Privacy statement

Institut Bauen und Umwelt e.V. (IBU), Hegelplatz 1, 10117 Berlin, Germany, is the operator of this website and the respective services on offer. IBU takes data protection very seriously. Principally, use of the IBU website is possible without providing any personal data. However, insofar as a user wishes to make use of specific services on our website, commensurate processing of personal data may be required. Where the processing of personal data is required and there is no legal basis for such, IBU will generally obtain the consent of the user (data subject) in question.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is carried out in line with the General Data Protection Regulation in all cases and in accordance with specific regional data protection provisions incumbent upon IBU. The aim of this privacy statement is to inform users of our website of the nature, extent and purpose of the personal data that is collected, used and processed by IBU. In addition, this privacy statement also explains the rights afforded to data subjects.

As the processing controller, Institut Bauen und Umwelt e.V. has implemented numerous technical and organisational measures to ensure the most comprehensive protection possible for personal data processed via this website. Notwithstanding this, Internet-based data transmissions may present security vulnerabilities, with the result that absolute protection cannot be guaranteed. For this reason, any data subject may choose to convey personal data to IBU using alternative methods such as by telephone or by post.

1. Definitions

The Institut Bauen und Umwelt e.V. privacy statement draws on terminology used by European regulators in enacting the General Data Protection Regulation (GDPR). Our privacy statement is intended to be easy to read and understandable for the public and our members and business partners alike. In the interests of achieving this, we wish to clarify the terms used in advance.

Amongst others, the following terms are used in this privacy statement:

a) Personal data

Personal data means information regarding an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the processing controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

e) Controller or processing controller

Controller or processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

f) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

g) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.

h) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

i) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the processing controller

Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in Member States of the European Union and other provisions of a data protection nature is:

Institut Bauen und Umwelt e.V.

Hegelplatz 1,

10117 Berlin

Germany

Tel.: +49 (0) 30 30 87 74 8 – 0

E‑Mail: info[a]ibu-epd.com

Website: https://ibu-epd.com/

3. What data will be recorded during my visit to the IBU website?

Every time a user accesses a page on our website and every time a file is retrieved, access data relating to these events is stored in a log file on our server:

IP address of the requesting computer
Website from which the file was requested
Date and time of access
Browser type and settings
Operating system
Pages accessed by you
Data volume transferred
Access status (file transfer, file not found etc.)

IBU cannot identify the data subject through the use of this general data and information. Rather, this information is required for the purpose of (1) correctly delivering the content of our website, (2) optimising our website content, (3) safeguarding the permanent functionality of our IT systems and our website technology and (4) providing law enforcement agencies with the requisite information for criminal prosecution in the event of cyber attack. This anonymously collected data and information is consequently analysed by IBU for statistical purposes and also with the aim of enhancing data protection and data security in order to ultimately secure an optimum level of protection for personal data processed by IBU. Anonymous data on server log files is stored separately from all personal data provided by a data subject.

4. Contact via the website https://ibu-epd.com/kontakt/

In line with statutory requirements, the IBU website contains information to allow swift electronic contact as well as direct communication with IBU, which also covers the use of a general electronic mail address (email address). Personal data transmitted by the data subject when contacting the processing controller via email or using a contact form is automatically stored. Such personal data voluntarily sent by a data subject to the processing controller is stored for the purposes of processing or contacting the data subject. This personal data is not disclosed to any third parties.

5. Routine erasure and blocking of personal data

The processing controller will process and store personal data relating to the data subject solely for the period necessary to achieve the intended purpose of storage or insofar as provided for by European regulators or other legislative bodies in laws or regulations incumbent upon the processing controller.

Personal data will be routinely blocked or erased in accordance with the pertinent statutory provisions where the intended purpose of storage no longer applies or the applicable storage period prescribed by European regulators or other competent legislative authorities has expired.

6. Subscription to our newsletter

Users of the IBU website have the option of subscribing to a newsletter. The nature of personal data transmitted to the processing controller upon subscribing to the newsletter is determined on the basis of the input screen used for this purpose.

Principally, the IBU newsletter can only be received by data subjects that (1) have provided a valid email address and (2) have registered to receive the newsletter. For reasons of law, a confirmation email within the scope of the ‘double opt-in’ procedure is initially sent to the email address provided by the data subject when subscribing to the newsletter. This confirmation email serves to check whether the email address owner has authorised receipt of the newsletter as the data subject.

Upon registering for the newsletter we also store the IP address issued by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration as well as the date and time of registration. Collection of such data is required in order to trace any subsequent (possible) misuse of the data subject email address and consequently affords legal protection to the processing controller.

