Section 1 Information on the collection of personal data
(1) The following information provides details on what personal data are collected when you access our website. The term ‘personal data’ refers to all data that relates to you personally, e.g. name, address, email addresses, user behaviour.
(2) Responsibility for the processing of personal data lies with
Bundesministerium für Wirtschaft und Energie (Federal Ministry for Economic Affairs and Energy)
Postal address: 11019 Berlin
Tel.: +49 (0)30 186150
This website is operated on behalf of the ministry by Institut der deutschen Wirtschaft Köln, Kompetenzfeld Bildung, Zuwanderung und Innovation, Postfach 10 19 42, 50459 Cologne 0221 4981-833, email: make-it(at)iwkoeln.de.
If you have any specific questions about the protection of your data at the Federal Ministry for Economic Affairs and Energy, please contact the ministry’s Data Protection Officer:
Beauftragte für den Datenschutz im BMWi
(3) If you contact us via email or by using an online contact form, we will save the data you provide (email address, in certain cases your name and telephone number) in order to answer your question/s. The data collected in such cases will be deleted once it no longer needs to be stored or, in the case that we have a legal obligation to retain it, processing of this data will be restricted.
(4) Regarding cases in which we use third-party providers to provide individual service functions or wish to use your data for advertising purposes, we inform you about the individual processes involved below. We also set out the criteria used to determine the period of time for which your data are stored.
Legal basis for the processing of personal data
The Federal Ministry for Economic Affairs and Energy processes personal data as it carries out the tasks of public interest that are assigned to it. These public duties particularly include public relations work, which also involves providing information for the public on this website. The processing of personal data in this context is based on Art. 6 (1) (e) General Data Protection Regulation (GDPR) in conjunction with the relevant national or European standards, or in conjunction with Section 3 of the Federal Data Protection Act. The same applies to applications made to the Federal Ministry for Economic Affairs and Energy, the processing of which requires the ministry to process personal data (e.g. applications for funding or for access to information under the German Freedom of Information Act, the Environmental Information Act or press law). Insofar as the processing of personal data is, in individual cases, required in order to fulfil a legal obligation, this is based on Article 6 (1) (c ) GDPR in conjunction with the relevant legal provisions under which the legal obligation arises.
Insofar as we obtain the consent of the data subject to process his/her personal data, this is based on Art. 6 (1) (a) GDPR.
In individual cases, the processing of personal data required for the performance of a contract to which the data subject is a party is based on Art. 6 (1) (b) GDPR. This also applies to processing operations necessary for the implementation of pre-contractual measures. As a contracting party under civil law, the Federal Ministry for Economic Affairs and Energy is particularly active in the field of personnel recruitment and procurement.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, this is based on Art. 6 (1) (d) GDPR.
Section 2 Your rights
You have the following rights with regard to the personal data concerning your person:
- Right of access, Art. 15 GDPR
The right of access confers on the data subject a comprehensive right of access to the data concerning his/her person and to certain important information-related criteria, such as the purposes for which it is processed or the duration for which it will be stored. The exceptions to this right regulated in Section 34 Federal Data Protection Act apply.
- Right to rectification, Art. 16 GDPR
The right of rectification includes the possibility for the data subject to have inaccurate personal data corrected.
- Right to erasure, Art. 17 GDPR
The right to erasure includes the possibility for the data subject to have data deleted by the party responsible. However, this is only possible if the personal data concerning his/her person are no longer needed, are processed unlawfully or if the relevant consent has been revoked. The exceptions to this right regulated in Section 35 Federal Data Protection Act apply.
- Right to restriction of processing, Art. 18 GDPR
The right to restrict the processing includes the possibility for the data subject to prevent further processing of personal data concerning his/her person for the time being. A restriction particularly occurs pending verification of the exercise of other rights of the data subject.
- Right to object to collection, processing and/or use, Art. 21 GDPR
The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data, insofar as this is justified by the exercise of public functions or of public or private interests. The exceptions to this right regulated in Section 36 Federal Data Protection Act apply.
