Data protection information for experts of the German Foundation for International Legal Cooperation (Deutsche Stiftung für Internationale Rechtliche Zusammenarbeit e.V.) in accordance with the General Data Protection Regulation (GDPR)

Details: Published: August 1, 2021

Data privacy information

Beginning 25 May 2018, new data protection regulations apply in the form of the EU General Data Protection Regulation. In the following we provide you information relating to the processing of your personal data by the German Foundation for International Legal Cooperation (Deutsche Stiftung für internationale rechtliche Zusammenarbeit e.V., IRZ) and your rights under data protection law:

1. Information on the data controller:

German Foundation for International Legal Cooperation e.V.
(Deutsche Stiftung für internationale rechtliche Zusammenarbeit e.V.)

Contact information of the data controller:

Ubierstrasse 92
D-53173 Bonn, Germany

Phone: +49 228 / 9555 0
Fax: +49 228 / 9555 100

Electronic contact address of the data controller: This email address is being protected from spambots. You need JavaScript enabled to view it.

2. Contact information of the data protection officer:

You can reach the IRZ data protection officer at the following address: This email address is being protected from spambots. You need JavaScript enabled to view it. or by surface mail at:

b-pi sec GmbH
Kopenhagener Str. 6
65552 Limburg

3. Which sources and data are used by the IRZ:

We process personal data that you provide to us and also from all public information sources.

We enter the following data on you in our database:

Last name, first name, title if applicable, e-mail address (private and business), gender, telephone number and if available fax (private and business), street address (private and business), occupation, job title, company/service/department, company name, areas of expertise, activity in EU projects, language skills and language level, active status or retirement. You are welcome to send us your curriculum vitae with additional information (e.g. date of birth, school-leaving certificate, completed studies, additional information on doctorate / post-graduate thesis, vocational training program(s) completed and professional experience, additional qualification(s), memberships, participation in national and international committees, activities in the capacity of an expert, publications, etc.).

We enquire about the aforementioned information by requesting you to fill in a Word form, which will later be read by IRZ employees and stored in a database. All IRZ employees have access to this database so that we are able to contact you. Data will only be disclosed to third parties with your consent.

The data will not be used for any other purposes that are unrelated to IRZ activities, and in particular will only be disclosed to third parties to the extent such is absolutely necessary in connection with the satisfaction of rights or criminal prosecution.

You may also read our general data privacy provisions at https://www.irz.de/index.php/datenschutzinformation.

4. Special categories of personal data

We would like to draw your attention to the fact that curriculum vitaes, possibly photographs, certificates and other data that you have provided to us may fall under the "special categories" of personal data laid down in Art. 9 of the GDPR (i.e. mental and physical health, racial or ethnic origin, political opinions, religious or philosophical convictions, membership in a trade union or political party).

These details are not required by the IRZ in processing your application.

If you transmit information of this type to us, you do so on a voluntary basis. Processing will then take place in accordance with Art. 9 II b) of the GDPR in conformity with our Data Privacy Notice and applicable law, in particular the German General Act on Equal Treatment (Gleichbehandlungsgesetz).

5. Information on the purposes of processing and their legal foundations:

The IRZ shall process your personal data in accordance with the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz - DSG) and all other relevant legal provisions.

Personal data will be processed for the purpose of performing or initiating contractual agreements, or for performing work of the IRZ that has come about upon the initiative of the data subjects or the IRZ (e.g. implementation of membership under association law, execution of events and seminars or IRZ projects). The legal foundations for this are provided by Art. 6, para. 1, lit. b) of the GDPR.

Personal data is further processed for the purposes of meeting legal obligations (e.g. transmission to tax authorities or fulfilment of statutory storage obligations (e.g. § 147 of the German Tax Code)) to which IRZ is subject. The legal foundations for this are provided by Art. 6, para. 1, lit. c) of the GDPR.

Personal data is also processed to safeguard IRZ's legitimate interests. This is the case, for example, when we store contact data on third parties or inform other parties about our work in the pursuit of the purposes of our association. The legal foundations for this are provided by Art. 6, para. 1, lit. f) of the GDPR.

Personal data is ultimately processed on the basis of declarations of consent issued to us by data subjects. The legal foundations for this are provided by Art. 6, para. 1, lit. a) of the GDPR.

6. Information on categories of recipients of personal data:

Recipients of personal data transmitted by our organisation are first of all service providers or contractors (e.g. data-processing and IT service providers as well as banks) which process personal data on our behalf. These operate on the basis of an agreement concluded with the IRZ and act as processors within the meaning of Art. 28 of the GDPR.

In addition, recipients of personal data are deemed to include those third parties which perform functions on behalf of our organisation within the framework of our activities to the extent such is necessary to fulfil legal obligations or obligations emanating from our statutes.

7. Information on transmission to a third country:

Personal data are transferred to third countries to the extent such is necessary in connection with the implementation of IRZ projects. In such cases, data subjects will be informed about the third country involvement. No transmission of data to third countries takes place outside the framework of project implementation and information provided on the work of IRZ. Third countries are deemed to be states that are not members of the European Union.

8. Information on the storage period for personal data:

We store personal data in accordance with a general erasure strategy that applies to the IRZ. According to this strategy, personal data are assigned to an erasure class. In this erasure class, storage periods and standard deletion periods are assigned to such personal data. The personal data will then be erased after the expiry of the standard erasure periods.

Personal data stored in connection with membership or committees of the IRZ will be erased after termination of the respective contract and expiration of a period following which there are no further legal claims against us, e.g. when such claims are statute-barred (statute of limitation period of up to 30 years, but generally three years). The same applies to IRZ projects.

In principle, your personal data will be erased or anonymised as soon as they are no longer required for the aforementioned purposes and we are not obliged by law to provide evidence or to store such data (storage obligations of up to 10 years).

9. Information on the rights of the persons concerned:

As a data subject, you have the following rights under the GDPR:

Right to information (Art. 15)
Right to correction (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Right to object to the processing (Art. 21)
Right to data portability (Art. 20).

10. Information on the right of revocation:

If the processing is based on Art. 6, para. 1, lit. a) of the GDPR (consent) or Art. 9, para. 2 in connection with special types of personal data, i.e. on the consent of the data subject, we herewith inform you that you have the right to revoke your consent at any time, without this affecting the lawfulness of the processing carried out on the basis of consent previously provided until revocation.

You can also assert these rights against our association: This email address is being protected from spambots. You need JavaScript enabled to view it..

11. Information on the right to lodge a complaint:

The supervisory authority in charge of us is:

The Federal Commissioner for Data Protection and Freedom of Information
Husarenstr. 30, 53117 Bonn, Germany

Phone: +49 (0)228 997799-0
Fax: +49 (0)228 997799-5550

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Pursuant to Art. 77 (1) of the GDPR, data subjects have the right to lodge a complaint in the event of a violation of statutory provisions in the processing of personal data.

12. Provision of personal data:

The IRZ offers various services based on a contractual agreement concluded between yourself in your capacity as the data subject and ourselves (e.g. employment contract; contractual agreement on participation in events, seminars or projects). In this connection, you are obliged to provide certain personal data. This is the data that IRZ needs to fulfil contractual agreements (e.g. address/payment data). If this data is not made available, contracts may not be concluded with us.

13. Automated decision-making and profiling:

The IRZ does not take any measures involving automated decision-making (e.g. checks on creditworthiness) or so-called profiling (e.g. information on the preferences or behaviour of data subjects) in the meaning of Art. 22 of the GDPR.

Status of information: August 2021 - you will be informed about relevant changes once again if need be.