Data Privacy Policy
§ 1 Information about the collection of personal data.
(1) The protection of your personal data is a high priority for us and is taken into account by us. The following data protection information provides you with an overview of how we process your personal data. Personal data means any information relating to an identified or identifiable natural person.
In the following, we will inform you about the type, scope and purpose of the collection of personal data and how we handle this data. In addition, you will learn what rights you have with regard to the processing of your personal data.
(2) The responsible party pursuant to Art. 4 (7) of the General Data Protection Regulation (DSGVO) is.
DGNB GmbH
represented by Johannes Kreißig and Markus Kelzenberg
Tübinger Str. 43
70178 Stuttgart
E-mail: gmbh@dgnb.de
You can reach our data protection officer at
E-mail: datenschutz@dgnb.de
or our postal address with the addition "the data protection officer".
(3) When you contact us by e-mail or via a contact form, the data you provide (such as your e-mail address, name and telephone number) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations. The legal basis for the processing of data transmitted in the course of an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing the data is Art. 6 (1) lit. b DSGVO.
(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
2. Your rights
(1) With regard to the personal data concerning you, you have the following rights towards us:
- Right to information according to Art. 15 DSGVO,
- Right to correction or deletion according to Art. 16 and Art. 17 DSGVO,
- Right to restriction of processing according to Art. 18 DSGVO,
- Right to object to processing according to Art. 21 DSGVO,
- Right to data portability according to Art. 20 DSGVO.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
3. Collection of personal data when visiting our website
(1) In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO, § 25 para. 2 TDDDG):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software
The log files are deleted after one month. Storage beyond this period does not take place. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
(2) The website was created by the web agency Mosaiq and is continuously maintained by them.
This website is hosted by gridscale GmbH, Oskar-Jäger-Str. 173 in 50825 Cologne, Germany.
§ 4 Use of cookies
In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.
Our website uses the following types of cookies, the scope and functionality of which are explained below:
Session cookies
Session cookies are automatically deleted when you close the browser. They store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
Permanent cookies
Permanent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.
§ 5 Google Maps
Google Maps is integrated on our website to show you our location. Google Maps is a service of Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: Google). In order for you to retain control over your data, we use the so-called two-click solution for the integration. This ensures that no connection is established with Google's servers when you simply call up our website and that your data is not transmitted to Google. The integration is initially deactivated by default and is only activated and loaded from the platform after you click on the button. After activating the link, your personal data about the use is automatically processed by the platform, so that your data is transmitted to Google and stored on Google servers.
If consent has been given, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be revoked at any time.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, can be found in Google's privacy policy at www.google.com/policies/privacy/partners/;
In the context of the use of certain listed tools, your personal data will be transferred in compliance with the requirements of Art. 44 et seq. DSGVO, your personal data will also be transferred to a third country. Please note that there is no adequacy decision between the EU and the USA.
Despite these contractual and technical measures, it may happen that the level of data protection in the third country does not correspond to that in the European Union. Above all, there is a risk, especially in the case of a data transfer to the USA, that your personal data could possibly be processed by authorities for control and monitoring purposes, even without sufficient legal remedies, without us as the data exporter or you as the data subject being aware of this.
§ 6 Application procedure
We offer you the opportunity to apply for a job with us. In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with the principles of the DSGVO and all other legal provisions and that your data will be treated as strictly confidential.
If you apply to us, we require some information about you for this purpose. The following application data will be collected and processed:
- Salutation
- Last name, first name
- E-mail address
- Address
- Telephone/mobile number
- Dates of birth
- Upload attachments for application documents (e.g. cover letter, resume, references)
As part of the selection process, incoming applications are viewed, queries are made if necessary using the above-mentioned information, invitations to interviews are sent and further personal data is collected in interviews as part of the selection process in order to make a decision.
The legal basis for the processing of this data is Article 88 (1) DSGVO in conjunction with Section 26 BDSG. The purpose of collecting and processing your data is the handling of the application procedure.
The transmitted data will be deleted after the application process has ended. If no employment relationship is established following the application process, the application documents will be deleted six months after notification of the rejection decision. If your application is followed by the conclusion of an employment contract, your data will be stored and used in compliance with the relevant legal regulations.
