DIBt is committed to handling your data responsibly. We hope that the sections below will help you understand for which purposes DIBt collects data and what happens with it in the later process. You will also learn what happens technically on your computer during the data collection process (catchword: "cookies").
If you have further questions, please do not hesitate to contact us:
Digital content manager
Dr.-Ing. Doris Kirchner
Deutsches Institut für Bautechnik
Kolonnenstr. 30 B
Telefon +49 (0)30/ 78730 423
Telefax +49 (0)30/ 78730 320
What are cookies and how do they work?
Cookies are small files which your web browser stores on your computer when you visit a website. They are used to exchange data between computer programs or to save data for a certain period of time. Cookies are necessary for many applications, including Matomo, to work properly. However, it is possible to configure them such that functionality is maintained while ensuring that your personal data is protected. To achieve this, DIBt has chosen the following settings:
- The session cookie expires as soon as you close your browser.
Special data protection provisions for services requiring prior registration
For some of the services offered by DIBt a separate registration is necessary (e.g. for the approval download, the DIBt newsletter service, or the EnEV registration point).
Information on the processing of personal data for the DIBt newsletter service
In the following we would like to provide you with information on the processing of your personal data by Deutsches Institut für Bautechnik in accordance with Article 13 of the EU General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter referred to as the 'GDPR').
1.1 Data controller
Deutsches Institut für Bautechnik
Kolonnenstraße 30 B
Phone: +49 (0)30/ 78730-0
1.2 Purposes and legal basis
We process your personal data in accordance with the provisions of the GDPR and the Berlin Data Protection Act in the respectively valid versions. The collection of personal data by Deutsches Institut für Bautechnik (DIBt) for the DIBt newsletter service is based on your consent (Art. 6(1)(a) of the GDPR) which you grant us when you sign up for the newsletter via double opt-in.
1.3 Personal data collected
- Last name, first name,
- email address.
1.4 Which sources and data do we use?
We process personal data which we receive from you when you sign up for the newsletter. Relevant personal data are your personal details and contact data.
1.5 Access to personal data
Your personal data are saved in the local database on the DIBt webserver. The data are not passed on to any third parties.
Employees of the DIBt Section Corporate Communications, International Relations (ZD 5), central IT administrators of DIBt and specialised administrators of DIBt have access to the mentioned personal data. The DIBt data protection officer also has access.
Service providers (e.g. IT service providers) used by us may also have access to the data. For the case that we outsource certain parts of data processing ('contract data processing'), we obligate the contract data processors within the framework of the contract to process personal data in accordance with the data protection laws only and to safeguard the rights of the data subject.
Data transfer to bodies or persons outside the EU does not take place and is not planned.
1.6 Period of storage
We process and save your personal data as long as you are registered to receive our newsletter and this is necessary for fulfilment of our legal obligations. If you unsubscribe from our newsletter, your data will be routinely deleted unless further processing of them is necessary for the following purposes:
a) for compliance with a legal obligation to which the controller is subject
b) for performance of a task carried out in the public interest or in the exercising of official authority vested in the controller;
c) for the establishment, exercise or defence of legal claims.
1.7 What are my rights in regard to data protection?
Every data subject has the right to:
a) access to information pursuant to Article 15 of the GDPR in conjunction with § 24 of the Berlin Data Protection Act,
b) rectification pursuant to Article 16 of the GDPR,
c) erasure ('right to be forgotten') pursuant to Article 17 of the GDPR in conjunction with § 25 of the Berlin Data Protection Act,
d) restriction of processing pursuant to Article 18 of the GDPR,
e) data portability pursuant to Article 20 of the GDPR,
f) withdrawal of consent at any time pursuant to Article 7(3) of the GDPR.
a) Right of access
You can ask the controller to provide you with confirmation as to whether or not your personal data are being processed by us. Where this is the case, you have the right to obtain the following information from the controller:
(1) the purposes for which the personal data are being processed,
(2) the categories of personal data which are being processed,
(3) the recipients or the categories of recipients to whom your personal data have been or will be disclosed,
(4) the envisaged period for which your personal data will be stored or, if not possible, the criteria used to determine that period,
(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority,
(7) any available information as to the source of the data where the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether your personal data are being transferred to a third country or an international organisation. In this context you can ask to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
b) Right to rectification
You have a right to rectification and/or completion if your personal data are incorrect or incomplete. The controller must perform this rectification without undue delay.
c) Right to erasure ('right to be forgotten')
You can ask the controller to erase your personal data without undue delay. The controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based in accordance with Art. 6(1)(a) or Art. 9(2)(a) of the GDPR and there is no other legal ground for the processing.
(3) You object to processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21(2) of the GDPR.
(4) Your personal data have been unlawfully processed.
(5) Your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) Your personal data were collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
Information of third parties:
Where the controller has made your personal data public and is obligated to erase pursuant to Art. 17(1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take appropriate measures to inform other controllers that the data subject has requested the erasure of any links to, or copy or replication of, those personal data (Art. 17(2) of the GDPR).
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information,
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
(3) for reasons of public interest in the area of public health in accordance with Arts. 9(2)(h) and 9(2)(i) as well as Art. 9(3) of the GDPR,
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR to the extent that the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defence of legal claims.
d) Right to restriction of processing
You can request the restriction of processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data,
(2) if processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
(4) if you have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or juridical person or for reasons of important public interest of the Union or a Member State. Where processing has been restricted under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.
e) Right to data portability
You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the data controller to which the personal data have been provided where:
(1) the processing is based on consent pursuant to Art. 6(1)(a) of the GDPR or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1)(b) of the GDPR; and
(2) the processing is carried out by automated means.
In exercising this right you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The right shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
- f) Right to withdraw consent at any time
In accordance with Art. 7(3) of the GDPR, you have the right to withdraw your consent at any time.
1.8 Am I obligated to provide data?
To receive the DIBt newsletter, you need to provide the personal data which is required or which we are legally obligated to collect.
1.9 Is there automated decision-making?
We do not use fully automated decision-making in accordance with Art. 22 of the GDPR to process your registration.
1.10 Is there profiling?
We do not process your data with the aim of evaluating specific personal aspects. Profiling does not take place.
2.1 Contact for subscribing to the DIBt newsletter
Section Corporate Communications,
International Relations (ZD5)
Kolonnenstraße 30 B
Phone: +49 (0)30/ 78730-0
2.2 Data protection officer
The data protection officer can be contacted at:
Data Protection Officer
Kolonnenstraße 30 B
2.3 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes the General Data Protection Regulation (GDPR).
The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.