The protection of your personal data is a matter of important concern to the Körber Foundation. We observe all legal provisions dealing with data protection and data safety.
In the following you will find information on what personal data we collect when you access our Internet site at www.koerber-stiftung.de (»website«) and use the services and functions contained therein, and how we use these data for what purposes. In addition, we inform you about the legal bases for the processing of your data and, insofar as the data are processed to pursue our legitimate interests, about these legitimate interests.
2 Data controller
The data controller responsible for the processing of your data through the website is the Körber Foundation, Kehrwieder 12, 20457 Hamburg, tel. 040 / 80 81 92 0, firstname.lastname@example.org (»Körber Foundation«, »we« or »us«).
3 References to laws in this Privacy Statement
The laws governing the collection and processing of data through websites are currently undergoing continuous changes. Until 24 May 2018, we will be subject in particular to the provisions of the current Federal Data Protection Act (Bundesdatenschutzgesetz - »BDSG«) and of the Telemedia Act (Telemediengesetz - »TMG«).
On 25 May 2018, the European General Data Protection Regulation (»GDPR«) will enter into force, replacing the current BDSG. For this reason we always also refer to the GDPR in this Privacy Statement and provide information here already before 25 May 2018 which will be binding only after the entry into force of the GDPR. We thereby wish to provide the greatest possible transparency.
4 Contact with the competent data protection officer
You can reach our competent data protection officer at email@example.com.
5 Legal bases for data processing
In accordance with Art. 13 (1) lit. c) GDPR, we must also inform you about the purposes of the processing for which the personal data are intended as well as the legal basis for the processing. In addition to consent to be given, two different legal bases allow the processing of data through our website:
In accordance with Art. 6 (1) sentence 1 lit. b GDPR (and currently in accordance with sec. 28 para. 1 sentence 1 no. 1 BDSG), data processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
In accordance with Art. 6 (1) sentence 1 lit. f GDPR (and currently in accordance with sec. 28 para. 1 sentence 1 no. 2 BDSG), data processing is also lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
We refer in the following to these two legal bases in connection with the data processing concerned in each case.
6 Accessing our website
We collect and store the IP address assigned to your computer in order to transmit to your computer the contents of our website retrieved by you (e.g. texts, pictures, articles as well as files made available for downloading, etc.). For the purpose of communicating with our website, your full IP address is processed and stored only for the duration of your visit to our website and is subsequently deleted automatically. The legal basis for this is Art. 6 (1) lit. b GDPR (or, as the case may be, sec. 28 para. 1 sentence 1 no. 1 BDSG).
In addition, we collect and process information regarding the use of the website, for example the browser type being used as well as the date and time of access to the website. We process these data to optimise our website and offers and for market analysis purposes. For this, we use the technologies of etracker GmbH (www.etracker.com). etracker GmbH first processes your IP address and then stores it in a shortened form so that it is not possible to identify individual users. etracker GmbH has undertaken to never merge any IP addresses with other datasets, e.g. to link a person to the data. The legal basis is Art. 6 (1) lit. f GDPR (or, as the case may be, sec. 28 para. 1 sentence 1 no. 2 BDSG). Our legitimate interest in this data processing exists in that we have a need to make available a website with a needs-based design, optimised to suit the terminal devices being used.
To ensure the fault-free operation of our web server and to guarantee server security, your complete IP address will additionally be stored by our server provider, OMCnet Internet Service GmbH, Ernst-Abbe-Straße 10, 25451 Quickborn, for the duration of 14 days. After the expiry of the 14-day period, the full IP address is deleted automatically. The legal basis for this is Art. 6 (1) lit. f GDPR (or, as the case may be, sec. 28 para. 1 sentence 1 no. 2 BDSG).
7 Subscription to newsletters and other messages
On our website you can subscribe to our newsletter or other messages that we send by email regarding certain topics. For this, we store your name and your email address and use these data to send you by email the newsletter or, as the case may be, the messages desired by you. A prerequisite for the receipt of newsletters or other messages is your consent in accordance with Art. 6 (1) lit. a GDPR (or, as the case may be, in accordance with secs. 4a BDSG, 13 para. 2 TMG).
