Data protection

1. Information on the collection of personal data

(1) In this document we provide information on the collection of personal data when using our website. Personal data means all data relating to you personally, e.g. your name, address, email addresses and user behaviour.

(2) The controller in accordance with Art. 4(7) EU General Data Protection Regulation (GDPR) is

DGNB GmbH
Tübinger Str. 43
70178 Stuttgart
Email: gmbh@dgnb.de
(see our legal notice)

Our data protection officer is available at

email: datenschutz@dgnb.de

or under our postal address with the addition Data Protection Officer.

(3) When you contact us by email or by using a contact form, the data you provide (e.g. your email address, your name and telephone number) will be stored by us in order to respond to your query. We will erase data obtained in this respect once storage is no longer necessary, or we will restrict its processing where statutory safe-keeping obligations apply. But submitting a query, you grant us your consent to data-processing in accordance with Art. 6(1)(a) GDPR.

(4) If we avail ourselves of contractual service providers for the individual functions of our services or if we would like to use your data for advertising purposes, we inform you in detail below about the relevant procedures. In this respect we will also specify the criteria established for the duration of storage.

2. Your rights

(1) You have the following personal data rights in relation to us:

  • Right to obtain information
  • Right to rectification and deletion
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

(2) You are also entitled to submit a complaint to a data protection supervisory authority about our processing of your personal data.

3. Collection of personal data during visits to our website

(1) Where the website is used merely for informational purposes, i.e. if you do not register or otherwise provide information to us, we only collect the personal data transmitted to our server by your browser. If you wish to view our website, we collect the following data that we require for technical reasons in order to show you the website and safeguard its stability and security (legal basis: Art. 6(1)(f) GDPR).

  • IP address
  • Date and time of the query
  • Time zone difference to Greenwich Mean Time (GMT)
  • Specific content (webpage) of the query
  • Access status/HTTP status code
  • Quantity of data transferred in each case
  • Website that is the source of the query
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

(2) In addition to the above-mentioned data, cookies are also stored on your computer when you use our website. Cookies are tiny text files that are stored on your hard disk and attributed to the browser you use, and which enable certain information to flow to the party placing the cookie (in this case, us). Cookies are unable to run programs or transfer viruses to your computer. They serve to render internet products more user-friendly and more effective overall.

(3) Use of cookies:

  • a) This website uses the following kinds of cookies, the scope and functioning of which are explained below:
    • Session cookies - (b) below
    • Permanent cookies - (c) below
  • b) Session cookies are deleted automatically when you close your browser. Session cookies store a so-called session ID which enables various queries from your browser to be attributed to a specific session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
  • c) Permanent cookies are deleted automatically after a pre-set period which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
  • d) In order to control the use of cookies, a cookie consent-tool is implemented on this website (hereinafter referred to as “Cookiebot”). Cookiebot is operated by Cybot A/S, 1058 Copenhagen, Denmark and displays a cookie list divided into functional groups, explains the purpose of the cookie functional groups and the individual cookies and their storage period. For the use of Cookiebot the storage of a cookie is technically necessary.
    When you visit this website for the first time, a pop-up window will appear. Here you can activate the cookies structured by function groups by clicking the corresponding box. Please note that the technical cookies are already stored when you access the website and that the relevant box is preset.
    You can change or withdraw your consent at any time by deselecting the relevant cookie categories in the cookie declaration below. Select cookie settings. An additional option for controlling the use of cookies is provided by appropriate settings in your browser with corresponding adjustment options. We would like to point out that you may not be able to use all functions of this website if you deselect cookies.
  • e) We use cookies in order to identify you on subsequent visits if you have an account with us. Otherwise you have to log in again for each visit.
  • f) The Flash cookies in use are not registered by your browser but by your Flash plug-in. We also use HTML5 storage objects that are placed on your computer. These objects store the necessary data irrespective of your browser and have no automatic expiry date. If you do not want the Flash cookies to be processed, you have to install a corresponding add-on, e.g. Better Privacy for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by adjusting your browser to private mode. We also recommend the regular manual deletion of your cookies and of the browser history.

