Data Protection

Privacy Policy

Privacy Statement

Thank you for visiting our website. Complying with data protection regulations is of utmost importance to us. This Privacy Statement serves to inform you, as a user of the website, of the nature, scope, and purpose of the processing of personal data and your rights as a Data Subject according to Art. 4 No. 1 of the General Data Protection Regulation (GDPR). This Privacy Statement takes into account the European GDPR in effect since 25 May 2018. At the same time, the previously applicable requirements of the Telekommunikation-Telemedien-Datenschutzgesetz (Telecommunications-Telemedia Data Protection Act) are fulfilled.

1. Responsible Entity and Data Protection Officer

The entity responsible for processing personal data is the Bundesministerium für Umwelt, Naturschutz, nukleare Sicherheit und Verbraucherschutz (BMUV/Federal Ministry for the Environment, Nature Conservation, Nuclear Safety, and Consumer Protection), Stresemannstraße 128-130, 10117 Berlin, Phone: +49 30 18 305-0
Fax: +49 228 99 305-3225,
Email: poststelle@bmuv.bund.de

The following declaration provides an overview of how BMUV ensures data protection and what type of data is collected, on what basis, and for what purpose.

For questions about the protection of your personal data, please contact the Data Protection Officer at BMUV:

The Data Protection Officer at BMUV, Bundesministerium für Umwelt, Naturschutz, nukleare Sicherheit und Verbraucherschutz, Stresemannstraße 128-130, 10117 Berlin, Phone: 030 18 305-0

Contact form

The VDI Technology Center GmbH (VDI TZ) is a Processor and processes your data on behalf of the BMUV.

2. General Information

The website has been designed to collect as little data from you as possible. It is generally possible to visit our website without providing personal data. Personal data is only processed when you decide to use certain services (e.g., using the contact form). We ensure that your personal data is processed only in accordance with a legal basis or with your consent. We comply with the provisions of the GDPR in effect as of 25 May 2018 and the respective national regulations, such as the Bundesdatenschutzgesetz (German Federal Data Protection Act), the Telekommunikation-Telemedien-Datenschutzgesetz (Telecommunications and Telemedia Data Protection Act), or other specific data protection laws.

3. Definition

The terms used in this Privacy Statement have the following meanings in accordance with the GDPR:

“Personal Data”: All information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”); a natural person is considered identifiable if they can be identified directly or indirectly, particularly by means of assignment to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.

“Processing”: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Restriction of Processing”: Stored personal data marked with the aim of limiting their processing in the future.

“Pseudonymisation”: The processing of personal data such that said data can no longer be attributed to a specific Data Subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

“Controller”: The natural or legal person, public authority, agency, or other body which, on its own or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Processor”: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller;

“Recipient”: A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Third Party”: A natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorised to process personal data.

“Consent”: The Data Subject's freely given, specific, informed, and unambiguous declaration of their wishes by which they, by a statement or by a clear affirmative action, indicate their agreement with the processing of personal data relating to them.

4. Consent

In certain cases, we collect certain personal data from you during your visit to our website, for which we require your consent. This occurs, for example, when you send us a message via our contact form, order documents, or subscribe to our newsletter. We also need your consent for the use of various cookies that are not essential for the operation of the website.

Declaration of Consent

By using our available forms, you consent to our collection and processing of the personal data you provide as described in this Privacy Statement. You may revoke said consent at any time with effect for the future by way of a corresponding declaration to us. However, please note that using the affected service will no longer be possible without your consent. To revoke your consent, please use the contact methods provided above (please mention your name, email, and postal address in this case). For cookies, declarations of consent may be granted or withdrawn at any time using the dedicated cookie mask.

5. Purpose and Legal Basis for Processing Personal Data

We always process your personal data for specific purposes.

In summary, we process your personal data for the following purposes:

  • to handle your inquiries when contacting us (e.g., email address, first name, last name)
  • to regularly inform the interested public through the distribution of electronic newsletters
  • to process online orders for information materials in the “Competence Centre for Resource Efficiency” project and for further contact
  • in connection with the processing of orders for the purpose of verifying the legally compliant expenditure of public funds and in order to comply with tax regulations
  • to monitor activities in the “Competence Centre for Resource Efficiency” project within general inquiries and communication, ordering information materials, event organisation, and newsletter distribution
  • for the technical implementation of our website and to provide you with information about the “Competence Centre for Resource Efficiency” project on this website (e.g., IP address, cookies, browser information)
  • For event preparation and management 
  • For the management and administration of membership in Network Resource Efficiency (NeRess)

For the management and administration of membership in the Industrie-Club Ressourceneffizienz (Resource Efficiency Industrial Association). The specific purposes are described in the processing sections further below (e.g., contact form, web analysis, etc.).

