Data Privacy Policy

General Notices

Welcome to our website and thank you for your interest. The protection of your personal data is important to us. Therefore, we conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. We are happy to inform you about how we process your personal data and for which purposes.

The following information provides an overview of how your personal data and so-called "cookies" or similar technologies are used when you visit our website or our platforms, make use of our range of services or are in contact with Zukunftsinstitut GmbH or the group of companies to which Zukunftsinstitut GmbH belongs (hereinafter "Zukunftsinstitut group of companies") in any other way as a customer.

Simply put, personal data is all information that makes it possible to identify you personally. This includes, for example, your name, your address, your user behaviour, or your IP address. Regarding the processing of personal data, the provisions of the European General Data Protection Regulation (hereinafter referred to as "GDPR") and other applicable national data protection laws apply.

Cookies are data records that are stored on the device you are using or in your browser when you visit a website. In relation to cookies, the provisions of the e-Privacy Directive or the national legislation implementing this Directive, in particular the Telecommunications Act or a legal act of the European Union replacing these provisions, apply.

Regarding some of our processing activities or product and service offerings, this privacy policy is supplemented by specific data protection notices, which will be given to you for your information as required in each case.

Our offer does not aim to reach persons under the age of 16 as a target group. The following data protection declaration therefore does not contain any further information on the handling of data of such persons, e.g. children.

Structure

This data protection declaration is divided into two parts. Under point A you will find information about the processing of personal data, namely when visiting the website including online shops, in connection with the use of our service offers in the various product or service categories and in connection with the registration for the newsletter. Under point B you will find information about the transmission of data to third parties, e.g. the use of cookies and similar technologies, especially on our website, but also when sending the newsletter and in connection with visiting our profiles/accounts/pages on social media platforms.

Contact

The options for contacting us regarding the processing of personal data or the use of cookies or similar technologies are listed under points 7 and 14 respectively.

A. VERARBEITUNG PERSONENBEZOGENER DATEN
A. PROCESSING OF PERSONAL DATA
1 General data processing on our website, incl. online shop
1.1 Data Controller
1.2 Data protection officer
1.3 Collection of your data
1.4 Purposes of data processing
1.5 Creation of log files
1.6 Categories of personal data processed and legal basis for processing
1.7 Recipients of the data
1.8 SSL or TLS encryption
2 Other (services) provided by the Zukunftsinstitut group of companies
2.1 Data Controller
2.2 Collection of your data
2.3 Purposes of data processing
2.4 Categories of personal data processed and legal basis for processing
2.5 Recipients of the data
3 Newsletter
3.1 Data Controller
3.2 Collection of your data
3.3 Purposes of data processing
3.4 Categories of personal data processed and legal basis for processing
3.5 Recipients of the data
4 Reference to data transfers to third countries (e.g. the USA)
5 Storage period
6 Your rights in connection with data processing
6.1 Right to information pursuant to Art. 15 DSGVO
6.2 Right to rectification pursuant to Art. 16 DSGVO
6.3 Right to erasure pursuant to Art. 17 DSGVO
6.4 Right to restriction of processing pursuant to Art. 18 DSGVO
6.5 Right to information pursuant to Art. 19 DSGVO
6.6 Right to data portability pursuant to Art. 20 DSGVO
6.7 Right to object pursuant to Art. 21 DSGVO
6.8 Right to revoke the declaration of consent under data protection law
6.9 Automated decision-making in individual cases including profiling
6.10 Right to complain to a supervisory authority pursuant to Art. 77 DSGVO
7 Contact options

B. COOKIE STATEMENT
1 General information
1.1 Categories of processed data
1.2 Legal basis of processing
2 Analysis tools and advertising
2.1 Google Analytics
2.2 Personalised advertising using other Google services
2.3 Facebook tools and personalised advertising
2.4 Hubspot
2.5 LinkedIn
2.6 Adobe Typekit
3 Embedded services
3.1 Vimeo, YouTube
3.2 Typeform
4 Newsletter distribution via MailChimp
5 Our profiles on social media platforms
5.1 Facebook
5.2 Instagram
5.3 Twitter
5.4 LinkedIn
5.5 Video channels: YouTube and Vimeo
6 Online shop and payment service providers
7 Contact options
8 Security and updating

A. PROCESSING OF PERSONAL DATA

1 General data processing on our website, incl. online shop

1.1 Data Controller
The Data Controller as laid down in the General Data Protection Regulation (GDPR) and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection is Zukunftsinstitut GmbH, Kaiserstr. 53, 60329 Frankfurt am Main (hereinafter referred to as "Zukunftsinstitut GmbH"). Zukunftsinstitut GmbH is responsible for the data processing on this website, including the online shop (e.g. orders for publications or registrations for the Future Circle), decides on the purposes and means of processing your personal data and thus acts as the so-called "data controller" as laid down in the GDPR.

1.2 Data protection officer
If you have any further questions regarding the handling of your personal data, please do not hesitate to contact our data protection officer:

Mr. Markus Heinrich, Attorney at Law
c/o Wolter Hoppenberg Attorneys at Law Partnership mbB
Münsterstraße 1-3
59065 Hamm
E-mail: datenschutz@zukunftsinstitut.de

1.3 Collection of your data
On the one hand, your data is collected when you actively provide it to us. This may, for example, be data that you enter in a contact form, the website chatbot or an order form. Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system, or time of page view).

1.4 Purposes of data processing
The categories of personal data listed under point 1.6 below are processed for the following purposes:

Ensuring error-free and secure provision or operation of the website (e.g. logging of system usage, evaluation of server logs for problem analysis, etc.);
Fulfilment of legal (e.g. tax obligations), (pre-)contractual obligations (e.g. obligations to provide information or clarification, etc.);
Enabling contact via website contact forms;
Processing of online shop orders (e.g. billing and payment of any taxes, fees or other charges, delivery, customer service, complaint handling, returns, etc.);
Tracking and analysis of your user behaviour when visiting the website or the online shop;
Implementation of advertising measures.

The provision of personal data is obligatory for you if the data processing is necessary for your visit to the website, is required by law or is necessary for the establishment or fulfilment of the contractual relationship with you. If you do not provide the personal data in such cases, you will not be able to access the website or a contractual relationship cannot be effectively concluded or fulfilled either by you or by Zukunftsinstitut GmbH.Regarding data processing for the tracking and analysis of user behaviour or for the implementation of advertising measures, the provision of your personal data is not obligatory, but takes place based on your consent.

