Privacy Policy

The protection of your data at eco – Association of the Internet Industry


I. General

We, the eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne (hereinafter referred to as “eco”), take the protection of your personal data very seriously, and we strictly comply with the regulations of the data protection statutes. The following declaration provides you with an overview as to how we ensure this protection. In particular, we would like to explain to you – as a visitor to our website, a subscriber to our newsletter, as a guest at one of our numerous events, or as an applicant to eco – which types of data we gather, why we collect these types of data, how we use this data, and how you at any and all times can determine how your personal data is treated.

According to the General Data Protection Regulation (GDPR) you have various rights which you can assert in relation to us. This includes, among others, the right to withdraw consent to the processing of data, in particular data processing for the purposes of marketing. The possibility to withdraw consent is typographically highlighted.

Should you have questions regarding this Privacy Policy, you can contact our data protection officer at any time. The contact details can be found below.


II. Name and contact details of the person responsible for processing and the  data protection officer

This Privacy Policy applies to the processing of data by eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Köln (“person responsible”), and for the following websites www.eco.de, www.eurocloud.de, www.certified-senders.org, www.siwecos.de, www.botfrei.de, www.susii.koeln, www.initiative-s.de, www.botfree.eu and susii.nrw.

Our data protection officer, Mr. Ivo Ivanov, can be contacted via the email address dataprotection@eco.de, by post to: eco – Association of the Internet Industry, Mr. Ivo Ivanov, Lichtstrasse 43h, 50825 Cologne, with the keyword “Data Protection,” or by fax at the number +49 (221) 70 00 48-111.


III. Purpose of data processing, legal basis, and legitimate interests that are pursued by eco or a third party, and categories of recipients

1. Surfing on this website.

eco gathers and automatically stores log file information in its server, which your browser deposited with us while you were surfing.

Examples of information that we gather and analyze include the Internet Protocol Address (IP), which connects your computer with the Internet, as well as acknowledgments of receipt and reading confirmations of emails, logins, email addresses, passwords, information about the computer and connection to the Internet such as type of browser, browser version and number, operating system and platform, your visitor history, which we sometimes consolidate with comparable information about other visitors and depict in a form that cannot be personally identified in features like top content. Furthermore, we record the complete Uniform Resource Locator (URL) Clickstream through and from our website, i.e. the sequence of the pages of our website that you visit, including date and time, cookie or flash cookie number, and the content that you viewed or for which you searched.

During your visits, we sometimes use JavaScript in order to gather and evaluate information, including the time it takes a website to load, download errors, the duration of the visit on a subpage, information regarding the interaction between pages (e.g. scrolling, clicking, mouse-overs) and leaving the page.

In brief, here is the key data that we store:

  • Type of browser/browser version
  • The operating system used
  • Referrer URL (the page visited previously
  • URLs / pages on this website that have been accessed
  • IP address of the accessing computer along with its name
  • Time of the server request
  • Visitor history

The legal basis for the processing of the IP address is Article 6, Para 1f) of the GDPR. Our legitimate interest results from the following list of purposes of the data processing. Please note on this point that it is not possible for us to draw any direct conclusions about your identity on the basis of the data collected, nor do we attempt to draw such conclusions.

The IP address of your device and the remaining data listed above is used by us for the following purposes:

  • Ensuring a seamless establishment of the connection
  • Ensuring the comfortable use of our website
  • Assessing the system security and stability

The data is saved for a period of 7 days, after which it is automatically deleted or anonymized. Further, we make use of so-called cookies, tracking tools and social media plug-ins for our website. Exactly what process is undertaken and how your data is used for these is clarified in Section III.4 below.

2. Registration for events

Registration forms for eco’s numerous events are provided in advance on our website. In the scope of your registration, personal data will generally be collected. This includes:

  • Family name
  • First name
  • Company
  • Job title
  • When necessary, billing and delivery address
  • When necessary, billing and payment details
  • Email address
  • When necessary, phone number.

These details are collected for the purposes of identifying and registering you on the day of the event.

The legal basis for this is Article 6, Para 1b) of the GDPR, i.e. you make the data available to us on the basis of the contractual relationship between yourself and us. In addition, regarding the processing of your email address, the German Civil Code requires us by law to send an electronic order confirmation (Article 6, Para. 1c)). Insofar as we do not use your contact details for marketing purposes (see section III.2.1 below), we store your data collected for the fulfillment of the contract until the expiration of the legal or possible contractual warrantee and guarantee rights. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.

