Data protection
Data protection information
(English version for information purposes only, for legally binding version please visit the German website)
We appreciate your interest in our work and thank you for visiting our website. The protection of your personal data is of great importance to us. In general, the use of our website is possible without your providing any personal data. However, the use of certain specific services of our website may require the processing of personal data. Should this become necessary and in the case of there being no legal basis for any such processing of data, we will always ask for your permission. In all cases, personal data will be processed in strict accordance with the EU General Data Protection Regulation (GDPR). We would like to inform here you about the data gathered when you visit our website and how these data are used. This data protection information can be consulted on this specific site at any time, as well as downloaded and printed.
Due to legislative change and change of internal processes of our institute, this data processing regulation may be subject to readjustments. We therefore ask you to re-check this information on a regular basis.
The data information regulation of the IQB – Institut zur Qualitätsentwicklung im Bildungswesen (Institute for Educational Quality Improvement) is based on the terminology used by the institutions responsible for the issuing of regulations in the European Union. For clarification of the expressions used, please consult the glossary provided at the end of this document.
1. Name and address of the individuals responsible
Responsible in the meaning of the General Data Protection Regulation are the directors of the IQB e. V.:
Institut zur Qualitätsentwicklung im Bildungswesen – Wissenschaftliche Einrichtung der Länder an der Humboldt-Universität zu Berlin e. V.
Prof. Dr. Petra Stanat (Academic Director)
Dr. Anne Jostkleigrewe-Paulus (Managing Director)
Unter den Linden 6
10099 Berlin
Telephone: +49 (30) 2093-46500
2. Name and address of the Data Protection Manager
The data protection manager of the IQB e. V. is:
Gesine Hoffmann-Holland
Telephone: +49 (30) 2093-2591
3. Scope of application
This data protection information is valid for the website of the Institut zur Qualitätsentwicklung im Bildungswesen, Unter den Linden 6, 10099 Berlin, which can be retrieved at www.iqb.hu-berlin.de (hereinafter referred to as “our website”).
4. What does “personal data” signify?
The term “personal data” refers to information which can be used to provide insights into your personal or factual circumstances (e. g., name, address, phone number, date of birth, or e-mail address). Pieces of information gathered are not considered personal data if they cannot be used to create a reference to your person, or can only be so used by means of disproportionate effort (e. g. if they have been anonymized).
5. Data processing and data processing purposes
Upon each visit, whether by a person or an automatic system, the IQB website gathers a series of general data and information. This general data and information are stored in the form of server log files. The legal basis for our justified interest in the processing of users' personal data is Article 6 (1) lit. f GDPR.
Data gathered comprise the following:
(1) browser types, and the respective versions, used
(2) the user's operating system
(3) the website from which the user accesses our website (so-called referrer)
(4) the sub-websites which are visited by the user's accessing system
(5) the date and time of access to our website
(6) the internet protocol address (IP address), reduced by the last digit to provide anonymity
(7) further similar data and information needed for security precautions in the case of attacks against our IT system
By using these general data and information the IQB will not deduce information on the persons concerned. Rather, this data is used for (1) the correct transmission of our website content, (2) the optimization of the content of our website, (3) long-term functionality of our IT systems and our website technology as well as (4) for the provision of information needed for criminal persecution in the case of cyber attacks. This data is gathered anonymously for statistic evaluation on the one hand, and on the other, for the purpose of improving data security within our institute, with the aim of creating optimal data security for the procession of personal data. The anonymous log file data are stored separately from all personal data given by the person concerned.
If the data subject contacts the person responsible for data processing via e-mail or by means of a contact form, the personal data given by the user is stored automatically. Such data, which is given voluntarily, is stored for contacting the user and/or for handling user requests. The data are not transmitted to third parties.
6. Deletion and blocking of personal data
As a matter of principle, personal data collected by us are processed and stored only as long as necessary for the purpose of storage, or as long as required by law or other regulations. Log data as mentioned under section5 are deleted after one week.
7. Rights of the individuals affected (revocation, information, correction, deletion)
Any data subject by the processing of personal data is entitled by law to receive information on, or confirmation of, their personal data stored by our system free of charge. Users also have the right to have incorrect personal data concerning them corrected, the right to have their data deleted, the right to restrict processing of their data, and the right to interdict processing of their data altogether. Users' consent of processing of data can be revoked at any time. The legality of the processing of the user's personal data up to this point remains unaffected.
We exercise the right to store, and to transmit to other persons responsible, personal data given by users by means of a structured and customary format legible by machine.
If in doubt about the legality of the processing of their personal data, users also have the right to make an appeal to a member state's surveillance authority, regardless of other administrative or judicial remedies.
8. Cookies
The website of the IQB e. V. utilizes cookies. Cookies are text files stored by the Internet browser on the user's computer system. Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. Cookie IDs serve to clearly identify cookies, consisting of a sequence of characters enabling the browser to be clearly identified when visiting the website again.
The use of cookies enables us to render our services more user-friendly than otherwise possible. For instance, by allowing our website to place cookies, you do not need to choose your preferred language settings when visiting the website again. The legal basis for personal data processing while utilizing cookies is Article 6 (1) lit. f GDPR.
You can permanently deactivate or restrict the transmission of cookies through changing your internet browser settings. Furthermore, cookies that have already been saved can be deleted at any time, either by an Internet browser or other suitable software. Any customary Internet browser can be used for this purpose.
9. Hyperlinks referring to external websites
Our website contains hyperlinks leading to external websites. By clicking on these hyperlinks, you are being directly referred to the external website, as recognizable by the changed URL. We do not take responsibility for the confidential treatment of your personal data by the providers of external websites, as we cannot control their observation of data handling guidelines. For information on the handling of your personal data by these websites, please consult the data protection information on the respective website.
10. Legal basis for personal data processing
Article 6 (1) lit. a GDPR serves as our legal basis for data processing procedures which we ask visitors of our website to consent to. Where processing of personal data is required, as in the case of the transmission of academic publications, the processing of personal data is based on Article 6 (1) lit. b GDPR. If our institute is under a legal obligation which makes the processing of personal data necessary, the processing of data is legally based on Article 6 (1) lit. c GDPR. In rare cases, the processing of personal data can become necessary to protect interests of vital importance of the data subject, or any other natural person.
11. Glossary
This data protection information is based on the terminology defined by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easily legible and understandable. To ensure this, we would like to explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.