Your personal data as part of the application process will be transferred to our service provider as part of order processing:
Personio GmbH
Rundfunkplatz 4
80335 München
Tel.: +49 89 1250 1005
Personio GmbH is a personnel administration and applicant management software. We ensure the confidential and secure handling of your data in accordance with the applicable data protection regulations https://dgnb.jobs.personio.de/privacy-policy?language=en.
§ 7 Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(3) Furthermore, we may pass on your personal data to third parties if contracts or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.
(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
§ 8 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you may revoke it. Such revocation affects the permissibility of the processing of your personal data after you have expressed it to us.
(2) Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time.
You can inform us of your objection using the following contact details:
DGNB GmbH
Tübinger Str. 43, 70178 Stuttgart, Germany
E-mail: widerspruch@dgnb.de
§ 9 Use of the blog functions
In our blog, where we publish various posts on topics related to our activities, you can make public comments. Your comment will be published with your specified username with the post. We recommend using a pseudonym instead of your real name. You are required to provide your username and e-mail address; all other information is voluntary. If you post a comment, we will continue to store your IP address, which we will delete after one week. The storage is necessary for us to be able to defend ourselves against liability claims in cases of possible publication of illegal content. We need your e-mail address to contact you if a third party objects to your comment as unlawful.
Legal bases are Art. 6 para. 1 p. 1 lit. a and lit. f DSGVO. The comments are not checked before publication. We reserve the right to delete comments if they are objected to by third parties as unlawful.
When writing your comment, you can tick our e-mail service. This will inform you when other users leave a comment on the post. For this service we use the so-called double opt-in procedure, i.e. you will receive an e-mail in which you must confirm that you are the owner of this e-mail address and wish to receive the notifications. You can unsubscribe from
unsubscribe from the notifications at any time by clicking on the link contained in the e-mail. Your personal data, including email address, your times of registration for the service and your IP address will be stored by us until you unsubscribe from the notice service.
§ 10 Use of our webshop and DGNB Navigator
(1) If you order as a user in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We pass on the data you provide to our order processor for invoice processing in order to process your order. The legal basis for this is Art. 6 para. 1 p. 1 lit. b DSGVO.
We may also process the data you provide to inform you about other products from our portfolio or to send you emails with technical information.
We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data is only used to comply with legal obligations.
To prevent unauthorized access by third parties to your personal data, the ordering process is encrypted using SSL or equivalent TLS technology.
(2) We also operate the Navigator product database, in which manufacturers can post their products and services in order to inform planners, builders or other interested parties about them. However, the products and services cannot be purchased via the DGNB Navigator. We therefore only mediate the contact between buyer and seller/contractor and client. The actual business takes place outside our sphere of influence.
With the licensed DGNB auditor / DGNB consultant and the manufacturer, we only conclude a respective user contract (see our GTC). In order to be able to conclude the user contract, both the DGNB auditor / DGNB consultant and the manufacturer must register or register in a two-stage procedure. The form of address, first and last name, e-mail address and, for manufacturers, company name and company address are mandatory; other information is voluntary. You will then receive an e-mail to activate your access.
If your registration is made via the registration form of the website and your confirmation in this regard is not made within 24 hours, your registration will be automatically deleted from our database.
For the duration of the user contract we store the aforementioned personal data. Manufacturers can terminate the user contract with a notice period of 6 months to the end of the respective calendar year (Section 6.1 of the GTC of the user contract with manufacturers). DGNB Auditors / DGNB Consultants may terminate the User Agreement at any time without notice (Section 7.1 of the General Terms and Conditions of the User Agreement with Auditors / Consultants). The stored personal data of the DGNB auditor / DGNB consultant will be deleted no later than 30 days after complete termination of the contract of use, provided that no legal dispute is imminent or a waiver of appeal has been declared and there is no legal obligation to store data due to an official order. Due to commercial and tax law requirements, we are obliged to store the address and contract data of the manufacturers for a period of 10 years. However, we restrict processing after 2 years, which means that the manufacturers' data is only used to comply with legal obligations.
