On the basis of valid legislation, the Gerda Henkel Foundation has developed a new data privacy concept. We would like to take this opportunity to inform you about whether and, if so, which of your personal data we collect and process, and for what purposes, as well as the legal basis on which we use them on our website https://lisa.gerda-henkel-stiftung.de (“science portal”). Furthermore, we would like to inform you about how we handle your personal data in the event of your contacting us in writing.
Personal data are all data that can be related to you personally, e.g., your name, your postal address or your e-mail address, as well as the IP address allocated to you, the technical data of your mobile terminal devices such as the type of device and the operating system, your location data, and data transmitted to us on the basis of granted access authorisation on your mobile terminal devices.
1. Who is responsible for the data processing and whom can you contact?
The Gerda Henkel Foundatiion, Malkastenstrasse 15, 40211 Düsseldorf, Germany is responsible for processing your personal data in the context of your use of the website. Please find further details about the Gerda Henkel Foundation and ways of contacting us here.
2. Data protection officer
In line with current legislation the Gerda Henkel Foundation has a data protection officer. The Gerda Henkel Foundation data protection officer can be reached by e-mail at:
datenschutz@gerda-henkel-stiftung.de
or by post at:
Gerda Henkel Stiftung
Data protection officer
Malkastenstraße 15
40211 Düsseldorf
Germany
3. Legal bases for the data processing
In line with the General Data Protection Regulation (GDPR) we are obliged to inform you about the legal basis for, and purposes of the data processing we perform. We refer in principle to four different legal bases, which allow us to process the data on this website, and to communicate with you:
1.) Art. 6, para. 1 lit. a) GDPR permits data processing if the “data subject has given consent to the processing of his or her personal data for one or more specific purposes”.
2.) Art. 6, para. 1 lit. b) GDPR permits data processing if “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
3.) Art. 6, para. 1, lit. c) GDPR permits data processing if the “processing is necessary for compliance with a legal obligation to which the controller is subject”.
4.) Art. 6, para. 1 lit. f) GDPR permits data processing if “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, […]”.
In the following list of the various purposes for which we process data we draw your attention in each case to the relevant legal basis for the purpose.
4. Data collection, data processing, and data use
The type of data processing depends on the way our services are used. The following is a list of which data we collect when.
a) Provision of the website and compilation of log files
When you visit our website, data are automatically collected and temporarily stored. These data serve communication between your computer and our server (retrieval of texts, images, download of files etc.). They are automatically transmitted by your browser. The data relates to the following information:
-
Type and version of your browser
-
Type and version of your operating system
-
The Internet address (URL) of the requested page
-
Date and time of the page request
-
The IP address allocated to you
The legal basis for the collection of the data is art. 6 para. 1 lit. f) GDPR. The collected data cannot be assigned to you personally. We do not assign data by combining them with other data sources. For technical reasons the data are stored for a period of seven days and then deleted unless, that is, we are legally obliged to store them for a longer period of time.
The temporary storage of the IP address is necessary to enable the delivery of the website to the computer of the user. For this purpose, the user’s IP address has to be stored for the duration of the session.
Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this, the user’s IP address must be stored for the duration of the session. Storage in log files occurs in order to ensure the functionality of the website. The data serve to help us optimise the website and ensure the security of our IT systems. The data collected by the Gerda Henkel Foundation are used for administrative purpose, web logs, research, and collective statistics. The Gerda Henkel Foundation can use the data for statistical purposes (e.g., pages visited, time spent on the website, number of visits, date and time of a visit), as well as for adapting the web pages, content, layout, and services.
The stored data are evaluated only to the extent that
- we are obliged to by law or a court ruling or
- we need the logged data in order to be able to prosecute attacks on our infrastructure under criminal and/or civil law
The data are not evaluated for marketing purposes.
b) Cookies
Our science portal uses various cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. The function of cookies is to make visiting our website more attractive and to enable the use of certain functions. They are small text files deposited on your terminal device. When a page is visited the cookies can be transmitted to it, thus enabling the user to be assigned. Cookies help simplify the use of Internet pages for users. Some of the cookies we use are deleted at the end of the browser session, i.e., when you close your browser (these are known as session cookies). Other cookies stay on your terminal device and enable us to recognise your browser on your next visit to the site (known as persistent cookies).
By using our webpage you agree to our use of cookies. The processing of personal data using cookies is conducted on the basis of our legitimate interests, pursuant to article 6 para. 1 lit. f) GDPR. Our legitimate interest in the use of cookies is to make our website more user-friendly, effective and secure.
