Data Privacy

Thank you for visiting our website and for your interest in the Alfred Landecker Foundation and our activities.

The Alfred Landecker Foundation takes the protection of your personal data seriously and wants you to feel safe and comfortable on our website. In the following we would like to explain how we protect your data and what it means for you when you use our (online) services.

Our employees are bound to data secrecy in accordance with the EU Data Protection Basic Regulation (EU-GDPR) and are regularly trained in the areas of data protection and data security.

In principle, it is possible to visit our Internet pages without providing any personal data. However, if you wish to take advantage of special services which we make available on our Internet pages, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will obtain your consent before processing.

The processing of your personal data, for example your name, address, e-mail address or telephone number, is always carried out in compliance with the Basic Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as well as in accordance with the country-specific data protection regulations applicable to us. In this data protection declaration we inform you about the type, scope and purpose of the personal data processed by us during your visit on our Internet pages.

This is also accompanied by your rights as a data subject of the data protection processing, about which we would also like to inform you.

As the responsible body, we have implemented numerous technical and organisational measures in advance to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions (e.g. e-mail) can generally have security gaps, so that absolute protection cannot always be guaranteed. This is especially true if the transmissions take place outside our sphere of influence. For this reason, you are always free to transmit personal data to us by alternative means, for example by telephone, post or even in person.


Data protection specific terms

Our data protection declaration contains terms that are used by the European Directive and Regulation Giver when issuing the Data Protection Basic Regulation (GDPR).

Our data protection declaration should be comprehensible and understandable for you as a visitor to these Internet pages. To ensure this, we list below the definitions we use in accordance with the wording of Art. 4 GDPR: ​


1. Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject" or direct contact such as "you"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


2. Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.


3. Processing

Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


4. Restriction on processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.


5. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.


6. Responsible body / Controller

The responsible body or the controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, provision may be made for the controller to be designated in accordance with Union law or the law of the Member States, or for the criteria for designation.

7. Data processor

Data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

8. Data receiver

Data receiver is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union or national law, shall not be considered as recipients.


9. Third party

Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

10. Consent

Consent shall mean any freely given specific and informed expression of the data subject's will in an informed and unequivocal manner, in the form of a declaration or other unequivocal affirmative act taken on a voluntary basis by the data subject to signify his or her agreement to the processing of personal data relating to him or her.

Name and address of the controller

The responsible body within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature:

Alfred Landecker Foundation
Jägerstr. 51
10117 Berlin
Phone: 0151 16528347
e-mail: mail@alfredlandecker.org

Data Privacy Expert

The Alfred Landecker Foundation has appointed an external data privacy expert:

Sebastian Koye

datenschutzklinik
Tullastr. 89
79108 Freiburg
Tel.: 0761-76 99 25 50
E-Mail: datenschutz(at)datenschutzklinik.de
Web: www.datenschutzklinik.de

Cookies

We use cookies on our Internet pages. These are small text files that are stored on your computer system via an Internet browser (e.g. Firefox, Chrome, Safari, Edge, Internet Explorer, Opera). The following data, for example, are stored and transmitted within the cookies:

  • Entered search terms
  • Frequency of page views
  • Use of website functions

The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.
Usually these cookies contain a cookie ID. This is a unique identifier for the cookie and consists of a string of characters that can be used to associate Internet pages and servers with the Internet browser you are using in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by means of the unique cookie ID.

By using cookies, we can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be used to their full extent.


Description and scope of data processing via our website

When you visit our website, our system automatically collects a range of general data and information from the computer system of the calling computer. This general data and information is stored in the log files of the server:

  • used browser types and versions
  • the date and time of access to the website
  • an Internet Protocol (IP) address

When using this general data and information, we do not draw any conclusions about you as the person concerned. This information is rather required to

  • to deliver the contents of our website correctly
  • to optimise the contents of our website and the advertising for it
  • to guarantee the permanent functionality of our information technology systems and the technology of our website
  • to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack

Purpose of the data processing

This anonymously collected data and information is therefore evaluated by us on the one hand statistically and on the other hand with the aim of increasing data protection and information security in our foundation in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data of the persons concerned.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Therefore there is no possibility of objection on the part of the user.

