(As of: 22/02/2021)
Thank you for visiting the Mercator Institute for China Studies website (MERICS) and thank you for your interest. We (hereinafter: "MERICS", "we") take the protection of your personal data very importantly. But what does that mean in concrete terms?
Below, we provide you with an insight into what personal information we collect from you and how we process it. Furthermore, you will receive an overview of your rights under applicable data protection law. In addition, we will provide you with the appropriate contact data if you have any further questions.
2. WHO ARE WE?
The Mercator Institute for China Studies (MERICS), founded in 2013 and headquartered in Berlin, is one of the largest institutes of contemporary and practice-oriented China research worldwide. MERICS is an initiative of Stiftung Mercator.
As the responsible party for this data protection policy, we
Mercator Institute for China Studies (MERICS) gGbmH
Telephone: +49 30 3440 999-0
take all measures required under applicable data protection law to ensure the protection of your personal data.
If you have any questions about the data processing in our company and the exercise of your rights, you can also contact our data protection officer free of charge.
2B Advice GmbH
Mr. Laurent Dechâtre
Joseph Schumpeter Allee 25
53227 Bonn, Germany firstname.lastname@example.org
Tel: +49 (228) 926165 120
3. DATA PROTECTION POLICY SCOPE OF APPLICATION
The processing of personal data is defined by the legislator as activities, such as the gathering, collection, organization, sorting, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
Personal data is all information relating to an identified or identifiable natural person.
This data protection declaration concerns the personal data of interested parties, applicants or visitors.
4. WHAT PERSONAL DATA DO WE PROCESS?
Your personal data will be collected by us if you contact us, for example, as an interested party or visitor. This can be done, for example, by being interested in our offer, by registering for our newsletter, by contacting us via our communication channels or by applying for a position.
The following types of personal data are processed by us:
- Information for personal identification
- e.g., first and last name, address data, e-mail address, telephone number, fax number
- Job data
- e.g., billing data
- Company-related data
- e.g., company name, department, occupation
- Data about your online behavior
- e.g., IP addresses, data on your visits to our website, actions carried out on our websites, place of access
- Information about your interests, wishes or feedback that you share with us
- e.g., via our e-mail addresses
- Information about your professional career
- e.g., vocational training, previous employers, other qualifications
and other information comparable to these data categories.
4.1 SENSITIVE DATA
Sensitive data, namely special categories of personal data such as information regarding health, political opinions, religious or trade union membership, is not collected in this way.
4.2 PERSONAL DATA OF MINORS
Our offers are generally not for minors. As far as we can possibly recognize, if personal data of minors provided without the consent of legal guardians is processed, it is immediately deleted.
Cookies are files that are placed on your computer by our website upon visiting the site. These files store information that makes your use of this site more efficient.
We use Google Analytics as a web analysis service to analyze usage behavior on our website.
Google Analytics is a web analysis service of Google Inc., (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This includes the use of the “Universal Analytics” operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thus analyzing the activities of a user across devices.
Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The IP address of the user is immediately shortened during this process, so that the identification of the user through the IP address is no longer possible. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to the website and internet use. We also have a legitimate interest in data processing for the above purposes. The legal basis for the use of Google Analytics is Art. 6 para. 1 letter a GDPR. The data sent by us and linked with cookies, user identification (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data for which the retention period has been reached is automatically deleted once a month.
You can opt-out from Google Analytics tracking of your visit to this website by clicking on this link.
For more information about terms of service and privacy, visit https://www.google.com/analytics/terms/en.html.
For more information on how Google uses information, visit https://policies.google.com/technologies/partner-sites?hl=en.
4.4. Use of Webfonts
For the consistent presentation of fonts on our website we use so-called web fonts, which are provided by Monotype GmbH, Spichernstraße 2, 10777 Berlin, Germany.
