1. Information on the collection of personal data

(1) In this document we provide information on the collection of personal data when using our website. Personal data means all data relating to you personally, e.g. your name, address, email addresses and user behaviour.

(2) The controller in accordance with Art. 4(7) EU General Data Protection Regulation (GDPR) is

Deutsche Gesellschaft für nachhaltiges Bauen – DGNB e.V.

Tübinger Str. 43

70178 Stuttgart

Email: info@dgnb.de

(see our legal notice)

Our data protection officer is available at

email: datenschutz@dgnb.de

or under our postal address with the addition Data Protection Officer.

(3) When you contact us by email or by using a contact form, the data you provide (e.g. your email address, your name and telephone number) will be stored by us in order to respond to your query. We will erase data obtained in this respect once storage is no longer necessary, or we will restrict its processing where statutory safe-keeping obligations apply. But submitting a query, you grant us your consent to data-processing in accordance with Art. 6(1)(a) GDPR.

(4) If we avail ourselves of contractual service providers for the individual functions of our services or if we would like to use your data for advertising purposes, we inform you in detail below about the relevant procedures. In this respect we will also specify the criteria established for the duration of storage.

2. Your rights

(1) You have the following personal data rights in relation to us:

– Right to obtain information

– Right to rectification and deletion

– Right to restriction of processing

– Right to object to processing

– Right to data portability

(2) You are also entitled to submit a complaint to a data protection supervisory authority about our processing of your personal data.

3. Collection of personal data during visits to our website

(1) Where the website is used merely for informational purposes, i.e. if you do not register or otherwise provide information to us, we only collect the personal data transmitted to our server by your browser. If you wish to view our website, we collect the following data that we require for technical reasons in order to show you the website and safeguard its stability and security (legal basis: Art. 6(1)(f) GDPR).

– IP address

– Date and time of the query

– Time zone difference to Greenwich Mean Time (GMT)

– Specific content (webpage) of the query

– Access status/HTTP status code

– Quantity of data transferred in each case

– Website that is the source of the query

– Browser

– Operating system and its interface

– Language and version of the browser software.

(2) In addition to the above-mentioned data, cookies are also stored on your computer when you use our website. Cookies are tiny text files that are stored on your hard disk and attributed to the browser you use, and which enable certain information to flow to the party placing the cookie (in this case, us). Cookies are unable to run programs or transfer viruses to your computer. They serve to render internet products more user-friendly and more effective overall.

(3) Use of cookies:

1. a) This website uses the following kinds of cookies, the scope and functioning of which are explained below:

–    Session cookies – (b) below

–    Permanent cookies – (c) below

1. b) Session cookies are deleted automatically when you close your browser. Session cookies store a so-called session ID which enables various queries from your browser to be attributed to a specific session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
2. c) Permanent cookies are deleted automatically after a pre-set period which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
3. d) You can adjust your browser settings as you wish and may, for example, refuse to accept cookies. However, we would like to point out that you may be unable to use all functions of this website.
4. e) We use cookies in order to identify you on subsequent visits if you have an account with us. Otherwise you have to log in again for each visit.
5. f) The Flash cookies in use are not registered by your browser but by your Flash plug-in. We also use HTML5 storage objects that are placed on your computer. These objects store the necessary data irrespective of your browser and have no automatic expiry date. If you do not want the Flash cookies to be processed, you have to install a corresponding add-on, e.g. Better Privacy for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by adjusting your browser to private mode. We also recommend the regular manual deletion of your cookies and of the browser history.

4. Other functions and offers on our website

(1) In addition to use of our website merely for informational purposes, we offer various services that you may use in case of interest. To this end you generally have to provide further personal data that we use in order to provide the relevant services and to which the above-mentioned data-processing principles apply.

(2) In some cases we use external service providers in order to process your data. Such service providers are carefully selected and commissioned by us, they are bound by our directives and undergo regular checks.

(3) We may also forward your personal data to third parties if the conclusion of contracts or similar services are offered by us together with partners. Further information will be available when you provide your personal data or below in the description of the services offered.

(4) Insofar as our service providers or partners have their registered office in a country outside the European Economic Area, we will inform you about the relevant consequences in the description of the services offered.

5. Objection to or revocation of processing of your data

(1) If you have granted your consent to the processing of your data, you may revoke such consent at any time. Revocation affects the lawful processing of your personal data after it has been expressed to us by you.

(2) Insofar as our processing of your personal data is based on a balancing of interests, you may object to such processing. This is the case especially if the processing is not necessary for the fulfilment of a contract with you, which is explained by us individually in the following description of the functions. When submitting such an objection, please state the reasons why we should not process your personal data in the manner in which we did. If your objection is well-founded, we will investigate the situation and will either discontinue or modify the data-processing, or we will present compelling reasons meriting protection, on the basis of which we will continue the processing.

(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You may notify us of the objection raised against use for advertising purposes using the following contact details: Deutsche Gesellschaft für nachhaltiges Bauen – DGNB e.V. , Data Protection Officer, Tübinger Str. 43, 70178 Stuttgart, email: datenschutz@dgnb.de.

6. Use of blog functions

(1) You can make public comments in our blog, which we use to publish various articles on themes concerning our activities. Your comment will be published next to the article, together with the username you provide. We recommend using a pseudonym instead of your real name. It is necessary to provide your username and an email address; all other information is provided voluntarily. When you publish a comment, we will also store your IP address, which we delete after one week. Storage is necessary so that we can defend ourselves against liability claims in case of the potential publication of unlawful content. We require your email address in order to contact you if a third party complains that your comment is unlawful. The legal basis for this is Art. 6(1)(b) and (f) of the EU General Data Protection Regulation. Comments are not moderated before being published. We reserve the right to delete comments if third parties complain that they are unlawful.