1.5 Creation of log files
Every time our website is accessed, data and information are collected by an automated system. These are stored in the log files of the server as well as the log files of our system. This data is not stored together with other personal data of yours.

The following data may be collected:

Information about the type of browser and the version used;
the operating system you use;
the Internet service provider you use;
your IP address;
date and time of access;
websites from which your system has accessed our website;
web pages accessed by the user's system via our website.

The IP address can be personal data, because under certain circumstances it is possible to find out the identity of the owner of the used internet access by information of the respective internet service provider.

In addition to the above-mentioned purposes, we also evaluate the IP address in the event of attacks on our Internet infrastructure. In these cases, we have a legitimate interest according to Art. 6 para. 1 f) GDPR in the processing of the IP address. This legitimate interest results from the need to ward off the attack on the internet infrastructure, to determine the origin of the attack to be able to take criminal and civil action against the person responsible, as well as to effectively prevent further attacks and to be able to operate the website without disruptions.The IP address will be deleted if we can exclude that an attack on our internet infrastructure has occurred from this address.

1.6 Categories of personal data processed and legal basis for processing
Safeguarding legitimate interests: When you visit our website, data is usually processed to operate the website and to ensure data security or security of website operation (legal basis in terms of Art 6 para 1 lit f GDPR). This data may also be processed to fulfil legal obligations (e.g. obligations to provide information) or to document the fulfilment of such obligations (legal basis as laid down in Art 6 (1) (c) GDPR).

You have the right to effectively object to data processing based on legitimate interest, unless Zukunftsinstitut GmbH can demonstrate compelling legitimate grounds for data processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Performance of a contract: When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures that are carried out at the request of the data subject. In order to provide registered users with content, to respond to your enquiries via the available website contact forms or to process your online shop orders or bookings (legal basis as laid down in Art 6 (1) (b) GDPR), we process the following data. This data may also be processed to fulfil legal obligations (e.g. tax obligations, etc.) (legal basis as laid down in of Art 6 (1) (c) GDPR):

Personal contact data (incl. name, surname, title, personal email address, private address, private telephone numbers, other contact data, etc.);
business contact data (incl. business email address, business telephone numbers, business address, organisational or company data etc.);
other personal data included in your respective request via an online order form or website contact form (incl. title, function, industry affiliation, order information, etc.);
Data for contract processing (incl. booking date, bank account data, payment data, tax number, etc.).

Consent: Insofar as we obtain the consent of the data subject for processing operations of personal data concerning you, Art. 6 (1) lit. a GDPR serves as the legal basis for the processing of personal data. Based on your consent (legal basis as laid down in Art 6 (1) (a) GDPR), cookies are set and similar technologies are used in connection with the website by the website operator or by third parties. In this regard, see the information in the Cookie Statement (Part B of this Privacy Policy).

Vital interests: If processing of personal data is necessary to protect your vital interests or the vital interests of another natural person, Article 6(1)(d) GDPR serves as the legal basis for processing your personal data.

Public interest: If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, Art. 6 (1) (e) GDPR serves as the legal basis for the processing of your personal data.

1.7 Recipients of the data
For the above-mentioned purposes, the relevant personal data in each individual case is transferred to the following recipients. This transfer is based on our legitimate interests in expedient, quality-oriented and efficient internal administration, contract fulfilment, data storage and provision of the website as well as in the enforcement of legal claims:

Affiliated companies within the Zukunftsinstitut group of companies, including their employees and freelancers;
IT service providers and other subcontractors (incl. website host domainfactory GmbH, cloud service providers for data storage, advertising agencies, IT communication services, platforms for the management of social media channels, service providers for the management of customer data (CRM), etc.);
Delivery service providers, banking institutions and payment service providers (especially PCI-certified companies, such as PayPal), collection service providers;
Auditors, tax advisors, lawyers and other professional advisors subject to the duty of confidentiality;
Tax authorities, courts or other competent government authorities.

In connection to the transmission of data through cookies based on your consent, please see the information in the Cookie Statement (Part B of this Data Privacy Policy).

1.8 SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to the website operator. You can recognise the encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

If, after the conclusion of a contract against payment, there is an obligation to transmit your payment data (e.g. account number) to us, this data is required for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are also made exclusively via an encrypted SSL or TLS connection. The payment is not made directly to us but is processed via a payment service provider (e.g. PayPal). For more information about PayPal, see point 13 below.

2 Other (services) provided by the Zukunftsinstitut group of companies

Customer data is also processed if you order, book or use other services (e.g. booking of speakers, membership of the Future Circle, participation in events, commissioned studies or use of consulting services) not via the website but in another way or if you are in contact with the Zukunftsinstitut group of companies in any way. In this context, personal data (e.g. of customers or of employees of customers) are usually processed by the companies of the Zukunftsinstitut group of companies as well as by service providers of the Zukunftsinstitut group of companies.

2.1 Data ControllerThe "Data controller" as laid down in the GDPR in connection with other services is usually Zukunftsinstitut GmbH, as your contractual partner or potential contractual partner.

However, if you make use of services in the area of management consultaning provided by Zukunftsinstitut Consulting GmbH, Rudolfsplatz 12/6, 1010 Vienna, or are in contact with Zukunftsinstitut Consulting GmbH in connection with such services, Zukunftsinstitut Consulting GmbH acts as the Data controller as laid down in the GDPR (for contact details see point 7.).

Special case customer database (joint controllership): Zukunftsinstitut Consulting GmbH is an Austrian subsidiary of Zukunftsinstitut GmbH. As part of the business operations of the Zukunftsinstitut group of companies, Zukunftsinstitut GmbH and Zukunftsinstitut Consulting GmbH maintain a joint database of customer data, which is collected separately by both companies as part of their respective business operations and stored in the database. Regarding these data processing operations, the contracting parties act as joint controllers as laid down in Art 26 GDPR. The joint customer database is maintained based on legitimate interest of the members of the group of companies in uniform, efficient, quality-oriented and coordinated internal administration, maintenance of business contacts, implementation of advertising measures and fulfilment and processing of contracts with customers (legal basis as laid down in Art 6 (1) (f) of the GDPR). To regulate the joint controllership, the two companies have concluded a data protection agreement (latest applicable version on 01.04.2021). The purposes of data processing in connection with the customer database are in particular:

Organisation, coordination and optimisation of a uniform business contact of the contracting parties on behalf of or as parts of the Zukunftsinstitut group of companies with clients;
Exchange of information regarding the modalities or circumstances of the business relations with clients in order to make decisions about future cooperation with them;
Fulfilment or execution of contracts, including invoicing, if both contracting parties act or are active as contractual partners of a client;
Implementation of uniform advertising measures of the Zukunftsinstitut group of companies vis-à-vis clients (e.g. e-mail newsletter; see point 3 below);
assertion, exercise or defence of legal claims.

