Legal Notice & Privacy Policy

“FSC Intellectual Property” is intellectual property or other content and materials therein, published or made available on or together with the Site, owned by FSC GD (FSC Global Development GmbH),  FSC IC (FSC International Center gGmbH), FSC AC (Forest Stewardship Council A.C.), and FSC I&P (FSC Investments & Partnerships). This may also include content separately created, managed, and published by the FSC Network Partner.

We will take necessary measures to ensure that the content and materials therein are accurate, but it may nevertheless include technical and input errors, omissions, or inaccuracies, therefore no responsibility for any claims, whether special, direct, or indirect, whatsoever arising from or in connection with the use of this Site will be accepted.

General Information

"FSC intellectual Property" includes, but is not limited to trademarks, certification marks, copyrighted works, and specifically marks, logos, images, photographs, graphics, getup, icons, templates, design and layout of the FSC website, publications, texts, multimedia content, podcasts, maps, taglines, software, source code, databases, and domain names. It is prohibited to copy, imitate, expropriate and/or integrate any parts, or in full, any of the FSC Intellectual Property as made available you via the Site, downloads, publications or by any other means.

Exceptions for Trademarks:

The ‘FSC’ initials, the name ‘Forest Stewardship Council’, the FSC checkmark and tree logo, and the Forests For All Forever (FFAF) brandmarks and any unregistered trademarks are owned exclusively by FSC IC. Any use of these marks must be authorised by FSC GD. Unauthorised use maybe permitted provided such use is limited to word marks FSC and Forest Stewardship Council, and the use is for:

1. Referential and identification purposes only,
2. Non-commercial academic, education and/or research use,
3. Making comparisons
4. Reporting news

Please contact trademarks@fsc.org for authorization to use any of FSC Trademarks.

Exceptions for Copyright:

For general use of content on this Site be aware that:

1. The content or materials on this Site can only be used without authorisation for Fair Uses. Fair Use is intended for information, news, education and/or referential purposes provided no alterations, modifications, or variations are exercised on the content or material.
2. Except as specifically authorized by FSC GD, the content or materials on this Site may only be further used for non-commercial private use purposes.
3. Any copy or distribution of the materials on this Site, or any portion thereof, must include a copyright notice, and proprietary notices contained on the materials. Such copies must preserve the nature and form of the content or material.
4. Publications and text: Content and materials on this Site belong to either FSC IC, FSC AC, FSC GD, FSC Network Partner and/or Third Parties as may be identified. For any reproduction, adaptation, redistribution, edits, commercial reprints and translation of content or material, in full or in part, please seek approval from info@fsc.org.
5. Photographs: All photographs featured on this Site are subject to copyright and must not be reproduced without permission. If you are interested in using any of the images, please contact marketing@fsc.org.

Third Party Rights Clearance

This refers to copyrightable content or materials on this Site, excluding the above-mentioned trademarks. FSC content or materials are part of the FSC Intellectual Property. However, not all content or materials on the Site belong to FSC. When content published on this Site contains third-party owned materials, including, for example, documents, articles, audio visuals, audios, graphics, marks, or logos etc., anyone wishing to use such content is solely responsible for clearing the rights to that material with the right holder(s).

The contents provided on this Site solely serve the purpose of providing information and are legally not binding. Everything on this Site is provided to you “as is” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, non-infringement or arising from a course of dealing, usage trade or practice. 
It is your responsibility to evaluate the accuracy, completeness and usefulness of any opinions, advice, services or other information provided. Some jurisdictions do not allow the exclusion of implied warranties, so the above disclaimer may not apply to you. In addition, the materials contained in this Site could contain technical inaccuracies or typographical errors. Changes are periodically added to the information herein. FSC GD may make improvements and/or changes in this Site and promotions described in this Site at any time without notice.

FSC GD as technical supporter of the Site shall not be liable for, any damages to, or viruses that may infect, your computer equipment or other property on account of your access to, use of, or browsing within this Site, or your downloading of any materials, data, text, images, video, or audio from this Site. In no event shall FSC GD be liable for any incidental or consequential damages, lost profits, or lost data or any indirect damages.

When referring to internet websites or content of third parties (links), FSC GD assumes no responsibility for the contents of the pages linked. By accessing these links, you leave the information area of this Site. For information provided by third parties, there may be different policies admissible, especially in terms of data protection.

FSC GD is committed to ensuring the privacy of your personal information. This Privacy Policy Statement applies also to other websites of FSC GD, unless other websites that may be affiliated with FSC GD which are published under a different subdomain provide a different privacy statement. FSC GD respects the privacy of users of this Site and believes that such information should be used responsibly and appropriately.

FSC GD collects data from you, through our interactions with you and through our services. In general, all users may visit this Site anonymously and without revealing any additional personal information. There are times, however, when we may need information from you. This is usually required in order for us to promptly respond to your requests for information or to answer your questions. You might also provide some of personal data directly, if for instance you register on our website, subscribe to our newsletters, apply for membership, register for an event, or register for the Consultation Platform, etc.

3.1 Personal Data We Collect

The data we collect depends on the context of your interactions with FSC GD, the choices you make, including your privacy settings, and the features of the website you use. The data we collect can include the following:

• Name and contact data. We can collect your first and last name, email address, postal address, phone number, and other similar contact data.
• Credentials. We collect occasionally passwords, password hints, and similar security information used for authentication and account access.
• Demographic data. Very rarely we collect data about you such as your age, gender, country, and preferred language.
• Location data. We can collect data about your imprecise location data, for example, a location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level.

Several of our services require some personal data in order to be able to provide you with this service. However, we will inform you in this case with a separate privacy statement in this regard.

