of the Dr. Hans Riegel Foundation
Thank you for your interest in our website.
The protection of your personal data (hereinafter also "data" in short) is a matter of great importance and concern to us. Therefore, we would like to inform you down below in detail about the data that are collected when you visit our website and use its content and how these data will then be processed or used. We would also like to inform you about the technical and organizational protective measures we have taken. Please note that this Privacy Policy may be updated from time to time due to the implementation of new techniques and/or legislative changes. We will bring this to your attention in a suitable manner. Naturally, we will always take your interests into account in an appropriate manner with regard to all changes.
Please take note of our separate privacy statement at www.hans-riegel-fachpreise.com/datenschutz
The controller of the website www.hans-riegel-stiftung.com as per Article 4 (7) of the EU General Data Protection Regulation (GDPR) is the
Dr. Hans Riegel Foundation
(Foundation under civil law)
Joseph-Beuys-Allee 14
D-53113 Bonn
Germany
Telephone: 0049 (0) 228 227 447 0
Telefax: 0049 (0) 228 227 447 24
E-Mail: info(at)hans-riegel-stiftung.com
This foundation is represented by the Board of Directors with the following members:
• Dr. Reinhard Schneider (sole authorization, section 12 (3) StiftG NRW)
• Marco Alfter (sole authorization, section 12 (3) StiftG NRW)
• Prof. Ingeborg Henzler (sole authorization, section 12 (3) StiftG NRW)
If you have any questions or comments about this privacy statement or about data protection in general, please send an email to info(at)hans-riegel-stiftung.com or contact the address mentioned above by post. For further details, please see the information in our Legal Notice.
Where the legal basis is not specified in the Privacy Statement, the following applies:
• To the extent we obtain the consent of the data subject for the processing activities, the legal basis is Article 6 (1) s. 1 lit. (a) of the EU General Data Processing Regulation (GDPR).
• Article 6 (1) s. 1 lit. (b) of the GDPR is the legal basis for the processing of personal data necessary for the performance of a contract. This also applies to processing activities necessary to take steps prior to entering into a contract.
• To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our organization is subject, the legal basis is Article 6 (1) s. 1 lit. (c) of the GDPR.
• In case the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6 (1) s. 1 lit. (d) of the GDPR.
• If the processing is necessary for the purposes of the legitimate interests pursued by our organization or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for the processing is Article 6 (1) s. 1 lit. (f) of the GDPR.
We erase or restrict the processing of the data we process in accordance with the legal provisions, in particular in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated in this privacy statement, we erase data we hold as soon as they are no longer required for their intended purpose. The data will only be retained after their purpose has ended if they are required for other and legally permissible purposes or if the data must be kept for a longer period due to legal retention periods. In these cases, the processing will be restricted, i.e. it will be blocked and the data will not be processed for any other purposes.
It is generally not necessary to actively provide personal data to use our website for information purposes. In this case, we collect and use only the data transmitted to us automatically by your web browser. These data include:
• date and time of access to one of our webpages;
• your browser type;
• the browser settings;
• the operating system used;
• the last page you visited;
• the data volume transferred and the access status (file transferred, file not found, etc.); and
• your IP address
The data will be stored on our servers. The data will not be stored together with any other data than the personal data specified above. The IP address must be saved temporarily by the system in order to be able to deliver the website to your computer. We only store your IP address in an anonymous form, i.e. we truncate your IP address by three digits. We do not analyze the data on a person-related basis, particularly not for marketing purposes.
The processing of the aforementioned data is absolutely necessary for the provision of a website for technical reasons according to Article 6 (1) s. 1 lit. (b) of the GDPR in order to be able to correctly display our website. To defend ourselves against threats and for our own IT security as well as to ensure evidence of any possible attacks, we store log files with your anonymized IP address for a period of 60 days. The legal basis for this is Article 6 (1) s. 1 lit. (f) of the GDPR.
When you contact us via the contact form, e-mail, or telephone for purely informational inquiries, your data will be processed, depending on the content of your inquiry, based on your (presumed) consent according to Article 6 (1) s. 1 lit. (a) of the GDPR or according to Article 6 (1) s. 1 lit. (b) of the GDPR if the contact is related to obligations to perform a contract or obligations prior to entering a contract. In each case, you agree that we contact you to reply to your inquiry, provided that you have not previously withdrawn your consent. In order for you to contact us using our contact form, we require your e-mail address as well as your name to be able to address you personally and to assign your inquiry. Any additional information provided in your inquiry is voluntary, i.e. it is based on your consent. Once your contact requests have been processed and completed, they will immediately be deleted from our active systems, unless legal permissions (particularly your consent, which may be withdrawn at any time) or retention requirements allow or require a further retention.
