Privacy Policy

This privacy policy is governed by German law (GDPR).

It is provided in English for convenience and clarity. The legally binding version is the original German text.

How we collect and use personal data

We take the protection of your personal data very seriously. Your information is handled with strict confidentiality and in full compliance with German data protection laws and this privacy policy.

When you use this website, we collect certain personal data. Personal data means any information that can be used to identify you directly or indirectly. This privacy policy explains what data we collect, how we use it, and for what purpose.

Please note that data transmission over the internet (for example, when communicating by email) may pose security risks. A complete protection of your data from access by third parties is technically not possible.

The controller responsible for data processing on this website, in accordance with Article 4(7) of the GDPR, is:
German Economic Institute (IW)
Konrad-Adenauer-Ufer 21
50668 Cologne, Germany
Telefon: +49 221 4981-0
kontakt@rehadat.de

If we use external service providers for specific functions of our website, or if we intend to use your data for promotional purposes, we will inform you in detail below about each specific process. This includes the legal basis and the criteria we use to determine how long your data is stored.

Data Protection Adviser

We have appointed a data protection adviser for our organisation:
Mr. Sebastian Feik, Dipl.-WJur. (FH)
legitimis GmbH
Ball 1
51429 Bergisch Gladbach, Germany
dataprivacy-helpdesk@legitimis.com

Your Rights

  1. Your right to access, correct, restrict, or delete your data

    Under Articles 15 to 18 of the GDPR, you have the right to request information about the personal data we store about you, including its origin, recipients, and the purpose of processing. You also have the right to request that your data be corrected, restricted, or deleted — unless legal obligations require us to retain it. If you have questions about your personal data or wish to exercise these rights, you can contact us at any time using the address provided above.

  2. Right to data portability

    You have the right to receive data that we process automatically based on your consent or for the fulfillment of a contract, in a commonly used, machine-readable format — either for your own use or for transfer to another controller (Article 20 GDPR).
    If you request the direct transfer of your data to another controller, this will only be done where technically feasible.

  3. Right to lodge a complaint with the supervisory authority

    If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). The responsible authority is the data protection office of the federal state in which our organization is based. A list of supervisory authorities and their contact details can be found at: www.bfdi.bund.de.

  4. Withdrawing your consent

    Some types of data processing are only permitted if you give us your explicit consent. You can withdraw this consent at any time — simply send us an email. Please note: any data processing that took place before your withdrawal remains lawful.

Your right to object under Article 21 GDPR

You have the right to object — at any time and without formal requirements — to the processing of your personal data if it is based on Article 6(1)(e) GDPR (processing in the public interest) or Article 6(1)(f) GDPR (processing based on legitimate interests), and if your objection is based on reasons arising from your particular situation. If you object, we will stop processing your personal data — unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Secure data transmission

For security reasons and to protect the transmission of confidential content — such as orders or inquiries you send to us — this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in your browser’s address bar from “http://” to “https://”, and by the padlock icon next to the URL. When SSL or TLS encryption is active, any data you send to us cannot be read by third parties.

Objection to unsolicited advertising emails

We hereby object to the use of contact details published in accordance with legal notice requirements for sending unsolicited advertising or informational materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

Cookies

  1. Type and scope of data processing

    Our website uses cookies – small text files that your browser stores on your device. When you visit our website for the first time, we inform you about the use of these cookies and refer you to this privacy policy.

  2. Purpose of data processing

    We use technically necessary cookies to enable basic functions such as navigation and access to specific content and components.

  3. Legal basis

    The legal basis for processing personal data using technically necessary cookies is Article 6(1)(f) of the GDPR.

  4. Duration of storage, options for objection and deletion

    Cookies are stored on the user’s device and transmitted to our site from there. This means you, as the user, have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

    If cookies are disabled for our website, it may no longer be possible to use all of the website's features to their full extent.

