International Association of Controllers Privacy Policy

The International Association of Controllers (ICV) is an international network of people in the controlling business. Founded in 1975 by CA Akademie AG (CA) graduates, the association has shaped controlling in the German-speaking world.

Introduction

This privacy policy describes how, why and to what extent personal data are processed as part of the data processing procedure and ICV’s online service and its related websites, functions and content. This privacy policy applies independently of the domains, systems, platforms and devices on which the online service is run.

Registration for membership and for ICV events

If you register online, by phone, fax or post for membership or for an ICV event, we will collect and store the requested data – and, insofar as it is required for membership, event preparation and staging – we will forward it to the offices listed below in order to fulfil our contract.

For your membership we require your form of address, first and last name, date of birth, private and/or company address, telephone, email, postal address for sending the Controller Magazine, the billing address and the start date of the membership, so we can fulfil our service obligations to you and communicate directly with you.

Optional details include your title, fax, further phone numbers, position, your professional skills, SEPA-Mandate and work group interests. Membership applications are often submitted by third parties of the prospective member’s employer, who are thus our contracting partners. We therefore require both a so-called booking contact and billing contact for communication with employers.

When registering for events, we require your form of address, first and last name, company, address, phone number, email address and information on whether you are an ICV member. We also need this information to fulfil our service obligations to you and communicate directly with you. Registrations for events are often submitted by third parties of the employer, who are thus our contracting partners. We therefore require both a so-called booking contact and billing contact for communication with these third parties. Optional details include your position, department and the remarks box. Communication with your employer is conducted in the manner specified when the event is booked.

We store both these compulsory and optional data over the Software VereinOnline on the companies server of GRITH AG (Von-Poschinger-Str. 32, DE-85737 Ismaning) or on servers of their subcontractors in order to fulfil our contractual services in line with Article 6, Paragraph 1, Letter b of the EU GDPR. All contractual partners are obliged to comply with  data protection regulations via order processing contracts in accordance with the EU Date Protection Regulations. We work with external service providers to maintain and ensure security. They are based in the Federal Republic of Germany or Switzerland or on servers which fulfill the Privacy-Shield-Agreement and are thus subject to the EU GDPR and German data protection law.

Member directory in password-protected Member Portal (Mitgliederportal, Software: VereinOnline)

In order to achieve the association’s aims laid down in its articles (Section 2 Purpose) and thus to perform our contractual services in line with Article 6, Paragraph 1, Letter b of the EU GDPR, we store the salutation, first and last name, company and professional skills (as far as named). You can revoke this entry at any time by sending an email with your revocation to widerruf{bei}icv-controlling.com.

Staging of ICV events

When you register for events we use the following data you give us in order to organise the event:

  • Insofar as hotel rooms are reserved by ICV, the hotel receives a list of participants for the hotel to arrange its services with the participants. The list includes the name, company, postcode and town of the participants.
  • The person organising the event receives a list of participants with the first and last names of the participants, their position, and the address of the registering organisation. This is used to prepare for the group of participants.
  • An important part of our events is networking and the exchange of ideas among the event participants. For this reason, the participants are given a list of all event participants at the venue, which contains the following data: first and last name, position, company name and site.
  • Information may be sent via email to participants after the event for post-processing.

After termination of ICV membership

We retain the data we have collected for the membership once it is over. In line with Article 17, Paragraph 3, Letter b of the EU GDPR, this includes data required by the bookkeeping department, which is subject to statutory retention regulations, and also the information that a membership was held, and that it has been interrupted, for the eventuality that it reactivated at a later date. Data related to the switch from a personal to company membership and vice-versa is also stored.

After ICV events

We retain the data we have collected for the respective event once it is over. In line with Article 17, Paragraph 3, Letter b of the EU GDPR, this includes data required by the bookkeeping department, which is subject to statutory retention regulations, and information about which event a specific person has attended or cancelled. This also enables us to issue confirmations of participation as proofs of personal qualification (further and advanced training) should the participants so wish, even long after an event has taken place.

The personal data we store are deleted if the aforementioned reasons no longer preclude this. This refers to erasure on expiry of statutory retention periods and the erasure of the accounting history after 40 years in line with the regular customer further training cycle.

Information about our service portfolio

In addition, we use some of the data given to us (name, email address, postal address) to preserve our legitimate interests in line with Article 6, Paragraph 1, Letter f of the EU GDPR and/or Article 6, Paragraph 1, Letter a of the EU GDPR based on your consent beyond the event you have booked or your membership to let us inform you per post, email or telephone about our other services, specialised content, training events and publications.

In order to do so, we also use external service providers like mailing companies and newsletter distributors in Germany whom we have contractually obliged in compliance with the data protection provisions according to Article 28 of the EU GDPR.

You are entitled at any time to revoke the use of your data used for these purposes, by sending an email with your revocation to widerruf{bei}icv-controlling.com. In this case we will then immediately stop sending further information and restrict the use of your data for these purposes to the types of acquisition you wish or block it completely.

Work group/member management

As an ICV member, you can join one or several regional, expert and sector work groups. If you intimate your wish to do so to us, the relevant delegate/work group leader will contact you directly using the data specified in the membership application. The delegates and work group leaders are honorary officers and have been pledged to data secrecy in line with Article 5 of the EU GDPR.

Interest in ICV without booking an event/without ICV membership

Insofar as you have given us your postal and/or email address to let us notify you of our service portfolio (e.g. by subscribing to our newsletter, requesting information or ordering our literature), we shall use these data to preserve our legitimate interests in line with Article 6, Paragraph 1, Letter f of the EU GDPR and/or based on your consent in line with Article 6, Paragraph 1, Letter a of the EU GDPR.

You are entitled at any time to revoke the use of your data used for these purposes, by sending an email with your revocation to widerruf@icv-controlling.com. In this case we will then immediately stop sending further information and restrict the use of your data for these purposes to the types of acquisition you wish or block it completely.

Furthermore, we use personal data that we have acquired from the public domain to preserve our legitimate interests in line with Article 6, Paragraph 1, Letter f of the EU GDPR.

You are entitled at any time to revoke the use of this data by sending an email with your revocation to widerruf{bei}icv-controlling.com. In this event, we will immediately stop sending further information and completely block the use of these data.

Visiting our website

Our security measures include in particular encrypted data transmission between your browser and our server according to HTTPS protocol (SSL-encrypted, algorithm RSA-AES 256).

Matomo

We use the analysis tool Matomo to statistically evaluate usage behavior on our website. This is open source software operated by ourselves. With Matomo, no data is transferred to servers that are outside the control of the International Association of Controllers ICV.

When you visit our website, Matomo is initially configured so that it does not leave any cookies on your device. Your express consent in the data consent dialog activates also the use of cookies for Matomo so that we are able to recognize returning visitors. Your IP address is anonymized. None of the data collected will be passed on to third parties.

With this user analysis, we would like to further improve the website and adapt it even more to the needs of the users.

Data processing is carried out on the basis of your consent via our data consent dialogue in accordance with Section 25 Paragraph 1 TTDSG, Art. 6 Paragraph 1 of the GDPR. You can revoke your consent at any time. Further information about Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/.

OPT-OUTs

Users can prevent cookies being stored via the user preferences in their browser software settings; users can also prevent data generated by the cookie on their use of the online service being transmitted to Google and processed by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively, you can also deactivate Analytics via our deactivation function.

https://www.icv-controlling.com: <a href=“#gaOptout“>Deactivate Google Analytics for www.icv-controlling.com now</a>

https://www.controlling-wiki.com: <a href=“https://www.controlling-wiki.com/#gaOptout“>Deactivate Google Analytics for www.controlling-wiki.com now</a>

https://blog.icv-controlling.com: <a href=“https://blog.icv-controlling.com/#gaOptout“>Deactivate Google Analytics for blog.icv-controlling.com now</a>

A cookie is then set on your computer telling Google that you do not wish to be tracked by Analytics.

Additional information

You can find additional information on Google’s use of data for advertising purposes, settings and revocation possibilities on Google websites: https://www.google.com/intl/de/policies/privacy/partners/ (“Data usage by Google when you visit our partners’ websites or use their apps”), http://www.google.com/policies/technologies/ads (“Data usage for advertising purposes”), http://www.google.de/settings/ads (“Managing information used by Google to show you advertising”) and http://www.google.com/ads/preferences/ (“You decide which advertising Google shows you”).

Google Adwords

The Google marketing services we use include the Google AdWords online advertising program. In case of Google AdWords, each AdWords customer receives a different “conversion cookie”. This means that cookies cannot be tracked via the websites of AdWords customers. The information collected with the help of cookies is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers receive information on the total number of users who clicked on their advertisement and were forwarded to a website with a conversion tracking tag. However, they do not receive any information that lets them identify users personally.