As joint controllers, the companies have divided the performance of their obligations under the GDPR and other applicable data protection provisions of the EU or an EU Member State in such a way that the company that initially (i.e. for the first time and before the other company) collects, stores or otherwise processes the personal data, provides the obligatory information to data subjects and handles and processes requests from data subjects regarding the exercise of their rights and the fulfilment of notification obligations in the event of a personal data breach. In all other respects, each company is itself responsible for the fulfilment of all obligations incumbent upon it as data controller.The external responsibility of the two companies as data controllers vis-à-vis the respective data subjects or supervisory authorities is not limited by the agreed division of duties. In addition, you as a data subject can exercise your rights under the GDPR against both companies, regardless of the terms of the companies' agreement.

2.2 Collection of your dataYou provide us with your data by submitting it in an enquiry via website contact form, website chatbot, email or telephone. During the business relationship with customers, data may also be collected by our IT systems through customer visits to the website. This is mainly technical data (e.g. internet browser, operating system or time of page view), which may be linked to existing customer data, e.g. in connection with newsletter dispatch (see point 3.) or due to cookies or similar technologies (see part B).

2.3 Purposes of data processing
The categories of personal data listed in the following point 2.4 are processed for the following purposes:

Fulfilment of legal obligations (e.g. record-keeping, information and reporting obligations) as well as fulfilment of your contract with Zukunftsinstitut GmbH or Zukunftsinstitut Consulting GmbH or pre-contractual obligations by them including billing and payment of any taxes, fees or other charges;
Communication with clients and work coordination on the part of Zukunftsinstitut GmbH or Zukunftsinstitut Consulting GmbH to enable the expedient, quality-oriented and efficient fulfilment of the contract between clients and Zukunftsinstitut GmbH or Zukunftsinstitut Consulting GmbH by the latter or by the clients as well as for other administrative, communication and coordination purposes, in particular also within the Zukunftsinstitut group of companies;
carrying out advertising measures, e.g. within the framework of the e-mail newsletter; see point 3 below);
assertion, exercise or defence of legal claims.

The provision of personal data is obligatory for you if the data processing is required by law or is necessary for the establishment or fulfilment of the contractual relationship with you. If you do not provide the personal data in such cases, a contractual relationship cannot be effectively concluded or fulfilled either by you or by Zukunftsinstitut GmbH or Zukunftsinstitut Consulting GmbH.With regard to data processing for the implementation of advertising measures, the provision of your personal data is not mandatory, but is based on your consent.

2.4 Categories of personal data processed and legal basis for processing: Fulfilment of legal obligations and fulfilment of contracts: In order to fulfil legal obligations (e.g. tax obligations, etc.) (legal basis as laid down in Art 6 (1) (c) GDPR) and to process your enquiries or fulfil contracts concluded with you (legal basis as laid down in Art 6 (1) (b) GDPR), we process the following data:

Personal contact data (incl. name, surname, title, personal email address, private address, private telephone numbers, other contact data, etc.);
business contact data (incl. business email address, business telephone numbers, business address, organisational or company data, etc.);
Contract processing data (incl. booking date or contract date, bank account data, payment data, tax number, etc.).

Safeguarding legitimate interests: The processing of the above-mentioned data may also take place (legal basis as laid down in Art 6 para 1 lit f GDPR) for:

Transfer of personal data within the Zukunftsinstitut group of companies for internal administrative, communication and coordination purposes in connection with the expedient, quality-oriented and efficient performance of the contract with you,
Transfer of personal data to IT service providers to ensure the IT security of the Zukunftsinstitut group of companies as well as for the purposeful, quality-oriented and efficient data storage and structuring of the contractual relationship with you;
Enforcement of legal claims of Zukunftsinstitut GmbH or Zukunftsinstitut Consulting GmbH, unless this is already based on the legal basis of a legal obligation (Art 6 para 1 lit c GDPR) or the implementation of a pre-contractual measure in response to your request (Art 6 para 1 lit b GDPR).

For the rest, see also the information above under point 2.1 on data processing within the framework of the joint customer database.You have the right to effectively object to data processing based on legitimate interest, unless Zukunftsinstitut GmbH can demonstrate compelling legitimate grounds for data processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Consent: On the basis of your consent (legal basis as laid down in Art 6 (1) (a) DSGVO), personal data is processed in connection with the e-mail newsletter (see in more detail point 3 below) or cookies are set and similar technologies are used by the website operator or by third parties when you visit the website. In this regard, see the information in the Cookie Statement (Part B of this data privacy policy).

2.5 Recipients of the data
For the above-mentioned purposes, the relevant personal data in each individual case are transmitted to the following recipients. This transfer is based on our legitimate interests in expedient, quality-oriented and efficient internal administration, contract fulfilment, data storage as well as the enforcement of legal claims (legal basis in terms of Art 6 para 1 lit f GDPR):

Affiliated companies within the Zukunftsinstitut group of companies, including their employees and freelancers;
IT service providers and other subcontractors (incl. cloud providers for data storage, advertising agencies, IT communication services, newsletter service providers, platforms for the management of social media channels, service providers for the management of customer data (CRM), etc.);
Delivery service providers, banking institutions and payment service providers (especially PCI-certified companies), collection service providers;
Auditors, tax advisors, lawyers and other professional advisors subject to the duty of confidentiality;
Tax authorities, courts or other competent state authorities.

In connection to the transmission of data by cookies on the basis of your consent, see the information in the Cookie Statement (Part B of this data protection declaration).