3.1.1 Registration on our website

During the registration on the website, some personal information will be collected, such as name, address or contact details such as telephone number and e-mail address. The registration allows a user to access content and services that are offered only to the registered users. Registered users have the option of changing or deleting the data specified during registration at any time. Upon your request, we provide you with information about the personal data we hold about you. Furthermore, upon your request we rectify or delete your personal data, as far as no statutory storage requirements apply.

3.1.2 Newsletter

When you sign up to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be notified by email about circumstances relevant to the service or registration (such as changes to the newsletter offer or technical conditions).

For an effective registration we need your name and a valid e-mail address. In order to verify that an application is actually made by the owner of an e-mail address, we use the "double-opt-in" procedure. For this purpose, we store the information about the subscription to the newsletter, the confirmation mail and the receipt of the requested answer. The data will be used exclusively for newsletter distribution and will not be passed on to third parties.

The consent to the storage of your personal data and their use for the newsletter can be revoked at any time, by clicking a corresponding link in the newsletter. You can also withdraw your consent and unsubscribe from this website at any time or provide us with your request via the contact details provided at this page.

3.1.3 Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. You can view our website without Google Analytics cookies. You can refuse the use of Google Analytics cookies by selecting the appropriate settings (“accept necessary cookies only”) on your browser. Please note that if you do this you may not be able to use the full functionality of this website.

3.1.4 Social plugins

Our websites use social plugins of the providers listed below. The plugins can be recognized by the fact that they are marked with the appropriate logo.

These plug-ins may be used to send information, which may include personal information, to the service provider and may be used by the service provider. We prevent the unconscious and unwanted collection and transmission of data to the service provider through a 2-click solution. To activate a desired social plugin, it must first be activated by clicking on the corresponding button. Only through this activation of the plugin is the detection of information and its transmission to the service provider triggered. We do not collect personally identifiable information by means of social plugins or their use.

We have no control over what data an enabled plugin collects and how it is used by the provider. At present, it must be assumed that a direct connection to the services of the provider will be developed and at least the IP address and device-related information will be collected and used. It is also possible that the service providers try to save cookies on the computer used. Please refer to the privacy policy of the respective service provider to see which specific data is collected here and how it is used. Note: If you are logged in to Facebook at the same time, Facebook may identify you as a visitor to a particular page.

We have integrated the social media buttons of the following companies on our website:

• Facebook Inc. (1601 S. California Ave - Palo Alto - CA 94304 - USA)
• Twitter Inc. (795 Folsom St. - Suite 600 - San Francisco - CA 94107 - USA)
• Google Plus / Google Inc. (1600 Amphitheater Parkway - Mountain View - CA 94043 – USA)
• Pinterest Inc. (808 Brannan Street, San Francisco, CA 94103)
• LinkedIn (Gardner House, 2 Wilton Pl, Grand Canal Dock, Dublin, Ireland)
• Email plugin

3.1.5 Cookies

Like many other websites, we also use "cookies".  Cookies are text files placed on your computer, to help the website analyze how users use the site. This automatically gives us certain data, such as IP address, browser used, operating system from your computer and your connection to the Internet. The information generated by the cookie about your use of the website (including your anonymized IP address) will be transmitted and stored on our servers in France and Germany. FSC GD will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Unless the law requires so, in no case will the data collected by FSC GD be passed on to third parties or a link with personal data will be established without your consent, unless the law requires so.

Only the people from within the FSC Network (which may include affiliates of FSC GD (collectively, "FSC") who need it to respond to your communication will use this information. We do keep track of the countries and domains from which people visit us, the browser and/or Internet Service Provider used and other related data. We analyze this data for trends and statistics. We do not collect any personal data and user sessions are anonymous.

You can view our website without cookies. You can refuse the use of cookies by selecting the appropriate settings (“do not accept cookies”) on your browser. Please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by FSC GD in the manner and for the purposes set above. 

This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Your consent applies to the following domains: fsc.org

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.

Your consent applies to the following domains: fsc.org

All the personal data we process is processed by responsible FSC staff and affiliates on need-to-know basis. FSC GD is the processor providing the technical support of the Site, for the purposes of IT hosting and maintenance all information is located on servers in Strasburg in France and Cologne in Germany.

We might use your personal data to enable the purpose of the service, or your request based on consent, to improve and update related services, communicate with you, secure against fraud and abuse, troubleshoot issues and as necessary for safety and integrity based on our legitimate interest. In addition, we use your personal data as is required by law.

3.3 How long we keep it?

This would depend on the service you are receiving from us. We may have a legal obligation to retain your data for a number of years. However, as a minimum, we shall keep your data for 5 years following the termination of your business relationship with us. In some cases, we may be legally obliged to keep your data for 10 years. Any information we use for marketing purposes might be kept with us until you notify us that you no longer wish to receive this information.

3.5 What are your rights?

By law, you have 8 fundamental data subject rights:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.

As a consequence, you can make changes or revoke your consent by notifying us with effect for the future.

3.6 You can complain

If you have a complaint about our use of your information, please contact our responsible contact person in the office directly in the first instance so that we can address your complaint: privacy@fsc.org

3.7 Changes in our Privacy Policy Statement

We reserve the right to change this Privacy Policy Statement from time to time to ensure that it complies with current legal requirements or to implement changes to our services in the Privacy Policy Statement, for example, when introducing new services. In this case your further visit will be subject to the new privacy policy. Be sure to check back here periodically for any changes.

This Privacy Policy Statement does not extend to anything that is inherent in the operation of the Internet, and beyond the control of FSC GD and is not to be applied in any manner contrary to applicable laws, rules or regulations.

FSC GD has produced a subject access request form, which you might use to send FSC GD a request. The use of the standard form is not compulsory, however this form can make it easier for you to recognize your subject rights and to include all the details you might need to locate the information you want. You can find the request form here . 

