Privacy Policy
1. Data protection
If you use this website, various pieces of personal data will be collected. Personal information is any data which personally identifies you. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose the data is used.
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
2. Party providing the website and responsible for data processing
The party responsible for processing data on this website is:
Andreas Feige, Dr. Norbert Schmitz
ISCC System GmbH
Hohenzollernring 72
D-50672 Koeln
Germany
Telephone: +49-221-50802010
https://www.iscc-system.org/contact/
If you have any questions about how we process your personal data, or if you wish to exercise your rights under the GDPR (such as access, rectification, erasure, restriction, or data portability), you may contact our officially designated Data Protection Officer:
Moritz von Gernet
ISCC System GmbH
Email: privacy@iscc-system.org
We will handle your inquiry in accordance with applicable data protection laws and respond within the legally required timeframes.
3. SSL or TLS encryption
This site uses SSL or TLS encryption to encrypt the data send and received by us.
You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
4. Your rights
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to our data processing is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-999
e-mail: poststelle@ldi.nrw.de
Right to data portability
You have the right to receive automatic process data when the process is based on your consent or in fulfillment of a contract in a machine-readable format. You may also request to transfer this data to a third party. If you request the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Information, blocking, deletion
You have the right to receive information about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed.
In regards of your personal data you also have the right of rectification, erasure or restriction of processing.
Right to withdraw consent
If we process your personal data based on your consent you have the right to withdraw your consent at any time.
5. Data collection on our website
Cookies
Our website uses cookies. Cookies do not harm your computer; cookies are small text files that are stored on your computer, they contain information about a website (e.g. login information). Cookies help make our website more user-friendly, efficient, and secure.
The lifetime of a cookie depends on its use. Some cookies are deleted after you close a website (session cookies”) other cookies are kept even if you close your browser (“persistent cookies”). Most browsers have a way to show the lifetime of a cookie.
We differentiate between cookies necessary to provide the basic functionality of our website (necessary cookies) and other cookies which add additional features to our website (additional cookies).
Necessary cookies are used based on our legitimate interest to provide you with a functional website pursuant to Art. 6 (1) (f) GDPR.
If we use additional cookies, we ask for your consent.
Server log files
We automatically collect and store information that your browser automatically transmits to us in “server log files”.
These are:
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address
These data will not be combined with data from other sources.
The basis for data processing is our legitimate interest to provide you with a functional website pursuant to Art. 6 (1) (f) GDPR.
Contact form
If you send us questions via the contact form, we will collect the data entered on the form, including the contact details provided. We do so to answer your question and any follow-up questions. We do not share this information without your permission.
You may revoke your consent for further processing at any time by sending us an informal e-mail.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
If your message contained relevant information regarding certifications we save your message to document the information provided. This is also our legitimate interest to store your data pursuant to Art. 6 (1) (f) GDPR.
Tools and Services
Our website uses tools and services provided by Google. These services are provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and their parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
YouTube
Our website uses services from YouTube, which is operated by Google. We use YouTube to embed videos into our website.
If you click on one of the video-overlays to start a YouTube service on one of our pages, a connection to the YouTube servers is established. To establish this connection personal information (e.g. Your IP address) is transferred to YouTube.If you’re logged in to your YouTube account, YouTube can link this connection to your account and personal profile. You can prevent this by logging out of your YouTube account.
Before we load YouTube services, we show you a dialogue asking for your consent.
We store your choice until you close our website. You can withdraw your consent at any time by closing and opening our website.
Further information about YouTube processing of your personal data can be found in Googles privacy policy (https://policies.google.com/privacy).
6. Whistleblower information
On our website, we provide a portal through which you can submit information on suspected cases and irregularities – anonymously if you wish. We use a tool from Hintbox for this purpose. Hintbox is operated by lawcode GmbH. For further information about Hintbox can be found in Hintbox’s privacy policy (https://www.hintbox.eu/en/privacy-statement/).
If your message contained information that need to be investigated we save your message to document the information provided. This is also our legitimate interest to store your data pursuant to Art. 6 (1) (f) GDPR.
7. Newsletter
We provide you with a newsletter that you can subscribe to on our website.
To manage and send the newsletter we use Mailchimp, a newsletter management tool, from The Rocket Science Group LCC, 675 Ponce De Leon Ave NE, Atlanta, Georgia 30308, USA (hereinafter “The Rocket Science Group”). We concluded a data processing agreement with The Rocket Science Group pursuant to Art. 28 GDPR, which obliges the provider to process the data only in accordance with our explicit instructions and to comply with data protection.
To subscribe to our newsletter, you must enter your e-mail address in the field provided and state your first name and surname. You will then receive an e-mail at the e-mail address you provided with a confirmation link. If you click on this link, we will store your e-mail address and the other data you have provided (double-opt-in). In addition, we store your IP address and the time of registration for the newsletter as well as the time of confirmation.
Furthermore, we use different techniques to analyze the behavior of newsletter recipients. Among other things, we can find out how many recipients have opened the newsletter and how often various links contained are clicked. With the help of conversion tracking, we can also analyze whether a predefined action takes place after clicking on the link in the newsletter. This helps us to understand the extent to which the newsletter is suitable as a marketing tool and what we can improve if necessary.
The processing of your name and email address is based on your consent in accordance with Art. 6 (1) (a) GDPR, which you give us by clicking on the confirmation link. You can revoke your consent at any time with effect for the future by clicking the unsubscribe button contained in each newsletter e-mail sent to you.
For the processing of you IP address and the times of registration and confirmation, Art. 6 (1) (f) GDPR serves as the legal basis. We require this data to prove your registration and to clarify any personal misuse of your data.
The transfer of your personal data to the US is carried out in accordance with Art. 45 GDPR on the basis of the adequacy decision issued for the US, by which the EU Commission has established a level of data protection in the US that is comparable to that in the EU. The Rocket Science Group has certified itself for the EU-US Data Privacy Framework on which the adequacy decision is based (see https://www.dataprivacyframework.gov /s/participant-search).
Your personal data will be stored for as long as you are subscribed to the newsletter. In the event of your revocation, we will delete your data, unless we are obliged or entitled to further processing for other legal reasons. This may be the case, for example, if disputes arise regarding your consent and we require the data for the defense of legal claims.
8. Data collection ISCC account
During account creation we collect your name, e-mail address and the company you represent. We do so to provide you with an account and fulfill our contractual obligation pursuant to Art. 6 (1) (b) GDPR.
If you create registrations or certificates or change existing data of registrations or certificates, we save the time the changes were submitted and your name. This information is stored shown to us and other persons part of your organization. We do so to ensure compliance with our certification and fulfill our contractual obligation pursuant to Art. 6 (1) (b) GDPR.
If you are a contact person for an organization we process your name and contact information as entered in the ISCC account. Your contact information is shown within the organizations overview.