3 Newsletter

You can receive the e-mail newsletter of the Zukunftsinstitut group of companies if you register for it. If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to us. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people's email addresses. When you register for the newsletter, your IP address and the date and time of your registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception to this is if there is a legal obligation to pass on the data.The data is used exclusively for sending the newsletter. You can cancel your subscription to the newsletter at any time. Likewise, you can revoke your consent to the storage of personal data at any time. For this purpose, you will find a corresponding link in each newsletter.The legal basis for the processing of data after registration for the newsletter is Art. 6 para. 1 lit. a GDPR if you have given your consent. The legal basis for sending the newsletter because of the sale of goods or services is Article 7 (3) German Act against unfair competition (UWG). The e-mail newsletter is sent via the "MailChimp" service of the provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA. For information on the use of cookies and similar technologies associated with the sending of the newsletter, please see the Cookie Statement (Part B, Item 11.).

3.1 Data Controller
"Data Controller" as laid down in the DSGVO in connection with the sending of the newsletter is Zukunftsinstitut GmbH.

3.2 Collection of your data
You share your data with us by providing it when you register for the newsletter. In connection with the receipt of the newsletter, data may also be automatically collected by cookies or similar technologies (see the Cookie Statement in part B.).

3.3 Purposes of data processing
The categories of personal data listed in point 3.4 below are processed for the following purposes:

Carrying out advertising measures by sending the e-mail newsletter and related data collection.

3.4 Categories of personal data processed and legal basis for processing
Consent: When we send or you receive and open the email newsletter, the following personal data is processed on the basis of your consent (legal basis as laid down in Art 6 para 1 lit a GDPR):

Personal or business contact details (incl. name, surname, personal or business email address, etc.);
personal information (incl. date of birth);
technical information (e.g. time of newsletter retrieval, IP address, browser type and operating system).
Data about your behaviour (opening, clicks after receiving the newsletter, visit to the website, etc.);

The data processed in the context of sending the newsletter on the basis of your consent is linked with the data disclosed by you in other ways or collected about you (e.g. when visiting the website).Consent is obtained from you in writing (incl. e-mail) or through your selection of a checkbox (e.g. when registering for the newsletter). You can revoke consent given individually at any time by written notification (e-mail is sufficient) via the contact options mentioned under point 7. A revocation can also be made via a link available in every newsletter email. However, a revocation does not affect the lawfulness of the data processing carried out on the basis of the consent until the revocation.

3.5 Recipients of the data
For the above-mentioned purposes, the relevant personal data in each individual case will be transmitted to the following recipients. This transmission takes place based on our legitimate interests in expedient, quality-oriented and efficient internal administration, organisation and data storage in connection with newsletter dispatch (legal basis as laid down in Art 6 para 1 lit f GDPR):

Affiliated companies within the Zukunftsinstitut group of companies, including their employees and freelancers;
IT service providers and other subcontractors (incl. cloud providers for data storage, advertising agencies, newsletter service providers, platforms for the management of social media channels, service providers for the management of customer data (CRM), etc.);

4 Reference to data transfers to third countries (e.g. the USA)

Insofar as your personal data is transferred to recipients (in particular IT service providers) outside the European Union to a country (e.g. the USA) or to an international organisation, the transfer will only take place if the country in question has the same level of data protection as the European Union in accordance with a decision by the EU Commission or if Zukunftsinstitut GmbH (or Zukunftsinstitut Consulting GmbH as your contractual partner for consulting services) takes measures to ensure that the respective recipient has an appropriate level of data protection, e.g. by agreeing on standard contractual clauses, if necessary including additional verification measures, or - in exceptional cases - on the basis of your consent. Copies of concluded agreements on standard contractual clauses can be obtained upon request via the contact options mentioned under point 7. In such a case, it is our responsibility and that of the recipient to assess whether your rights enjoy an equivalent level of protection in the third country as in the Union and can also be effectively enforced.

If we carry out a transfer to a third country on the legal basis of Art. 49 (1) a DPR, you will be informed at this point about the possible risks of a data transfer to a third country.

Among other things, tools from companies that transfer data to the USA are integrated on the website if these tools are active. As a result, your personal data may be transferred to the servers of the respective companies in the USA. The USA is currently not a safe third country in the sense of the GDPR, because companies there can be obliged to hand over your personal data to security authorities in the USA without your procedural rights being sufficiently considered. It can therefore not be ruled out that the US security authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes.

5 Storage period

Your personal data will be stored for the duration of the respective statutory retention period. After expiry of this period, the data will be routinely deleted, unless it is necessary for the initiation or fulfilment of a contract.

Regarding the processing activities described above in points 1. (website, incl. online shop), 2. (other (service) activities) and 3. (newsletter), your personal data will be retained by Zukunftsinstitut GmbH (or Zukunftsinstitut Consulting GmbH as your contractual partner in the case of consulting services) only for as long as is reasonably deemed necessary to achieve the above-mentioned purposes of data processing and as permitted by applicable law. In any case, your personal data will be stored for the period of time for which legal retention obligations exist or limitation periods for possible mutual legal claims have not yet expired.

The data processed for the purpose of ensuring the security of the website operation are usually deleted after one month.

Legal retention obligations currently exist in particular regarding tax obligations (six to ten years after the end of the relevant calendar year). In connection with the applicable statute of limitations provisions, data is stored - depending on the respective basis for the claim - for periods of up to three years after the claim arises (in the case of claims for damages, e.g. after knowledge of the damage and the damaging party).

We store the data collected or processed exclusively for sending the newsletter until you revoke your consent.

For the storage period of data in connection with the use of cookies (more precisely: for the storage period of cookies), see the information in the Cookie Statement (Part B of this data privacy policy).

6 Your rights in connection with data processing

If personal data is processed by you, you are a data subject as laid down in the GDPR and you have the following rights vis-à-vis us as the data controller:

6.1 Right to information pursuant to Art. 15 GDPRYou may request confirmation from us as to whether personal data relating to you is being processed by us.
If such processing is taking place, you can request information from us about the following:
a. the purposes for which the personal data are processed;
b. the categories of personal data that are processed;
c. the recipients or categories of recipients to whom your personal data have been or will be disclosed;
d. the planned duration of the storage of your personal data or, if concrete information on this is not possible, criteria for determining the storage duration;
e. the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by us or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. any available information about the origin of the data if the personal data is not collected from you directly;
h. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for you.

You have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

6.2 Right to rectification pursuant to Art. 16 GDPR
You have the right to rectification and/or completion if the personal data processed about you is inaccurate or incomplete. We shall carry out the rectification without delay.