You can send your request or any further questions to: privacy@fsc.org or to:

FSC International
FSC Global Development GmbH 
Adenauerallee 134 
53113 Bonn Deutschland / Germany

By using any of the various ‘Contact Us’ online forms, you agree to the terms of this Privacy Statement. 

5.1 What Information We Collect

In order to detail with your request, we may collect some personal data. The personal data we collect on the ‘Contact Us’ forms includes the following:
• Full name (first name, last name)
• Email address
• Location
• IP address
• Cookie ID
• Date & Time; or
• Specific content provided by user which might contain further personal and business data specific to each ‘Contact Us’ online form.

5.2 How We Collect Your Data 

You as a website user directly provide us with most of the data we collect. As user of the ‘Contact Us’ forms you are responsible for providing accurate, complete and up-to-date information.
This information includes your full name (first name, last name), email address, and country.

5.3 How We Use Your Data

We process your personal data for one or several of the following purposes:
• To communicate with you,
• To provide information on FSC licenses or on collaboration with FSC,
• To improve and maintain performance in the FSC certification process,
• To help us to produce FSC reports,
• To monitor compliance with the certification process,
• To handle complaints or resolve infringements,
• To show impact of FSC,
• To develop market intelligence; or
• As is required by law for safety and integrity.
All the personal data we process is processed by FSC GD, however for the purposes of IT hosting and maintenance this information is located on servers in Strasburg in France and Cologne in Germany.
We will not collect any personal data from you that we do not need to provide and oversee this service to you.

 5.4. Who We Share Your Data With

Your personal data will be accessible to the data controller at FSC GD. We will only share your personal data with third parties with whom we contract in order to pursue our legitimate interest in providing services to you, answering your queries and handling your complaints. This can include:
• Staff or units of different entities of the FSC Group1,
• Staff or units of FSC network partners2 & certification bodies3,
• Members of stakeholder working groups,
• Third party service providers; email service providers; IT service providers,
• Companies about which a complaint is submitted, or
• Independent experts, governmental offices or appeals panels in the complaints process.
We will take all reasonable steps, such as the inclusion of clauses in our contracts with such processors or controllers, to ensure that your personal data is safe and treated securely and in accordance with this Privacy Statement.

5.5 Transfer of Data

The personal data that we collect from you may be transferred to, and processed by, a processor based in a destination outside of the European Economic Area (EEA). If this happens, we will take steps, such as the inclusion of contractual clauses into our contracts with such processors or controllers, to ensure that your personal data is safe and treated securely and in accordance with this Privacy Statement.

5.6 How Long We Keep Your Personal Data

This would depend on the issue you are contacting us for. Personal data collected for our ‘Contact Us’ forms will not be stored longer than is necessary in order to achieve the purposes as named within this privacy and cookie statement unless FSC or any of the third-parties engaged by FSC must observe a longer statutory retention period based on a legal obligation. In some cases, we may be legally obliged to keep your data for 10 years. Any information we use for marketing purposes might be kept with us until you notify us that you no longer wish to receive this information. 

5.7 Security

FSC is committed to ensuring the privacy of your personal information. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

5.8. Your Rights

FSC would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following with regards to their data:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.
Upon your request, we provide you with information about the personal data we hold about you. You have the right to access or verify your personal data FSC GD is holding and to have your personal data modified, corrected or deleted under certain conditions at any time. If you would like to exercise one of your data protection rights, please do not hesitate to contact us at privacy@fsc.org.

5.9 Cookies and Similar Technologies

What are cookies?
Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

How do we use cookies?
Our use of Cookies automatically gives us certain data, such as IP address, browser used, operating system from your computer and your connection to the internet. The information generated by the cookie about your use of the Contact Us online forms (including your anonymized IP address) will be transmitted and stored on our servers in France and Germany. FSC GD will use this information for the purpose of evaluating your use of the Contact Us online forms, compiling reports on activity and providing other services relating to Contact Us online forms activity and internet usage. Unless the law requires so, in no case will the data collected by FSC GD be passed on to third parties or a link with personal data will be established without your consent.

How to manage cookies
You can use our Contact Us online forms without cookies. You can refuse the use of cookies by selecting the appropriate settings (“do not accept cookies”) on your browser. Please note that if you do this you may not be able to use the full functionality of Contact Us online forms. By using Contact Us online forms, you consent to the processing of data about you by FSC GD in the manner and for the purposes set above.

5.10 Your Requests and Complaints

If you have any request for access, rectification, blocking and/or erasure of your personal data please contact us at privacy@fsc.org. In the event you have a complaint, please contact our Data Protection Officer directly (see details below) in the first instance so that we can address your request and/or complaint.

Scheja & Partner Rechtsanwälte

Mr. Boris Reibach

Adenauerallee 136, 53113 Bonn

Tel.: +49 (0) 228-227 226-0

Fax: +49 (0) 228-227 226-26

E-mail: info@scheja-partner.de

Contact form: http://www.scheja-partner.de/kontakt/kontakt.html

Website: www.scheja-partner.de

 5.11 How to Contact Us

If you have questions about this Privacy Statement, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us:
Email us at: privacy@fsc.org

5.11 Changes to our Privacy Statement 

We reserve the right to change this Privacy Statement from time to time to ensure that it complies with current legal requirements or to implement changes to our services in the Privacy Statement, for example, when introducing new services. In this case your further visit will be subject to the new privacy policy. Be sure to check back here periodically for any changes. 

This Privacy Statement does not extend to anything that is inherent in the operation of the internet, and beyond the control of FSC and is not to be applied in any manner contrary to applicable laws, rules or regulations.