The following applies with respect to the legal basis for processing your personal data:

Personal data required for establishing, executing, or handling our service offer (contract processing) are processed based on Art. 6(1)(b) GDPR. To the extent we obtain your consent for processing your personal data, the consent pursuant to Art. 6(1)(a) GDPR forms the legal basis for data processing. Data processing is also permissible if required in order to perform a task in the public interest as per Art. 6(1)(e) GDPR and, in this respect, your interests or fundamental rights and freedoms regarding personal data processing do not outweigh such processing. The public interest, in this case, derives from implementing German sustainability and resource efficiency policy. The legal obligations set out in Art. 6(1)(c) GDPR, to which we, as the Controller (or Processor) are subject to, constitute a further legal basis. If we engage external service providers in connection with processing, such processing is based on Art. 28 GDPR.

6. Collection of Personal Data during Visits to Our Website

When you use our website for informational purposes only, e.g., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and ensure stability and security (the legal basis is Art. 6(1)(e) GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

In addition to the aforementioned data, cookies are stored on your computer when you use our website. More information on this can be found under the “Cookies” section of this Privacy Statement.

This website is hosted by an external service provider (Hoster). The personal data collected on this website is stored on the Hoster's servers.

We use the following Hoster:

Hetzner Online GmbH

Industriestr. 25,

91710 Gunzenhausen

We have entered into a data processing agreement (DPA) with the aforementioned provider. This concerns a contract prescribed by data protection legislation, that ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

7. Cookies

Use of Cookies

Information is collected and stored on our website through the use of so-called browser cookies.

What are Cookies?

These small text files stored on your data carrier store certain settings and data for exchange with our system via your browser. A cookie typically contains the name of the domain from which the cookie data was sent, information about the age of the cookie, and an alphanumeric identification sign.

Why do we use Cookies?

Cookies enable our systems to recognise the user's device and immediately implement any presettings. As soon as a user accesses the platform, a cookie is transmitted to the hard drive of the respective user's computer. Cookies help us improve our website and offer you better, more personalised service. They allow us to recognise your computer or (mobile) device when you return to our website and, as a result:

  • Store information about your preferred activities on the website and thus tailor our website to your individual interests.
  • Speed up the processing of your requests.

We collaborate with third-party services to help make our online offerings and website more engaging for you. Therefore, during your visit to the website, cookies from these partner companies (third-party providers) may also be stored on your hard drive. These are cookies that automatically delete themselves after the specified time.

Cookies that are technically necessary for the operation of the website are used based on Art. 6(1)(e) GDPR. There is a public interest in the need to provide suitable web offers for implementing German resource efficiency and sustainability policy. Using other cookies generally requires your consent, which you can grant or withdraw at any time via the dedicated cookie mask. The legal basis for data processing in this case is Art. 6(1)(a) GDPR. Cookies that require consent are not set when visiting the website. This may restrict the overall possible functionality of the website.

The following overview provides a list of the cookies we set:

Cookie Consent with Cookiebot

Our website uses the Cookie Consent Management Platform Cookiebot from Cybot to obtain your consent for storing certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to asCybot).

When you enter our website, Cookiebot or Cybot cookies are stored in your browser, where your given consents or the withdrawal of these consents are stored. Cybot does not sell, trade, or transfer personal data to third parties, but may share data with trusted third-party or sub-contracting companies. Data is also shared if legally required.

The collected data is processed exclusively within the European Economic Area. They are hosted in an Azure data centre of Cybot's cloud provider (Microsoft Ireland Operations Ltd. in Dublin). By visiting azure.microsoft.com/de-de/global-infrastructure/regions/ you can find out about the “Azure Regions”. All end-user data is deleted by Cookiebot after 12 months from registration or immediately after the termination of the Cookiebot service.

The collected data will be stored until you request that we erase it, revoke your consent for storage, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details on data processing by Cookiebot or Cybot cookies can be found at https://www.cookiebot.com/de/privacy-policy/ bzw. https://www.cookiebot.com/de/cookie-declaration/ .

The use of the Cookie Consent Management Platform Cookiebot is to obtain the legally required consents for the use of cookies. The legal basis is Art. 6(1)(1)(c) GDPR.

Can I determine how cookies are used?

If you do not wish to use browser cookies, you can configure your browser to not accept the storage of cookies. Please note that you may only be able to use our website to a restricted extent or not at all if you do so. If you only wish to accept our own cookies, but not the cookies of our service providers and partners, you can select the setting in your browser “block third-party cookies”. We are not responsible for the use of cookies by third parties.

8. Contact (Contact Form)

You can contact us in various ways. In this case, we store the personal data you provide. The primary purpose of data processing is to handle the respective inquiry and the resulting communication. The secondary purpose is to monitor the activities in the “Competence Centre for Resource Efficiency”. The monitoring serves project reporting to demonstrate proper use of public funds, external project evaluation to analyse the impact of public funds, and internal adjustment and optimisation of the service portfolio.

