Privacy Policy

Information to be provided pursuant to Art. 12, 13 et seq. of the GDPR

1. Name and Address of Controller

Your contact and the controller within the meaning of the General Data Protection Regulation of the European Union (“GDPR”), national data protection laws of the member states, and other data protection regulations is:

MIWI Institute – Institute for Market Integration and Economic Policy
Painbreitenstr. 8
82031 Grünwald (München)

(hereinafter referred to as “we”, “us”, “our” or “MIWI Institute”).

2. Name and Address of Data Protection Officer

The protection of your personal data is of great importance to the MIWI Institute – Institute for Market Integration and Economic Policy.

If you have any questions concerning data protection and data security at the MIWI Institute, please contact us directly:

E-Mail: info@miwi-institut.de
Tel.: +49 (0) 89/52068609

3. General Information on Data Processing

3a. Scope of Personal Data Processing

As a matter of principle, we will only process your personal data to the extent that is necessary to provide our services. Any processing of your personal data is, as a rule, subject to your prior consent, except in cases where prior consent cannot be obtained for factual reasons or the processing of your personal data is permitted by law.

3b. Legal Basis for Processing Personal Data

In cases where we seek your consent to process personal data, the legal basis for doing so is set out in Art. 6(1)(a) of the GDPR.

In cases where we process personal data in the execution of a contract between you and us, the legal basis for doing so is set out in Art. 6(1)(b) of the GDPR. This also applies to processing operations necessary for the implementation of pre-contractual measures.

In cases where personal data must be processed to comply with a legal obligation that we are subject to, the legal basis for doing so is set out in Art. 6(1)(c) of the GDPR.

In cases where your vital interests, or those of another natural person, require the processing of personal data, the legal basis for doing so is set out in Art. 6(1)(d) of the GDPR.

In cases where the processing of personal data is necessary for the purposes of the legitimate interests pursued by us or a third party and those interests are not overridden by your interests, fundamental rights and freedoms, the legal basis for doing so is set out in Art. 6(1)(f) of the GDPR.

3c. Deletion and Storage Period

Your personal data will be deleted or blocked if they are no longer required for the purposes for which they were stored or otherwise processed. In addition, data may be stored to meet the legal obligations stipulated by the European or national legislator in EU regulations, laws or other standards that we are subject to. Data will also be blocked or deleted if the storage period stipulated in the above-mentioned regulations, laws or standards expires unless longer storage is necessary for the purpose of entering into or performing a contract.

4. Website Provision and Creation of Log Files

4a. Legal Basis for Data Processing

The legal basis for processing your personal data in the context of website provision and the creation of log files is set out in Art. 6(1)(f) of the GDPR.

4b. Purpose of Data Processing

The temporary storage of your personal data is necessary to enable us to deliver the website to your computer. To this end, your personal data need to be stored for the duration of the session.

Your personal data are stored in log files to ensure the operability of the website. We also use your personal data to optimise our website and safeguard the security of our information technology systems. In this context we will not analyse your personal data for marketing purposes.

The above is necessary for the purposes of the legitimate interests pursued by us referred to in Art. 6(1)(f) of the GDPR.

4c. Storage Period

Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed. In cases where your personal data are collected for the purpose of providing the website, they will be deleted each time a session ends.

If personal data are stored in log files, they will be deleted after fourteen days at the latest. In some cases data may be stored for a longer period of time, in which case your personal data will be deleted or masked, thus making identification of the requesting client impossible.

4d. Objection, Removal

Recording your personal data for the purpose of providing the website and storing your personal data in log files are essential for the operation of the website. You therefore have no right to raise any objection to these activities.

5. Use of Cookies

When you visit our website, our cookie banner informs you that we use cookies. In the following we would like to inform you about which cookies we use and how you can prevent our cookies from being set.