We do not pass on your personal data to third parties. Unless, in exceptional cases, we are given permission to do so.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b and lit. f GDPR.
To prevent unauthorized access to your personal data by third parties, the connection is encrypted using SSL or equivalent TLS technology.
§ 11 Use of our internal portal for members, auditors and consultants
If you wish to use our portal, you must register by entering your e-mail address, a password of your choice and your user name. We use the so-called double opt-in procedure for the registration, i.e. your registration is only completed when you have filled out the membership application as the first step and this has been accepted by the responsible person or you have signed the DGNB Auditor / DGNB Consultant Licensing Agreement. Then the log-in data for the internal area will be stored in the system accordingly for members or DGNB auditors/DGNB consultants. As a member or DGNB auditor/DGNB consultant, you will then receive a link by e-mail. You can log in with the data contained therein.
(2) If you use our portal, we store your data required for the fulfillment of the contract, including information on the method of payment, until you finally delete your access. Furthermore, we store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected member or DGNB auditor/DGNB consultant area. The legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.
(3) To prevent unauthorized access to your personal data by third parties, the connection is encrypted using SSL or equivalent TLS technology.
§ 12 Use of our auditor forum
(1) Our Auditor Forum serves the purpose of networking and scientific exchange between licensed DGNB auditors and DGNB consultants as well as experts. If you would like to actively participate in the forum, you must register by providing your first and last name as well as your e-mail address, a password of your choice, and your first and last name as a user name. We use the so-called double opt-in procedure for the registration, i.e. your registration is only completed if you have first confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm your registration, it will be deleted from our database.
(2) If you register a forum account, we will store, in addition to your registration data, all information that you provide in the forum, i.e. public posts, bulletin board entries, private messages, etc., in order to operate the forum until you log out. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO.
(3) If you delete your account, your public statements, especially contributions to the forum, will remain visible to all readers, but your account will no longer be retrievable and will be marked in the forum with a placeholder "[Deleted User]". All other data will be deleted.
(4) To prevent unauthorized access to your personal data by third parties, the connection is encrypted by SSL or equivalent TLS technology.
§ 13 Participation in online events via "GoToMeeting" and/or "GoToWebinar".
(1) We use the products "GoToMeeting" and "GoToWebinar" to conduct certain online events. The provider of the products is the company LogMeIn Ireland Limited with its registered office in Bloodstone Building, Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland.
If you wish to register as a participant for an online event via our website, it is necessary for you to provide your personal data in order to participate in online events, which we require for the organization, implementation and follow-up of your participation (legal basis is Art. 6 para.1 lit. b DSGVO).
For online events of the Academy, please register on our website using the registration form. Necessary mandatory information is marked separately, other information is voluntary. For online events via GoToMeeting you will receive an access link from us with which you can participate in the online event. It is not necessary to enter personal data at GoToMeeting.
For online events of the association, you will be redirected to the website of GoToWebinar via a link. There you can register as a participant. Necessary mandatory information is marked separately, other information is voluntary.
Note: If you call up the website of "GoToMeeting" or "GoToWebinar", the provider is responsible for data processing. Calling up the Internet page is required for registration with GoToWebinar. However, a call to the Internet site is only required to download the software for the use of "GoToMeeting" or "GoToWebinar". If you do not want to or cannot use the "GoToMeeting or GoToWebinar" app, then the basic functions can also be used via a browser version.
(2) When registering via the GoToWebinar website, the data from the registration mask is transmitted to LogMeIn. In addition, the date and time of registration are collected. Via "GoToMeeting" and "GoToWebinar", the following meeting metadata are also processed: Topic, description (optional), participant IP addresses, device/hardware information. Furthermore, the following data is processed for recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
You may have the option of using the chat, question or survey functions in an online event. To this extent, the text entries you make are processed in order to display them in the online event and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time through the "GoToMeeting" applications.
If we want to record online events, we will notify you in advance and - if necessary - ask for consent. For the purposes of recording and following up on online events, the questions asked by participants may also be processed.
