Data protection information

The protection of your personal data is an important concern for Körber-Stiftung. We observe the legal regulations on data protection and data security.

Below you will find information about what personal data we collect when you use our website at www.koerber-stiftung.de (“website”) and utilise the services and functions it contains, and how we use this data and for what purposes. In addition, we will inform you of the legal basis for the processing of your data and, if processing is necessary to protect our legitimate interests, of our legitimate interests. If you have any further questions about the handling of your personal data, please contact our data protection officer.

  1. Person responsible
  2. Contact the responsible data protection officer
  3. Legal basis for data processing
  4. Data security
  5. Data transmission
  6. Calling up our website
  7. Newsletter
  8. Orders
  9. Interaction with social networks and integration of third-party content
  10. What are cookies?
  11. Contact
  12. Registration for events and inclusion in data processing programme
  13. Participation in online surveys
  14. Applications
  15. Data deletion
  16. LinkedIn foundation presence
  17. Facebook Fanpage
  18. Changes to this privacy policy
  19. Your rights

1. Person responsible

Körber-Stiftung, Kehrwieder 12, 20457 Hamburg, Germany, telephone 040 / 80 81 92 0, info@koerber-stiftung.de (“Körber-Stiftung”, “we” or “us”) is responsible for processing your data through the website.

2. Contact the responsible data protection officer

You can contact our data protection officer at info@koerber-stiftung.de or by post at

Justus Brandt
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
www.intersoft-consulting.de

3. Legal basis for data processing

According to Art. 13 para. 1 lit. c) GDPR, we must also inform you about the legal bases for data processing on our website and the purposes of the respective data processing. The data processing on our website is authorised by two different legal bases in addition to the provision of consent:

If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (or § 25 para. 1 TDDDG).

According to Art. 6 para. 1 sentence 1 lit. b GDPR, data processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Insofar as processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

According to Art. 6 para. 1 sentence 1 lit. f GDPR (or § 25 para. 2 no. 2 TDDDG), data processing is also lawful if it is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child.

In the following, we refer to these two legal bases for the relevant data processing.

4. Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.

5. Data transmission

Your personal data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary to fulfil the contractual relationship, or you have previously expressly consented to the transfer of your data.

External service providers and partner companies such as online payment provider or a shipping company commissioned with the delivery will only receive your data if this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure that they comply with the provisions of the data protection laws in the same way within the framework of order processing in accordance with Art. 28 GDPR. Please also note the data protection notices of the respective providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.

6. Calling up our website

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via a contact form), we collect the following technical information (log file data):

  • Operating system of the device you use to visit our website
  • Browser (type, version & language settings
  • the amount of data retrieved
  • the anonymised IP address of the device you use to visit our website
  • Date and time of access
  • the URL of the previously visited website (referrer)
  • the URL of the (sub)page that you call up on the website

The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We and our service provider regularly do not know who is behind an IP address. We do not merge the data listed above with other data.

To ensure the error-free operation of our web server and to guarantee server security, your IP address is processed by our server service provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The IP address is anonymised after collection.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR or § 25 para. 2 no. 2 TDDDG. Since the collection of data for the provision of the website and storage in log files is absolutely necessary for the operation of the website and for protection against misuse, our legitimate interest in data processing prevails at this point.

7. Newsletter

7.1 General information

You can subscribe to various newsletters on some of our websites, which we use to inform you about the activities of our foundation, current information about special offers, promotions and events, depending on your selection . The content of the individual newsletters is briefly described during the registration process. The legal basis for sending the respective newsletter is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 7 para. 2 no. 3 GDPR. § Section 7 para. 2 no. 3 UWG or the legal authorisation pursuant to Section 7 para. 3 UWG.

We use the so-called double opt-in procedure to subscribe to our newsletters. This means that after you have registered, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted .

The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary: this data is used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter and until cancellation. We also store your current IP address at the time of registration, the time of registration and the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest in accordance with Art. 6 Para. 1 S.1 lit. f GDPR in the proof of a previously given consent, see also Art. 7 Para. 1 GDPR.

