Data protection information for experts of the German Foundation for International Legal Cooperation (Deutsche Stiftung für Internationale Rechtliche Zusammenarbeit e.V.) in accordance with the General Data Protection Regulation (GDPR)
- Details
- Published: August 1, 2021
Data privacy information
In the following we provide you information relating to the processing of your personal data by the German Foundation for International Legal Cooperation (Deutsche Stiftung für internationale rechtliche Zusammenarbeit e.V. , IRZ) and your rights under data protection law:
1. Information on the data controller:
German Foundation for International Legal Cooperation e.V.
(Deutsche Stiftung für internationale rechtliche Zusammenarbeit e.V.)
Contact information of the data controller:
Ubierstrasse 92
D-53173 Bonn, Germany
Phone: +49 228 / 9555 0
Fax: +49 228 / 9555 100
Register of Associations at Bonn Local Court VR 6349
Electronic contact address of the data controller:
2. Contact information of the data protection officer:
You can reach the IRZ data protection officer at the following address:
or by surface mail at:
IRZ e.V.
Ubierstraße 92
D - 53173 Bonn
3. Which sources and data are used by the IRZ:
We process personal data that you provide to us and also from all public
information sources.
We enter the following data on you in our database:
Last name, first name, title if applicable, e-mail address (private and business), gender, telephone number and if available fax (private and business), street address (private and business), occupation, job title, company/service/department, company name, areas of expertise, activity in EU projects, language skills and language level, active status or retirement. You are welcome to send us your curriculum vitae with additional information (e.g. date of birth, school-leaving certificate, completed studies, additional information on doctorate / post-graduate thesis, vocational training program(s) completed and professional experience, additional qualification(s), memberships, participation in national and international committees, activities in the capacity of an expert, publications, etc.).
We enquire about the aforementioned information by requesting you to fill in a Word form, which will later be read by IRZ employees and stored in a database. All IRZ employees have access to this database so that we are able to contact you. Data will only be disclosed to third parties with your consent.
The data will not be used for any other purposes that are unrelated to IRZ activities, and in particular will only be disclosed to third parties to the extent such is absolutely necessary in connection with the satisfaction of rights or criminal prosecution.
You may also read our general data privacy provisions at https://www.irz.de/index.php/datenschutzinformation.
4. Special categories of personal data
If you also provide us with special categories of personal data (such as health data, religious affiliation, degree of disability), processing will only take place if you have consented to this. If you transmit information of this type to us, you do so on a voluntary basis. Processing will then take place in accordance with Art. 9 II b) of the GDPR in conformity with our Data Privacy Notice and applicable law, in particular the German General Act on Equal Treatment (Gleichbehandlungsgesetz).
These details are not required by the IRZ in processing your application.
5. Information on the purposes of processing and their legal foundations:
The IRZ shall process your personal data in accordance with the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz - DSG) and all other relevant legal provisions.
Personal data will be processed for the purpose of performing or initiating contractual agreements, or for performing work of the IRZ that has come about upon the initiative of the data subjects or the IRZ (e.g. implementation of membership under association law, execution of events and seminars or IRZ projects). The legal basis for the data processing is Art. 6, para. 1, lit. b) of the GDPR.
Personal data is further processed for the purposes of meeting legal obligations (e.g. transmission to tax authorities or fulfilment of statutory storage obligations (e.g. § 147 of the German Tax Code)) to which IRZ is subject. The legal basis for the data processing is Art. 6, para. 1, lit. c) of the GDPR.
Personal data is also processed to safeguard IRZ's legitimate interests. This is the case, for example, when we store contact data on third parties or inform other parties about our work in the pursuit of the purposes of our association. The legal basis for this are provided by Art. 6, para. 1, lit. f) of the GDPR.
Personal data is ultimately processed on the basis of declarations of consent issued to us by data subjects. The legal basis for the data processing is Art. 6, para. 1, lit. a) of the GDPR.
6. Information on categories of recipients of personal data:
Recipients of personal data transmitted by our organisation are first of all service providers or contractors (e.g. data-processing and IT service providers as well as banks) which process personal data on our behalf. These operate on the basis of an agreement concluded with the IRZ and act as processors within the meaning of Art. 28 of the GDPR.