Ticket sales for eco events is undertaken through XING EVENTS GmbH. You can find a link to their Privacy Policy here: https://privacy.xing.com/en/privacy-policy

2.1. Data processing for marketing purposes

The following information concerns the processing of personal data for marketing purposes. The GDPR declares such data processing on the basis of Article 6 Para. 1f) as conceivable in principle and to be a legitimate interest. The duration of data storage for marketing purposes does not follow any strict precepts and is oriented around the question of whether the storage is necessary for marketing purposes. How this proceeds in the case of the withdrawal of your consent is clarified in section III.2.1.2

2.1.1. Marketing purposes of eco

Insofar as you have concluded a contract with us regarding participation in an event, we will process your postal contact address apart from of a concrete declaration of consent, in order to occasionally in this way provide you with news on the association or forthcoming events. We process your email address in order to provide you with information regarding our own similar products apart from of a concrete declaration of consent.

2.1.2. Marketing on the basis of interests

To ensure that you only receive marketing information for which you are putatively interested, we categorize and supplement your customer profile with further information. For this, both statistical information and information regarding your person (e.g. the basic data of your customer profile) is used. The objective is to only provide you with marketing that is oriented to your actual or putative needs and not to burden you with unnecessary marketing.

2.1.3. Right to withdraw consent

You can withdraw your consent to the data processing for the purposes set out above at any time, without incurring costs, for each channel independently, and with effect for the future. For this, an email or letter to the contact details listed in Section II suffices. There are no costs other than the transmission costs according to the basic tariffs.

Insofar as you withdraw consent, the affected contact addresses will be blocked for further marketing-related data processing. Please note that in exceptional cases, it is possible that further sending of marketing material may take place temporarily, even after receiving your withdrawal of consent. This is technically due to the necessary lead-in time for advertisements and does not mean that we will not comply with your objection. Thank you for your understanding.

3. Sending of newsletters

You can subscribe to our numerous newsletters (eco compact, eco politics digital, eco event, dotmagazine etc.) on eco’s website. Within the scope of making a subscription, we will collect personal-related data from you such as name and email address. We shall solely use these types of data for personalization and implementation of our email mailings. In order to prevent the misuse of email addresses, subscribers must confirm the ordering of our newsletter in an automated process via email (double opt-in). Only after you have clicked on the confirmation link will your email address be added to our mailing list. Your thus declared consent can be withdrawn at any time with effect for the future. This can be done conveniently with the aid of the link that is located in the lower section of each of our mailings, via email to newsletter@eco.de, or by means of a message to our office – by mail to: eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, or by fax to: +49-221-7000-48-11.

Our newsletters are sent via that emailing platform MailChimp, operated by the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. 

When you subscribe to our newsletter, MailChimp stores on our behalf your email address and further data for the sending and analysis of the newsletter. In addition, MailChimp can use this data for the optimization or improvement of their own services, e.g. for the technical optimization of the sending of emails and the presentation of the newsletter, or for commercial purposes, in order to determine which countries the recipients are from. MailChimp does not forward your data to third parties and will not contact you.

The data transfer takes place on the basis of the so-called Privacy Shield, as well as on the basis of the so-called standard contractual clauses of the EU Commission. MailChimp’s Privacy Policy can be found here: https://mailchimp.com/legal/privacy/

The legal basis for the sending of our newsletter is Article 6, Para. 1a) of the GDPR and § 7 Para 2:3, and Para 3 of the German Fair Trade Practices Act (UWG). The legal basis for the use of the email service provider MailChimp, the undertaking of the collection and analysis of statistical information, and the logging of the subscription process is our legitimate interest as defined in Article 6, Para 1f) of the GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that both serves our business interests and the expectations of the user.

The newsletter "CSA Update" is via the emailing platform Mapp Digital Germany GmbH, Dachauer Strasse 63, 80335 Munich ("Mapp"). Mapp works for us as a processor and acts exclusively according to our instructions. We have entered into a corresponding processing agreement with Mapp. The privacy policy of Mapp can be found here: https://mapp.com/de/datenschutz/.

4. Use of the eco members area

On our website, members have the opportunity to register to our eco members area by providing personal data. The data is entered into an input mask and transmitted to us. A transfer of data to third parties does not take place. The following data is collected during the registration process:

  • Family name
  • First name
  • Company
  • Company Website
  • Position/role in the company
  • language
  • Optional: thematic interests
  • IP address
  • Date and time of registration.

The legal basis for this is Article 6, Para 1b) of the GDPR, i.e. you make the data available to us on the basis of the contractual relationship between yourself and us.