You can revoke your consent to the sending of a respective newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter email or by sending an email to info@koerber-stiftung.de.

7.2 Newsletter Tracking

We would like to point out that we evaluate your user behaviour when sending the newsletter in order to determine whether and when the newsletter was opened. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are stored on our server and are loaded when the newsletter is opened. Technical information such as browser type, time of opening and IP address are transmitted. For the analyses, we link the aforementioned data and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID and enable us to analyse your click behaviour.

We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and infer your personal interests from this. The legal basis for this data processing is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future. In this case, the cancellation includes the respective newsletter subscription, as a separate cancellation of the tracking is unfortunately not technically possible. To do so, simply click on the unsubscribe link provided in every email .

Such tracking is only possible to a limited extent if you have deactivated the display of images in your email programme by default . However, clicking on links will still be recorded. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

The information from the tracking is stored for as long as you have subscribed to the newsletter.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

8. Orders

When you place an online order on our website (e.g. books, flyers or brochures), we collect the data required for the conclusion of the contract. The data is stored for the duration of the contract and in accordance with legal obligations. If necessary for processing the order, we will forward your address data to a shipping service provider. The legal basis is the conclusion and fulfilment of a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

We use various payment service providers for payment processing, which are always labelled and accept your entries. These are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the use of payment service providers is also contract processing in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

9. Interaction with social networks and integration of third-party content

We have integrated third-party content in some places on our website. This includes videos, map services, images or fonts. A more detailed description of who we embed content from and how your data is processed can be found below in the respective description of the embedded content.

9.1 YouTube

We use the services of YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the controller responsible for your data.

If you have not given your consent as part of the Consent Manager, you have the option of giving it later as part of the so-called “2-click procedure”. If you access a page in which a YouTube video is embedded, a connection to the YouTube servers is only established when you click on the button to confirm. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

Further information on data protection from YouTube is provided by Google at the following link: https://policies.google.com/privacy?hl=en.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by accessing Cookie settings under “Privacy settings” in the menu in the sidebar and changing your selection there.

9.2 Vimeo

We use services from “Vimeo” (Vimeo LLC, 555 West 18th Street, New York 10011, USA) on our website.

If you have not given your consent as part of the Consent Manager, you have the option of giving it later as part of the so-called “2-click procedure”. If you access a page in which a Vimeo video is embedded, a connection to the Vimeo servers will only be established when you click on the button to confirm. In this case, Vimeo will set cookies and use your visit data for its own purposes. If you are logged in to Vimeo at this time, the information about the videos you have viewed will be assigned to your Vimeo member account. You can prevent this by logging out of your member account before visiting our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The standard contractual clauses pursuant to Art. 46 (2) and (3) GDPR serve as the legal basis for the data transfer. These clauses oblige the provider to comply with the EU level of data protection when processing personal data outside the EU.

Further information on this can be found in Vimeo’s privacy policy at https://vimeo.com/privacy.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by accessing Cookie settings under “Privacy settings” in the menu in the sidebar and changing your selection there.

9.3 Podigee

We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.

Podigee processes IP addresses and device information in order to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee’s database, unless it is required for the provision of the podcasts.

Further information can be found in Podigee’s privacy policy: https://www.podigee.com/en/about/privacy.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by visiting and changing your selection in the cookie settings under “Privacy settings” in the menu in the sidebar.

9.4 Google Maps

This site uses the map service Google Maps. Google Maps is a map service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

To use the functions of Google Maps, information, including the IP address and the address entered as part of the route function, may be transmitted to the provider’s servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection with Google’s servers, whereby the map content is sent to your browser and integrated by it. We have no influence on this data transfer. As far as we are currently aware, this includes the following data:

  • Date and time of the visit to the website in question,
  • Internet address or URL of the website accessed,
  • IP address, (start) address entered during route planning

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. If you do not wish Google to process data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case you will not be able to use the interactive map function of Google Maps.