- Right to data portability, Art. 20 GDPR
The right to data portability includes the possibility for the data subject to obtain the personal data concerning his/her person from the person responsible in a standard, machine-readable format, in order to be able to forward them to another person responsible if necessary. According to Art. 20 (3) sentence 2 GDPR, however, this right does not apply if the data processing serves the performance of public tasks.
- Right to revoke consent, Art. 13 and 14 GDPR
If personal data is processed on the basis of consent, the data subject may revoke such consent at any time for the purpose for which it was given. The lawfulness of the processing undertaken on the basis of this consent remains unaffected until receipt of the revocation.
You can assert the aforementioned rights in writing using the contact details set out in Section 1.
Pursuant to Art. 77 GDPR, you also have the right to appeal to the data protection supervisory authority: the Federal Commissioner for Data Protection and Freedom of Information.
You can also contact the Data Protection Officers under Section 1 if you have any questions or complaints
Section 3 Collection of personal data when you visit our website
(1) If you use this website for purely informational purposes, i.e. you do not register or provide us with information in any other way, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you, to guarantee its stability and ensure it remains secure (based on Art. 6 (1) sentence 1 (f) GDPR):
- IP address
- Date and time of the request
- Time-zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- Operating system and interface
- Language and version of the browser software
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard drive which are assigned to the browser you are using and through which certain information flows to the location that has set the cookie (in this case, to us). Cookies cannot launch and operate programmes or transmit viruses to your computer. They serve to make internet services more user-friendly and efficient.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. This particularly includes session cookies. These store a ‘session ID’, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised again when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies via the security settings for your browser at any time.
d) You can configure your browser settings according to your wishes and, for example, refuse to accept all third-party cookies or all cookies in general. We draw your attention to the fact that depending on which settings you select, you may not be able to use all the functions of this website.
e) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects store the required data regardless of the browser you are using, and do not have a date on which they automatically expire. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, such as Better Privacy for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in private mode. We also recommend that you delete your cookies and browser history manually on a regular basis.
Section 4 Other functions and services on our website
1) In addition to making our website available to you for purely informational purposes, we also offer various services that you can use should you be interested in doing so. In order to use these, you will generally have to provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by ourselves, are bound by the instructions we give them, and are checked regularly.
(3) We may also disclose your personal information to third parties when we offer promotions, competitions, contracts or similar services in conjunction with partners. You will receive further information on this when you enter your personal data or can find this in the description of the details of the specific service.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about any consequences of this in the description of the service provided.
Section 5 Filing an objection/revoking consent to our processing your data
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Once you have revoked your consent, the permissibility of your personal data being processed is altered.
(2) Insofar as we base the processing of your personal data on a weighing up of interests, you may file an objection to us carrying out this processing. This is the case if the processing of this data is, in particular, not necessary in order to fulfil a contract with you, which is indicated by us in each case. In the event that you wish to file an objection, we ask you to explain the reasons why we should cease to process your personal data. If you then file an objection in which you state the relevant reasons, we will examine the facts and either discontinue or adapt the processing or will set out compelling reasons as to why we will continue to process the data concerned.
(3) You may, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to the processing of your personal data for advertising purposes by writing to us at the following: Institut der deutschen Wirtschaft Köln, Kompetenzfeld Bildung, Zuwanderung und Innovation, Postfach 10 19 42, 50459 Cologne, tel.: +49 (0)221 4981-833, email: make-it(at)iwkoeln.de.
Section 6 Newsletter
(1) By providing the relevant consent, you can subscribe to our newsletter.
(2) Registration for our newsletter is based on a double opt-in procedure. This means that after you register, we will send an email to the email address provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to document your registration and, if necessary, to investigate any possible misuse of your personal data.
(3) Your email address is the only mandatory piece of information required for receiving the newsletter. Provision of further data, marked separately, is voluntary and enables us to address you personally. After receiving your confirmation, we save your email address for the purpose of sending you the newsletter. This is based on Art. 6 (1) sentence 1 (a) GDPR.