The legal basis for data processing for responding to inquiries is the Data Subject's consent to data processing for the aforementioned purposes according to Art. 6(1)(a) GDPR. The only mandatory fields required to process the inquiry are the email address and the message. If individuals wish, they can also provide their first and last names for the same purpose and for potential personal address. The duration of storage of personal data for the aforementioned purpose is primarily determined by the duration of the communication resulting from your inquiry with VDI TZ. Personal data is erased after any possible extraction of monitoring-relevant information, no later than 1 year after the project term of the “Competence Centre for Resource Efficiency” project.

The legal basis for data processing for monitoring purposes is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, it is necessary for this implementation mechanism of German resource efficiency and sustainability policy to document the activities carried out on behalf of BMUV. Any data stored later for monitoring purposes is anonymised, meaning it is no longer personal data and does not fall under GDPR in this form.

9. Online Orders for Information Material (Order Form)

You can order information material from us via our order form. In this case, we store the personal data you provide to process your order and contact you to handle and manage your request. The mandatory fields required to process your order are your email address, first and last name, street and house number, postal code and city, and the ordered product. If you wish, you can also provide your gender (“Form of Address”) for the same purpose and for potential personal address, or your phone number for any possible follow-up questions. Finally, you are free to include your company, institution, or organisation.

The legal basis for data processing for processing your order is the Data Subject's consent to data processing for the aforementioned purposes according to Art. 6(1)(a) GDPR. The duration of storage of personal data for the aforementioned purpose is determined by the duration of the communication resulting from your order with VDI TZ in the “Competence Centre for Resource Efficiency” project. This also includes the period from ordering until a currently out-of-stock publication becomes available and can be shipped. Personal data is erased after any possible extraction of monitoring-relevant information, no later than 1 year after the project term of the “Competence Centre for Resource Efficiency” project.

Another purpose of data processing in this context is monitoring the activities in the “Competence Centre for Resource Efficiency” project. The monitoring serves project reporting to demonstrate proper use of public funds, external project evaluation to analyse the impact of public funds, and internal adjustment and optimisation of the service portfolio in the “Competence Centre for Resource Efficiency”.

The legal basis for processing is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, it is necessary for this implementation mechanism of German resource efficiency and sustainability policy to conduct monitoring of orders. Since the data will no longer be personal data, at the latest, after processing in project reports, such as percentage distribution of ordering parties in different target group segments, and will be anonymised, the long-term storage of the reports does not fall under the GDPR.

The duration of storage of any personal data in this area before complete anonymisation is determined by the need to implement order monitoring in reasonable, appropriate timeframes. Personal data is erased after any possible extraction of monitoring-relevant information, no later than 1 year after the project term of the “Competence Centre for Resource Efficiency” project.

In addition, the processing of personal data takes place in connection with order processing to demonstrate the lawful expenditure of public funds (or cost proof for public accounting purposes) and to comply with fiscal regulations for record retention. This specifically concerns entries in an outbound mail log to demonstrate the proper use of funds in the area of payment for delivery services. Legal obligations to which the Controller (or its Processor) is subject according to Art. 6(1)(c) GDPR constitute the legal basis of processing. This includes the general ancillary provisions for project funding grants (ANBest-P), which stipulate a minimum retention period for original receipts of five years under 6.5. Furthermore, under Section 147(3) in conjunction with (1) No. 1, 4 and 4a Abgabenordnung (Tax Code), Section 14b(1) Umsatzsteuergesetz (Value Added Tax Act), among others, retention periods of 10 years for accounting records apply. The duration of storage for these purposes is measured accordingly. After the periods expire, these data are erased.

10. Newsletter

The purpose of data processing is to regularly inform the interested public about current developments and specialist discussions in politics, science, civil society, media, and business in the field of resource efficiency and potentially related topics (such as sustainability, innovations, etc.) through electronic newsletters. Optional information (at the discretion of the Data Subjects) can be added for statistical purposes to enable industry and/or geographical analysis of the interested audience. The purpose of this data collection is to monitor activities in the “Competence Centre for Resource Efficiency” project. On one hand, monitoring serves project reporting to demonstrate the proper use of public funds, external project evaluation to analyse the impact of public funds, and internal adjustment and optimisation of the service portfolio.

Your email address is only required for the forwarding of newsletters. If you wish, you can also provide your first and last names for the same purpose and potential personal form of address within the scope of newsletter management and distribution. Finally, you are free to provide city, industry, or company information for monitoring purposes. The duration of storage of personal data for the aforementioned purposes is primarily determined by the duration of your consent and secondarily by the continued distribution of the newsletter. Personal data will be erased within a maximum of one month from receiving a corresponding request from the Data Subject or from the termination of the newsletter distribution.

When you register for the newsletter on this website, the data you enter will be used exclusively for this purpose or to inform you about relevant circumstances regarding this service or its registration. This data is passed on by VDI TZ to the service provider Mailingwork GmbH for the purpose of managing and carrying out the newsletter mailing. VDI TZ has concluded a data processing agreement with its email marketing service provider Mailingwork GmbH. Said agreement ensures that the service provider strictly adheres to the stringent requirements of German data protection law in managing and carrying out the newsletter mailing. This also ensures that your data is only stored within the EU with a high level of protection. Your data will not be stored on servers outside the EU.