Your consent to receiving our newsletters or other messages by email is verified by us by means of the so-called double opt-in procedure. This means that we first ask, by email to the email address stated in the course of the subscription process, that you actively confirm your consent to receiving the newsletters or other messages, before we begin sending them. The information about the confirmation is used by us to document and, if need be, to prove your consent. You can at any time revoke your consent to the sending of newsletters or other messages and to the use of your personal data for those purposes, with effect for the future, without thereby incurring any costs other than the transmission costs in the amount of the basic tariffs. Any revocation of your consent will leave the lawfulness of processing on the basis of such consent unaffected.
On our website you can order books for payment as well as cost-free flyers. We are also planning to enable you to order brochures. The information provided by you when ordering books and brochures (e.g. your name, your address, your email address, personal remarks regarding the order as well as any payment data) is collected and used by us for your order in accordance with Art. 6 (1) lit. b GDPR (or, as the case may be, sec. 28 para. 1 sentence 1 no. 2 BDSG) to send you the books or the brochures in the manner requested by you. Please also note the information regarding the inclusion in our data processing programs (Section 13).
9 Interaction with social networks and services
On our website you can interact as described below with the following social networks and services operated by third parties: Facebook, Google+, Google Fonts, Google Maps, Twitter, YouTube, Flickr, Instagram, Tumblr and Pinterest. In the case of the networks Facebook, Google+ und Twitter, the connection to the network is made only once you click on the proper link.
From that moment, data can be transmitted to the network concerned. The further services named above are used by us to incorporate content (such as videos and photos) into our website. As the contents are stored on the server of the provider concerned in each case, data can be transmitted to the provider concerned already from the moment in which you retrieve the contents from our website.
We have no influence on the data being collected or on the data processing operations, and we are neither responsible for this data processing nor the data controller within the meaning of the GDPR and of the BDSG. The full extent of the data collection, its legal basis, the purposes as well as the retention periods are also not known to us. Therefore the information provided here is not necessarily complete.
To our knowledge, the provider receives the information that you have accessed the subpage concerned on our website. In view of your visit to the website, your IP address, the date and time of the enquiry, the URL of the website from which the enquiry came, the language and version of your browser, your operating system and its interface, the cookie ID and your user name for the social network, if any, are transmitted. According to Facebook, that provider collects only an anonymised IP address in Germany.
To our knowledge, the provider stores these data in user profiles used by the provider for the purposes of advertising, market research and/or the needs-based design of its website. Such an analysis is made (also for users who are not logged in) in particular to display needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object against the creation of such user profiles. If you wish to exercise this right to object, please contact the provider concerned.
Further information about the purpose and scope of data usage can be found in the various providers' privacy statements. You will also find further information there regarding your rights in this respect and the proper settings to protect your privacy.
Addresses of the various providers and URL with their privacy statements:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php.
- Google Inc. (for Google+ and Google Fonts), 1600 Amphitheater Parkway, Mountain View, California 94043, USA; www.google.com/intl/de/policies/privacy/.
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; www.twitter.com/privacy.
- YouTube LLC with its principal place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA, www.google.com/intl/de/policies/privacy/.
- Flickr: Yahoo! EMEA Limited, 5-7 Point Village, North Wall Quay, Dublin 1, Ireland, policies.yahoo.com/ie/de/yahoo/privacy/index.htm.
- Instagram LLC, 1601 Willow Rd. Menlo Park, California 94025, USA, help.instagram.com/155833707900388.
- Tumblr, Inc., 35 East 21st St, Ground Floor, New York, NY 10010, USA, www.tumblr.com/policy/en/privacy.
- Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, about.pinterest.com/de/privacy-policy.
When you visit our website, we place so-called »cookies«. A cookie is a file containing certain user information that we read when you return to our website. Our cookies contain series of numbers and letters as a means of identifying (ID) the accessing computer.
We use transient cookies. Transient cookies (temporary cookies) are automatically deleted when you close your browser. This more specifically includes session cookies. They store a so-called session ID, which allows several enquiries from your browser to be attributed to the joint session. This makes it possible to recognise your terminal device when you return to the website. Transient cookies are deleted when you log out or close the browser.
