Data protection information

The protection of your personal data is an important concern for Körber-Stiftung. We observe the legal regulations on data protection and data security.

Below you will find information about what personal data we collect when you use our website at www.koerber-stiftung.de (“website”) and utilise the services and functions it contains, and how we use this data and for what purposes. In addition, we will inform you of the legal basis for the processing of your data and, if processing is necessary to protect our legitimate interests, of our legitimate interests. If you have any further questions about the handling of your personal data, please contact our data protection officer.

  1. Person responsible
  2. Contact the responsible data protection officer
  3. Legal basis for data processing
  4. Data security
  5. Data transmission
  6. Calling up our website
  7. Newsletter
  8. Orders
  9. Interaction with social networks and integration of third-party content
  10. What are cookies?
  11. Contact
  12. Registration for events and inclusion in data processing programme
  13. Participation in online surveys
  14. Applications
  15. Data deletion
  16. LinkedIn foundation presence
  17. Facebook Fanpage
  18. Changes to this privacy policy
  19. Your rights

1. Person responsible

Körber-Stiftung, Kehrwieder 12, 20457 Hamburg, Germany, telephone 040 / 80 81 92 0, info@koerber-stiftung.de (“Körber-Stiftung”, “we” or “us”) is responsible for processing your data through the website.

2. Contact the responsible data protection officer

You can contact our data protection officer at info@koerber-stiftung.de or by post at

Justus Brandt
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de

3. Legal basis for data processing

According to Art. 13 para. 1 lit. c) GDPR, we must also inform you about the legal bases for data processing on our website and the purposes of the respective data processing. The data processing on our website is authorised by two different legal bases in addition to the provision of consent:

If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (or § 25 para. 1 TDDDG).

According to Art. 6 para. 1 sentence 1 lit. b GDPR, data processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Insofar as processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

According to Art. 6 para. 1 sentence 1 lit. f GDPR (or § 25 para. 2 no. 2 TDDDG), data processing is also lawful if it is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child.

In the following, we refer to these two legal bases for the relevant data processing.

4. Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.

5. Data transmission

Your personal data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary to fulfil the contractual relationship, or you have previously expressly consented to the transfer of your data.

External service providers and partner companies such as online payment provider or a shipping company commissioned with the delivery will only receive your data if this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure that they comply with the provisions of the data protection laws in the same way within the framework of order processing in accordance with Art. 28 GDPR. Please also note the data protection notices of the respective providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.

6. Calling up our website

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via a contact form), we collect the following technical information (log file data):

  • Operating system of the device you use to visit our website
  • Browser (type, version & language settings
  • the amount of data retrieved
  • the anonymised IP address of the device you use to visit our website
  • Date and time of access
  • the URL of the previously visited website (referrer)
  • the URL of the (sub)page that you call up on the website

The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We and our service provider regularly do not know who is behind an IP address. We do not merge the data listed above with other data.

To ensure the error-free operation of our web server and to guarantee server security, your IP address is processed by our server service provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The IP address is anonymised after collection.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR or § 25 para. 2 no. 2 TDDDG. Since the collection of data for the provision of the website and storage in log files is absolutely necessary for the operation of the website and for protection against misuse, our legitimate interest in data processing prevails at this point.

7. Newsletter

7.1 General information

You can subscribe to various newsletters on some of our websites, which we use to inform you about the activities of our foundation, current information about special offers, promotions and events, depending on your selection . The content of the individual newsletters is briefly described during the registration process. The legal basis for sending the respective newsletter is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 7 para. 2 no. 3 GDPR. § Section 7 para. 2 no. 3 UWG or the legal authorisation pursuant to Section 7 para. 3 UWG.

We use the so-called double opt-in procedure to subscribe to our newsletters. This means that after you have registered, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted .

The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary: this data is used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter and until cancellation. We also store your current IP address at the time of registration, the time of registration and the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest in accordance with Art. 6 Para. 1 S.1 lit. f GDPR in the proof of a previously given consent, see also Art. 7 Para. 1 GDPR.

You can revoke your consent to the sending of a respective newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter email or by sending an email to info@koerber-stiftung.de.

