Privacy Policy


This Privacy Policy clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter referred to collectively as the “online offering”). With regard to the terms used, such as “processing” or “controller”, we refer you to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Personal data


Personal data are information that can be used to identify you. This includes information such as your name, email address, postal address and telephone number. Information that is not associated with your identity (such as the number of users of the site) is not included. In principle, you can use our online offer without disclosing your identity. If you register for one of our personalised services, place orders or send an online form, we will ask you for your name and other personal information in order to fulfil your wishes. It is your free decision to use these services and to enter your data. If you do not wish to do so, you will not be able to make use of this service.

We store your data on specially protected servers. Access is only possible for a few specially authorised persons who are responsible for the technical or editorial support of the servers. The ILB and the Wirtschaftsförderung Land Brandenburg GmbH use your personal data exclusively for processing your specific inquiry or registration. Processing for other purposes does not occur. In particular, your personal data will not be passed on to third parties. Your email address will also not be made visible to third parties when the newsletter is dispatched.

Technical information that is automatically stored in connection with your access to our servers (e.g. IP address, date, time, pages visited) cannot be traced back to individual persons. They are used exclusively for anonymous statistical evaluation.

Controller


Investitionsbank des Landes Brandenburg

Heike Tillner
Data Protection Officer

Babelsberger Str. 21
14473 Potsdam

Tel.: 0331 660-1256
Fax: 0331 660-1555
Email: datenschutz@ilb.de

Types of data processed


  • Stock data (e.g. names, addresses).
  • Contact data (e.g. email, telephone numbers).
  • Content data (e.g. text input, photographs, videos).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Meta/communication data (e.g. device information, IP addresses).

Categories of data subjects


Visitors and users of the online offer (hereinafter referred to collectively as “users”).

Purpose of processing


  • Provision of the online offer, its functions and contents.
  • Answering contact requests and communicating with users.
  • Security measures
  • Range measurement/Marketing

Terms used


“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is regarded as identifiable if they can be directly or indirectly identified by reference, in particular, to an identifier such as a name, an identification number, location data, online identifier (e.g. a cookie) or by one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” refers to any operation or set of operations that is carried out with or without the aid of automated processes and which involves personal data. The term is broad and covers practically every handling of data.

“Pseudonymisation” refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” refers to any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.

“Controller” refers to any natural or legal person, public authority, agency or body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor” refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Applicable legal bases


In accordance with Art. 13 GDPR, we provide you with information about the legal basis of our data processing. If the legal basis is not mentioned in the Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6(1) lit. a and Art. 7 GDPR, the legal basis for processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6(1) lit. b GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6(1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6(1) lit. f GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6(1) lit. d GDPR serves as the legal basis.

Security measures


In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons to ensure a level of security appropriate to the risk.

Such measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as in terms of accessing, inputting, disclosing, ensuring the availability and separating the respective data. In addition, we have established procedures to ensure that data subjects' rights are exercised, that data are erased and that we react to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Cooperation with processors and third parties


Insofar as we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transfer data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transfer of the data to third parties such as payment service providers, pursuant to Art. 6(1) lit. b GDPR, is necessary for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “processing contract”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries


If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or the observance of officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects


You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.

Pursuant to Art. 17 GDPR, you have the right to demand that the data concerned be erased immediately or, alternatively, to demand that the processing of the data be restricted pursuant to Art. 18 GDPR.

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided us and to demand that it be transferred to other controllers.

Furthermore, you also have the right, pursuant to Art. 77 GDPR, to file a complaint with the competent supervisory authority.

Right to revoke consent


You have the right to revoke consents granted pursuant to Art. 7(3) GDPR with effect for the future.

Right to object


You may object at any time to the future processing of the data concerning you in accordance with Art. 21 GDPR. In particular, you may object to the processing of your data for the purposes of direct marketing.

Cookies and the right of objection in the case of direct advertising


“Cookies” are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies that are erased after a user leaves an online offer and closes his browser. The content of a shopping basket in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as “permanent” or “persistent” , if they are stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. Likewise, the interests of users who are used for range measurement or marketing purposes can be stored in such a cookie. “Third-party cookies” are cookies that are offered by other providers than the controller who operates the online service (otherwise, if they are only their own cookies, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and explain this in our Privacy Policy.

If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be erased in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.

