Data privacy policy

§ 1 Information on the processing of personal data


(1) The protection of your personal data is our top priority and is taken into account by us. The following data privacy policy provides an overview of how we process your personal data. Personal data refers to all information relating to an identified or identifiable natural person.

Below, we provide information about the type, scope and purpose of the processing of personal data and how we handle this data. You will also learn about your rights regarding the processing of your personal data.

(2) The controller pursuant to Article 4 (7) of the General Data Protection Regulation (GDPR) is

DGNB GmbH
represented by Johannes Kreißig and Markus Kelzenberg
Tübinger Str. 43
70178 Stuttgart
E: gmbh@dgnb.de
T: +49 711722322-0

You can contact our data protection officer at
E: datenschutz@dgnb.de

or our postal address with the addition "the data protection officer".

(3) When you contact us by e-mail or via a contact form, the data you provide (such as your e-mail address, name and telephone number) will be stored by us in order to respond to your enquiry. We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are legal retention obligations. The legal basis for the processing of data transmitted in an email is Article 6 (1) point (f) of the GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing of the data is Article 6 (1) point (b) of the GDPR.

(4) For certain technical and organisational processes, we use the services of external service providers who have access to personal data in order to provide these services. These are service providers bound by instructions who are obliged to comply with data protection regulations and may not use the data for any other purpose.

§ 2 Your rights

(1) You have the following rights with regard to your personal data:

Right to information pursuant to Article 15 GDPR,
Right to rectification or erasure pursuant to Article 16 and Article 17 GDPR,
Right to restriction of processing pursuant to Article 18 GDPR,
Right to object to processing pursuant to Article 21 GDPR,
Right to data portability pursuant to Article 20 GDPR.


(2) If we process your personal data on the basis of your consent, you can revoke this consent at any time with effect for the future. The revocation of consent initially granted has no effect on the lawfulness of data processing up to the point of revocation.

(3) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

§ 3 Processing of personal data during a visit to our website

(1) When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to browse on our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Article 6 (1) sentence 1 point (f) of the GDPR):

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software

The log files are deleted after one month. They are not stored for longer than this. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the client making the request.

(2) The website was created by Stegmeyer Fischer Creative Studio GbR

This website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany.

§ 4 Use of cookies

In addition to the information mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored in
the Internet browser or by the Internet browser on the user's computer system.
When a user accesses a website, a cookie may be stored on the user's operating system. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.

Our website uses the following types of cookies, the scope and functionality of which are explained below:

1. Session cookies

Session cookies are automatically deleted when you close your browser. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

2. Permanent cookies

Permanent cookies are automatically deleted after a specified period, which may
vary depending on the cookie. You can delete cookies at any time in your browser's security settings.

We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

§ 5 Newsletter

(1) With your consent (Article 6 (1) point (a) GDPR), you can subscribe to the SHIFT newsletter, which we use to inform you about developments, news and events at SHIFT.

(2) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent via your subscription management directly in your DGNB user account, to which a link is included in every newsletter email, or by sending an email to widerspruch@dgnb.de or by sending a message to the contact details provided in the legal notice.

§ 6 Information on data processing on our social media company pages

We operate a so-called "company page" on these social media platforms:

Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
YouTube: Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland


Here we provide information about data processing when you visit one of our company websites.

1. General information about company websites, legal basis

As the owner of an online presence on a social media platform, we process personal data when you contact us directly in a personal message or via the public comment function on the platform. The data collected depends on the information you provide and the contact details you specify or share.

This data is processed on the basis of Article 6 (1) sentence (1) point (b) GDPR, insofar as this is necessary to carry out a measure requested by you. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Article 6 (1) sentence (1) point (f) GDPR).

When you visit a company page, the respective operator of the platform ("provider") collects information that enables them to recognise users and comprehensively analyse user behaviour. The provider of the social media platform can also create user profiles based on the data collected in this way. If you are logged in with your corresponding social media account when visiting a company page, the respective provider can also assign this visit to your account.

The respective provider only provides us with an anonymised statistical evaluation of the use of our company page based on the information obtained. This enables us to make our posts even more targeted in the future. In this respect, we have a legitimate interest in collecting and processing this information. In addition, we have a legitimate interest in using as many communication channels as possible in order to reach as many interested parties as possible personally. The legal basis for the data processing associated with the operation of a company website is Article 6 (1) sentence (1) point (f) GDPR.

We do not pass on any personal data that we collect via our company pages to third parties. However, we cannot influence or exclude the possibility that the aforementioned providers may transfer the collected data to third parties, in particular to their partner companies, which may also be based in other EU countries. In particular, data transfers to the USA are permitted on the basis of an adequacy decision by the EU Commission if the company in the USA is certified under the EU-US Privacy Framework (e.g. Meta Platforms Inc., Google LLC and LinkedIn Corporation).

You can assert your rights as a data subject with regard to data processing by our company websites both against us and against the respective provider. However, we would like to point out that these rights can be most effectively asserted against the respective provider. This is because only the respective provider has access to the user data and can take appropriate measures and provide information directly.

Further information on data processing by the respective provider can be found at:

LinkedIn: https://www.linkedin.com/legal/privacy-policy
YouTube: https://policies.google.com/privacy?hl=en-GB&gl=en
Instagram: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

2. Agreements pursuant to Article 26 GDPR

Some social media platform providers offer an agreement in accordance with Article 26 GDPR, in which the data protection obligations arising from the operation of our company page are divided between us and the respective provider. The providers have assumed a large part of the data protection obligations, such as fulfilling the rights of data subjects in accordance with Article 12 and following of the GDPR, the obligation to provide suitable technical and organisational measures to protect the security of personal data, and the reporting and notification obligations in the event of a data breach. If you contact us regarding your rights as a data subject, we will forward your request to the respective provider immediately. We are obliged to do so in accordance with the agreement with the respective provider.

Further information on the agreement between us and the respective provider can be found at:

LinkedIn: https://www.linkedin.com/help/linkedin/answer/a1338708/?lang=en-US
Instagram (Meta): 
https://www.facebook.com/legal/terms/dataprocessing
https://www.facebook.com/legal/terms/page_controller_addendum

Join our movement

Participants

Are you working on a project that follows the SHIFT philosophy or is committed to specific aspects of the initiative? Then send us your project. We are excited and look forward to receiving your submission.

Supporters

Do you want to become a part of this SHIFT movement and help to make global architecture more resilient, climate-conscious and culturally responsible? Then download the supporter logo and share it in your networks.

Join SHIFT