To receive the newsletter, a valid email address is required. The IP address you used to register for the newsletter and the date you ordered the newsletter will also be stored. This data serves as proof in case of misuse, if a third-party email address is registered for the newsletter. To ensure that an email address is not improperly entered into our distribution list by third parties, we work according to the “Double-Opt-In” procedure. In this process, after registration, a confirmation email is sent to the specified email address. Only after confirming your registration by clicking on a link in the confirmation email will you receive the desired email newsletter. This procedure logs the newsletter order, the dispatch of the confirmation email, and the receipt of the registration confirmation.

You can revoke your consent to the storage of your data, email address, and their use for newsletter mailing at any time with effect for the future. In every newsletter, VDI TZ provides a link for revoking your consent. You can also communicate your revocation wish in writing to the contact details mentioned above.

Newsletter Tracking

Be advised that we analyse your user behaviour when forwarding the newsletter. For this analysis, the forwarded emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For these analyses, we link the web beacons to your email address and an individual ID.

The data is collected exclusively pseudonymised, meaning the IDs are not linked with your other personal data, and a direct personal reference is excluded.

You can object to such tracking at any time by clicking on the separate link provided in each email or informing us via another contact method. The information is stored as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.

Such tracking is also not possible if you have disabled the display of images by default in your email program. In this case, the newsletter will not be displayed fully, and you may not be able to use all functions. If you manually display the images, the tracking mentioned above occurs.

11. Events

If you wish to register for the offered events, the registration takes place via the registration form of the “Competence Centre for Resource Efficiency”. We store the personal data you provide to communicate with participants and inform them about event-related information. The data collected for event organisation or participant management includes gender (“Form of Address”), title, first name, last name, contact details (email and postal address). Optional information includes: company/institution/organisation, department, phone. The legal basis for processing is the initiation or execution of the contract to be concluded with the respective Data Subject for participation in an event of the Processor on behalf of the Controller according to Art. 6(1)(b) GDPR. The duration of storage of personal data is determined by the need for event organisation or participant management. Post-event processing, such as informing participants about potential post-event reporting, is done until no later than four weeks after the event, so the data for this purpose is erased at the beginning of the fifth week at the latest.

Participants register for events with Mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz, Germany (hereinafter referred to as Mailingwork). Your personal data is transmitted to Mailingwork. We have concluded a data processing agreement with Mailingwork. This agreement obliges Mailingwork to comply with our data protection requirements. The data protection provisions of Mailingwork can be viewed at mailingwork.de/datenschutzerklaerung.

The second purpose for data processing is event documentation and the promotion of project-related activities, particularly using images from the event for publication on the internet. The legal basis for processing is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, it is essential for this implementation mechanism of German resource efficiency and sustainability policy to conduct monitoring of the activities carried out under the mandate of the BMUV. This includes the use of images from such events to promote further events and network-related activities or activities of the “Competence Centre for Resource Efficiency” project.

Another purpose for the processing of data is project monitoring, particularly, the category company/organisation. These are usually not considered personal data as the number of cases are typically large enough that individuals cannot be identified. However, in some cases, the data used for monitoring may contain personal references or allow identification of individuals. The legal basis for processing is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, it is necessary for this implementation mechanism of German resource efficiency and sustainability policy to conduct monitoring of projects carried out on behalf of the BMUV. Given that the data, once processed in monitoring reports, in which percentage distribution of participants into various target group segments, is no longer personal data and is anonymised, the long-term storage of the monitoring reports does not fall under the GDPR. The duration of storage of any personal data in this area prior to complete anonymisation is determined by the need to implement event monitoring in reasonable, appropriate timeframes and is set at up to one year after the project term of the “Competence Centre for Resource Efficiency” project.

Furthermore, the processing of personal data is carried out for the purpose of demonstrating the lawful expenditure of public funds (or for the purpose of cost verification for public accounting) as well as complying with fiscal regulations for record retention according to Article 6(1)(c) GDPR.

Categories of data collected for this purpose are determined by the lists of participants present at the event, which include first name, last name, organisation/institution, and the signatures of those present. Legal obligations to which the Controller is subject according to Article 6(1)(c) GDPR constitute the legal basis for processing. This includes the general ancillary provisions for project funding grants (ANBest-P), which, under 6.5, stipulate a minimum retention period for original receipts (including proof of participant hospitality through signed participant lists) of five years. Additionally, according to Section 147(3) in conjunction with (1) No. 1, 4, and 4a of the Abgabenordnung (AO), and Section 14b(1) of the Umsatzsteuer-gesetz (UStG), there are 10-year retention periods for accounting documents, which include proof of catering for participants via signed participant lists. The duration of storage for these purposes is measured accordingly. After the periods expire, these data are erased.