Data collection on our website

  1. Server log files

    1. Type and scope of data processing

      When you access a webpage, your browser automatically sends certain technical information to our web server. This information is processed to deliver the page correctly and is also stored in so-called server log files. The following data is recorded:

      • IP address
      • date and time of access
      • time zone difference to GMT
      • the page you requested
      • Access status / HTTP status code
      • amount of data transferred
      • referring website
      • browser, operating system and its interface
      • language and version of the browser software

      We do not combine this data with other sources, and we do not use it to identify you personally.

    2. Purpose of data processing

      The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website.

    3. Legal basis for data processing

      The legal basis for processing this data is Article 6(1)(f) of the GDPR. To deliver the website to your device, we need to temporarily store your IP address for the duration of your visit. Log files help us maintain the functionality of the website and protect our IT systems.

    4. How long we store your data

      We only keep your data for as long as is necessary for the purpose it was collected for. When you visit our website, some technical data is temporarily stored to ensure the site works properly. This includes your IP address and other connection details. This data is automatically deleted when your session ends.
      If the data is stored in log files, it is deleted after a maximum of seven days. Encrypted backups of these log files are kept for up to 14 days.

    5. Can I object to this data processing?

      We only collect and store technical data that is strictly necessary to deliver and protect the website. Without this data, the site cannot function securely or reliably. For this reason, there is no option to object to this specific type of data processing.

  2. Email Contact and Contact Form

    1. Type and scope of data processing

      If you contact us via the contact form, the data you provide (e.g. your email address and your message) will be stored and processed so we can respond to your enquiry.
      You may also contact us directly using the email address we provide. In some cases, we may get back to you with follow-up questions.
      We do not share this data with third parties. All enquiries are handled exclusively by REHADAT staff.

    2. Purpose and legal basis of data processing

      Your data is processed solely for the purpose of handling your enquiry. The legal basis for this is Article 6(1)(f) of the GDPR.

      Other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
      If your enquiry is aimed at initiating or fulfilling a contract, the legal basis is Article 6(1)(b) of the GDPR.

    3. Duration of storage, options for objection and deletion

      Data will be deleted once it is no longer needed for the intended purpose – that is, when the conversation with you as a user has ended or the matter in question has been fully resolved.
      You may withdraw your consent to the processing of personal data at any time (see above: “Withdrawal of Consent”).

Web analytics by Matomo

  1. Type and scope of data processing

    On this website, we use the open-source software Matomo to analyse usage statistics and to optimise our offering. Matomo is configured to be privacy-friendly and works without cookies. We operate Matomo ourselves on our own servers (self-hosting), so your data remains exclusively with us and is not passed on to third parties.

    When you visit our website, the following information is processed:

    • your abbreviated IP address (the last two bytes are removed, e.g. 192.168.178.123 becomes 192.168.0.0)
    • the webpages and subpages accessed
    • the website from which the user accessed our website (referrer)
    • date and time of access
    • information about your browser and operating system
    • the device used (desktop, tablet, smartphone) and the screen resolution
    • file downloads
    • clicks on external links
    • interactions with content (e.g. clicks on buttons, sorting search results, scrolling behaviour) within the scope of event tracking

    IP anonymisation (shortening to two bytes) effectively rules out any personal reference, as the shortened IP address can no longer be assigned to a specific connection. Individual visitors are not recognised and user profiles are not created.

  2. Purpose of data processing

    Processing the data enables us to analyse usage behaviour on our website. This allows us to understand which content and functions are frequently used, how users navigate through our website and where problems may arise. This helps us to continuously improve our website and its user-friendliness and to tailor our offering to the needs of our users.

  3. Legal basis for data processing

    The legal basis for the use of Matomo is Article 6(1)(f) of the GDPR.

  4. Duration of storage

    The statistical data collected by Matomo is deleted as soon as it is no longer required for our analysis.

  5. Right of objection and removal

    If you opt out, a cookie named mtm_consent_removed will be stored on your device to prevent Matomo from collecting your data. Please note that the Matomo deactivation cookie for this website will also be deleted if you remove the cookies stored in your browser. In addition, if you use a different computer or web browser, you will need to repeat the deactivation procedure.