(2) When writing your comment, you can select our email service by ticking the box. This means you will be informed if other users comment on the article. We use the double opt-in procedure for this service, i.e. you will receive an email in response to which you have to confirm that you are the owner of the email address and wish to receive the notifications. You can cancel notifications at any time by activating the link contained in the email. Your personal data, including your email address, the date and time of registration for the service and your IP address will be stored by us until you cancel the notification service.

10. Use of Matomo (formerly Piwik)

(1) This website uses the web analysis service Matomo in order to analyse and improve the use of our website at regular intervals. The statistics obtained help us to improve our products and make them more interesting to you as the user. The legal basis for the use of Matomo is Art. 6(1)(f) of the EU General Data Protection Regulation.

(2) Cookies are stored on your computer for analysis purposes (see further details under 3 above). The information thus collected is stored by the controller solely on a server located in Germany. The analysis can be stopped by deleting existing cookies and by preventing the storage of cookies. We would like to point out that if you prevent the storage of cookies, you might not be able to use all features of this website. You can prevent the storage of cookies by changing the settings of your browser.

(3) This website uses Matomo with the AnonymizeIP add-on. This means that IP addresses are processed in abbreviated form, thus excluding direct attribution to a specific person. The IP address communicated by your browser using Matomo is not combined with other data collected by us.

(4) Piwik is an open source project program. Information from the third-party provider on data privacy is available at http://piwik.org/privacy/policy.

 

11 Use of social media plug-ins

(1) We currently use the following social media plug-ins: Facebook, Twitter, Xing, LinkedIn. In this respect we use the so-called 2-click solution. This means that when you visit our website, as a matter of principle no personal data is initially passed to the providers of these plug-ins. The plug-in provider can be identified by the marking on the box above its initials or by the logo. We enable you to communicate directly with the plug-in provider using the button. If, and only if, you activate the highlighted button, the plug-in provider receives a notification that you have visited the relevant page of our website. In addition, the data mentioned under 3 of this Policy is communicated. As regards Facebook and Xing, according to the respective provider, the IP address is anonymised immediately after being collected in Germany. Hence, by activating the plug-in, personal data concerning you is transmitted to and stored by the relevant plug-in provider (in the USA where US providers are concerned). Since the plug-in provider collects data using cookies in particular, we recommend that you delete all cookies via the security settings of your browser before clicking on the grey box.

(2) We have no influence over the data collected or over the data-processing as such, nor are we aware of the full extent of data collection, the purposes of processing and the storage periods. We also have no information about the deletion of the data collected by the plug-in provider.

(3) The plug-in provider stores your personal data as user profiles and uses it for advertising and market research purposes and/or to design its website based on user preferences. Such an analysis is conducted especially (for unlogged users as well) in order to present advertising based on user preferences and in order to inform other users of the social network about your activities on our website. You are entitled to object to the compilation of such user profiles, and to do so you have to contact the relevant plug-in provider. By using plug-ins, we enable you to interact with social networks and other users so that we can improve our products and make them more interesting to you as the user. The legal basis for the use of plug-ins is Art. 6(1)(f) of the EU General Data Protection Regulation.

(4) Sharing data does not depend on whether you have an account with or are logged-in at the plug-in provider. If you are logged-in at the plug-in provider, your personal data collected here will be directly attributed to your account at the plug-in provider. If you click on the activated button and, for example link the page, the plug-in provider will also store this information in your user account and will disclose it publicly to your contacts. We recommend that you log-out regularly once you have used a social network, in particular before activating the button, in order to avoid attribution to your profile at the plug-in provider.

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider is available in the data privacy declarations of such providers as referenced below. They also contain further information regarding your rights and settings options in this respect in order to protect your privacy.

(6) Addresses of the relevant plug-in providers and URL containing data privacy information:

1. a) [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2. b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
3. c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
4. d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

12. Incorporation of YouTube videos

(1) We have integrated YouTube videos into our online product, which are stored at http://www.YouTube.com and can be viewed directly from our website. The videos are all integrated using “extended data privacy modus”, i.e. data about you as a user will only be transferred to YouTube if you view the videos. Only when you view the videos will the data mentioned in para. 2 be transferred. We have no influence over this transfer of data.

(2) When you visit the website, YouTube is informed that you have visited the relevant subpage of our website. In addition, the data mentioned under 3 of this Policy is communicated. This does not depend on whether or not YouTube makes a user account available, via which you are logged-in. If you are logged in at Google your data will be directly attributed to your account. If you do not want attribution to your profile by YouTube, you have to log out before activating the button. YouTube stores your data as a user profile and uses it for advertising and market research purposes and/or to design its website based on user preferences. Such an analysis is conducted especially (even for unlogged users) in order to present advertising based on user preferences and in order to inform other users of the social network about your activities on our website. You are entitled to object to the compilation of such user profiles, and to do so you have to contact YouTube.

(3) Further information on the purpose and scope of data collection and its processing by YouTube is available in the data privacy declaration. This also contains further information regarding your rights and settings options in this respect in order to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

13 Incorporation of OpenStreetMap

(1) This website has an incorporated map showing the location of our association and our institutions. The map uses data from OpenStreetMap, a free project with the aim of collecting freely utilisable geo-data and making it available in a database for general use (open data). In order to display the map to you, information about use of the website including your IP address is communicated to OpenStreetMap. These services are operated by OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, on behalf of the OSM community.

(2) In order to display the map for you, information about use of the OSM services is communicated to OpenStreetMap. In addition, a so-called session cookie is stored on the visitor’s computer. Details can be found in the section on Cookies. Information on how OpenStreetMap stores your data can be found at:  www.wiki.openstreetmap.org/wiki/privacy