is the data controller as defined in the EU General Data Protection Regulation (GDPR) and the national data privacy laws.
The data protection officer of the data controller is:
I) General information about data processing
1. The extent to which personal data is processed
We collect and use the personal data of users of our homepage only to the extent that this is necessary for keeping our website, contents and services functioning properly.
Basically, we collect and use our users’ personal data only after they give their consent. An exception to this principle applies in cases where processing the data by statutory provisions is permitted or when obtaining prior consent for actual reasons is not possible.
2. Legal basis for processing personal data
The legal basis for processing personal data is basically based on:
Art. 6 Section 1 lit. a GDPR upon obtaining the consent of the data subject.
Art. 6 Section 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary to carry out pre-contractual measures.
Art. 6 Section 1 lit. c GDPR for processing required to fulfill a legal obligation.
Art. 6 Section 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
Art. 6 Section 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest.
3. Data erasure and storage duration
The personal data of users will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Additional storage may be provided for by European or national legislators through EU regulations, laws or other regulations to which the data controller is subject. Blocking or deleting the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for additional storage of the data for concluding a contract or fulfilling the contract.
II) Use of our website, general information
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the user’s computer system. The following information is collected:
The user’s IP address
Date and time of access
The data described - with the exception of the user’s IP address or other data that allows data to be assigned to a user - are stored in our system’s log files. This data is not stored together with any other personal user data.
2. Purpose and Legal Basis for Data Processing
Our system must temporarily store user IP addresses to allow us to deliver our website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
The legal basis for the temporary storage of data is Art. 6 Section 1 lit. f GDPR.
Collecting your personal data to ensure our web presence is essential for operating our website. Therefore, the user has no contesting option.
3. Duration of Storage
Your data will be deleted as soon as it is no longer necessary for the purpose of the inquiry. Your data will be deleted when the session ends if your data has been collected to ensure the site’s availability.
III) General Information About Cookies
When you view the FIS website, some information may be stored on your computer. This information will be in the form of a ‘cookie’ or similar file and will allow the website to tailor the experience to your interests and preferences. With most Internet browsers, cookies can be blocked or erased after visiting a website.
Log-in information (only community members)
The legal basis for processing personal data using cookies is defined in Article 6 Section 1 lit. f GDPR. The purpose for using technically required cookies is to simplify the use of our website.
Please note that some functions on our website can only be offered if cookies are enabled. This applies to the following application:
- Remembering Keywords
We do not use user data collected by technically required cookies to create user profiles.
IV) Rights of the Data Subject
According to the EU General Data Protection Regulation, as an affected party you have the following rights:
1. Right to receive information
As the data controller, you have the right to receive information from us regarding processing personal data involving you.
In addition, you may request information about the following:
- The purpose of the data processing
- The categories of personal data that are processed
- The recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed
- The planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage
- The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller or concerned, or a right to object to such processing
- The existence of a right of appeal to a supervisory authority
- All available information on the source of the data if the personal data is not collected from the data subject
The existence of automated decision-making, including profiling according to Art. 22 Section 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and the intended effects of such processing on the data subject.
You also have the right to request information about whether your personal information is being transferred to a third country or to an international organization. In this case, you can obtain information about the appropriate guarantees in accordance with Art. 46 GDPR regarding such transfer.
You can claim your information right at: GDPR@fis.edu
If we process your personal data incorrectly or in an incomplete manner, then you have a right of correction/completion. The correction will be made immediately.
3. Right to restriction
- The right to limit the processing of your personal data may be asserted in the following cases:
- The accuracy of the personal data is contested for a period of time, enabling the data controller to verify the accuracy of the personal data.
- The processing is unlawful and deleting the personal data is rejected, whereby the restriction of the use of personal data is required.
- The data controller no longer needs the personal data for purposes of processing, but the data subject needs the data to assert, exercise or defend legal claims, or
- The data subject filed an objection to the processing pursuant to Art. 21 Section 1 GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.
If processing personal data concerning you has been restricted, such data—viewed separately from your data storage—may be stored only with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or important public interest of the Union or of a Member State.
If there is a processing restriction in accordance with the principles outlined, you will be informed before the restriction is lifted.
4. Right to delete
You can request that your personal data be deleted without delay for the the following reasons stated below. The data controller is obligated to immediately delete this data. These reasons include:
(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) The processing is based on a consent according to Art. 6 Section 1 lit. a or Art. 9 Section 2 lit. a GDPR protected and you revoke the consent. Another condition is that there is no other legal basis for the processing.
(3) You object to the processing (Art. 21 Section 1 GDPR) and there are no legitimate reasons for the processing. Another possibility is that you contest against the processing pursuant to Art. 21 Section 2 GDPR.
(4) The processing of your personal data is unlawful.
(5) Deleting personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 Section 1 GDPR.
If we have made personal data concerning you public and we are obligated to delete the data according to Art. 17 Section 1 of the GDPR, we shall take appropriate measures, while also taking into account the available technology and implementation costs, including those of a technical nature, to inform the data controllers who process the personal data, that you as the data subject have requested the deletion of all links to such personal data or of copies or replications of such personal data.