6.3 Right to deletion according to Art. 17 GDPR
6.3.1 You may request that we delete your personal data without delay. We are obliged to delete this data immediately if one of the following reasons exists:
a. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
b. You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing.
c. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
d. The personal data concerning you have been processed unlawfully.
e. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law.
f. The personal data concerning you has been collected in relation to information society services offered in accordance with Article 8(1) GDPR.

6.3.2 If we have made your personal data public and are obliged to erase it pursuant to Article 17(1) GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controller processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, that personal data.

6.3.3 The right to erasure does not exist to the extent that the processing is necessary
a. for the exercise of the right to freedom of expression and information;
b. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
e. for the assertion, exercise or defence of legal claims.

6.4 Right to restriction of processing pursuant to Art. 18 GDPR
You may request the restriction of the processing of your personal data under the following conditions:

a. if you dispute the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;b. the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;c. the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims; ord. if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.If the processing of your personal data has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

6.5 Right to information pursuant to Art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by us about these recipients.

6.6 Right to data portability pursuant to Art. 20 GDPR
You have the right to receive your personal data provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from us, provided that

a. The processing is based on consent pursuant to Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract pursuant to Art. 6 (1) b GDPR and
b. The processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have your personal data transferred directly from us to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

6.7 Right of objection pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out pursuant to Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.Thereupon, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

6.8 Right to revoke the declaration of consent under data protection law
In accordance with Art. 7 para. 3 sentence 1 GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

6.9 Automated decision-making in individual cases including profilingPursuant to Article 22(1) GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

a. is necessary for the conclusion or performance of a contract between you and the controller;
b. is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
c. is made with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

Regarding the cases mentioned in a. and c., we take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain our intervention, to express your point of view and to contest the decision.

6.10 Right to complain to a supervisory authority pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority to which the complaint has been lodged will inform you of the status and outcome of your complaint, including the possibility of a judicial remedy under Article 78 GDPR.

7 Contact options

If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise your rights as set out above under point 6 against Zukunftsinstitut GmbH or Zukunftsinstitut Consulting GmbH, please contact:

Zukunftsinstitut GmbH: Stephanie Gatterer, +49692648489-0, s.gatterer@zukunftsinstitut.at, Kaiserstraße 53, 60329 Frankfurt (Main) or
Zukunftsinstitut Consulting GmbH: Stephanie Gatterer, +4319434030-800, s.gatterer@zukunftsinstitut.at, Rudolfsplatz 12/6 1010 Vienna.
Data protection officer: Markus Heinrich, lawyer, c/o Wolter Hoppenberg Rechtsanwälte Partnerschaft mbB, Münsterstraße 1-3, 59065 Hamm, e-mail: datenschutz@zukunftsinstitut.de

B. COOKIE STATEMENT

1 General

Cookies are used on our website. These are data records that are stored on the device you use or in your browser when you visit a website. They are used in particular to make our service more user-friendly, effective and secure.Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. Such cookies enable us to recognise your browser on your next visit.Cookies can also be placed by other companies when you visit the website (so-called "third-party cookies"). This can enable certain services of the respective companies. However, data is transmitted to these companies in the process.Cookies can also be categorised according to their function, namely whether they are absolutely necessary for the operation of the website (technically necessary cookies) or serve to analyse your user behaviour on the website or for advertising purposes (analysis or advertising cookies). Analysis or advertising cookies are only set if you give your consent.You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. You can find more detailed information on this in the help menu of your browser or, for example, at www.aboutcookies.org or www.youronlinechoices.com/de/praferenzmanagement/. If cookies are deactivated, the functionality of this website may be limited.Cookie-like technologies are, in particular, code segments that are placed on a website, in a web-enabled app or in an email (e.g. so-called "pixels" or "web beacons"). These can be used to track user behaviour and analyse on which basis advertising or content can be personalised for the individual user or user categories.

1.1 Categories of processed data
When you visit our website, the following data is generally processed when cookies or similar technologies are used (this may also be personal data):

IP address (encrypted if necessary);
Browser type, version and settings (e.g. language settings and screen resolution);
Operating system used;
Referrer URL;
Host name of the accessing computer;
Time of the server request;
Cookies that are processed during the visit;
Server log files, which are files containing the above-mentioned data;
location-based data (e.g. approximate current location);
data about your behaviour (click paths, length of stay, information about achievement of website goals (so-called "conversions"), etc.) on our website;
Unique online identifiers that are assigned to your browser or terminal device by the respective cookie setter.

1.2 Legal basis of processingInsofar as cookies are absolutely necessary so that the website can be accessed and the functions we offer can be used, we are authorised to use them on the basis of a legal permit. A legitimate interest in this respect (legal basis as laid down in Art 6 (1) (f) GDPR) is therefore recognised by law. Our cookies are predominantly such technically necessary cookies.

We only use other cookies or similar technologies on the basis of your consent. You can give your consent via the so-called "cookie banner". You can also revoke any consent you have given via the cookie banner. A revocation does not affect the lawfulness of any data processing that took place before the revocation.

The providers of the services mentioned below also transmit data to the USA if you have consented to the use of the respective services. The USA is currently not a safe third country in the sense of the GDPR, as companies there may be obliged to hand over your personal data to security authorities in the USA without your procedural rights being sufficiently considered. It can therefore not be ruled out that the US security authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes.

You can revoke consent granted for the respective service individually at any time. A revocation does not affect the lawfulness of any data processing that took place before the revocation.

2 Analysis tools and advertising

We use the following tools to analyse your behaviour on our website. Cookies or similar technologies are used for this purpose.

2.1 Google AnalyticsWe use the "Google Analytics" service on our website. "Google Analytics" is provided by Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the analysis of website usage by users. The service uses "cookies" - text files that are stored on your terminal device and which enable an analysis of your use of the website. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

If necessary, Google Analytics on this website will be extended by the code "gat._anonymizeIp();" to ensure anonymous collection of your IP addresses (so-called IP masking).

Your IP address is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. As part of the data sharing agreement that the website operators have concluded with Google LLC, Google LLC uses the collected information to evaluate website usage and activity and to provide services related to internet usage).

To regulate this activity, both a processor agreement and a controller agreement have been concluded with Google. It can be assumed that Google also acts as a controller with regard to certain data. The agreement between controllers ("Data processing terms and conditions between controllers for Google measurement services") is available via the following link: https://support.google.com/analytics/answer/9012600.