In order to expand the range of functions of our web offering and to make its use more convenient for you, we use so-called “cookies” on some of our pages, which primarily serve to identify the site visitors or contain information about user activity on the web pages. Cookies are small text files that are stored on your computer. Some of these cookies are deleted after the browser session ends (so-called session cookies). Other cookies remain on your computer and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit us (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values.

5a. Legal Basis for Data Processing

The legal basis for processing your personal data in the context of using cookies required for technical purposes is set out in Art. 6(1)(f) GDPR.

The legal basis for data processing in the context of the use of technically unnecessary cookies is Art. 6(1)(a) GDPR.

5b. Purpose of Data Processing

The use of cookies required for technical purposes is designed to simplify your use of our website. Some features of our website cannot be offered without the use of cookies. For these features it is necessary that your web browser is recognized even after a page change. The user data collected through cookies required for technical purposes will not be used to create user profiles.

Such processing is therefore necessary for the purposes of the legitimate interests pursued by us as referred to in Art. 6(1)(f) GDPR.
The use of technically not necessary cookies serves to further simplify the use of our website and to make it more convenient for you, as well as for the statistical recording and analysis of general usage behaviour based on access data. These cookies are set only with your express consent, which you give by selecting the checkboxes in our cookie banner.

5c. Storage Period

Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed; this will particularly be the case when cookies are deactivated. The respective lifetime of the individual cookies can be seen from the list in section 5e.

5d. Objection, Removal

Cookies are stored on your computer and transmitted to our website from your computer. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. You can delete cookies that have already been saved at any time. This can also be done automatically. If you deactivate cookies in your browser settings for our website, you may not be able to fully use all of the website’s features.

5e. List of Cookies Used

Cookie Purpose Duration
Web application firewall and load balancer (TS01) Technically required cookies for the eponymous major purposes End of the session
Cookie accepted Technically required to record the approval decision 4 weeks
Only for logged-in users
Session Cookie Technically required: enables actions and rights assigned to the user 4 weeks or end of the session

6. Web Shop

6a. Legal Basis for Data Processing

The legal basis for processing your personal data in the context of the web shop is set out in Art. 6(1)(b) of the GDPR.

6b.Purpose of Data Processing

The purpose of processing your personal data in the context of the web shop is the execution of a contract for the sale of goods or supply of services between you and us.

6c. Storage Period

Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed. In the case of processing your personal data in the context of the web shop this will be the case when all claims arising from the contractual relationship have become time-barred and any statutory retention periods have expired.

6d. Objection and Removal

The processing of personal data in the context of the web shop is essential for the sale of goods or supply of services. You therefore have no right to raise any objection.

7. Newsletter

7a. Legal Basis for Data Processing

The legal basis for processing your personal data in the context of distributing the newsletter is obtaining your prior consent, as set out in Art. 6(1)(a) of the GDPR, or, as a result of the sale of goods or supply of services, provided by the legal permission pursuant to § 7 (3) of the German Act Against Unfair Competition (§ 7 Abs. 3 UWG).

7b. Purpose of Data Processing

Your personal data are collected for the purpose of distributing the newsletter to you. The purpose of processing your personal data in the context of distributing the newsletter is to promote the sale of goods or supply of services.

7c. Storage Period

Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed, i.e. your personal data are stored while the subscription to the newsletter is active.

7d. Objection, Removal

You may cancel your newsletter subscription at any time by following the corresponding link featured in each newsletter. By cancelling your subscription you also revoke your consent.

8. Registration

8a. Legal Basis for Data Processing

The legal basis for processing your personal data in the context of your registration is set out in Art. 6(1)(b) of the DGPR.

8b. Purpose of Data Processing

Your registration facilitates entry into contracts between you and us. Hence the processing of your personal data in the context of the registration is required to fulfil the contract between you and us or to implement pre-contractual measures.

8c. Storage Period

Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed. This is the case during the registration process when your personal data are no longer required to fulfil a contract or to implement pre-contractual measures Even after entering into the contract, it may be necessary for us to store personal data of a party to the contract in order to comply with contractual or legal requirements.

