1. General

For the purposes of the European General Data Protection Regulation (GDPR), ECARF Institute GmbH, Robert-Koch-Platz 7 10115 Berlin, Germany, is the controller responsible for the processing of data on this website. We respect your privacy rights. We are aware of the importance of personal data that we receive from you as a user of our website. We respect the privacy of your personal data and will only collect, store, or process any data obtained in accordance with the relevant data protection regulations and to the extent necessary to complete our ordinary business operations.


2. Definitions

Personal data is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


3. Legal bases for the processing of personal data

Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis for the processing of personal data when the user’s consent has been obtained.


Art. 6 no. 1 sentence 1 lit. b GDPR serves as the legal basis when processing personal data for the performance of a contract to which the data subject is a party. This also applies to processing activities that are necessary for the implementation of pre-contractual measures.


Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis when the processing of personal data is necessary for compliance with a legal obligation to which ECARF is subject.


Art. 6 (1) lit. f GDPR serves as the legal basis when processing is necessary to safeguard the legitimate interests of ECARF or a third party, and provided these legitimate interests are not outweighed by the data subject’s interests and fundamental rights and freedoms. If information is stored on your terminal device, e.g. by means of cookies (see therefore also, in particular, Sections 5.2 and 5.6), the permissibility of the use of the data is additionally governed by Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act – TTDSG (consent) or, in the case of mandatory storage processes, by Section 25 (2) no. 1 (communication process) or no. 2 (provision of a telemedia service) TTDSG. The legitimate interest of our company usually lies in the provision of our contractual services and/or the ongoing optimisation of our services and presentations.


4. Data erasure and storage period

The data subject’s personal data is erased or blocked as soon as the purpose for which it was stored ceases to apply. Personal data may also be stored if so specified by European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. In such instances, personal data is blocked or erased when a retention period specified in any of the above-named legislation expires, unless it must be retained for longer in order to conclude or execute a contract.


5. Collection of personal data

In principle, we do not collect or use any personal data when you visit our website. This is done only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users is only carried out regularly once they have given their consent. This does not apply in cases where the processing of the data is permitted by legal regulations.


In the following, you will find information on the type, scope, and purpose of our data processing on this website:


5.1 Server log files

Each time you visit our website, our server automatically stores the data required for access and billing purposes on our server in a log file, which is automatically transmitted to us by your browser.

The following data is collected:

  • browser type / browser version
  • the user’s operating system
  • host name of the accessing computer
  • date and time of the server request
  • IP address of the requesting computer
  • websites from which the user’s system reaches our website (referrer URL)
  • files viewed
  • transmitted data volume

The storage of the log file serves the following purposes:

  • file retrieval analysis for statistical purposes
  • system security and stability of the website
  • check for use in breach of contract or other illegal use, if there are factual indications of such use

The legal basis for this data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is based on the above-mentioned purposes for collecting data. We never use the collected data for the purpose of determining your personal identity. We do not merge this data with other data sources.


5.2 Required cookies

On accessing our website, “cookies” are stored on the user’s computer. Cookies are small text files in a file directory provided for them on the computer. These files are used to identify the user’s computer for the duration of the session. These cookies cannot cause any manipulation of the user’s end device and can be deleted manually at any time; the easiest way to do is this is via the browser.


You can individually set how cookies are handled using your internet browser, so that they are rejected or are only accepted after confirmation. The cookies, in this case so-called “session cookies”, serve the purpose of extending the functionality of our website and making it as convenient as possible for you to use. Please note that rejecting cookies may result in some components of our application not working properly.


The processing of data by cookies is necessary for the aforementioned purposes to protect our legitimate interests and, if applicable, those of third parties in accordance with Art. 6 (1) sentence 1 lit. f GDPR, § 25 (2) of the German Telecommunications-Telemedia Data Protection Act (TTDSG).


5.3 Usage data

We collect and use your personal data based on Art. 6 (1) sentence 1 b) GDPR, if applicable in conjunction with § 25 (2) no. 2 TTDSG, insofar as this is necessary to enable you to use our website (usage data).


5.4 Data related to you contacting us

If you send us enquiries via the contact form, the information you provide in the form or via the e-mail address provided for contacting us, including the contact data you provide there, will be stored by us solely for the purpose of processing the respective enquiry and to respond to follow-up questions. We do not disclose these data to third parties without your consent. The corresponding use of data is based on Art. 6 (1) sentence 1 lit. b GDPR for the purpose of processing your request.



