Responsible handling of personal data is a priority for right. based on science (right.).
We want our users to know when right. is collecting what data and for what purpose.
right. operates a website hosted on the www.right-basedonscience.de domain. This website serves to provide information about right.’s activities and to give the public easy access to information.
We do not process personal data beyond what is necessary. What data we will need and process on what basis and for what purpose will much depend on the type of service you are using, and on the purpose for which the data is required.
We have taken technical and organisational measures to ensure that both we as well as external service providers comply with the provisions governing data protection.
The processing of personal data at right. is handled in accordance with the European General Data Protection Regulation (GDPR) (in German) and the Federal Data Protection Act (in German).
- Basic information
1.1 Responsibility and Data Protection Officer
Responsibility for the processing of personal data lies with the
Dr. Sebastian Müller, LL.M.
Phone: +49 (0)176 62253980
1.2 Personal Data
“Personal data” is any information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and/or an online identifier.
1.3 Protection of minors
Children and persons under 16 years of age should not transmit any personal data to us without the consent of their parents or legal guardians.
Should it happen that persons under 16 years of age do contact right. by email, contact form, letter etc., Points 3.1, 3.3, 3.6 through 3.10 shall apply. Points. 3.4 and 3.11 apply in cases whereby the data is necessary for a visit right.
- Data processing in connection to visits to this website
2.1 Data capturing
Whenever a user accesses our website and whenever a file is accessed, data relating to this is temporarily processed in a log file.
More specifically, the following data is stored for every single access/download:
Date and time (time stamp), IP address of the device or server used
Details of the request and target address (log version, HTTP method, referrer, user-agent string),
Name of the file accessed, volume of data transferred (URL including query string, file size in byte) and
confirmation as to whether the request was successful (HTTP status code).
Data collected from visits to right.’s web resources and stored on log files is transmitted to third parties only when required by law. Data will not be transferred for any other reason. right. does not compile this data with data from other sources.
2.2 Web analysis
Right. uses a web tracking tool to obtain anonymous data about user visits to our websites. This data can be used to create pseudonimised use profiles. The cookies placed on your computer are solely used to draw conclusions about the user patterns on right.’s websites and to regularly review the information service we provide to the users. No personal data is retained or passed on to third parties. It is possible to withhold or withdraw consent to the future collection and storage of data at any time [email@example.com].
- Processing of personal data of those contacting right.
The ways in which personal data is processed depend on the channel of communication used, i.e. whether right. is contacted by email, its contact form, by mail or by telephone.
3.1 Contacting right. by email
In addition to contacting staff at their personalised official email addresses, or by writing to one of the various office mail boxes, it is also possible to contact right. at: firstname.lastname@example.org, our central inbox. In the latter case, the sender’s IP address will be recorded alongside the date and time of the query. The personal data sent to this central inbox and stored by the unit responsible for forwarding messages to the recipient responsible for the matter in hand will be deleted one year after the message is forwarded.
The units will store the data transmitted by you (e.g. name, first name, address), and at least your email address and all information contained in your email (including any personal data you transmit in this way) for the purpose of contacting you and answering your query.
3.2 Contacting right. by post
If you write a letter to right., the data transmitted by you (e.g. name, first name, address), and all information contained in your letter (including any personal data you transmit in this way) will be stored for the purpose of contacting you and answering your query. We need to process the personal data you transmit so that we can answer your query.
3.3 Contacting right. by phone
If you call right. by phone, personal data will be processed to the extent that this is necessary for processing your query.
- Processing of personal data as part of social media use
right. is active on Twitter, Facebook, YouTube, and LinkedIn.
As part of its editorial duties within these social networks, right. processes data of people who interact with right.
We also explicitly draw your attention to the fact that the services used by right. store user data (e.g. personal information, IP address etc.) in line with their own guidelines on data usage and use it for commercial purposes. right. has no influence on the collection and use of data by social networks. We are unable to ascertain the extent, the location and the duration of the data capture, the extent to which the networks meet obligations to delete data, what evaluations and links pertaining to the data are made, and to whom data is forwarded.
As some of these companies are based outside the European Union with only one European office in Ireland, their legal interpretation is that they are not bound by European or German data protection rules. This also affects your right of information, the right to have data blocked or deleted, or the possibility to object to your user data being used for advertising purposes.
- Processing of personal data in the context of provision of information
How and what type of personal data is processed will depend on the channels used to provide information. We distinguish between our newsletters, printed documents, and informational visits to right.
5.1 Data for newsletter distribution
If you subscribe to one of right.’s newsletters, your email address, the date and time of your subscription, and the type of newsletter you have selected will be stored by us on a server. Your data is being processed on the basis of your consent as per Article 6 (1) (a) GDPR (consent). We use this data exclusively for distributing our newsletters and for statistical analyses designed to measure our system’s performance. We will not transmit your data to third parties who are not acting on our behalf for this purpose, and will not use them for any other internal purposes.
Our subscription system will ask you to confirm your subscription once more (double opt-in) to ensure that you explicitly wish to subscribe to this newsletter.
Upon subscription, your data will be stored on our server and a confirmation message containing a link to the second and final subscription will be automatically sent to the email address you indicated. Unless you confirm your subscription by using the link contained in this email, your data will be deleted after 48 hours.
Only once you have used the confirmation link will your data used for newsletter distribution be stored for as long as you use our newsletter.
Should you decide that you no longer agree to your data being stored for this purpose and that you do not want to use the newsletter service any longer, you can unsubscribe at any time. The data indicated by you will be deleted in this process, unless we are obliged to store it for a longer period of time. To unsubscribe, follow this link. You will need the email address you indicated when you subscribed to the newsletter.
5.2 Ordering printed documents
If you use this website to order brochures, leaflets or other types of printed documents, we will need to process your personal data in order to conduct pre-contractual measures and meet our contractual obligations (provision of printed documents) as per Article 6 (1) (b) GDPR.
You will need to provide the following personal data:
Street, house number
Postcode and town/city
This data will be processed along with your order. If we cannot complete the order process ourselves, your data will be transmitted to third parties (logistics company, if necessary other institutions to the extent that these dispatch the material). Without the above data, we will not be able to process your order. Additional information (whether we should address you as Mr/Ms/Mrs/Dr etc., the name of your company, and the country) is not necessary, but would be helpful for us to prepare your order.
The data provided by you will be anonymised 90 days after the order is completed.
- Processing of personal data as part of the recruitment process
right. is responsible for the correct processing of your personal data as part of recruitment processes. You can contact our Data Protection Officer. As part of the recruitment process, candidates applying to right. are asked to provide information about themselves, their professional experience, their expert and personal qualifications and training, and, if applicable, information relating to severe disability and/or relevant to ensure equal treatment.
The certificates and diplomas, CVs, cover letters and other documents provided by you as part of the recruitment process contain personal data within the meaning of Art. 4 (1) GDPR. This personal data will be processed and used only to the extent that this is necessary to establish an employer-employee relationship (Art. 88 (1) GDPR in conjunction with Section 26 (1) and (3) Federal Data Protection Act).
Within right., only members of staff entrusted with the selection process will have access to your personal data. Your personal data will not be disclosed to persons or institutions outside right..
In our recruitment, we do not use automated decision making. If you complete the recruitment process successfully and are hired by right., your documents will become part of your HR file, to the extent that they are relevant to the employer-employee relationship. Any additional data that has been transmitted and is not required will be deleted five months after the recruitment process is completed.
If you are not hired by right., your data will also be deleted five months after the recruitment process is completed. Any application documents submitted to us by post will be returned to you.
Should you revoke your application, we will immediately delete your data and send your documents back.
You have the following rights vis-à-vis right. regarding personal data processed by us: right to information, right to correction, right to restrict processing, right to deletion, right to lodge a complaint with a supervisory authority.
- Registration for events using the events form
The nature of the data collected depends on the specific event. Information provided via the registration form will be transmitted to right.. The sender’s IP address will not be recorded.
If you use our event form to register for an event, your personal data will be collected, stored and processed by right. for the purposes of organising the event. The data will be deleted within 30 days after your visit. In the event of an incident that needs further investigation, the data can be stored for a longer period of time and may be transmitted to the law enforcement authorities. By completing the application, you consent to your data being treated in this way.
The applicant confirms that he/she has informed all of the persons listed as “additional participants” about the fact that their personal data will be collected, stored and processed by right. for the purposes of organising the above event, and that the data will be deleted within 30 days after the visit. The above person(s) have confirmed to the applicant that they consent to this.
The data collected as part of the registration process for an event are collected and processed for the purposes of organising the event. We would like to inform you that data transmitted via the form (which may included personal data provided by you) is processed in line with Article 6(1) (e) in conjunction with Section 3 Federal Data Protection Act, and for the purpose of answering your query.
- Your rights
You have the following rights with regard to the personal data concerning your person:
Right of access, Art. 15 GDPR
The right of access confers on the data subject a comprehensive right of access to the data concerning his/her person and to certain important information-related criteria, such as the purposes for which it is processed or the duration for which it will be stored. The exceptions to this right regulated in Section 34 Federal Data Protection Act apply.
Right to rectification, Art. 16 GDPR
The right of rectification includes the possibility for the data subject to have inaccurate personal data corrected.
Right to erasure, Art. 17 GDPR
The right to erasure includes the possibility for the data subject to have data deleted by the party responsible. However, this is only possible if the personal data concerning his/her person are no longer needed, are processed unlawfully or if the relevant consent has been revoked. The exceptions to this right regulated in Section 35 Federal Data Protection Act apply.
Right to restriction of processing, Art. 18 GDPR
The right to restrict the processing includes the possibility for the data subject to prevent further processing of personal data concerning his/her person for the time being. A restriction particularly occurs pending verification of the exercise of other rights of the data subject.
Right to object to collection, processing and/or use, Art. 21 GDPR
The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data, insofar as this is justified by the exercise of public functions or of public or private interests. The exceptions to this right regulated in Section 36 Federal Data Protection Act apply.
Right to data portability, Art. 20 GDPR
The right to data portability includes the possibility for the data subject to obtain the personal data concerning his/her person from the person responsible in a standard, machine-readable format, in order to be able to forward them to another person responsible if necessary. According to Art. 20 (3) sentence 2 GDPR, however, this right does not apply if the data processing serves the performance of public tasks.
Right to revoke consent, Art. 13 and 14 GDPR
If personal data is processed on the basis of consent, the data subject may revoke such consent at any time for the purpose for which it was given. The lawfulness of the processing undertaken on the basis of this consent remains unaffected until receipt of the revocation.
You can assert the aforementioned rights in writing using the contact details set out in Section 1.1.