8d. Objection, Removal

You may cancel your registration at any time. You can also request modification of your stored personal data at any time. In cases where your personal data are necessary to execute a contract or implement pre-contractual measures, early deletion of your personal data will only be possible if there are no contractual or legal requirements that conflict with their deletion.

9. Contact Form and Contact by Email

9a. Legal Basis for Data Processing

The legal basis for processing your personal data transmitted by using the contact form or sending an email is set out in Art. 6(1)(f) of the GDPR. In cases where you use the contact form or send an email with a view to entering into a contract, Art. 6(1)(b) of the GDPR provides an additional legal basis for processing.

9b. Purpose of Data Processing

In the context of you contacting us via the contact form or by email, your personal data is processed for the sole purpose of handling your contact request.

9c. Storage Period

Your personal data will be deleted once they are no longer required for the purpose for which they were collected or otherwise processed. Personal data transmitted via the contact form or by email will be deleted each time a dialogue with you is over. A dialogue is deemed over when it can be inferred from the circumstances that the facts in question have finally been clarified between you and us.

9d. Objection, Removal

You may at any time object to the processing of your personal data in the future in the context of contacting us via the contact form or email. In this we cannot continue a dialogue with you. All personal data stored in the process of your contacting us will be erased.

10. Web Tracking and Web Analysis by Matomo (formerly PIWIK)

10a. Legal Basis for Data Processing

The legal basis for processing your personal data is set out in Art. 6(1)(f) of the GDPR.

10b. Purpose of Data Processing

Processing your personal data enables us to analyse your surfing patterns. By evaluating the collected data, we are able to compile information on your use of specific components of our website. This helps us to continuously improve our website and its user-friendliness. Such processing is therefore necessary for the purposes of the legitimate interests pursued by us, as referred to in Art. 6(1)(f) of the GDPR. By anonymizing your IP address, your interest in protecting your personal data is sufficiently taken into account.

10c. Storage Period

Your personal data will be deleted once they are no longer required for the above-mentioned purposes. In our case, this will be after 14 days.

10d. Objection, Removal

Cookies are stored on your computer and transmitted to our website from your computer. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. You can delete cookies that have already been saved at any time. This can also be done automatically. If you deactivate cookies in your browser settings for our website, you may not be able to fully use all features of our website.

More detailed information on the privacy settings of the Matomo software may be found at: 
https://matomo.org/docs/privacy/

11. Direct Marketing

11a. Legal Basis for Data Processing

The legal basis for processing your personal data for the purpose of direct mail marketing is set out in Art. 6(1)(f) of the GDPR.

11b. Purpose of Data Processing

The purpose of processing your personal data for the purposes of direct mail marketing is to promote the sale of goods or supply of services. This is a legitimate interest pursued by us as referred to in Art. 6(1)(f) of the GDPR.

11c. Storage Period

Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed; this will particularly be the case if we receive your objection.

11d. Objection, Removal

You may at any time object, with future effect, to the processing of your personal data in the context of direct mail marketing.

12. Social Media

We use links on our website to the social networks Twitter, YouTube, Flickr, XING, and LinkedIn. The responsibility for data-protection-compliant operation must be ensured by their respective providers. Direct contact between the networks and users is established only when the user actively clicks on one of these links. There is no automatic transfer of user data to the operators of these platforms.

12a. Twitter

You will find plugins of the Twitter Inc. (Twitter) microblogging service integrated into our web pages. You can recognize the Twitter plugins (tweet button) on our page by the Twitter logo.

With a click on the “Twitter” button you can share a post with your contacts on Twitter. As soon as you click on the Twitter button, the link establishes direct contact between Twitter and you. A connection to the Twitter server is established and data such as the IP address of your computer and the website you are visiting is sent to Twitter.