(4) You can revoke your consent to our sending you the newsletter at any time and unsubscribe. You can notify us of your revocation by clicking on the link which is provided in every newsletter email, by sending an email to make-it(at)iwkoeln.de or by sending a message using contact details set out in the print credits.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. In order to conduct this evaluation, the emails sent contain web beacons or tracking pixels, which are one-pixel image files stored on our website. The evaluations involve linking the data mentioned in Section 3 and the web beacons with your email address and an individual ID. The data is exclusively collected using a pseudonym, so the IDs are not linked to your other personal data, making it impossible for them to be related back to a specific individual.
You may object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another channel. The information is stored for as long as you subscribe to the newsletter. If you unsubscribe, the information we store about your previous registration is purely statistical and anonymous.
(6) To send out the newsletter and collect tracking data, we use services provided by Cleverreach. You can find further information on the third party provider’s data protection at https://www.cleverreach.com/de/funktionen/datenschutz/eu-dsgvo/?tl=o8ejlo-aw_dsgvo_cr
Section 7 Use of Matomo
(1) This website uses Matomo web analysis services to analyse and regularly improve the use of our website. The statistics obtained will enable us to improve our services and make them more useful and attractive to you as a user. The use of Matomo is based on Art. 6 sentence 1 (f) GDPR.
(2) In order to undertake this evaluation, cookies (more details in Section 3) are stored on your computer. The party responsible stores the information collected in this way on its server in [Germany] only. You can influence the evaluation by deleting existing cookies and preventing cookies from being stored. If you prevent cookies from being stored, we point out that you may not be able to use this website in its entirety. You can prevent cookies from being stored via your browser settings. You can prevent Matomo from being used by removing the following tick and activating the opt-out plug-in:
3) This website uses Matomo along with the extension AnonymizeIP. This means that IP addresses are further processed in a shortened form and, in turn, that personal data cannot be related back to a specific individual. The IP address transmitted by your browser via Matomo is not merged with any other data we collect.
(4) Matomo is an open source programme. You can find information on data protection undertaken by the third party provider at https://matomo.org/privacy-policy/
Section 8 Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Twitter, Whatsapp, email and LinkedIn.
We use a two-click solution for this. This means that when you visit our site, as a basic rule, no personal data is passed on to the providers of the plug-ins. You can see who the provider of the plug-in is by looking at the name given in the title line or by hovering the mouse over the logo or the button. We have made it possible for you to communicate directly with the provider of the plug-in by providing a button. The plug-in provider will only receive information that you have accessed the relevant page of our online service if you click on and thereby activate the marked field. In addition, the data mentioned under Section 3 of this declaration will also be transmitted.
According to information provided by the respective providers of Facebook and Xing in Germany, IP addresses are made anonymous immediately after they are collected. By activating the plug-in, your personal data are transferred to the respective plug-in provider and stored by them at their location (e.g. in the case of US providers, this information is stored in the USA). As the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.
(2) We have no influence on the data collected and the data processing operations used, nor are we aware of the full scope of data collection, the purposes of processing, or the periods of data retention. In addition, we do not have any information relating to deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or needs-based website design. This data (including that of users who are not logged in) is evaluated in particular in order to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and can exercise this right by contacting the respective plug-in provider. The plug-ins make it possible for you to interact with social networks and other users and thereby enable us to improve the services we offer and make them more attractive and useful to you as a user. The use of plug-ins is based on Art. 6 sentence 1 (f) GDPR.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in with them. If you are logged in with the plug-in provider, the data that we collect about you will be directly assigned to your existing account with this provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, as this allows you to avoid data about you being assigned to your profile at the plug-in provider.
(5) Further information on the scope of data collection and processing by the plug-in provider and on the purposes for which it is used can be found in the following data protection statements published by these providers. These also contain further information on associated rights and on the different privacy protection settings that are available.
(6) The addresses of the respective plug-in providers and the URLs where their data protection information can be found are as follows:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/. Google has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
Section 9 Embedding of YouTube videos
(1) We have embedded YouTube videos on our website which are stored at www.YouTube.com and can be played directly from our website. These are all embedded in the extended data protection mode, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. The data referred to in paragraph 2 are transmitted only if you play the videos. We have no influence on the transmission of this data.