If you have not given your consent as part of the Consent Manager, you have the option of giving it later using the so-called “2-click procedure”. When you access a page in which Google Maps is embedded, a connection to the Google servers is only established when you click on the button to confirm. In this case, Google will set cookies and use your visit data for its own purposes. If you are logged in to Google at this time, the information about the videos you have viewed will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR or § 25 Para. 1 TDDDG. You can revoke your consent at any time with effect for the future by calling up the cookie settings under “Data protection settings” in the menu in the margin of the page and changing your selection there.

10. What are cookies?

Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the organisation that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognise preferences and target content according to areas of interest.

There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only this website is authorised to read information from these cookies. Third-party cookies are set by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR or Section 25 para. 2 no. 2 TDDDG. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionalities, to measure reach and – with your consent – to tailor our services to your preferred areas of interest.

You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do this via the settings in your Internet browser. You can find instructions for common browsers here: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge Browser, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Consent with Usercentrics

This website uses Usercentrics’ consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).

When you enter our website, the following personal data is transmitted to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

10.1 Matomo Analytics

With your consent, we use the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information obtained about website usage is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website. The data collected is not passed on to third parties.

The IP addresses are anonymized (IP masking) so that they cannot be assigned to individual users.

The data is processed on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. In doing so, we are pursuing our legitimate interest in optimizing our website for our external presentation.

You can withdraw your consent at any time by deleting the cookies in your browser or changing your privacy settings (see bottom of this webpage).

Further information on Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/

10.2 Microsoft Dynamics CRM

The “Microsoft Dynamics CRM” cookie from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, is used to carry out the registration for our newsletter. This cookie ensures that the registration process runs smoothly and securely. Personal data that is required to subscribe to the newsletter, such as your email address, is processed.

The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR and Section 25 para. 2 no. 2 TDDDG, whereby our legitimate interest lies in the efficient and secure administration of newsletter registrations.

The storage duration of the cookie corresponds to the duration required to complete the registration process and to ensure correct registration.

Your data may be processed in the USA and transferred there, i.e. to a third country outside the European Union (EU) or the European Economic Area (EEA). The legal basis for the data transfer is the adequacy decision with the USA pursuant to Art. 45 para. 1 GDPR based on the EU-US Data Privacy Framework. The provider has certified itself in accordance with the EU-US Data Privacy Framework and is therefore obliged to comply with the EU level of data protection.

Further information on data processing in connection with the Microsoft Dynamics CRM cookie can be found at: https://learn.microsoft.com/en-us/dynamics365/customer-insights/journeys/cookies#list-of-outbound-marketing-cookies.

11. Contact

When you contact us by email or via a contact form, the data you provide (your email address, possibly your name and telephone number) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. If we request information via our contact form that is not required for contacting you, we have always labelled this as optional. We use this information to specify your enquiry and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. If this involves information on communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your enquiry. You can of course revoke this consent at any time for the future.

Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required for the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.

As the data controller, our company has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service.

12. Registration for events and inclusion in the data processing programme

We use forms, for example, to register for our events or to organise services for journalists. We also use the data you enter in the forms, as well as corresponding data that we receive from you by telephone, to confirm your registration and to organise the respective event or service on the basis of Art. 6 para. 1 lit. a GDPR. This also applies to corresponding data that we receive in the case of telephone registrations.

In addition, we record the data of visitors who have registered for one of our events in a customer management system. In the customer management system, we also record data from journalists and authors who have contacted us via other channels (e.g. by email and/or telephone or in conversations at events) or whose contact details are publicly available. We also collect data from participants in the Federal President’s History Competition. We also record the data of those who order our publications in a data processing programme for publishers. This data is stored to enable us to maintain relationships with our visitors, competition participants and other interested parties. This is our legitimate interest. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR.

