Thank you for visiting the Mercator Institute for China Studies website (MERICS) and thank you for your interest. We (hereinafter: "MERICS", "we") take the protection of your personal data very importantly. But what does that mean in concrete terms?
Below, we provide you with an insight into what personal information we collect from you and how we process it. Furthermore, you will receive an overview of your rights under applicable data protection law. In addition, we will provide you with the appropriate contact data if you have any further questions.
2. WHO ARE WE?
The Mercator Institute for China Studies (MERICS), founded in 2013 and headquartered in Berlin, is one of the largest institutes of contemporary and practice-oriented China research worldwide. MERICS is an initiative of Stiftung Mercator.
As the responsible party for this data protection policy, we
Mercator Institute for China Studies (MERICS) gGbmH
Alte Jakobstrasse 85-86
E-mail: [email protected]
Telephone: +49 30 3440 999-0
take all measures required under applicable data protection law to ensure the protection of your personal data.
If you have any questions about the data processing in our company and the exercise of your rights, you can also contact our data protection officer free of charge.
2B Advice GmbH
Joseph Schumpeter Allee 25
53227 Bonn, Germany [email protected]
Tel: +49 (228) 926165 120
3. DATA PROTECTION POLICY SCOPE OF APPLICATION
The processing of personal data is defined by the legislator as activities, such as the gathering, collection, organization, sorting, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
Personal data is all information relating to an identified or identifiable natural person.
This data protection declaration concerns the personal data of interested parties, applicants or visitors.
This data protection declaration applies to our website www.merics.org.
4. WHAT PERSONAL DATA DO WE PROCESS?
Your personal data will be collected by us on this website only to the necessary extent. Depending on the purpose of the processing, the data we collect varies. When you call up our website, for example, your browser transmits certain information (such as IP addresses and user names) to our web server for technical reasons in order to provide you with the information you have called up. Furthermore, your personal data (e.g. first and last name, address data, e-mail address, telephone number) are collected by us, if you contact us, for example, as an interested party or visitor. This can be done, for example, by being interested in our offer, by registering for our newsletter, by contacting us via our communication channels or by applying for a position.
Furthermore, for example the following types of personal data are processed by us:
- Job data
- e.g., billing data
- Company-related data
- e.g., company name, department, occupation
- Information about your interests, wishes or feedback that you share with us
- e.g., via our e-mail addresses
- Information about your professional career
- e.g., vocational training, previous employers, other qualifications
4.1 SENSITIVE DATA
Sensitive data, namely special categories of personal data such as information regarding health, political opinions, religious or trade union membership, is not collected in this way.
4.2 PERSONAL DATA OF MINORS
Our offers are generally not for minors. As far as we can possibly recognize, if personal data of minors provided without the consent of legal guardians is processed, it is immediately deleted.
Cookies are files that are placed on your computer by our website upon visiting the site. These files store information that makes your use of this site more efficient.
Apart from the cookies that are absolutely necessary for the operation of the site, cookies are only used with your prior consent.
Overview of used cookies
If "Accept all" is selected, the following cookies will be stored:
If "Functional cookies only" is selected, the following cookies will be stored:
Use of Google Analytics
We use Google Analytics as a web analysis service to analyze usage behavior on our website.
Google Analytics is a web analysis service of Google Inc., (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This includes the use of the “Google Analytics 4” operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thus analyzing the activities of a user across devices.
Google Analytics uses "cookies", to help the website analyze how users use the site. The legal basis for the use of Google Analytics is Art. 6 (1) (a) GDPR, namely your consent. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month. Please note, that you have the right to revoke your consent at any time for the future. However, the lawfulness of any processing activities up to the point of revocation will remain unaffected.
The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The IP address of the user is immediately shortened during this process, so that the identification of the user through the IP address is no longer possible. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to the website and internet use.
The legal base for the transfer of personal data to the USA is the adequacy decision from the European Commission adopted on July 10th 2023 and available under: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. On the basis of the adequacy decision, personal data can be transferred safely from the EU to US companies participating in the EU-US Data Privacy Framework. Google Inc. joined the EU-US Data Privacy Framework and committed to comply with a set a Data Privacy Principles, available in Annex 1 of the Adequacy Decision. The list of companies having joined the program is available under https://www.dataprivacyframework.gov/s/participant-search.
For more information about terms of service and privacy, visit https://www.google.com/analytics/terms/en.html.
For more information on how Google uses information, visit https://policies.google.com/technologies/partner-sites?hl=en.
4.4. Use of Webfonts
For the consistent presentation of fonts on our website we use so-called web fonts, which are provided by Monotype GmbH, Spichernstraße 2, 10777 Berlin, Germany. The data processing that takes place through the use of Google Web Fonts is based on our legitimate interest (Art. 6 para. 1 letter a DPRO) in being able to offer a fully functional website.
