Data protection statement for using our website

(Last updated June 2019)

Below, we have provided you with information about how we collect personal data when you use our website. Personal data is all data which concerns you personally, such as your name, adress, email adresses and user behaviour. We have taken extensive technical and operational protective measures to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorised individuals. Our security procedures are regularly reviewed and adjusted in line with technological progress.
 

1 Controller for data processing

The controller according to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is 
Funk Stiftung
Valentinskamp 18
20354 Hamburg, Germany
Tel. +49 (0)40 35914-900
Fax +49 (0)40 35914-73-956
E-Mail: info[at]funk-stiftung.org

 

2 How to contact the Data Protection Officer

You can contact our Data Protection Officer at info@funk-stiftung.org or by using our postal address with the add-on 'FAO Data Protection Officer'.
 

3 Subject of data protection

The subject of data protection is personal data under the terms of Article 4(1) GDPR. This is all information whcih relates to an identified or identifiable natural person. It generally includes all information which relates to an identified or identifiable natural person. It generally includes all information which could be used to identify a natural person (indirectly at least). This could be, for example, a person's name or contact details (e.g. telephone number, postal adress and email adress). The IP address can also represent personal data in this sense.
 

4 Collection, processing and use of personal data

The Funk Foundation only collects, processes and uses your personal data insofar as this is permitted or required by the GDPR, the German Federal Data Protection Act or another piece of legislation or insofar as you, as a user of our website, have consented to such collection, processing and use.
 

5 Your rights

You have the following rights vis-á-vis us with regard to the personal data concerning you:

5.1 General rights

You have a right of access, correction, deletion, restriction of processing, objection to processing and data portability. Insofar as processing is based on your consent, you have the right to revoke this consent you gave us with effect for the future.

5.2 Rights with regard to data processing according to a legitimate interest

According to Article 21(1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Article 6(1)(e) GDPR (data processing in the public interest) or based on Article 6(1)(f) GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this regulation. If you object, we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.

5.3 Rights with regard to direct advertising

Insofar as we process your personal data for the purpose of carrying out direct advertising, you have, at any time, the right according to Article 21(2) GDPR to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising.

If you object to processing for the purposes of direct advertising, we shall no longer use your personal data for these purposes.

5.4 Right to lodge complaints with a supervisory authority

You also have the right to lodge complaints regarding our processing of your personal data with responsible data protection supervisory authority.
 

6 Collection of personal data when you visit our website

When you are merely using the website for information purposes, i.e. if you do not register or otherwise transfer information to us, we only collect the personal data which your browser transfers to our server. When you visit our website, we collect the following data, which is technically necessary for us to enable you to view the website and to guarantee stability and security. The legal basis for this is Article 6(1)(f) GDPR:

IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status / HTTP status code, and the amount of data transferred.

7 Newsletter

7.1 General information

With your consent according to Article 6(1)(a) GDPR, you can subscribe to our newsletter, which we use to inform you of news and our current offers. We use the ‘double opt-in procedure’ for subscription to our newsletter. This means that, once you have subscribed, we send an email to the specified email address requesting your confirmation that you would like to be sent the newsletter. If you do not confirm your subscription, your information shall remain blocked and shall be automatically deleted after one month.

Additionally, we store the IP addresses you use and the times of subscription and confirmation. The purpose of this procedure is to prove your subscription and, if necessary, to resolve potential misuse of your personal data.

The only mandatory information required to send you the newsletter is your email address, title and surname. Any other data you provide is voluntary. Following your confirmation, we shall save your email address for the purpose of sending the newsletter. The legal basis is Article 6(1)(a) GDPR.

You can revoke your consent to receiving the newsletter and unsubscribe from it at any time. You can revoke your consent by clicking on the link provided in each newsletter email or by sending a contact request to the Data Protection Officer mentioned above.

7.2 Newsletter tracking

We would like to point out that we evaluate your user behaviour when we send the newsletter. For the purpose of this evaluation, the sent emails include ‘web beacons’ and ‘tracking pixels’ which are stored on our website. To carry out the evaluations, we link the aforementioned data and the web beacons to your email address and an individual ID. Links contained in the newsletter also contain this ID.

