The body responsible for data protection is the:
German Institute for Economic Research e.V. (DIW Berlin)
Mohrenstraße 58, 10117 Berlin, Germany
Phone: +49 30 897 89 0
Fax: +49 30 897 89 200
Our data security officer is Udo Wenzel.
Budapester Straße 31, 10787 Berlin
Phone: +49 30 2196 4390
Fax: +49 30 2196 4393
This data privacy statement applies to the visitors of our website, including the visitors who subscribe to our newsletter and other publications such as datasets, those who want to register for our events or sign a contract with us, those who apply for a job at our institute, and tenderers (or their employees) participating in tender procedures.
Every time our website is accessed, our system automatically collects data and information from the accessing computer. This information is temporarily saved in a log file. The following information will be collected automatically and stored until automated deletion:
The legal basis for storing this data is Article 6(1)(f) of the General Data Protection Regulation (GDPR). We have a legitimate interest in storing this data as we require it to guarantee and maintain the operational reliability of our system. We do not use the data to create personal user profiles. The data will be deleted after seven days.
a) Session cookies
In order for you to use password-protected areas and formulas, we use session cookies, which are deleted when you close your browser. Session cookies do not collect or store personal data.
b) Persistent cookies
aa) Favorites list
We use persistent cookies so that you are able to use the favorites list.
bb) Web analysis via Matomo
We use the web analysis software Matomo, which works without cookies. Matomo uses tracking code which allow us to analyze how our website is used and these results are saved on our server. Under no circumstances will we pass this information on to third parties. For your protection, we store the IP address of your computer anonymously (shortened).
If you do not agree to your data being stored and used, you can deactivate Matomo HERE. In this case, an opt-out cookie is stored in your browser. The opt-out cookie prevents Matomo from providing usage data and us from saving it. Please note that by deleting cookies in your browser settings, you will also delete the Matomo opt-out cookie and you will have to reactivate it the next time you visit our website.
We have embedded YouTube videos into our website, which are stored at http://www.YouTube.com and can be played directly from our website. These videos are included in “Advanced Privacy Mode,” which means that no user data will be transferred to YouTube if the videos are not played. Data will be sent to YouTube only once you start playing a video. We have no influence on this data transmission.
By playing the video on our website, YouTube receives the information that you have accessed the corresponding subpage of our website and are playing the video. This occurs whether or not you are logged in to a YouTube account. When you are logged in to Google, your information will be directly associated with your account. If you do not want your information associated with your account, you must log out of Google before activating the button. YouTube stores your data as usage profiles and can use them for advertising, market research, and/or for the design of its website according to your needs, for example. The data is evaluated (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.
Google also processes your personal data in the USA.
a) According to the General Data Protection Regulation (GDPR) of the European Union, you have the right of access under Article 15, the right to correction under Article 16, the right to deletion under Article 17, the right to restrict processing under Article 18, the right to oppose under Article 21, and the right to data transfer under Article 20.
The enforcement of these rights is subject to the conditions set out in the articles of the GDPR cited and is subject to the legal restrictions set out therein.
b) If you give us your consent to process personal data for certain purposes (such as signing up for the newsletter, registering for events), we will process your data on the basis of this consent. You may revoke your consent at any time. Please note that the revocation does not apply retroactively. Processing that took place before the revocation will not be affected and remains lawful.
c) You have a right of appeal to a data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the BDSG).
You can find a list of supervisory authorities and their contact information by clicking here (in German).
The data protection supervisory authority responsible for DIW Berlin is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.
DIW Berlin processes applicants’ personal data for the application and selection process to establish an employment relationship. The legal basis is Article 26 of the BDSG. Exclusively employees involved in the application process for the purpose of the selection process will receive application documents.
If DIW Berlin does not hire you, we will delete your application documents five months after we inform you of your rejection. We do not delete the documents immediately upon notification of rejection because we have a legitimate interest in keeping the documents due to legal deadlines. The legal basis is Article 6(1) of the GDPR.
We will only keep documents longer than five months if it has been explicitly agreed upon with the applicant.
Data we request as a part of the application process must be sent to us in order to be considered in the application procedure.
Job applicants also have the data protection rights mentioned in point 5.
If you would like to subscribe to any newsletters offered on our website, we require your email address so you can receive the newsletter(s) as well as information to confirm that you are the owner of the email account and that you agree to receive the newsletter. Your data will exclusively be used to send you the newsletter and will not be given to third parties.
The data entered in the respective subscription or registration form will be processed on the basis of your consent (pursuant to Article 6(1)(a) of the GDPR). You can revoke your consent at any time, in any case via email to firstname.lastname@example.org. The legality of the data processing already carried out remains unaffected by your revocation. In the event of revocation, we will delete your data unless it is also stored by us for other purposes (e.g., your email addresses for the member area). If that is the case, we will only delete your data if we do not need it for another purpose. We will also deactivate them for the purpose for which you have revoked your consent.
The data you provide to subscribe to the newsletter is required, as you cannot receive the newsletter otherwise.
The data privacy rights listed under point 5 also apply to newsletter subscribers.
We save your registration information for event logistics if you register for one of our events on our website. If the event is in coordination with another institution or occurring on behalf of another institution, we will send them your data as well so they can plan and organize the event.
