Effective 01 January 2021.

In this privacy policy, we describe how we process your personal information when you visit the Privacy Icons Forum website.

We have set the mission to constantly improve our privacy policy: we wish to make it easy to understand how and why we collect and use your data. If you have ideas on how we can improve this privacy policy, you have any questions or you encounter any issues, we would be happy to receive your feedback.

1. At a glance

1.1 Who are “we”?

“We” are a consortium of research partners. For questions regarding your personal data, you can find our point of contact at the end of this page.

1.2 What data do we collect?

Depending on how you use our website, we collect different data:

• Your IP address [su_tooltip style=”bootstrap” position=”top” title=”IP address” content=”The IP address is a code that identifies your device on an internet network. If we anonymise it, we can only deduce the region where you are located when you visit our website”] ⓘ [/su_tooltip]
• Your email address and, if visible in your email address (or if you give it to us otherwise), your name
• Information about your device, like the type of internet browser you use, your operating system and the size of your browser window
• The page you visited before landing on our website and the pages you visited on our website
• The time and date you accessed our website
• Your port for file transfers [su_tooltip style=”bootstrap” position=”top” title=”port” content=”A port is a communication endpoint that allows data to flow in and out your computer.”] ⓘ [/su_tooltip]
• The size of the requests and the responses between your browser and the server hosting our website
• The HTTP status codes issued by our server when it responds to your browser’s request

1.3. Why do we collect and use your data?

We collect and use your data for four purposes:

• display our website,
• ensure the security of our website,
• allow you to contact us,
• evaluate and optimize our website.

1.4 Who else gets access to your data?

We never share the data we collect with third parties. [su_tooltip style=”bootstrap” position=”top” title=”third parties” content=”according to Art. 4(10) GDPR”] ⓘ [/su_tooltip]

We only share this data with the University of Siegen (Germany), which hosts our website, stores and uses the data for our purposes, only.

[expand title=”Read more”] You can find more information in the privacy policy of the University of Siegen.[/expand]

1.5 How long do we keep your data?

For displaying the website, we keep your data only during your visit. However, we may keep some of your data longer for other purposes, especially, for security reasons or if you contact us.

1.6 What are your rights?

When we collect your personal data, generally you have the following rights: the right to access, rectify and erase the data we hold about you; the right to transfer your data; and the right to restrict and object to the processing of your data. 

These rights do not apply when we collect data that are not personal and, mostly, when we anonymise your personal data.

2. What data do we process to display our website?

We collect certain data to display the website in the best manner and to enable navigation. For example, we adapt the display of the website’s content to the size of your screen and to your browser characteristics.

[su_accordion class=”website-use”][su_spoiler title=”2.1 What data do we collect?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

• Your operating system (Windows 10, macOS Mojave, etc.)
• The page you visited before landing on our website
• The page or pages you visited on our website
• The time and date you accessed our website

[/su_spoiler][su_accordion class=”website-use”][su_spoiler title=”2.2 Who else gets access to your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We do not share your data with third parties. We only share this data with the Humboldt University Berlin (Germany) which hosts our website and uses the data for our purposes. 

[/su_spoiler][su_accordion class=”website-use”][su_spoiler title=”2.3 Why are we allowed to process this data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We have a legitimate interest to process this data to inform you and other visitors about our research projects in the best possible manner [su_tooltip style=”bootstrap” position=”top” title=”legitimate interest” content=”according to Art. 6(1)(f) GDPR”] ⓘ [/su_tooltip]

[/su_spoiler][su_accordion class=”website-use”][su_spoiler title=”2.4 How long do we keep your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

Our server stores your data only during the time that you are visiting our website. The same data might be saved longer for security purposes.

[/su_spoiler][su_accordion class=”website-use”][su_spoiler title=”2.5 What are your rights?” open=”no” style=”default” icon=”plus” anchor=”” class=”]

Regarding the data we process to show you our website, your rights as data subject do usually not apply in practice, because we do not keep your data for this purpose after you leave our website and there is usually no need to enforce your rights during your visit.

[expand title=”Read more”]When we use your data for other purposes after you leave our website, check out your rights in below[/expand][/su_spoiler][/su_accordion]

3. What data do we process to ensure the security of our website?

We collect certain data to maintain our website’s security, for example to analyse technical problems and malicious attacks. 

