Copyright / Rights of Use
The content and design of the www.nurembergacademy.org website are copyrighted. The Foundation for the International Nuremberg Principles Academy holds the rights of use for all content.
No exploitation or use of this content by others, other than for making individual reproductions for educational purposes, is permitted without the prior consent of the International Nuremberg Principles Academy. An accurate indication of the source is required for all uses.
Use on electronic media is permissible only via a direct link to www.nurembergacademy.org.
Please always indicate as the source: International Nuremberg Principles Academy, www.nurembergacademy.org
Legal Notices / Liability Exclusion
The International Nuremberg Principles Academy assumes no warranty or liability for the completeness, correctness or currency of the information on this site. The International Nuremberg Principles Academy is not responsible and has no liability for the content of third-party websites to which this site links.
The International Nuremberg Principles Academy is not liable for infringements of rights as a result of the wrongful use of content from the www.nurembergacademy.org website by third parties.
Data Protection Declaration
Name and contact details of the responsible person according to Art. 4 Para. 7 GDPR
International Nuremberg Principles Academy
Egidienplatz 23, 90403 Nuremberg, Germany
Klaus Rackwitz, Director
Evelyn Müller, Editor in charge
tel: + 49 911 231 10379
fax + 49 911 231 14020
Security and protection of your personal data
We consider it our primary duty to maintain the confidentiality of the personal data which you have entrusted to us and to protect this data from unauthorized access. We shall therefore take the greatest care and work with the most up-to-date security standards to ensure that your personal data receive the maximum level of protection.
We are subject to the provisions of the European General Data Protection Regulations (GDPR) and the regulations set out in the Federal Data Protection Act. We have taken technical and organizational steps to ensure that the provisions concerning data protection are adhered to both by ourselves and by our external service providers.
Definition of terms
The lawmakers have issued a requirement that personal data are to be processed in a manner that is lawful, done in good faith and comprehensible to the person concerned (“basis in law, processing in good faith, transparency“). To this end we would like to inform you about the particular legal definitions of the terms involved, terms that are also used in this Data Protection Declaration.
1. Personal data
“Personal data“ is all the information relating to an identified or identifiable natural person (in the following: “person concerned“). A natural person is held to be identifiable insofar as that person can be identified, directly or indirectly, in particular by means of correlation with an identifier such as a name, an identification number, location data, an online identifier or with one or more special features, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing“ is any procedure in connection with personal data, or any sequence of such procedures, with or without the aid of automated means, such as collection, recording, organizing, ordering, storage, adjustment or alteration, selection, interrogation, use, disclosure through transfer, distribution or other form of making available, comparison or connection, limitation, deletion or destruction.
3. Limitation of processing
“Limitation of processing“ is the tagging of stored personal data with the objective of limiting the future processing of this data.
“Profiling“ is any kind of automated processing of personal data which consists in the use of these personal data to evaluate certain personal aspects of a natural person and in particular to analyze or to predict aspects relating to this natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
“Pseudonymization“ is the processing of personal data in such a way that the personal data cannot be correlated with a specific person without the use of additional information, provided that this additional information is stored separately and is subject to such technical and organizational measures as will ensure that the personal data cannot be related to an identified or identifiable natural person.
6. File system
“File system“ is any structured collection of personal data, which are accessible according to certain criteria, irrespective of whether this collection is centralized, decentralized or organized by functional or geographical features.
7. Responsible person
“Responsible person“ is a natural or legal person, authority, organization or other body that, acting alone or jointly with others, makes decisions about the purposes and means of the processing of personal data. If the purposes and means of this processing are prescribed by European Union law or the law of the member states, then the responsible person or the particular criteria for his or her appointment may be designated in accordance with European Union law or the law of the member states.
“Processor“ is a natural or legal person, authority, organization or other body that processes personal data on behalf of the responsible person.