In addition, we also use persistent or permanent cookies by means of our service provider etracker GmbH. These cookies are stored in your browser and remain there even after you end the browsing session. The cookies connect to the website as soon as it is opened the next time, and they serve the purpose of improving our website offer for you. In particular, they enable us to recognise whether our offer appeals to users enough for them to return regularly. This makes it possible for us to tailor our offer even more precisely to suit our users' needs. But you do have the possibility when you visit our website to be entirely excluded from any data storage by etracker GmbH. For this, please follow this link.
These transient and persistent cookies are used by us only to assure the performance / availability of the service desired by the user in accordance with Art. 6 (1) lit. f GDPR (or, as the case may be, sec. 28 para. 1 sentence 1 no. 2 BDSG). Our legitimate interest in the data processing is to optimise the website settings for the terminal device used by you and to customise the user interfaces and, in view of the persistent cookies, to improve our offer for you.
You can configure the browser settings as you wish and, for example, refuse to accept certain cookies, e.g. third-party cookies (see there), or refuse all cookies. You can at any time delete cookies yourself in the security settings of your browser or deactivate the cookie function in your Internet browser. It is not absolutely necessary for the navigation and functioning of the website to accept cookies. But we would like to advise you that you may then not be able to fully use all functions of this website. This especially concerns event announcements and book orders. To be able to use this function, you must accept cookies. Instructions regarding the admission, rejection, inspection and deletion of cookies can be found through the help function of your Internet browser.
The stored information is stored separately from any further data that you may provide to us. In particular, the data on the cookies are not merged with any other personal data such as, for example, the registration data for a particular event.
11 Third-party cookies
Some services used by us on our website, e.g. Infogram and Knightlab, use so-called third-party cookies for certain graphs.
Third-party cookies are cookies of third-party providers placed by other websites than the one you are currently visiting. These cookies are placed on our website, for example through the inclusion of services or display of pictures or other elements from third-party providers on our website.
As described above, you can change your browser settings so that the acceptance of third-party cookies will be refused.
12 Analysis of use
On our website, we analyse the use of our website in accordance with the following sections, for the purposes of optimising our website and of market research. The legal basis for this data processing is sec. 15 para. 3 TMG.
To this end, data for market research and optimisation purposes are collected and stored on this website by means of the technologies of etracker GmbH (www.etracker.com) (for this see also Section 6 above). These data can be used to create pseudonymous user profiles. Cookies can be used to do this. The data collected with the etracker technologies are not used without the consent, to be separately given by the data subject, to personally identify the visitor of this website, and are not merged with the personal data of the person designated by the pseudonym. You can object at any time with effect for the future against the collection and storage of data. The privacy statement of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, is available at: www.etracker.com/datenschutz/.
If you wish to be entirely excluded from any data storage by etracker GmbH when you visit our websites, please follow this link.
13 Contact forms and inclusion in data processing programmes
We provide an email address on our website (firstname.lastname@example.org) which you can use to contact us. The data provided by you for this (e.g. name, address, telephone number, email address, etc.) are used by us for the purposes of the contact on the basis of Art. 6 (1) lit. a GDPR (secs. 4a BDSG, 13 para. 2 TMG).
We also use forms for you to register for our events or to provide our services to journalists. The data provided by you on the forms as well as any such data received by us from you by telephone are used to confirm your registration or, as the case may be, to carry out the event or perform the services, also on the basis of Art. 6 (1) lit. a GDPR (secs. 4a BDSG, 13 para. 2 TMG). The same applies to such data obtained by us in the course of registrations by telephone.
Additionally we collect the data of visitors who register for one of our events in a customer management system. In the customer management system, we also collect the data of journalists and authors who contact us in other ways (e.g. by email and/or telephone or in discussions at events) or whose contact data are publicly available. Likewise, we collect data here of the participants in the History Contest of the Federal President (Geschichtswettbewerb des Bundespräsidenten). Moreover, in a data processing software for publishing houses, we collect the data of persons who order our publications. These data are stored in order to facilitate the management of our relations with our visitors, the participants in contests, and other interested parties. The legal basis for this data processing is Art. 6 (1) lit. f GDPR (or, as the case may be, sec. 28 para. 1 sentence 1 no. 2 BDSG).
