Planning, performing, managing and administering your (or a third party’s to whom you are related) contractual business relationship with the Centre, e.g. by processing payments, performing accounting, auditing, billing and collection activities, providing support services or providing you with other services or things you may have requested;
  • Maintaining and protecting the security of our services and websites or other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
  • Ensuring compliance with our legal and regulatory obligations. This may include sales record keeping obligations for tax or other purposes and sending required notices or other disclosures, compliance screening or recording obligations.
  • Informing you, where permitted in accordance with local laws, within an existing business relationship about the Centre’s services which are similar or relate to such services which have already been purchased or used within that business relationship; or
  • Solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims.

Where you have expressly given us your consent or otherwise legally permitted, we may process your personal data also for the following purposes:

  • Communicating with you through the channels you have approved to keep you up to date on the latest announcements and other information about the Centre’s services (including marketing-related newsletters) as well as events and projects of the Center; Website visitors of the Centre have the chance to enrol for the newsletter of the Centre by indicating their email address, being verified by double opt-in. The newsletter contains updated information on current and planned activities, events, and achievements of the International Civil Society Centre and its core clientele;
  • Administrating and performing customer surveys, marketing campaigns, market analysis, or other promotional activities or events or
  • Automated processing: Collecting information about your preferences on the basis of your activities when you use our websites and any services we offer to you online (such as downloadable content or newsletter). The logic behind these automated activities is to identify areas of interest for our customers and to help to analyse how users use our online services, and thereby enable us to offer improved products.

Where your explicit permission is required for any marketing-related communication, we will only provide you with such information if you have opted in. You may opt out at any time if you do not want to receive any further marketing-related types of communication from us. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.

Legal basis for the procession of personal data

The legal bases for processing of your personal data are set forth in Article 6 of the GDPR. Depending on the above purposes for which we use your personal data, the processing is either necessary for the performance of a contract or other business agreement with the Centre or for compliance with our legal obligations or for purposes of legitimate interests pursued by us or a third party, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.

How do we collect and use personal data?

We will typically collect your personal data directly from you when you interact with us, e.g. when you visit our website, communicate with us in relation to our services, request a service, register to receive our newsletter or other specific marketing material or participate in our customer surveys.  We do not obtain personal data from third parties on a commercial basis.

Where do we process your personal data?

In the course of our business activities, we may transfer your personal data also to recipients in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into the EU Standard Contractual Clauses. These clauses are available here:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

You may contact us anytime using the contact details below if you would like further information on such safeguards.

Deletion of personal data

We will hold your personal data as long as required to provide you with the services or information you have requested and to execute and administer your business relationship with us. If you have asked us not to communicate with you, we will hold this information as long as required to comply with your request. We are also required to keep certain of your personal data (e.g. relating to business or tax relevant transactions) for certain retention periods under applicable law. Your personal data will be promptly deleted when it is no longer required for these purposes.

If you would like your record to be deleted earlier by the Centre, please notify us accordingly by contacting mail@icscentre.org.

With whom do we share your personal data?

We may share your personal data as follows:

  • We may instruct service providers (so called data processors) within or outside of the Centre, domestically or abroad, e.g. shared service centers or cloud providers, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. The Centre will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
  • With courts, regulators, law enforcement or other competent authorities or attorneys if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
  • With credit reference agencies and other companies for use in credit decisions, for fraud prevention and to collect debts.

Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.

If you would like your data to be shared with other participants of a workshop, you will need to explicitly consent hereto. Such consent can be withdrawn at any time by contacting the Centre through mail@icscentre.org.

Newsletter mailing related to the enrolment to an event or programme

As a matter of mutual interest, the Centre contacts former participants of its workshops and/or registered members of a project the Centre conducts via its newsletter to inform them about upcoming programmes in a related contextual framework to keep them updated if the legal basis for such contacting is provided.

If consent for the newsletter mailing is provided a revocation of this consent can be forwarded to the Centre any time by sending an email to mail@icscentre.org or through the “unsubscribe” link in the newsletter itself.