Monotype’s webfont services are compliant with the GDPR. This is also applies to the tracking of website visits. With regards to the processing of data Fontshop (as controller) relies on Art. 6 para. 1 lit. f of the GDPR, i.e. a legitimate interest for a short term processing of the IP to enable the counting of page views and prevent the misuse of its counter. All log files are deleted and personal data are no longer processed after 30 days.
If your browser does not support web fonts, a default font will be used by your computer.
5. WHAT DO WE USE TO PROCESS YOUR PERSONAL DATA, AND ON WHAT LEGAL BASIS?
5.1 CONTRACT PERFORMANCE
We process your data in order to fulfill our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purposes of the data processing depend on the particular request and can also be used to analyze your needs and to check which offers are suitable for you.
5.1.1 EXECUTION OF THE CONTRACTUAL RELATIONSHIP
For the execution of the contract we need your name, your address, your telephone number or your e-mail address so that we can contact you.
5.1.2 OFFERING OF FREE EVENTS
We also need your personal data for invitation and participant management.
5.1.3 IMPLEMENTATION OF THE APPLICATION PROCESS
We process your data, which you have sent to us as part of your application, to check whether your professional qualifications are suitable for the advertised position. We only use your information for the application process and transfer it to your personal file when the contract is concluded. If no agreement is reached, your information will be deleted or destroyed. We will use your applicant information for no other purpose than to conduct the application process.
This website uses CleverReach to send newsletters and other publications. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. We have entered into an agreement with CleverReach for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using CleverReach. CleverReach is a service which organizes and analyzes the distribution of newsletters. The data you provide (e.g. your email address) to subscribe to our newsletter will be stored on CleverReach servers in Germany and Ireland.
Sending our newsletters and publications with CleverReach enables us to analyze the behavior of newsletter recipients. Among other things, we can find out how many recipients have opened the email containing the newsletter and how often various links contained therein are clicked. The data is displayed anonymously in the reports and analyzes. In addition, the IP addresses are shortened during the collection and processing and thus displayed anonymously. For more information on how data is analyzed by CleverReach, please visit www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
If you do not want your usage of the newsletter to be analyzed by CleverReach, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. Alternatively, you can also send your unsubscribe request to email@example.com by e-mail.
To integrate different databases and web tools we use Zapier. We have concluded an data processing agreement with Zapier Inc. This agreement also includes the standard contractual clauses adopted by the EU Commission to ensure the level of data protection for the transfer of data to countries outside the EU and the European Economic Area.
Zapier is a service of Zapier Inc., 548 Market St#62411, San Francisco, California 94104, USA. You can access the privacy statement of Zapier at: https://zapier.com/privacy/.
5.3 WEB SEMINARS
You can sign up to our newsletter on our website. MERICS both informs newsletter subscribers about upcoming web seminars and sends personal web seminar invitations. A number of our web seminars are recorded and can be viewed on the MERICS homepage.
The web seminar recordings are played through YouTube and are stored at https://www.YouTube.com. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
By using the standard contractual clauses adopted by the EU Commission, Google, and thus its subsidiary YouTube, guarantees that the EU's data protection guidelines are also observed when processing data in countries outside the EU and the European Economic Area (https://policies.google.com/privacy/frameworks)
The recordings of our web seminars are all embedded in an "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. When you play the videos, YouTube will collect and process your IP address, the date and time, and the website you visit. In doing so, a link to the advertising network "DoubleClick" belonging to Google, will be established. We have no influence over this data transfer.
This happens regardless of whether you are logged in to your YouTube user or not. If you are logged in, your data will be assigned directly to your account. If you do not want any trace that could link your activities to your YouTube profile, you must log out before watching the video and delete your cookies and browser history manually before logging in again. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (even for users who are not logged in) to provide advertising that is tailored to the users' needs and to inform other users of the social network about your activities on our website. You have a right to object the creation of these user profiles, you must, however, contact YouTube to exercise this right.