7.2 Newsletter Tracking

We would like to point out that we evaluate your user behaviour when sending the newsletter in order to determine whether and when the newsletter was opened. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are stored on our server and are loaded when the newsletter is opened. Technical information such as browser type, time of opening and IP address are transmitted. For the analyses, we link the aforementioned data and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID and enable us to analyse your click behaviour.

We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and infer your personal interests from this. The legal basis for this data processing is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future. In this case, the cancellation includes the respective newsletter subscription, as a separate cancellation of the tracking is unfortunately not technically possible. To do so, simply click on the unsubscribe link provided in every email .

Such tracking is only possible to a limited extent if you have deactivated the display of images in your email programme by default . However, clicking on links will still be recorded. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

The information from the tracking is stored for as long as you have subscribed to the newsletter.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

8. Orders

When you place an online order on our website (e.g. books, flyers or brochures), we collect the data required for the conclusion of the contract. The data is stored for the duration of the contract and in accordance with legal obligations. If necessary for processing the order, we will forward your address data to a shipping service provider. The legal basis is the conclusion and fulfilment of a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

We use various payment service providers for payment processing, which are always labelled and accept your entries. These are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the use of payment service providers is also contract processing in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

9. Interaction with social networks and integration of third-party content

We have integrated third-party content in some places on our website. This includes videos, map services, images or fonts. A more detailed description of who we embed content from and how your data is processed can be found below in the respective description of the embedded content.

9.1 YouTube

We use the services of YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the controller responsible for your data.

If you have not given your consent as part of the Consent Manager, you have the option of giving it later as part of the so-called “2-click procedure”. If you access a page in which a YouTube video is embedded, a connection to the YouTube servers is only established when you click on the button to confirm. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

Further information on data protection from YouTube is provided by Google at the following link: https://policies.google.com/privacy?hl=en.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by accessing Cookie settings under “Privacy settings” in the menu in the sidebar and changing your selection there.

9.2 Vimeo

We use services from “Vimeo” (Vimeo LLC, 555 West 18th Street, New York 10011, USA) on our website.

If you have not given your consent as part of the Consent Manager, you have the option of giving it later as part of the so-called “2-click procedure”. If you access a page in which a Vimeo video is embedded, a connection to the Vimeo servers will only be established when you click on the button to confirm. In this case, Vimeo will set cookies and use your visit data for its own purposes. If you are logged in to Vimeo at this time, the information about the videos you have viewed will be assigned to your Vimeo member account. You can prevent this by logging out of your member account before visiting our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The standard contractual clauses pursuant to Art. 46 (2) and (3) GDPR serve as the legal basis for the data transfer. These clauses oblige the provider to comply with the EU level of data protection when processing personal data outside the EU.

Further information on this can be found in Vimeo’s privacy policy at https://vimeo.com/privacy.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by accessing Cookie settings under “Privacy settings” in the menu in the sidebar and changing your selection there.

9.3 Podigee

We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.

Podigee processes IP addresses and device information in order to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee’s database, unless it is required for the provision of the podcasts.

Further information can be found in Podigee’s privacy policy: https://www.podigee.com/en/about/privacy.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by visiting and changing your selection in the cookie settings under “Privacy settings” in the menu in the sidebar.

9.4 Google Maps

This site uses the map service Google Maps. Google Maps is a map service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

To use the functions of Google Maps, information, including the IP address and the address entered as part of the route function, may be transmitted to the provider’s servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection with Google’s servers, whereby the map content is sent to your browser and integrated by it. We have no influence on this data transfer. As far as we are currently aware, this includes the following data:

  • Date and time of the visit to the website in question,
  • Internet address or URL of the website accessed,
  • IP address, (start) address entered during route planning

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. If you do not wish Google to process data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case you will not be able to use the interactive map function of Google Maps.

If you have not given your consent as part of the Consent Manager, you have the option of giving it later using the so-called “2-click procedure”. When you access a page in which Google Maps is embedded, a connection to the Google servers is only established when you click on the button to confirm. In this case, Google will set cookies and use your visit data for its own purposes. If you are logged in to Google at this time, the information about the videos you have viewed will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by calling up the cookie settings under “Data protection settings” in the menu in the margin of the page and changing your selection there.

10. What are cookies?

Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the organisation that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognise preferences and target content according to areas of interest.

There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only this website is authorised to read information from these cookies. Third-party cookies are set by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR or Section 25 para. 2 no. 2 TDDDG. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionalities, to measure reach and – with your consent – to tailor our services to your preferred areas of interest.