“Recipient“ is a natural or legal person, authority, organization or other body to whom personal data are disclosed, irrespective of whether this is a third party or not. Authorities that may be in receipt of personal data within the framework of a particular investigative procedure in accordance with European Union law or the law of member states are, however, not held to be recipients; the processing of these data by these authorities is effected under the prevailing data protection provisions in accordance with the purposes of the processing.
10. Third party
“Third party“ is a natural or legal person, authority, organization or other body, apart from the person concerned, the responsible person, the processor or other persons who are authorized to process the personal data and who are under the direct responsibility of the responsible person or the processor.
“Consent“ from the person concerned is any expression of willingness, made in an unmistakable and informed manner and that is freely made for the particular case in question, that takes the form of a statement or any other unambiguously affirming act through which the person concerned makes it known that he or she is in agreement with the processing of the personal data concerning him or her.
Lawfulness of processing
Processing personal data is only lawful if there is an existing legal basis for the processing. According to Article 6, Paragraph 1, Letters a – f GDPR a legal basis can be said to obtain in particular if:
a. the person concerned has given his or her consent to the processing of his or her personal data for one or more specific purposes;
b. the processing is done for the fulfillment of a contract to which the person concerned is a contracting party or it is necessary for the fulfillment of pre-contractual measures being carried out at the request of the person concerned;
c. the processing is necessary in order to fulfill a legal obligation to which the responsible person is subject;
d. the processing is necessary in order to protect the vital interests of the person concerned or of another natural person;
e. the processing is necessary for the execution of a task which is in the public interest or which is carried out in the exercise of public authority as bestowed upon the responsible person;
f. the processing is necessary to uphold the legitimate interests of the responsible person or of a third party, unless the interests or fundamental rights and freedoms of the person concerned, which require personal data to be protected, should predominate, this being particularly the cases when the person concerned is a child.
Information about the collection of personal data
(1) In what follows we inform you about the collection of personal data when you use our website. Personal data include, for example, your name, address, email addresses and user behavior.
(2) If you contact us by email or by using a contact form, then we store the data that you send us (your email address and also possibly your name and telephone number) so as to be able to answer your questions. We delete the data given in this connection when storage is no longer necessary or processing is limited if there are legal requirements as to storage periods.
Collection of personal data when you visit our website
If you visit our website purely for purposes of information, if, that is to say, you do not register or otherwise send us any information, then we collect only the personal data that your browser sends to our server. If you wish to view our website, then we collect the following data that are technically necessary for us to be able to display our website to you and to ensure stability and security (the legal basis is Article 6, Paragraph 1, Clause 1, Letter f GDPR):
- IP address
- time and date of inquiry
- timezone difference from GMT
- content of request (actual page)
- access status/http status code
- data volume transmitted
- website from which the request is issued
- operating system and its interface
- language and version of the browser software.
(1) If you use our website, then, in addition to the data mentioned above, cookies will be stored on your computer. Cookies are little text files that are stored on your hard drive and are linked to the browser that you use; the entity that places the cookies receives certain bits of information through them. Cookies are not able to run any programs nor can they transmit viruses to your computer. Their purpose is to make the internet service as a whole more user-friendly and more efficient.
(2) This website uses the following cookie types and their scope and functioning is explained in what follows.
- transient cookies (see a.)
- persistent cookies (see b.)
a. Transient cookies are automatically deleted whenever you close your browser. In particular they include session cookies. These store a so-called session-ID with which various requests from your browser are assigned to the session. This means that your computer can be recognized again if you come back to our website. The session cookies are deleted when you log out or close the browser.
b. Persistent cookies are automatically deleted after a predetermined time, which can vary from cookie to cookie. But you can delete the cookies at any time through your browser’s security settings.
c. You can configure your browser settings to your own preference and, for example, refuse to accept third-party cookies or any cookie at all. What are called “third-party cookies“ are cookies that have been installed by a third party and not therefore by the actual website that you are on. We would advise you that, if you de-activate cookies, you will quite possibly not be able to use all the features of this website.
e. The Flash cookies that are used are not captured by your browser but by your Flash plug-in. We also use HTML5 storage objects, which are installed on your terminal. These are objects that store the required data independently from the browser you use and that have no automatic expiration date. If you do not want Flash cookie processing you will have to install an appropriate add-on, for example “Better Privacy“ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe-Flash-Killer-Cookie for Google Chrome. You can block the use of HTML5 storage objects by setting your browser to private mode. We would also recommend that you regularly manually delete your cookies and your browser history.