13. Participation in online surveys

If you take part in one of our online surveys, the answers you provide as well as your IP address and a randomly generated participant ID will be transmitted to Verian (formerly Kantar), the opinion research company commissioned by us to conduct the survey, and processed there. It is not usually necessary for you to provide personal details, in particular your name, in order to participate. Verian processes the information provided in the surveys on our behalf for the purposes of social research as part of our foundation work and subsequently provides us with so-called aggregated analyses, i.e. purely statistical data without any personal reference. Verian stores the data for up to one year after the end of the respective survey. The legal basis for the processing of your data is your consent, Art. 6 para. 1 lit. a GDPR.

13.1 Microsoft Forms

We use Microsoft Forms, an application from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to create online surveys.

Microsoft Forms is a versatile survey tool that is used to create and evaluate online surveys and to conduct quizzes. The data you provide in the survey is transmitted to us via Microsoft Forms and evaluated by us.

According to Microsoft, the data from Microsoft Forms is stored on servers in Europe, in particular in the Netherlands (Evert van de Beekstraat 354, 1118 CZ Schiphol, Netherlands) and Ireland (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland). The data from Microsoft Forms is encrypted both when it is at rest and when it is transmitted. Unfortunately, Microsoft does not provide any more detailed information on the type of encryption. Insofar as personal data is processed by Microsoft in the USA, we refer to the EU standard contractual clauses (EU SCC) within the Microsoft group.

In addition, Microsoft processes usage and metadata that is used for security purposes and to optimize the service. When you use the website, Microsoft may store cookies on your computer, e.g. for the purposes of web analytics or to maintain user settings.

We use this Microsoft cloud service on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR to ensure that surveys are carried out and evaluated efficiently and securely and to continuously improve our services. In addition, we have concluded an agreement with Microsoft on order processing.

For more information, please refer to Microsoft’s privacy statement. You can object to the processing of your data in the Microsoft cloud in accordance with the legal requirements. The data we receive via Microsoft Forms will be deleted after 3 years; the data on the Microsoft servers will be deleted in accordance with Microsoft’s regulations.

14. Applications

You can apply to our foundation electronically, e.g. via our application tool or by e-mail. Please note that e-mails sent unencrypted are not protected against unauthorised access. Below we inform you about the processing of personal data as part of the application process for a position at Körber-Stiftung.

14.1 Data collection

In the course of your application, we will process the application data listed below:

  • First name, surname
  • Telephone number (private or mobile)
  • E-mail address
  • Application documents (cover letter, CV, references, certificates, etc.)

14.2 Purpose of data collection and legal basis

We process the data that you have sent us in connection with your application to fill vacancies within our company. Your data will only be forwarded to the persons and departments responsible for the application process. Your application data will not be used for any other purpose or passed on to third parties.

The application data may be processed for statistical purposes (e.g. reporting). It is not possible to draw conclusions about individual persons.

According to Section 26 BDSG, the processing of personal data required in connection with the decision to establish an employment relationship is permitted. Should the data be required for legal prosecution after completion of the application process, data processing may be carried out in accordance with Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest then lies, for example, in the assertion or defence of claims.

Finally, we process your data for further application procedures and for forwarding your application within the Foundation if you have given us your consent to do so. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

14.3 Retention period of the applicant data

Your application data will be deleted six months after completion of the application process. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.

14.4 Storage for future jobs

If you agree to the storage of your application data beyond the current vacancy, we will continue to store your application data for future vacancies. In this case, we will delete your data after 24 months.

14.5 Place of data processing

The processing of your data takes place in the Federal Republic of Germany and in a member state of the European Union (EU). We have concluded a contract (Data Processing Addendum) with our subcontractor AWS, which ensures that the data processing is carried out in a permissible manner.

14.6 Cookies on the job portal server

As part of the applicant management function in HRworks, three essential cookies are set on the job portal server when the function is used.

The HrwJobApplicationmanagementSession cookie represents the session of the person currently on the job portal. This is necessary for operation, as the users of the session can be differentiated accordingly.

In addition, there are two AWS cookies (AWSALB and AWSALBCORS), which are required on the one hand to assign any information to the correct instance of the server. Furthermore, they are necessary for uploading the application documents so that this process can be guaranteed smoothly for the applicants.