Personal data collected within the scope of registering for the newsletter is used solely for the purpose of sending the IBU newsletter. In addition, newsletter subscribers can be notified by email insofar as is necessary for operation of the newsletter service or an associated registration, as may occur in the case of changes to the newsletter offer or modification of the technical parameters. Personal data collected within the scope of the newsletter service is not disclosed to any third parties. Subscription to the IBU newsletter can be cancelled at any time by the data subject. Consent for the storage of personal data provided to us by the data subject for the purposes of receiving the newsletter can be withdrawn at any time. A commensurate link for use in withdrawing consent is provided in each newsletter. Moreover, the data subject may also unsubscribe from the newsletter at any time directly via the processing controller’s website or notify the processing controller of such by other means.

7. Registration on IBU members area; registration with IBU.data; registration refusal

7.1 IBU members area

Only IBU members are permitted to register on the IBU members area.

The following personal data is required for IBU members area registration

Email
First name
Surname
Company name

After entering the requisite registration information, confirm your registration by clicking on ‘Register’. Your data will then be stored in the user administration system. Acceptance is, however, only first confirmed by a respectively authorised member of the IBU staff following a membership check.

7.2 IBU.data

Institut Bauen und Umwelt e.V. makes the LCA-based data from the Environmental Product Declarations (EPDs) for building products available for download from IBU.data in digital form as XML files on the basis of the ILCD format. Registration is only necessary here for enabling download of the data provided. Access can also be gained without registration.

The following persoal data is required for IBU.data registration:

First name
Surname
Organisation
Occupation/function
Email

7.3 Registration refusal

Insofar as acceptance of your registration for the members area and/or IBU.data download is refused by IBU for legitimate reasons, the profile stored within the course of refusal will be immediately or promptly erased.

8. Rights of the data subject

a) Right of confirmation

Every data subject has the right granted by the European regulators to require confirmation from the processing controller as to whether or not personal data concerning the respective data subject is being processed. Any data subject wishing to exercise this right of confirmation may submit a commensurate request to a member of the IBU staff at any time.

b) Right of access

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require the processing controller to provide free-of-charge access at any time to personal data stored in relation to the data subject and also obtain a copy of such information. Moreover, the European regulators have afforded the data subject a right to the following information:

The purposes of the processing
The categories of personal data concerned
The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
The right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
The right to lodge a complaint with a supervisory authority
Where the personal data is not collected from the data subject: all available information regarding its source
The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

In addition, the data subject also has the right to know whether personal data has been transferred to a third country or international organisation. Where this is indeed the case, the data subject has the residual right to be informed of the appropriate safeguards relating to the transfer.

Any data subject wishing to exercise this right of access may submit a commensurate request to a member of the IBU staff at any time.

c) Right to rectification

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require rectification without delay of inaccurate personal data relating to the data subject. Moreover, taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Any data subject wishing to exercise this right of rectification may submit a commensurate request to a member of the IBU staff at any time.

d) Right to erasure (right to be forgotten)

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require the controller to erase personal data concerning the data subject without undue delay where one of the following grounds applies and processing is unnecessary:

The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
The data subject withdraws consent on which the processing is based according to Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal ground for the processing
The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR
The personal data has been unlawfully processed
Erasure of the personal data is required for compliance with a legal obligation in accordance with European Union or Member State law to which the controller is subject
The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR

Wheresoever one of the above-stated grounds applies, any data subject wishing to arrange for the erasure of personal data stored by IBU may request such from a member of the IBU staff at any time, whereupon IBU will duly carry out commensurate erasure without delay.

e) Right to restriction of processing

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to require the restriction of processing by the controller of personal data concerning the data subject where one of the following conditions applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
The controller no longer needs the personal data for the purposes of processing; however, the data is required by the data subject for the establishment, exercise or defence of legal claims
The data subject has objected to processing pursuant to Article 21 (1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject

Wheresoever one of the above-stated grounds applies, any data subject wishing to facilitate restriction of personal data stored by IBU may request such from a member of the processing controller’s staff at any time, whereupon IBU will arrange for restriction of processing.

f) Right to data portability

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to receive the respective personal data which they have provided to a controller, in a structured, commonly used and machine-readable format. In addition, the data subject has the right to transmit such data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and the processing is carried out by automated means, provided the processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Moreover, in exercising their right to data portability pursuant to Art 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and insofar as not adversely affecting the rights and freedoms of others.

To exercise the right to data portability, the data subject may request such from a member of IBU staff at any time.

g) Right to object

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to object at any time on grounds relating to their particular situation to the processing of personal data concerning the data subject based on Article 6 (1) (e) or (f) GDPR.