In addition, recipients of personal data are deemed to include those third parties which perform functions on behalf of our organisation within the framework of our activities to the extent such is necessary to fulfil legal obligations or obligations emanating from our statutes.
Processing of personal data in connection with the use of the DeepL Pro service
The IRZ uses the machine-based and GDPR-compliant service of DeepL Pro to translate texts for its website and annual report, for example. Any personal data contained in the texts is processed by the service provider for the purpose of producing translations. The legal basis for the data processing is Art. 6, para. 1, lit. f) of the GDPR.
The processing of content data by the service provider DeepL GmbH is based on a contract in accordance with Art. 28 GDPR. In individual cases, data may also be transferred to third parties on the basis of a legal authorisation, for example transfer to law enforcement authorities for the investigation of criminal offences within the framework of the provisions of the Code of Criminal Procedure (StPO).
The user data (the text to be translated) is encrypted during transmission using state-of-the-art cryptographic procedures. On the servers of DeepL GmbH, the data is stored in volatile memory (RAM), or encrypted on hard disc, for the duration of processing. As soon as the texts transferred from DeepL have been transmitted to the IRZ in encrypted form, the data on the servers of DeepL GmbH are irrevocably deleted.
7. Information on transmission to a third country:
Personal data are transferred to third countries to the extent such is necessary in connection with the implementation of IRZ projects. In such cases, data subjects will be informed about the third country involvement. No transmission of data to third countries takes place outside the framework of project implementation and information provided on the work of IRZ. Third countries are deemed to be states that are not members of the European Union.
8. Information on the storage period for personal data:
We store personal data in accordance with a general erasure strategy that applies to the IRZ. According to this strategy, personal data are assigned to an erasure class. In this erasure class, storage periods and standard deletion periods are assigned to such personal data. The personal data will then be erased after the expiry of the standard erasure periods.
Personal data stored in connection with membership or committees of the IRZ will be erased after termination of the respective contract and expiration of a period following which there are no further legal claims against us, e.g. when such claims are statute-barred (statute of limitation period of up to 30 years, but generally three years). The same applies to IRZ projects.
In principle, your personal data will be erased or anonymised as soon as they are no longer required for the aforementioned purposes and we are not obliged by law to provide evidence or to store such data (storage obligations of up to 10 years).
9. Information on the rights of the persons concerned:
As a data subject, you have the following rights under the GDPR:
- Right to information (Art. 15)
- Right to correction (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to object to the processing (Art. 21)
- Right to data portability (Art. 20).
10. Information on the right of revocation:
If the processing is based on Art. 6, para. 1, lit. a) of the GDPR (consent) or Art. 9, para. 2 in connection with special types of personal data, i.e. on the consent of the data subject, we herewith inform you that you have the right to revoke your consent at any time, without this affecting the lawfulness of the processing carried out on the basis of consent previously provided until revocation.
You can also assert these rights against our association:
11. Information on the right to lodge a complaint:
The supervisory authority in charge of us is:
The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153, 53117 Bonn, Germany
Phone: +49 (0)228 997799-0
Fax: +49 (0)228 997799-5550
E-mail:
Pursuant to Art. 77 (1) of the GDPR, data subjects have the right to lodge a complaint in the event of a violation of statutory provisions in the processing of personal data.
12. Provision of personal data:
The IRZ offers various services based on a contractual agreement concluded between yourself in your capacity as the data subject and ourselves (e.g. employment contract; contractual agreement on participation in events, seminars or projects). In this connection, you are obliged to provide certain personal data. This is the data that IRZ needs to fulfil contractual agreements (e.g. address/payment data). If this data is not made available, contracts may not be concluded with us.
13. Automated decision-making and profiling:
The IRZ does not take any measures involving automated decision-making (e.g. checks on creditworthiness) or so-called profiling (e.g. information on the preferences or behaviour of data subjects) in the meaning of Art. 22 of the GDPR.
Status of information: May 2024 - you will be informed about relevant changes once again if need be.