[su_accordion class=”it-security”][su_spoiler title=”3.1 What data do we collect?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We collect the following data:

• Your IP address [su_tooltip style=”bootstrap” position=”top” title=”IP address” content=”The IP address is a code that identifies your device on an internet network.”] ⓘ [/su_tooltip]
• Your port for file transfers [su_tooltip style=”bootstrap” position=”top” title=”port” content=”A port is a communication endpoint that allows data to flow in and out your computer. Data can be received from and be sent to the Internet or other computers in a network. “] ⓘ [/su_tooltip]
• The type and version of your internet browser (Chrome, Safari, Firefox, etc.)
• The size of your browser window
• Your operating system (Windows 10, macOS Mojave, etc.)
• The page you visited before landing on our website
• The page or pages you visited on our website
• The size of the data sent by your request and the responses sent between your browser and the server hosting our website
• The HTTP Status Codes [su_tooltip style=”bootstrap” position=”top” title=”HTTP Status Code” content=”Status codes are issued by our server in response to a request made to the server. “] ⓘ [/su_tooltip] issued by our server when it responds  to your browser’s request
• The time and date you accessed our website

[/su_spoiler][su_accordion class=”website-use”][su_spoiler title=”3.2 Who else gets access to your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We have a legitimate interest to analyse your activity on our website in order to identify technical problems and protect it from cyberattacks. The data are used to ensure protection for the personal data on the server of our hosting institution. [su_tooltip style=”bootstrap” position=”top” title=”legitimate interest” content=”according to Art. 6(1)(f) GDPR”] ⓘ [/su_tooltip]

In case of a cyberattack, we may be required to provide the data to law enforcement authorities for criminal prosecution.

[expand title=”Read more”]We might be obliged by law (according to Art. 6 sect. 1 lit. c GDPR) to cooperate with law enforcement authorities.[/expand]

[/su_spoiler][su_spoiler title=”3.4 How long do we keep your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

The data are stored on our server for one week and then they are erased. However, if our website has a security incident, we have alegitimate interest to keep the data as long as necessary to investigate the incident. For example, we might look into the IP addresses we collected to identify the origin of the attack.

[/su_spoiler][su_spoiler title=”3.5 What are your rights?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

Your rights as data subject [su_tooltip style=”bootstrap” position=”top” title=”IP address” content=”your right of access, to erasure, to rectification, to limit processing, to data portability, under Articles 15-20 GDPR”] ⓘ [/su_tooltip] do not apply because we are not able to link your IP address to your identity without your help. 

However, your internet access provider, which assigned to you a certain IP address for a certain period of time, can make this connection and reveal your identity.

[expand title=”Read more”]We can ask your internet access provider to disclose your identity only if we have a justified reason, for example, if we can prove that an attack on our website originated from your IP address.[/expand] 

This means that if you want to exercise your rights, you will need first to allow us to link your identity with your IP address.Your right to object to our processing [su_tooltip style=”bootstrap” position=”top” title=”IP address” content=”under Article 21 GDPR”] ⓘ [/su_tooltip] may not apply because of our legitimate ground to investigate security incidents.

[/su_spoiler][/su_accordion]

4. What data do we process when you contact us?

When you send us an email to pm [at] gecko-project [dot] eu or when you use our other contact persons, we use your data to answer you and to be able to keep our conversation ongoing.

[su_accordion class=”contact”][su_spoiler title=”4.1 What data do we collect?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We collect and store the following data:

[expand title=”Read more”] Please help us respect the confidentiality of your data: disclose only what you think is necessary.[/expand]

• your email address 
• your name (if it is visible in your e-mail address or you decide to share it with us)
• the time and date your message was sent
• other personal information that you decide to share with us in your message.

[/su_spoiler][su_spoiler title=”4.2 Who else gets access to your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We do not share your data with third parties. We only share this data with the University of Siegen (Germany), which stores your personal data on its servers only for our purpose. This means to allow you to contact us, to allow us to answer you back and to be able to keep our conversation ongoing.

[/su_spoiler][su_spoiler title=”4.3 Why are we allowed to process these data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We have a legitimate interest to collect and process your data to answer your request and to be able to keep the conversation ongoing.  [su_tooltip style=”bootstrap” position=”top” title=”legitimate interest” content=”according to Art. 6(1)(f) GDPR”] ⓘ [/su_tooltip]

[/su_spoiler][su_spoiler title=”4.4 How long do we keep your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We store your message, your email address and your name (if you shared it) in our mailbox as long as necessary to answer your contact request and to keep our conversation ongoing. We keep these data until you object to the processing or ask us to delete it.