In the event of objection, IBU will no longer process the personal data, save for where IBU demonstrates compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

To exercise the right of objection, the data subject may request such directly from a member of IBU staff. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.

h) Right to withdraw data protection consent

Any data subject in respect of whom personal data is being processed has the right granted by the European regulators to withdraw their consent for the processing of personal data at any time.

Data subjects wishing to exercise this right of withdrawal of consent may submit a commensurate request to a member of the IBU staff at any time.

9. Period for which personal data will be stored

The criterion determining the period for which personal data may be stored is the respective statutory period of storage. Following expiry of this period, the corresponding data will be routinely erased provided it is no longer required for the purposes of initiating or performing a contract.

10. Cookies

IBU uses session cookies on its website. The respective data is not permanently stored. The use of temporary cookies offers you the advantage of not having to re-enter your personal data every time you fill out one of the various forms on our website. The cookies are automatically deleted upon closing down the browser.

Cookies do not damage your computer hard-drive and cannot be used to transfer personal data to IBU.

The default setting on most browsers automatically accepts cookies. Nevertheless, you can deactivate the storage of cookies or set your browser to notify you whenever cookies are sent.

Where cookies have been deactivated, a so-called session ID is used to identify the respective person during corresponding access to our website. No data is stored on your computer. The session ID is deleted upon terminating your access

11. Google Analytics web analysis service

This website uses Google Analytics, a web analysis service provided by Google Inc (‘Google’). Google Analytics uses so-called ‘cookies’ (see 10 above), text files that are stored on your computer to analyse your use of the website. Information generated by the cookie regarding your use of our website, such as

browser type/version;
operating system used;
referrer URL (page previously accessed);
host name of the accessing computer (IP address) and
time of server request

is generally transmitted to and stored by Google on a server in the USA. IBU has activated IP anonymisation. Consequently, within European Union Member States or other states that are party to the European Economic Area Agreement, Google first shortens your IP address on this website.

Only in exceptional cases will the full IP address be transmitted to and shortened by Google on a server in the USA. On behalf of the operator of this website, Google will use this information to analyse your use of the website, create reports on website activity and provide additional services to the website operator associated with use of the website and the Internet.

The IP address sent from your browser within the scope of Google Analytics will not be combined with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, please be aware that this may mean you are unable to use the full functionality of the website.

You can also prevent the collection of data generated by the cookie regarding your use of the website (including your IP address) and the processing of such by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

12. Privacy statement regarding the use of Twitter

Our website incorporates functions of the Twitter service. These functions are offered by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By accessing a page on our website that contains a commensurate plug-in, a direct link is generated between your browser and the Twitter server. As a result, Twitter is notified that you visited our website using your IP address.

By clicking on the Twitter ‘tweet button’ while logged in to your Twitter account, you can link the content of our website to your Twitter profile. This allows Twitter to assign the visit to our website to your user account.

Please note that we do not receive any information on the content of the data transmitted or its use by Twitter. Further information is provided in the Twitter privacy statement. You can change your Twitter data privacy settings in account settings at http://twitter.com/account/settings.

13. Transfer of personal data to third parties

IBU uses personal data solely for internal purposes within the course of customer relations. Personal data is not forwarded to third parties without your required consent.

Personal data will only be collected and transferred to state institutions and authorities entitled to receive such data within the scope of applicable law or where we are obliged to do so by court order. IBU requires that all employees and service provider companies maintain secrecy and comply with data protection provisions. The same will also apply for all future employees or business partners.

Pri­va­cy statement

1. Def­i­n­i­tions

2. Name and address of the pro­cess­ing controller

3. What data will be record­ed dur­ing my vis­it to the IBU website?

4. Con­tact via the web­site https://ibu-epd.com/kontakt/

5. Rou­tine era­sure and block­ing of per­son­al data

6. Sub­scrip­tion to our newsletter

7. Reg­is­tra­tion on IBU mem­bers area; reg­is­tra­tion with IBU.data; reg­is­tra­tion refusal

7.1 IBU mem­bers area

7.2 IBU.data

7.3 Reg­is­tra­tion refusal

8. Rights of the data subject

a) Right of confirmation

b) Right of access

c) Right to rectification

d) Right to era­sure (right to be forgotten)

e) Right to restric­tion of processing

f) Right to data portability

g) Right to object

h) Right to with­draw data pro­tec­tion consent

9. Peri­od for which per­son­al data will be stored

10. Cook­ies

11. Google Ana­lyt­ics web analy­sis service

12. Pri­va­cy state­ment regard­ing the use of Twitter

13. Trans­fer of per­son­al data to third parties