We at DECODE take the protection of your personal data very seriously. Personal data are collected only to the extent technically necessary. In no event shall the data gathered be sold or be passed on to third parties for other reasons.
Company: DECODE Marketingberatung GmbH
Address: Postfach 202119, D-20214 Hamburg
Telephone: +49 (0)40 / 227 59 208
Telefax: +49 (0)40 / 492 19 064
We regard it as our primary task to maintain the confidentiality of the personal data provided by you and to protect these data against unauthorised access. For this reason, we apply utmost care and the latest security standards in order to ensure maximum protection of your personal data.
As a private-law company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the Bundesdatenschutzgesetz (BDSG) [German Federal Data Protection Act (GFDPA)]. We have taken technical and organisational measures to ensure that the provisions concerning data protection are observed by us as well as our external service providers.
The legislator demands that personal data be processed in a lawful manner, in good faith and in a way that is comprehensible for the data subject ("lawfulness, processing in good faith, transparency"). To ensure this, we hereby inform you of the individual statutory definitions, which are also used in this Data Privacy Statement:
"Personal data" are any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
"Filing system" means any structured set of personal data accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or another body, to which personal data are disclosed, whether a third party or not. However, public authorities which may possibly receive personal data within the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
The processing of personal data is lawful only if there is a legal basis for the processing. According to Article 6 (1) (a) - (f) GDPR, any of the following, in particular, may form the legal basis for the processing:
a. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c. processing is necessary for compliance with a legal obligation to which the controller is subject;
d. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e. processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller;
f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
(1) Below, we provide information on the gathering of personal data when our website is used. Personal data are, for example, name, address, email addresses, user behaviour.
(2) If you contact us by email, we shall store the data communicated by you (your email address and, if necessary, your name and telephone number) in order to answer your questions. The data arising in this connection shall be erased by us once storage is no longer necessary, or the processing shall be restricted if statutory retention duties apply.
If you use the website merely for information purposes, i.e. you do not register or you do not send us information in some other way, we shall gather the personal data transmitted to our server by your browser. If you wish to view our website, we shall gather the following data that we technically need in order to display our website to you and ensure its stability and security (Art. 6 (1), sentence 1, (f) GDPR is the legal basis):
– IP address
– the date and time of the enquiry
– time zone difference relating to Greenwich Mean Time (GMT)
– the content of the request (specific website)
– access status/http status code
– the respective data quantity transferred
– the website from which the request came
– operating system and its interface
– language and version of the browser software.
(1) By giving your consent, you can subscribe to our newsletter (Science Update) informing you of current topics from the fields of research and marketing.
(2) We use the so-called double opt-in method for registering for Science Update. This means that, once you have registered, we shall send you an email, to the email address given, requesting your confirmation that you wish to receive Science Update.
(3) The provision of your email address is mandatory for the sending of Science Update. The provision of further details is voluntary. Following your confirmation, all data provided shall be stored by us for the purpose of preparing and sending Science Update. Art. 6 (1), sentence 1, (a) GDPR is the legal basis.
(4) You may at any time revoke your consent to the sending of Science Update and unsubscribe from Science Update. You can declare your revocation by clicking on the link provided in each Science Update email, by emailing to firstname.lastname@example.org or by sending a message to the contact details provided in the Legal Notice.
(5) We do not carry out personal tracking; merely anonymised data, e.g. data concerning the opening rate and successful delivery, are gathered, stored and evaluated.
(6) We collaborate with external service providers in order to create and send Science Update. In this respect, your data shall be sent, or made accessible, to these service providers. The service providers shall, in this respect, be prohibited from selling your data or using your data for purposes other than for sending Science Update. We use Clever Elements as newsletter software. Clever Elements is a German, certified provider chosen in accordance with the requirements of the General Data Protection Regulation and the Bundesdatenschutzgesetz. A contract relating to commissioned data processing has been concluded with all external service providers.
In principle, the services that we offer are aimed at adults. Persons under the age of 18 should not send any personal data to us without the consent of their parents or guardians.
Insofar as the processing of your personal data is based on consent given, you shall have the right to revoke your consent at any time. Revocation of your consent shall not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation.
To exercise your right of revocation, you can contact us at any time.
You have the right to demand from the controller confirmation of whether we process personal data concerning you. You can demand this confirmation at any time using the contact details provided above.
Insofar as personal data are processed, you may at any time demand access to these personal data and to the following information:
a. the purposes of the processing;
b. the categories of personal data processed;
c. the recipients, or categories of recipients, to whom the personal data have been disclosed or are yet to be disclosed, in particular recipients in third countries or international organisations;
d. if possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine this period;
e. the existence of a right to rectification or erasure of the personal data concerning you or to restriction of their processing by the controller, or of a right to object to this processing;
f. the existence of a right to lodge a complaint with a supervisory authority;
g. in cases where the personal data have not been gathered directly from the data subject, any available information about the origin of the data;
h. the existence of automated decision-making, including profiling, referred to in Article 22 (1) to (4) GDPR and - at least in these cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences for the data subject of such processing.
If personal data are sent to a third country or to an international organisation, you shall have the right, in accordance with Article 46 GDPR, to be informed of the appropriate safeguards in place relating to the sending of your personal data. We shall make available a copy of the personal data undergoing processing. For any further copies that you request, we may charge a reasonable fee based on the administrative cost. If you make such request electronically, the information shall be made available in a commonly used, electronic format, unless you request otherwise. The right to receive a copy in accordance with subsection 3 shall not impair the rights or freedoms of other persons.
You have the right to demand that we rectify without delay any incorrect personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, also by means of providing a supplementary statement.