(2) If you visit the website, YouTube receives the information that you have accessed the corresponding page of our website. In addition, the data mentioned under Section 3 of this declaration will also be transmitted. This occurs regardless of whether you have a YouTube user account that you are logged in to, or whether you do not have such an account. When you are logged in to Google, your information will be directly associated with your account. If you do not wish your profile to be associated with YouTube, you must log out before activating the button. YouTube stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or needs-based website design. This data (including that of users who are not logged in) is evaluated in particular in order to develop targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and can exercise this right by contacting YouTube.
(3) Further information on the scope of data collection and processing undertaken by YouTube and on the purposes for which it is used can be found in its data protection statement. This also contains further information on your rights and on the different privacy protection settings that are available: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield,
Section 10 Embedding of Google Maps
(1) This website also uses services provided by Google Maps. This enables us to display interactive maps directly on our website and provides you with easy access to the map functions.
(2) If you visit the website, Google receives the information that you have accessed the corresponding page of our website. In addition, the data mentioned under Section 3 of this declaration will also be transmitted. This occurs regardless of whether you have a Google user account that you are logged in to, or whether you do not have such an account. When you are logged in to Google, your information will be directly associated with your account. If you do not wish your profile to be associated with Google, you must log out before activating the button. Google stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or needs-based website design. This data (including that of users who are not logged in) is evaluated in particular in order to develop targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and can exercise this right by contacting Google.
(3) Further information on the scope of data collection and processing by the plug-in provider and on the purposes for which it is used can be found in the data protection statements published by the provider. These also contain further information on associated rights and on the different privacy protection settings that are available: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Section 11 Use of Google Adwords conversion
We use advertising media services provided by Google Adwords to raise the profile of our website on external websites. By evaluating the data collected through advertising campaigns, we can determine how successful the individual advertising measures are. Through this, we aim to be able to display advertising which is of interest to you, to make our website more attractive to you personally, and to calculate advertising costs fairly.
(2) These advertising media services are provided by Google via so-called ad servers. In order to make use of these services, we use ad server cookies, which can be utilised to measure certain parameters such as ads display or the number of clicks gained. If you access our website via a Google ad, Google Adwords stores a cookie on your computer. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The analysis values usually stored for this cookie are a unique cookie ID, the number of ad impressions per page impression (frequency), last impression (relevant for post-view conversions) and opt-out information (a marker identifying that the user no longer wishes to be addressed).
(3) These cookies enable Google to re-recognise your internet browser. If a user visits certain pages of a website operated by an AdWords client and the cookie stored on the user’s computer has not yet expired, both Google and the AdWords client are able to identify that the user clicked on the ad and was directed to that page. Every AdWords client is assigned a different cookie. This means that cookies cannot be traced via the websites of Adwords customers. We ourselves do not collect and process any personal data as part of the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the advertising media we use, which means that we are unable to determine users’ identities.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope of the data collected by Google through the use of this tool and on how it is used. We therefore provide you with the following information according to the state of our knowledge: Through the embedding of Google AdWords conversion, Google receives the information that you have called up a specific page of our website or have clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and save your IP address.
(5) You can prevent yourself from being included this tracking procedure in various ways, as follows:
a) by managing your browser software settings accordingly, in particular by disabling third party cookies, you will not receive any advertising from third parties;
b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com, www.google.de/settings/ads, although it should be noted that this setting will be deleted if you delete your cookies;
c) by disabling the interest-based ads from providers that are part of the self-regulatory About Ads campaign at www.aboutads.info/choices, although it should be noted that this setting will be deleted if you delete your cookies;
d) by permanently deactivating this option in Firefox, Internet Explorer or Google Chrome at www.google.com/settings/ads/plugin. We point out that this may mean you are not be able to use all of the functions on our website to their full extent.
The processing of your data is based on Art. 6 (1) sentence 1 (f) GDPR. You can find further information on Google’s data protection at www.google.com/intl/de/policies/privacy und services.google.com/sitestats/de.html. You can also visit the Network Advertising Initiative (NAI) website at www.networkadvertising.org. Google has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
Section 12 Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g. information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyses the behaviour of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g. IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
Data are stored and analyzed on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained (e.g. consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6 Sect. 1 lit. a DGDPR. Any such consent may be revoked at any time.