BIOCTANE takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.
I. Name and address of the controller
The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:
aireg Executive Board: Siegfried Knecht (Chairman of the Executive Board), Uwe Gaudig (Deputy Chairman of the Executive Board), Prof. Dr.-Ing. Martin Kaltschmitt (Deputy Chairman of the Executive Board), Melanie Form (Member of the Executive Board, Managing Director), Prof. Dr.-Ing. Manfred Aigner (President, Science and Research), Prof. Dr. Jürgen Ringbeck (President Industry and Aviation)
aireg – Aviation Initiative for Renewable Energy in Germany e.V.
Telefon: +49 (0) 40 42878 4831
II. Provision of the website and generation of log files
a) Description and scope of data processing
Our system automatically collects data and information from the accessing computer system each time our website is visited.
The following data is collected in this context:
- Information about the browser type and version
- The user’s operating system
- The user’s Internet Service Provider
- The user’s IP address
- The date and time of access
- Referrer website(s)
- Websites accessed by the user from our website
The data is also stored in log files kept on our system. This data is not stored together with other personal data concerning the user.
b) Legal grounds for data processing
The legal grounds for temporary storage of the data and log files are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).
c) Purpose of data processing
Temporary storage of the IP address by our system is necessary to deliver the website to the computer of the user. For this purpose, the user’s IP address must be stored for the duration of the session.
Storage in log files takes place to ensure functionality of the website. In addition, the data is used to optimise the website and to ensure security of our Information Technology systems. Data analysis for marketing purposes does not take place in this context.
The BIOCTANE website collects a variety of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in server log files. The data and information collected include the (1) browser types and versions; (2) the operating system used by the accessing system; (3) the website from which the accessing system arrives on our website (the referrer); (4) the sub-pages visited by the accessing system; (5) the date and time of accessing our website; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system and (8) other similar data and information that is used to protect against risks in the case of attacks on our Information Technology systems.
aireg does not draw any conclusions about the identity of the data subject during use of this general data and information. Instead, this information is necessary to (1) deliver the contents of our website in their correct form; to (2) optimise the contents of our website and promote it; to (3) guarantee the permanent functionality of our information technology systems and equipment used for our website; and to (4) provide the information necessary for law enforcement organisations to investigate cyber-attacks. This anonymous data and information is analysed by aireg, firstly for statistical purposes, and secondly with the objective of increasing data protection and data security at our research centre, and hence to achieve an optimum level of protection for the personal data processed by us. The anonymous data contained in the server log files is stored separately from all other personal data concerning the data subject.
These purposes justify our legitimate interests in data processing according to Art. 6, paragraph 1, part (f) of the GDPR.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of this website, this applies at the end of each session.
In the case of data stored in log files, this occurs after no longer than seven days. Further storage is possible; in these cases, the users’ IP addresses are deleted or pseudonymised to prevent any association with the accessing client.
e) Right to objection and removal
The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.
a) Description and scope of data processing
The following data can be transferred in this way:
- Search terms entered
- Frequency of page access
- Usage of website functions
Technical measures are implemented to pseudonymise the data collected from users in this way. It is therefore not possible to associate the data with the accessing user. The data is not stored together with other personal data concerning the user.
Section IX contains a detailed description of data processing in connection with the web analysis tools that we use.
b) Legal basis for data processing
i. The legal grounds for the processing of personal data using technically necessary cookies are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).
ii. The legal grounds for the processing of personal data using cookies for analysis purposes with consent of the user are set out in Art. 6, paragraph 1, part (a) of the GDPR.
c) Purpose of data processing
The user data collected with technically necessary cookies is not used to produce user profiles.
Analysis cookies are used to improve the quality of our website and its contents. Through the use of analysis cookies, we find out how the website is used and are therefore able to optimise our service continuously. A more precise description is contained under Section IX of this document.
These purposes represent our legitimate interest in processing personal data according to Art. 6, paragraph 1, part (f) of the GDPR.
e) Duration of storage; right to objection and removal
The data subject can adjust the settings of the Internet browser at any time to prevent our website from placing cookies as described, and therefore block cookies on a permanent basis. In addition, the browser or other software programs can be used to delete cookies that have already been placed at any time. This is possible with all standard Internet browsers. The data subject may not be able to use the full functionality of our website if cookies are disabled in the active Internet browser.