Another purpose of the required processing of personal data by VDI TZ is the creation and the long-term possibility of subsequent verification of the actual issuance of a participation certificate in qualification courses. Categories of data collected for participant management are: Gender (“Form of Address”), title, first name, last name, contact details (email and postal address as mandatory fields). Optional information includes: company, department, phone. The legal basis for processing is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, for this implementation mechanism of German resource efficiency and sustainability policy, it is necessary to be able to verify at any time whether certain individuals were indeed issued a certificate of participation, thereby confirming their corresponding qualification. Since the certificate can be used for an entire professional career to demonstrate certain qualifications, the duration of storage for this purpose is generally set at 50 years. This ensures the detection of falsified qualification certificates.

In connection with monitoring qualification courses, participants may be contacted after the event (by phone, email, or mail) and asked about the use of the knowledge gained in their daily practice. Processing is carried out for the purpose of follow-up contact in order to evaluate publicly funded projects. This includes follow-up contact (by mail, email, or phone) by the BMUV or its Processor VDI TZ. The purpose of contact is to determine at a subsequent point in time whether and how the offers developed in the “Competence Centre for Resource Efficiency” project were used and whether economic and ecological effects were achieved. Categories of data processed for follow-up contact for the evaluation of publicly funded projects are: gender (“Form of Address”), title, first name, last name, contact details (email, postal address, and phone number), institution/organisation. The legal basis for processing is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, for this implementation mechanism of German resource efficiency and sustainability policy, it is necessary to enable the subsequent evaluation of the effectiveness of the utilised budget funds through follow-up contacts by independent third parties with the individuals who have utilised the services provided by the “Competence Centre for Resource Efficiency” project. Specifically, for this implementation mechanism of German resource efficiency and sustainability policy, it is necessary to enable the subsequent evaluation of the effectiveness of the utilised budget funds through follow-up contacts by independent third parties with the individuals who have utilised the services provided by the “Competence Centre for Resource Efficiency” project. This duration is also due to the fact that the period between the use of the offers of the Competence Centre, the implementation of a specific measure, and the measurability of economic and ecological effects can take several years. For an independent evaluation of the “Competence Centre for Resource Efficiency” project by yet to be determined third parties, the transfer of personal data to this yet to be determined institution will likely be required. Before transferring data to these institutions, we will ask for your consent in connection with the follow-up contact to transfer the data to the then known institution for the purpose of independent evaluation.

For the purpose of informing in regards to and inviting potential participants to workshops for exchange among consultants in the field of resource efficiency, the processing of personal data is also necessary. The data collected for the purpose of follow-up information and invitation to workshops for exchange among consultants in the field of resource efficiency are: Gender (“Form of Address”), title, first name, last name, contact details (email and postal address as mandatory fields). Optional information includes: company, department, phone. The legal basis for processing is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, for this implementation mechanism of German resource efficiency and sustainability policy, it is necessary to gather assessments from trained participants about any event participation. This helps to determine whether the knowledge gained during the qualification courses has been applied in their daily practice and how the qualification offerings can be improved. The duration of storage for this purpose is generally set at five years. In the event of an objection to data storage for this purpose, the personal data will be erased within a maximum of four weeks.

 

11.1 Video and Image Recordings during Events 

Photo and Film Recordings, Consent of the Participant

Purposes of Photo and Video Recordings

At the on-site event, employees of VDI ZRE or service providers contracted by VDI ZRE will take photo and/or video recordings of the event and its guests. The recordings are used for the following purposes:

  • Publication on the VDI ZRE website as well as on websites of clients involved in the event
  • Publication on VDI ZRE’s social media channels, especially Instagram and LinkedIn
  • Publication in VDI ZRE’s print media (own publications and on behalf of clients)
  • Distribution to third parties, particularly, print and online media for reporting purposes
  • Long-term storage of the recordings in an internal archive

Legal Basis for Panorama and Large Group Shots

To the extent recordings are designed as panorama shots of the event without a specific focus on particular groups of people or as shots of groups of more than 10 people at the event, this is done based on VDI ZRE’s legitimate interest in documenting the event and does not require separate consent from the individuals depicted.

Consent for Individual and Small Group Shots

If a participant does not wish to have individual portrait shots or targeted group shots of up to 10 people taken, they have the option of picking up a coloured sticker upon entering the event, which they must visibly attach to their clothing in the chest area. This signals to the attending camera operators and photographers that this person does not wish to be photographed. If a participant attends the event without such a sticker, they implicitly consent to having photo and film recordings of themselves made and used as described above.

Right of Revocation

The consent to the specific use (data, purpose, and type of use) of recordings as described in section 2.3 may be revoked at any time without giving reasons by emailing datenschutz-tz@vdi.de with effect for the future. Publications made prior to revocation may continue to be published, distributed, or made available online. Printed publications that have already been printed at the time of revocation may be distributed.