Other functions and services on our website
(1) In addition to using our website purely for information purposes we also offer several services which you can use, should they be of interest. To do this you will, as a rule, have to provide us with more personal data which we will use to provide the respective service and to which the above-mentioned data processing principles apply.
(2) To some extent we use external service providers in the processing of your data. These service providers have been carefully selected and commissioned by us; they are required to adhere to our directives and we monitor them on a regular basis.
(3) If our service providers or partners are domiciled in a state outside the European Economic Area (EEA) we will inform you as to the consequences of this situation in the description of the service concerned.
(1) You may consent to subscribe to our newsletter. In this we keep you informed about our current work.
(2) We use what is known as the double-opt-in procedure for your application to be a newsletter subscriber. This means that, after your application, we send an email to the address that you give us in which we ask you to confirm that you would like us to send you the newsletter. If you do not confirm your application within 24 hours your information is locked and then automatically deleted after a period of one month. Over and above this we store your user IP-addresses and the times of your application and confirmation. The reason for this is to be able to prove that your application was made and to be able to resolve any possible subsequent misuse of your personal data.
(3) The only required piece of information for sending out the newsletter is your email address. Giving further and separately identified data is optional and is done in order for us to be able to address you personally. On receipt of your confirmation we store your email address for the purpose of sending out the newsletter. The legal basis for this is Article 6, Paragraph 1, Clause 1, Letter a GDPR.
(4) You can at any time revoke your consent to our sending you the newsletter and cancel your subscription. You can cancel by email to email@example.com.
Our services are solely for adults. Under-18-year-olds should not send any personal data to us without the consent of their parents or legal guardians.
Rights of the person concerned
(1) Withdrawal of consent
If personal data processing is done on the basis of consent that has been given, then you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of the processing that has been carried out from the time of giving consent up to its withdrawal.
You can contact us at any time to have your right to withdraw put into effect.
(2) Right to confirmation
You have the right to require the responsible person to give you confirmation as to whether we are processing your personal data. You can request this confirmation at any time through the contact details given above.
(3) Right of access
If personal data are being processed, you can at any time ask to be informed about these personal data and request information about the following:
a. the purposes of the processing;
b. the categories of personal data that are being processed;
c. the recipients or categories of recipient to whom the personal data have been disclosed or are to be disclosed, in particular with recipients in third countries or with international organizations;
d. if possible, the planned duration for which the personal data are to be stored or, if this is not possible, the criteria for deciding this duration;
e. the existence of a right of rectification or deletion of the personal data concerning yourself or a right to limitation of processing by the responsible person or a right of objection to this processing;
f. the existence of a right to lodge a complaint with a supervisory body;
g. if the personal data are not collected from the person concerned, all available information as to the origin of the data;
h. the existence of an automated decision-making process including profiling as per Article 22, Paragraphs 1 and 4 GDPR and – in these cases at least – meaningful information as to the logic and scope involved and the intended consequences of such processing for the person concerned.
If personal data are sent to a third country or to an international organization then you have the right to be informed about the relevant guarantees in connection with the data transfer as per Article 46 GDPR. We will make available a copy of the personal data that are the subject of this processing. For all subsequent copies that you personally request we may charge an appropriate fee to cover administration costs. If you make the request by electronic means then the information will be made available in a standard electronic format, unless the request states otherwise. The right to receive a copy according to paragraph 3 must not infringe the rights and freedoms of others.
(4) Right of rectification
You have the right to require us immediately to rectify incorrect personal data about yourself. In consideration of the purposes of the processing you have the right to request the completion of incomplete personal data – including by means of an explanatory addition.
