Introduction

This Privacy Policy explains the nature, scope and purpose of the processing of personal data in the context of the data processing procedures and within the online offer of the ICV and the websites, functions and content associated with it. This Privacy Policy applies regardless of the domains, systems, platforms and devices used on which the online offering is executed.

Registration for membership and ICV events

If you register online, by telephone, by fax or by post for membership or for an ICV event, we collect and store the data requested and pass it on – insofar as it is necessary for membership and event preparation and implementation – to the parties listed below for the fulfillment of the contract.

To accept you as a member, we require your title, first and last name, date of birth, private and/or company address, telephone number, e-mail address, delivery address for receiving the Controller Magazin and FINANCE magazine, billing address, as well as the start date of membership, for the fulfillment of services and for direct communication with you.

Voluntary information includes title/name affixes, fax, additional telephone number, function, own professional expertise, SEPA mandate or your interest in a work group. Membership applications are often submitted by third parties from the prospective members’ employers, who are therefore also our contractual partners. For communication with employers, we therefore also collect a so-called “booking contact” and a “billing contact”.

To register for events, we require your title, first and last name, company, address, telephone number, e-mail address and information on whether you are an ICV member. We also need this for the fulfillment of services and for direct communication with you. Registrations for events are often made by third parties of the employer, who are therefore also our contractual partners. For communication with these third parties, we therefore also collect a so-called “booking contact” and a “billing contact”. Voluntary details are function, department, comment field. Communication with your employer takes place in the form specified when booking the event.

This mandatory data as well as the data voluntarily provided to us is stored via the VereinOnline software of GRITH AG, Von-Poschinger-Str. 32, D-85737 Ismaning on their servers or on servers of subcontractors for the provision of our contractual services in accordance with Art. 6 para. 1 lit. b EU GDPR. All contractual partners are obliged to comply with data protection regulations via order processing contracts in accordance with the provisions of the EU GDPR. For maintenance and to ensure security, we work together with other external service providers who are based in the Federal Republic of Germany or Switzerland; or are stored on servers that meet the requirements of the Schrems II ruling of the ECJ and are subject to the EU GDPR and German data protection law.

Member directory in the password-protected member portal (software: VereinOnline)

In order to achieve the objectives of the association according to the statutes (§2 Purpose) and thus to provide our contractual services in accordance with Art. 6 para. 1 lit. b EU-GDPR, your title, first and last name as well as the company name and your professional competencies (if mentioned) are stored visibly for all members. You can object to this entry at any time by sending an e-mail with your revocation to widerruf@icv-controlling.com.

Organization of ICV events

We use the data provided to us as follows to organize the events for which you have registered:

• If hotel bookings are made by the ICV, the hotel will receive a list of participants for processing the hotel services between the participants and the hotel. The list contains the names, company, zip code and location of the participants.
• The person organizing the event will receive a list of participants containing the first and last names of the participants, their function and the address of the registering organization. This serves to prepare for the group of participants.
• An important part of our events is networking and the exchange of experiences between event participants. For this reason, participants receive a list of all event participants on site, which contains the following data: First and last name, function, company name and location.
• Information will be sent to participants by e-mail to follow up on the event if necessary.

After termination of membership of the ICV

The data collected by us for the membership will remain stored even after the membership has ended. On the one hand, this concerns the data required for accounting purposes in accordance with Art. 17 para. 3 lit. b GDPR, which are subject to the statutory retention requirements. On the other hand, this concerns the information that a membership existed and there are interruptions to the membership in the event that it is reactivated at a later date. There is also the change from personal membership to corporate membership and vice versa, for which the data is also retained.

Following the ICV events

The data collected by us for the event will also be stored after the event. On the one hand, this concerns the data required for accounting purposes in accordance with Art. 17 para. 3 lit. b EU GDPR, which are subject to the statutory retention requirements. On the other hand, this concerns information on which event a particular person has attended or canceled with us. This enables us to issue confirmations of participation in the sense of personal qualification certificates (further education and training) if this is requested by participants – even long after the end of an event, e.g. if a certificate is lost.

The personal data stored by us will be deleted if the above-mentioned reasons no longer apply. This applies to the deletion after the end of the statutory retention periods or the deletion of the booking history after 40 years, which corresponds to the usual customer retention cycle.

Information about our range of services

In addition, we use some of the data provided to us (name, e-mail address, postal address) to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f EU GDPR and / or in accordance with Art. 6 para. 1 lit. a EU GDPR on the basis of your consent beyond the date of the event you have booked or your membership in order to inform you by post, e-mail or telephone about our range of services and other specialist content, training events and publications.

For this purpose, we may also use external service providers, such as lettershops or newsletter senders in Germany, which we have contractually obligated in accordance with the data protection provisions pursuant to Art. 28 EU GDPR.

You have the option to object to the use of your data for these purposes at any time by sending an e-mail with your revocation to widerruf@icv-controlling.com. In this case, we will immediately stop sending you further information and restrict or completely block the use of your data for these purposes to the types of subscription you have requested.