Registration is required for the provision of certain content and services intended only for our members, e.g. the provision of studies, whitepapers, playbooks, etc.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case when the data for the implementation of the contract (membership) are no longer required. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.

5. Use of the CSA Customer Portal

On our CSA website, Customers have the opportunity to register to our CSA Customer Portal area by providing personal data. The data is entered into an input mask and transmitted to us. A transfer of data to third parties does not take place. The following data is collected during the registration process:

  • username
  • surname
  • first name
  • customer number
  • email address
  • password 
  • telephone number
  • mobile phone number
  • fax numer
  • company
  • company Website
  • Position/role in the company
  • language
  • IP address and host name

The legal basis for this is Article 6, Para 1b) of the GDPR, i.e. you make the data available to us on the basis of the contractual relationship between customers and CSA.

Registration is required for ordering and provision of CSA services through the CSA Customer Portal.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case when the data for the implementation of the contract are no longer required. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.

6. Use of the SIWECOS website scanner

On our SIWECOS website you have the opportunity to register for the use of the SIWECOS website scanner by providing personal data. The data is entered into an input mask and transmitted to us. A transfer of data to third parties does not take place. The following data is collected during the registration process:

  • form of address
  • surname
  • first name
  • email address
  • password
  • internet address

The provision of further data is voluntary. After the security check of your website, the scan results are saved to your customer profile. The legal basis for this is Article 6, Para 1b) of the GDPR, i.e. you make the data available to us on the basis of the contractual relationship between customers and SIWECOS.  Registration is required for the use of the SIWECOS website scanner service.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case when the data for the implementation of the contract are no longer required. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.

7. Applications to eco

With the transferal of your (online) application, you give us permission to store and use your application documents for the application process. The legal basis for this is Article 6, Para 1a) of the GDPR. Your data will be handled as strictly confidential. Personal data will exclusively be made accessible to staff involved in the application process. Your data will be deleted 3 months after notification of a rejection if it does not lead to the beginning of a work or training relationship and deletion does not conflict with any other legitimate interests (e.g. obligation to provide evidence in a process according to the General Equal Opportunities Act (AGG)). Your agreement to the saving and processing of your application data can be withdrawn at any time with effect for the future by sending an email to dataprotection@eco.de, via post to: eco – Association of the Internet Industry, Lichtstrasse 43h, 50825 Cologne, or by fax to: +49 (221) 7000 48-11 with a request to have the data deleted. We will then delete all data transmitted to us in the context of the application process, insofar as we are not entitled to or required to retain them in accordance with legal regulations.

8. Online presence and website optimization

8.1. Cookies

Our Internet sites use so-called cookies at numerous points. Insofar as these cookies contain personal data, the use of these takes place on the basis of Article 6 Para 1f) of the GDPR. Our interest in optimizing is thereby to be seen as legitimate in the sense of the aforementioned regulation. Cookies are small text files that are automatically generated by your browser and saved on your device (laptop, tablet, smartphone, etc.). Cookies do not cause any damage to your device and they do not contain any viruses, Trojans, or other malware. In the cookie, information is stored which results from the connection with each specific device respectively. However, this does not mean that we gain any direct knowledge regarding your identity. The use of cookies serves on the one hand the purpose of improving the user experience of our Internet presence. We therefore use so-called “session cookies” in order to recognize that you have already visited individual pages on our website. These are deleted automatically after the end of your visit. In addition to this, also for the purpose of increasing user-friendliness, we make use of temporary cookies that are saved on your device for a specific period of time. When you visit our website again, it will be automatically recognized that you have visited the site previously, and what input you made or settings you activated, so that you do not have to input them again.

These cookies are automatically deleted after a respectively defined period of time. You can, however, configure your browser so that no cookies are stored on your computer, or so that a warning always appears before a new cookie is created. However, the complete deactivation of cookies can result in your not being able to use all functions on our website. The storage duration of the cookies is dependent on their purpose and is not the same for all.

