Privacy Policy

Privacy Policy

I. General Information

When you visit our website www.iways.eu, personal data is processed confidentially and in accordance with the statutory data protection provisions of the General Data Protection Regulation (GDPR) and this Privacy Policy. Personal data refers to any information relating to an identified or identifiable natural person. This includes technical data such as IP addresses as well as data you actively provide to us. This Privacy Policy explains the type, scope, purpose and legal basis of the processing activities that take place when you use our website.

II. Controller

European Science Communication Institute (ESCI) gGmbH Lindenstr. 87 26123 Oldenburg Germany Email: mb(at)esci.eu

III. Provision of the Website and Server Log Files

When you access our website, certain data is automatically collected and stored in server log files:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing device
  • Date and time of the request
  • IP address of the requesting device

Purpose of processing:

  • Technical provision of the website
  • Ensuring stability and security
  • Error diagnosis

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating and securing the website)

Storage period: IP addresses are stored for a maximum of 7 days and are then deleted or anonymised.

Hosting: Our website is hosted by OVHcloud SAS, 2 rue Kellermann, 59100 Roubaix, France. Processing of data we control takes place within the EU. External services integrated on our website (e.g., YouTube, Vimeo, Elfsight/Cloudflare) may involve data transfers to third countries. Such transfers are based on the EU–US Data Privacy Framework (Art. 45 GDPR), where applicable.

IV.Contacting Us via Email or Contact Form

If you contact us via email or a contact form, we process the data you provide for the purpose of handling your enquiry and any follow-up questions.

Legal basis:

  • Art. 6(1)(b) GDPR (pre-contractual communication), or
  • Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries)

Storage period: Data is deleted once your enquiry has been fully resolved, unless statutory retention obligations apply.

V. Use of Cookies

This website does not use any non-essential cookies. No cookie consent tool is required, as no cookies requiring consent under the GDPR are set.

VI.Matomo (Cookieless Web Analytics)

We use the open-source analytics tool Matomo to statistically analyse how our website is used. Matomo is operated on our own server at OVHcloud.

Key characteristics:

  • Matomo is operated without cookies
  • IP addresses are immediately anonymised
  • No user profiles are created
  • No data is transmitted to third parties

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in optimising our website) Retention period: Anonymised statistical data is deleted after 180 days. No consent is required.

VII. Integration of External Content

  1. YouTube Videos (Click-to-Load)

Our website may display YouTube videos. These are embedded via a click-to-load mechanism, meaning that no data is transferred to YouTube until you actively click the video.

Provider: Google LLC, USA Google is certified under the EU–US Data Privacy Framework (DPF). Transfers are based on Art. 45 GDPR (adequacy decision).

By clicking the video, you consent to the transfer and processing of your data by YouTube (Art. 6(1)(a) GDPR). Further information: https://www.google.com/policies/privacy/

  1. Vimeo Videos (Click-to-Load)

Vimeo videos are also embedded via click-to-load, so a data transfer occurs only when you activate the video.

Provider: Vimeo Inc., USA Certified under the EU–US DPF.

Legal basis: Art. 45 GDPR and Art. 6(1)(a) GDPR upon activation Privacy policy: https://vimeo.com/privacy

  1. LinkedIn Feed via Elfsight

We use a widget by Elfsight LLC to display our LinkedIn feed. Content is not loaded directly from LinkedIn but via Elfsight servers.

Elfsight does not set any cookies. However, technical data such as IP addresses and browser information are transmitted to Elfsight. Elfsight uses a global Content Delivery Network, which may involve third-country transfers. Transfers to the USA rely on the EU–US DPF (Art. 45 GDPR).

Legal basis: Art. 6(1)(f) GDPR (interest in presenting external content attractively) Privacy policy: https://elfsight.com/privacy-policy/

When you click a post, you are redirected to LinkedIn. LinkedIn is solely responsible for any subsequent data processing.

VIII. Rights of Data Subjects You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR) • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent authority: State Commissioner for Data Protection of Lower Saxony Prinzenstraße 5 30159 Hanover, Germany

IX. Data Security

We use technical and organisational measures to protect your data against manipulation, loss and unauthorised access. Our website uses modern SSL/TLS encryption.

X. Contact for Data Protection Matters

If you have any questions regarding data protection or wish to exercise your rights, please contact us at:

Email: mb(at)esci.eu Address: see Section II.

This Privacy Policy reflects the status as of December 2025 and will be updated as necessary.