 

11.2 Networks Resource Efficiency and Industry Club

The VDI Zentrum Ressourceneffizienz GmbH (VDI ZRE) (VDI Centre for Resource Efficiency GmbH) is, until further notice, the executing company of the “Competence Centre for Resource Efficiency” mandate and is, under data protection law, the Processor on behalf of the BMUV. Comprehensive current information on the processing of your personal data in the context of membership in the Network Resource Efficiency (NeRess) and the Industry Club can be found below.

The purposes and further essential characteristics of data processing are:

Processing personal data required for network management and support of network members, including:

  • Maintaining up-to-date contact data of contact persons for all NeRess and Industry Club members.
  • Information for the contact persons of NeRess and Industry Club members about current developments and events in the field of resource efficiency and, where applicable, related topics (sustainability, innovations, etc.), upcoming network-related activities, as well as free offers and events.
  • Requests for speakers for relevant events organised by VDI ZRE or proposals as speakers at third-party events. 
  • Requests for contributions to network events for the purpose of self-promotion and presentation of network partners with potential stands, information tables, etc.
  • Targeted involvement of NeRess and Industry Club members in opinion-forming processes.
  • Development of the network/club.
  • General networking for exchange between members of the network/club regarding the topic of resource efficiency or targeted establishment of promising contacts between network members or between network members and other persons, companies, and institutions.

Categories of data collected for this purpose are: Gender (“Form of Address”), title, first name, last name, contact details (email and postal address), company and/or institution/organisation, department, telephone, fax, country.

The legal basis for processing is the membership contract according to Article 6(1)(b) GDPR.

The duration of storage of personal data for the aforementioned purposes is primarily determined by the duration of the membership and secondarily by the existence of the Network/Industry Club for Resource Efficiency. Personal data will be erased within a maximum period of one month upon receipt of a corresponding request by the Data Subject or upon dissolution of the NeRess/Club. For network management and general networking, there is long-term storage of lists of participants and their contacts, as well as event flyers and programmes for a period of 10 years, which serves to actively establish connections between club members and, if applicable, between club members and other persons.

For external representation and marketing of the network, the processing of personal data is necessary; specifically: Publication of contact details (gender (“Form of Address”), title, first name, last name, contact details (email, postal address, telephone, fax) and organisational affiliation data (company/institution/organisation, department) of network members on the internet. Potential publication of group photos from meetings without specific assignment of individuals, possible flyers and information brochures about the club or best-practice examples of members within the framework of publications of the “Competence Centre for Resource Efficiency” project. 

The legal basis for processing is the consent of the Data Subject to data processing for the aforementioned purposes according to Article 6(1)(a) GDPR. 

The duration of storage of personal data for this purpose corresponds to that of Purpose 1.

Regarding participation in Industry Club events:

Processing of personal data necessary for event organisation or participant management, including:

  • Communication with participants to inform them about event-related aspects. 
  • Ensuring, ex-ante, sufficient seating and other facilities at the event venue as well as sufficient catering, room booking,
  • Content preparation of the event concerning discussion points and moderation guidelines.
  • Entry on the list of participants and printing of a name badge for networking and audience transparency. Categories of data affected for this purpose are only first name, last name, organisation/institution.
  • Entry as a speaker or host company on event programmes before the event, which will be made available to participants and the BMUV.

Categories of data collected for event organisation or participant management are: 

  • Mandatory fields: Gender (“Form of Address”), title, first name, last name, contact details (email and postal address). 
  • Optional information includes: company/institution/organisation, department, phone, fax.

The legal basis for processing is the consent of the Data Subject to data processing for the aforementioned purposes according to Article 6(1)(a) GDPR.

The duration of storage of personal data is determined by the need for event organisation or participant management. Post-event processing, such as informing participants about potential post-event reporting, is done until no later than four weeks after the event, so the data for this purpose is erased at the beginning of the fifth week at the latest.

Additionally, the general notes on events from point 11 of this privacy statement apply.

Processing of personal data necessary for the operation of the internal website area on the NeRess website. The NeRess website has a registration function that allows members to post content themselves and participate in public discussions on resource efficiency and related topics. Categories of data collected for this purpose are (required fields): First name, last name, company/institution/organisation, and login data for the internal website area.

The legal basis for processing is the membership contract according to Article 6(1)(b) GDPR. The duration of storage of personal data for this purpose corresponds to that of Purpose 1.

A fourth purpose is the processing of data for project monitoring of the “Competence Centre for Resource Efficiency” project, particularly the category company/institution/organisation. These are usually not considered personal data as the number of cases are typically large enough that individuals cannot be identified. However, in some cases, the data used for monitoring may contain personal references or allow identification of individuals.

The legal basis for processing is the need to perform a task in the public interest according to Art. 6(1)(e) GDPR. Specifically, it is necessary for this implementation mechanism of German resource efficiency and sustainability policy to conduct monitoring of projects carried out on behalf of the BMUV. 

