KoWi takes data protection and data security very seriously. Therefore we have taken proper organisational and technical measures to ensure compliance with the EU General Data Protection Regulation (GDPR) as well as all further relevant legislation.
The following statement will give you a complete overview of how KoWi guarantees the protection of your data and what kind of data is collected for which purpose.
Each visit to the KoWi website is registered and stored in a log file for a limited time. The following data are being logged:
The legal basis for processing personal data by using cookies is Art. 6 para. 1 point f GDPR (legitimate interest). Without the use of these cookies, several functions could not be offered on our website.
4. Personal data
We will collect and store personal data from our website only when you register for a personalised service (AiD newsletter or event registration). Complying with the principle of data avoidance and data minimisation, personal data will be collected only to the extent necessary for the provision of our services within the meaning of our statutes.
If you register for our free newsletter AiD, we will store your data in a database. Your data will not be passed on to any third party and we will not use your data for any other purpose.
We use the double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the given e-mail address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 2 days, your data will be deleted automatically.
When subscribing to the AiD, you will have to provide the following personal data:
- email address
- name and surname
- information about your organization
In addition, date and time of your subscription will be registered. The purpose of this procedure is to prove your subscription and, if necessary, to clarify any possible misuse of your personal data.
Furthermore, information on content preferences (areas of interest) can be stored as voluntary information.
You may unsubscribe from the AiD at any time via a link at the end of each newsletter. After having verified your e-mail address, all data will be deleted without undue delay.
The legal basis for the processing is Art. 6 para. 1 point b GDPR (contractual basis) and Art. 6 para. 1 point a GDPR (user's consent) for all voluntary information.
You may register for our regular events via our website. To process the registration we will ask you to provide personal data via an online form. The data will be transmitted to us and stored. The following data will be collected:
- name and surname
- organisation (necessary with regard to our statutes)
- email address
These data are required for the purpose of organising and carrying out the event; in addition, the date and time are collected during registration. You can provide additional data (title, department, and additional contact data) on a voluntary basis.
If you submit data to us in order to register for an event, we will use these data exclusively for the purpose of the organisation of the event. All data will be deleted after the respective legal deadlines. Your data will only be passed on to third parties (e.g. co-organisers, list of participants) when you give your explicit consent.
You may cancel your registration at any time or may ask us to change your data stored. Unless it conflicts with any legal or contractual provisions, your data will be deleted without undue delay.
The legal basis for processing is Art. 6 para. 1 point b GDPR (contractual basis) and Art. 6 para. 1 point a GDPR (user's consent) for all voluntary information.
Your data will not be used for any other purposes.
Our website features embedded YouTube videos. YouTube is operated by YouTube LLC, headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The YouTube videos are integrated with the extended data protection mode. YouTube will not store any information about the visitors to our website unless they watch the video. If you click on the video, your IP address will be transmitted to YouTube. In case you are logged in to YouTube, this information will also be connected with your user account. In order to prevent this, log out of YouTube before viewing the video.
Further information on data processing and privacy protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.
5. Data protection in application processes (incl. KoWi mentoring, internships)
For the purpose of processing application procedures we generally collect and process the personal data of applicants electronically. This includes in particular your contact details as well as relevant information about your education, work experience and motivation.
If an applicant is selected, their data will be stored in order to be able handle the employment relationship or the programme. Data will not be passed on to third parties without your explicit consent;
If you are not selected, we will store your data for up to six months for the purpose of answering questions in connection with your application. Thereafter, your data will be deleted, unless this conflicts with other legitimate interests on our part.
You can revoke your application at any time or have the personal data stored changed. As far as there are no conflicting contractual or legal obligations, your data will be deleted without undue delay.
The legal basis for processing is Art. 6 para. 1 point b GDPR (contractual basis) or Art. 6 para. 1 point a GDPR (user's consent) for additional information.
6. Rights of the data subject
As a “data subject” within the meaning of the DSGVO, you have the following rights:
a) Right of access
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed. Where that is the case you may obtain access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected directly from you, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
We will provide you with a copy of the personal data undergoing processing. Unless otherwise requested from, the information will be provided in a commonly used electronic form.
b) Right to rectification
In case the personal data concerning you is inaccurate or incomplete you have the right to obtain rectification or completion from us without undue delay .
c) Right to erasure (‘right to be forgotten’)
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the following grounds applies and the processing is not necessary according to Art. 17 para. 3 GDPR
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according to point (a) of Art. 6(1), or point (a) and there is no other legal ground for the processing;
- your object to the processing pursuant to Art. 21(1); there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
- the personal data have been collected in relation to the offer of information society services referred to in Art. 8(1).
Where we have made the personal data public and are obliged pursuant to paragraph 1 to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other organisations which are processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.
d) Right to restriction of processing
You have the right to obtain the restriction of processing from us where one of the following applies:
- you contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data; instead you request the restriction of their use;
- we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
- you have objected to processing pursuant to Art. 21(1) pending the verification whether our legitimate override yours.
e) Notification obligation and right to be informed
We will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients upon request.
f) Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
- the processing is based on consent pursuant to point (a) of Art. 6(1) or on a contract pursuant to point (b) of Art. 6(1); and the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another entity (controller), where technically feasible.
The right to data portability will not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1). We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You may exercise your right to object, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications
h) Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data relating to you infringes the GDPR, you will have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
i) Right to revoke
You have the right to revoke your consent to the processing of your personal data at any time.