12b. YouTube

You will find a link to the Google operated site YouTube integrated into our web pages. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you click on the “YouTube” button, the link establishes direct contact between YouTube and you. This tells the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

12c. Flickr

We use Flickr for the display and archiving of images.
Flickr is a service of Yahoo! EMEA Limited, 5-7 Point Village, North Wall Quay, Dublin 1, Ireland.

12d. Xing

Our website contains a link to the social network XING.
As soon as you click on the “XING” button, the link establishes direct contact between you and the servers of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.

12e. LinkedIn

Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Only when you click on the LinkedIn button does the link establish direct contact between LinkedIn and you. A connection to the LinkedIn server is established and data such as the IP address of your computer and the website you are visiting is sent to LinkedIn. Once you are logged in to your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of the transmitted data or of how LinkedIn uses this data.

12f. Legal Basis for the Processing of Personal Data

The legal basis for the processing of users’ personal data is Art. 6(1)(f) GDPR.

12g. Purpose of Data Processing

On our website, we use links to the social networks on the basis of Art. 6(1)(f) GDPR in order to make the MIWI Institute better known. The advertising purpose behind these links is to be regarded as a legitimate interest within the meaning of GDPR.

12h. Objection, Removal

If you do not want the social media provider to be able to associate visits to our pages with you, please log out of your respective user accounts.

Further information on the handling of user data can be found in the data protection declarations of the respective providers:

Twitter https://twitter.com/privacy
YouTube https://policies.google.com/privacy?hl=en&gl=en
Yahoo http://info.yahoo.com/privacy/en/yahoo/
Xing https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing
LinkedIn https://www.linkedin.com/legal/privacy-policy 

13. Legal Defence and Enforcement of Rights

13a. Legal Basis for Data Processing

The legal basis for processing your personal data in the context of legal defence and the enforcement of rights is set out in Art. 6(1)(f) of the GDPR.

13b. Purpose of Data Processing

The purpose of processing your personal data in the context of legal defence and the enforcement of rights is the defence against unfounded claims and the legal enforcement of claims and rights. This is a legitimate interest pursued by us as referred to in Art. 6(1)(f) of the GDPR.

13c. Storage Period

Your personal data will be deleted once they are no longer required for the purposes for which they were collected or otherwise processed.

13d. Objection, Removal

The processing of your personal data in the context of legal defence and enforcement of rights is essential for legal defence and the enforcement of rights. You therefore have no right to raise any objection.

14. Categories of Recipients

Within our institute, only those entities and departments that need personal data to fulfil the purposes set out above obtain such data. In addition, we work with various service providers and transmit your personal data to other trustworthy recipients such as, for example:

– Banks
– Scan service providers
– Print shops
– Letter shops
– IT service providers
– Lawyers and courts.

15. Rights of the Data Subject

If your personal data are processed by us, you are a data subject within the meaning of the GDPR and have the following rights:

15a. Right of Access

You shall have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed by us.

Where that is the case, you have the right to request the following information from us: 

(1) The purposes for which your personal data are being processed;
(2) The categories of personal data concerned;
(3) The recipients or categories of recipient to whom your personal data have been, or will be, disclosed;
(4) The envisaged period for which your personal data will be stored, or, if precise information is not possible, the criteria used to determine that period;
(5) The existence of the right to request rectification or deletion of your personal data, the right to request a restriction on personal data processing, or the right to object to such processing;
(6) The right to lodge a complaint with a supervisory authority;
(7) Any available information as to the source of the data where the personal data are not collected from you;
(8) The existence of automated decision-making, including profiling, referred to in Art.22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. 

You have the right to obtain access to your personal data and to request information as to whether your personal information will be disclosed to recipients in third countries or international organisations. If so, you shall have the right to be informed of the appropriate safeguards relating to the transfer pursuant to Art. 46 of the GDPR.

15b. Right to Rectification

Where your personal data processed by us are inaccurate or incomplete, you have the right to obtain the rectification and/or the right to have incomplete personal data completed. We are obliged to perform the rectification without undue delay.