Erasure of data


The data processed by us will be erased or processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be erased as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not erased because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

In Germany there is a statutory requirement to retain documentation in particular for 10 years pursuant to Section 147(1) AO (German Fiscal Code), Section 257(1) No. 1 and 4, (4) HGB (German Commercial Code) for accounts, records, situation reports, accounting records, trading books, documents relevant for taxation purposes, etc., and for 6 years pursuant to Section 257(1) No. 2 and 3, (4) HGB for business letters.

In Austria there is a statutory requirement to retain documentation in particular for 7 years pursuant to Section 132(1) BAO (Austrian Fiscal Code) for accounting documents, receipts/invoices, bank accounts, receipts, business papers, revenue and expenditure statements, etc., for 22 years in connection with real estate, and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services that are provided to non-entrepreneurs in EU member states and for which the Mini One Stop Shop (MOSS) is used.

Business-related processing


Additionally we process

  • Contract data (for example, contract object, duration, customer category).
  • Payment data (e.g. bank details, payment history)

of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

Administration, financial accounting, office organisation, contact management


We process data in the context of administrative tasks as well as the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. Here we process the same data that we process within the scope of providing our contractual services. The processing is based on Art. 6(1) lit. c. GDPR and Art. 6(1) lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation and archiving of data, i.e. tasks which serve the maintenance of our business activities, performance of our tasks and provision of our services. The erasure of the data with regard to contractual services and contractual communication corresponds to the data specified in these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.

Furthermore, based on our business interests, we store information on suppliers, organisers and other business partners, e.g. for the purpose of establishing contact at a later date. This data, which are mainly company-related, are stored permanently.

Economic analyses and market research


In order to run our business economically, to be able to recognise market trends, wishes of our contractual partners and users, we analyse the data available to us concerning business transactions, contracts, enquiries, etc., in order to identify the most suitable and appropriate solutions for your needs. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6(1) lit. f. GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online services.

The analyses are carried out for the purpose of economic evaluations, marketing and market research. Here we can take into account the profiles of registered users with information on, for example, the services they have used. The analyses help us to increase user-friendliness, to optimise our range of services and to improve business efficiency. The analyses are used by us alone and are not disclosed externally unless they are anonymous analyses with summarised values.

If these analyses or profiles are person-related, they will be erased or anonymised upon termination by the user, otherwise after two years from the conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.

Performance of our statutory and business services


We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6(1) lit. b. GDPR, insofar as we offer them contractual services or act within the framework of an existing business relationship, e.g. with members, or are ourselves recipients of services and benefits. Otherwise, we process the data of data subjects pursuant to Art. 6(1) lit. f. GDPR on the basis of our legitimate interests, for example in the case of administrative tasks or public relations work.

The data processed, the type, scope and purpose of the processing and the necessity of its processing are determined by the underlying contractual relationship. This basically includes the inventory and master data of the persons (e.g. name, address, etc.), as well as the contact data (e.g. email address, telephone, etc.), the contract data (e.g. services used, contents and information communicated, names of contact persons) and, if we offer services or products subject to payment obligations, payment data (e.g. bank details, payment history, etc.).

We delete data that are no longer required for the performance of our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as it may be relevant to the business transaction and also with regard to any warranty or liability obligations. The necessity of storing the data is reviewed every three years; otherwise the statutory storage obligations apply.

Contact


When contacting us (for example, via the contact form, by email, telephone or via social media), the user's details are used to process and deal with the contact enquiry pursuant to Art. 6(1) lit. b. GDPR (within the framework of contractual/pre-contractual relationships) and Art. 6(1) lit. f. GDPR (other inquiries). The user data can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organisation.

We will delete the requests if they are no longer necessary. We check the necessity for doing this every two years; in addition, the legal archiving obligations also apply.

Newsletter


With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you declare your agreement with the receipt and the described procedures.

Content of the newsletter: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipient or a legal permission. If the contents of the newsletter are specifically described within the scope of registration, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.

Double-Opt-In and logging: The registration to our newsletter takes place in a so-called Double-Opt-In procedure. This means that you will receive an email after your registration in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with third-party email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. The changes to your data stored at the shipping service provider will also be logged.

Registration data: To subscribe to the newsletter, it is sufficient to enter your email address. Optionally, we ask you to enter a name in the newsletter for the purpose of addressing you personally.

The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6(1) lit. a, Art. 7 GDPR in conjunction with Section 7(2) No. 3 UWG (German Fair Trade Practices Act) or, if consent is not required, based on our legitimate interests in direct marketing pursuant to Art. 6(1) lit. f. GDPR in conjunction with Section 7(3) UWG.