The duration of storage of any personal data in this area prior to complete anonymisation is determined by the need to implement event monitoring in reasonable, appropriate timeframes and is set at up to one year after the project term of the “Competence Centre for Resource Efficiency” project.

Since the data, if processed in monitoring reports, where a percentage breakdown of the target group into various segments is provided, will no longer be personal but rather anonymised, the long-term storage of the monitoring reports will no longer fall under the GDPR.

 

11.3 Webinar / Online Events

Data Processing

We use various online conferencing tools to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us as well as by the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide or use to utilise the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, the beginning and end (time) of participation in the conference, the number of participants, and other “context information” related to the communication process (metadata).

Additionally, the provider of the tool processes all technical data required for handling online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise provided within the tool, this content will also be stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full influence over the data processing operations of the used tools. Our options are primarily determined by the corporate policies of the respective providers. For further details on data processing by the conferencing tools, please refer to the privacy statements of the respective tools listed below this text.

Purpose and Legal Basis

The conferencing tools are used to communicate with prospective or existing contract partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves overall to simplify and accelerate communication with us or our company (legitimate interest as per Art. 6(1)(f) GDPR). If consent has been requested, the use of the relevant tools is based on such consent; consent may be revoked at any time with effect for the future.

Storage Duration

Data collected directly by us via video and conferencing tools will be erased from our systems as soon as you request that we erase said data, revoke your consent to store said data, or the purpose for data storage no longer applies. Stored cookies remain on your end device until you erase them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage duration of your data, which is stored by the operators of the conferencing tools for their own purposes. For details, please refer to the data protection information of the respective conferencing tool providers.

Used Conferencing Tools

We use the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom's privacy statement: zoom.us/de-de/privacy.html.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: zoom.us/de-de/privacy.html

GoToMeeting

We use GoToMeeting. The provider is LoMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA. Details on data processing can be found in GoToMeeting's privacy statement: www.logmeininc.com/de/legal/privacy.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in Microsoft's privacy statement: privacy.microsoft.com/de-de/privacystatement

 

12. Integration of Third-Party Services and Content

Our website uses content, services, and offerings from other providers. These are, for example, services for statistical analysis of the use and visit to our website. The user's IP address must be transferred to the third-party provider is necessary in order for these data to be retrieved and displayed in the user's browser. 

Even though we strive to use only third-party providers who need the IP address only to deliver content or work with anonymised IP addresses, we have no control over whether the IP address may be stored. Information about the third-party providers used can be found in the following sections of this privacy statement.

Use of Matomo

Our website uses the web analysis service Matomo. Matomo is an open-source solution.

Matomo uses “cookies”, which are small text files that your web browser stores on your end device and that allow an analysis of website usage. The information generated by cookies about the use of our website is stored on our server. Your IP address is anonymised before storage. Cookies from Matomo remain on your end device until you erase them. The setting of Matomo cookies is based on Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG (Telecommunications-Telemedia Data Protection Act). Without your consent, no cookies will be set that are not technically necessary for the operation of the website. However, certain functions of our website may be restricted or unavailable if you do not consent to the associated processing of personal data. There is no transfer of the information stored in the Matomo cookie about the use of this website.

For publicly funded projects, which include the “Competence Centre for Resource Efficiency” project, it is necessary to prove the use of the services and the effectiveness of the use of public funds. Tracking the use of the online service is an important requirement for meaningful project monitoring and overall project evaluation. Therefore, we request your permission via the designated cookie mask to track your browsing behaviour on our website.

Use of Google APIs

We use Google APIs from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to access additional services and data from Google Ireland Limited. In doing so, your IP address is transmitted to Google Ireland Limited. 

The use of Google APIs is based on your consent according to Art. 6(1)(a) GDPR.

The specific storage duration of the processed data is determined by Google Ireland Limited. For more information, please refer to the privacy statement for Google APIs: policies.google.com/privacy

13. Presence on Social Media Platforms

We maintain so-called fan pages or accounts or channels on the networks listed below to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we inform you about which data we and the respective social network process from you in connection with accessing and using our fan pages/accounts.

Data We Process from You

When you contact us via messenger or direct message through the respective social network, we process your username, with which you contact us, and store any other data you provide, to the extent necessary to process/answer your request.

(Static) Usage Data We Receive from Social Networks

We receive automatically provided statistics about our accounts via insight features. The statistics include, among other things, the total number of page views, “likes”, page activity and post interactions, reach, video views, as well as information about the proportion of men/women among our fans/followers.

The statistics contain only aggregated data and cannot be traced back to individual users. You are not identifiable to us through this data.

Data the Social Networks Process from You

To view the content of our fan pages/accounts, you do not need to be a member of the respective social network and thus do not need a user account for the respective social network.

Please note, however, that the social networks collect and store data from website visitors even without a user account (e.g., technical data to display the website to you) and use cookies and similar technologies over which we have no control. For details, please refer to the privacy policies of the respective social networks (see the corresponding links above).