The data is only collected in a pseudonymised format, so the IDs are not linked to your further personal data and there is no possibility of persons being identified directly.

Tracking is not possible if you have disabled the automatic display of images in your email program by default. In this case, the newsletter shall not be displayed to you in full and you may not be able to use all the functions. The aforementioned tracking takes place if you opt to display the images manually. You can object to tracking at any time by unsubscribing from the newsletter.

 

8 Contact by email or using the contact form

If you contact us by email or using the contact form, the data you share (your company or academic institution, your email address, your name and telephone number) shall be stored by us for the purpose of answering your questions.

If we request that you use our contact form to input information which is not necessary for contact, we have always marked this as being optional. We use this information to substantiate your enquiry and to improve handling of your request. This information is communicated exclusively on a voluntary basis and with your consent as per Article 6(1)(a) GDPR. If this information relates to communication channels (e.g. your email address or telephone number), you are also consenting to the fact that we may, if necessary, contact you using these communication channels to respond to your request. You may naturally revoke this consent at any time with effect for the future.

We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.

 
9 Publications

You can request publications (results of foundation projects and information brochures, studies, magazines or press releases) on our website. For these functions and services, we require certain personal information from you. The voluntary provision of additional data allows us to improve our website and provide you, on request, with targeted information specifically tailored to meet your needs. You can enter this data in the designated places on the website. We process your data for the purpose of responding to your enquiry and providing you with the requested publication. If data is exceptionally processed for other purposes, this only takes place if you have given your consent to this effect.

If you request publications (e.g. studies or information brochures) by email, you need to provide your first name, surname, email address and your company or academic institution, if applicable. If you request publications by post, you need to provide your first name, surname and postal address. We may also collect and process additional voluntary data from you in both cases (to send you publications by post and by email).

When requesting publications, you can provide the following data:

  • Title
  • First name
  • Surname
  • Company or academic institution
  • Email adress

The legal basis for processing your data is Article 6(1)(a) and (b) GDPR. We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.
 

10 Consent-based sending of invitations relating to selectable seminar and webinar topics

If you would like to receive email invitations from us to seminars or webinars on topics which you are free to select, you need to provide your company or academic institution, your first name, surname and email address. You can opt to provide additional data (e.g. title). We process your data for the purpose of sending you invitations relating to your selected seminar or webinar topics. The legal basis for processing your data is Article 6(1)(a) GDPR. You can revoke your consent to receiving invitations and unsubscribe from the invitation service at any time. You can revoke your consent by clicking on the link provided in each invitation email or by sending a contact request to the Data Protection Officer mentioned above.

 

11 Registration for events

You can register for various events over our website. Certain personal details are required for registration. The voluntary provision of additional data allows us to improve our website and provide you, on request, with targeted information specifically tailored to meet your needs. We process your data only insofar as doing so is necessary for registering and holding the respective event. If you provide us with your consent to this effect, once you have attended the seminar we also use your data to send you a link by email to an electronic evaluation questionnaire and an electronic form which you can use to express your interest in further topics.

There are different registration options depending on the respective event. Registration can take place by email or using a registration form, to name but two examples. Depending on the event, the following information may be necessary for registration:

  • Company
  • Position
  • First name
  • Surname
  • Address
  • Post code
  • Town / City
  • Telephone number
  • Fax
  • E-Mail-Address

Following your registration, in principle you will receive an email from us to confirm your registration, as well as a reminder email straight before the event. The legal basis for processing your data is Article 6(1)(a) and (b) GDPR. We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist. 
 

12 Registration for webinars

You can register for various webinars over our website. Certain personal details are required for registration. If you register for a webinar on our website, you need to provide your company or academic institution, first name and surname, the name of your company and your email address. The voluntary provision of additional data allows us to improve our website and provide you, on request, with targeted information specifically tailored to meet your needs. We process your data only insofar as doing so is necessary for registering and holding the respective webinar.