Please note that the right to delete does not persist as far as processing is required:
(1) to exercise the right of freedom of expression and information
(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or to exercise the official authority conferred on the controller
(3) for reasons of public interest in the field of public health pursuant to Art. 9 Section 2 lit. h and i and Art. 9 (3) GDPR
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Section 1 GDPR, to the extent that the law referred to in Section (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have asserted the right to rectify, delete or restrict the processing, we are obligated to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of effort. You also have the right to be informed about these recipients
6. Right to data portability
According to the GDPR, you have the right to obtain the personal data provided to us in a structured, understandable and machine-readable format. Furthermore, you have the right to transfer this data to another data controller without hindrance by the previous data controller who obtained the personal data, provided that the processing is based on consent as defined in Art. 6 Section 1 lit. a GDPR or Art. 9 Section 2 lit. a GDPR or on a contract acc. Art. 6 Section 1 lit. b GDPR and the processing is done using automated procedures.
Lastly, where technically feasible and without harm to the freedom and rights of others and as part of exercising the right of data transferability, you have the right that personal data related to you shall be transmitted directly from one controller to another.
The right to data portability does not apply to processing that personal data necessary for performing a task in the public interest or for exercising the official authority that has been delegated to the data controller.
7. Right to revoke the declaration of consent to data protection
You have the right to revoke your data protection declaration at any time. Please note that revoking consent does not affect the lawfulness of the processing carried out based on the consent until the revocation goes into effect.
8. Right to objection
Furthermore, for reasons based on your particular situation, you have the right at any time to file an objection to the processing of personal data relating to you, as it is defined in Art. 6 Section 1 lit. e or f GDPR. The right of objection also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and liberties, or the processing is for enforcing, exercising or defending legal claims.
If the personal data related to you are processed for advertising purposes, then you have the right to object at any time to your personal data being processed for such advertising. This also applies to profiling, as far as it is associated with such direct marketing. Your personal data will no longer be processed for direct marketing purposes if you object to your data being used for such purposes.
You have the right in connection with the use of information society services (despite Directive 2002/58) to exercise your right to object by using automated procedures that use technical specifications.
9. Automated decision on an individual basis, including profiling
Under the EU General Data Protection Regulation, you remain entitled not to be subjected to a decision based solely on automated processing - including profiling - which would have legal effect or would affect you in a similar manner. An exception to this principle, however, is when the decision
(1) is required for concluding or fulfilling a contract between you and the data controller,
(2) and is permissible based on Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is with your express consent.
If the processing is carried out in accordance with the cases mentioned in Section 1 and 3, then the data controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests. This includes at least the right to obtain the intervention of a person on the part of the data controller to state his own position and to contest the decision.
The ruling under (1) – (3) may not be based on special categories of personal data pursuant to Art. 9 Section 1 GDPR, unless Art. 9 Section 2 lit. a or g and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.
10. Right to complain to a supervisory authority
Finally, if you believe that the processing of personal data concerning you is contrary to the GDPR, you have the right to complain to a supervisory authority, in the Member State of its place of residence, employment or the location of the alleged infringement.
V) Electronic contact
You will find a contact form on our homepage that you can use to contact us electronically. The data entered into the input mask is transmitted to us and stored. This data includes:
Date and time of registration
It is also possible to contact us via our provided email address. In this case, the user’s personal data transmitted by email will be stored.
A transfer of your data to third parties will not take place in this context; this data will be used exclusively for processing the communication record.
The legal basis for processing the data is in submitting user consent as defined in Art. 6 Section 1 lit. a GDPR. The legal basis for processing the data transmitted while sending an email is Article 6 Section 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 Section 1 lit. b GDPR.
Processing personal data in this context is solely for processing the contact. In the case of contact via email, this also includes the required legitimate interest in processing the data.
If further personal data is processed during the sending process, then it serves only to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as the data is no longer necessary for achieving the purpose of the inquiry. Regarding the personal data from the input form on the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
You will have the opportunity to revoke your consent to the processing of personal data at any time. Even when contacting us by email, you can object to the storage of your personal data at any time. However, please note that in such a case, the conversation cannot continue.
All personal data stored while contacting will be deleted in this case.
VI) Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on your computer and they allow to analyze how you use the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and is stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and Internet usage to the website operator.
The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google.
You can prevent the storage of cookies by enabling a corresponding setting in your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension “_anonymizeIp().” As a result, IP addresses are processed shortened so that they cannot be related to any one particular person. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded, and the personal data will be deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. We use the statistics to improve our offer and make it more interesting for you as a user. Google has submitted to the EU-US Privacy Shield Framework for those exceptional cases in which personal information is transferred to the US. The legal basis for using Google Analytics is Art. 6 Section 1 p. 1 lit. f GDPR or, upon receiving user consent, as defined in Art. 6 Section 1 p. 1 lit. a GDPR.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: http://www.google.com/analytics/terms/de.html
Data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html
Data protection policy: http://www.google.de/intl/de/policies/privacy
This site also uses Google Analytics for cross-device analysis of visitor traffic and is conducted through the user ID. You can deactivate your cross-device analysis of your usage under “My Data,” then “Personal Data.”