Duration of storage or deletion and blocking of personal data

We will only store your personal data for as long as it is necessary for the purpose of storage or as long as this is permitted by the European Directives and Regulations or a country-specific legislator in laws or regulations to which we are subject.

If the purpose of storage ceases to apply or if a storage period prescribed above expires, your personal data will be blocked or deleted in accordance with the statutory provisions.


Contact possibility via the Internet site

On our website, you will find a contact form that allows you to quickly contact our company electronically and communicate with us directly. For this purpose, we use a general e-mail address to which several internally assigned persons have access.

If a person concerned contacts us by e-mail or via a contact form, the personal data transmitted by the person concerned is automatically stored. Such personal data transmitted on a voluntary basis from a data subject to the data controller are stored for the purposes of processing or contacting the data subject. This personal data will not be disclosed to third parties.


SSL encryption

We use SSL encryption on our Internet pages to protect your transmitted data (e.g. via the contact form) from unauthorised access by third parties in transit. Such a secure connection can be recognized by the prefix "https://" in the URL of your address line, e.g:

https://www. alfredlandecker.org
For unencrypted ones, the prefix looks like this: http://

Deletion and blocking of personal data

We will only store your personal data for as long as it is necessary for the purpose of storage or as long as this is permitted by the European Directives and Regulations or a country-specific legislator in laws or regulations to which we are subject.

If the purpose of storage ceases to apply or if a storage period prescribed above expires, your personal data will be blocked or deleted in accordance with the statutory provisions.

Rights of the data subject

Right to information (Art. 15 GDPR)

You have the right to receive free information from us at any time about whether we store personal data about you.

Should this be the case, you have the right to the following information:

the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular, in the case of recipients in third countries or international organisations, if possible, the envisaged duration for which the personal data will be kept or, if that is not possible, the criteria for determining that duration the existence of a right to rectify or erase personal data relating to him or her or to limit processing by us or to object to such processing the existence of a right of appeal to a supervisory authority if the personal data are not collected from the data subject: all available information on the origin of the data the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR, and, in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

If you would like to assert your right to information, you are welcome to contact our data privacy expert at datenschutz(at)datenschutzklinik.de at any time .

Right of rectification (Art. 16 GDPR)

You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, also by means of a supplementary declaration, taking into account the purposes of the processing. ​

If you wish to execute your right of rectification, you can always contact one of our employees.

Right of deletion (Art. 17 GDPR)

You have the right to demand that we immediately delete personal data concerning you, if one of the following reasons applies and if the processing is not required by other legal regulations:

  • If one of the above reasons applies and you wish to have personal data stored by us deleted, you can contact one of our employees at any time at mail@alfredlandecker.org

  • If the personal data have been made public by us and if our foundation as the responsible body is obliged to delete the personal data in accordance with Art. 17 (1) GDPR, we will take reasonable measures, taking into account the technical possibilities available and the implementation costs, to inform other responsible persons (e.g. processors) who process your published personal data that you have requested these other responsible persons to delete your personal data, copies thereof or to have them deleted. This will be done unless the processing is required by other legal provisions.
  • Your personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
  • You revoke your consent on which the processing was based pursuant to Art. 6 (1) lit. a) GDPR or Art. 9 (2) lit. a) GDPR and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no legitimate reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
  • Your personal data were processed unlawfully.
  • Deletion of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject as a responsible party.
  • The personal data was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

If you wish to claim your right to deletion, you can contact one of our employees at any time.

Right to restrict processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the following conditions is met:

  • One of the above-mentioned conditions applies and you request the restriction of personal data stored with us.
  • The accuracy of the personal data is disputed by you, for a period of time that allows us as the responsible body to verify the accuracy of the personal data.
  • The processing is unlawful, you refuse to have your personal data deleted and instead demand that the use of your personal data be restricted.
  • We no longer need the personal data for the purposes of processing, but you do need your personal data for the assertion, execute or defence of legal claims and want to prevent deletion, for example.
  • You have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons given by us as the responsible body outweigh those given by you as the data subject.