We, the FSC Global Development GmbH, (hereinafter referred to as “We” or “FSC GD”) take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data in the context of the business relationship with you or your employer and the rights to which you are entitled. Your personal data will be processed exclusively in accordance with the applicable statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter "GDPR").

1. Controller of the Data Processing and Data Protection Officer; Contact

The Controller of the data processing as defined in data protection legislation is:

FSC Global Development GmbH
Adenauerallee 134
53113 Bonn
Telefon: +49 228 36766 0
E-Mail:privacy@fsc.org
If you have questions or comments on data protection, please do not hesitate to contact us.

You can reach our Data Protection Officer as follows:

Scheja und Partner Rechtsanwälte mbB
Adenauerallee 136 
53113 Bonn
Telefon +49 228 227 226-0· 
Fax +49 228 227 226-26
https://www.scheja-partner.de/kontakt/kontakt.html

2. Subject Matter of Data Protection; Data Categories

Personal data is the subject matter of data protection. Personal data is any information referring to an identified or identifiable natural person (so-called data subject). It includes data such as name, postal address, e-mail address or telephone number, but also information which necessarily arises during our business relationship with you, such as information on commencement, end and scope of use.

3. Purposes and Legal Bases of Data Processing

Below, you will be provided with an overview of the purposes and legal bases of the data processing in the course of our cooperation and correspondence with you or your company.

3.1 Preparation and Performance of our business relationship with you

Usually, we process your data that is necessary for the preparation or implementation of a business relationship with you (Art. 6 (1) lit. b GDPR) or your company (Art. 6 (1) lit. f GDPR).

The purposes of the data processing depend on the specific business relationship and include in particular:

• Contractual relationships and obligations,
• Communication regarding services,
• Support of business and cooperation partners, 
• Certification Management,
• Stakeholder Engagement,
• Marketing, or similar

3.2  Data processing when conducting web and phone conferences

When conducting web and phone conferences for online meetings, events, discussions, live online training and other online events (hereinafter “online meeting”), we use the following services:

• MS Teams
• Zoom

Note: Insofar as you access the website of the services used to participate in the online meeting, the respective provider is responsible for data processing. With regard to the processing of personal data by the provider, we refer to their privacy policy:

MS Teams: https://privacy.microsoft.com/de-de/privacystatement
Zoom: Zoom Privacy Statement | Zoom

Various categories of data are processed when using the aforementioned provider. For the invitation, we use the contact data that was provided to us in the context of our business relationship or the initiation of business. These are in particular your name and your e-mail address. Furthermore, we process information that you provide when participating in the online meeting. If this is linked to your person, it is also personal data. This can be, for example, chat data, contributions, and content shared by you during the web meetings, such as presentations and documents. In addition, depending on the medium used, further data (so-called metadata) such as IP addresses, browser type, device type or similar is collected when you participate in the online meeting. 
We only process this data insofar as this is necessary for the implementation of the web meeting and to enable the smooth implementation of the web meeting. We conduct web meetings as part of a contractual relationship or an initiation of a contract with you (Art. 6 (1) lit. b GDPR - e. g. webinars, online seminars), as part of a business relationship with the company for which you work (Art. 6 (1) lit. f GDPR - in the interest of carrying out joint projects and other business relationships) or insofar as you have given us your informed consent to do so in individual cases (Art. 6 (1) lit. a GDPR).  
With your consent, data processing may also include recordings of the online meeting including video and audio recordings, presentations, text files or log files (Art. 6 (1) lit. a GDPR). If we intend to record webinars, online seminars, conferences or other online events, you will be informed in advance. A recording will only take place if you voluntarily consent after prior information.

3.3 Data processing in the context of consent

Under certain circumstances, we also process your personal data based on the consent submitted by you. The purpose pursued with the processing results from the content of the respective consent. This is particularly the case if you have subscribed to our newsletter, events, webinars or similar. The data processing is based on Art. 6 (1) lit. a GDPR.  You can withdraw your consent at any time. Please note, however, that this withdrawal only has an effect for the future, i. e. the legality of the processing of the data already carried out on the basis of your consent up to the time of the revocation is not affected by the revocation. 

In order to comply with the obligations to provide evidence concerning us, we retain the documentation of your consent even after your withdrawal for three years from the end of the year in which you withdraw the consent. The legal basis for this processing is Art. 6 (1) lit. c in conjunction with Art. 5 (1) lit. a, (2), Art. 7 (1) GDPR and Art. 6 (1) lit. f GDPR.

3.4 Data processing due to a legal obligation

Your data may also be processed if we are obliged to process your data due to a legal obligation (Art. 6 (1)  lit. c GDPR). Such obligations follow, for example, from commercial, tax, money laundering, financial law or retention obligations. The specific purposes of the processing result from the respective legal obligation whereby the processing usually serves to comply with state control and information obligations.

4. Recipients

Within our company, only those departments and employees who absolutely need such access to fulfill their functions or tasks have access to your personal data. 
We only disclose your personal data to external recipients if there is a legal justification for this or you have consented to it. External recipients may be:

• Processors: service providers we use to provide human resources services or who are tasked with maintaining our IT systems or similar. 
• Public bodies: Authorities and government institutions, such as public prosecutors' offices, courts or tax authorities, to which we may have to transfer personal data in individual cases.
• Private bodies: Private bodies to which we transfer your personal data on the basis of a legal provision or your consent, for example affiliated companies, lawyers or tax consultants.

5. Data Transfer to Third Countries

In some cases, your data will be transferred to another entity whose registered office or place of data processing is not located in a member state of the European Union or in another member state of the Agreement on the European Economic Area.