As part of the webinar registration process, you may be directed to the page of an external service provider charged with the technical operation of the webinar. This service provider only collects, stores and uses your data to hold the webinar on our behalf under the terms of Article 28 GDPR and not for their own purposes. Data is not transferred to third countries (countries outside of the EU or the EEA).

The legal basis for processing your data is Article 6(1)(a) and (b) GDPR. We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.
 

13 Consent-based processing and use of your data for contact purposes

If you have provided us with your consent to this effect, we also use the data collected for the purposes described under 8, 9, 10, 11 and 12 for contacting you as well. This means that we store your data for information purposes and use the same to be able to respond to your enquiries in the event that repeated contact is made or a sponsorship is initiated. 

The legal basis for processing your data is Article 6(1)(a) GDPR. We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.
 

14 Applications

You can apply to our company electronically, particularly by email. We will naturally only use your information for the purpose of processing your application and will not disclose the same to third parties. Please note that unencrypted emails are not transferred in an access-protected manner.

If you have applied for a specific post and it has already been filled, or if we believe that another position is also suitable for or even better suited to you, we would be more than happy to forward your application within the company. Please let us know if you do not agree to your email being forwarded. 

Your personal data is deleted immediately once the application process is closed, or at most after six months, unless you have given us your express consent to store your data for longer or a contract has been concluded. The legal basis is Article 6(1)(a), (b) and (f) GDPR and Section 26 of the German Federal Data Protection Act.
 

15 Use of cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are saved on your hard drive, are assigned to the browser you use and through which the party that sets the cookie receives certain information. Cookies cannot run any programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective on the whole.

This website uses the following types of cookies, the scope and functions of which are explained below:

15.1 Transient cookies

These cookies are automatically deleted when you close the browser. They particularly include session cookies. These save a 'session ID' which can be used to assign various requests from your browser to the same session. Your computer can therefore be recognised if you return to our website. The session cookies are deleted if you log out or close the browser.

15.2 Persistent cookies

These cookies are automatically deleted after a specified period of time, which can vary depending on the cookie in question. You can delete the cookies at any time in your browser's security settings.

15.3 Flash cookies

The flash cookies used are not recovered by your browser, but rather by your Flash plugin. We also use HTML5 storage objects, which are stored on your terminal device. These objects store the data required regardless of the browser you use and do not have an automatic expiry date. If you do not want the flash cookies to be processed, you must install a corresponding add-on, such as 'Better Privacy' for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in Private mode. We also recommend manually deleting your cookies and browser history on a regular basis.

15.4 Preventing cookies

You can configure your browser settings in line with your requirements and refuse to accept third-party cookies or all cookies, for example. Please note that if you do so, you may not be able to use all the functions of this website.

15.5 Legal bases and duration of storage

The legal bases for potential processing of personal data and the data storage durations vary, and are described in the sections below.
 

16 Website analysis

We use various services, which are described below, for the purposes of analysing and optimising our website. We can therefore analyse, for example, how many users visit our site, what information is the most sought-after, or how users find the website. We also collect data on the website from which a data subject has accessed our website (‘referrer’), which of the website sub-pages were accessed, or how often and how long for a sub-page was viewed. This helps us to make our website user-friendly and also to improve it. The data collected in this way is not used to personally identify individual users. Anonymous or, at most, pseudonymous data is collected. The legal basis for this is Article 6(1)(f) GDPR. 

16.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Use of the same includes use of the Universal Analytics operating mode. It is thus possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and therefore analyse a user’s activities across such multiple devices.