The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6(1) lit. f GDPR. Our interest is aimed at using a user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users and furthermore allows us to provide evidence of consent.

Cancellation/ Revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to provide evidence of a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for erasure is possible at any time, provided that the former existence of a consent is confirmed at the same time.

Newsletter – success measurement: The newsletters contain a so-called “web-beacon”, i.e. a file the size of a pixel which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from its server. As part of this retrieval, technical information is first of all collected such as information about the browser and your system, as well as your IP address and time of retrieval.

This information is used to improve the technical performance of services based on technical data or the target groups and their reading behaviour, and based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is, however, neither our intention nor, if used, that of the dispatch service provider to observe individual users. Rather, the evaluations help us to recognise the reading habits of our users and to adapt our content to them, or to send different content according to the interests of our users.

Unfortunately it is not possible to separately cancel the performance measurement. In this case the entire newsletter subscription must be cancelled.

Google Analytics


Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6(1) lit. f. GDPR), we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within this online service and to provide us with other services associated with the use of this online service and the Internet. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there.

The IP address transferred from your browser is not associated with other data by Google. Users can prevent the storage of cookies by setting their browser software accordingly; in addition, users can prevent Google collecting the data generated by the cookie and related to their use of the online service, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information about Google's data usage, hiring and opt-out options, please read Google's Privacy Policy ( https://policies.google.com/technologies/ads) and Google's Ads Settings ( https: // adssettings.google.com/authenticated).

The personal data of users will be erased or anonymised after 14 months.

Google Ads and conversion measurement


Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the meaning of Art. 6(1) lit. f. GDPR), we make use of the services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the Google Ads online marketing process to place ads on the Google Advertising Network (e.g. in search results, videos, web pages, etc.) so that they are displayed to users who have a perceived interest in the ads. This allows us to display ads for and within our online offerings in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which he or she is interested in other online offers, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which the Google Advertising Network is active, Google executes a Google code directly and incorporates (re)marketing tags (invisible graphics or code, also known as “web beacons”) into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file notes which websites the user visits, which content he or she is interested in and which offers are clicked by the user. In addition it notes technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer.

Furthermore, we receive an individual “conversion cookie”. The information obtained with the help of the cookie is used by Google to compile conversion statistics for us. However, we only know the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive information that personally identifies users.

User data are processed pseudonymously within the Google advertising network. This means, for example, that Google does not store and process the user's name or email address, but processes the relevant cookie-related data within pseudonymous user profiles. This means that, from Google's point of view, the ads are not administered and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google's servers in the United States.

For more information about Google's data usage, hiring and opt-out options, please read Google's Privacy Policy ( https://policies.google.com/technologies/ads) and Google's Ads Ads Settings ( https: // adssettings.google.com/authenticated).

Online presences in social media


We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our Privacy Policy, we process the data of users who communicate with us within social networks and platforms, for example by posting articles on our online presence or sending us messages.

Integration of third-party services and content


Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6(1) lit. f. GDPR), we use content or service offers from third parties within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, and may also be linked to such information from other sources.

Youtube


We integrate videos from the YouTube platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google ReCaptcha


We integrate the function to recognise bots, for example for entries in online forms (“ReCaptcha”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Maps


We integrate maps from the Google Maps service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data processed may, in particular, include users’ IP addresses and location data, which however is not collected without their consent (usually provided as part of the settings of their mobile devices). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Links to other websites


Our online offer contains links to other websites. We cannot ensure that operators of such websites adhere to data protection regulations.

Questions and comments


For questions, suggestions and comments on the subject of data protection, please contact our data protection officer by email.

Web Analytics with Google Analytics


(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyse how users use the site. The information generated by the cookie on your usage of this website is generally sent to a Google server in the United States and stored there. However, if IP anonymisation is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. At the request of the operator of this website, Google uses this information to evaluate your use of the website, compile reports on website activities and provide other services related to website use and Internet use for the website operator. The IP address transferred from your browser within the scope of Google Analytics is not associated with other data by Google.

(2) You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available at the following link ( http://tools.google.com/dlpage/gaoptout?hl=en).

(3) You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie is set which prevents the future recording of your data when you visit this website:

Deactivating Google Analytics

Further information on the terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.

We would like to point out that Google Analytics has been extended on this website by using the “anonymizeIp” setting to guarantee an anonymous collection of IP addresses (so-called IP masking).