If there is no adequacy decision of the European Commission for the third country, we work towards an adequate level of data protection for the transfer of personal data outside the EEA by concluding appropriate agreements with the recipients, which are regularly based on the EU standard contractual clauses, before the data is transferred.

6. Retention Period 

We will delete your data if it is no longer necessary for the purposes we are pursuing, the storage period specified in the consent has expired or you withdraw your consent and no other legal basis applies and/or legitimizes continued processing. If the latter applies, we will delete your data when these other legal bases cease to apply.

7. Rights of Data Subjects

As data subject affected by the data processing, you are entitled to several rights. In detail: 

Right of access: You have the right to obtain information about the data processed about you.

Right of rectification and erasure: You can request us to correct wrong data and – to the extent the statutory requirements are fulfilled – to delete your data. 

Restriction of processing: You can request us – to the extent the statutory requirements are fulfilled – to restrict the processing of your data. 

Data portability: If you provided us with data on the base if a contract or an approval, you can request, if the statutory requirements are fulfilled, to receive the data provided by you in a structured, common and machine-readable format or that we transmit them to another controller.

Right to object: Individual right to object 
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of which is based on lit. f of Article 6 (1) GDPR. This personal data will then no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

Revocation of the consent: To the extent you provided us with consent of processing your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until such revocation shall remain unaffected.

Complaint with the supervisory authority: In addition, you can file a complaint with the competent supervisory authority if you are of the opinion that the processing of your data violates applicable law. For this purpose, you can contact the data protection authority competent for your place of residence or your country or the data protection authority which is competent for us. 

8. Contact and exercising your rights

If you have any questions about the processing of your personal data, about this information letter or about asserting your data subject rights, you can contact us. Please use our contact details under section 1. 

State:
November 2024

We, the FSC International Center gGmbH, (hereinafter referred to as “We” or “FSC IC”) take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data in the context of the business relationship with you or your employer and the rights to which you are entitled. Your personal data will be processed exclusively in accordance with the applicable statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter "GDPR").

1. Controller of the Data Processing and Data Protection Officer; Contact

The Controller of the data processing as defined in data protection legislation is:

FSC International Center gGmbH
Adenauerallee 134
53113 Bonn
Telefon: +49 228 36766 0
E-Mail: privacy@fsc.org
If you have questions or comments on data protection, please do not hesitate to contact us.

You can reach our Data Protection Officer as follows:

Scheja und Partner Rechtsanwälte mbB
Adenauerallee 136 
53113 Bonn
Telefon +49 228 227 226-0 
Fax +49 228 227 226-26
https://www.scheja-partner.de/kontakt/kontakt.html

2. Subject Matter of Data Protection; Data Categories 

Personal data is the subject matter of data protection. Personal data is any information referring to an identified or identifiable natural person (so-called data subject). It includes data such as name, postal address, e-mail address or telephone number, but also information which necessarily arises during our business relationship with you, such as information on commencement, end and scope of use.

3. Purposes and Legal Bases of Data Processing

Below, you will be provided with an overview of the purposes and legal bases of the data processing in the course of our cooperation and correspondence with you or your company.

3.1 Preparation and Performance of our business relationship with you

Usually, we process your data that is necessary for the preparation or implementation of a business relationship with you (Art. 6 (1) lit. b GDPR) or your company (Art. 6 (1) lit. f GDPR).

The purposes of the data processing depend on the specific business relationship and include in particular:

• Contractual relationships and obligations,
• Communication regarding services,
• Support of business and cooperation partners,  
• Certification Management,
• Stakeholder Engagement,
• Marketing, or similar

3.2   Data processing when conducting web and phone conferencea

When conducting web and phone conferences for online meetings, events, discussions, live online training and other online events  (hereinafter “online meeting”), we use the following services:

• MS Teams
• Zoom 

Note: Insofar as you access the website of the services used to participate in the online meeting, the respective provider is responsible for data processing. With regard to the processing of personal data by the provider, we refer to their privacy policy:

MS Teams: https://privacy.microsoft.com/de-de/privacystatement 
Zoom: Zoom Privacy Statement | Zoom

Various categories of data are processed when using the aforementioned provider. For the invitation, we use the contact data that was provided to us in the context of our business relationship or the initiation of business. These are in particular your name and your e-mail address. Furthermore, we process information that you provide when participating in the online meeting. If this is linked to your person, it is also personal data. This can be, for example, chat data, contributions, and content shared by you during the web meetings, such as presentations and documents . In addition, depending on the medium used, further data (so-called metadata) such as IP addresses, browser type, device type or similar  is collected when you participate in the online meeting. 

We only process this data insofar as this is necessary for the implementation of the web meeting and to enable the smooth implementation of the web meeting. We conduct web meetings as part of a contractual relationship or an initiation of a contract with you (Art. 6 (1) lit. b GDPR - e. g. webinars, online seminars ), as part of a business relationship with the company for which you work (Art. 6 (1) lit. f GDPR - in the interest of carrying out joint projects and other business relationships) or insofar as you have given us your informed consent to do so in individual cases (Art. 6 (1) lit. a GDPR).  
With your consent, data processing may also include recordings of the online meeting including video and audio recordings, presentations, text files or log files (Art. 6 (1) lit. a GDPR). If we intend to record webinars, online seminars, conferences or other online events , you will be informed in advance. A recording will only take place if you voluntarily consent after prior information.

3.3 Data processing in the context of consent

Under certain circumstances, we also process your personal data based on the consent submitted by you. The purpose pursued with the processing results from the content of the respective consent. This is particularly the case if you have subscribed to our newsletter, events, webinars or similar. The data processing is based on Art. 6 (1) lit. a GDPR.  You can withdraw your consent at any time. Please note, however, that this withdrawal only has an effect for the future, i. e. the legality of the processing of the data already carried out on the basis of your consent up to the time of the revocation is not affected by the revocation.  