8.2. Google Analytics

For the purposes of needs-oriented design and continual optimization of our webpages, we use Google analytics, a web analytics service from Google Inc (“Google”) on the basis of Article 6, Para 1f) of the GDPR. In conjunction with this, pseudonymized usage profiles are generated and cookies are used. The information generated through the cookie about your use of this website, such as

  • Browser type/version,
  • Operating system in use,
  • Referrer URL (the previously visited website),
  • Host name of the computer accessing the site (IP address),
  • Time of the service request,

is transferred to and stored on a Google server in the USA. The information is used in order to analyze the use of the website, create reports on website activities, and to deliver further services in connection with the use of the Internet for the purposes of market research and the needs-oriented design of these webpages. This information is also, if necessary, forwarded to third parties, insofar as this is required by law or data processing is outsourced to said third party.  Under no circumstances will your IP address be merged with any other data from Google. The IP addresses are anonymized, so that correlation is not possible (so-called IP masking).  You can prevent cookies from being saved by using the corresponding settings in your browser software; however, we wish to inform you that, in that case, this may result in you not being able to make complete use of all functions on this website. You can also prevent the collection of data by Google related to your use of the website (including your IP address) generated through this cookie, and the processing of this data by Google, by downloading and installing the Browser-Plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en

You can also prevent data collection by Google Analytics by clicking on the following link. This will set an Opt-Out cookie, which will prevent the future collection of your data when visiting this website:

Deactivate Google Analytics for this website

Further information regarding data protection in connection with Google Analytics can be found on the Google Analytics website.

8.3. Matomo (formerly Piwik)

On the basis of Article 6 Para 1f) of the GDPR, our website uses the web analytics service Matomo. Matomo uses cookies, text files that are saved on your computer and enable us to analyze your use of the website. For this purpose, user information generated through the cookie (including your abbreviated IP address) is transferred to our server and stored for the purpose of analyzing website usage, which supports our website optimization. Your IP address is immediately anonymized in this process, so that you remain anonymous to us as a user. The information generated through the cookie about your use of this website is not transferred to any third parties. You can prevent cookies from being used by activating the corresponding settings in your browser software; however, this may result in your not being able to make complete use of all functions on this website.

If you are not in agreement with the storage and analysis of data from your visit, you can dissent to the storage and analysis at any time by clicking on the link below. In this case, an Opt-Out cookie will be set in your browser, after which Matomo will collect no data from your sessions on this website. Please note: If you delete your cookies, this will also result in your Opt-Out cookie being deleted, so that you will need to reactivate it.

Click here to deactivate the tracking by Matomo.

8.4. Social Media Plugins

On the basis of Article 6 Para 1f) of the GDPR, we place plugins for the social networks Facebook, Twitter, Xing, LinkedIn, YouTube, and Flickr on our website in order to increase awareness of our association. The marketing purpose behind this is to be seen as a legitimate interest as defined by the GDPR. The responsibility for the data protection compliant operation is to be guaranteed by each provider respectively. Our integration of these plugins takes place through the so-called 2-click method, in order to protect visitors to our website in the best way possible.

8.4.1. Facebook

On our website, we use plugins for the social network Facebook that are offered by Facebook Inc. The Facebook plugins are denoted through a Facebook logo or with the addition “Like” or “Share”. An overview of the Facebook plugins and their appearance can be found at https://developers.facebook.com/docs/plugins/?locale=en_EN

When you activate such a plugin (first click), your browser establishes a direct connection to the Facebook servers. The content of the plugin is directly transmitted to your browser and is integrated in the page. Through this integration, Facebook obtains the information that your browser has accessed the specific page of our web presence, even if you do not possess a Facebook profile or are not currently logged in at Facebook. This information (including the IP address) is transferred directly from your browser to a Facebook server in the USA, and is stored there. If you are logged in at Facebook, Facebook can directly relate the visit to our website with your Facebook profile. If you interact with the plugins, for example, by pressing the “Like” button, this information is also directly transmitted to and stored in a Facebook server. The information will also be published on your Facebook profile and shown to your Facebook friends.

The purpose and the extent of data collection and the further processing and use of the data by Facebook, as well as your rights and possible settings for the protection of your privacy can be found in Facebook’s data protection information at https://facebook.com/policy.php. If you do not wish Facebook to relate information gathered through your visit to our website directly with your Facebook profile, you need to log out of Facebook before visiting our website. You can also completely prevent the loading of the Facebook plugins using add-ons for your browser, e.g. with the “Facebook Blocker” or with the Facebook Container Add-On (for Firefox).

8.4.2. Twitter

Our website has integrated plugins for the micro-blogging network Twitter Inc. The Twitter plugins (“Tweet” button) are denoted by the Twitter logo (a white bird on a blue background) and the addition “Tweet”. When you access a page on our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Through this, Twitter obtains the information that you, with your IP address, have visited our website. If you click the Twitter button while you are logged in to your Twitter account, you can link the content on our site with your Twitter profile. Through this, Twitter can relate the visit to our webpages with your user account. Please note that we as provider of the website obtain no information from Twitter about the content of the data transmitted or its use. Further information on this can be found here: https://twitter.com/privacy?lang=en. If you do not wish Twitter to attribute to you the visit to our website, please log out of your Twitter account.