Work groups / member administration

As an ICV member, you can participate in one or more regional, expert or sector work groups. If you inform us of this wish, the responsible delegates / heads of the work groups will receive the data provided to us in the application for membership so that they can contact you directly. The delegates and heads of the work groups are honorary ICV officials and have been obliged to maintain data confidentiality in accordance with Art. 5 EU GDPR.

Interest in the ICV without booking an event / without ICV membership

If you have provided us with your postal and/or e-mail address in order to receive information about our range of services (e.g. by subscribing to our newsletter, requesting information or ordering from our range of literature), we will use this data to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f EU GDPR and/or on the basis of your consent in accordance with Art. 6 para. 1 lit. a EU GDPR.

You have the option to object to the use of your data for these purposes at any time by sending an e-mail with your revocation to widerruf@icv-controlling.com. In this case, we will immediately stop sending you further information and restrict or completely block the use of your data for these purposes to the types of subscription you have requested.

In addition, we use personal data that we have obtained from publicly accessible sources to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f EU GDPR.

You have the option to object to the use of this data at any time by sending an e-mail with your revocation to widerruf@icv-controlling.com. In this case, we will immediately stop sending you further information and completely block the use of this data.

Visit our website

The security measures include in particular the encrypted transmission of data between your browser and our server in accordance with the HTTPS protocol (SSL-encrypted, algorithm RSA-AES 256).

Matomo

We use the Matomo analysis tool for the statistical evaluation of user behavior on our website. This is open source software that we operate ourselves. Matomo therefore does not transfer any data to servers that are outside the control of the International Association of Controllers ICV.

When you visit our website, Matomo is initially configured so that it does not leave any cookies on your end device. With your express consent in the data consent dialog, the use of cookies is also activated for Matomo in order to be able to recognize returning visitors. Your IP address will be anonymized. None of the data collected is passed on to third parties.

We would like to use this user analysis to further improve the website and adapt it even more to the needs of users.

Data processing is based on your consent via our Data Consent Dialog pursuant to Section 25 (1) TTDSG, Art. 6 (1) (a) GDPR. You can withdraw your consent at any time.

Further information on Matomo’s terms of use and data protection regulations can be found at: https://matomo.org/privacy/

Opt-out abgeschlossen; Ihre Besuche auf dieser Webseite werden nicht vom Webanalysetool erfasst. Bitte beachten Sie, dass auch der Matomo-Deaktivierungs-Cookie dieser Webseite gelöscht wird, wenn Sie die in Ihrem Browser abgelegten Cookies entfernen. Außerdem müssen Sie, wenn Sie einen anderen Computer oder einen anderen Webbrowser verwenden, die Deaktivierungsprozedur nochmals absolvieren.

Sie haben die Möglichkeit zu verhindern, dass von Ihnen hier getätigte Aktionen analysiert und verknüpft werden. Dies wird Ihre Privatsphäre schützen, aber wird auch den Besitzer daran hindern, aus Ihren Aktionen zu lernen und die Bedienbarkeit für Sie und andere Benutzer zu verbessern.

Die Tracking opt-out Funktion benötigt aktivierte Cookies.

OPT-OUT options:

Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://policies.google.com/privacy?hl=de#infochoices

Alternatively, you can deactivate Analytics using our deactivation function.

https://www.icv-controlling.com: <a href=”#gaOptout”>Deactivate Google Analytics for www.icv-controlling.com now</a>

https://www.controlling-wiki.com: <a href=”https://www.controlling-wiki.com/#gaOptout”>Deactivate Google Analytics for www.controlling-wiki.com now</a>

https://blog.icv-controlling.com: <a href=”https://blog.icv-controlling.com/#gaOptout”>Deactivate Google Analytics for blog.icv-controlling.com now</a>

This sets a cookie that tells Google that you do not want to be tracked by Analytics.

Further information

You can find further information on the use of data for advertising purposes by Google, setting and objection options on the Google websites: https://www.google.com/intl/de/policies/privacy/partners/ (“Data use by Google when you use our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”) and http://www.google.com/ads/preferences/ (“Determine which advertising Google shows you”).

Google Adwords

The Google marketing services we use include the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

Access data and log files

We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log files are stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of 30 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Information about cookies

Cookies are pieces of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies may be small files or other types of information storage that are downloaded to the computer or mobile device. The online offers recognize a later visit and the associated visit paths in order to make it easier for you to use the pages and to make them more individual.

We use the following cookies:

Permanent cookies that remain stored on devices even after the browser is closed. Each website visit reactivates them. This makes it possible to recognize recurring visits (e.g. to save your login status or the booking function and thus enable the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a permanent cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Permanent cookies are deleted after a specified period (www.icv-controlling.com: 14 days, www.controlling-wiki.com: 30 days) or when you log out.

Third-party cookies that are stored, for example, by companies to analyze websites in order to provide us with information about the number and duration of visits to the online offer.

Cookies and their settings options

Cookies enable the efficient and individual use of all functions of our online offers. Some functions and offers are not available without cookies.