In order to comply with the obligations to provide evidence concerning us, we retain the documentation of your consent even after your withdrawal for three years from the end of the year in which you withdraw the consent. The legal basis for this processing is Art. 6 (1) lit. c in conjunction with Art. 5 (1) lit. a, (2), Art. 7 (1) GDPR and Art. 6 (1) lit. f GDPR.

3.4 Data processing due to a legal obligation
Your data may also be processed if we are obliged to process your data due to a legal obligation (Art. 6 (1)  lit. c GDPR). Such obligations follow, for example, from commercial, tax, money laundering, financial law or retention obligations. The specific purposes of the processing result from the respective legal obligation whereby the processing usually serves to comply with state control and information obligations.

4. Recipients
Within our company, only those departments and employees who absolutely need such access to fulfill their functions or tasks have access to your personal data. 
We only disclose your personal data to external recipients if there is a legal justification for this or you have consented to it. External recipients may be:

• Processors: service providers we use to provide human resources services or who are tasked with maintaining our IT systems or similar.  
• Public bodies: Authorities and government institutions, such as public prosecutors' offices, courts or tax authorities, to which we may have to transfer personal data in individual cases.
• Private bodies: Private bodies to which we transfer your personal data on the basis of a legal provision or your consent, for example affiliated companies, lawyers or tax consultants. 

5. Data Transfer to Third Countries 

In some cases, your data will be transferred to another entity whose registered office or place of data processing is not located in a member state of the European Union or in another member state of the Agreement on the European Economic Area.

If there is no adequacy decision of the European Commission for the third country, we work towards an adequate level of data protection for the transfer of personal data outside the EEA by concluding appropriate agreements with the recipients, which are regularly based on the EU standard contractual clauses, before the data is transferred.

6. Retention Period 

We will delete your data if it is no longer necessary for the purposes we are pursuing, the storage period specified in the consent has expired or you withdraw your consent and no other legal basis applies and/or legitimizes continued processing. If the latter applies, we will delete your data when these other legal bases cease to apply. 

7. Rights of Data Subjects

As data subject affected by the data processing, you are entitled to several rights. In detail: 

Right of access: You have the right to obtain information about the data processed about you.

Right of rectification and erasure: You can request us to correct wrong data and – to the extent the statutory requirements are fulfilled – to delete your data. 

Restriction of processing: You can request us – to the extent the statutory requirements are fulfilled – to restrict the processing of your data. 

Data portability: If you provided us with data on the base if a contract or an approval, you can request, if the statutory requirements are fulfilled, to receive the data provided by you in a structured, common and machine-readable format or that we transmit them to another controller.

Right to object: Individual right to object 
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of which is based on lit. f of Article 6 (1) GDPR. This personal data will then no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

Revocation of the consent: To the extent you provided us with consent of processing your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until such revocation shall remain unaffected.

Complaint with the supervisory authority: In addition, you can file a complaint with the competent supervisory authority if you are of the opinion that the processing of your data violates applicable law. For this purpose, you can contact the data protection authority competent for your place of residence or your country or the data protection authority which is competent for us. 

8. Contact and exercising your rights

If you have any questions about the processing of your personal data, about this information letter or about asserting your data subject rights, you can contact us. Please use our contact details under section 1 . 

State:
November 2024
 

Privacy Statement for our Online Event 

Introduction: 

Thank you for participating in our Online Event. We respect your privacy and want you to understand how we collect, use, and share personal data about you in compliance with applicable data protection laws in relation to your attendance at our Online Event meetings.

This Privacy Statement covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal data. Except where we provide you a link to a different privacy statement or reference to other privacy documentation, this Privacy Statement applies when you participate in our Online Event.

Table of Contents:  

1. Controller and the Data Protection Officer 
2. What Personal Data We Collect for the purpose of conducting an Online Event 
3. How We Collect Your Personal Data 
4. How We Use Your Personal Data 
5. Additional Data Processing for Conducting Online Events Via Zoom 
6. Who We Share Your Personal Data With 
7. How Long We Keep Your Personal Data 
8. Security 
9. Your Rights 
10. Cookies & Similar Technologies 
11. Changes in our Privacy Statement 

1. Controller and the Data Protection Officer 

The FSC company whose Online Event you attend is the data controller within the meaning of data protection laws. You will find a list of the data controllers at the end of this document.  

If you have questions about this Privacy Statement, the personal data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us: 

Email us at: privacy@fsc.org 

You can contact our Data Protection Officer at the following address: 

Scheja & Partners GmbH & Co. KG 

Mr. Boris Reibach Adenauerallee 136, 53113 Bonn 

Tel.: +49 (0) 228-227 226-0 

Fax: +49 (0) 228-227 226-26 

Email: info@scheja-partners.de 

Contact form: http://www.scheja-partners.de/kontakt/kontakt.html Website: www.scheja-partners.de 

European FSC companies responsible for the processing (Controller): 

FSC Global Development GmbH 

Adenauerallee 134, 53113 Bonn, Germany 

Phone: 0049 (0) 228 36766 0 

Fax: 0049 (0) 228 36766 65 

FSC International Center gGmbH,  

Adenauerallee 134, 53113 Bonn, Germany 

Phone: 0049 (0) 228 36766 0 

Fax: 0049 (0) 228 36766 65 

2. What Personal Data We Collect for the purpose of conducting an Online Event 

To fulfill the Purpose of this Privacy Statement, we may need to collect or store personal data. The personal data we process can include the following:  

• E-mail address (mandatory) 

Voluntary: 

• Full name (title, first name, middle name, last name) 
• Country 
• Region 
• Organization or company name 
• Stakeholder category (e.g., FSC member, certificate holder, government, etc.) 
• FSC Certificate Holder type (if applicable) 
• FSC membership chamber (if applicable) 
• Gender identity (Female / Male / Non-binary / Prefer not to say) 
• Age group 
• How did you hear about the event? (FSC Connect, PCI Hub, FSC.org, LinkedIn, Facebook, other) 

3. How We Collect Your Personal Data 

We process personal data provided to us directly by you or through the Online Event or follow-up communication. We will not collect any personal 

data from you that we do not need to provide and oversee this Service to you. 