8.4.3. LinkedIn

Our website has integrated plugins for the social media network, LinkedIn. LinkedIn is an Internet-based social network that enables a connection between the user and existing business contacts, as well as the creation of new business contacts. When you access a page on our website that contains such a plugin, a direct connection is established between your browser and the LinkedIn server. Through this, LinkedIn obtains the information that you, with your IP address, have visited our website. If you click the LinkedIn button while you are logged in to your LinkedIn account, you can link the content on our site with your LinkedIn profile. Through this, LinkedIn can relate the visit to our webpages with your user account. Please note that we as provider of the website obtain no information from LinkedIn about the content of the data transmitted or its use. If you do not wish LinkedIn to attribute to you the visit to our website, please log out of your LinkedIn account.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the possibility to unsubscribe to email messages, SMS messages, and targeted advertising, and to adjust advertising settings. Furthermore, LinkedIn uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which can set cookies. You can opt out from receiving such cookies at https://www.linkedin.com/legal/cookie-policy. The currently applicable Privacy Policy for LinkedIn can be accessed here: https://www.linkedin.com/legal/privacy-policy.

8.4.4. Xing

Our website has integrated plugins for the social media network, Xing. Xing is an Internet-based social network that enables a connection between the user and existing business contacts, as well as the creation of new business contacts. When you access a page on our website that contains such a plugin, a direct connection is established between your browser and the Xing server. Through this, Xing obtains the information that you, with your IP address, have visited our website. Further information about Xing plugins can be found at https://dev.xing.com/plugins. If you click the Xing button while you are logged in to your Xing account, you can link the content on our site with your Xing profile. Through this, Xing can relate the visit to our webpages with your user account. Please note that we as provider of the website obtain no information from Xing about the content of the data transmitted or its use. If you do not wish Xing to attribute to you the visit to our website, please log out of your Xing account.

The Privacy Policy from Xing is available at https://www.xing.com/privacy and provides information about the collection, processing and use of personal data by Xing. Data protection information regarding the Xing share button can be found at https://www.xing.com/app/share?op=data_protection.

8.4.5. YouTube

Our website has integrated plugins for the Internet video portal, YouTube. YouTube is an Internet video portal that enables video publishers to upload video clips free of charge and other users to view, rate, and comment on them, also free of charge. YouTube LLC is a subsidiary of Google Inc.

When you access a page on our website that contains such a plugin, a direct connection is established between your browser and the YouTube server. Through this, YouTube and Google obtain the information that you, with your IP address, have visited our website. Further information on YouTube can be found at https://www.youtube.com/intl/en/yt/about/
If you click the YouTube button while you are logged in to your YouTube account, you can link the content on our site with your YouTube profile. Through this, YouTube and Google can relate the visit to our webpages with your user account. Please note that we as provider of the website obtain no information from YouTube about the content of the data transmitted or its use. If you do not wish YouTube and Google to attribute to you the visit to our website, please log out of your YouTube account.

The Privacy Policy from YouTube is available at https://policies.google.com/privacy and provides information about the collection, processing and use of personal data by YouTube and Google.

8.4.6. Flickr

Our website has integrated plugins for the photo service Flickr, which is operated by c/o Oath (EMEA) Limited, 5-7 Point Square, North Wall Quay, Dublin 1, Ireland. The Flickr button is identifiable by a blue and magenta colored point on a white background.

What data is collected by such a plugin cannot be influenced by us. We also have no influence over how the data is used by Flickr. It can be assumed that at least the IP address and information about the device being used is collected and used, and it can also not be ruled out that Flickr will attempt to place cookies on the device in use. Through this, Flickr can be informed about the visit to particular sites in the Internet. Users that are also logged in at Flickr can be identified by Flickr. Information regarding the data collected and its use can be found in the Privacy Policy of Flickr at
https://policies.oath.com/ie/de/oath/privacy/products/flickr/index.html.
If you are a member of Flickr and do not want Oath or Yahoo to collect data about you via our web presence, and link this to your member data stored at Yahoo, you need to log out of Flickr/Yahoo before visiting our website.