The legal basis for the processing of your data for the provision of our website and services is Art. 6 para. 1 sentence 1 lit. f) GDPR and Section 25 para. 2 no. 2 TDDDG. We have a legitimate interest in processing your data so that we can offer you the application portal and the services provided via it in a technically flawless, secure manner and optimised for your and our needs.

15. Data deletion

In general, we delete or anonymise your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. Specific information on the retention and deletion of personal data in the previous sections remains unaffected.

Unless this privacy policy contains other, deviating provisions regarding the storage of data, the data collected by us will be stored by us for as long as it is required for the aforementioned purposes for which it was collected.

16. LinkedIn foundation presence

When you visit our LinkedIn company page, we are jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/help/linkedin/solve) for the processing of your personal data.

We operate our LinkedIn page for information and communication with you as a user and interested party of our offer or as a potential employee/applicant. In accordance with LinkedIn’s terms of use, which every user has agreed to when creating a LinkedIn profile, we can identify subscribers to the page and view their profiles and other information shared by them. For example, your LinkedIn name and profile picture are visible to us (and other LinkedIn users) when you visit our site or comment on our posts. We therefore only collect the personal data that has obviously become part of our LinkedIn page through your involvement. We have no interest in collecting and further processing your individual personal data for marketing purposes. Accordingly, we only use the data to customise and improve our offering.

LinkedIn uses cookies to store and further process this information, i.e. small text files that are stored on the user’s various end devices. According to LinkedIn, the cookies used by LinkedIn are used for authentication, security, preferences, functions and services, personalised advertising, analysis and research. You can view details of the cookies used by LinkedIn here: https://www.linkedin.com/legal/cookie-policy?

LinkedIn’s privacy policy contains further information on data processing.

The operation of the LinkedIn page, including the processing of users’ personal data, is based on Art. 6 para. 1 lit. f) GDPR for the realisation of our legitimate interests in an information and interaction opportunity via LinkedIn for and with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 lit. a), b), c) GDPR.

We delete personal data if the purpose of the data processing has been achieved and there are no other legal reasons against deletion of the data.

17. Facebook Fanpage

General information

Social media has become an integral part of the internet and modern communication. In order to stay in contact with our customers and interested parties, we have also set up our own fan page on Facebook. Facebook is a service provided by Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”).

We expressly draw your attention to the fact that Facebook stores the data (e.g. IP address, preferences and personal interests, behaviour on Facebook pages, any personal information stored on Facebook, etc.) of users and uses it for business purposes.
We have no influence on the processing and further use of this data, as Facebook alone determines the processing. The extent to which, where and for how long the data is stored, the extent to which the data is linked and analysed and to whom the data is passed on is currently not clear to us. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are adhered to.
Information from Facebook itself about what information is collected can be found in Facebook’s privacy policy, which can be viewed here: https://www.facebook.com/about/privacy/
If you are a Facebook member and logged into your Facebook user account, Facebook can associate your visit to our site with your user account. If you would like to prevent Facebook from linking data about your visit to our fan page with your member data stored on Facebook, you must

  • log out of Facebook before each visit to our fan page
  • delete the cookies stored on your device
  • and close and restart your browser.

In this way, according to Facebook, all information by which you can be identified by Facebook is deleted.

Scope of data collection and storage

You do not need to be a Facebook member to view the content on our Facebook fan page. However, data is collected, stored and used by Facebook every time you visit our page. The moment you visit our fan page, your browser establishes a connection with a Facebook server. Data may be transferred to countries outside the European Union. In any case, regardless of whether you are registered with Facebook or not, your IP address will be transmitted and cookies will be set. If you are a Facebook member and logged into your Facebook user account, Facebook can associate your visit to our site with your user account.

The cookies used include session cookies, which are deleted when the browser is closed, and persistent cookies, which remain on the end device until they expire or are deleted by the user. A cookie is a tiny text file that enables a website to recognise a browser. Cookies are stored on the computer when a website is accessed and are retrieved and read the next time the web server is accessed. You can use your browser settings to decide whether and which cookies you want to allow, block or delete. You can find instructions for various browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers, such as Ghostery.