Google Analytics uses cookies, which enable analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the United States. If IP anonymisation is activated on this website, Google will, however, truncate your IP address beforehand within Member States of the European Union or other states which are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser in the context of Google Analytics is not associated with any other data held by Google. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of this website, compiling reports on website activities and providing the website operator with other services relating to website and Internet use. In these purposes, we also have a legitimate interest in data processing. The legal basis for the use of Google Analytics is Section 15, Para. 3 of the German Telemedia Act (TMG) and Article 6(1)(f) GDPR. The data sent by us and linked with cookies, user identifiers (e.g. user ID) or advertising IDs is automatically deleted after 14 months. Data whose storage period has ended is automatically deleted once per month. You will find further information about terms of use and data protection at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de

You can prevent the storage of cookies by changing the relevant setting in your browser software; however, please note that if you do so, you may not be able to use all the functions of this website in full. Furthermore, you can prevent Google’s collection and processing of the data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent your data from being collected on future visits to this website. To prevent collection across various devices by Universal Analytics, you must opt out on all the systems you use. The opt-out cookie is set if you click here:

Deactivate Google Analytics (link on the website) 

 

17 Advertising

We use cookies for marketing purposes to address our users with interest-based advertising. We also use cookies to restrict the likelihood of ad playback and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Article 6(1)(a) and (f) GDPR. We have a legitimate interest in direct marketing for the purposes pursued with data processing. You have the right, at any time, to object to processing of your data for the purposes of such advertising. To this end, we provide you with the respective services’ opt-out options below. Alternatively, you can prevent the setting of cookies in your browser settings.

17.1 Google DoubleClick

We use DoubleClick, a service provided by Google Inc. DoubleClick uses cookies to place user-based adverts. The cookies recognise which ads have already been placed in your browser and whether you have called up a website via a placed ad. In doing this, the cookies do not collect any personal information and also cannot be linked with the same.

If you do not want to receive any user-based advertising, you can deactivate the placement of ads using Google’s ad setting.

Please refer to Google’s privacy policy for further information on how Google uses cookies.

 

18 Social media buttons

We provide social media buttons so that the content of our website can be shared on social networks. We use data-secure ‘Shariff’ buttons on our website. ‘Shariff’ was developed by specialists from the computer magazine c’t to enhance online privacy and prevent the unwanted transfer of data to social network operators. More information on the Shariff project can be found here.

The buttons offered directly by the operators of social networks generally transfer personal data such as IP addresses to the social network in question even just when a website with these integrated buttons is loaded. As a result, social network operators automatically receive precise information about your internet surfing. You do not have to be logged in to the network in question for this to occur; you do not even need to be a member of said network. By contrast, a Shariff button only establishes direct contact between a social network and the website visitor when the visitor actively clicks on the share button. Shariff thus prevents you from leaving a digital trace on every page you visit and enhances data protection. By using Shariff, we are protecting your personal data while also integrating buttons on our website for sharing our content on social media. 

 

19 Data transfer

To the extent required, we disclose personal data to third parties in exceptional circumstances if we use these companies to process your data. In these cases, however, the amount of data transferred is restricted to the minimum required. Insofar as third parties come into contact with your personal data, we ensure in the context of processing as per Article 28 GDPR that these parties comply with the regulations set down in data protection legislation in the same way. Please also note the providers’ respective privacy policies. The respective service provider is responsible for the contents of external services, whereby we check, within reasonable limits, that the services comply with the legal requirements.

Insofar as no deviating regulations result from this privacy policy, in principle your data is not transferred to third parties unless we are obligated to this effect by law, or if the data needs to be disclosed to implement the contractual relationship, or you have previously given your express consent to your data being disclosed.

We never transfer any personal data which we collect on this website to countries outside the European Union or the European Economic Area – unless such transmission is expressly stated.

 

20 Data security

We have taken extensive technical and operational protective measures to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorised individuals. Our security procedures are regularly reviewed and adjusted in line with technological progress.



Privacy information according to Art. 13 ff. GDPR

Information about the collection and processing of your personal data

(Last updated June 2019)

Trust-based collaboration with our project and collaborative partners, as well as with applicants and funding recipients, is based on diligence and transparency. For this reason, we would like to inform you of how we process your data and how you can exercise the rights afforded to you under the General Data Protection Regulation. The personal data we process and the purposes for this depend on the specific contractual relationship in each case. 
 