VII) Social Media
1. Social media presence
We maintain fan pages within various social networks and platforms for communicating with customers, prospects and users who are active there and for informing them about our services.
We would like to point out that your personal data may be processed outside the European Union, which may pose risks to you (e.g. in enforcing your rights under European/German law). Please note that some US providers are certified under the Privacy Shield and are committed to respecting EU privacy standards.
These users’ data are usually processed for market research and advertising purposes. Thus, for example, user profiles are created based on the user’s behavior and interests. These usage profiles can in turn be used to do such things as place advertisements inside and outside the platforms that are allegedly in line with users’ interests. For these purposes, cookies are usually stored on the user’s computer where the user’s behavior and the user’s interests are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices that the users use (especially when the users are members of the respective platforms and are logged in).
Processing personal user data is based on our legitimate interests in an effective user information and communication with users in accordance with. Art. 6 Section 1 lit. f. GDPR. The legal basis for processing user info is Art. 6 Section a., Art. 7 GDPR, and this entails the respective providers asking users to consent to data processing (by declaring their agreement, for example, by ticking a check box or clicking on a button to confirm).
Additional information about processing your personal data as well as your revocation options can be found under the links for the respective providers listed below. The assertion of information and further rights of the data subjects can be carried out towards the suppliers, who have direct access to the data of the users and have appropriate information. Naturally, we are available for questions and support if you need help.
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA Data Protection Policy: https://twitter.com/de/privacy
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) Data Protection Policy: https://policies.google.com/privacy
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
PrivacyShield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&s tatus=Active
2. Using social media plug-ins
We currently use the following social media plug-ins: [Facebook, Google+, Twitter,LinkedIn].
Usually, these social plug-ins cause these services to immediately track every visitor to a page, along with their IP address and their other activities carried out while logged in on the Internet. This happens even if the user does not click on one of the buttons.
To prevent this, we use the Shariff method on our homepage. The social media buttons only establish direct contact between the social network and visitors when the user actively clicks on the share button. If the user is already logged in to a social network, then this is done on Facebook and Google+ without opening another window. On Twitter, a pop-up window appears where you can still edit the tweet text.
You can then post on social networks without the networks being able to create complete surf profiles on you. The Shariff method is already widely used to protect users. The impetus for this was an initiative started by www.heise.de, where you can find more information about the current state of the discussion.
In addition, the data specified in Section IV of this declaration will be transmitted. According to Facebook and Xing providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider carries out the data collection, in particular via cookies, we recommend that you use your browser’s security settings to delete all cookies before clicking on the grayed-out box.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing or the retention periods. We also have no information regarding deleting the data that the plug-in provider collects.
The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research and/or needs-based website design purposes. This type of evaluation is carried out in particular (even for users who are not logged in) for the purpose of displaying demand-oriented advertising andto inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting to you as a user. The legal basis for using plug-ins is Art. 6 Section 1 sentence 1 lit. f GDPR.
The data transfer takes place regardless whether you have an account with the plug-in provider and are logged in. If you are logged in to the plug-in provider, your data that we collect will be assigned directly to your existing account with that plug-in provider. If you click the activated button and you link to the page, then the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, so that you can prevent yourself from being assigned to your profile with the plug-in provider.
Please refer to the privacy statements of these providers provided below for more information on the purpose and scope of data collection and its processing by plug-in providers. You will also find further information about your rights and settings options for protecting your privacy.
Addresses for each plug-in service provider and the URL that contains their data privacy information:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php;
for further information on data collection, please go to: http://www.facebook.com/help/186325668085084,
Facebook complies with EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google complies with EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn complies with EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework
3. Integrating with YouTube videos
We have included YouTube videos in our online offering; they are stored on http://www.YouTube.com and are directly playable from our website. These are all included in the “extended privacy mode,” meaning that no data about you as a user will be transferred to YouTube if you are not playing the videos. The data mentioned in Section 2 will be transmitted only if you play the videos. We have no influence on this data transfer.
By visiting the website, YouTube receives information that you have accessed the corresponding sub-page of our website. This happens regardless whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or custom designing its website. This type of an evaluation is carried out (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting to you as a user.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing or the retention periods. Click the link below to receive additional information about your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the US and complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4. Integrating Google Maps
We use Google Maps offer on our website. This allows us to show you interactive maps right on the website and allow you to conveniently use the map feature.
By visiting the website, Google receives the information that you have accessed the corresponding subpage for our website. In addition, the information referred to in Section III of this statement will be transmitted to Google. This is done regardless whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based website design. This type of an evaluation is carried out (even for users who are not logged in) for the purpose of providing appropriate advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, and you must contact Google to exercise this right.
5. Integrating Typekit fonts from Adobe
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Section 1 lit. GDPR), we use external type kit fonts of the provider Adobe Systems Software Ireland Limited, 4 -6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement to comply with European privacy legislation