1. General information about the collection of personal data
1.1 Protecting your privacy when using our websites is important to us. Accordingly, we use your personal information in accordance with the statutory provisions on data protection. Personal data means all data relating to you personally, e.g. your name, address, email address or user behaviour. In the following, we inform you about how we deal with your personal data.
1.2 The person responsible pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is the Else Kröner-Fresenius-Stiftung, Am Pilgerrain 15, 61352 Bad Homburg v.d.Höhe, Germany. Our data protection officer can be contacted at Datenschutz_EKFS@spie.com or at our postal address with the addition of “f.a.o. Data Protection Officer”.
1.3 Else Kröner-Fresenius-Stiftung takes the protection of the privacy of children very seriously. We do not intentionally collect personal information on children under the age of 16 via our websites. If you are under 16 years of age, please ask for the permission of a parent or guardian before you provide personal information to Else Kröner-Fresenius-Stiftung.
2. Collection of personal data when visiting our website
2.1 In principle, you can visit our website without telling us who you are. As is the case with almost all websites, the server on which our sites are located (hereinafter “web server”) automatically collects information about you when you visit our website. This data is technically necessary for us and ensures the stability and security of the website.
We anonymously evaluate these server logs regularly for statistical purposes, so that we can determine how our websites are used. Based on these findings we optimise our website.
We may also use this information in the event of system misuse, in cooperation with your Internet provider and/or local authorities to determine the party responsible of such misuse.
The web server logs will be deleted automatically after 60 days.
2.2 In addition to the aforementioned data, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in association with the browser you are using and by which the body which sets the cookie (in this case, us), transmits certain information. Cookies cannot run programmes or deliver viruses to your computer. They serve to make our website more user-friendly and efficient overall. The legal basis for processing is Art. 6 (1) p. 1f GDPR for the protection of our legitimate interest in the smooth functioning of the website.
Most of the cookies we use are session cookies, which are required to keep your visit consistent i.e. to ensure, for example, that your data is retained during the session. These session cookies shall be automatically deleted when the session ends. You have the option to accept or decline cookies. Most Web browsers automatically accept cookies. However, you can usually adjust your browser settings to decline cookies. If cookies are declined, this may restrict your usage of some features of the website. If cookies are accepted, you can delete these cookies later on. If you delete cookies, any settings that are controlled by those cookies, including advertising settings, will be deleted and may no longer be recoverable.
2.3 Third-party cookies on our websites
We allow third parties to place cookies on your computer via these websites.
2.3.1 This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the member states of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator.
The IP address transmitted by your browser as part of Google Analytics is not conflated with other Google data.
You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics we obtain enable us to improve our website and make it more interesting for you as a user. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, for exceptional cases in which personal data is transferred to the USA. The legal basis for the use of Google Analytics is Art. 6 (1) p. 1 lit. f GDPR.
Information about the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and conditions: http://www.google.com/analytics/terms/de.html, overview on data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and Data protection declaration: http://www.google.de/intl/de/policies/privacy.
2.3.2 Inclusion of YouTube videos
We have included YouTube videos on our website, which are stored on http://www.YouTube.com and can be played directly from our website. [These are all integrated in the "Extended Privacy Mode", i.e. no data about you as the user will be transferred to YouTube if you do not play the videos. The data referred to in paragraph 2 will only be transferred when you play the videos. We have no influence on this data transfer.]
When you visit this website, YouTube receives the information that you have accessed the corresponding subpage of our website. The data referred to under section 2 of this declaration will also be transferred. This happens regardless of whether YouTube provides a user account via which you are logged in or if there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your profile to be used by YouTube, you must log out before clicking the button. YouTube stores your data as usage profiles and uses it for advertising and market research purposes, and/or for the needs-based design of its website. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customized advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles; however, you must contact YouTube to exercise this right.
You will find further information on the purpose and scope of data collection and how it is processed by YouTube in YouTube’s data protection declaration This declaration also contains further information on your rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2.4 Contacting us
When you contact us by e-mail, the data you provide (your e-mail address, and, if applicable, your name and your telephone number) will be stored by us in order to answer your questions. We shall delete the any data collected in this context once storage is no longer required, or shall limit the processing of this data, where there are statutory retention obligations.