Embedded External Services

  1. Google Maps

    1. Description and scope of data processing

      This website uses Google Maps via an API to display interactive maps and generate directions — provided you give your consent. A cookie stores your decision. Google Maps is a mapping service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

      When you access a page of our website containing Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser and integrated into the webpage. We therefore have no influence over the extent of the data collected by Google in this manner. According to our knowledge, this includes at least the following data:

      • date and time of the visit to the relevant website,
      • internet address or URL of the accessed website,
      • IP address
      • (starting) address entered during route planning.

      The scope of data collection, as well as the further processing and use of your data by Google, together with your rights and options to protect your privacy, can be found in Google’s privacy policy. If you require information which this privacy statement cannot provide, or if you would like further details on a specific point, please contact the responsible body mentioned above.

    2. Legal Basis

      The legal basis is Article 6 (1) (f) GDPR. Our legitimate interest lies in presenting address information alongside map content and route descriptions.

    3. Right of objection and removal

  2. Social media plug-ins

    1. Purpose of data processing

      We currently use social media plug-ins from the following networks: WhatsApp, Facebook and LinkedIn. To enable content sharing, we use Shariff social media buttons from Heise Online .
      These plug-ins allow you to interact with social networks and other users, helping us to improve our offering and make it more interesting for you.

      When you visit our website, no personal data is initially passed on to the providers of these plug-ins. You can identify the provider of each plug-in by its logo and by hovering your mouse over the button. We give you the option of communicating directly with the plug-in provider via the button. Only when you click on the marked button does the plug-in provider receive the information that you have accessed the corresponding webpage of our online offering. In addition, the data specified in Section 3 of this policy is transmitted.

    2. Description and scope of data processing

      We have no control over the data collected and the data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, or the storage periods. We also have no information on the deletion of collected data by the plug-in provider.

      The plug-in provider stores the data collected about you in the form usage of profiles and uses it for advertising, market research and/or to design its website according to user needs. Such analysis is particularly carried out (even for users who are not logged in) in order to display needs-based advertising and to inform other users of the social network about your activities on our website.

      You have the right to object to the creation of these user profiles, and you must contact the relevant plug-in provider to exercise this right.

      Data is transmitted regardless of whether you have an account with the plug-in provider and are logged in. If you are logged in with the plug-in provider, the data we collect about you will be directly associated with your existing account with the plug-in provider. If you activate the button and link the page, for example, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, particularly before activating the button, as this can help you avoid being associated with your profile at the plug-in provider. Further information can be found in the privacy policies of the respective providers.

    3. Legal basis

      The legal basis for using the plug-ins is Article 6(1)(f) of the GDPR.

    4. Right of objection and removal

      If you do not wish the data processing described above to take place, you should not use the service. Only click on buttons of social networks that you trust.

  3. Friendly Captcha - Spam & Bot Protection

    1. Description and scope of data processing, purpose of data processing

      On our websites, we offer communication and registration forms. To protect these forms from spam and bots, we use Friendly Captcha by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. You do not need to recognise images or solve puzzles.

      How it works:
      Your device automatically solves small computational tasks in the background while you are filling out the form. Additionally, the system evaluates various technical characteristics to assess how likely it is that you are a bot. The higher the risk assessment, the more difficult the computational tasks become. For normal users, everything runs invisibly and quickly.

      Friendly Captcha does not store any personal data and does not use tracking cookies. The service is GDPR-compliant and is operated by a German company. Further information and Friendly Captcha's applicable data protection provisions can be found at:
      https://friendlycaptcha.com/legal/privacy-end-users

    2. Legal basis for data processing

      The legal basis for using Friendly Captcha is Article 6 (1) (f) GDPR. Our legitimate interest lies in protecting our forms from misuse.

    3. Right of objection

      As Friendly Captcha is technically necessary to protect our forms from misuse, it is not possible to object. Without this protective measure, the forms cannot be made available.