Monotype’s webfont services are compliant with the GDPR. This is also applies to the tracking of website visits. FontShop briefly processes the IP address to enable counting and prevent misuse of your counter. All log files are deleted and personal data are no longer processed after 30 days.
If your browser does not support web fonts, a default font will be used by your computer.
4.5 Web analysis tool 'Webalizer'
To ensure optimized access to our website, we use the web analysis service “Webalizer” which provides us with a statistical evaluation of the accesses to our website. Via our web server, Webalizer checks your device connection data and produces detailed log files containing the number of calls of each page, file and page requests and the number of visits etc.
Any collected data from users are anonymized by shortening user’s IP addresses. Therefore, it is not possible to assign data to individual users nor are they or any personal data combined with other data sources. We do not forward any data to third parties. All collected data is anonymized and stored securely to compare website accesses over time.
Access evaluations are carried out based on Art. 6 Para. 1(f) of the data protection regulation (GDPR). The statistics of the web analytics software enable us to continuously optimize our website based on user demands. These interests are to be regarded as legitimate under the previously mentioned GDPR article. You can, however, object to the processing of your data based on this interest by contacting us via the options listed below.
4.6 Services of Adobe Sign
We use Adobe Sign by Adobe Systems Software Ireland Limited, located at 4-6 Riverwalk, City West Business Campus, Saggart D24, Dublin, Ireland ("Adobe") to digitally sign contracts and documents.
We have entered into an order processing agreement with Adobe Systems Software Ireland Limited. The legal basis of the data processing is Art. 6 (1) lit. b and f DSGVO. All data processed by Adobe is stored on servers within the EU.
For more information on data processing by Adobe in the context of Adobe Sign, please see the following link: Adobe Privacy Center.
4.7 Use of Microsoft Dynamics
Microsoft Dynamics Marketing is our central database solution for storing and processing personal data. When you sign up through forms on our website, such as for newsletters or an event, your information is recorded in Microsoft Dynamics. We use Microsoft Dynamics for the following purposes:
- Sending out publications, newsletters, invitations and surveys;
- Managing and coordinating web seminars, hybrid and face-to-face events;
- Processing inquiries, such as job applications, media requests, and projects;
- Follow-up of communication processes in relation to specific inquiries;
- The internal organization of our contact database in order to research and/or target relevant stakeholders for positions critical to our work.
We have signed a commission processing agreement in accordance with Art. 28 DS-GVO with Microsoft Ireland Operations, Ltd (One Microsoft Place, South County Business Park, LeopardstownDublin 18, D18 P521, Ireland).
4.8 Use of snapADDY DataQuality
For research, collection, completion and validation of address and contact data from various, publicly available sources or business cards or for capturing visit reports at events and customer visits or conversations, we use the software snapADDY DataQuality.
This includes the electronic capture of data using PC or mobile devices (e.g. from business cards or other sources), as well as the transfer, update and validation of the data in our CRM system (Microsoft Dynamics).
We have concluded a data processing agreement with snapADDY GmbH. The legal basis of the data processing is Art. 6 para. 1 lit. b and f GDPR. All data processed by snapADDY are stored on servers within the EU.
5. WHAT DO WE USE TO PROCESS YOUR PERSONAL DATA, AND ON WHAT LEGAL BASIS?
5.1 CONTRACT PERFORMANCE
We process your data in order to fulfill our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purposes of the data processing depend on the particular request and can also be used to analyze your needs and to check which offers are suitable for you.
5.1.1 EXECUTION OF THE CONTRACTUAL RELATIONSHIP
For the execution of the contract we need your name, your address, your telephone number or your e-mail address so that we can contact you.
5.1.2 OFFERING OF FREE EVENTS
We also need your personal data for invitation and participant management.
5.1.3 IMPLEMENTATION OF THE APPLICATION PROCESS
We process your data, which you have sent to us as part of your application, to check whether your professional qualifications are suitable for the advertised position. We only use your information for the application process and transfer it to your personal file when the contract is concluded. If no agreement is reached, your information will be deleted or destroyed. We will use your applicant information for no other purpose than to conduct the application process.
5.2 BASED ON YOUR CONSENT
If you have consented to the processing of your personal data for one or more specific purposes, the processing of your data by us is permitted. You can revoke this consent with a view to the future at any time without incurring any costs other than the transmission costs according to the basic rates (costs of your Internet connection). However, the revocation of consent does not affect the lawfulness of the processing carried out until the revocation.
This website uses Microsoft Dynamics to send newsletters and other publications. Microsoft Dynamics is service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (Microsoft). We have entered into an order processing agreement with Microsoft. This agreement also includes the standard contractual clauses adopted by the EU Commission to ensure a high level of data protection for transfers of data outside the EU and the European Economic Area.