You can change the settings of your Internet browser to disable or restrict the transfer of cookies at any time. Cookies that have already been placed on your computer can be deleted at any time. This can take place automatically. Disabling cookies may prevent you from using the full functionality of our website.
IV. E-Mail Newsletter
The controller has integrated components of the enterprise Convertkit on this website. Convertkit is an E-Mail newsletter service povider.
a) Description and scope of data processing
Visitors to our website have the option of subscribing to a free newsletter. The data entered in the input screen while registering for the newsletter is transmitted to us.
The form requests the subscriber’s name and email address:
- First name
- Last name
- Email address
The following data are also collected during registration and stored in the database:
- First and last Name
- E-Mail address
- GDPR consent status
- Subscribtion Status (Subscribed, Activated, Unsubscribed)
- Subscription Date, Subscription Place, Unsubscribe-Date
Your consent to the processing of data is obtained during the registration process, and you are referred to this Privacy Notice.
No data is transferred to third parties in connection with data processing for delivery of the newsletter. The data is used exclusively to deliver the newsletter.
b) Legal basis for data processing
The newsletter is delivered based on registration by the user on our website. The legal basis for processing of the data after registration for the newsletter is, upon receipt of consent by the user, set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
c) Purpose of data processing
The user’s email address is collected in order to deliver the newsletter.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. Therefore, the user’s email address and first and family names will be stored for as long as the newsletter subscription remains active.
e) Right to objection and removal
The data subject can unsubscribe to the newsletter at any time. Each newsletter includes a suitable link.
V. Use of Social media:
We maintain online presences on the social networks Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland), and LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) to inform you and communicate with you via these platforms. You can access our social media channels via corresponding links on our websites. As soon as you access the respective social media channels in the respective network, the terms and conditions and data processing information of the respective operators apply there.
If you follow such a link, a connection to the Twitter or LinkedIn servers is established. This transmits to the Twitter or LinkedIn server the IP address with which you visited our website.
If you are logged in as a member of Twitter or LinkedIn, Twitter or LinkedIn assign this information to your personal user accounts of these platforms. You can prevent the transmission of this data by logging out of your personal Twitter or LinkedIn account before using our websites.
VI. Use of Convertkit
The controller has integrated components of the enterprise Convertkit on this website. Convertkit is a E-Mail newsletter service povider.
The operating company of Convertkit is Convertkit, LLC, 113 Cherry St #92768, Seattle, WA, 98104-2205, United States. As soon as you access the Convertkit website, the terms and conditions and data processing information of the respective operators apply there.
The data protection guideline published by Convertkit, which is available at https://convertkit.com/privacy, provides information about the collection, processing and use of personal data by Convertkit. It also explains which setting options Convertkit offers to protect the privacy of the data subject. In addition, a variety of applications are available that enable the prevention of data transfer to Facebook. These applications may be used by the data subject to prevent data transmission to Facebook.
VII. Rights of the data subject
Where personal data concerning you is processed, you are the data subject as defined in the EU General Data Protection Regulation (GDPR) and you have the following rights with respect to the controller:
a) Right to information
You have the right to obtain from the controller confirmation of whether personal data concerning you is processed by us.
Where such processing takes place, you have the right to obtain the following information from the controller:
- the purposes for which the personal data is processed;
- the categories of personal data that is processed;
- the recipients, or categories of recipients to whom the personal data relating to you has been or will be disclosed;
- the planned duration of storage of the personal data concerning you, or the criteria applied to defining the duration of storage if precise information in this regard is not available;
- the existence of a right to correction or deletion of the personal data concerning you, the right to restrict processing by the controller or the right to object to this processing;
- the right to lodge a complaint with a supervisory authority;
- all information available concerning the origins of the data if the personal data was not collected from the data subject;
- the existence of an automated decision-making process, including profiling, according to Art. 22 paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic and implications involved, as well as on the intended effects of this kind of processing on the data subject;
- You also have the right to obtain information on whether the personal data concerning you has or will be transferred to a third country or to an international organisation. In this regard, you are entitled to request information on the appropriate guarantees in place with regard to this processing in accordance with Art. 46 of the GDPR.