If the personal data you provided needs to be corrected, please, indicate the changes by sending the email to privacy@fsc.org. 

4. How We Use Your Personal Data 

We are not using your personal data for anything else beyond the Purpose as described in this section of the Statement. 

a) Contractual Necessity (Art. 6 para. 1 b) GDPR) 

We are processing your personal data for the fulfillment of our contract (Art. 6 para. 1 b) GDPR). 

The purposes for the processing include in particular: 

• The registration, organization, management and implementation of Online-Meetings, including your registration as wells es the documentation of your participation. In the FSC webinar registration form we collect your information to manage and facilitate engagement of our webinars and virtual events. 
• Follow-up activities after events 
• Event-centered communication with speakers and participants 
• Making teaching materials and further reading material available 
• Generating and sending registration confirmations, invitations, documents, as well as confirmations of participation and, if applicable, certificates 
• Accounting and invoicing, if applicable. 

b) Legitimate Interests (Art. 6 para. 1 f) GDPR) 

We also process your personal data to protect our legitimate interests or those of third parties (in accordance with Art. 6 para. 1 f GDPR), such as: 

• Improving our offerings and events 
• Following up on events, in particular, evaluating feedback provided, including the necessary communication with you 
• Conducting internal and aggregated analyses to understand stakeholder participation and engagement levels better, and enhancing the accuracy, consistency, and efficiency of data collection and analysis processes — including through the use of automation — to improve event planning, outreach efficiency, and engagement strategies. 
• Participation management, including the documentation of participant lists 
• Information for the speaker for better event planning  
• Enhance stakeholder services  
• Supporting communication about our services 
• Ensuring inclusiveness and transparency in consultation and communication processes  
• Sending information about other Online events, unless you have objected to this. 

Additionally, aggregated and anonymized participation data may be made publicly available through our platforms to illustrate levels of stakeholder engagement and support transparent communication efforts. Please note that your data will not be used to create individual evaluations under any circumstances. 

We may use AI-assisted tools to analyze aggregated, anonymized qualitative feedback (e.g., open-text responses), thereby identifying common themes and enhancing the inclusiveness, clarity, and effectiveness of our engagement processes. These tools operate under strict access controls, do not make automated decisions about individuals, and results are reviewed and interpreted by FSC staff. 

You have the right to object to this processing as described in Section 9. 

c) Consent (Art. 6 para. 1 a) GDPR) 

In case we cannot process the data based on legitimate interest, we will collect your consent (Art. 6 para. 1 a) GDPR). With your consent, data processing may also include image and sound recordings of meetings, including video and audio recordings, presentations, text files, audio or log files. If it is intended to record meetings, you will be informed in advance. Recordings will only be made if and to the extent that you have given your prior consent. As far as we plan to publish the recordings on our YouTube channel we ensure that the recordings only capture only the speaker (non-speaking participants are not visible/recorded) and that the speaker will have given the necessary consent.  

In order to comply with the documentation requirements applicable to us, we will retain the documentation of your consent for three years after the end of the year in which you revoked your consent, even after you have revoked it. The legal basis for this processing is Art. 6 (1) c) in conjunction with Art. 5 (1) a), (2), Art. 7 (1) GDPR and Art. 6 (1) f) GDPR. 

d) Legal Obligations (Art. 6 para. 1 c) GDPR) 

We also process your personal data in order to comply with legal obligations to which we are subject (in accordance with Art. 6 para. 1 c) GDPR). These obligations may arise, for example, from commercial, tax, money laundering, financial, or criminal law. 

5. Additional Data Processing for Conducting Online Events Via Zoom 

We process personal data that you provide during the Online Event or that is necessary to enable your participation, including data from your device’s microphone or video camera, chat messages, posts, and content you share, such as presentations and documents. If you participate in a recorded event, the recording may include audio, video, presentations, and chat messages. Some additional data, such as IP addresses or device information, may be collected automatically by Zoom during the meeting. FSC does not access this technical data directly; Zoom processes it in accordance with its privacy policy, Zoom Privacy Policy. 

Data FSC may process for Online Events 

• User profile information: Last name, first name, email, password (if SSO is not used), profile picture (optional), department (optional), Zoom profile information (if available), unique user ID. 
• Meeting and session content: Meeting and webinar communication content, shared presentations, survey questions and responses (if applicable), chat messages, participant display name, participant status (host, co-host, participant), scheduled and actual meeting time, number of participants, meeting URL, access path/medium, profile information of the meeting host, number of screen shares. 
• Cloud recordings and transcripts: Video/audio recordings (MP4), shared presentations, chat messages included in recordings (M4A or text), audio transcript file (if enabled). 

Data collected by Zoom (FSC does not access directly) 

• Device and technical data: IP addresses, device and hardware information, telemetry data (PC name, microphone, speaker, camera, domain, drive ID, network type, operating system/version, Zoom client version, MAC address). 
• Diagnostic and event logs: Action taken, event type/subtype, in-app event location, timestamp, client UUID, user ID, meeting ID, service logs (contents of Zoom service logs on the end device). 
• Session information: Activity and network quality, session quantity, network performance, etc. 
• Telephone usage data (optional): Caller and recipient phone numbers, country, 911 address, start and end time, host name and email, MAC address of the device used (only if Zoom Phone is used). 