For some of the processing of your data, we use external service providers who are bound by our instructions. We carefully select and engage these external service providers and we regularly monitor them. The engagement is based on processing agreements with the processors according to Article 28 of the GDPR. The processors do not carry out any independent processing for their own purposes.
To operate this website, we use a hosting provider who processes user data, contact data, utilization data, as well as meta and communication data of the visitors of this website on our behalf based on our legitimate interest in an efficient and secure delivery of this website according to Article 6 (1) s. 1 lit. (f) and Article 28 of the GDPR.
You can exercise the following rights in relation to the controller of the data processing in accordance with the legal provisions free of charge:
• Right of access (Article 15 GDPR);
• Right to rectification or erasure (Article 16 and Article 17 GDPR);
• Right to restriction of processing (Article 18 GDPR);
• Right to data portability (Article 20 GDPR);
• Right to object to the processing (Article 21 GDPR);
In addition, you have the right to lodge a complaint with a supervisory authority about the controller's processing of your personal data.
Our website uses cookies technology. Cookies are small text files that our web server sends to your browser when you visit our websites. They are stored on your computer for later retrieval. You can determine yourself whether cookies may be placed or retrieved through your browser settings. For example, you can completely disable the saving of cookies in your browser, restrict it to specific websites, or configure your browser to notify you automatically as soon as a cookie is to be placed and to request your confirmation. You can delete cookies at any time in your browser's security settings. Please note, however, that this can affect the display quality of our website content.
Unless specified otherwise, the legal basis for our use of cookies is Article 6 (1) s. 1 lit. (f) of the GDPR.
Third-party Cookies and Implemented Third-party Content
You can configure your browser settings as you like, for example to reject the acceptance of third-party cookies or all cookies. Unless specified otherwise, the legal basis for the use of third-party content and third-party cookies is Article 6 (1) s. 1 lit. (f) of the GDPR (interest in the analysis, optimization, and efficient operation of our website).
1. Scope of the Processing of Personal Data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyze our users' browsing behavior. The software places a cookie on the users' computer (for information on cookies, see above). When individual pages of our website are accessed, the following data are saved:
(1) Two bytes of the IP address of the user's calling system
(2) The accessed website
(3) The website from which the user reaches the accessed website (referrer)
(4) The subpages visited from the accessed website
(5) The time spent on the website
(6) The frequency of access to the website
In this process, the software runs exclusively on the servers of our website. Personal data of users are only stored on these servers. The data are not shared with third parties. The software is set to not save your complete IP address and to mask 2 bytes of the IP address (e.g.: 192.168.xxx.xxx). This way it is no longer possible to associate the truncated IP address to the calling computer.
2. Legal Basis for the Processing of Personal Data
The legal basis for the processing of the users’ personal data is Article 6 (1) lit. (f) of the GDPR.
3. Purpose of the Data Processing
The processing of the users' personal data allows us to analyze the browsing behavior of our users. The analysis of the obtained data enables us to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Our legitimate interest in the processing of personal data according to Article 6 (1) lit. (f) of the GDPR is also based on these purposes. The users' interest in the protection of their personal data is duly taken into account through the anonymization of the IP address.
4. Duration of Retention
The data will be erased as soon as they are no longer needed for the purposes for which they were recorded.
They are erased after 4 weeks.
5. Objection and Removal Options
Cookies are stored on the user's computer and sent to our website from there. That is why you as a user have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you might not be able to fully use all functions of our website.
We offer our users the possibility of opting out of the analysis procedure on our website. To do this, you have to follow the corresponding link. This places another cookie on your system that signals our system to not save the data of the user. If the user deletes the corresponding cookie from his own system at some point, he or she will have to reinstall the opt-out cookie.
For more information about the privacy settings of the Matomo software, please follow the link https://matomo.org/docs/privacy/.
1. Google Maps
Our website uses Google Maps. This service is provided by its operator Google LLC ("Google"), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps makes it possible for us to display interactive maps on our website.
When you visit our website, Google receives the information that you called up the corresponding subpage of our website. This is independent of whether Google provides a user account in which you are logged in or there is no user account. When you are logged in at Google, your data are directly associated with your account. Google saves your data as user profiles and uses them for the purposes of advertising, market research, and/or the needs-oriented design of their website. Such an analysis is carried out (even for users who are not logged in) particularly to serve needs-oriented ads and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you have to contact Google.
For further information about the purpose and scope of the plug-in provider’s data collection and processing, please refer to the privacy statements of the provider. There you will also find further information about your associated rights and the settings options for the protection of your privacy: https://policies.google.com/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2. YouTube Videos
We embed videos from the "YouTube" platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit one of our pages equipped with the YouTube plug-in, a connection to the YouTube servers is established. In the process, the YouTube server is informed about which pages of ours you have visited.