If you wish to execute your right to limit processing, you can contact one of our employees at any time.

Right to data transferability (Art. 20 GDPR)

You have the right to receive personal data in a structured, common and machine-readable format relating to you which you have provided to us.

You also have the right to have these data communicated to another controller without hindrance by us, provided that the processing is based on the consent pursuant to Art. 6 (1) lit. a) GDPR or Art. 9 (2) lit. a) GDPR or on a contract pursuant to Art. 6 (1) lit. b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the execute of official authority vested in the controller.

Furthermore, you have the right to let your personal data transferred in accordance with Art. 20 (1) GDPR directly from us to another responsible party without hindrance or disadvantage, as far as this is technically feasible and it is secured this does not affect the rights and freedoms of other persons.

If you wish to execute your right to data transmission, you can contact one of our employees at any time.

Right of objection (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6 (1) lit. e) or f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, execute or defend legal claims.

If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Furthermore, you have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To execute your right of objection, you can contact one of our employees directly. You are also free to execute your right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving technical specifications.


Right to revoke a data protection consent (Art. 7 (3) GDPR)

You have the right to revoke your consent to the processing of your personal data at any time.

If you wish to execute your right to revoke your consent, you can contact one of our employees at any time.

Right of appeal to the responsible supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to submit a complaint to a supervisory authority, in particular in the Member State in which you are resident or in which you work or in which the alleged infringement occurred, if you consider that the processing of personal data relating to you is being carried out in breach of this Regulation.

Application and use of Google Analytics (with anonymization function)

We have integrated the component Google Analytics (with anonymization function) on our website. Google Analytics is a web analysis service for collecting, collecting and evaluating data on the behaviour of visitors to websites. Among other things, data is collected about which website you came to our website from (so-called referrers), which sub-pages you access or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize our Internet pages and for cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of your Internet connection from which you visit us is shortened and anonymised by Google if our Internet pages are accessed from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is the analysis of visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website in order to compile online reports for us which show the activities on our website and to provide further services in connection with the use of our website.

Google Analytics sets a cookie on your information technology system to enable the analysis of the use of our website. Each time you call up one of the individual pages of this website, which is operated by us and on which a Google Analytics component has been integrated, the Internet browser on your information technology system (e.g. PC, tablet, smartphone) is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. Within the scope of this technical process, Google receives knowledge of personal data such as your IP address or browser fingerprint, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.

Cookies are used to store personal information about you, such as the time of access, the location from which access was made and the frequency of visits to our website. Whenever you visit our website, this personal data, including the IP address of the Internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties. However, we have no influence on this.

You can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting in your Internet browser and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via settings in your respective internet browser or by other software programs.

Furthermore, you have the opportunity to object to the collection of data generated by Google Analytics and relating to the use of our website and the processing of this data by Google, and to prevent such collection. For this purpose, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If you delete, reformat or reinstall your information technology system at a later date, you will have to install the Browser Add-On again to deactivate Google Analytics. If the Browser Add-On is uninstalled or deactivated by you or another person within your sphere of control, you have the option of reinstalling or re-activating the Browser Add-On.

You will find the privacy policy for Google Analytics under the following links:
https://www.google.de/intl/de/...;
http://www.google.com/analytics/terms/de.html

Google Analytics is explained in more detail under this link: https://www.google.com/intl/de...;

Integration of Vimeo videos

On our website, we integrate the videos of the platform "Vimeo" of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.

The privacy policy for Vimeo can be found under this link: https://vimeo.com/privacy.&nbs...;

We would also like to point out that Vimeo can use Google Analytics and refer you to the Google data protection declaration: https://www.google.com/policies/privacy.