(3) The personal data processed by us will be stored by us for as long as is necessary for the respective purpose - in particular the implementation of the online event - in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and Fiscal Code ten years for tax-relevant documents and six years for other business letters) (Art. 6 para. 1 p. 1 lit. c DSGVO). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or the purpose of the data processing has not yet ceased.
(4) "GoToMeeting" or "GoToWebinar" is a service of LogMeIn Ireland Limited (Bloodstone Building Block C 70 Sir John Rogerson's Quay Dublin 2, Ireland), which is a subsidiary of LogMeIn Inc (Log-MeIn, 320 Summer Street, Boston, MA 02210, USA). A processing of personal data thus also takes place in a third country.
More information on data protection at LogMeIn is available at www.goto.com/de/company/legal/privacy/international.
In the context of the use of certain listed tools, your personal data will be transferred in compliance with the requirements of Art. 44 et seq. DSGVO, your personal data will also be transferred to a third country. Please note that there is no adequacy decision between the EU and the USA.
Despite these contractual and technical measures, it may happen that the level of data protection in the third country does not correspond to that in the European Union. Above all, there is a risk, especially in the case of a data transfer to the USA, that your personal data could possibly be processed by authorities for control and monitoring purposes, even without sufficient legal remedies, without us as the data exporter or you as the data subject being aware of this.
§ 14 Participation in online events via the Vystem platform
(1) As digital support for certain online events, we use the online service "Vystem Platform". The provider of "Vystem Platform" is Isardigital GmbH, Bahnhofstraße 5, 83646 Bad Tölz. The link to the privacy policy for the "Vystem platform" can be found here: vystem.io/datenschutz.html
(2) If you would like to register for an online event that takes place via the "Vystem Platform", it is necessary for participation that you create an account on the platform and provide your personal data, which we require for the organization, implementation and follow-up of your participation (legal basis is Art. 6 para.1 b DSGVO). Necessary mandatory information is marked separately, other information is voluntary. If your registration takes place via our website, you will receive a link to the "Vystem platform" by e-mail in order to be able to register with the "Vystem platform" as a participant and create an account, or as soon as registration is possible directly via the "Vystem platform", our website will link directly to the "Vystem platform".
(3) The following data is processed via "Vystem Platform": personal data specified in the preceding paragraph as well as login data (subscriber number), usage data (in particular access times) and device/hardware information, IP address. These data are processed exclusively for the provision and use of "Vystem Platform". You have the possibility to use the chat functions during an event via "Vystem Platform". To this extent, the text entries you make are processed in order to display and log them. You have the option of using the video or audio functions in addition to the chat functions. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the event. You can turn off or mute the camera or microphone yourself at any time.
§ 15 Newsletter
(1) With your consent, you can subscribe to DGNB newsletters, with which we inform you about developments, news and events from the DGNB GmbH, depending on the format. The respective contents of the formats are described as information in the subscription management.
(2) To subscribe to DGNB newsletters, you need a DGNB User Account, as the subscription management is located under the “Subscribe to DGNB Newsletter” tab. Under this tab you will see an overview of all the newsletters available to you. You can use the sliders to manage your subscriptions according to your preferences. We use a so-called double opt-in procedure to register for subscriptions. This means that after you have registered, we will send you an e-mail to the e-mail address specified in your DGNB User Account in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, the validity of the confirmation link contained in the e-mail will expire. If you still wish to subscribe to the respective newsletter, you will have to trigger your registration in the DGNB User Account again via the sliders.
In addition, we store the times of your subscription and confirmation as well as your unsubscription. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) To send you the DGNB Newsletters, we use the e-mail address you provided in your DGNB User Account. In order to be able to address you personally, we also use the name and title you provided in your DGNB User Account.
(4) We use the online service “Newsletter2Go” as a tool for sending the DGNB newsletter. The provider of “Newsletter2Go” is Sendinblue GmbH (formerly Newsletter2Go GmbH), Köpenicker Straße 126, 10179 Berlin. This is a service provider bound by instructions, which is obliged to comply with data protection regulations and may not use the data for any other purpose.
(5) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation via your subscription management directly in your DGNB user account, to which a link is included in every newsletter e-mail, or by e-mail to widerspruch@dgnb.de or by sending a message to the contact details given in the imprint.