The data you provide (e.g. your email address) to subscribe to our newsletter will be stored on Microsoft Dynamics servers in Europe (Austria, Finland, France and the Netherlands).
Sending our newsletters and publications with Microsoft Dynamics enables us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the email containing the newsletter and how often various links contained therein are clicked. The data is displayed anonymously in reports and analyzes.
Data processing is taking place with your consent (Art. 6 (1) (a) GDPR). You may revoke your consent at any time by unsubscribing from the newsletter. The data processed before we receive your request may still be legally processed.
If you do not want your usage of the newsletter to be analyzed by Microsoft Dynamics, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. Alternatively, you can also send your unsubscribe request to [email protected] by e-mail.
5.2.2 WEB SEMINARS
You can sign up to our newsletter on our website. MERICS both informs newsletter subscribers about upcoming web seminars and sends personal web seminar invitations. A number of our web seminars are recorded and can be viewed on the MERICS homepage.
The web seminar recordings are played through YouTube and are stored at https://www.YouTube.com. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
By using the standard contractual clauses adopted by the EU Commission, Google, and thus its subsidiary YouTube, guarantees that the EU's data protection guidelines are also observed when processing data in countries outside the EU and the European Economic Area (https://policies.google.com/privacy/frameworks)
The recordings of our web seminars are all embedded in an "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. When you play the videos, YouTube will collect and process your IP address, the date and time, and the website you visit. In doing so, a link to the advertising network "DoubleClick" belonging to Google, will be established. We have no influence over this data transfer.
This happens regardless of whether you are logged in to your YouTube user or not. If you are logged in, your data will be assigned directly to your account. If you do not want any trace that could link your activities to your YouTube profile, you must log out before watching the video and delete your cookies and browser history manually before logging in again. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (even for users who are not logged in) to provide advertising that is tailored to the users' needs and to inform other users of the social network about your activities on our website. You have a right to object the creation of these user profiles, you must, however, contact YouTube to exercise this right.
By registering for a MERICS web seminar you agree to use the services used for the web seminar and to the recording of the web seminar. During a web seminar, your name is only visible to other participants if you ask a question. If you do ask a question during the web seminar, your name will be displayed either in the written Q&A field or, when unmuted, on the main screen.
Any data submitted to us as part of an online registration for web seminar events will be used by us exclusively to process your registration. The list of participants will not be transferred to third parties.
Used services and service providers:
- Zoom: Zoom is a service of Zoom Video Communications, Inc., San Jose, USA. Website: www.zoom.us/; Privacy statement: zoom.us/privacy, Safety information: zoom.us/security
- WebEx: Cisco WebEx: Conference software; Service provider: Webex Communications Deutschland GmbH, Hansaallee 249, c/o Cisco Systems GmbH, 40549 Düsseldorf, Parent company: Cisco Systems, Inc. 170 West Tasman Dr., San Jose, CA 95134, USA; Website: www.webex.com; Privacy statement: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
- Teams: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Privacy statement: https://privacy.microsoft.com/en-gb/privacystatement
5.2.3 Unsolicited application
Unsolicited applications are processed on the basis of your consent
5.3 DUE TO OUR LEGITIMATE INTEREST
We use your personal information on the basis of our legitimate interest in the following cases.
5.3.1 LEGITIMATE INTEREST IN THE CONTEXT OF DATA PROCESSING IN CONNECTION WITH OUR WEBSITE
- To ensure IT security;
- In order to be able to record and prove facts in case of possible legal disputes.
5.3.2 LEGITIMATE INTEREST IN THE CONTEXT OF DATA STORAGE IN OUR DATABASE
To be able to carry out our statutory purpose of China research in the interest of the public, our researchers need information on actors from politics, business, science, media and society. Furthermore, the use of your personal data is necessary to enable a target group specific approach, e.g. for cooperations, information exchange and publication distribution.
If the lawfulness arises following Art. 6 para. 1 lit. f DSGVO, we store your data on the basis of our legitimate interest in the following cases:
- Your data was collected via publicly accessible sources;
- Your data was made available to us on the recommendation of third parties;
- You have provided us with your data yourself, but not explicitly for the aforementioned purposes.
As soon as your data is no longer relevant to our work, all contact details and stored information related to your contact will be deleted.
You have the right to object to the use of your personal data at any time. If you object to the processing of your data for the aforementioned purposes, we will either immediately stop processing your data for these purposes, and if we are not allowed to further process your data for other purposes and on the basis of another legal basis, we will completely delete your data from the system. It is possible to place a blocking notice on your e-mail address to prevent future inclusion in our database. To object to the use of your data in our database or to obtain information about your stored data, please write to [email protected].
5.4 DUE TO LEGAL REQUIREMENTS
As a company, we are subject to a wide variety of legal requirements (for example, those related to tax legislation). In order to comply with our legal obligations, we process your personal data to the extent necessary.