If you want to interact with the content on our fan pages/accounts, e.g., comment on, share, or like our posts, and/or contact us via messenger functions, you must register with the respective social network and provide personal data.

We have no influence on data processing by the social networks in connection with your use. To our knowledge, your data is, in particular, stored and processed in connection with the provision of services by the respective social network, for the analysis of usage behaviour (using cookies, pixels/web beacons, and similar technologies) based on which advertisements are shown to you both within and outside the respective social network according to your interests. It cannot be ruled out that your data will also be stored and passed on to third parties outside the EU/EEA.

Information about the exact scope and purposes of processing your personal data, storage duration/erasure, and guidelines on the use of cookies and similar technologies within the framework of registration and use of social networks can be found in the privacy statements/cookie guidelines of the social networks. There, you will also find information concerning your rights and options for objection.

On our pages, we use representations of social buttons in the form of a static link to our social media presences on the respective platforms. For this website, these are the following:

YouTube – Further information: policies.google.com/privacy
Twitter (X) – Further information: twitter.com/de/privacy
LinkedIn – Further information: www.linkedin.com/legal/privacy-policy

Instagram – Further information: https://privacycenter.instagram.com/policy/
Facebook – Further information: https://www.facebook.com/privacy/policy

 

Contact and address database 

In connection with our mandate for the “Competence Centre for Resource Efficiency”, we work with an external service provider who provides us with a contact and address database.

Storage in this database is done with consent and can be revoked at any time. 

The following service provider provides the contact and address database:

GRÜN Software Group GmbH, Pascalstraße 6, 52076 Aachen

14. Data Security

Unfortunately, the transmission of information over the Internet is never 100% secure, which is why we are unable to guarantee the security of data transmitted to our website over the Internet.

However, by means of technical and organisational measures, we secure our website and other systems against loss, destruction, access, alteration, or distribution of your data by unauthorised persons.

In particular, your personal data is transmitted encrypted with us. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system for this. Our security measures are continuously improved in line with technological developments.

15. Rights of the Data Subject

You have the right:

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data, if not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about their details;
     
  • In accordance with Art. 16 GDPR, to request the rectification, without undue delay, of incorrect personal data stored by us or the completion of such data;
     
  • in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;
     
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose its erasure, and we no longer need the data, but you require it for the establishment, exercise, or defence of legal claims, or you have objected to processing in accordance with Art. 21 GDPR;
     
  • In accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request transfer to another Controller (data portability);
     
  • In accordance with Art. 7(3) GDPR, to withdraw your consent given to us at any time. As a result, we may no longer continue the data processing based on this consent for the future; and
     
  • in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
     
  • Right to Object

If your personal data is processed on the basis of legitimate interests according to Art. 6(1)(1)(e) GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided there are reasons arising from your particular situation or the objection is against direct marketing. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.

If you would like to exercise your right of withdrawal or objection, please use the contact form of the Federal Ministry for the Environment, Nature Conservation, Nuclear Safety and Consumer Protection or, in the case of cookies, the corresponding setting in the cookie mask.

16. Transfer of Your Personal Data

Your personal data will be transferred as described below.

Website hosting is carried out by an external service provider in Germany. We ensure that data processing takes place within the European Economic Area. This is necessary for the operation of the website, as well as for establishing, fulfilling, and processing the existing user contract, and is also possible without your consent.

Data will also be transferred if we are entitled or obliged to transfer data on the basis of legal provisions and/or official or court orders. This may include providing information for law enforcement purposes, security purposes, or the enforcement of intellectual property rights.

To the extent your data is transferred to service providers as required, they will only have access to your personal data to the extent necessary for the performance of their tasks. These service providers are obligated to handle your personal data in accordance with applicable data protection laws, particularly the GDPR.

Beyond these circumstances, we do not transfer your data to third parties without your consent. In particular, we do not provide any personal data to locations outside the EU or to international organisations.

17. Storage Duration of Personal Data

Unless otherwise specified, the personal data processed by us is generally erased as soon as it is no longer required for the original purpose of collection and no statutory retention periods apply. Statutory retention periods form the criterion for the final duration of the storage of personal data. After the retention period expires, the corresponding data is routinely erased. If retention periods exist, processing is restricted in the form of blocking the data.

18. References and Links

When accessing internet pages referred to within our website, you may be asked again for information such as your name, address, email address, browser properties, etc. This privacy statement does not regulate the collection, transfer, or handling of personal data by third parties.

Third-party service providers may have different and own rules for the handling of the collection, processing, and use of personal data. It is therefore advisable to inform yourself about their practices in handling personal data on their websites before entering personal data.

19. Amendment of the Privacy Statement

We are constantly enhancing our website to offer you an ever-improving service. We will keep this privacy statement up to date and adapt it accordingly if and to the extent necessary.

Current version: July 2024

Zum Seitenanfang