Access data and log files

Based on our legitimate interests within the meaning of Article 6, Paragraph 1, Letter f of the GDPR we collect data about every access to the server on which this service is located (so-called server log files). The access data include the name of the website accessed, file, date and time of access, data volume transmitted, access message, browser type and version, the user's operating system, referrer URL (the antecedent website visited), IP address and the requesting provider.

Log files are stored for a maximum of 30 days for security reasons (e.g. to investigate any incidents of misuse or fraud) and then they are deleted. Data that must be stored for a longer period because they are required as proof are excepted from deletion until clarification of the respective incident is finalised.

Information about cookies

Cookies are information that our or third-party web servers send to the user’s browser and store there for subsequent call-up. Cookies may be small files or other forms of information storage downloaded to the computer or a mobile end device. Online services recognise subsequent visits and visitor paths to simplify your use of the websites and better tailor them to suit you.

We use the following cookies

Persistent cookies that remain on devices even after the browser is closed. They are reactivated every time the website is accessed. Repeat visits can therefore be identified (e.g. to store you login status or booking function and thus enable use of our online service in the first place). A randomly generated unique identification number or so-called session ID is stored in the persistent cookie. It also contains details of its origin and when it expires. These cookies cannot store any other data. Persistent cookies are deleted after a specified period of time (www.icv-controlling.com: 14 days, www.controlling-wiki.com: 30 days) or when you log out.

Third-party supplier cookies stored by companies to analyse websites in order to supply us with details of how often the online service was accessed and how long for.

Cookies and setting options

Cookies enable the efficient personalised use of all our online service functions. Without cookies, some functions and services are not available.

Most browsers offer different options for protecting your privacy. Deactivating cookies means that new cookies cannot be stored. It does not prevent previously set cookies continuing to function on the device until all cookies are deleted in the browser settings. The browser help function or end device user manual explain how to manage your personal preferences in relation to cookie settings. In addition, company-specific settings may be subject to guidelines.

Third-party services and content

The following description provides an overview of third-party providers and their content, links to their privacy policies and additional information on data processing, and in some cases, also information on the aforementioned opt-outs:

Youtube

Videos of the “YouTube” platform of third-party provider, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.

LinkedIn

Our online services use LinkedIn network functions. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. A link to LinkedIn servers is established every time one of our websites with LinkedIn functions is accessed. LinkedIn is also informed that you have visited our Internet websites with your IP address. If you click LinkedIn’s “Recommend” button and are logged into your account at LinkedIn,  LinkedIn will be able to link your visit to our Internet website to your user account. Please note that as the website provider we have no knowledge of the content of the transmitted data or their use by LinkedIn. Privacy policy: www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Facebook

Our online services use Facebook network functions. Based on our legitimate interests (i.e. interest in analysing, optimising and the economic operation of our online service within the meaning of Article 6, Paragraph 1, Letter f of the GDPR), we use social plugins ('plugins') of the social network, facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Facebook'). Plugins may be interaction elements or content (e.g. videos, charts or text contributions) and are recognisable by one of the Facebook logos (a white “f” on a coloured background). The list of Facebook social plugins and what they look like can be viewed here: developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

If you use a function of this online service that contains such a plugin, your device will set up a direct link to the Facebook servers. Facebook sends the plugin content directly to your device and incorporates in the online service. Usage profiles based on the processed data may be created in the process. We therefore have no influence on the scope of data collected by Facebook with the help of this plugin, and thus inform users to the best of our knowledge.

By incorporating the plugin, Facebook receives the information that a user has accessed the relevant website of the online service. If the user is logged into Facebook, Facebook can link the visit to the user’s Facebook account. If users interact with the plugins by clicking the Like button or leaving a comment, the respective information is sent by your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still a possibility that Facebook will find out their IP address and store it. According to Facebook, only anonymised IP addresses are stored in Germany.

Users can refer to the Facebook privacy policy for details of the purpose and scope of data acquisition, further processing and use by Facebook, and the rights and settings in this connection to protect user privacy at: www.facebook.com/about/privacy/.

If a user has a Facebook account and does not want Facebook to collect data about them via this online service and link it with their account data on Facebook, they must first log out of Facebook and delete its cookies before using our online service. Other settings and objections to the use of data for advertising purposes are possible in the Facebook profile settings: www.facebook.com/settings or via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com. Settings are performed across all platforms, i.e. they are adopted for all devices, such as desktop computers and mobile devices.