6. WHERE WE TRANSFER DATA AND WHY
6.1 DATA USAGE WITHIN MERICS
Within MERICS, only the entities, that need access to your personal data in order to fulfill our contractual or legal obligations, or in order to protect our legitimate interests, are granted access.
6.2 DATA USAGE OUTSIDE OF MERICS
We respect the privacy of your personal information and will only share information about you if required by law (e.g., tax authorities or regulatory agencies), if you have consented, or to fulfill contractual obligations (e.g. banks and transport service providers).
Our own service providers
In order to make our operations efficient, we use the services of external service providers, who may receive personal data from you for the purposes described, including IT and web service providers, printing and telecommunications service providers, financial accountants, travel agencies, consulting or sales companies.
In order to ensure that the service providers comply with the same data protection standards as those applied within our company, we have concluded appropriate contracts for order processing according to the requirements of Art. 28 GDPR.
For service providers located outside the European Economic Area (EEA), we take special security measures (e.g., through the use of special contract clauses) to ensure that the data is treated with the same degree of prudence as in the EEA.
7. DELETION PERIODS
In accordance with the applicable data protection regulations, we do not store your personal data longer than we need it for the purposes of the respective processing. If the data is no longer required for the fulfillment of contractual or legal obligations, we will regularly delete it, unless its temporary storage is still necessary. The following reasons may exist for further storage:
- Obligations under commercial and tax law to retain data must be observed: The periods for storage are up to 10 years, primarily in accordance with the provisions of the German Commercial Code and the Tax Code.
- To obtain evidence in the event of legal disputes within the framework of the statutory limitation provisions: In civil law, limitation periods can be up to 30 years, with regular limitation periods occurring after three years.
8. YOUR RIGHTS
You also have certain rights within the scope of processing your personal data. More detailed information can be found in the corresponding provisions of the General Data Protection Regulation (Articles 15 to 21).
8.1 RIGHT TO INFORMATION AND CORRECTION
You have the right to obtain information from us as to which of your personal data we process. If this information is not (no longer) correct, you can ask us to correct the data, or, if it is incomplete, to complete it. If we have passed on your data to third parties, we will inform the relevant third parties in the event of a corresponding legal situation.
8.2 RIGHT TO DELETION
You can request the immediate deletion of your personal data under the following circumstances:
- If your personal information is no longer needed for the purposes for which it was collected;
- If you have revoked your consent and there is no other legal basis for data processing;
- If you object to the processing and there are no overriding legitimate reasons for data processing;
- If your data is processed unlawfully;
- If your personal data must be deleted in order to comply with legal obligations.
Please note that before deleting your data we must check whether there is a legitimate reason for processing your personal data.
8.3 RIGHT TO LIMITATION OF PROCESSING ("RIGHT TO BLOCK")
You may request us to limit the processing of your personal data for one of the following reasons:
- If you deny the accuracy of the data, up until we have had the opportunity to verify the accuracy of the data;
- If the data is processed unlawfully, but instead of deletion, you only require the limitation of the use of personal data;
- If we no longer need your personal information for the purposes of processing, but you still need it to assert, exercise or defend your rights;
- If you have objected to the processing and it is not yet clear whether your legitimate interests outweigh ours.
8.4 RIGHT OF OBJECTION
8.4.1 INDIVIDUAL CASE-RELATED RIGHT TO OBJECTION
If the processing is in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons that arise from your particular situation. In the event of an objection, we will not process your personal data further, unless we can prove compelling grounds for protection for processing your data, which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection does not preclude the lawfulness of the processing up to the time of the objection.
8.4.2 ADVERTISING CONFLICT
In cases where your personal data is used for advertising purposes, you can object to this form of processing at any time. We will then no longer process your personal data for these purposes.
The objection can be made form-free and should be addressed to:
Mercator Institute for China Studies (MERICS) gGmbH
E-mail: [email protected]
Telephone: +49 30 3440 999-0
8.5 RIGHT TO DATA PORTABILITY
You have the right to receive personally identifiable information you have provided us with for processing upon request in a portable and machine-readable format.
8.6 RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY (ARTICLE 77 GDPR)
We try to process your requests and claims as quickly as possible in order to protect your rights accordingly. However, depending on the frequency of inquiries, it may take up to 30 days before we can inform you about your request. If it should take longer, we will inform you promptly of the reasons for the delay and discuss the further procedure with you.
In certain cases, we may not or cannot give you any information. If legally permissible, we will inform you of the reason for the refusal of the information.
However, if you are not satisfied with our responses and reactions or believe that we are violating applicable data protection laws, you are free to file a complaint with both our Data Protection Officer and the appropriate supervisory authority. The supervisory authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Tel.: +49 30 13889-0
Fax: +49 30 2155050
This data protection policy is valid as of 26/09/2022. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration.