Data Protection Statement FIBAA

Protection and security of your (hereafter “User“) personal data (hereafter “PD“ in the meaning of Art. 4 point 1 of the General Data Protection Regulation (hereafter „GDPR“) are important to us. Accordingly, we comply with the legal regulations to offer appropriate protection to the PD of each user. The following is intended to inform you about the type, extent and purpose of processing of PD:

The FIBAA – Foundation for International Business Administration Accreditation (hereafter “FIBAA“) processes PD exclusively under the terms of the GDPR and according to the regulations stated under Art. 95 GDPR in connection with §§ 11-15a Telemedia Law (”TMG“).

This data protection statement (hereafter “DPS“) makes available the information according to Art. 13 GDPR for the use of the website www.fibaa.org including the sub-pages. We will first explain who is the responsible person and the data protection officer is, and then the information about the types of PD, the purpose and legal basis for processing it, any recipients and any legitimate interests, deletion periods and any other relevant information according to type of access in the various areas of the website. At the end of these data protection conditions, we explain your rights.

1. Contact data of the responsible person (Art. 13 Sec. 1. a) GDPR) and the representative according to Art. 27 Sec. 1 GDPR

The FIBAA – Foundation for International Business Administration Accreditation, c/o economiesuisse | Verband der Schweizer Unternehmen | Hegibachstrasse 47 | Postfach | CH-8032 Zürich (Foundation under Swiss Law) is responsible for the operation of the website including all sub-sides and handling the PD processed within this.

The representative in Germany is the Management of the Office of the FIBAA – Foundation for International Business Administration Accreditation (Berliner Freiheit 20-24, 53111 Bonn, Deutschland) Prof. Dr. Kerstin Fink (e-mail address: info[at]fibaa.org)

2. Contact data of the Data Protection Officer (Art. 13 Sec. 1. b) GDPR)

Our Data Protection Officer is the lawyer Georg Baumann, c/o LLR DSC GmbH, Mevissenstraße 15, 50668 Köln, e-mail address: dsb[at]fibaa.org

3. Contact by e-mail via the e-mail addresses stated on the website (if it is not a job application, see also point 4)

At various places in the website, we give you an e-mail address that offers the opportunity to contact us immediately by e-mail. 

a. Types of personal data: these include e-mail address, log files about the properties of the e-mail with the time of receipt, along with any personal data given in the e-mail by the sender.

b. Purpose of processing (Art. 13 Sec. 1. c) GDPR): the purpose is to process the user’s enquiry, and possible subsequent initiation, commencement and completion of a business relationship, depending on the type of enquiry.

c. Legal basis for processing (Art. 13 Sec. 1. c) GDPR): The legal basis for processing the data submitted in the process of sending an e-mail is Art. 6 Sec. 1. f) GDPR, if the sender is not yet a customer or is not otherwise in, or initiating, a business relationship with us. If a contractual connection already exists or this is to be initiated on the initiative of the sender, the legal basis is Art. 6 Sec. 1. b) GDPR.

d. Legitimate interests in processing on the basis of Art. 6 Sec. 1. f) GDPR (Art. 13 Sec. 1. d) GDPR): Our legitimate interests lie in informing you and answering your enquiry, and possibly entering into a business relationship with you if this is part of your request.

e. Recipients/Third parties/Transmission to a third country (Art. 13 Sec. 1. e) and f) GDPR): the data will not be transmitted to third parties (Art. 4 No. 10 GDPR), unless the user expressly agrees to this. E-mails are processed on computers within the European Union and there is an agreement for contract processing with the mail host in accordance with Art. 28 GDPR. There is no transfer to third countries, nor is it envisaged. Transmission of PD to state institutions and authorities is only in the context of legal regulations.

f. Deletion periods (Art. 13 Sec. 2. a) GDPR): Data is deleted at the latest two years after the enquiry has been correctly dealt with, as long as further processing does not arise from the nature of the enquiry (e.g. consultation). If the enquiry leads to or prepares a contractual relationship, deletion is according to the legal regulations, when the desired contractual or pre-contractual relationship ends, and at the latest two years after its end, unless Art. 17 Sec. 3 GDPR applies, in particular if legal retention obligations exist and/or the data is required for legal claims or the exercise or defence of legal claims.

4. Transmission of Application Documents

At www.fibaa.org, we give you the opportunity to submit your application for employment to us by e-mail.

a. Types of personal data: The types of data are e-mail addresses incl. the recording of the e-mail on our computers and all the PD contained in your e-mail relating to your application, e.g. title, surname, first name, details from the c.v., reports and similar.

b. Purposes of processing (Art. 13 Sec. 1. c) GDPR): The purpose of processing is the selection of applicants and the possible commencement of an employment contract.

c. Legal basis for processing (Art. 13 Sec. 1. c) GDPR): The legal basis is § 26 Federal Data Protection Law (new), poss. Sec. 6 Sec. 1. b) GDPR (e.g. for application for freelance work).

d. Recipients/Third parties/Transmission to a third country (Art. 13 Sec. 1. e) and f) GDPR): the data will not be transmitted to third parties (Art. 4 No. 10 GDPR), unless the user expressly agrees to this. E-mails are processed on computers within the European Union and there is an agreement for contract processing with the mail host in accordance with Art. 28 GDPR. There is no transfer to third countries, nor is it envisaged. Transmission of PD to state institutions and authorities is only in the context of legal regulations.

e. Deletion periods (Art. 13 Sec. 2. a) GDPR): Data is deleted at the latest two years after the completion of the application process (decision on the consideration or non-consideration of your application), unless (i) the application was successful and the entire application documentation is added to the personnel file (§ 26 Federal Data Protection Law) or (ii) Art. 17 Sec. 3 GDPR applies, in particular if legal retention obligations exist and/or the data is required for legal claims or the exercise or defence of legal claims.

5. Rights of the User (Art. 13 Sec. 2. b) - e), Art. 7 Sec. 3 GDPR)

In accordance with the statutory requirements, the user has the right to know what PD we have stored, Art. 15 GDPR, and the right to have it corrected, Art. 16 GDPR, limitation of processing, Art. 18 GDPR, deletion of data, Art. 17 GDPR.

If the user has exercised the right to correction, deletion or limitation of processing with FIBAA, FIBAA will inform any recipients to whom the PD concerned may have been revealed of this correction, deletion or limitation of processing unless this proves impossible or is associated with inordinate expense.

The user also has the right to revoke consent given under (Art. 7, Art. 6 Sec. 1. a) GDPR), Art. 7 Sec. 3 GDPR). The proper revocation of consent does not affect the legality of data collected up to then.

The user also has the right to object at any time to the processing of PD concerning the user on the basis of Art. 6 Sec. 1e or 1f GDPR for reasons resulting from the user’s particular situation, Art. 21 GDPR.

In accordance with the statutory requirements, the user also has the right to receive his or her PD provided to the FIBAA in a structured accessible and machine-readable format (right to data transferability, Art. 20 GDPR).

To exercise these rights, the user should contact the offices named under point 1 or 2.

In accordance with the statutory requirements, the user also has the right to complain to a supervising authority, Art. 77 GDPR.