Instagram

Features and content of the Instagram service (Instagram Inc., 1601 Willow Road, Menlo Park, Calif., 94025, USA) may be incorporated on our website. For this, e.g. content such as images, videos, text and buttons may be used to allow users to voice their favor regarding content to authors, or they may subscribe to these submissions. If the users are members of the platform Instagram, Instagram is able to assign the call of the mentioned contents and functions to the profiles of the users there. http://instagram.com/about/legal/privacy/.

„X“ (formerly Twitter)

Functions of the X service may be incorporated in our online service. These functions are offered by X Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If you use X and the retweet function, the websites you access will be linked to your X account and disclosed to other users. Data will also be transferred to X. Please note that as the website provider, we have no knowledge of the content of the transmitted data or their use by X. The X privacy policy is available at twitter.com/privacy. You can change your data privacy settings on X in your account settings at twitter.com/account/settings.

XING

We use functions of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. A link to Xing servers is established every time one of our websites with Xing functions is accessed. As far as we know, no personal data are stored. In particular, no IP addresses are stored or usage behaviour evaluated. When you log into your XING account, you can click the XING button to link the content of our web pages with your XING profile.

Data protection statement: www.xing.com/app/share

Plugins on our Website https://www.icv-controlling.com

Plugins that collect personal data

  • E-news subscription: Data are stored with Sendinblue GmbH (formerly: Newsletter 2Go): Form of address, first name, last name, email address (www.de.sendinblue.com)

Plugins that may be able to log the user’s IP address

Plugins on our Website https://www.controlling-wiki.com/

Plugins that collect personal data

Registration/login: necessary to avoid spam/access control when processing articles: (www.icv-controlling.com)
Data collected: user name, real name, email address, optional "additional details" (can be freely defined)

Non-personalised advertisements at Google Adsense
This website uses Google AdSense. This is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which is used to incorporate advertisements. We use the latter on the basis of our legitimate interest in line with EU GDPR Article 6, Letter f in order to optimise the economic operation of our online service.

Google’s certification under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) guarantees compliance with European data protection law.

We use Google Adsense to display advertisements for which we are remunerated. Usage data is recorded (such as clicking an advertisement and the user’s IP address, which is however pseudonymised.

We also use Google Adsense with non-personalised advertising. User profiles are not therefore used as the basis for displaying advertising. During localisation (also known as targeting) information is used for the rough determination of position, which can be linked to the user’s search request. Personalised targeting (demographic, or based on user behaviour or user lists) is prohibited by Google.

Additional information:
You can find out here about how Google uses data and about your rights of revocation and objection: https://policies.google.com/technologies/ads
You can also set how advertising is displayed by Google in your account: https://adssettings.google.com/authenticated

Plugins on our Website https://blog.icv-controlling.com/

Plugins that may be able to log the user’s IP address

Google Fonts – https://fonts.googleapis.com – performance optimisation (worldwide server site)

Your other rights

Besides the above revocation and erasure rights, you also hold the right to access information on the data stored about you in line with Article 15 of the EU GDPR. In line with Article 16 of the EU GDPR you hold the right to correct inaccurate personal data stored about you. In line with Article 20 of the EU GDPR you hold the right to data portability. In all these cases please contact us via email at datenschutz{bei}icv-controlling.com. Furthermore, in line with Article 77 of the EU GDPR you are entitled to lodge a complaint with a supervisory authority.

Data protection officer, supervisory authority and responsibility

Please send your data protection queries via email to datenschutz{bei}icv-controlling.com. Our data protection officer according to Article 37 of the EU GDPR is Mr RA Conrad Günther. The responsible supervisory authority is the Bavarian Data Protection Authority, Promenade 27, 91522 Ansbach, www.lda.bayern.de Responsibility for data processing lies with the International Association of Controllers, represented by the Board of Directors, cf. our site notice.

Our main priority

We are pleased that you are interested in our services and wish you to use our website and impart your personal data to us with an easy mind. We take the protection of your personal data very seriously, and we also take it into account in the organisation of our business processes. In doing so, we deploy state-of-the-art organisational, technical and contractual security measures. In cases in which we rely on the support of external service providers, respective agreements on order processing in line with data protection law were concluded by us.

We process personal data in line with the data protection statutes of the Federal Republic of Germany and the General Data Protection Regulation of the European Union.

Wörthsee, January 2024