The controller will provide a copy of the personal data that is subject to processing. Where you request additional copies, the controller is entitled to charge an appropriate fee based on administrative costs. If you place the application by electronic means, the information will be made available in a standard electronic format, except where otherwise specified by you. The right to receive a copy in accordance with paragraph 3 of this section must not adversely affect the rights and freedoms of other persons.
b) Right to correction
As a data subject, you have the right to request from the controller the correction of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c) Right to limit processing
You have the right to request from the controller restriction of processing of personal data concerning you under the following conditions:
- where the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the deletion of the personal data, and instead request the restriction of its use;
- the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
- if you have objected to processing pursuant to Art. 21, paragraph 1, of the GDPR, pending the verification of whether the legitimate reasons of the controller override your reasons.
Where processing of the personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where you have obtained restriction of processing under the conditions set out above, you will be informed by the controller before the restriction of processing is lifted.
d) Right to deletion
Obligation to delete
You have the right to request the controller to delete personal data concerning you without undue delay, and the controller will be obliged to delete personal data immediately where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based according to part (a) of Art. 6, paragraph 1, or part (a) of Art. 9, paragraph 2 of the GDPR, and there is no other legal basis for the processing;
- you object to the processing pursuant to Art. 21, paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21, paragraph 2 of the GDPR;
- the personal data concerning you has been unlawfully processed;
- the personal data has to be deleted to comply with a legal obligation under a Union or Member State law to which the controller is subject;
- The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8, paragraph 1 of the GDPR.
Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17, paragraph 1 of the GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, is required to take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested to be deleted by such controllers, as well as any links to, copies or replications of such personal data.
The right to deletion does not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation under Union or Member State law to which the controller is subject or for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with parts (h) and (i) of Art. 9, paragraph 2 and Art. 9, paragraph 3 of the GDPR;
- for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89, paragraph 1 of the GDPR, insofar as the rights referred to in section (a) are likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
e) Right to notification
Where you have exercised the right to correction, deletion or restriction of processing with the data controller, the data controller shall be obliged to notify all recipients to whom the personal data concerning you was disclosed of this correction or deletion of data or of the restriction of processing, except where compliance proves to be impossible or is associated with a disproportionate effort.
In addition, you are entitled to require that the data controller inform you about these recipients.
f) Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transfer that data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to part (a) of Article 6, paragraph 1 or part (a) of Article 9, paragraph 2 of the GDPR or in a contract pursuant to part (b) of Art. 6, paragraph 1 of the GDPR; and
- the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons.
The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to object
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on parts (e) or (f) of Art. 6, paragraph 1 of the GDPR; this includes profiling based on those provisions.
The controller shall no longer process the personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object, at any time, to the processing of personal data concerning you for the purpose of such marketing. This applies also to profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding directive 2002/58/EC, you may exercise your right to object by automated means that use technical specifications.
Where personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89, paragraph 1 of the GDPR, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, except where the processing is necessary for the performance of a task carried out for reasons of public interest.
Should you wish to exercise your right to withdraw consent or to object, please send an email to firstname.lastname@example.org.
h) Right to withdraw consent pursuant to Art. 7, paragraph 3 of the GDPR
You have the right to withdraw your consent to the processing of data at any time, with future effect. In the event that you withdraw consent, we will delete the data concerned immediately, except where processing can be based on legal grounds that do not require consent. The withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal of consent.
i) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly significantly affects you.
This does not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and the data controller;
- is authorised by Union or Member State law to which the controller is subject and which also contains suitable measures to safeguard your rights, freedoms and legitimate interests; or
- is based on your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art 9, paragraph 1 of the GDPR, unless parts (a) or (g) of Art. 9, paragraph 2 of the GDPR applies and suitable measures to safeguard your rights, freedoms and legitimate interests are in place.
In the cases referred to in parts (1) and (3), the data controller is required to implement suitable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
j) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your normal residence, you place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged is required to inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78.