Cookie Declaration

4. Other functions and offers on our website

(1) In addition to use of our website merely for informational purposes, we offer various services that you may use in case of interest. To this end you generally have to provide further personal data that we use in order to provide the relevant services and to which the above-mentioned data-processing principles apply.

(2) In some cases we use external service providers in order to process your data. Such service providers are carefully selected and commissioned by us, they are bound by our directives and undergo regular checks.

(3) We may also forward your personal data to third parties if the conclusion of contracts or similar services are offered by us together with partners. Further information will be available when you provide your personal data or below in the description of the services offered.

(4) Insofar as our service providers or partners have their registered office in a country outside the European Economic Area, we will inform you about the relevant consequences in the description of the services offered.

5. Objection to or revocation of processing of your data

(1) If you have granted your consent to the processing of your data, you may revoke such consent at any time. Revocation affects the lawful processing of your personal data after it has been expressed to us by you.

(2) Insofar as our processing of your personal data is based on a balancing of interests, you may object to such processing. This is the case especially if the processing is not necessary for the fulfilment of a contract with you, which is explained by us individually in the following description of the functions. When submitting such an objection, please state the reasons why we should not process your personal data in the manner in which we did. If your objection is well-founded, we will investigate the situation and will either discontinue or modify the data-processing, or we will present compelling reasons meriting protection, on the basis of which we will continue the processing.

(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You may notify us of the objection raised against use for advertising purposes using the following contact details: DGNB GmbH Tübinger Str. 43, 70178 Stuttgart, email: widerspruch@dgnb.de.

6. Use of blog functions

(1) You can make public comments in our blog, which we use to publish various articles on themes concerning our activities. Your comment will be published next to the article, together with the username you provide. We recommend using a pseudonym instead of your real name. It is necessary to provide your username and an email address; all other information is provided voluntarily. When you publish a comment, we will also store your IP address, which we delete after one week. Storage is necessary so that we can defend ourselves against liability claims in case of the potential publication of unlawful content. We require your email address in order to contact you if a third party complains that your comment is unlawful. The legal basis for this is Art. 6(1)(b) and (f) of the EU General Data Protection Regulation. Comments are not moderated before being published. We reserve the right to delete comments if third parties complain that they are unlawful.

(2) When writing your comment, you can select our email service by ticking the box. This means you will be informed if other users comment on the article. We use the double opt-in procedure for this service, i.e. you will receive an email in response to which you have to confirm that you are the owner of the email address and wish to receive the notifications. You can cancel notifications at any time by activating the link contained in the email. Your personal data, including your email address, the date and time of registration for the service and your IP address will be stored by us until you cancel the notification service.

7. Use of our webshop and our DGNB Navigator

(1) If you wish to order from our webshop as a user, we require personal data from you in order to conclude the contract and process your order. Information required for processing contracts is marked separately, other information is provided voluntarily. The data you provide is forwarded by us to our contractual processors for administering your order and invoicing. The legal basis for this is Art. 6(1)(b) of the EU General Data Protection Regulation.

We may also process the data you provide in order to inform you about other products from our portfolio or to send you emails containing technical information.

Owing to requirements of commercial and tax law we are obliged to store your address, payment and order data for a period of ten (10) years. However, we restrict the processing after two (2) years, i.e. your data will only be used for the purpose of compliance with the statutory obligations.

In order to prevent unauthorised access to your personal data by third parties, the order process is encoded via SSL or equivalent TLS technology.

(2) We also operate the Navigator product database, where manufacturers can enter their products and services in order to inform planners, developers and other interested parties about them. However, the products and services cannot be purchased via the DGNB Navigator. We therefore only bring together purchasers and sellers or principals and contractors. The actual business is conducted outside our sphere of influence. We simply enter into a User Agreement with the user and the manufacturer (see our Terms of Use). Both the user and manufacturer have to register in a two-step process in order to be able to conclude the User Agreement. First name, surname and e-mail address are mandatory information for all users. Manufacturers have to provide their telephone number as well. Any other information is voluntary. You then receive an e-mail to activate your access.