You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do this via the settings in your Internet browser. You can find instructions for common browsers here: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge Browser, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Consent with Usercentrics

This website uses Usercentrics’ consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).

When you enter our website, the following personal data is transmitted to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

10.1 Outbrain

We use the service of Outbrain UK Ltd, Outbrain UK Limited, 5 New Bridge Street, London, EC4V 6JA, England. This service allows us to point you to links within our website and to other websites that may be of interest to you. The content is automatically controlled by Outbrain.

The recommendations are based on your previous reading behaviour and mainly relate to the content you have already read. Outbrain stores a cookie on your end device for this purpose. Outbrain collects the device source, the browser type and the user’s IP address, the last octet of which is deleted for anonymisation purposes. Outbrain assigns a so-called Universally Unique Identifier (UUID), which can identify the user by device when they visit a website on which the Outbrain widget is implemented. Outbrain creates user profiles in which user interactions (e.g. page views and clicks) of a browser or end device are aggregated in order to derive the preferences of the UUID.

Your data may be processed in the UK, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA), and transferred there. The legal basis for the data transfer is the adequacy agreement with the UK pursuant to Art. 45 (1) GDPR.

Your data will be deleted after 13 months at the latest. Further information on the scope and storage period can be found in the privacy policy https://www.outbrain.com/legal/privacy#privacy-policy.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can revoke your consent at any time with effect for the future by going to Cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

10.2 Hotjar

We use the web analysis service Hotjar to analyse the use of our website. Hotjar Ltd (St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the provisions of the Data Protection Act, Chapter 440 of the Laws of Malta (“Applicable Law”), which implements all relevant European Union directives on data protection.

Hotjar is used to measure user behaviour (mouse movements, clicks, scroll height, etc.) on our website, which may be recorded and evaluated. Information is also collected about previously visited websites, your home country, devices used, operating systems and browsers. The IP address of the end device is only collected and stored in anonymised form by setting the last octet of IPv4 addresses to 0 to ensure that the full IP address is never written to the hard drive. The data collected is transferred and stored via an encrypted connection to servers located in Ireland (EU).

The purpose of the data processing is to improve the offer, the functionality of the Hotjar-based website and thus the user experience. For this purpose, Hotjar also places cookies on your end devices, among other things. You can find more information about the cookies used at: https://www.hotjar.com/legal/policies/cookie-information.

Further information on Hotjar’s compliance with data protection can be found here: https://www.hotjar.com/privacy/.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can revoke your consent at any time with effect for the future by going to Cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

10.3 Google Ads (formerly Google AdWords), remarketing and conversion tracking

We use the Google Ads service. Google Ads is an online advertising programme from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This means that we place Google Ads adverts and also use Google Remarketing and conversion tracking as part of this. The adverts are displayed after search queries on websites in the Google advertising network. We also use Ads remarketing lists for search ads. This allows us to customise search ad campaigns for users who have already visited our website. The services allow us to combine our adverts with certain search terms or to place adverts for previous visitors, e.g. advertising services that visitors have viewed on our website. We can therefore display interest-based adverts to users of our website on other websites within the Google advertising network (as a “Google advert” as part of Google search or on other websites).

An analysis of online user behaviour is necessary for interest-related offers. Google uses cookies to carry out this analysis. When you click on an advert or visit our website, Google places a cookie on the user’s computer. These cookies have a duration of 90 days. The information collected by the respective cookie is used to target the visitor in a subsequent search query. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in the privacy policy. With the help of this technology, Google and we as a customer receive information that a user has clicked on an advert and has been forwarded to our websites. The information obtained in this way is used exclusively for statistical analysis to optimise advertising. We do not receive any information with which visitors can be personally identified. Your IP address is transmitted to Google, but as we use Google’s IP masking function on this website as part of the use of Google Analytics, your IP address is anonymised. The statistics provided to us by Google include the total number of users who have clicked on one of our adverts and, if applicable, whether they were redirected to a page on our website with a conversion tag. Based on these statistics, we can track which search terms were clicked on our adverts particularly often and which adverts lead to the user making contact via the contact form.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=en

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by accessing the cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

If you do not want your visit to be included in the user statistics, you can prevent this by preventing the storage of the cookie required for these technologies, e.g. via your browser settings.