According to Facebook, the cookies used by Facebook are used for authentication, security, website and product integrity, advertising and measurement, website functions and services, performance, analysis and research. Details on the cookies used by Facebook (e.g. names of cookies, duration of function, content recorded and purpose) can be viewed here: https://www.facebook.com/policies/cookies/ by following the links provided there. You can make settings regarding which adverts you want to be shown or no longer shown by Facebook at https://www.facebook.com/about/basics/advertising and at http://www.youronlinechoices.com.
You can manage your preferences regarding usage-based online advertising under the aforementioned link. If you object to usage-based online advertising with a specific provider using the preference manager, this only applies to the specific business data collection via the web browser you are currently using. Preference management is cookie-based. If you delete all browser cookies, the preferences you have set with the preference manager will also be removed.

Data and its intended use

  • User interactions (postings, likes, etc.): User communication; legal basis Art. 6 para. 1 lit. f) GDPR

  • Facebook cookies: Target group advertising; legal basis Art. 6 para. 1 lit. a) GDPR

  • Demographic data (e.g. based on age, place of residence, language or gender): Target group advertising; legal basis Art. 6 para. 1 lit. f) GDPR

  • Statistical data on user interactions in aggregated form, i.e. without personal reference for us (e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day): Target group advertising; legal basis Art. 6 para. 1 lit. f) GDPR

Automated decision-making including profiling in accordance with Art. 22 GDPR does not take place.

We generally only store personal data until the respective purpose for which the data was collected has been achieved. In the context of a business relationship with you, we store your personal data for as long as the business relationship lasts; this also includes the initiation and fulfilment of a contract and the regular limitation period. In addition, we store the data if and insofar as we are subject to statutory retention obligations. Such obligations may arise, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO).
If you have given us your consent for a processing operation, the data associated with the granting of consent will be stored until revoked or at the latest for the duration of the processing operation and after termination of the same within the scope of the statute of limitations.

Facebook Insights

We use the Facebook Insights function for statistical analysis purposes. In this context, we receive anonymised data on the users of our Facebook fan page. It is not possible for us to draw any conclusions about you personally. For further information, please refer to Facebook’s cookie policy.

Disclosure and use of personal data

If you interact with Facebook, Facebook will of course also have access to your data. Facebook is located in an insecure third country where the level of data protection is lower. The data transfer is based on the so-called standard data protection clauses. You can find more information on this HERE.

Legal bases

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing. We consider our legitimate interest in data processing to be the presentation of our company and our products and services for your information and, in particular, the provision of up-to-date communication options for and with you.

Joint controller for the processing

Körber-Stiftung
Kehrwieder 12
20457 Hamburg

and

Meta Platforms Ireland Limited
4 Grand Canal Square, Grand Canal Harbour,
D2 Dublin
Ireland

According to the European Court of Justice (ECJ), we are jointly responsible with Facebook for the processing of your personal data. You can find the ECJ’s decision of 5 June 2018 here.

Due to the joint responsibility, we inform you with regard to Art. 26 GDPR about the essentials of the existing agreement on joint responsibility between us and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

18. Changes to this privacy policy

The further development of the Internet and our website may also affect the handling of personal data. We therefore reserve the right to amend this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We therefore recommend that you visit our website from time to time to take note of any updates to our privacy policy.

19. Your rights

We will be happy to provide you with information as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements.

You have the right to object to the processing under the legal requirements (Art. 21 GDPR).

To exercise your above rights, please contact us by e-mail at info@koerber-stiftung.de or by post at Körber-Stiftung, Kehrwieder 12, 20457 Hamburg. The exercise of your above rights is free of charge for you.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).

The following data protection authority is responsible for Körber-Stiftung:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit,
Ludwig-Erhard-Str 22, 7th floor
20459 Hamburg
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
E-Mail: mailbox@datenschutz.hamburg.de

This privacy policy has been machine translated.

Status of this privacy policy: 3 April 2025