The legal basis for the use is Art. 6 para. 1 lit. a GDPR in conjunction with. Art. 49 para. 1 lit. a GDPR, if the anonymised data collection by means of the code "gat._anonymizeIp" does not take place. Otherwise, especially in the case of the use of "gat._anonymizeIp", Art. 6 para. 1 lit. f GDPR is the legal basis.

The data is usually transferred to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The data is transferred to a Google server in the USA and stored there. The personal data is transmitted on the basis of Art. 46 and/or Art. 49 para. 1 lit. a GDPR.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. In order to prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used. In addition to withdrawing your consent, you can also download an additional function for your browser to generally deactivate Google Analytics via this https://support.google.com/analytics/answer/181881?hl=en&ref_topic=2919631.

More detailed information on the use of Google Analytics and the associated data processing is available on the Google websites: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.

Further information on terms of use and data protection can be found at:
https://policies.google.com/?hl=de&gl=del
https://policies.google.com/privacy?hl=de&gl=de

2.2 Personalised advertising using other Google services

We also use Google Analytics in combination with the Google services "Google Ads", "Tag Manager 360" and "Data Studio". This allows interest-based, personalised advertising messages to be tailored to you based on your previous usage and surfing behaviour on one end device (e.g. mobile phone) and displayed on the same or another of your end devices (e.g. tablet or PC). To support these features, Google Analytics collects Google-authenticated IDs of users, which may be temporarily linked to our Google Analytics data to define and create target groups for cross-device ad advertising. This is profiling.

Your usage and search behaviour are recorded by placing cookies on your terminal device or in your browser and by using similar technologies, which transmit data to Google as listed in section 8.1 above.

Cross-device personalised advertising is made possible by Google linking your web and app browsing history with the user account you have created with another Google service (e.g. G-Mail). In this way, the same personalised advertising messages can be served on each end device on which you log in with your Google account.

The legal basis is your consent pursuant to Art. 49 (1) lit. a GDPR.

The recipient is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We have concluded an order processing agreement with Google for the use of Google Analytics, cf. Art. 28 GDPR. Google processes the data on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

In the context of order processing, Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.
The data will be transferred to a Google server in the USA and stored there. The personal data is transferred pursuant to Art. 46 and/or Art. 49 para. 1 lit. a GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you revoke your consent or request the deletion of your personal data.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

2.3 Facebook tools and personalised advertising
Tools (so-called pixels) of the social network Facebook are integrated on our pages. The provider of these tools is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, D02X525, Ireland (hereinafter "Facebook"). Through these tools, Facebook places cookies on your end device or in your browser and uses similar technologies, which in particular transmits data to Facebook in the sense of the list under point 8.1 above.

The legal basis for the processing is your consent pursuant to Art. 49 (1) lit. a GDPR.

You can find more information on this in Facebook's privacy statements for Facebook services at: https://de-de.facebook.com/policy.php.

Facebook uses this information to evaluate the website usage of website visitors for us. Your data may be linked by Facebook with information from other sources.

In addition, interest-based, personalised advertising messages on the Facebook platform or other platforms of the "Meta" group of companies, of which Facebook is a member, may be adapted and displayed to you on the basis of your previous usage and surfing behaviour. This is profiling.

According to Facebook, the data sent to Facebook by the Facebook Pixel is stored for 180 days. After this time, your data should be encrypted and anonymised by Facebook. For more information on the storage period, see "Data storage, deactivation and deletion of accounts" at:

https://de-de.facebook.com/about/privacy/

More detailed information on the use of Facebook tools and the related data processing is available on the websites of the "Meta" group of companies or Facebook: https://www.facebook.com/about/privacy; https://www.facebook.com/legal/technology_terms; https://www.facebook.com/legal/terms/dataprocessing/update; https://www.facebook.com/policies/cookies/.

In order to regulate the data protection aspects when using the Facebook tools, both an order processing agreement and an addendum to the regulation of joint responsibility have been concluded with Facebook. These documents are available via the following links: https://www.facebook.com/legal/terms/dataprocessing/update and https://www.facebook.com/legal/controller_addendum respectively. In addition, an addendum was also concluded with Facebook regarding the transfer of data to the USA. This is available via the following link: https://www.facebook.com/legal/EU_data_transfer_addendum

2.4 Hubspot
This website uses HubSpot, a software of HubSpot Inc, 25 First St, 2nd Floor Cambridge, MA 02141, USA ("HubSpot"). HubSpot is used for the purpose of inbound marketing. Inbound marketing focuses on the creation of high-quality content for website visitors to zukunftsinstitut.de. Zukunftsinstitut GmbH also uses HubSpot to create usage statistics for the website, whereby pseudonyms are assigned to the visitors. Furthermore, personal and voluntarily provided information in the existing website forms is recorded in HubSpot's system and assigned to the users' pseudonyms. Details entered by you (email addresses, telephone number, name and company name) are temporarily stored for further processing. Through this information, further user analyses can be assigned to the individual visitor. The resulting data and other voluntary information are stored by HubSpot and made available to Zukunftsinstitut GmbH. If you download the newsletter or a document as a result of your visit to the website, this activity is also made visible to Zukunftsinstitut GmbH in HubSpot. A possible registration for the future receipt of a newsletter is carried out by means of a double opt-in procedure, which is handled by HubSpot via a form. Accordingly, unsubscribing from the newsletter is also carried out by means of a double opt-out procedure, which requires a further confirmation in a subsequent unsubscribe confirmation in addition to the unsubscribe in the newsletter received. In the course of your visit to the website of Zukunftsinstitut GmbH, cookies are set by HubSpot, which are requested once and require the collection of data. In particular, data in the sense of the list under point 8.1 above is transmitted to HubSpot. You are free to accept or reject the cookies. Regardless of your acceptance or rejection of the HubSpot cookies, you will be given full access to the website in accordance with the GDPR. If you do not wish to be collected by HubSpot usage statistics, you can also object to the use of cookies in other ways, e.g. by preventing the installation of cookies by setting your browser software accordingly. The HubSpot Privacy Policy can be found at https://legal.hubspot.com/privacy-policy.

The legal basis is Art. 49 para. 1 lit. a GDPR.

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you revoke your consent or request the deletion of the personal data.

To regulate the data protection aspects when using the tools from HubSpot, an order processing agreement has been concluded with HubSpot, which is available via the following link: https://legal.hubspot.com/dpa. You can find more information about data processing on the part of HubSpot at https://legal.hubspot.com/privacy-policy.