You also have the option of selecting the types of Google ads or deactivating interest-based ads on Google via the ad settings. Alternatively, you can deactivate the use of cookies by third-party providers by calling up the deactivation help of the network advertising initiative.

However, we and Google continue to receive statistical information on how many users have visited this site and when. If you do not wish to be included in these statistics either, you can prevent this with the help of additional programmes for your browser (e.g. with the add-on Ghostery) to prevent this.

10.4 Google Analytics

If you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of processing

Google Analytics uses cookies that enable your use of our website to be analysed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of “events”. Events can be

  • Page views
  • First visit to the website
  • Start of the session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • internal search queries
  • Interaction with videos
  • Viewed / clicked adverts

It is also recorded:

  • Your approximate location (region)
  • Your IP address (in abbreviated form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your internet provider
  • the referrer URL (via which website/advertising medium you came to this website)

On behalf of the operator of this website, Google will use this information to analyse your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

Recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities will access the data stored by Google.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can revoke your consent at any time with effect for the future by going to Cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

  1. not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to deactivate Google Analytics (see this link).

You can find more information on the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/gb/ and at https://policies.google.com/?hl=en.

10.5 Google Tag Manager

For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, record the impact of online advertising and social channels, set up remarketing and targeting and test and optimise websites. We use the Tag Manager for the Google Analytics service. If you have opted out, this opt-out will be taken into account by Google Tag Manager. For more information on Google Tag Manager, see: https://www.google.com/analytics/terms/tag-manager/.

10.6 Google Dynamic Remarketing

We use the marketing and remarketing services (“Google Marketing Services” for short) of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to optimise and operate our online offering. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google marketing services allow us to display adverts for our website in a more targeted manner in order to only show you adverts that potentially match your interests. If, for example, you are shown adverts for our services on other websites, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which Google marketing services are active, Google executes a Google code directly and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on your device (comparable technologies can also be used instead of cookies).

The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites you have visited, which content you are interested in and which offers you have clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. Your IP address is also recorded, whereby we inform you in the context of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there.

The IP address will not be merged with your data within other Google offers. Google may also combine the aforementioned information with such information from other sources. If you subsequently visit other websites, you may be shown adverts tailored to your interests.

We process your data pseudonymously as part of Google marketing services. This means that Google does not store and process your name or email address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google’s servers in the USA.

The Google marketing services we use include the online advertising programme “Google Ads” (formerly: “Google AdWords”). In the case of Google Ads, each Ads customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of Ads customers. The information collected with the help of the cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

We may also use the “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU data protection level.

Further information on the use of data for marketing purposes by Google can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by accessing the cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

10.7 LinkedIn Ads – Conversion Tracking (Pixel)

If you have given your consent, we use the online marketing tool LinkedIn Ads. The responsible service provider in the EU is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

For this purpose, we use the LinkedIn Campaign Manager to define target groups of users based on certain characteristics, who are subsequently shown adverts within the LinkedIn network. The users are selected by LinkedIn based on the profile information they provide and other data provided when using LinkedIn. If a user clicks on an advert and subsequently reaches our website, LinkedIn receives the information that the user has clicked on the advertising banner via the conversion tag integrated on our website.

The LinkedIn tag enables the recording of websites visited, including the URL, referrer ID, IP address, device and browser properties and timestamp. The IP addresses are truncated by LinkedIn or (in the case of cross-device use) hashed.

The LinkedIn pixel allows us to show personalised ads outside our website without identifying individual members. It also uses data that does not identify you to improve ad relevance and reach LinkedIn members across different devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers to the following link to customise advertising preferences: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.

We process this data in order to evaluate our advertising campaigns.

Further information about the purpose and scope of data collection and the further processing and use of the data by LinkedIn as well as your setting options to protect your privacy can also be found in LinkedIn’s privacy policy.

Further information on LinkedIn conversion tracking can be found at: https://business.linkedin.com/marketing-solutions/conversion-tracking.

