PRIVACY POLICY

Introduction
Responsible
Processing overview
Relevant legal bases
Security measures
Data processing in third countries
Cookies use
Performance of duties under the Articles of Association or the Rules of Procedure
Contact
Provision of the online offer and web hosting
Newsletter and broad communication
Data deletion
Modification and update of the privacy policy
Rights of the data subjects

1. introduction

With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and, in particular, on our websites, in mobile applications and, if available, within external online presences, such as social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender specific.

Status: November 30, 2021

2. person in charge

Ulrich Bathmann (Chairman of the Board)
German Marine Research Consortium e.V.
Markgrafenstrasse 37
D-10117 Berlin

Authorized representatives: Ulrich Bathmann (Chief Executive Officer), Karen Wiltshire (Deputy Chief Executive Officer), Martin Visbeck (Deputy Chief Executive Officer)

E-mail address: info@deutsche-meeresforschung.de
Imprint: https://www.deutsche-meeresforschung.de/impressum/

3. overview of the processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed:

Inventory data (e.g., names, addresses).
Content data (e.g. text input, photographs, videos)
Contact details (e.g. email, phone numbers).
Meta/communication data (e.g. device information, IP addresses)
Usage data (e.g. web pages visited, interest in content, access times).
Contract data (e.g. subject matter of the contract, term, customer category).
Payment data (e.g. bank details, invoices, payment history)

Categories of persons concerned

Business and Contractual Partners.
Interested parties.
Communication partner.
Members.
Users (e.g., website visitors, users of online services).

Purposes of processing:

Visit Action Evaluation.

Direct marketing (e.g. by e-mail or postal mail).
Contact requests and communication.
Evaluate the effectiveness of marketing efforts.
Reach measurement (e.g. access statistics, recognition of returning visitors).
Tracking (e.g. interest/behavior-related evaluation, use of cookies).
Contractual benefits and service.
Managing and responding to inquiries.

4. relevant legal bases:

In the following, we share the legal basis of the General Data Protection Regulation (GDPR) on the basis of which we process personal data. Please note that in addition to the regulations of the DSGVO, the national data protection regulations in your or our country of residence and domicile may apply.

Consent (Art. 6 para. 1 p. 1 lit. a DSGVO) - The data subject has given his/her consent to the processing of personal data concerning him/her for a specific purpose or purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO) - The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
Safeguarding legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO) - The processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

5. security measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, safeguarding of availability and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

IP address shorteningIf it is possible for us to do so or if it is not necessary to store the IP address, we will shorten your IP address or have it shortened. In the case of IP address shortening, also referred to as "IP masking", the last octet, i.e., the last two numbers of an IP address, is deleted (the IP address in this context is an identifier individually assigned to an Internet connection by the online access provider). The purpose of IP address shortening is to prevent or make it significantly more difficult to identify a person by their IP address.

SSL encryption (https)To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

7. use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after his visit within an online offer. Stored information may include, for example, language settings on a website, login status, or where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following cookie types and functions are distinguished:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.
First-party cookies: First-party cookies are set by ourselves.
Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential or absolutely necessary) cookies: On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
Statistics, marketing and personalization cookiesFurthermore, cookies are generally also used in the context of range measurement and when a user's interests or behavior (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This procedure is also referred to as "tracking", i.e., tracking the potential interests of users. Insofar as we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is your declared consent pursuant to Art. 6 (1) p. 1 lit. a DS-GVO. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DS-GVO (e.g. in a business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

General information on the objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be made by means of a variety of services, especially in the case of tracking, via the web pages http://optout.aboutads.info and http://www.youronlinechoices.com/ be declared. In addition, you can receive further instructions on how to object in the context of the information on the service providers and cookies used.

Processing of cookie data on the basis of consentBefore we process or have processed data in the context of the use of cookies that require consent, we ask users for consent that can be revoked at any time in accordance with Art. 6 (1) p. 1 lit. a DS-GVO. Before the consent has not been expressed, cookies are used at most that are necessary for the operation of our online offer and for the use of which consent does not need to be obtained. Their use is based on our interest and the interest of users in the expected functionality of our online offer according to Art. 6 para. 1 S.1 lit. a) DS-GVO.

8. performance of duties under the Articles of Association or the Rules of Procedure

We process the data of our members, supporters, interested parties, business partners or other persons (collectively "data subjects") if we have a membership or other business relationship with them and perform our tasks and are recipients of services and benefits. In addition, we process the data of data subjects on the basis of our legitimate interests, e.g. when it is a matter of administrative tasks or public relations work.

The data processed in this context, the type, scope and purpose and the necessity of its processing, are determined by the underlying membership or contractual relationship, from which the necessity of any data disclosures also arise (in addition, we refer to required data).

We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. We retain the data for as long as they may be relevant for business processing, as well as with regard to any warranty or liability obligations based on our legitimate interest in regulating them. The necessity of retaining the data is reviewed regularly; in all other respects, the statutory retention obligations apply.

Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of contract, term, customer category).

Affected persons: Users (e.g. website visitors, users of online services), members, business and contractual partners.

Purposes of processing: Contractual performance and service, contact requests and communication, management and response to requests.

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

9. contact

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the information of the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.

The response to contact requests in the context of contractual or pre-contractual relationships is made to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: Communication partner.
Purposes of processing: Contact requests and communication.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

10. provision of the online offer and web hosting

In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed within the scope of the provision of the hosting offer may include all information concerning the users of our online offer, which accrues within the scope of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

Email sending and hostingThe web hosting services we use also include the sending, receiving and storing of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server.

Collection of access data and log filesWe ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.

Types of data processed: Content data (e.g. text input, photographs, videos), usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Affected persons: Users (e.g., website visitors, users of online services).
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

11. newsletter and broad communication

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or a legal permission. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of personal address in the newsletter, or further details, if these are required for the purposes of the newsletter.

Double opt-in procedure: The registration for our newsletter is always done in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections or revocations, we reserve the right to store the e-mail address in a blacklist for this purpose alone.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Notes on legal bases: The newsletter is sent on the basis of the recipients' consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was carried out in accordance with the law.

Contents: Information about us and our activities.

Success measurementThe newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a shipping service provider, from their server. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected.

This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can indeed be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. Rather, we use the analyses to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the measurement of its success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.

A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled, or it must be contradicted.

Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).
Affected persons: Communication partner.
Purposes of processing: Direct marketing (e.g. by e-mail or postal mail).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Possibility of objection (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the above contact options, preferably e-mail, for this purpose.

Mailchimp
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our info letter to network members. This allows us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer.

For this purpose, we share the following personal data with Mailchimp:

E-mail address
[Our email sends include a link to update your personal information].

Mailchimp is a recipient of your personal data and acts as a processor for us as far as the dispatch of our newsletter is concerned. The processing of the data provided under this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.

In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of abuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). Furthermore, Mailchimp evaluates performance data, such as the delivery statistics of emails and other communication data. This information is used to create usage and performance statistics of the services.

Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.

For more information about opting out and opting in to Mailchimp, please visit: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts

The legal basis for this processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. The declaration of revocation does not affect the lawfulness of the processing carried out to date.

Your data will be processed as long as there is a corresponding consent. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.

Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/

12. Data deletion

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection notices of this data protection declaration.

13. modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.

14. rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.
Right of withdrawal for consents: You have the right to revoke any consent you have given at any time.
Right to Information: You have the right to request confirmation as to whether or not data in question is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
Right of rectification: In accordance with the legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately or, alternatively, to demand restriction of the processing of the data in accordance with the statutory provisions.
Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another responsible party.
Complaint to supervisory authority: You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.