Most browsers offer different options to protect your privacy. Deactivating cookies means that it is not possible to save new cookies. It does not prevent previously set cookies from continuing to function on the device until all cookies are deleted in the browser settings. The help function of the browser or the operating instructions of the end device describe individual management of the cookie settings. In addition, company-specific settings may be regulated by guidelines.

Third-party services and content

The following presentation provides an overview of third-party providers and their content, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):

YouTube

Videos from the “YouTube” platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

LinkedIn

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Facebook

Our online offering uses functions of the Facebook network. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR) social plugins (‘plugins’) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on a colored background). The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for protecting the privacy of users, can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online service and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

Instagram

Functions and content of the Instagram service (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) may be integrated on our website. This may include, for example, content such as images, videos, texts and buttons with which users can express their liking of the content to the authors or they can subscribe to these posts. If the users are members of the Instagram platform, it is possible for Instagram to assign access to the aforementioned content and functions to the users’ profiles there. http://instagram.com/about/legal/privacy/.

X (formerly Twitter)

Functions of the X service (formerly Twitter) may be integrated into our online offering. These functions are offered by X Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using X and the “Re-Tweet” function, the websites you visit are linked to your X account and made known to other users. Data is also transmitted to X in the process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X. X’s privacy policy at http://twitter.com/privacy. You can change your data protection settings with X in the account settings at http://twitter.com/account/settings.

XING

We use functions of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Each time one of our pages containing Xing functions is accessed, a connection to Xing servers is established. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored or usage behavior evaluated. If you are logged into your XING account, you can link the content of our pages to your XING profile by clicking on the XING button. Privacy policy: https://www.xing.com/app/share?op=data_protection

Plugins on our website https://www.icv-controlling.com

Plugins that collect personal data:

• Registration for our e-news: The following data is stored by Sendinblue GmbH (formerly under the name Newsletter2Go): Title, first name, surname, email(https://www.de.sendinblue.com)

Plugins that could potentially log the user’s IP address:

• Google Maps (JavaScript API): To display the map in the working group overview on https://www.icv-controlling.com/de/arbeitskreise.html (https://www.google.de/maps)
• X (formerly Twitter) widget on https://www.icv-controlling.com/de/news.html, integrated as an iframe from Twitter (www.twitter.com), (server location worldwide)
• Stepstone widget (iframe) integrated on https://www.icv-controlling.com/de/jobs/ as an iframe from Stepstone (www.stepstone.de).
• Google Fonts – https://fonts.googleapis.com- – Performance optimization (server location worldwide)

Plugins on our website https://www.controlling-wiki.com/

Plugins that collect personal data:

Registration/Login: Necessary for spam prevention/access control when editing articles: (www.icv-controlling.com)

Data entered: User name, civil name, e-mail, optional “additional information” (freely definable)

Non-personalized ads with Google Adsense

This website uses Google AdSense. This is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of advertisements. We use these on the basis of our legitimate interests in accordance with EU GDPR Article 6 lit.f to optimize the economic operation of our online offer.

We use Google Adsense to display advertisements for which we receive remuneration. For this purpose, usage data is recorded (e.g. the click on an advertisement and the IP address of the user, which is, however, pseudonymized.

We also use Google Adsense with non-personalized advertising. The display of advertising is therefore not based on user profiles. Localization (also known as targeting) uses information that provides a rough location and can be linked to the user’s search query. Personalized targeting (demographic, or based on user behaviour or user lists) is prevented by Google.

Further information:
Here you can find out how Google uses data and what objection and appeal options you have: https://policies.google.com/technologies/ads
You can also set the display of Google advertisements in your account: https://adssettings.google.com/authenticated

Plugins on our website https://blog.icv-controlling.com/

Plugins that could potentially log the user’s IP address:

Google Fonts – https://fonts.googleapis.com- Performance optimization (server location worldwide)

Your further rights
In addition to the rights of revocation and deletion described above, you have a right of access to the stored data in accordance with Art. 15 EU GDPR. In accordance with Art. 16 EU GDPR, you have the right to rectification of incorrectly stored personal data. In accordance with Art. 20 EU GDPR, you may have a right to data portability. In all these cases, please contact us by email at datenschutz@icv-controlling.com. In addition, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 EU GDPR.

Data protection officer, supervisory authority and responsibility

Please send any queries relating to data protection by email to datenschutz@icv-controlling.com. The data protection officer pursuant to Art. 37 EU GDPR is Dr. Georg Schröder. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach, www.lda.bayern.de. The International Controller Association e.V., represented by the Executive Board, is responsible for the processing, see our legal notice.

What is particularly important to us

We appreciate your interest in our range of services and hope that you feel secure when visiting our website and transmitting personal data to us. We take the protection of your private data very seriously and also take this into account when designing our business processes. To this end, we use organizational, technical and contractual security measures in accordance with the current state of the art. In cases where we use the support of external service providers, we have concluded agreements on order processing in accordance with data protection regulations.

We process personal data in accordance with the data protection regulations of the Federal Republic of Germany and the General Data Protection Regulation of the European Union.

Wörthsee, October 2024