[/su_spoiler][su_spoiler title=”4.5 What are your rights?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

• You have the right to know which information we hold about you (right of access, Art. 15 GDPR). However, if you have contacted us via email, you can easily access our conversation in your own mailbox.
  [expand title=”Read more”]If you have deleted the messages or lost access to your mailbox, we can send you our conversation, of course.[/expand]
• You have the right to ask us to rectify the data we hold about you, if it is incomplete or inaccurate (right to rectification, Art. 16 GDPR ).
• You can object to the processing (right to object to processing, Art. 21 GDPR ), which would stop or prevent us from using your data.
  [expand title=”Read more”]However, you need to give us a specific reason to motivate your request. We can also refuse to comply with your request if we can demonstrate that our legitimate interest overrides yours. In this case, we will notify you and explain why.[/expand]
• You have the right to ask us to delete your data (right to erasure, Art. 17 GDPR)
  [expand title=”Read more”]This right applies only if your data is no longer needed to answer you and to keep the conversation ongoing, or if you have successfully exercised your right to object to the processing.[/expand]
• You can ask us to transfer your data to another service if it is technically feasible (right to data portability, Art. 20 GDPR).
• Finally, you can ask us to limit how we use your data (right to restrict processing, Art. 18 GDPR).
  [expand title=”Read more”]We will suspend the processing if you ask us to rectify your data or if we are considering your request to object to processing. If you need to keep the data to establish, exercise or defend a legal claim, we will store your data but not use it otherwise.[/expand]

[/su_spoiler][/su_accordion]

5. What data do we process to evaluate and optimise the website?

When you navigate our website, we collect and immediately anonymise your data to create statistics about how visitors use our website, which is helpful to evaluate and enhance our website appearance.

[su_accordion class=”evalandopt”][su_spoiler title=”5.1 What data do we collect?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We collect the following data:

• Your IP address in an anonymised form[su_tooltip style=”bootstrap” position=”top” title=”IP address” content=”The IP address is a code that identifies your device on an internet network. If we anonymise it, we can only deduce the region where you are located when you visit our website”] ⓘ [/su_tooltip]
• The type and version of your internet browser (Chrome, Safari, Firefox, etc.)
• The size of your browser window
• Your operating system (Windows 10, macOS Mojave, etc.)
• The page you visited before landing on our website
• The page or pages you visited on our website
• The time and date you accessed our website

[/su_spoiler][su_spoiler title=”5.2 Who else gets access to your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We do not share your data with third parties. We only share this data with the Humboldt-University Berlin (Germany), which analyses the anonymised data  for our statistical purposes.

[/su_spoiler][su_spoiler title=”5.3 Why are we allowed to process this data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We have a legitimate interest to collect this data to create statistics about how visitors of our website use it to evaluate and enhance our website.

[expand title=”Read more”](Art. 6(1)(f) GDPR) to collect this data to enhance the website. [/expand]

[/su_spoiler][su_spoiler title=”5.4 How long do we keep your data?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

We do not store your personal data, because we immediately anonymise the data we collect. 

[/su_spoiler][su_spoiler title=”5.5 What are your rights?” open=”no” style=”default” icon=”plus” anchor=”” class=””]

Your rights as a data subject [su_tooltip style=”bootstrap” position=”top” title=”IP address” content=”your right of access, to erasure, to rectification, to limit processing, to data portability, under Articles 15-20 GDPR”] ⓘ [/su_tooltip] do not apply because the data we collect is anonymised.

[/su_spoiler][/su_accordion]

6. Will this privacy policy change?

Yes, the information on this page may change, for example when the law or the way we process personal data change. When this happens, we will always make it clear and publish the changes on our website.

You can access older versions of our privacy policy under “Version history”.

7. How can you contact us and exercise your rights?

If you have questions, doubts or complaints about the way we process your personal data, please contact us. You can send an email to pm[at] uni-siegen [dot] de. We will do our best to answer quickly and address your concerns.

[expand title=”Read more”] We will review your request and do everything we can to accommodate it. If we conclude that the rights concerning your personal data do not apply, we will explain to you why. We may require proof of your identity (for example, by presenting your identity card) to ensure that we do not reveal your information to an unauthorised person.[/expand]

If you are not satisfied with our answers, you have the option to issue a formal complaint with the relevant supervisory authority in the state of North-Rhine Westfalia. Alternatively, you can contact the supervisory authority of the federal state of Germany or of the European Member State where you reside or work.