You can prevent your device from storing cookies by changing the preferences of the browser software. You can delete cookies that have already been placed. The functionality of our website may be impaired by your not accepting cookies.
c) Matomo – data traffic analysis
The science portal page also uses the open source software tool Matomo (formerly PIWIK) to analyse our users’ surfing behaviour. The software places a cookie on the user’s computer (for cookies see above). If individual pages of our website are called up, the following data are stored:
- Two bytes of the IP address of the user’s calling system
- The web page called up
- The website, from which the user reached the web page called up (referrer)
- The sub-pages called up from the web page initially called up
- The time spent on the web page
- The frequency with which the web page is called up
The software is set up such that the IP addresses are not stored in full, rather two bytes of the IP address are masked - (e.g.,: 192.168.xxx.xxx). This way it is no longer possible to assign the shortened address to the calling computer.
The software only runs on our web page’s servers. The users’ personal data is only stored there. The data are not passed on to third parties.
The processing of personal data using cookies is conducted on the basis of our legitimate interests, pursuant to article 6 para. 1 lit. f) GDPR. Our legitimate interest in the use of cookies is to make our website more user-friendly, effective and secure.
You can prevent your device from storing cookies by changing the preferences of the browser software. You can delete cookies that have already been placed. The functionality of our website may be impaired by your not accepting cookies.
The processing of the users’ personal data enables us to analyse their surfing behaviour. Evaluation of the data acquired puts us in a position to compile information about the use of individual components of our web page. This helps us to continually improve our web page and its user friendliness.
The data are deleted as soon as they are no longer required for our recording purposes. In our case this is so in five years.
Cookies are stored on the user’s computer and transmitted from there to our page. For this reason, as a user you have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
You will find more detailed information about the Matomo software privacy settings from the following link: https://matomo.org/docs/privacy/.
d) Registration and writing of users’ own articles
On the science portal page we give users an opportunity to register stating their personal data. As a registered member you can write articles of your own and post them on L.I.S.A., upload images, audio files and videos, and establish contact with other authors. You can read the conditions of use relating to registration at https://lisa.gerda-henkel-stiftung.de/agb.
Registration requires a registration form to be filled out. This involves data being entered in an input mask, transmitted to us, and stored. The data are not passed on to third parties. The following data have to be collected in the registration process:
- Given name, name
- E-mail address
- Place
In addition, the following data are collected automatically:
- The user’s IP address
- Date and time of the registration
Registration is not possible without these data being transmitted. In addition it is possible to voluntarily provide further data and create your own profile.
As part of the registration process, the user gives their consent to the data being processed. In the event of the user having given this consent, the legal basis for the processing of the data is art. 6 para. 1 lit. a) GDPR. The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For data collected during the registration purpose this is the case if the registration on our web page is cancelled or changed. As a user you can annul the registration at any time. You can have the stored data relating to you changed at any time.
If you are logged on you can change the stored data yourself in the section “My profile”. You can revoke your consent to your data being stored and have the user account set up deleted. You can have this done do this by e-mail to chatzoudis@gerda-henkel-stiftung.de or by notifying the contacts listed in our Contact section.
Registered members can publish articles of their own on the science portal. When posting an article personal data will be requested or be taken over from your member profile. Before an article is posted, you will be asked to give your consent to the data you have entered being transmitted and be referred to this Privacy Policy. By giving your consent you grant the Gerda Henkel Foundation the non-exclusive, irrevocable and non-terminable right, which is also unlimited timewise, to use individually or together the contents on the web pages and in the yearbook or Gerda Henkel Foundation, in particular to make the contents publicly accessible. The right granted also includes the right to process the contents for the aforementioned purposes. The legal bases for the storage of these data are art. 6 para. 1 lit. a) GDPR and art. 6 para. 1 lit. b) GDPR.
e) Comment function
The science portal offers the possibility of making comments beneath each article. In the logged-on state your name and the e-mail address you entered is associated with the comment. In the non-logged on state you also have the possibility of writing a comment using a pseudonym and an arbitrary e-mail address. You are not obliged to use a given name and family name, or your correct e-mail address. If you post a comment the name and the e-mail address you gave are collected together with the following data:
- IP address of the calling computer
- Date and time of registration
When you post the comment you will be asked for your consent to the processing of the data and be referred to this Privacy Policy. When the comment is published your name and e-mail address will be visibly allocated to the text.
You can revoke your consent to your data being stored and have the user account set up deleted. You can have this done do this by e-mail to chatzoudis@gerda-henkel-stiftung.de or by notifying the contacts listed in our Contact section.
f) Establishing contact by e-mail
You can contact the editorial desk of the science portal via the e-mail address provided. If you do contact us by e-mail, the personal data you enter and transmit are automatically stored. We process your personal data inasmuch as and for as long as we need them in order to deliver our information services for you. We delete your personal data once we have performed our service for you unless, that is, we are obliged by law to store them longer. The legal basis for the collection of the data is art. 6 para. 1 lit. f) GDPR. The purpose of the data processing and our legitimate interest lie in our being able to answer the messages sent to us.
g) Sending of the newsletter
Our science portal offers the possibility of subscribing to a free newsletter. The e-mail you enter in the input mask when subscribing to the newsletter is transmitted to us. On registration the following data are also collected:
- IP address of the calling computer
- Date and time of registration
For the processing of the data you will be asked during the registration process your consent and be referred to this Privacy Policy. In connection with data processing for the sending of the newsletter, no data are passed on to third parties. The data are used exclusively for the sending of the newsletter.
The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s e-mail address is initially stored for as long as the subscription to the newsletter is active.
You can revoke your consent at any time and cancel the newsletter. This can be done either by clicking on a link provided in every newsletter mail, by e-mail to chatzoudis@gerda-henkel-stiftung.de or by notifying the contacts listed in our Contact section.
h) Integration of Internet service providers and social media-services
Various services of third-party providers are integrated on this website. These are, for example, plug-ins, which provide information hosted on external servers or enable interaction with social media services. The social networks or services integrated on this website and operated by third parties are: Facebook, Fonts.com, Google+, Google Maps, Instagram, Twitter, Vimeo, YouTube.
In order to raise the level of protection of your data when you visit our website, the plug-ins of the social networks Facebook, Instagram and Twitter are not activated from the outset but need to be activated by you first. This only occurs if you click on the social media link or the plug-in. This guarantees that if you visit a page on our website that contains a plug-in of this nature, connection with the servers of the plug-in provider is not yet established. Only when you activate the plug-ins and thus give your consent for the data transmission does your browser create a direct connection to plug-in provider’s servers. The content of the respective plug-in is then transmitted by the relevant provider directly to your browser and integrated in the page. The other mentioned services are used, to integrate content into our webpage. This services transmits, without interaction on the part of the user, data to the server of the service operator. This happens, for example, if you call up directions provided by Google Maps or a linked Twitter Wall, of if you use a Facebook Like button. It also occurs if you call up multimedia services not hosted directly on this website’s server but streamed by a third-party provider such as YouTube.
We have no influence on the data collected by third-party providers and are not the controller of the data processing operations as defined in GDPR. For this reason we are also unable to provide full, conclusive, information about the scope, legal basis, and purposes of the data collection and storage periods. Here, please find links to the Privacy Policies of the providers we use, where you can find out about the purpose and scope of the data collection, and your rights:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php.
- Fonts.com, Monotype, 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA; www.monotype.com/legal/privacy-policy.
- Google Inc. (Google Maps), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://policies.google.com/privacy
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; www.twitter.com/privacy.
- Vimeo, Inc., 555 West 18th Street New York, New York, New York 10011, USA; vimeo.com/privacy.
- YouTube LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://policies.google.com/privacy
- Instagram LLC, 1601 Willow Rd. Menlo Park, California 94025, USA, help.instagram.com/155833707900388.
5. Data storage
We process data only for as long as this is necessary for the respective purpose. Moreover, we are subject to various storage and documentation obligations pursuant to, among other things, the German Commercial Code (HGB) and the Tax Code (AO). These can be for a period of up to 10 years. The storage period is ultimately also determined by statutory limitation periods, which for example in accordance with sections 195 ff. of the German Civil Code (BGB) can be up to 30 years, although the standard limitation period is three years.
6. Your rights as the data subject
As the data subject you have the following rights:
- Revocation of your consent pursuant to art. 7 para. 3 GDPR
- Information pursuant to art. 15 GDPR
- Correction pursuant to art. 16 GDPR
- Deletion (“Right to be forgotten”) pursuant to art. 17 GDPR
- Restriction of the processing pursuant to art. 18 GDPR
- Notification pursuant to art. 19 GDPR
- Data portability pursuant to art. 20 GDPR
- Right to object pursuant to art. 21 GDPR
- Right to lodge a complaint with a supervisory authority pursuant to art. 77 GDPR
You can reach the supervisory authority responsible for the Gerda Henkel Foundation at:
Landesbeauftragter für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: + 49 (0)211/38424-0
Fax:+ 49 (0)211/38424-10
E-mail: poststelle@ldi.nrw.de
7. Data security
We have taken technical and organisational precautions to protect the data we collect. These are geared in particular against the danger of loss of, manipulation of, and unauthorised access to your data. The security concept is regularly inspected with regard to functionality and appropriateness and brought up to date.
8. Regular updating of his Privacy Policy
This Privacy Policy is constantly updated in line with new legislation. On this page we let you know about any new developments.
Date of this Privacy Policy: 25 March 2019