If you do not confirm your application within 24 hours, your registration will be automatically deleted from our database. We store the above-mentioned personal data for the duration of the User Agreement. Users may terminate the User Agreement by deleting their access data (Number 5.1 of the Terms of Use of the DGNB Navigator for Users). Manufacturers may terminate the User Agreement with a notice period of 6 months to the end of each calendar year (Number 6.1 of the Terms of Use of the DGNB Navigator for Manufacturers). The stored personal data of the Users are deleted no later than 30 days after the termination of the User Agreement in full, if there is no legal dispute pending or legal remedies are waived and there is no mandatory storage obligation based on official orders. We are obliged to store the address and contract data for a period of 10 years under commercial and tax law regulations. However, we restrict processing after 2 years, i.e. the data of manufacturers is only used to comply with statutory obligations.

In principle, we will not pass your personal data on to third parties, unless we are given consent to do so in exceptional cases. In accordance with Number 1.10 of the Terms of Use of the DGNB Navigator for Manufacturers the manufacturer agrees to the forwarding of the information concerning DGNB e.V. membership to the information platform of Heinze GmbH.

The legal basis for data-processing is Art. 6(1)(b) and (f) of the EU General Data Protection Regulation. In order to prevent unauthorised access to your personal data by third parties, the connection is encoded via SSL or equivalent TLS technology.

8. Use of our internal portal for members, auditors and consultants

(1) Insofar as you wish to use our portal, you have to register by providing your email address, a self-selected password and your freely selected username. We apply the so-called double opt-in process, i.e. your registration is only completed, if you have filled out the membership application as a first step and this was accepted by the person responsible or you have signed the DGNB Auditor/DGNB Consultant licensing agreement (Lizenzierungsvertrag). The login data for the internal area for members and DGNB Auditors/DGNB Consultants is thereafter stored in the system. You as member or as DGNB Auditor/DGNB Consultant are then sent a link by e-mail together with your login data. You can use this link to log into the system.

(2) When you use our portal we store the data necessary for performance of the contract, including information on the manner of payment, until you permanently cancel your account. We also store the data you provide voluntarily for the period in which you use the portal, unless you delete such data beforehand. You can manage and change any information in the protected member and/or DGNB Auditor/DGNB Consultant area. The legal basis for this is Art. 6(1)(f) of the EU General Data Protection Regulation.

(3)In order to prevent unauthorised access to your personal data by third parties, the connection is encoded via SSL or equivalent TLS technology.

9. Use of the DGNB Auditorenforum

(1) Our auditors' platform “Auditorenforum” is used for networking and the exchange of scientific information between licensed DGNB Auditors and DGNB Consultants as well as external experts. If you would like to participate actively in the Auditorenforum, you have to register by entering your first name and surname as well as your e-mail address, a password you have chosen yourself and your first name and surname as the user name. We apply the so-called double opt-in registration process, i.e. your registration is only completed, if you have confirmed your application via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm your application in this manner, your registration is deleted from our database.

(2) If you log into the Auditorenforum account, we save all information that you post on the forum, i.e. public comments, bulletin board entries, private messages etc., in addition to your login details until you log off, in order to operate the forum, based on Article 6 (1) (f) GDPR.

(3) If you delete your account, your public statements, especially contributions to the forum, remain visible to all readers; however, your account can no longer be called up and is flagged in the forum with a placeholder "[Gelöschter User]" (Deleted user). All other data are deleted.

(4) In order to prevent unauthorised access to your personal data by third parties, the connection is encrypted by SSL or equivalent TLS technology.

10. Participation in online events via "GoToMeeting" and/or "GoToWebinar"

(1) We use the products "GoToMeeting" and "GoToWebinar" for the implementation of certain online events. The products are provided by the company LogMeIn Ireland Limited with its registered office at Bloodstone Building, Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland.

If you would like to register as a participant for an online event via our website, participation in online events requires you to provide us with personal data which we need for the organisation, implementation and follow-up of your participation (legal basis is Article 6(1)(b) EU GDPR).