By registering for a MERICS web seminar you agree to use the services used for the web seminar and to the recording of the web seminar. During a web seminar, your name is only visible to other participants if you ask a question. If you do ask a question during the web seminar, your name will be displayed either in the written Q&A field or, when unmuted, on the main screen.
Any data submitted to us as part of an online registration for web seminar events will be used by us exclusively to process your registration. The list of participants will not be transferred to third parties.
Used services and service providers:
- Zoom: Zoom is a service of Zoom Video Communications, Inc., San Jose, USA. Website: www.zoom.us/; Privacy statement: zoom.us/privacy, Safety information: zoom.us/security
- WebEx: Cisco WebEx: Conference software; Service provider: Webex Communications Deutschland GmbH, Hansaallee 249, c/o Cisco Systems GmbH, 40549 Düsseldorf, Parent company: Cisco Systems, Inc. 170 West Tasman Dr., San Jose, CA 95134, USA; Website: www.webex.com; Privacy statement: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
- Teams: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Privacy statement: https://privacy.microsoft.com/en-gb/privacystatement
5.4 MEASURES THAT ENSURE YOUR SAFETY
We use your personal information in the following cases:
- To ensure IT security;
- In order to be able to record and prove facts in case of possible legal disputes.
5.5 DUE TO YOUR CONSENT
If you have consented to the processing of your personal data for one or more specific purposes, we may process your data. You may revoke this consent for the future at any time without incurring any costs other than the base rate transmission costs (the cost of your internet connection). However, the revocation of consent does not affect the legality of the processing carried out until the revocation.
5.6 DUE TO LEGAL REQUIREMENTS OR IN THE PUBLIC INTEREST
As a company, we are subject to a wide variety of legal requirements (for example, those related to tax legislation). In order to comply with our legal obligations, we process your personal data to the extent necessary.
6. WHERE WE TRANSFER DATA AND WHY
6.1 DATA USAGE WITHIN MERICS
Within MERICS, only the entities, that need access to your personal data in order to fulfill our contractual or legal obligations, or in order to protect our legitimate interests, are granted access.
6.2 DATA USAGE OUTSIDE OF MERICS
We respect the privacy of your personal information and will only share information about you if required by law, if you have consented, or to fulfill contractual obligations.
For example, the following recipients may be subject to a legal obligation to disclose your personal information:
- Public authorities or supervisory authorities, e.g., tax authorities, customs authorities;
- Judicial and law enforcement authorities, e.g., police, courts, public prosecutors;
- Lawyers or notaries, e.g., in litigation;
In order to fulfill our contractual obligations, we cooperate with other companies. This includes:
- Transport service providers and freight forwarders;
- Banks and financial service providers to handle all financial matters.
Our own service providers
In order to make our operations efficient, we use the services of external service providers, who may receive personal data from you for the purposes described, including IT and web service providers, printing and telecommunications service providers, financial accountants, travel agencies, consulting or sales companies.
Important: We pay close attention to your personal data!
In order to ensure that the service providers comply with the same data protection standards as those applied within our company, we have concluded appropriate contracts for order processing. These contracts ensure, among others:
- that third parties only have access to the data they need to carry out the tasks assigned to them;
- that the service providers only grant access to your data to employees who have explicitly committed themselves to compliance with data protection regulations;
- that the service providers comply with technical and organizational measures that ensure data security and data protection;
- what happens to the data once the business relationship between the service provider and us is terminated.
For service providers located outside the European Economic Area (EEA), we take special security measures (e.g., through the use of special contract clauses) to ensure that the data is treated with the same degree of prudence as in the EEA. We regularly check all our service providers for compliance with our specifications.
Very important: In no case do we sell your personal data to third parties!
7. ARE YOU REQUIRED TO PROVIDE US WITH PERSONAL INFORMATION?
We require the following categories of personal information in the context of the business relationship between you and us:
- all necessary data for the establishment and execution of a business relationship;
- data required to fulfill contractual obligations;
- data that we are legally obliged to collect.