Further information on data processing and storage duration can be found at https://www.linkedin.com/help/linkedin/answer/a427660/.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can revoke your consent at any time with effect for the future by going to Cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

10.8 Twitter Advertising Conversion Tracking (with Twitter Pixel)

We use the services of X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, on our website. The entity responsible for handling data subject rights within the EU/EEA is Twitter International Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

The service enables us to collect data from our website visitors about the use of our website. Cookies and code are used to connect the website to another third-party platform such as Twitter. A non-reversible and non-personalised checksum (hash value) is generated from your usage data and transmitted to Twitter for analysis and marketing purposes.

Twitter conversion tracking uses the so-called “Twitter pixel”, with the help of which the actions of users can be tracked after they have seen or clicked on a Twitter advert. User behaviour is recorded, e.g. websites visited, content accessed, time of visit, etc., but also device-related data such as applications and operating systems used. Your IP address is stored and used for the geographical targeting of advertising. With “cross-device personalisation”, Twitter also attempts to identify and link all of a user’s devices. As the data is stored and processed by Twitter, a connection to the respective user profile on twitter.com is also possible.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can revoke your consent at any time with effect for the future by going to Cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

The data may be transmitted to an X Corp. server in the USA in the course of processing.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The standard contractual clauses pursuant to Art. 46 (2) and (3) GDPR serve as the legal basis for the data transfer. These clauses oblige the provider to comply with the EU level of data protection when processing personal data outside the EU.

Data that makes it possible to identify a specific user on Twitter will be deleted within 90 days of receipt of the data. Further information on the duration of storage can be obtained from the provider or at https://legal.twitter.com/ads-terms/international.html.

Further information on the purpose and scope of data collection and the further processing and use of the data, as well as the privacy settings, can be found in Twitter’s privacy policy: https://twitter.com/privacy.

10.9 Facebook Custom Audiences (Meta Pixel)

As part of usage-based online advertising, we use the Custom Audiences service of Meta Platforms, Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”). For this purpose, we use the Facebook Ads Manager to define target groups of users based on certain characteristics, who are subsequently shown adverts within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through the use of Facebook. If a user clicks on an advert and subsequently reaches our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated on our website. In principle, a non-reversible and non-personalised checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behaviour, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising. We do not use Facebook Custom Audiences via the customer list or the “advanced matching” function.

Further information about the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your setting options for protecting your privacy, can be found in Facebook’s privacy policy. You can make settings regarding which adverts are displayed to you on Facebook via this link and in your Facebook account settings.

You can find more information about Facebook’s Custom Audiences service at
https://www.facebook.com/business/help/1711863145774142.

Further information on data processing and storage duration can be obtained from the provider or at https://www.facebook.com/about/privacy.

The “Facebook Custom Audiences” function can be deactivated for logged-in users at https://www.facebook.com/settings/?tab=ads#_.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU data protection level.

You can also prevent the storage of cookies altogether by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. Further options for deactivating cookies from third-party providers can be found at https://www.networkadvertising.org/managing/opt_out.asp or on the Digital Advertising Alliance opt-out platform at http://optout.aboutads.info/?c=2&lang=en.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by going to Cookie settings under “Privacy settings” in the menu in the footer and changing your selection there.

10.10 Microsoft Dynamics CRM

The “Microsoft Dynamics CRM” cookie from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, is used to carry out the registration for our newsletter. This cookie ensures that the registration process runs smoothly and securely. Personal data that is required to subscribe to the newsletter, such as your email address, is processed.

The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR and Section 25 para. 2 no. 2 TDDDG, whereby our legitimate interest lies in the efficient and secure administration of newsletter registrations.

The storage duration of the cookie corresponds to the duration required to complete the registration process and to ensure correct registration.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

Further information on data processing in connection with the Microsoft Dynamics CRM cookie can be found at: https://learn.microsoft.com/en-us/dynamics365/customer-insights/journeys/cookies#list-of-outbound-marketing-cookies.

11. Contact

When you contact us by email or via a contact form, the data you provide (your email address, possibly your name and telephone number) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. If we request information via our contact form that is not required for contacting you, we have always labelled this as optional. We use this information to specify your enquiry and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. If this involves information on communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your enquiry. You can of course revoke this consent at any time for the future.

Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required for the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.

As the data controller, our company has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service.

12. Registration for events and inclusion in the data processing programme

We use forms, for example, to register for our events or to organise services for journalists. We also use the data you enter in the forms, as well as corresponding data that we receive from you by telephone, to confirm your registration and to organise the respective event or service on the basis of Art. 6 para. 1 lit. a GDPR. This also applies to corresponding data that we receive in the case of telephone registrations.