For online events of the Academy, please register using the registration form on our website. Mandatory fields that must be filled out are specifically marked, the remaining information is voluntary. For online events via “GoToMeeting”, you will receive an access link from us with which you can participate in the online event. It is not necessary to enter any personal data at “GoToMeeting”.

For online events of DGNB e.V., you will be redirected to the “GoToWebinar” website via a link. There you can register as a participant. Mandatory fields that must be filled out are specifically marked, the remaining information is voluntary.

Please note: When calling up the website of "GoToMeeting" or "GoToWebinar", the provider is responsible for data processing. When registering as a participant at “GoToWebinar” the website needs to be called up. However, if you wish to use the applications the websites only need to be called up in order to download the software to use "GoToMeeting" or "GoToWebinar". If you do not want to or cannot use the "GoToMeeting” or “GoToWebinar" application, the basic functions can also be used with a browser version.

(2) When registering via the “GoToWebinar” website, the data from the registration form will be transmitted to LogMeIn. The date and time of registration are also collected. Furthermore, the following meeting meta data is processed when using "GoToMeeting" and "GoToWebinar": topic, description (optional), IP addresses of participants, device/hardware information. In addition, the following data is processed in case meetings are recorded (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

You may have the option of using the chat, question or survey functions during an online event. In this respect, the text entered by you will be processed in order to display and, if necessary, log it during the online event. In order to show videos and play sound, the data from the microphone of your device and from any video camera of the device is processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "GoToMeeting" applications.

If we plan to record online events, we will inform you in advance and - if necessary - ask for your consent. For the purposes of recording and follow-up of online events, the questions asked by participants may also be processed.

(3) We will store the personal data processed by us for as long as is necessary for the respective purpose - in particular for holding the online event - in compliance with the statutory retention periods (e.g. ten years for tax-relevant documents or six years for other business letters in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and Fiscal Code (Abgabenordnung, AO) (Article 6(1)(c) EU GDPR). It is possible to store data longer than the statutory retention periods if you have given your consent in accordance with Article 6(1)(a) EU GDPR or the purpose of the data processing has not yet ceased to apply.

(4) “GoToMeeting“ and “GoToWebinar“ are services of LogMeIn Ireland Limited (Bloodstone Building Block C 70 Sir John Rogerson’s Quay Dublin 2, Ireland), which is a subsidiary of LogMeIn Inc (Log-MeIn, 320 Summer Street, Boston, MA 02210, USA). This means that personal data is also processed in a third country. We have entered into a commissioned data processing agreement and have agreed on standard EU contract clauses with LogMeIn.

For more information about data privacy at LogMeIn, please visit www.logmeininc.com/legal/privacy and www.logmeininc.com/gdpr/gdpr-compliance

11. Participation in online events via the Vystem platform

(1) We use the online service "Vystem Platform" as digital support for certain online events. The provider of the "Vystem Platform" is Isardigital GmbH, Bahnhofstraße 5 83646 Bad Tölz.

The link to the privacy Policy for the "Vystem Platform" can be found here: https://vystem.io/datenschutz/ 

(2) If you would like to register for an online event that takes place via the "Vystem platform", it is necessary for participation that you create an account on the platform and provide your personal data, which we need for the organisation, implementation and post-processing of your participation (the legal basis is Art. 6 para. 1 b GDPR). Necessary mandatory information is marked separately, further information is voluntary. If you register via our website, you will receive a link to the "Vystem Platform" by e-mail in order to be able to register as a participant on the "Vystem Platform" and create an account – or as soon as registration is possible directly via the "Vystem Platform" our website will link directly to the "Vystem Platform".

When registering via the "Vystem Platform", we conclude a contract with you as a participant (see our Terms and Conditions). To be able to conclude the contract, you need to register in a two-stage procedure. First and last name, e-mail address, telephone number, company and job title / position are mandatory, further information is voluntary. You will then receive an e-mail to activate your access. If your confirmation in this regard is not received within 24 hours, your registration will be automatically deleted from our database.