Opt-out options for Google Analytics can be found under this link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can change Google's settings for the use of data for marketing purposes by clicking on the following link: https://adssettings.google.com/

Integration of YouTube videos

On our website we integrate "YouTube" videos provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is done according to the legitimate interest of our company pursuant to Art. 6 (1) lit. f) GDPA, in order to bring you closer to the goals and narratives of our foundation by means of the published videos.Therefore we use YouTubes extended data protection mode. Thus, when you call up our web pages with embedded videos, no data is transmitted as long as the videos are not played. When a video is started, a connection to the DoubleClick network of Google is established and the fingerprint of your browser, as well as information about the pages you have visited on our site, and the IP address of your Internet connection from which you visit our pages, are transmitted and stored.Furthermore, cookies with a retention period of several years are also stored on your system in this process in order to record statistical information about video viewing, improve the user experience and prevent abuse. You can manually delete these cookies from your internet browser's memory.If you are logged into your YouTube account, Google will associate the mentioned information with your profile. If you do not wish to do so, please log out of your YouTube account before using our internet pages.

The privacy policy for the YouTube platform can be found under the following link: https://www.google.com/policies/privacy/

You can find the opt-out option here:https://adssettings.google.com/authenticated.

Social Media (Twitter & LinkedIn)

The Alfred Landecker Foundation uses social media share functions on its website. These allow you to share content and images with other people on Twitter and Linkedln. We make sure that your user data is only transferred when this is desired. Therefore we have decided to use a so-called 2-click-solution.

For more information on the privacy policies of the individual providers, please refer to the privacy statements of Twitter and LinkedIn.

Zoom & Microsoft Teams usage

In the context of online communication we use the video conferencing solutions of Zoom and Microsoft Teams. The legal basis for the processing of data according to the usage of these two platforms is Art. 6 para. 1 lit. b) GDPR. We use Zoom and Microsoft Teams to provide contractual or pre-contractual services in the context of communication with foundation partners, funding partners or other institutions that are connected to the foundation on a contractual basis. In addition to conducting video conferences, this also includes the post-processing of participant data for the summary of conference results.

If personal data is not required in connection with the usage of Zoom or Microsoft Teams for establishing, implementing or terminating contractual relationships in the context of e.g. funding partnerships, but is nevertheless an elementary component in the use of Zoom or Microsoft Teams, Art. 6 para. 1 lit. f) GDPR is the legal basis for the data processing. In these cases, our interest is in the effective conduct of online meetings. The appropriate level of data protection at Zoom Video Communications, Inc. and Microsoft Corporation is guaranteed by the following measures:

  • We have concluded a data processing agreement with Zoom that complies with the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed on the one hand by EU standard contractual clauses that we have concluded with Zoom. As additional protective measures, we have also configured our Zoom system in the way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct online meetings. Further information on zoom's data protection can be found here: https://zoom.us/gdpr
  • An order processing agreement has been concluded with Microsoft Corporation, which complies with the requirements of Art. 28 GDPR. An appropriate level of data protection is guaranteed on the one hand by EU standard contractual clauses that we have concluded with Microsoft. As additional protective measures, we have also configured our Microsoft system in such a way that only data centers in the EU and the EEA are used for online meetings. Furthermore, Microsoft has agreed to extended measures, as well as corresponding penalties in the event of violations, which guarantee an appropriate level of protection. Further information on the data protection of Microsoft Teams can be found here: https://www.microsoft.com/trust-center/privacy/gdpr-overview

Integration of Google Fonts

On our website we integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is done in the context of the legitimate interest of our foundation in accordance with Art. 6 (1) lit. f) GDPR, in order to be able to guarantee better findability, faster loading times and a uniform presentation of our Internet pages across devices by means of optimised search engine entries.

We use the fonts in offline mode. This means that they are installed on the web server on which our website is hosted and therefore no personal data is transferred from you to Google.

The privacy policy for Google Fonts can be found under the following link: https://www.google.com/policies/privacy/,

You can find the possibility to opt out here: https://adssettings.google.com/authenticated.


Integrating Google Maps

On our website we also integrate maps provided by the Google Maps service.

The Google Maps service is provided by Google LLC

Contact details: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

The data processed by Google Maps can include, specifically, IP addresses and user locations. These data are not however collected without the user’s consent – which is usually provided via settings on your mobile device. This data can be processed in the USA.