5.6 Third-party services / Tracking

The use of tracking tools and the cookies set in this context is based on Art. 6 (1) sentence 1 lit. a GDPR / § 25 (1) TTDSG through your consent, which can be revoked at any time. We use these tools to ensure responsive design and ongoing optimisation of our website (through statistical evaluations).



Use of Google Analytics

Our website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street; Dublin 4, Ireland.


Google Analytics uses so-called “cookies”, i.e. text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie on your use of this website is usually transferred to a Google server in the USA and stored there. However, your anonymised IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. You can prevent these cookies from being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.


We use Google Analytics exclusively to evaluate data from double-click cookies (cookies set by Google) and Ads for statistical purposes. Google Analytics supports an optional browser add-on for the standardised deactivation of these cookies. You can prevent Google from collecting the data (including your IP address) generated by the cookie and related to your use of the website by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout?hl=de. However, the add-on only deactivates the data collection by Google.


Furthermore, as website provider, we have no knowledge of the content of the transmitted data or its use by Google. For more information, please see Google’s privacy policy and terms of use at  https://www.google.de/intl/de/policies/.



Google Ads conversion tracking

We use the Google Ads (formerly Adwords) service of Google Ireland Limited, Gordon House, Barrow Street; Dublin 4, Ireland, to draw attention to our attractive offers on external websites with the help of advertising (so-called Google ads). In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We do this for the purpose of presenting advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.


These advertising materials are supplied by Google via so-called “ad servers”. To do this, we use ad server cookies (a convention tracking tag or code snipe), from which certain performance metrics such as ads or user clicks can be measured.  If you access our website through a Google ad, Google Ads will store a cookie on your PC (usually in the browser). These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indicating that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie.


These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads client’s website and the cookie stored on their computer has not yet expired, Google and the client will be able to recognise that the user has clicked on the ad and been redirected to that page. Each Ads client is assigned a different cookie. Cookies can therefore not be tracked via the websites of Ads clients. We ourselves do not collect and process any personal data in the advertising measures mentioned above. We only receive statistical evaluations from Google. These evaluations allow us to see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users based on this information.


Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool; to the best of our knowledge, the integration of Ads Conversion provides Google with the information that you have called up the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address.


You can opt out of this tracking process in various ways: a) by changing the settings of your browser software accordingly, in particular by rejecting third-party cookies so that you do not receive ads from third-party providers; b) by deactivating certain ads on Google via the link https://support.google.com/ads/answer/2662922?hl=de, which will delete the setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory “About Ads” campaign via the link http://www.aboutads.info/choices , which will delete the setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers as described in the link https://support.google.com/analytics/answer/181881?hl=de. Please note that in this case you may not be able to use the full functionality of this website.


You can find more information about data protection at Google here:

http://www.google.com/intl/de/policies/privacy und https://services.google.com/sitestats/de.html.


5.7 Use of our Consent Management Tool (CMT)

Our website uses the internally hosted CMT “Borlabs cookie plugin”, a plugin by Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg (hereinafter “Borlabs”).

We use this data to ensure the full functionality of our website as well as to inform the user about the use of cookies on our website and to obtain and record the user’s consent in accordance with the law.

The following data is automatically used by Borlabs:
• anonymised IP address of the user;
• date/time of consent;
• user agent of the end-user’s browser;
• websites from which the user’s system reaches our website (referrer URL)
• anonymous, random, and encrypted key;
• The cookies allowed by the user (cookie status), which serves as proof of consent.

A key automatically generated by the CMT for the management/proof of consents granted and the consent status are also stored in a cookie in the end user’s browser. This allows the website to automatically read and comply with the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months.

The legal basis for data processing is Art. 6 (1) lit. c GDPR in conjunction with § 25 (2) No. 2 TTDSG. Only with an appropriate mechanism for granting and managing consent can we comply with the statutory requirements.



6. Your rights

Insofar as we process your personal data on our website, you are a “data subject” within the meaning of the GDPR. You have the following rights in your dealings with us:


6.1 Right to access

You can request confirmation from us as to whether we are processing personal data relating to you. In the event of such processing, you may request information from us about the following:

  • the purposes for which the personal data is processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • the planned duration of storage of your personal data or, if specific information in this respect is not possible, criteria for the definition of the duration of storage;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from the data subject, any available information as to its source.
  • the existence of automated decision-making, including profiling in accordance with Articles 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and targeted effects for you of processing of this type.