(3) The following data is processed via the "Vystem Platform": personal data specified in the previous paragraph as well as login data (subscriber number), usage data (in particular access times) and device / hardware information, IP address. The processing of this data takes place exclusively for the provision and use of the "Vystem platform". You have the opportunity to use the chat functions during an event via the "Vystem platform". In this respect, the text entries you have made will be processed in order to display and log them. You have the option to use the video or audio functions in addition to the chat functions. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from a possible video camera of the terminal device are processed accordingly during the duration of the event. You can turn off or mute the camera or microphone yourself at any time.

(4) The personal data processed by us will be stored by us for the duration of the contract. You can terminate the contract by deleting your access data. The account including your login data and your details that you have entered independently will remain stored on the "Vystem platform" until you deregister your account. No later than 30 days after the complete termination of the contract, your stored personal data will be deleted, provided that no legal dispute threatens or a waiver of legal remedies has been declared and there is no mandatory storage obligation based on official orders and provided that no statutory retention periods (e.g. according to the Commercial Code and the Tax Code ten years for tax-relevant documents or six years for other business letters) are required (Art. 6 para. 1 clause 1 lit. c GDPR). Storage beyond the statutory retention periods is possible if you are informed in accordance with Art. 6 para. 1 clause 1 lit. a GDPR have consented or the purpose of the data processing has not yet ceased.

(5) We will store the personal data processed by us for as long as is necessary for the respective purpose - in particular for holding the event Tag der Nachhaltigkeit - in compliance with the statutory retention periods (e.g. ten years for tax-relevant documents or six years for other business letters in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and Fiscal Code (Abgabenordnung, AO) (Article 6(1)(c) EU GDPR). It is possible to store data longer than the statutory retention periods if you have given your consent in accordance with Article 6(1)(a) EU GDPR or the purpose of the data processing has not yet ceased to apply.

(6) We are legally obliged to take minutes of the General Assembly, in particular to notify the Amtsgericht Stuttgart of any changes to the articles of bylaws. If you report to the virtual General Assembly via chat, your name and member company as well as what you have written will be recorded in the minutes. After the virtual General Assembly, the minutes will be made available to the members and submitted to the Amtsgericht Stuttgart, where they will be stored. The legal basis is Art. 6(1)(c) EU GDPR (legal obligation).

12. Newsletter

(1) By granting your consent, you can subscribe to our newsletter in which we inform you about our current products and offers. Archived editions of the newsletter can be found on our website. The contents advertised are indicated in the declaration of consent.

(2) We use the so-called double opt-in procedure for registering for our newsletter. This means that after you have registered we will send an email to the address indicated, in which we request confirmation that you wish to receive the newsletter. Your information will be blocked and deleted automatically unless you confirm your registration within 24 hours. We also store the IP address you use and the date and time of registration and confirmation. The object of this procedure is to enable us to present proof of your registration and, if appropriate, to clarify any potential misuse of your personal data.

(3) The only obligatory information to be provided for receipt of the newsletter is your email address. The provision of additional, separately indicated data is voluntary and is used in order to contact you personally. After you have provided confirmation we will store your email address in order to send the newsletter. The legal basis for this is Art. 6(1)(a) of the EU General Data Protection Regulation.

(4) You can revoke your consent to receipt of the newsletter and cancel your subscription at any time. You can revoke your consent by clicking on the link shown in every newsletter email, by completing this form on the website, by sending an email to widerspruch@dgnb.de, or by dispatching notification to the contact address indicated in the legal notice.

13. Use of Matomo (formerly Piwik)

(1) This website uses the web analysis service Matomo in order to analyse and improve the use of our website at regular intervals. The statistics obtained help us to improve our products and make them more interesting to you as the user. The legal basis for the use of Matomo is Art. 6 (1)(f) of the EU General Data Protection Regulation.