2.5 LinkedIn
Tools (so-called pixels) of the social network LinkedIn are integrated on our pages. The provider of these tools is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn"). Through these tools, LinkedIn places cookies on your end device or in your browser and uses similar technologies, which in particular transmit data to LinkedIn in the sense of the list under point 8.1.

The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you revoke your consent or request the deletion of the personal data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can object to the processing at LinkedIn itself.

The provision of your personal data is neither legally nor contractually required and is also not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it would mean that you may not be able to use this function of our website or not be able to use it to its full extent.

More detailed information on the use of LinkedIn tools and the associated data processing can be found on the LinkedIn website: https://de.linkedin.com/legal/privacy-policy or https://www.linkedin.com/legal/cookie-policy.

In order to regulate the data protection aspects of the use of the tools, LinkedIn has concluded both an order processing agreement and an addendum to regulate joint responsibility. These documents can be viewed via the following link: https://www.linkedin.com/legal/l/dpa and https://legal.linkedin.com/pages-joint-controller-addendum respectively.

2.6 Adobe Typekit
We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; hereinafter "Adobe"), which gives us access to a font library. To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. This provides Adobe with the information that our website was accessed from your IP address. Further information on Adobe Typekit can be found in Adobe's privacy policy, which you can access here: https://www.adobe.com/de/privacy/policy.html.

The legal basis for the integration of Adobe Typekit and the associated data transfer to Adobe is your consent (Art. 6 para. 1 lit. a GDPR).

Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. Information about the use of your data by Adobe Typekit Web Fonts can be found at https://typekit.com/ and in the Adobe Typekit privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html.

Adobe is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).

The provision of personal data is neither legally nor contractually required. However, failure to provide this data could result in you not being able to use this function of our website or not being able to use it to its full extent.

3 Embedded services

3.1 Vimeo, YouTube
Videos from the video portals Vimeo and YouTube are embedded on our website. These services are provided by the providers Vimeo.com, Inc, 555 West 18th Street, New York, New York 10011, USA (hereinafter "Vimeo") and YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). Before you can watch an embedded video, you must give your consent because the service providers place cookies or use similar technologies when playing the video and, in particular, data in the sense of the list under point 8.1 is transmitted to the service providers as a result.

The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you revoke your consent or request the deletion of the personal data.

The provision of your personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data may mean that you are unable to use the full functionality of our website.

Further information on the handling of user data can be found in the privacy policy of Vimeo (https://vimeo.com/privacy) and YouTube (https://policies.google.com/privacy?hl=de).

3.2 Typeform
We use the Typeform service in job application processes to update the profiles of the experts of the Zukunftsinstitut group of companies. This service is provided by TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona (hereinafter "Typeform"). The use of Typeform is based on the legal basis of the protection of a legitimate interest (legal basis as laid down in Art 6 para 1 lit f GDPR), but it can also be based on your consent (legal basis as laid down in Art 6 para 1 lit a GDPR). Insofar as cookies are placed or similar technologies are used that are not technically necessary, their use is based on your consent.

In order to regulate the data protection aspects of using Typeform, we have concluded an order processing agreement, the content of which is available at https://admin.typeform.com/to/dwk6gt?typeform-source=www.typeform.com. Further information on data processing by Typeform can also be viewed via this link.

4 Newsletter dispatch via MailChimp

We use the MailChimp service for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA (hereinafter "MailChimp"). MailChimp can be used to organise and analyse the sending of newsletters, among other things. When you enter data for the purpose of receiving newsletters (e.g. email address), this data is transmitted to MailChimp and stored on their server in the USA. With the help of MailChimp, we can analyse our newsletter campaigns, e.g. we can use cookies and similar technologies (e.g. so-called "web beacons") to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Your subsequent surfing behaviour on our website can also be tracked by MailChimp placing cookies on your terminal device when you visit our website. MailChimp's functions can also be combined with other tools we use. In doing so, your email address and the above-mentioned data are processed and transmitted to MailChimp. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

The legal basis for the processing is Art. 49 (1) lit. a GDPR. For the processing of data for verification purposes for consent and, if applicable, a revocation, Art. 6 (1) lit. f GDPR may also be the legal basis, as we have an overriding interest in the verifiability of consent or revocation due to the legal obligations to provide evidence under the GDPR.

Your data will be stored on MailChimp's servers in the USA for the purpose of receiving our newsletter. The personal data is transferred pursuant to Art. 49 and/or Art. 46 GDPR.

If you do not want MailChimp to analyse your data, you must unsubscribe from the newsletter, i.e. revoke your consent. Consent is obtained from you in writing (incl. e-mail) or through your selection of a checkbox (e.g. when registering online for the newsletter). You can revoke consent given individually at any time by written notification (e-mail is sufficient) via the contact options mentioned under point B. 7. A revocation can also be made via a link available in every newsletter e-mail. However, a revocation does not affect the lawfulness of the data processing carried out on the basis of the consent until the revocation.

The provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not otherwise obliged to provide the personal data. However, failure to provide it would mean that we would not be able to offer you a newsletter and would therefore not be able to send it to you.

To regulate the data protection aspects when using the MailChimp tools, an order processing agreement has been concluded with the MailChimp provider. This is available at the following link: hhttps://mailchimp.com/de/legal/data-processing-addendum/. For more information on data processing by MailChimp, please refer to the data protection and cookie provisions of MailChimp at: https://mailchimp.com/de/legal/terms/ and https://mailchimp.com/legal/cookies/.

5 Our profiles on social media platforms

The Zukunftsinstitut group of companies maintains profiles/accounts/company pages on the following social media platforms:

5.1 Facebook
When you visit or follow our Facebook company page, Facebook processes personal data to provide us with insights into anonymised statistics. This gives us insights into the types of actions people take on our page (so-called "Facebook insights"). For this purpose, Facebook processes information about how you interact with our Facebook company page, for example whether you are a follower of our Facebook company page. This processing of personal data as part of Facebook Insights is carried out by Facebook and us as joint controllers. We have entered into a joint responsibility agreement with Facebook which sets out the division of data protection responsibilities between us and Facebook. This is available at the following link: https://www.facebook.com/legal/controller_addendum.