The purpose of our Online Event, particularly in the context of presentations, webinars, meetings, or events, is to facilitate collaboration between event participants and speakers. For this purpose, it is also possible to share content with other participants via “screen sharing” or chat functions. If you wish to restrict processing, you can, of course, switch off or mute the camera and/or microphone of your device at any time. 

We only process this data to the extent necessary to conduct the Online-Event and to enable the Online-Event to run smoothly. We conduct Online-Event within the framework of a contractual relationship or the initiation of a contract with you (Article 6 para. 1 b) GDPR or within the framework of a business relationship with your employer (Article 6 para 1 f) GDPR). We also base the processing on our legitimate interests (Article 6 para 1 f) GDPR) to improve and optimize efficient communication and collaboration with our stakeholders by enabling location-independent participation in meetings and presentations. 

We use Zoom as a tool to conduct our Online Events. Please note: When you visit the Zoom website, the provider is responsible for data processing. With regard to the processing of personal data by the provider, we refer you to their privacy policy: https://explore.zoom.us/de/privacy/. However, visiting the website is only necessary in order to download the software for using Zoom. You can also use Zoom if you enter the respective meeting ID and, if necessary, additional access data for the meeting directly in the Zoom app. 

6. Who We Share Your Personal Data With 

All personal data we process for the purpose of this Privacy Statement is handled by authorized FSC personnel involved in the organization, administration, and follow-up of Online Events, for the purposes described above.

In certain cases, we also engage external contractors and service providers who process encrypted personal data on our behalf and in accordance with our documented instructions. The service providers may support data management, analysis, and automation processes that enhance the accuracy, efficiency, and insightfulness of reporting or visualization activities related to FSC events — for example, to generate participation dashboards, assess engagement levels, improve event management processes, or enhance the quality and inclusiveness of FSC’s stakeholder communication and outreach.

All such external processors are bound by data processing agreements in accordance with Article 28 of the GDPR, ensuring that personal data is processed only for the agreed-upon purposes, under strict confidentiality obligations, and with appropriate technical and organizational security measures.

If the personal data that we collect from you needs to be transferred to, and processed by, a processor based outside of the European Economic Area (EEA), we will take steps, such as including contractual clauses in our contracts with such processors or controllers, to ensure that your personal data is safe and treated securely and in accordance with this Privacy Statement. We have concluded a data processing agreement with the provider of Zoom. An adequate level of data protection is guaranteed on the one hand by the “Data Privacy Framework” certification of Zoom Video Communications, Inc., and on the other hand by the conclusion of the so-called EU standard contractual clauses.

Other than that, we do not share personal data with other third parties, unless described in this Privacy Statement or required to do so by law.

7. How Long We Keep Your Personal Data 

We will keep your personal data only for as long as it is necessary for the processing. However, in certain situations, we are obliged to keep the records for six (6) years if those records are business related and for ten (10) years if tax related. If the data is related to the certification information, in line with the our normative framework we will keep it for ten (10) years beyond the termination of your relationship with us. 

8. Security 

We are committed to ensuring the privacy of your personal data. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect online. 

9. Your Rights 

We would like to make sure you are fully aware of all your data protection rights. You are entitled to the following: 

• The right to access enables you to receive information on whether we process your personal data as well as a copy of the personal data we process about you.
• The right to rectification enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.
• The right to erasure enables you to ask us to delete or remove personal data where there is not a good reason or legitimate interest for us to continue to process it.
• The right to restrict processing enables you to ask us to suspend the processing of your personal data under specific circumstances.
• The right to data portability enables you to request that we provide you or a third party of your choosing with the personal data which you have provided to us (in a structured, commonly used, machine-readable format).
• The right to object enables you to object to our processing of your personal data where we rely on our legitimate interest as legal basis. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.
• The right to make a complaint to the competent data protection authority. We would, however, appreciate the chance to deal with your concerns, so if you have any questions or concerns regarding our processing of your personal data, please contact us at privacy@fsc.org.

If you would like to exercise one of your data protection rights, please do not hesitate to contact us at privacy@fsc.org or our Data Protection Officer at the contact details set out below. 

10. Cookies and Similar Technologies 

Like many other websites, Zoom also uses “cookies.” Cookies are text files placed on your computer to help the website analyze how users use the site. This automatically collects certain personal data, such as your IP address, the browser you use, the operating system on your computer, and your Internet connection. 

When participating in FSC Online Events hosted via Zoom, Zoom may place cookies or use similar technologies on your device. These cookies may: 

• Facilitate your login and participation in the Online Event. 
• Remember your preferences within the Zoom platform. 
• Collect usage data, such as session duration, device type, connection information, and other technical metadata, to ensure the Online Event functions smoothly. 
• Enable certain interactive features, such as polls, chat, or screen sharing. 

Please note that Zoom acts as an independent data controller for cookies and similar technologies placed through its platform. FSC does not place or manage any cookies on the Zoom platform. For details on how Zoom manages cookies and how you can control or disable them, please consult Zoom’s Cookies Policy. 

By participating in FSC Online Events via Zoom, you acknowledge that Zoom may use cookies and similar technologies in accordance with its own Cookies Policy and consent mechanisms. FSC does not manage or collect consent for such cookies. 

11. Changes to our Privacy Statement 

We reserve the right to unilaterally change this Privacy Statement from time to time to ensure that it complies with current legal requirements or to implement changes to our Services in the Privacy Statement, for example, when introducing new services.

Please regularly check this Privacy Statement for possible updates.

This Privacy Statement was last updated on 01/07/2025.