In addition, we record the data of visitors who have registered for one of our events in a customer management system. In the customer management system, we also record data from journalists and authors who have contacted us via other channels (e.g. by email and/or telephone or in conversations at events) or whose contact details are publicly available. We also collect data from participants in the Federal President’s History Competition. We also record the data of those who order our publications in a data processing programme for publishers. This data is stored to enable us to maintain relationships with our visitors, competition participants and other interested parties. This is our legitimate interest. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR.

13. Participation in online surveys

If you take part in one of our online surveys, the answers you provide as well as your IP address and a randomly generated participant ID will be transmitted to Verian (formerly Kantar), the opinion research company commissioned by us to conduct the survey, and processed there. It is not usually necessary for you to provide personal details, in particular your name, in order to participate. Verian processes the information provided in the surveys on our behalf for the purposes of social research as part of our foundation work and subsequently provides us with so-called aggregated analyses, i.e. purely statistical data without any personal reference. Verian stores the data for up to one year after the end of the respective survey. The legal basis for the processing of your data is your consent, Art. 6 para. 1 lit. a GDPR.

13.1 Microsoft Forms

We use Microsoft Forms, an application from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to create online surveys.

Microsoft Forms is a versatile survey tool that is used to create and evaluate online surveys and to conduct quizzes. The data you provide in the survey is transmitted to us via Microsoft Forms and evaluated by us.

According to Microsoft, the data from Microsoft Forms is stored on servers in Europe, in particular in the Netherlands (Evert van de Beekstraat 354, 1118 CZ Schiphol, Netherlands) and Ireland (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland). The data from Microsoft Forms is encrypted both when it is at rest and when it is transmitted. Unfortunately, Microsoft does not provide any more detailed information on the type of encryption. Insofar as personal data is processed by Microsoft in the USA, we refer to the EU standard contractual clauses (EU SCC) within the Microsoft group.

In addition, Microsoft processes usage and metadata that is used for security purposes and to optimize the service. When you use the website, Microsoft may store cookies on your computer, e.g. for the purposes of web analytics or to maintain user settings.

We use this Microsoft cloud service on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR to ensure that surveys are carried out and evaluated efficiently and securely and to continuously improve our services. In addition, we have concluded an agreement with Microsoft on order processing.

For more information, please refer to Microsoft’s privacy statement. You can object to the processing of your data in the Microsoft cloud in accordance with the legal requirements. The data we receive via Microsoft Forms will be deleted after 3 years; the data on the Microsoft servers will be deleted in accordance with Microsoft’s regulations.

14. Applications

You can apply to our foundation electronically, e.g. via our application tool or by e-mail. Please note that e-mails sent unencrypted are not protected against unauthorised access. Below we inform you about the processing of personal data as part of the application process for a position at Körber-Stiftung.

14.1 Data collection

In the course of your application, we will process the application data listed below:

  • First name, surname
  • Telephone number (private or mobile)
  • E-mail address
  • Application documents (cover letter, CV, references, certificates, etc.)

14.2 Purpose of data collection and legal basis

We process the data that you have sent us in connection with your application to fill vacancies within our company. Your data will only be forwarded to the persons and departments responsible for the application process. Your application data will not be used for any other purpose or passed on to third parties.

The application data may be processed for statistical purposes (e.g. reporting). It is not possible to draw conclusions about individual persons.

According to Section 26 BDSG, the processing of personal data required in connection with the decision to establish an employment relationship is permitted. Should the data be required for legal prosecution after completion of the application process, data processing may be carried out in accordance with Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest then lies, for example, in the assertion or defence of claims.

Finally, we process your data for further application procedures and for forwarding your application within the Foundation if you have given us your consent to do so. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

14.3 Retention period of the applicant data

Your application data will be deleted six months after completion of the application process. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.

14.4 Storage for future jobs

If you agree to the storage of your application data beyond the current vacancy, we will continue to store your application data for future vacancies. In this case, we will delete your data after 24 months.

14.5 Place of data processing

The processing of your data takes place in the Federal Republic of Germany and in a member state of the European Union (EU). We have concluded a contract (Data Processing Addendum) with our subcontractor AWS, which ensures that the data processing is carried out in a permissible manner.