2.5 Funding by the Foundation
In order to process funding and carry out the upstream funding application review, we shall require personal data (your name, address, e-mail address, company and private contact details, position, function, date of birth, gender, employment history, letter of recommendation, account details). Processing of your personal data is essentially based on Art. 6 (1) (b) GDPR, since it is not possible to review the funding application or process the funding itself without your details. Furthermore, there may be a legitimate interest on our side to implement accompanying communication measures or marketing campaigns on the basis of Art. 6 (1) (f) GDPR, provided that it is not necessary to obtain your consent for this purpose.
Insofar as the provision of your personal data is necessary for the funding by us, you shall generally be obliged to provide us with your personal data. Should you decide not to provide us with your personal data, we shall be unable to initiate funding with you or continue any funding.
There will be no automated decision-making that is exclusively based on automated processing, including profiling, and that has a legal effect or compromises you in a similar manner.
We shall store your personal data for the duration of any funding relationship with you. After the funding relationship has ended, your data shall generally be stored for a further 10 years, provided that this is not precluded by any statutory retention periods ,or to the extent that you do not request the erasure of your data. Please note that your right to the erasure of data may be restricted by statutory retention obligations that we are required to adhere to.
We shall only pass on your personal data to agencies that require your data to fulfill our responsibilities. We may require the assistance of certain service providers for this.
Else Kröner-Fresenius-Stiftung shall mainly process your personal data within Germany. Due to the Foundation’s funding activities, we may transfer your personal data within the EU and to the USA and other countries where the data protection laws may potentially be less comprehensive than those in the EU. Access to your personal data in such cases shall be restricted to natural persons who require this data for the purposes described in this data protection guideline. As a general rule, your data shall be passed on to third countries only at an appropriate level of data protection and taking appropriate protective measures.
EKFS also uses various IT service providers. Therefore, it cannot be excluded that personal data may be transferred within the EU and to the USA and other countries where the data protection laws may potentially be less comprehensive than those in the EU. Access to your personal data will be limited to natural persons who need to know this data for the purposes described in this data protection information. As a general rule, your data shall be passed on to third countries only taking appropriate protective measures.
3. Your rights
In accordance with the provisions of the GDPR, you may assert the following rights against us:
- Right of access by the data subject
- Right to rectification
- Right to restriction of processing
- Right to erasure/right to be forgotten
- Right to data portability
- Right to object
To the extent that processing of your personal data is based on your consent, you shall have the right to withdraw your consent at any time, with effect for the future. The lawfulness of any processing based on your consent up until withdrawal of consent shall remain unaffected.
Should you wish to assert one of your rights as listed above, you may contact us at any time: Else Kröner-Fresenius-Stiftung, Am Pilgerrain 15, 61352 Bad Homburg v.d.Höhe.
If you believe that we are processing your personal data in an unlawful manner, please contact us at Datenschutz_EKFS@spie.com or at our postal address, adding “f.a.o. Data Protection Officer”.
You also have the right to contact the data protection authority. The responsible data protection authority is:
Der Hessische Beauftragte für den Datenschutz und die Informationsfreiheit (Hesse Data Protection Commissioner)
4. Security measures
To the extent that we disclose data to service providers within the scope of the above-described services, these service providers shall, in addition to the mandatory legal requirements, also be bound by contractual specifications with us pertaining to the issue of data protection
We implement security measures, which we continuously optimise in line with technical and legal development, in order to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized third parties as far as possible.
5. Links to other websites
Our web pages may also contain links to other websites. This data protection declaration does not extend to other providers.
We have no influence over whether the operators of such websites comply with the data protection requirements, and we therefore assume no responsibility for the correctness, up-to-dateness or completeness of the information provided on these sites.
The fast-paced development of the internet makes it necessary to amend our data protection regulations from time to time. You will be informed of any changes at this point.
Version: October 2019