The legal basis for this data processing is Article 6(1)(b) of the GDPR, as well as Article 6(1)(f), as we have a legitimate interest in storing your data and, if necessary, in its transmission to (co-)organizing institutes in order to organize events. Your data will be deleted after the event for which you registered has taken place.
You must provide us with the requested data because you cannot register for events via our website otherwise.
The data privacy rights under point 5 also apply to individuals who register for our events.
As an organizer of WebEx events (such as video conferences, online meetings), the German Institute for Economic Research e.V. (DIW Berlin) is the party responsible for data privacy. DIW Berlin has licensed the WebEx applications through Deutsche Telekom, which makes them additional data processors through a data processing agreement.
DIW Berlin processes the following personal data when a participant uses a WebEx application:
If you use the chat, question, or survey functions, any text you input will be processed to be shown in the meeting and, if necessary, to be logged. To enable video and audio playback, the data from your device’s microphone as well as of your video camera will be processed during the entire WebEx event. You can turn off your video or mute your audio at any time during the event.
DIW Berlin uses WebEx to conduct online meetings in order to fulfill its statutory duties. If we wish to record an online meeting, we will inform the participants in advance and, if necessary, ask their permission. If necessary for the purpose of logging the results of an online meeting, we will log the chat content. We will also inform the participants of this in advance.
Automated decision making as in Article 22 of the GDPR is not used.
If personal data of DIW Berlin employees are processed, § 26 BDSG is the legal basis for data processing. If web meetings are held as part of contractual relationships, including cooperative relationships, the legal basis for data processing is Article 6, paragraph 1, subsection b of the GDPR. Otherwise, the legal basis is Article 6, paragraph 1, subsection f of the GDPR. In order to fulfill its statutory tasks, DIW Berlin has a legitimate interest in the effective conduct of online meetings.
The personal data processed when participating in online meetings is also received by Deutsche Telekom, through which DIW Berlin has licensed the WebEx applications on the basis of an order processing contract, and by Cisco Systems Inc. as supplier of the WebEx applications.
When using WebEx applications, the data collected by Cisco Systems Inc. is also processed at data processing centers in countries outside the European Economic Area (EU countries, Iceland, Liechtenstein, and Norway), including the USA. Deutsche Telekom and Cisco have concluded contractual arrangements according to the EU Standard Contractual Clauses and supplementary data protection agreements.
Please note that according to the highest European jurisdiction, the USA does not guarantee a level of data protection comparable to the level guaranteed under the GDPR and that such a level cannot be achieved by agreeing on standard contractual clauses.
Personal data will be stored until the data processing purpose no longer applies or after legal or official storage obligations have expired.
Participants in WebEx events also have the data protection rights mentioned under point 5.
DIW Berlin processes the personal data of bidders or their employees during the tender process exclusively to execute said tender process. The legal bases are Article 6(1)(b), Art. 6(1)(c), and Article 6(1)(f) of the GDPR. At DIW Berlin, only the employees involved in the tender process receive personal data. If the legal requirements are met, we must also submit the tender documents to the responsible authorities, thereby forwarding the bidders’ personal data, to fulfill our legal obligations (e.g., to show accordance with the Minimum Wage Act, the Employee Secondment Act, or the Act to Combat Undeclared Work and Unlawful Employment).
You must provide us with the data requested in order for your offer to be evaluated and considered in the tender process.
We will delete the data immediately after the tender process has ended unless we are obliged by law to store the data until a certain time. In that case, we will delete the data as soon as the retention period has expired.
The data privacy rights under point 5 also apply to bidders or their employees participating in the tender process.
We maintain an online presence on Facebook, Twitter, and YouTube to communicate with people interested in our research and to inform them about our work. When visiting these websites, your personal data may be processed outside the territory of the European Economic Area, which can mean an increased risk for your data. As a rule, the operators of the aforementioned social media websites process the data of the users for the purposes of market research and advertising and can also create user profiles from your usage behavior. These usage profiles can be used to place targeted advertisements on the Internet platform concerned, but also when visiting other websites. For these purposes, cookies are set by the operators of the platforms which store the usage behavior and the interests of the users.
According to a ruling of the European Court of Justice, the operator of a profile page on Facebook is jointly responsible with Facebook for processing the personal data of users. The processing of the personal data of the users is carried out on the basis of Article 6(1)(f) of the GDPR. We have a legitimate interest in communicating with users. You can find information on data protection policies and opt-out options for the respective providers at the following links:
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland):
Data policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=…
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA):
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=…
YouTube (YouTube LLC , 901 Cherry Ave, San Bruno, CA 94066 USA – Represented by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):
Privacy & Terms: https://policies.google.com/privacy?hl=en
To protect the personal data of our website’s users, we use a secure online transmission procedure, the “Secure Socket Layer” (SSL) transmission. All information transmitted using this secure method is encrypted before being sent. Your personal data is processed exclusively on data centers and computers protected by security technologies and standards (e.g. firewalls, password protection, access controls, etc.).
Please use the above-mentioned contact addresses for DIW Berlin or our data protection officer to exercise your rights or if you have any further questions regarding data protection.