1 Who is responsible for data processing?

The controller for data processing is:


Funk Foundation
Valentinskamp 18
20354 Hamburg, Germany
Tel. +49 (0)40 35914-900
Fax +49 (0)40 35914-73-956
E-Mail: info[at]funk-stiftung.org

2 How can you get in touch with the Data Protection Officer?

You can contact our Data Protection Officer at info@funk-stiftung.org or by using our postal address with the add-on 'FAO Data Protection Officer'.
 

3 What personal data do we use?

We process your personal data when you have a query about funding, submit a specific funding application, receive a grant from us or conclude a contract with us.

Among other reasons, we also process your personal data in order to fulfil legal requirements, to protect a legitimate interest or because you have given us your consent to do so.

Depending on the legal basis for data processing, the following categories of personal data are processed: 

3.1 Personal data

  • First name, surname and title
  • Address
  • Telephone no, email address and other communication data (private/business)
  • Date and place of birth, nationality
  • Gender, marital status, other family data
  • Signature (including digital)
  • Employer/company or academic institution
  • Job title and CV

3.2 Project data

In particular the project numer, duration of sponsorship, type and amount of funding.

3.3 Contract data

In particular the duration, notice period for termination, type of contract, amount of funding.

3.4 Financial data

  • Bank details / account information
  • Payment data
  • Invoice data

3.5 Account information

In particular registration and logins

3.6 Videos or images

4 Where does the data come from?

We process personal data that we receive from our project and collaborative partners as well as from applicants and funding recipients. 

We also receive personal data from publicly accessible sources in individual cases, such as from commercial or association registers.
 

5 For what purposes do we process your data and on what legal basis?

We process your personal data especially in accordance with the General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG) as well as all other applicable laws.

5.1 Due to consent provided by you (Article 6(1)(a) GDPR)

If you have given us your voluntary consent to collect, process or transfer certain personal data, this consent constitutes the legal basis for processing this data. 

We process your personal data on the basis of your consent in the following cases:

  • To send an email newsletter
  • Personalised newsletter tracking
  • Market research (e.g. satisfaction surveys)
  • Marketing and advertising
  • To publish a project reference (name and photo)
  • To process special categories of personal data (e.g. health data)

5.2 For the performance of a contract (Article 6(1)(b) GDPR)

We use your personal data to respond to funding queries, process funding applications, draw up grant orders and cooperation agreements, and implement funding projects, cooperation agreements and other contracts.

As part of the respective contractual relationship, we process your data especially to perform the following tasks:

  • Funding/project-related contact
  • Project/contract management
  • Ongoing support of projects and communication with the parties involved
  • Defence or pursuit of legal claims

More information on the purposes of data processing can be found in the relevant funding guidelines, grant orders and project documents.

5.3 To fulfil legal obligations (Article 6(1)(c) GDPR) or for the public interest (Article 6(1)(e) GDPR)

As a non-profit foundation, we are subject to different legal requirements. These include in particular auditing and reporting obligations with respect to authorities and external auditors. To fulfil these obligations, it may be necessary to process personal data.

5.4 For the purposes of a legitimate interest (Article 6(1)(f) GDPR)

In certain cases we process your data to protect our legitimate interest or that of a third party. This may be necessary especially for the following purposes: 

  • Assurance of IT security and IT operations
  • Direct advertising or market and opinion research
  • Video surveillance to protect our domestic authority

 

6 To whom is your data passed on?

To fulfil our contractual and legal obligations your personal data is disclosed to external service providers and public agencies.

6.1 External service providers

We work with selected external service providers to fulfil our contractual and legal obligations:

  • Service providers for helping select, coordinate and implement projects
  • Service providers for accounting/finance management (especially to assist in creating annual financial statements)
  • IT service providers (e.g. maintenance service providers, hosting providers)
  • Service providers for file and data destruction
  • Printing service providers, letter shops
  • Service providers for telecommunications
  • Banks and other payment service providers
  • Service providers for advice and consultancy as well as asset management
  • Service providers for public relations 
  • Tax advisors and accountants

6.2 Public bodies

We may also be required to transfer your personal data to other recipients, such as authorities, for the purposes of fulfilling legal reporting obligations:

  • Foundation supervisory authority
  • Financial authorities
  • Customs authorities
  • Social security providers

 

7 Is your data transferred to countries outside of the European Union (‘third countries’)?

Data is only transferred to countries outside of the European Union (‘third countries’) if 

  • it is required in order to perform our services in accordance with Article 49(1)(b) GDPR (for a payment order, for example);
  • it is legally required due to law enforcement treaties in accordance with Article 48 GDPR (tax reporting obligations, for example) or 
  • you have given us your consent to do so as per Article 49(1)(a) GDPR. 

Beyond this we will not transfer any personal data to international organisations or other bodies in third countries.

 

8 How long is your data stored?

We store your personal data as long as it is required in order to fulfil our legal and contractual obligations.

If the data is no longer necessary in order to fulfil legal or contractual obligations, your data is deleted, unless further processing is necessary for the following purposes:

  • To fulfil retention obligations set out in foundation, commercial and tax law, such as the retention periods stipulated in the German Commercial Code (HGB) or German Revenue Code (AO), which call for retention periods up to ten years.
  • To retain evidence under legal regulations governing limitation periods. According to the limitation regulations set out in the German Civil Code (BGB), these limitation periods can run up to 30 years in some cases, but the regular limitation period is three years.

 

9 What are your rights concerning the processing of your data?

According to the GDPR, every data subject has the right of access (Article 15), the right of rectification (Article 16), the right of erasure (Article 17), the right to restrict processing (Article 18), the right of objection (Article 21) and the right of data portability (Article 20). The restrictions set out in Sections 34 and 35 of the BDSG apply to the right of access and right of erasure.

9.1 Right of objection

You can object to the use of your data for advertising purposes without incurring any charges, with the exception of the transmission fees under the basic tariff.

  • What are your rights concerning data processing due to your legitimate or the public interest?

According to Article 21(1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Article 6(1)(e) GDPR (data processing in the public interest) or based on Article 6(1)(f) GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this regulation.

If you object, we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.

  • What are your rights concerning data processing for the purposes of direct advertising?

Insofar as we process your personal data for the purpose of carrying out direct advertising, you have, at any time, the right according to Article 21(2) GDPR to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising.

If you object to processing for the purposes of direct advertising, we shall no longer use your personal data for these purposes.

9.2 Withdrawal of consent

You can withdraw your consent for us to process your personal data at any time. Please note that this withdrawal of consent only affects future processing. 

9.3 Right of access

You can demand information from us as to whether we have stored your personal data. Upon your request, we will inform you of what type of data we have, the purposes for which the data is being processed, the parties to which this data has been disclosed, how long the data has been and will be stored and what further rights you have in relation to this data. 

9.4 Other rights

You also have the right to rectify incorrect data or erase your data. If there is no reason to continue storing your data, we will delete it. Otherwise we will restrict its processing. You can also request that we provide all of the personal data you have given us in a structured, conventional, machine-readable format either to you or to a person or company of your choice.

Furthermore, you have the right to lodge a complaint with the responsible data protection supervisory authority (Article 77 GDPR in connection with Section 19 BDSG).

9.5 Exercising your rights

You can contact the data controller or the Data Protection Officer using the aforementioned contact details in order to exercise your rights. We will process your query immediately and in accordance with legal requirements.

 

10 Do you have to provide your personal data?

In order for our foundation’s work to be carried out, especially the funding of projects, you must provide us with the personal data required in order to make a decision on funding the project in question and on its implementation or the personal data we are legally required to collect. If you do not provide us with this data, we will not be able to fund and implement the project.

 

11 Is there an automated decision-making process or does profiling take place?

We do not use any automated decision-making processes and no profiling takes place.

 

12 Changes to this information

If the purpose for or the manner and method of processing your personal data substantially change, we will update this information and inform you of the changes in due course.