Privacy Policy

Last updated: January 1, 2024

1. Introduction

This Privacy Policy describes how iBehave Open Technology Support (iBOTS), part of the iBehave Research Network, collects, uses, and protects your personal information when you use our website and services.

Data Controller:

• Organization: iBehave Open Technology Support (iBOTS)
• Institution: University of Bonn (Rheinische Friedrich-Wilhelms-Universität Bonn)
• Address: [University Address], Bonn, Germany
• Email: contact@ibots.ibehave.de

2. Legal Basis

We process personal data in accordance with:

• EU General Data Protection Regulation (GDPR) 2016/679
• German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG)
• State data protection laws applicable to public institutions

3. Data We Collect

3.1 Information You Provide

• Course Registration: Name, email address, institutional affiliation, academic level, programming experience
• Contact Forms: Name, email, subject, message content
• Consultation Requests: Contact details, project description, technical requirements
• Certificates: Information required for generating participation certificates

3.2 Automatically Collected Information

• Website Usage: IP address, browser type, pages visited, time spent, referring pages
• Technical Data: Device type, operating system, screen resolution
• Performance Data: Page load times, error reports (anonymized)

3.3 Cookies and Tracking

We use minimal cookies for:

• Essential Functions: Session management, security features
• Analytics: Aggregated usage statistics (anonymized where possible)
• Preferences: Language selection, theme preferences

4. How We Use Your Data

4.1 Training Services

• Process course registrations and manage participant lists
• Send course materials, updates, and certificates
• Provide technical support during training sessions
• Improve course content based on feedback

4.2 Consulting Services

• Respond to consultation requests
• Provide personalized technical advice
• Follow up on project outcomes
• Document best practices (anonymized)

4.3 Communication

• Send requested information about our services
• Respond to inquiries and support requests
• Share relevant updates about the iBehave network (opt-in only)

4.4 Research and Improvement

• Analyze training effectiveness and learning outcomes (anonymized)
• Improve website functionality and user experience
• Generate usage statistics for reporting to funding bodies

5. Legal Basis for Processing

We process your data based on:

• Legitimate Interest (Art. 6(1)(f) GDPR): Providing educational services, improving training quality
• Contract Performance (Art. 6(1)(b) GDPR): Delivering requested training or consulting services
• Consent (Art. 6(1)(a) GDPR): Newsletter subscriptions, optional feedback collection
• Public Task (Art. 6(1)(e) GDPR): Fulfilling our educational mission as a university group

6. Data Sharing and Disclosure

6.1 Within iBehave Network

• Course information may be shared with other iBehave institutions for coordination
• Anonymized training statistics shared for network reporting

6.2 Third-Party Services

We use these carefully selected service providers:

• Video Conferencing: Zoom (for online training sessions)
• Email Services: University email systems
• Website Hosting: [Hosting provider] (EU-based)
• Analytics: Privacy-focused analytics tools (IP anonymization enabled)

6.3 Legal Requirements

We may disclose data if required by:

• German or EU law
• University policies
• Court orders or legal proceedings

7. International Data Transfers

• Primary data processing occurs within the European Union
• Video conferencing tools may process data internationally with appropriate safeguards
• We ensure adequate protection levels for any international transfers

8. Data Retention

8.1 Retention Periods

• Course Registration Data: 2 years after course completion
• Certificates and Records: 5 years (for verification purposes)
• Contact Form Data: 1 year after last contact
• Website Analytics: 14 months (anonymized after 2 months)
• Email Communications: 3 years for business correspondence

8.2 Legal Requirements

Some data may be retained longer due to:

• University record-keeping requirements
• Funding agency reporting obligations
• Legal or regulatory compliance

9. Your Rights Under GDPR

You have the right to:

9.1 Access and Portability

• Request a copy of your personal data we hold
• Receive your data in a structured, machine-readable format

9.2 Correction and Completion

• Correct inaccurate personal data
• Complete incomplete data

9.3 Deletion (“Right to be Forgotten”)

• Request deletion of your personal data (subject to legal obligations)
• Withdraw consent for data processing

9.4 Restriction and Objection

• Restrict processing of your data
• Object to processing based on legitimate interests

9.5 Exercise Your Rights

To exercise these rights, contact us at: contact@ibots.ibehave.de

10. Data Security

We implement appropriate technical and organizational measures:

• Encryption: Data transmission via HTTPS/TLS
• Access Controls: Role-based access to personal data
• Regular Updates: Security patches and system updates
• Staff Training: Data protection awareness for team members
• Incident Response: Procedures for data breach management

11. Cookies Policy

11.1 Essential Cookies

Always active cookies required for website functionality:

• Session management
• Security features
• Language preferences

11.2 Analytics Cookies

Optional cookies for usage statistics (anonymized):

• Page views and navigation patterns
• Performance monitoring
• Error tracking

11.3 Managing Cookies

You can control cookies through:

• Browser settings
• Our cookie consent banner
• Privacy preference center

12. Children’s Privacy

Our services are designed for:

• University students (typically 18+)
• Graduate researchers and faculty
• Professional scientists and engineers

We do not knowingly collect data from children under 16 without parental consent.

13. Updates to This Policy

We may update this Privacy Policy to reflect:

• Changes in our data processing practices
• New legal requirements
• Technical improvements

Notification: We will notify users of significant changes via email or website notice.

14. Complaints and Supervisory Authority

If you have concerns about our data processing, you may:

1. Contact us directly: contact@ibots.ibehave.de
2. File a complaint with the competent supervisory authority:
   • North Rhine-Westphalia: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
   • Address: Kavalleriestraße 2-4, 40213 Düsseldorf, Germany
   • Website: https://www.ldi.nrw.de/

15. Contact Information

Data Protection Officer (if applicable):

• University of Bonn Data Protection Office
• Email: [DPO email]

iBOTS Team:

• Email: contact@ibots.ibehave.de
• Address: [Institution address], Bonn, Germany

This Privacy Policy is provided in English for accessibility. In case of conflicts, the German version takes precedence as required by applicable law.