14.6 Cookies on the job portal server

As part of the applicant management function in HRworks, three essential cookies are set on the job portal server when the function is used.

The HrwJobApplicationmanagementSession cookie represents the session of the person currently on the job portal. This is necessary for operation, as the users of the session can be differentiated accordingly.

In addition, there are two AWS cookies (AWSALB and AWSALBCORS), which are required on the one hand to assign any information to the correct instance of the server. Furthermore, they are necessary for uploading the application documents so that this process can be guaranteed smoothly for the applicants.

The legal basis for the processing of your data for the provision of our website and services is Art. 6 para. 1 sentence 1 lit. f) GDPR and Section 25 para. 2 no. 2 TDDDG. We have a legitimate interest in processing your data so that we can offer you the application portal and the services provided via it in a technically flawless, secure manner and optimised for your and our needs.

15. Data deletion

In general, we delete or anonymise your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. Specific information on the retention and deletion of personal data in the previous sections remains unaffected.

Unless this privacy policy contains other, deviating provisions regarding the storage of data, the data collected by us will be stored by us for as long as it is required for the aforementioned purposes for which it was collected.

16. LinkedIn foundation presence

When you visit our LinkedIn company page, we are jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/help/linkedin/solve) for the processing of your personal data.

We operate our LinkedIn page for information and communication with you as a user and interested party of our offer or as a potential employee/applicant. In accordance with LinkedIn’s terms of use, which every user has agreed to when creating a LinkedIn profile, we can identify subscribers to the page and view their profiles and other information shared by them. For example, your LinkedIn name and profile picture are visible to us (and other LinkedIn users) when you visit our site or comment on our posts. We therefore only collect the personal data that has obviously become part of our LinkedIn page through your involvement. We have no interest in collecting and further processing your individual personal data for marketing purposes. Accordingly, we only use the data to customise and improve our offering.

LinkedIn uses cookies to store and further process this information, i.e. small text files that are stored on the user’s various end devices. According to LinkedIn, the cookies used by LinkedIn are used for authentication, security, preferences, functions and services, personalised advertising, analysis and research. You can view details of the cookies used by LinkedIn here: https://www.linkedin.com/legal/cookie-policy?

LinkedIn’s privacy policy contains further information on data processing.

The operation of the LinkedIn page, including the processing of users’ personal data, is based on Art. 6 para. 1 lit. f) GDPR for the realisation of our legitimate interests in an information and interaction opportunity via LinkedIn for and with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 lit. a), b), c) GDPR.

We delete personal data if the purpose of the data processing has been achieved and there are no other legal reasons against deletion of the data.

17. Facebook Fanpage

General information

Social media has become an integral part of the internet and modern communication. In order to stay in contact with our customers and interested parties, we have also set up our own fan page on Facebook. Facebook is a service provided by Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”).

We expressly draw your attention to the fact that Facebook stores the data (e.g. IP address, preferences and personal interests, behaviour on Facebook pages, any personal information stored on Facebook, etc.) of users and uses it for business purposes.
We have no influence on the processing and further use of this data, as Facebook alone determines the processing. The extent to which, where and for how long the data is stored, the extent to which the data is linked and analysed and to whom the data is passed on is currently not clear to us. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are adhered to.
Information from Facebook itself about what information is collected can be found in Facebook’s privacy policy, which can be viewed here: https://www.facebook.com/about/privacy/
If you are a Facebook member and logged into your Facebook user account, Facebook can associate your visit to our site with your user account. If you would like to prevent Facebook from linking data about your visit to our fan page with your member data stored on Facebook, you must

  • log out of Facebook before each visit to our fan page
  • delete the cookies stored on your device
  • and close and restart your browser.

In this way, according to Facebook, all information by which you can be identified by Facebook is deleted.

Scope of data collection and storage

You do not need to be a Facebook member to view the content on our Facebook fan page. However, data is collected, stored and used by Facebook every time you visit our page. The moment you visit our fan page, your browser establishes a connection with a Facebook server. Data may be transferred to countries outside the European Union. In any case, regardless of whether you are registered with Facebook or not, your IP address will be transmitted and cookies will be set. If you are a Facebook member and logged into your Facebook user account, Facebook can associate your visit to our site with your user account.