Work group pages

In some meeting formats, participants will automatically be granted access to a Centre online work group page that is hosted via Microsoft Office 365 (and not via icscentre.org). The only personal data of participants used by the Centre to create access is a work email address. Participants have the option to choose the Screen Name under which they want to appear in this work group and also to choose their password. Contributions in this work group are not visible to the public. For access to and data submitted at the external online platform, the privacy regulations of the service provider Microsoft apply. We inform you that the data exchange with Microsoft conducted by the Centre is regulated via the EU standard clause for the transfer of personal data to third countries. (The servers at which your personal data is stored for the above context are located within the EU.)

Job application

In regular intervals, the Centre will post job advertisements via its web page. On the website, users have the exclusive possibility of applying directly for the free position via a SSL-secured web form. The web form does not ask for any specific data / information to be uploaded other than the standard information needed for job applications: a personal motivation letter and a CV.

The data received via the web form will be deleted once the intended purpose has been achieved (the latest after three months).

We will not use your personal data for taking any automated decisions affecting you or creating profiles.

The legal bases for processing of your personal data are set forth in Article 6 of the European Data Protection Regulation. Depending on the above Permitted Purposes for which we use your personal data, the processing is either necessary for the performance of your application, freelancing or other agreement with the Centre, necessary for compliance with our legal obligations (e.g. to keep pension records or records for tax purposes) or necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.

Automatic detection of personal data through the interaction with our website

The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The temporary storage of such data, in particular the IP address of the user, is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.

Use of cookies

The websites run by the Centre use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to the regulations of GPDR. The website operator has a legitimate interest in the storage of cookies to ensure an optimised service provided free of technical errors. If other cookies (such as those used to analyse your surfing behaviour) are also stored, they will be treated separately in this privacy policy (see next section on Google Analytics).

 Use of Google Analytics

Click here to opt-out of Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. However, on this website Google Analytics is supplemented by the code “_ anonymizeIp” which is provided by Google in order to ensure that IP addresses are captured in anonymised form. Before transfer, the last two digits of the IP address are shortened to make it impossible to identify the user. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection and use of data (cookies and IP address) through Google by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB. You can refuse the use of Google Analytics by clicking on the Opt Out Links that we have provided in the footer section of the websites that are controlled by the Centre. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting each of these websites.

Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/.

Your data protection rights

Subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. In particular you have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 of the EU General Data Protection Regulation for details on your data protection rights.

If you have given us your consent for the processing of your personal data, you may withdraw your consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. If you withdraw your consent, we will only continue processing your personal information where there is another legal ground or where we are legally required to do so.

For any of the above requests, please send a description of your personal data concerned stating your name and a proof of identity to mail@icscentre.org. We may require additional proof of identity to protect your personal data against unauthorised access. We will carefully consider your request and may discuss with you how it can best be fulfilled.

If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact us at the contact details below to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the competent data protection supervisory authority in your country. For example, if you are from Germany, you may contact the Bundesdatenschutzbeauftragte Office via their website (www.bfdi.de).

Data Security

We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will at all times strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.

We would like to express that in general there are inherent security risks when transmitting data via the internet, such as emails or signing up to websites by using personally identifiable information. This implies security vulnerabilities as it is impossible to safeguard entirely against unauthorised access by third parties.

 

We also do everything in our power to protect user-information offline. All of your information is restricted. Only employees who need the information to perform a specific job are granted access to personally identifiable information.

 

We take data security very seriously. We go through audits on a regulary basis (e.g. a SAFETAG audit, conducted by AccessNow in 2018). Detected security flaws in the physical and virtual infrastructure will be addressed promptly.

 

Are you required to provide personal data?

As a general principle, you will provide us with your personal data entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide personal data. However, there are circumstances in which the Centre cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for the Centre to provide you with what you request without the relevant personal data.

 

What if I’m under 16?

If you are under 16, please make sure that you obtain your parent/guardian’s permission prior to providing us with any of your personal data. Persons under the age of 16 are not permitted to provide us with their personal data without such consent.

 

Changes to this Notice

This Data Privacy Notice was last updated in [May 2018]. From time to time, we may make change or amend it as required to reflect any changes to the way in which we use your personal data or changing legal requirements. So you may wish to check back from time to time or whenever you make available personal data to us. Any amended Data Privacy Policy will apply from the date it is posted on our website.