15c. Right to Restriction of Processing

You have the right to obtain restriction of processing of your personal data where one of the following applies:

(1) You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
(2) Our processing is unlawful and you oppose the deletion of personal data and request the restriction of their use instead;
(3) We no longer need your personal data for processing purposes, but you require them for the establishment, exercise or defence of legal claims, or
(4) You have objected to processing pursuant to Art. 21(1) of the GDPR and the verification as to whether our legitimate grounds override yours is still pending.

In cases where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.

If you have obtained restriction of processing in accordance with the above requirements, we will inform you before the restriction of processing is lifted.

15d. Right to Deletion

15d i. Obligation to Delete

You have the right to obtain from us the deletion of your personal data without undue delay and we are obliged to delete you’re your personal data without undue delay in cases where one of the following applies:

(1) Your personal data are no longer required for the purposes for which they were collected or otherwise processed;
(2) You withdraw your consent on which the processing is based according to Art. 6(1)(a), or Art. 9(2)(a) of the GDPR, and there is no other legal ground for the processing;
(3) You object to data processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21(2) of the GDPR;
(4) Your personal data have been unlawfully processed; 
(5) Your personal data have to be deleted to comply with a legal obligation under Union or Member State law to which we are subject;
(6) Your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.

15d ii. Informing Third Parties

In cases where we have made the personal data public and are obliged to delete them pursuant to Art. 17(1) of the GDPR, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform the controllers processing your personal data that you, the data subject, have requested the data deletion by such controllers of any links to, or copy or replication of those personal data.

15d iii. Exceptions

The right to deletion does not apply if the processing of data is necessary

(1) To exercise the right of freedom of expression and information;
(2) To comply with a legal obligation, which requires processing by Union or Member State law to which we are subject; or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) of the GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR in so far as the right referred to in section d. above is likely to render impossible, or seriously impair, the achievement of the objectives of that processing, or
(5) To establish, exercise or defend legal claims.

15e. Notification Obligation

In cases where you have exercised your right to rectification, deletion or restriction of processing, we are obliged to inform all recipients to whom we have disclosed your personal data of such rectification, deletion or restriction of processing unless this proves to be impossible or would involve a disproportionate effort.

You have the right to obtain information on those recipients.

15f. Right to Data Portability

You have the right to receive the personal data, which you have provided us with, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from us, where

(1) The processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) or on a contract pursuant to Art. 6(1)(b); and
(2) The processing is carried out by automated means.

In exercising your right to data portability, you also have the right to have your personal data transmitted directly from us to another controller, where technically feasible. Your rights may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

15g. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, at any time to any processing of your personal data, which is based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, or freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.

In cases where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.

In cases where you object to processing for direct marketing purposes, your personal data will no longer be processed to such an end.

In the context of the use of information society services you may, notwithstanding Directive 2002/58/EC, exercise your right to object by automated means based on technical specifications.

15h. Right to Withdraw Consent

You have the right to withdraw your consent to the processing of personal data at any time. This withdrawal of consent will not affect the lawfulness of processing based on consent before your withdrawal.

15i. Automated Individual Decision-Making, including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) Is necessary for enter into, or execute a contract between you and us;
(2) Is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) Is based on your explicit consent.

However, those decisions must not be based on the special categories of personal data referred to in Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in (1) and (3), we will implement suitable measures to safeguard your rights, freedoms and justified interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

15j. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State in which you are ordinarily resident, your place of work or the place where the alleged infringement took place, if you consider that processing of your personal data infringes the GDPR.

The competent supervisory authority for the MIWI Institute is:

Bayerisches Landesamts für Datenschutzaufsicht
Postfach 606
91511 Ansbach
Deutschland

The supervisory authority with which the complaint has been lodged will inform you of its progress and the outcome of your complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

If you have any questions concerning data protection and data security at the MIWI Institute, please contact us directly:

E-Mail: info@miwi-institut.de
Tel.: +49 (0) 89/52068609