8.5. Use of Google reCaptcha

To secure our contact form against unwanted usage, we use the Google Inc. service reCaptcha. This service enables the differentiation between input by a human, and abusive and automated input by a machine (Spambot). For this purpose, your IP address and, if necessary, further data required by Google Inc. for the service reCaptcha is transmitted to Google Inc. For this data, the different Privacy Policy from Google Inc. applies. These can be found at https://policies.google.com/privacy?hl=en.

IV. Your rights

1. Overview

Alongside the right to withdraw the consent given to us, you also have the following rights, when the respective legal conditions are extant:

  • Right of information regarding your personal data stored by us in accordance with Article 15 of the GDPR; in particular, you can obtain information about the purpose of processing, the category of personal data, the category of recipient for whom your data is or has been made available, the planned period of retention, the origin of your data, insofar as it was not collected directly from you,
  • Right of rectification of erroneous or to completion of correct data in accordance with Article 16 of the GDPR,
  • Right to deletion of your data stored by us in accordance with Article 17 of the GDPR, insofar as there are no legal or contractual requirements to retain the data, or other legal obligations or rights to the continued retention of the data,
  • Right to limit the processing of your data in accordance with Article 18 of the GDPR, insofar as you dispute the correctness of the data, the processing is illegal, but you oppose the deletion of said data; the data controller no longer requires the data, but you require said data for the assertion, exercise or defense of legal claims, or you have filed an objection to the processing in accordance with Article 21 of the GDPR,
  • Right to data portability in accordance with Article 20 of the GDPR, i.e. the right to receive selected data about you stored by us in a standard, machine-readable format, or to have this transmitted to another data controller,
  • Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your normal place of residence or work, or of our association headquarters to do this.


2. Right to object

Under the conditions of Article 21, Para 1 of the GDPR, the data processing can be objected to on grounds arising out of the special situation of the person affected.
The above general right to object applies for all purposes of processing described in this Privacy Policy that are processed on the basis of Article 6, Para 1f) of the GDPR. In contrast to the special right to object to data processing for marketing purposes (see Section III.2.1.2 above), we are, according to the GDPR, only obligated to implement such a general right to object if you can provide grounds of superordinate importance (e.g. a possible risk to life or health). In addition, the possibility exists to contact the supervisory authority responsible for eco, the State Data Protection Officer for North Rhine Westphalia.


V. Forwarding to third parties

The data collected by us are not sold. We provide information that we obtain to third parties exclusively to the extent described in the following:

1. Affiliated companies

Affiliated companies that are under the control of eco, if they are either subject to this Privacy Policy or adhere to guidelines that offer at least as much protection as this Privacy Policy.

2. Service providers

We commission other companies and individuals to fulfill tasks for us. Examples include supporting with the organization of events (e.g. competence groups, congresses, or LocalTalks), the sending of letters or emails, the maintenance of our contact lists, the analysis of our data bases, marketing measures (including the making available of search results and links), and the handling of payments (credit cards, bank transfers, and purchase order invoicing). These service providers have access to personal information that is necessary for fulfilling their tasks. However, they are not permitted to use this for other purposes. In addition to this, they are obligated to handle the information in accordance with this Privacy Policy and applicable data protection laws.

3. Protection of eco and third parties

We disclose personal data when we are legally obliged to do so, or when such disclosure is necessary to protect our rights and those of third parties.

4. Recipients outside of the EU

With the exception of the processing described in section III.3, we do not forward your data to recipients with headquarters outside of the European Union or the European Economic Area. The processing outlined in section III.3 triggers a data transferal to the servers of the newsletter sender commissioned by us. These servers are located in the USA. The data transfer takes place on the basis of the so-called Privacy Shield, and on the basis of so-called standard contractual clauses of the EU Commission.

VI. Further information and notes

Our website, services, and initiatives evolve continuously. Equally, this Privacy Policy and our conditions of use change on occasion. Therefore, you should regularly visit our website and take note of any changes. Insofar as nothing is regulated in another manner, the use of all information that we have about you is subject to this Privacy Policy. We assure you that significant changes to our Privacy Policy that would result in weakened protection of already collected data will always only be made with your agreement as the respective affected party.

Your trust is very important to us. Therefore, we are available to answer your questions at any time regarding the processing of your personal data. If you have questions that could not be answered in this Privacy Policy, or if you would like more detailed information on one of the points, please contact our data protection officer, Mr. Ivo Ivanov, at any time at the email address dataprotection@eco.de, at the postal address: eco – Association of the Internet Industry, Lichtstrasse 43h, 50825, Cologne (keyword “Data Protection”) or by fax to the number +49 (0)221 70 00 48-111.

    V3 Cologne, Updated: May 2018