(5) Right of deletion (“right to be forgotten“)
You have the right to require the responsible person immediately to delete personal data about yourself, and we are obliged immediately to delete personal data, provided one of the following reasons applies:
a. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b. The person concerned revokes their consent on which the processing depended in accordance with Article 6, Paragraph 1, Letter a or Article 9, Paragraph 2, Letter a GDPR and there is no other legal basis for processing.
c. The person concerned raises an objection to the processing in accordance with Article 21, Paragraph 1, GDPR and there are no primary legitimate grounds for processing, or the person concerned raises an objection to the processing in accordance with Article 21, Paragraph 2 GDPR.
d. The personal data were unlawfully processed.
e. The personal data must be deleted to comply with a legal obligation under European Union law or the law of the member states to which the responsible person is subject.
f. The personal data were collected with reference to services made available in the information society in accordance with Article 8, Paragraph 1 GDPR.
If the responsible person has made the personal data public and if he or she is obliged in accordance with Paragraph 1 to delete the data, then he or she shall, while taking account of the available technology and the costs of implementation, take appropriate measures, including those of a technical nature, to inform those responsible for processing the personal data that the person concerned has required them to delete all links to these personal data or to delete copies or replications of these personal data.
The right of deletion (“right to be forgotten“) does not exist if processing is necessary:
- for exercising the right of freedom of expression and of information;
- for the fulfillment of a legal obligation as required in the processing by European Union law or by the law of member states to which the responsible person is subject, or for the completion of a task which is in the public interest or which results from the exercise of public authority that has been transferred to the responsible person;
- for reasons of public interest in the realm of public health in accordance with Article 9, Paragraph 2, Letters h and i and also Article 9, Paragraph 3 GDPR;
- for purposes of archiving, scientific or historical research or for statistical purposes, all such being in the public interest and in accordance with Article 89, Paragraph 1 GDPR, provided that the right referred to in Paragraph 1 is likely to render the realization of the objectives of this processing impossible or to present a serious hindrance to it, or
- for the enforcement, exercise or defense of legal claims
(6) Right to limitation of the processing
You have the right to require us to limit processing of your personal data if one of the following conditions applies:
a. the accuracy of the personal data is disputed by the person concerned, and for a period of time that allows the responsible person to check the accuracy of the personal data;
b. the processing is unlawful and the person concerned declines to have the personal data deleted, requesting instead a limitation of their use;
c. the responsible person no longer requires the personal data for processing purposes but the person concerned however requires the data to enforce, exercise or defend one or more legal claims, or
d. the person concerned has raised an objection to the processing in accordance with Article 21, Paragraph 1 GDPR, provided that it has not yet been determined whether the legitimate grounds on the part of the responsible person outweigh those of the person concerned.
If processing has been limited in accordance with the above-mentioned conditions, then these personal data may only be processed – apart from being stored – with the consent of the person concerned or in order to enforce, exercise or defend legal claims or to protect the rights of another natural or legal person or by reason of an important public interest for the European Union or a member state.
The person concerned may approach us at any time, using the contact details given above, in order to put the right to limitation into effect.
(7) Right to data portability
You have the right to receive the relevant personal data, which you have provided us with, in a structured, standard and machine-readable format; and you have the right to transmit these personal data to another responsible person without let or hindrance by the responsible person to whom these data were presented, provided that:
a. processing is based on consent in accordance with Article 6, Paragraph 1, Letter a or Article 9, Paragraph 2, Letter a or is based on a contract in accordance with Article 6, Paragraph 1, Letter b GDPR and
b. processing is done by automated means.
In exercising the right to data portability in accordance with paragraph 1 you have the right to effect the direct transfer of personal data from one responsible person to another responsible person, insofar as this is technically feasible. Exercising the right to data portability shall not affect the right of deletion (“right to be forgotten“). This right does not apply to processing required for the fulfillment of a task entrusted to the responsible person that is in the public interest or that is carried out in the exercise of public authority.