When you are logged in to your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You may be able to prevent this by logging out of your YouTube account.
Google is certified under the Privacy Shield agreement, thus offering a safeguard to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When YouTube videos are used, Google uses cookies to collect information about visitors, for example to gather viewing statistics. A cookie is also used to establish a connection with Google's DoubleClick network to display ads that are as relevant as possible. In the process, Google records which ads were shown to you and which of these you clicked on. The use of the DoubleClick cookie allows Google and its advertising network to serve ads based on previous website (or app) visits. Google sends the information generated by the cookies to a Google server for analysis and saves them there. You can prevent the cookies described in this section from collecting data and therefore also the use of the data related to this website and Google's processing of data by downloading and installing the available browser plug-in at: https://tools.google.com/dlpage/gaoptout?hl=en.
For further information about Google's use of data as well as settings and objection options, please refer to Google’s websites at https://policies.google.com/technologies/partner-sites as well as at http://www.google.com/policies/technologies/ads and https://adssettings.google.com/authenticated.
For Google's privacy policy, please visit https://www.google.com/policies/privacy/.
3. Implemented Fonts from MyFonts.com
On this website, we embedded certain fonts to be displayed that are provided by MyFonts.com (offered by Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, MA 01801 USA). When you view a page, your browser loads these fonts from our server. In this process, your IP address including the URL (Internet address) of our webpage you visited is sent to a sever of the company Monotype. This is mandatory under licensing law for billing purposes with the provider of the fonts. The legal basis for the transmission of your data to the Monotype servers is Article 6 (1) s. 1 lit. (f) of the GDPR (interest in the analysis, optimization, and efficient operation of our website).
For more information, please visit: https://www.monotype.com/legal/privacy-policy
4. Cloudfare Content Delivery Network (CDN)
We use a so-called content delivery network (CDN) provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. A CDN is a service that helps deliver our website content in a more efficient way using connected servers spread out over a region. The processing of the users' data is carried out solely for the aforementioned purposes and to maintain the security and functionality of the CDN.
The use is based on our legitimate interests, i.e. the interest in a secure and efficient delivery, analysis, and optimization of our website content according to Article 6 (1) lit. (f) of the GDPR.
Cloudfare is certified under the Privacy Shield agreement, thus offering a safeguard to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
For more information, please refer to Cloudfare's privacy policy at https://www.cloudflare.com/security-policy.
1. Plug-ins
Our website uses so-called social plug-ins ("plug-ins"). To protect your data when implementing social plug-ins, we rely on the "Shariff" solution. This displays the plug-ins on the website merely as graphics that include a link to the corresponding website of the plug-in provider. Therefore, when you click on the graphic you will be redirected to the respective services of the provider. This means that if you visit our website without clicking on the buttons, no personal data will be sent to the plug-in provider for the time being. The legal basis for the use of social plug-ins with the Shariff solution is Article 6 (1) lit. (f) of the GDPR.
We have no control over the collected data and the data processing activities, and we do not know the full scope of the data collection, the processing purposes, and the retention periods. We do not have any information about the erasure of the collected data by the plug-in provider. Please note that the plug-in provider can save the data collected about you and use these for advertising purposes. Such an analysis is carried out (even for users who are not logged in) particularly to display needs-oriented ads and to inform other users of the social network about your activities on our website.
For further information about the purpose and scope of the data collection and processing carried out by these plug-in providers, please refer to the provider's respective privacy statements listed below. There you will also find more information about your associated rights and the settings options for the protection of your privacy.
http://www.facebook.com/about/privacy/your-info-on-other#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
b. Google+, offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For more information about Google's use of data as well as settings and objection options, please refer to Google's privacy policy at https://policies.google.com/technologies/ads and at https://adssettings.google.com/authenticated.
c. Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. For Instagram' privacy policy, please visit http://instagram.com/about/legal/privacy/.
All operators listed here are certified under the Privacy Shield agreement, thus offering a safeguard to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
2. Links to Our Profiles
In addition, we maintain a presence on social media to be able to communicate with and inform visitors there. When you visit the individual network, the conditions of the operators apply. Where we provide links on these sites to our profiles, these are merely statistical links. If you are logged in on the linked platforms as a member, the respective providers can associate visits to our profiles with your user profiles there when you click on links/buttons. The same may apply when you log in there at a later moment using the same IP address.
We also take technical and organizational security measures to protect the data produced or collected, particularly against accidental or intentional manipulation, loss, destruction, or against access by unauthorized persons. We continuously improve our security measures in accordance with the technological developments.
Updated: May 24, 2018