You can find the Google Maps privacy policy via the following link: https://www.google.com/policies/privacy/

For opt-out options, please see the following link: https://adssettings.google.com/authenticated

Use of newsletters

By subscribing to our newsletter, you agree to receive it and to the following procedures for sending the newsletter. The following data is collected during the registration process:

  • IP address of the user
  • Date and time of registration
  • E-mail address
  • Title
  • First name
  • Last name
  • Organization
  • Function

During the registration process, the user's consent to the processing of this data is obtained.

We send e-mails with advertising content (hereinafter referred to as "Newsletter") only with the consent of the recipient, which he or she has given by recorded consent or a legal permission. If, in the course of registering for the newsletter, its contents are specifically described, they are decisive for the consent of the user. Furthermore, our newsletters contain information about our activities and us.


The registration to our newsletter is done in a double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the shipping service provider are also logged.


Registration data: To subscribe to the newsletter, you only need to enter your e-mail address. Optionally, we ask you to enter your name in the newsletter for personal contact.

The dispatch of the newsletter and the associated measurement of success is based on the consent of the recipient in accordance with Art. 6 (1) lit. a), Art. 7 GDPR in conjunction with § 7 (2) No. 3 UWG or on the basis of the legal permission according to § 7 (3) UWG.


The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f) GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves our business interests, meets the expectations of the users and also allows us to provide proof of consent.


You can withdraw your consent to receive our newsletter at any time in writing, by telephone or by e-mail. You will find the link to unsubscribe from the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.

Personal data within the application procedure

If you send us an application, we process your personal data for the purpose of handling the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a web form on the website. If an employment contract is concluded with an applicant, the data transmitted will be stored in compliance with the statutory provisions for the purpose of processing the employment relationship.

If no contract of employment is concluded with the applicant, the application file shall be deleted six months after notification of the rejection decision, unless deletion would be contrary to any other legitimate interests of the controller. Other legitimate interests in this sense are, for example, the retention of documents for the purpose of the duty of proof in proceedings under the General Equal Treatment Act (AGG).

General legal basis for the processing

The following legal bases, which allow us to process personal data, may apply, unless we have explicitly mentioned them in the preceding paragraphs:

  • for processing operations for which we obtain consent for a specific processing purpose, we use Art. 6 (1) lit. a) GDPR as the legal basis.

  • If the processing of personal data is necessary for the performance of a contract to which you are a party (e.g. as a funding partner), the legal basis for the processing is based on Art. 6 (1) lit. b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.
  • If our foundation is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, the processing is governed by Art. 6 (1) lit. c) GDPR.
  • In rare cases, the processing of personal data might be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our foundation were to be injured and his or her name, age, health insurance details or other vital information would then have to be disclosed to a doctor, hospital or other third party. In this case, the processing would be carried out on the basis of Art. 6 (1) lit. d) GDPR.
  • Furthermore, processing operations may be necessary to protect a legitimate interest of our company or of a third party, provided that your interests, fundamental rights and freedoms do not prevail. A legitimate interest of our company could be assumed if you as a data subject are our customer (see also recital 47 sentence 2 GDPR). Thus, the processing is carried out on the basis of Art. 6 I lit. f) GDPR. Such a legitimate interest is, for example, the continuation of our activities for the benefit of the welfare of all our employees.

Duration for which the personal data are stored

The criterion for the duration of storage of personal data is the respective legal retention period. Two common regulations are listed below as examples:

  • 6 years according to § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.)

  • 10 years according to § 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.)

After expiry of the deadline, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract.

If there are no retention periods or other legal regulations governing the storage of your personal data, they will be deleted or blocked as soon as the purpose of the processing is fulfilled

Legal or contractual provisions making the personal data available; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

We would also like to inform you that the provision of personal data may be required by law (e.g. tax regulations) or may result from contractual arrangements (e.g. information on the contractual partner).

Sometimes it may be necessary for the conclusion of a contract that you, as the person concerned, provide us as the responsible party with data which must subsequently be processed by us. For example, you are obliged to provide us with personal data if our foundation concludes a contract with you. Failure to provide us with personal data would mean that the contract with you could not be concluded.

Before you provide personal data, you must contact one of our employees. He or she will inform you on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the consequences would be if you did not provide the personal data.

Explore what we do

Remember the Holocaust

Fight antisemitism

Strengthen democracy