Furthermore, you have the right to request information on whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.


6.2 Right to rectification

You have the right to have your personal data rectified and/or completed if your processed data is inaccurate or incomplete. Should this be the case, we will carry out the rectification without delay.


6.3 Right to restriction of processing

You have the right to request the restriction of the processing of your personal data if:

  • you dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the data;
  • processing is unlawful and you refuse the erasure of your personal data and instead demand the restriction of use;
  • we no longer need your personal data for the purposes of processing, but you need it for the establishment, exercise, or defence of legal claims, or
  • you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether our legitimate grounds outweigh your grounds.

If you have requested the restriction of the processing of your personal data, those data may – apart from being stored – only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. You will be informed by us before the restriction is lifted.


6.4 Right to erasure

You can demand that we erase your personal data without delay. We are obliged to delete this data without delay if one of the following reasons applies:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke any existing consent on which the processing was based pursuant to Art. 6 (1) sentence 1 lit. a or Art. 9 (2) sentence 1 lit. a GDPR and there is no other legal basis for the further processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing.
  • You object to processing for the purposes of direct marketing in accordance with Art. 21 (2) GDPR.
  • Your personal data has been processed unlawfully.
  • The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
  • Your personal data has been collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

If we have made your personal data public and we are obliged to erase it pursuant to Art. 17 (1) GDPR, we shall take reasonable steps, taking into account the available technology and the cost of implementation, to inform the data controller responsible for the processing that you have requested the erasure of all links to these personal data, as well as copies and replications thereof.


Your right to erasure does not exist insofar as the processing is necessary

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • for reasons of public interest in the area of public health pursuant to Art. 9 (2) sentence 1 lit. h and i as well as Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, where the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the establishment, exercise, or defence of legal claims.


6.5 Right to be informed

If you have asserted to us your right to rectification, erasure, or restriction of processing, we are obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or is associated with a disproportionate effort.


You have the right to be informed by us of these recipients.


6.6 Right to data portability

You have the right to receive your personal data that you may have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, provided that

  • the processing is based on consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR or Art. 9 (2) sentence 1 lit. a GDPR or on a contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR and
  • processing is carried out using automated procedures.


In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The rights and freedoms of other persons must not be affected by this.


The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.


We currently do not assume that data subject to the right to data portability will be processed within the scope of our website offer.


6.7 Right of objection

You have the right to object at any time to the processing of your personal data based on Art. 6 (1) sentence 1 lit. e or f GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions.


We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise, or defend legal claims.


If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to any associated profiling.


If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.


You have the possibility to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.


6.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent shall not affect the legality of the processing carried out on the basis of the consent until the revocation.

Renew or change your cookie-consent here:
Cookie settings


6.9 Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect against you or similarly significantly affects you. We do not undertake such processing.


6.10     Right to appeal to a supervisory authority

Without prejudice to any other rights of appeal, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.


7. Responsibility for linked content

On our website, we may also use links to websites of other providers. In this respect, this Privacy Policy does not apply. If personal data is collected, processed, or used when using the websites of these other providers, please refer to the privacy policy of the respective providers. We are not responsible for their data protection practices.


8. Transfer of personal data to third parties

Your personal data is stored exclusively on our servers or on servers used on our behalf. Access to this data and the use of the data is only possible for an authorised group of employees or service providers and is also only limited to those data that are necessary for the performance of the respective task.


Your data will not be transferred to third parties without your consent. A transfer of data to third countries (countries outside the European Economic Area – EEA) does not take place, unless otherwise stated in this Privacy Policy, and is not intended in the future.


9. Data security

To protect your personal data, we have taken technical and organisational measures to ensure that your data is protected against accidental or intentional loss, destruction or manipulation and access by unauthorised persons. Our protective measures are reviewed at regular intervals and adapted to technical progress where necessary.


10. Data Protection Officer

Should you have any further questions regarding the processing of your personal data, please contact our Data Protection Officer: compolicy GmbH, Schwedenkai 1, 24103 Kiel, info@compolicy.de.


11. Changes to the Privacy Policy

We reserve the right to amend this privacy policy at any time if necessary and in view of the data protection regulations applicable at the time of amendment.



Version: August 2022