You have the right to demand that the controller erase personal data concerning you without delay, and we shall be obliged to erase personal data without delay where one of the following grounds applies:
a. the personal data are no longer needed for the purposes for which they were collected or otherwise processed;
b. the data subject revokes his/her consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing;
c. the data subject objects to the processing in accordance with Article 21 (1) GDPR, and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR;
d. the personal data have been unlawfully processed;
e. erasure of the personal data is required in order to meet a legal obligation in accordance with Union or Member State law to which the controller is subject;
f. the personal data have been collected in relation to an offer of information society services in accordance with Article 8 (1) GDPR.
If the controller has made the personal data public and is obliged to erase the personal data in accordance with subsection 1, the controller shall, taking account of the available technology and the cost of implementation, take appropriate measures, also of a technical nature, to inform controllers processing the personal data that a data subject has requested the erasure by such controllers of any links to, or copies or replications of, those personal data.
The right to be forgotten shall not apply to the extent that the processing is necessary:
– for exercising the right to free speech and to information;
– for fulfilling a legal obligation that requires processing under Union or Member State law that the controller is subject to, or for performing a task carried out in the public interest or in exercise of official authority vested in the controller;
– for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) GDPR;
– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right referred to in subsection 1 is expected to rule out or seriously impair the realisation of the goals of this processing,
– for asserting, exercising or defending legal claims.
You have the right to demand that we restrict the processing of your personal data where one of the following prerequisites is met:
a. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b. the processing is unlawful, and the data subject opposes the erasure of his/her personal data and requests the restriction of their use instead;
c. the controller no longer needs the personal data for the purposes of the processing, but the personal data are required by the data subject for the assertion, exercise or defence of legal claims;
d. the data subject has objected to the processing in accordance with Article 21 (1) GDPR, and it has not yet been established whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted under the aforementioned prerequisites, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
To assert the right to restriction of processing, the data subject may at any time contact us using the contact details provided above.
You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, insofar as:
a. the processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or on a contract in accordance with Article 6 (1) (b) GDPR, and
b. the processing is carried out by automated means.
In exercising your right to data portability under subsection 1, you shall have the right to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible. The exercise of the right to data portability shall not affect the right to erasure ("right to be forgotten"). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.
You shall have the right to at any time object, on grounds relating to your particular situation, to processing of your personal data on the basis of Article 6 (1), (e) or (f) GDPR; this shall also apply to profiling based on those provisions. The controller shall no longer process the personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this shall also apply to profiling to the extent that profiling is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes in accordance with Article 89 (1), you shall, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You can exercise your right to object at any time by contacting the respective controller.
You have the right not to be subject to a decision that is based solely on automated processing, including profiling, and has legal effect on you or similarly significantly impairs you. This shall not apply if the decision:
a. is necessary for the conclusion or performance of a contract between the data subject and the controller;
b. is permissible under Union or Member State law to which the controller is subject and which lays down appropriate measures for safeguarding the data subject's rights and freedoms and legitimate interests; or
c. is based on the data subject's explicit consent.
The controller shall implement appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
The data subject can exercise this right at any time by contacting the respective controller.
Additionally, you shall, without prejudice to any other legal remedy under administrative law or judicial remedy, have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged breach took place, if you are of the opinion that the processing of the personal data concerning you breaches the General Data Protection Regulation.
Without prejudice to any available legal remedy under administrative law or non-judicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR, you shall have the right to an effective judicial remedy where you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation.
(1) This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and enable your use of the website to be analysed. Normally, the information generated by such cookie concerning your use of this website will be transferred to a Google server in the USA and stored there. If IP anonymisation has been activated on this website, your IP address will, however, be truncated beforehand by Google within Member States of the European Union or the European Economic Area. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and truncated there. Google will, on behalf of the operator of this website, use this information to evaluate your usage of the website, put together reports on the website activities and provide the website operator with other services relating to website and Internet usage.
(2) The IP address transmitted by your browser within Google Analytics will not be combined with other Google data.
(3) You can prevent the storage of cookies by setting your browser software accordingly. Please note, however, that you may then possibly be unable to fully use all features of this website. By downloading and installing the browser plugin available at the following link, you will, furthermore, be able to prevent data (including your IP address) generated by such cookie relating to your use of the website from being collected and transmitted to Google and processed by Google: http://tools.google.com/dlpage/gaoptout?hl=de. If your browser does not support plugins, simply click on this link: Opt-out Cookie setzen.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are truncated before they are further processed, thus ruling out the possibility of linking an IP address to a specific individual. Any data collected concerning you that make you personally identifiable shall be immediately excluded, and the personal data shall thus be immediately erased.
(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our services offered and make them more attractive to you as a user. For the exceptional cases where personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Art. 6 (1), sentence 1, (f) GDPR is the legal basis for the use of Google Analytics.
To enable us to ensure for you a uniform and appealing appearance company-wide, we use so-called web fonts for our website. This constitutes a legitimate interest within the meaning of Section 6 (1), (f) GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
The fonts shall be hosted by us ourselves; i.e. they shall not be loaded by an external provider (as is customary in the case of, for example, TypeKit or Google Fonts). In order to comply with the licence, however, it is essential to integrate a tracking pixel from the provider FontShop used by us; this tracking pixel records website visits. In this respect, the following data shall be collected:
The data shall be used by Fontshop exclusively for counting the website visits. All log files collected shall be automatically erased after 30 days. Further information on this can be found here: https://help.fontshop.com/hc/en-us/articles/360000913366-GDPR-compliance
We use external service providers (processors) for the following categories of services: web design & administration, creation/administration/sending of newsletters, hosting, IT services, web font licensing, website statistics. A contract relating to commissioned data processing has been concluded with all service providers in order to ensure the protection of your personal data.