5.2 Instagram
When you visit or follow our Instagram company page, Facebook processes personal data to give us insights into anonymised statistics. This gives us insights into the types of actions people take on our page (so-called "Instagram insights"). For this purpose, Facebook processes information about how you interact with our Instagram company page, for example whether you are a follower of our Instagram company page. This processing of personal data as part of Instagram Insights is carried out by Facebook and us as joint controllers. We have entered into a joint responsibility agreement with Facebook that governs the sharing of data protection obligations between us and Facebook, which we believe also applies to data processing under Instagram Insights. This agreement is available at the following link: https://www.facebook.com/legal/controller_addendum

Further information on data processing on Instagram is available at the following link: https://help.instagram.com/

5.3 Twitter
When you visit or follow our Twitter account, Twitter processes personal data as part of the "Twitter Analytics" service to provide us with anonymised statistics. This provides us with information about the types of actions people take in connection with our account or tweets. For this purpose, Twitter processes information about how you interact with our Twitter accounts, for example whether you are a follower and when tweets are read. It is understood that this processing of personal data is carried out by both Twitter and us, each as a controller. We have entered into a controller-to-controller agreement with Twitter. The agreement is available at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

5.4 LinkedIn
When you visit or follow our LinkedIn company page or our LinkedIn event pages, LinkedIn processes personal data to provide us with insights into anonymised statistics. This gives us insights into the types of actions people take on our page (so-called "page insights"). For this purpose, LinkedIn processes information about how you interact with our LinkedIn company page, for example whether you are a follower of our LinkedIn company page. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We have entered into a Joint Controller Agreement with LinkedIn which governs the sharing of data protection obligations between us and LinkedIn. The information duties are fulfilled by LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.

You, as a data subject, can exercise your rights under the GDPR against both companies regardless of the terms of the agreement with LinkedIn.

5.5 Video channels: YouTube and Vimeo
When you visit our corporate video channels on the video portals YouTube or Vimeo, YouTube or Vimeo respectively process certain personal data to provide us with insights into anonymised statistics. It can be assumed that this processing of personal data is carried out by YouTube or Vimeo as well as by us as the respective controller. However, with YouTube, only an order processing agreement is currently in force, which is available via the following link: https://www.youtube.com/t/terms_dataprocessing. An addendum to the data processing agreement has been concluded with Vimeo, according to which Vimeo also acts as a controller with regard to such processing activities. The agreement is available at https://vimeo.com/enterpriseterms/dpa.

Further information on the handling of user data can be found in the privacy policy of YouTube (https://policies.google.com/privacy?hl=de) and Vimeo (https://vimeo.com/privacy).

6 Online shop and payment service provider

We use your personal data to process your online purchases from the Zukunftsinstitut (your orders and returns are processed through our online services) and to send you delivery status notifications or notifications if there are problems with the delivery of your items. We also use your personal data to process your payments. We also use your data to process complaints and product warranty claims. Your personal data is used to establish your identity, to ensure that you are of legal age for online purchases and to match your address with external partners. We aim to offer you multiple payment methods and undertake analysis to find out which payment options are available to you, including your payment history and credit checks.

Should you decide to pay with one of the online payment service providers offered by us as part of your order process, your contact details will be transmitted to them as part of the order triggered in this way. The legitimacy of the transfer of the data results from Art. 6 para. p. 1 lit. b GDPR for the implementation of the payment method you have chosen as well as our legitimate interests according to Art. 6 para. p. 1 lit. f GDPR to enable user-friendly and uncomplicated payment processing.

The personal data transmitted to the online payment service provider is mostly first name, last name, address, IP address, e-mail address, or other data required for order processing. In addition, it is also data related to the service, such as the type of service, identity of the recipient, invoice amount and taxes as a percentage, billing information, etc.

This transfer is necessary for the performance of the service with the payment method selected by you, in particular for the confirmation of your identity, the administration of your payment and the customer relationship.

However, please note: Personal data may also be disclosed by the online payment service provider to service providers, subcontractors or other affiliated companies, insofar as this is necessary to fulfil the contractual obligations arising from your order or the personal data is to be processed on behalf of them.

Depending on the selected payment method, e.g. invoice or direct debit, the personal data transmitted to the provider will be transmitted by the provider to credit agencies. This transmission serves to check your identity and creditworthiness in relation to the order you have placed. You can find out what information is involved here and what data is generally collected, processed, stored and passed on by the respective provider in the respective data protection declarations of the providers:

American Express American Express Services Europe Limited: Branch Office Frankfurt am Main, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main at https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html
Mastercard Europe SA: Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium at https://www.mastercard.de/de-de/datenschutz.html
Visa Europe Services Inc.: London Branch, 1 Sheldon Square , London W2 6TT , United Kingdom at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
Paypal Europe: S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

7 Contact options

If you have any questions or concerns regarding the use of cookies or similar technologies, or if you wish to exercise your rights as set out in section 6 against Zukunftsinstitut GmbH, please contact:

Zukunftsinstitut GmbH: Stephanie Gatterer, +49692648489-0, s.gatterer@zukunftsinstitut.at, Kaiserstraße 53, 60329 Frankfurt (Main) or
Zukunftsinstitut Consulting GmbH: Stephanie Gatterer, +4319434030-800, s.gatterer@zukunftsinstitut.at, Rudolfsplatz 12/6 1010 Vienna.
Data protection officer: Markus Heinrich, lawyer, c/o Wolter Hoppenberg Rechtsanwälte Partnerschaft mbB, Münsterstraße 1-3, 59065 Hamm, e-mail: datenschutz@zukunftsinstitut.de

8 Security and updating

We have implemented extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, data protection is continuously guaranteed by us, through constant auditing and optimisation of the data protection organisation. From time to time it is necessary to adapt the content of this data protection notice. We therefore reserve the right to change it at any time. We will publish the amended version of the data privacy policy in the same place as this data privacy policy.

Last update on 06.07.2022

Data Privacy Policy

General Notices

Structure

Contact

Table of contents

A. PROCESSING OF PERSONAL DATA

1 General data processing on our website, incl. online shop

2 Other (services) provided by the Zukunftsinstitut group of companies

3 Newsletter

4 Reference to data transfers to third countries (e.g. the USA)

5 Storage period

6 Your rights in connection with data processing

7 Contact options

B. COOKIE STATEMENT

1 General

2 Analysis tools and advertising

3 Embedded services

4 Newsletter dispatch via MailChimp

5 Our profiles on social media platforms

6 Online shop and payment service provider

7 Contact options

8 Security and updating

Über das Zukunftsinstitut

ADRESSEN

KONTAKT

Seitenübersicht

Future Circle Login