Without this data it is not possible for us to enter into or execute contracts with you.
8. DELETION PERIODS
In accordance with the applicable data protection regulations, we do not store your personal data longer than we need it for the purposes of the respective processing. If the data is no longer required for the fulfillment of contractual or legal obligations, we will regularly delete it, unless its temporary storage is still necessary. The following reasons may exist for further storage:
- Obligations under commercial and tax law to retain data must be observed: The periods for storage are up to 10 years, primarily in accordance with the provisions of the German Commercial Code and the Tax Code.
- To obtain evidence in the event of legal disputes within the framework of the statutory limitation provisions: In civil law, limitation periods can be up to 30 years, with regular limitation periods occurring after three years.
9. YOUR RIGHTS
You also have certain rights within the scope of processing your personal data. More detailed information can be found in the corresponding provisions of the General Data Protection Regulation (Articles 15 to 21).
9.1 RIGHT TO INFORMATION AND CORRECTION
You have the right to obtain information from us as to which of your personal data we process. If this information is not (no longer) correct, you can ask us to correct the data, or, if it is incomplete, to complete it. If we have passed on your data to third parties, we will inform the relevant third parties in the event of a corresponding legal situation.
9.2 RIGHT TO DELETION
You can request the immediate deletion of your personal data under the following circumstances:
- If your personal information is no longer needed for the purposes for which it was collected;
- If you have revoked your consent and there is no other legal basis for data processing;
- If you object to the processing and there are no overriding legitimate reasons for data processing;
- If your data is processed unlawfully;
- If your personal data must be deleted in order to comply with legal obligations.
Please note that before deleting your data we must check whether there is a legitimate reason for processing your personal data.
9.3 RIGHT TO LIMITATION OF PROCESSING ("RIGHT TO BLOCK")
You may request us to limit the processing of your personal data for one of the following reasons:
- If you deny the accuracy of the data, up until we have had the opportunity to verify the accuracy of the data;
- If the data is processed unlawfully, but instead of deletion, you only require the limitation of the use of personal data;
- If we no longer need your personal information for the purposes of processing, but you still need it to assert, exercise or defend your rights;
- If you have objected to the processing and it is not yet clear whether your legitimate interests outweigh ours.
9.4 RIGHT OF OBJECTION
9.4.1 INDIVIDUAL CASE-RELATED RIGHT TO OBJECTION
If the processing is in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons that arise from your particular situation. In the event of an objection, we will not process your personal data further, unless we can prove compelling grounds for protection for processing your data, which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection does not preclude the lawfulness of the processing up to the time of the objection.
9.4.2 ADVERTISING CONFLICT
In cases where your personal data is used for advertising purposes, you can object to this form of processing at any time. We will then no longer process your personal data for these purposes.
The objection can be made form-free and should be addressed to:
Mercator Institute for China Studies (MERICS) gGmbH
Telephone: +49 30 3440 999-0
9.4.3 RIGHT TO DATA PORTABILITY
You have the right to receive personally identifiable information you have provided us with for processing upon request in a portable and machine-readable format.
9.4.4 RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY (ARTICLE 77 GDPR)
We try to process your requests and claims as quickly as possible in order to protect your rights accordingly. However, depending on the frequency of inquiries, it may take up to 30 days before we can inform you about your request. If it should take longer, we will inform you promptly of the reasons for the delay and discuss the further procedure with you.
In certain cases, we may not or cannot give you any information. If legally permissible, we will inform you of the reason for the refusal of the information.
However, if you are not satisfied with our responses and reactions or believe that we are violating applicable data protection laws, you are free to file a complaint with both our Data Protection Officer and the appropriate supervisory authority. The supervisory authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Tel.: +49 30 13889-0
Fax: +49 30 2155050
This data protection policy is valid as of 15/06/2020. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration.