Privacy
The protection of your personal data is a top priority for us! It can be taken for granted that Haniel Foundation will comply with the legal provisions concerning data protection. Haniel Foundation has placed its staff under an express obligation to comply with all data protection regulations. Your data will not be shared with third parties. Additionally, Haniel Foundation has taken measures to protect personal data from loss, destruction, distortion/falsification, manipulation and unauthorised access.
What is it?
This privacy policy governs your personal data and how we use it in the context of the use of our website and the use of special forms of use. Personal data is any information that relates to an identified or identifiable natural person, in other words data that relates to you personally, such as your name, address, email address, user behaviour, etc. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, restriction, erasure or destruction.
I. Name and address of the controller
The data controller within the meaning of the General Data Protection Regulation (hereinafter referred to as "GDPR") and other national data protection laws of the member states as well as other data protection provisions is:
Haniel Stiftung
Franz-Haniel-Platz 1
47119 Duisburg
stiftung@haniel.de
www.haniel-stiftung.de
II. Contact person
For all questions regarding our data protection please contact
Iris Schleyken
T +49 (0) 203 806-368
E ischleyken@haniel.de
III. Safety
The Haniel Foundation operates the website from Germany. The server is hosted by Host Europe in the Frankfurt data center. All conditions and all legal measures or procedures in connection with the Haniel Foundation website are, to the extent permitted by law, subject exclusively to the laws of the Federal Re-public of Germany. The user is responsible for ensuring that the legal norms in the territory from which he accesses are followed.
IV. General information about data processing
1. Scope of personal data processing
We process personal data of our users only to the extent necessary to provide a functioning website and our content and services. Our users' personal data are processed regularly only with the consent of the user. An exception to this is in cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
a) Article 6(1)(a) of the GDPR serves as legal basis provided that we have obtained consent from the data subject.
b) Article 6(1)(b) of the GDPR serves as the legal basis for the processing of personal data if it is necessary for the fulfilment of a contract to which the data subject is a party. This also applies to processing opera-tions required to carry out pre-contractual actions.
c) Article 6(1)(c) of the GDPR serves as the legal basis for the processing of personal data if it is necessary for the performance of a contract to which our foundation is a party.
d) Article 6(1)(d) of the GDPR serves as the legal basis in the event that the data subject's vital interests or that of another natural person require the processing of personal data.
e) Article 6(1)(f) of the GDPR serves as the legal basis if the processing is necessary to safeguard the inter-ests of our foundation or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the controller's interest.
3. Data deletion and retention duration
The data subject's personal data shall be deleted or blocked as soon as the purpose of the retention ceases to apply. In addition, storage may be provided for by the European or national legislatives in EU regula-tions, laws or other regulations to which the controller is subject. The data shall also be blocked or deleted when a storage period prescribed by the specified standards expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.
V. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the com-puter system of the visiting computer.
The following data are collected:
• The user's IP address
• Date and time of access
• Directory protection user
• Protocols
• Status code
• Amount of data
• User agent
• Retrieved host name
• Websites from which the user's system accesses our website
• Websites that the user's system access through our website
The data are also stored in the log files of our system. The user's IP addresses or other data that allow the assignment of the data to a user are not affected by this. This data are not stored with the user's other personal data.
2. Legal basis for data processing
Article 6(1)(f) of the GDPR is the legal basis for the temporary storage of the data.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary.to allow delivery of the website to the user's computer. The user's IP address must be kept for the duration of the session for this.
Storage of the data in log files is done to ensure the functionality of the website. The data are also used to optimize the website and to ensure the security of our IT systems. The data are not used for marketing purposes in this context. These purposes also constitute our legitimate interest in the processing of the data pursuant to Article 6(1)(f) of the GDPR.
4. Retention duration
The data will be deleted as soon as they are no longer necessary for the purpose of its collection. In the case of collecting the data to provide the website, this is the case when the respective session has ended.
In the case of storing the data in log files, this is the case after no more than seven days. Retention beyond that period is possible. In this case, the users' IP addresses are deleted or distorted so that an assignment of the visiting client is no longer possible.
5. Opt-out and removal option
The collection of data for provision of the website and retention of the data in log files is essential for the website's operation. The user therefore does not have the option to opt out.
VI. Use of "own" cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the us-er's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is revisited.
Depending on the configuration, different types of cookies are used on our website. These cookies can be divided into the following categories:
a) Essential Cookies (Type 1)
These cookies are mandatory for the website and its functions to work properly.
b) Functional Cookies (Type 2)
These cookies improve the comfort and performance of websites and provide various functions.
c) Performance Cookies (Type 3)
These cookies collect information about how users use websites.
d) Third party cookies (Type 4)
These cookies are provided by third parties, e.g. social networks. They are primarily used to deliver content through social plug-ins via social share media channels.
This website uses the following types of cookies:
Name | Description | Type |
has-js | This cookie is used by the Content Mangement System Drupal |
a) |
-ga,-gid,-gat | These cookies are used by Google Analytics | c) |
Consent, PREF, VISITOR_INFO1_LIVE; YSC, 1P_JAR, NID, OTZ |
These cookies are used by YouTube and/or Goolge and Goolge Maps | d) |
cw_id, loc, mus, na_id, na_tc, uid, uvc,_atuvc,-atuvs | These cookies are used by the Soocial Sharing Service AddThis | d) |
2. Legal basis for data processing
The legal basis for processing personal data while using cookies is Article 6(1)(f) of the GDPR.
3. Purpose of data processing
For technically necessary cookies (Type a) and b))
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some fea-tures of our website cannot be offered without the use of cookies. In this case, it is necessary that the browser is recognized again even after going to another page.
The following applications require these cookies:
• Transfer of language settings
• Remembering keywords
• Use of forms
For Performance Cookies (Type c))
No personal data is used
For Third party cookies (Type d))
Social Plugins are not used, only links to other websites
4. Retention duration, opt-out and erasure options
Cookies are stored on your computer and transmitted to us by the computer. Therefore, as the user you also have full control of the use of cookies. If the cookies that are used are so-called 'transient cookies', they will be deleted after you log out or close the browser. Persistent cookies are automatically deleted from your computer after a specified period of time, which may vary depending on the cookie.You can disable or restrict the transmission of cookies by changing the settings in your browser. You can delete any already stored cookies at any time. The deletion can, as described, also be automated. If cookies are disabled for our website, you may not be able to use all the functions of the website to the fullest extent.
VII. Newsletter Registration
1. Description and scope of data processing
Our website allows you to register for our newsletter, which will be send by email quarterly. We use the Double-opt-in method to register. This means that after your registration we will send you an email to your given email address in which we confirm your order and that you wish to receive our newsletter. When subscribing to the subscriptions, the data from the form will be sent to us. This data includes the following personal data:
• Salutation (optional)
• Last name (optional)
• First name (optional)
• Email-address (mandatory)
In addition, the following other personal data are collected at registration:
• IP address of the visiting computer
• Date and time of registration
• Opt-in time
• Storage of the texts used at registration as well as confirmation (as content for the declaration of con-sent)
During the registration process your consent to the processing of the data is obtained and reference is made to this privacy policy. The data will be used exclusively for sending the newsletter.
2. Legal basis for data processing
The legal basis for the processing of data after registration by the user is the existence of the user's con-sent pursuant to Article 6(1)(a) of the GDPR.
3. Purpose of data processing
The collection of the user's personal data helps us deliver our newsletter.
4. Retention duration
The data will be deleted as soon as they are no longer necessary for the purpose of its collection.
5. Opt-out and removal option
You may revoke your consent to the sending of our newsletter at any time by a click on the link “unsub-scribe newsletter” or by sending an email to ischleyken@haniel.de. This also allows you to revoke your consent to the storage of your personal data that are collected during the registration process.
VIII. Email contact
1. Description and scope of data processing
You can contact us via the provided email address. In this case, the user's personal data that are transmit-ted by email will be stored. The data in this context will not be disclosed to third parties. The data are used exclusively for processing the communication.
2. Legal basis of processing
The legal basis for processing the data is the existence of the user's consent pursuant to Article 6(1)(a) of the GDPR. The legal basis for processing the data that are transmitted when an email is sent is Article 6(1)(f) of the GDPR.
3. Purpose of data processing
The processing of personal data from the input mask is only used to process the contact. In the case of contact via email, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process are intended to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Retention duration
The data will be deleted as soon as they are no longer necessary for the purpose of its collection.
5. Opt-out and removal options
The user has the option of revoking their consent to the processing of the personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In this case, we will be unable to continue the conversation. You can use the email address used to contact us or the email address specified on the 'Imprint' page to withdraw your consent and object to storage of your data.
All personal data stored in the course of establishing contact will be deleted in this case, as long as there are no legal obligations standing in the way of the deletion.
IX. Integration of Google Maps
1. Description and scope of data processing
We use Google Maps on this website. Google Maps is a service of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. You can find its privacy policy and information about your rights and privacy settings at https://www.google.com/intl/en/policies/privacy. Google also processes your personal information in the United States and is subject to the EU-U.S. Privacy Shield Framework, https://www.privacyshield.gov/EU-US. By visiting the website, Google receives the information that you have accessed the corresponding page on our website. In addition, the data specified in section IV.1. of this privacy policy are also transmitted. This happens regardless of whether you are logged into a Google user account or have no user account there. When you are logged into your Google user account your data are allocated directly to your account. If you do not want your data to be allocated to your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or customized website design purposes. The data are evaluated (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website.
2. Legal basis of data processing
Article 6(1)(f) of the GDPR is the legal basis for the integration of Google Maps.
3. Purpose of data processing
Using Google Maps gives you easy access to the interactive map, which is displayed directly on the web-site, and allows you to conveniently use the map feature. We therefore also have a legitimate interest in the integration of Google Maps for this purpose.
4. Retention duration
We have no information about the retention periods and deletion of the collected data by YouTube.
5. Opt-out and removal option
You have the right to object to the creation of these user profiles, and you must direct your objection to Google.
X: GOOGLE ANALYTICS
1. Description and scope of data processing
This website uses Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. You can find its privacy policy and information about your rights and privacy settings at https://policies.google.com/privacy?hl=en&gl=en. Google Analytics uses "cookies", which are text files placed on your computer to help the website analyses how visitors use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
As costumer of Google Analytics, we requested the IP address anonymization. The IP address of the users is reduced within the EU member states and the European Economic Area. This reduction eliminates the personal reference of your IP address. Our website operator has concluded a data processing contract with Google Inc., it uses the information gathered to compile an evaluation of the website's use and website activity, and provides services related to the use of the internet.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this web-site, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en.
More information on the use of your data by Google Inc. can be found here: https://support.google.com/analytics/answer/6004245?hl=en
2. Legal basis of data processing
Article 6(1)(f) of the GDPR is the legal basis for the integration of Google Analytics.
3. Purpose of data processing
By using Google Analytics, user's website usage can be analyzed. Our legitimate interest in integrating Google Analytics based on that reason.
4. Retention duration
We have no information about the retention periods and deletion of the collected data.
5. Opt-out and removal option
You have the right to object to the creation of these user profiles, and you must direct your objection to Google.
XI. Links to other websites
On our website you will find buttons which will lead you to our social media groups on Facebook and XING. These are just simple links and no plugins. The Haniel Foundation makes no statement and is in no way responsible for the services or products of such third parties.
XII. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the data controller (see section I. of this policy):
1. Right of access
You have the right to ask the data protection officer to confirm if we are processing your personal data.
If this is the case, you have the right to ask the data controller for information about the following infor-mation:
a) the purposes for which the personal data are processed;
b) the categories of personal data that are being processed;
c) the recipients or categories of recipients of the personal data to whom your personal data was or will be disclosed;
d) the envisaged period in which your personal data will be stored or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) any available information as to the source of the data if the personal data are not collected from the data subject;
h) the existence of automated decision-making
i) You have the right to obtain information as to whether your personal data will be transferred to a third country or international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
2. Right to rectification
You have the right to ask the controller to rectify and/or complete your personal data if the processed per-sonal data are incorrect or incomplete. The controller is obligated to rectify the data without undue delay.
3. Right to restriction of processing
a) If you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal data;
b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) If you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
If processing of your personal data has been restricted, this personal data shall (with the exception of stor-age) only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing is restricted under the above conditions, you will be notified by the data controller before the restriction is lifted.
4. Right to erasure
a) Obligation to delete
• You have the right to request from the controller the erasure of your personal data without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
• Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• You withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
• You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2);
• Your personal data have been unlawfully processed;
• Your personal data have to be deleted for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
b) Information to third parties
Where the controller has made your personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
There is no right to erasure of the personal data if the processing is necessary
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defence of legal claims.
5. Right to reporting
If you have asserted your right of rectification, erasure or restriction of processing to the controller, he/she is obliged to notify all of the recipients to whom your personal data have been disclosed of the correction or erasure of the data or restriction of processing, unless it proves to be impossible or involves a disproportionate effort. You have the right to be informed by the controller about these recipients.
6. Right to data portability
You have the right to receive the personal data you provide to the controller in a structured, common and machine-readable format. You also have the right to transmit that data to another controller without hin-drance by the controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) and
b) the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other people may not be affected. The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to his or her particular situation, at any time to the processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of the personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.In the context of the use of information society services (notwithstanding Directive 2002/58/EC), you may exercise his or her right to object by automated means using technical specifications.
8. Right to withdraw consent
You have the right to withdraw your declaration of consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
a) is necessary for entering into, or performance of, a contract between you and the data controller;
b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) you have given your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. With regard to the cases referred to in points (a) and (c), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you vio-lates the GDPR.The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de
Version: This privacy policy is dated 25.05.2018