14 Transmission of data
To perform our services, including the despatch of books, flyers and brochures, we use contractually bound sister companies as well as outside undertakings and external service providers such as shipping providers. For these purposes we pass on data that we collect and use in connection with your use of this website, e.g. address data, for example in order to allow the shipment of books.
Information collected and used by us in connection with your use of this website may therefore also be processed by third parties under certain conditions, but only insofar as that is necessary for the purposes set out in this Privacy Statement or insofar as the third party acts as a service provider bound by instructions or as a contract data processor.
The parties mentioned in this clause, for example the shipping providers, are carefully selected and regularly checked by us in order to make sure that your privacy will be protected. They may use the data exclusively for the purposes specified by us. They are bound contractually to use your data exclusively in accordance with our instructions and in compliance with the applicable data protection laws.
Your personal data are disclosed to others only for the purpose of making available to you the website and the services offered through it. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR (sec. 28 para. 1 sentence 1 no. 1, 2 BDSG). Our legitimate interest in passing on the data is to make available to you the services offered on our website.
15 Other usage of data
Your personal data will generally be processed or used in any further manner only insofar as that is allowed by a legal provision or you have consented to such data processing or use.
In case of further processing for purposes other than those which the data were originally collected for, we will inform you prior to further processing about these other purposes and will give you the further relevant information.
16 Data erasure
Generally we delete or anonymise your personal data as soon as they are no longer needed for the purposes for which we collected or used them on the basis of the statements above. Specific statements above regarding the retention or deletion of personal data remain unaffected.
Except where this Privacy Statement contains any other deviating provisions regarding the storage of data, the data collected by us will be stored as long as necessary for the purposes stated above which they were collected for.
17 Amendments of this Privacy Statement
The further development of the Internet and of our online offers can have an effect also on the handling of personal data. We therefore reserve the right to change this Privacy Statement in the future within the framework of applicable data protection laws and to adjust it to any changing data processing realities. For this reason we advise you to visit our website from time to time in order to take note of any updates of our Privacy Statement.
18 Right to information
You have the right at any time to obtain information about your personal data stored by us. If you wish to be informed about the personal data concerning you stored by us, or have any other questions regarding data protection, please write to us (Körber Foundation, Kehrwieder 12, 20457 Hamburg) or send us an email (email@example.com).
19 Further rights of the data subjects
In your capacity as data subject, you have the following further rights against us:
Right to rectification of inaccurate personal data concerning you in accordance with Art. 16 GDPR;
Right to the erasure ("right to be forgotten") of the personal data concerning you without undue delay where one of the grounds set out in Art. 17 GDPR applies. These legal grounds apply, for example, if the personal data are no longer necessary in relation to the purposes for which they were collected / processed, if you withdraw your consent and there is no other legal ground for the processing, or if you object to the processing and there are no overriding grounds for the processing;
Right to restriction of processing in accordance with Art. 18 GDPR where one of the grounds set out in that provision applies. According to this provision, processing can be restricted if, for example, the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use, or if you object to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds override yours;
Right in accordance with Art. 21 GDPR to object to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR; this applies also to profiling based on those provisions. We then no longer process these personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;
Right to data portability in accordance with Art. 20 GDPR. This means that you have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller, e.g. a service provider, provided the processing is based on consent or on a contract and is carried out by automated means.
20 Right to complain to the competent supervisory authority
You have the right at any time to complain to a supervisory authority, in particular a supervisory authority in the member state in which your place of residence or your place of work is located or the breach presumably occurred, if you believe that the processing of the personal data concerning you violates any provisions of the GDPR or the BDSG.
The following data protection authority is responsible for the Körber Foundation:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Kurt-Schumacher-Allee 4, 20097 Hamburg
Tel.: 040 / 428 54 – 4040, email: firstname.lastname@example.org
Date of this Privacy Statement: 6 July 2018