(8) Right of objection
You have the right, at any time and for reasons arising out of your own particular circumstances, to raise an objection to the processing of personal data relating to yourself and proceed on the basis of Article 6. Paragraph 1 letters e or f GDPR. This also applies to profiling based on these provisions. The responsible person shall not process the personal data any further, unless he or she can demonstrate legitimate reasons for the processing that outweigh the interests, rights and freedoms of the person concerned or if processing is for the enforcement, exercise or defense of legal claims.
If personal data are processed for purposes of direct marketing, then you have the right at any time to raise an objection to the processing of personal data about yourself for the purpose of this kind of marketing. This shall also apply to profiling insofar as it is done in connection with such direct marketing. If you object to processing for the purposes of direct marketing then the personal data will not be further processed for these purposes.
In the context of use of services of the information society, and notwithstanding directive 2002/58/EG, you can exercise your right of objection by means of automated procedures in which technical specifications are used.
You have the right, at any time and for reasons arising out of your own particular circumstances, to raise an objection to the processing of personal data relating to yourself and which is carried out for purposes of scientific or historical research or for statistical purposes in accordance with Article 89, Paragraph 1, unless such processing is necessary for the fulfillment of a task that is in the public interest.
You can exercise the right of objection at any time by contacting the relevant responsible person.
(9) Automated decision-making in a particular case including profiling
You have the right not to be subject to a decision that is based on an exclusively automated process, including profiling, which has legal consequences for you or which considerably disadvantages you in a similar fashion. This shall not apply if the decision:
a. is necessary for the conclusion or implementation of a contract between the person concerned and the responsible person,
b. is admissible by virtue of legal provisions of the European Union or of the member states to which the responsible person is subject and these legal provisions contain appropriate measures to uphold the rights, freedoms and legitimate interests of the person concerned or
c. is made with the explicit consent of the person concerned.
The responsible person shall take appropriate measures to uphold the rights, freedoms and legitimate interests of the person concerned, which shall include as a minimum the right to require the responsible person to involve an actual person, the right to put forward one’s own point of view and the right to contest the decision.
The person concerned can exercise this right at any time by contacting the relevant responsible person.
(10) Right of complaint to a supervisory body
Without prejudice to any other administrative or judicial means of redress, you also have the right to lodge a complaint with a supervisory body, in particular in the member state where you have your residence or place of employment or where the presumed infringement took place, if the person concerned is of the opinion that the processing of his or her personal data infringes this provision.
(11) Right to effective legal redress
Without prejudice to any available administrative or non-judicial means of redress, including the right of complaint to a supervisory body in accordance with Article 77 GDPR, you have the right to effective legal redress if the supervisory body takes the view that your rights, as inherent in this provision, have been infringed as a result of your personal data being processed in a way that does not concord with this provision.
Use of Matomo (formerly Piwik)
(1) This website uses the web analytics service Matomo so that we can analyze usage of our website and make regular improvements to it. The statistics we obtain allow us to improve our online presence and to make the site more interesting for you, the user. The legal basis for the use of Matomo is Article 6, Paragraph 1, Clause 1, Letter f GDPR.
(2) Cookies are stored on your computer to enable this analysis to be done. The responsible person stores the information collected exclusively on a server in Germany. You can terminate this analysis by deleting the cookies that are present and by blocking cookies from being stored. If you block the storage of cookies, we would advise you that you will possibly not be able to make full use of our website. Blocking the storage of cookies can be done through the setting in your browser. Matomo can be blocked by removing the following checkmark and so activating the opt-out plug-in:
(3) This website uses Matomo with the “AnonymizeIP” extension. This abbreviates IP-addresses in subsequent processing thereby eliminating the possibility of direct reference to a person. The IP-address that Matomo obtains from your browser is kept separately from other data that we collect.
(4) The Matomo program is an Open Source project. You can get information about this third-party data protection service provider at https://matomo.org/privacy-policy/.