The cookies used include session cookies, which are deleted when the browser is closed, and persistent cookies, which remain on the end device until they expire or are deleted by the user. A cookie is a tiny text file that enables a website to recognise a browser. Cookies are stored on the computer when a website is accessed and are retrieved and read the next time the web server is accessed. You can use your browser settings to decide whether and which cookies you want to allow, block or delete. You can find instructions for various browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers, such as Ghostery.

According to Facebook, the cookies used by Facebook are used for authentication, security, website and product integrity, advertising and measurement, website functions and services, performance, analysis and research. Details on the cookies used by Facebook (e.g. names of cookies, duration of function, content recorded and purpose) can be viewed here: https://www.facebook.com/policies/cookies/ by following the links provided there. You can make settings regarding which adverts you want to be shown or no longer shown by Facebook at https://www.facebook.com/about/basics/advertising and at http://www.youronlinechoices.com.
You can manage your preferences regarding usage-based online advertising under the aforementioned link. If you object to usage-based online advertising with a specific provider using the preference manager, this only applies to the specific business data collection via the web browser you are currently using. Preference management is cookie-based. If you delete all browser cookies, the preferences you have set with the preference manager will also be removed.

Data and its intended use

  • User interactions (postings, likes, etc.): User communication; legal basis Art. 6 para. 1 lit. f) GDPR

  • Facebook cookies: Target group advertising; legal basis Art. 6 para. 1 lit. a) GDPR

  • Demographic data (e.g. based on age, place of residence, language or gender): Target group advertising; legal basis Art. 6 para. 1 lit. f) GDPR

  • Statistical data on user interactions in aggregated form, i.e. without personal reference for us (e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day): Target group advertising; legal basis Art. 6 para. 1 lit. f) GDPR

Automated decision-making including profiling in accordance with Art. 22 GDPR does not take place.

We generally only store personal data until the respective purpose for which the data was collected has been achieved. In the context of a business relationship with you, we store your personal data for as long as the business relationship lasts; this also includes the initiation and fulfilment of a contract and the regular limitation period. In addition, we store the data if and insofar as we are subject to statutory retention obligations. Such obligations may arise, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO).
If you have given us your consent for a processing operation, the data associated with the granting of consent will be stored until revoked or at the latest for the duration of the processing operation and after termination of the same within the scope of the statute of limitations.

Facebook Insights

We use the Facebook Insights function for statistical analysis purposes. In this context, we receive anonymised data on the users of our Facebook fan page. It is not possible for us to draw any conclusions about you personally. For further information, please refer to Facebook’s cookie policy.

Disclosure and use of personal data

If you interact with Facebook, Facebook will of course also have access to your data. Facebook is located in an insecure third country where the level of data protection is lower. The data transfer is based on the so-called standard data protection clauses. You can find more information on this HERE.

Legal bases

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing. We consider our legitimate interest in data processing to be the presentation of our company and our products and services for your information and, in particular, the provision of up-to-date communication options for and with you.

Joint controller for the processing

Körber-Stiftung
Kehrwieder 12
20457 Hamburg

and

Meta Platforms Ireland Limited
4 Grand Canal Square, Grand Canal Harbour,
D2 Dublin
Ireland

According to the European Court of Justice (ECJ), we are jointly responsible with Facebook for the processing of your personal data. You can find the ECJ’s decision of 5 June 2018 here.

Due to the joint responsibility, we inform you with regard to Art. 26 GDPR about the essentials of the existing agreement on joint responsibility between us and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

18. Changes to this privacy policy

The further development of the Internet and our website may also affect the handling of personal data. We therefore reserve the right to amend this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We therefore recommend that you visit our website from time to time to take note of any updates to our privacy policy.

19. Your rights

We will be happy to provide you with information as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements.

You have the right to object to the processing under the legal requirements (Art. 21 GDPR).

To exercise your above rights, please contact us by e-mail at info@koerber-stiftung.de or by post at Körber-Stiftung, Kehrwieder 12, 20457 Hamburg. The exercise of your above rights is free of charge for you.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).

The following data protection authority is responsible for Körber-Stiftung:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit,
Ludwig-Erhard-Str 22, 7th floor
20459 Hamburg
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
E-Mail: mailbox@datenschutz.hamburg.de

This privacy policy has been machine translated.

Status of this privacy policy: 22 August 2024