General information about the processing of personal data
Responsible according to Art. 4 (7) of the EU General Data Protection Regulation ("GDPR") is WHU - Otto Beisheim School of Management, Burgplatz 2, 56179 Vallendar (see our imprint, e-mail: datenschutz(at)whu.edu).
Personal data is any information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable if, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, that expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person, can be identified. This includes, for example, information such as your name, address, telephone number, language, location, e-mail address, bank details and date of birth.
Processing of personal data
A processing of personal data applies to any operation performed with or without the aid of automated procedures or in any series of procedures related to personal data. In particular, data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We process personal data in accordance with the specifications and conditions described below within the framework of automated processing based on a relevant legal authorisation. The scope of the processing of your personal data is limited by the purposes described in each case.
Automated decision-making in individual cases including profiling according to Art. 22 GDPR does not take place.
If we use a processor for the processing of your personal data, we conclude a data processing contract with them, which fulfills all the requirements of Art. 28 GDPR.
Purpose of processing personal data
The data collected is used exclusively for the organization of scientific experiments. We need the data for the following purposes:
- To inform participants about new laboratory or web experiments and invite them to participate,
- to carry out a scientifically motivated selection of participants for specific experiments,
- to verify the appearance or non-appearance of the registered experiment participants,
- to document the payments from experiments to the participants by the school’s management.
When experiments are conducted, data are generated by the decisions to be made by participants in the process. These data are analyzed scientifically. In the process, the decision data is anonymized and cannot be assigned to any individual. In this sense, participation in the experiments is anonymous. The generated, anonymized data is used for the preparation of scientific research papers.
Each participant can decide at any time that he or she no longer wishes to receive invitations to experiments and that the respective user account in the online registration system should be set to an inactive status.
In the profile, you can use the "Logout" option to specify that no further invitations are desired.
Participants can view the personal data stored about them at any time in their personal profile.
There is a registration form ("WHU – Behavioral Experimental Lab") on this website which you can use for your electronic registration. Some of our offers can only be used if you create an account, for example to participate in experiments and online surveys. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:
- First name
- Last name
- Date of birth
- Language skills
- Email address
In addition, users may voluntarily submit the following data:
- Phone number
Mandatory data requested during registration must be provided in full.
The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). A revocation of your already given consent is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing already carried out remains unaffected by the revocation.
We store the data collected during registration for the period that you are registered on our website. Your data will be deleted should you cancel your registration.
Based on your consent according to Art. 6 para. 1 sentence 1 lt. a GDPR in conjunction with. Art. 7 GDPR you can participate in our experiments. This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages because of this. You can also revoke this consent at any time with future effect by e-mail or by sending a message to the contact details provided in this data protection notice, without having to fear any disadvantages.
In addition to the above-mentioned data, cookies are stored on your computer.
Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer altogether more user-friendly and effective.
We only use a technically necessary cookie (_hroot_session). This cookie is necessary for a good functionality of our website and cannot be switched off in our system. The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR ("legitimate interest"). However, you can of course configure your browser settings according to your wishes and also reject such technically necessary cookies. Please note that you will not be able to use our website in that case.
Duration of data processing
The maximum duration of storage depends on the purpose of the data processing. The duration of storage depends in particular on the period for which the processing is necessary to fulfil the purpose or to comply with legal obligations. The statutory storage obligations, in particular in accordance with § 257 HGB and § 147 AO (6 or 10 years), remain unaffected.
Recipient of personal data
We transmit your data to the specialist departments within WHU, as far as this is necessary and legally permissible.
If we use a commissioned processor to process your personal data, we conclude a commissioned processing contract with this processor, which fulfils all the requirements of Art. 28 GDPR.
Your personal data will not be transferred beyond this, unless this is expressly stated in this document.
Place of data processing
The processing of your personal data by us takes place in Germany or in member states of the European Union, unless a transfer of your personal data to states outside the member states of the European Union (so-called third countries) or to other international organisations has been described in the cases listed above, in which case the necessary requirements under Art. 44 ff. GDPR are observed.
Safety / Technical and organizational measures
We take all necessary technical and organizational measures in accordance with the provisions of Articles 24, 25 and 32 GDPR in order to protect your personal data from misuse and loss, destruction, access, modification or disclosure by unauthorized persons.
In this way, we comply with the legal requirements for pseudonymizing and encrypting personal data, the confidentiality, integrity, availability and resilience of systems and services related to processing, the availability of personal data and the ability to rapidly restore them in the event of a physical or technical incident as well as the establishment of procedures for periodic tests, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing.
Furthermore, we also follow the requirements of Art. 25 GDPR with regard to the principles of "privacy by design" (data protection by means of technical design) and "privacy by default" (data protection by means of privacy-friendly default settings).
You have a right to free information (right of access) about your personal data as well as, subject to the relevant conditions, a right to rectification, blocking and eraser of your data, to the restriction of processing, to data portability as well as a right of objection.
Insofar as we base the processing of your personal data on the weighing of interests, you can object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you. If you do so, please explain why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
You also have the opportunity to complain to a competent supervisory authority (e.g. Landesbeauftragter für den Datenschutz und Informationsfreiheit Rheinland-Pfalz, Prof. Dr. Kugelmann, Hintere Bleiche 34, 55116 Mainz, Germany).
Please contact us or our external data protection officer if you have any questions regarding the processing of your personal data, as well as questions relating to the above-mentioned rights and their assertion, or if you have any suggestions:
Frau Susanne Kamm
Dr. Dornbach Consulting GmbH
Tel.: 0261 9431-441