(2) Cookies are stored on your computer for analysis purposes (see further details under 3 above). The information thus collected is stored by the controller solely on a server located in Germany. The analysis can be stopped by deleting existing cookies and by preventing the storage of cookies. We would like to point out that if you prevent the storage of cookies, you might not be able to use all features of this website. You can prevent the storage of cookies by changing the settings of your browser. It is possible to prevent the use of Matomo by making the appropriate selection during the cookie request (for more details see Point 3 (3) d)).

 (3) This website uses Matomo with the AnonymizeIP add-on. This means that IP addresses are processed in abbreviated form, thus excluding direct attribution to a specific person. The IP address communicated by your browser using Matomo is not combined with other data collected by us.

(4) Matomo is an open source project program. Information from the third-party provider on data privacy is available at http://matomo.org/privacy/policy.

14. Incorporation of YouTube videos

(1) We have integrated YouTube videos into our online product, which are stored at https://www.YouTube.com and can be viewed directly from our website. The videos are all integrated using “extended data privacy modus”, i.e. data about you as a user will only be transferred to YouTube if you view the videos. Only when you view the videos will the data mentioned in para. 2 be transferred. We have no influence over this transfer of data.

(2) When you visit the website, YouTube is informed that you have visited the relevant subpage of our website. In addition, the data mentioned under 3 of this Policy is communicated. This does not depend on whether or not YouTube makes a user account available, via which you are logged-in. If you are logged in at Google your data will be directly attributed to your account. If you do not want attribution to your profile by YouTube, you have to log out before activating the button. YouTube stores your data as a user profile and uses it for advertising and market research purposes and/or to design its website based on user preferences. Such an analysis is conducted especially (even for unlogged users) in order to present advertising based on user preferences and in order to inform other users of the social network about your activities on our website. You are entitled to object to the compilation of such user profiles, and to do so you have to contact YouTube.

(3) Further information on the purpose and scope of data collection and its processing by YouTube is available in the data privacy declaration. This also contains further information regarding your rights and settings options in this respect in order to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the US.

(4) International data processing by Google. Since 12 August 2020, Google intends to convert its data processing in the US to EU standard contract clauses in accordance with Art. 46(2)(c) EU GDPR and to adapt data processing contracts.

Until the final implementation, the legal basis for data processing in the USA is your consent in accordance with Article 49 (1) (a) EU GDPR.

Dear Partner,

As a result of the recent Court of Justice of the European Union ruling on data transfers, invalidating the Privacy Shield, Google will be moving to Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the Europe Economic Area, Switzerland and the UK.

We will therefore be updating our existing Google Ads Data Processing TermsGoogle Ads Controller-Controller Data Protection Terms and Google Measurement Controller-Controller Data Protection Terms to add the relevant SCCs as adopted by the European Commission.

We are making these updates solely to address GDPR compliance. The updates do not give Google additional rights over data. If the Google Ads Data Processing Terms or Google Ads Controller-Controller Data Protection Terms are already part of your contract (or if you have separately accepted the Google Measurement Controller-Controller Data Protection Terms where available), the updates will apply from August 12, 2020.

For more information, please see this article that we will continue to update or (if applicable) speak to your Google representative.

Thanks,

The Google Team

https://privacy.google.com/businesses/compliance/#!#gdpr 

15. Incorporation of OpenStreetMap

(1) This website has an incorporated map showing the location of our association and our institutions. The map uses data from OpenStreetMap, a free project with the aim of collecting freely utilisable geo-data and making it available in a database for general use (open data). In order to display the map to you, information about use of the website including your IP address is communicated to OpenStreetMap. These services are operated by OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, on behalf of the OSM community.

(2) In order to display the map for you, information about use of the OSM services is communicated to OpenStreetMap. In addition, a so-called session cookie is stored on the visitor’s computer. Details can be found in the section on Cookies. Information on how OpenStreetMap stores your data can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy

Product search

Use the intelligent search function and receive detailed product information as a registered user


Product Group

Any

Product Category

Any

Manufacturer

Any

 

 

CONTACT

 

Navigator Customer Service

 

Phone: +49.711.72 23 22-11

 

navigator@dgnb.de