Privacy Statement

In the following, we would like to inform you about the processing of personal data by the Christian Liebig Foundation e.V. in accordance with the legal requirements – especially the EU Data Protection Regulation (DSGVO).

Important terms

I. General information
  1. Important terms
  2. Scope of validity
  3. Responsible Entity
  4. Data Protection Officer
II. The data processing in detail
  1. About our data processing
    1.1. No obligation to provide personal information, and consequences of not doing so
    1.2. Consent
    1.3. Forwarding personal data to third-party countries
    1.4. Hosting by external service providers
    1.5. Forwarding to state authorities
    1.6. Storage duration
    1.7. How long cookies work
    1.8. Names of data categories
  2. Using our Services
    2.1. Purposes of the data processing, legal basis, justified interests, storage duration
    2.2. Recipients of the personal data
  3. Donating using the donation form
    3.1. Purposes of the data processing, legal basis, justified interests, storage duration
    3.2. Recipients of the personal data
  4. Newsletter subscriptions
    4.1. Purposes of the data processing, legal basis, justified interests, storage duration
    4.2. Recipients of the personal data
  5. Sale of the Christian Liebig Stiftung notice book
    5.1. Purposes of the data processing, legal basis, justified interests, storage duration
    5.2. Recipients of the personal data
  6. Data processing on our Facebook Fan Page
  7. Social Media Plugins
III. Rights of involved parties
  1. Right to object
  2. Right to be informed
  3. Right to correction
  4. Right to deletion (“right to be forgotten”)
  5. Right to limit the processing of your data
  6. Right to data portability
  7. Right to revoke consent
  8. Right to complain

I. General Information

In this section of the Privacy Statement you will find information on its scope of validity, the entity responsible for processing data, that entity’s Data Protection Officer, and on data security. We also explain some important terms that are used in the Privacy Statement.

1. Important terms
  • Browser: A computer program for displaying websites (e.g. Chrome, Firefox, Safari)
  • Cookies: Text files that the accessed webserver stores on the user’s computer through the selected browser. The cookie information stored can include a cookie ID, which enables the user’s computer to be recognized when returning to the website, and data such as the registration status or information about websites visited. When next visiting the site, the browser sends the cookie information back to the webserver. Most browsers accept cookies automatically.
  • Third-party countries: Countries that are not part of the European Union (EU)
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016 on the protection of natural persons when processing personal data, free data traffic and the annulment of Directive 95/46/EC (General Data Protection Regulation), to be found here.
  • Personal data: All information relating to an identified or identifiable natural person. A natural person is considered to be identifiable if they can be directly or indirectly identified, in particular by being assigned to a means of identification such as a name, ID number, locational data, an online identity or one or more special characteristics that are an expression of the person’s physical, physiological, genetic, psychic, economic, cultural or social identity.
  • Profiling: Any kind of automatic processing of personal data that entails using the personal data in question to evaluate certain personal aspects relating to the natural person, in particular to analyse or predict aspects relating to their work performance, financial circumstances, health, personal preferences, interests, reliability, conduct, place of residence or a change of location.
  • Services: Our services to which this Privacy Statement applies (see Scope of Validity). 
  • Tracking: The gathering and evaluation of data with regard to the behaviour of visitors using our services.
  • Tracking technologies: Tracking can be performed using the activity protocols saved on webservers (logfiles) or by means of collecting data from your device through pixels, cookies or other similar tracking technologies.
  • Processing: Is any procedure effected with or without the aid of automatic processes, or any such sequence of procedures, conducted in the context of personal data, such as the collecting, recording, organizing, structuring, storing, adapting or modifying, reading-out, requesting, use, disclosure by means of transmission, dissemination or other form of delivery, comparison or linking, restriction, deletion or destruction thereof.
  • Pixel: Pixels are also known as tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML e-mails or on websites. When the e-mail is opened or the website visited, an internet server downloads this little image to it, and registers the downloading. This enables the operator of the server to see whether and when an e-mail is opened or a website visited. As a rule, this function is executed by invoking a small program (Javascript). It enables certain forms of information in your computer system to be recognized and forwarded, for instance the content of cookies, the time and date of the access to the website and a description of the page where the tracking pixel is.
2. Scope of validity

This Privacy Statement applies for the following offerings:

  • Our online offering “Christian-Liebig-Stiftung e.V” (website), which can be accessed in particular at “christian-liebig-foundation.com/“, 
  • Whenever one of our offerings (e.g. websites, subdomains, mobile applications, webservices or integration into third-party websites) refers to this Privacy Statement, irrespective of how you access or use it. 

All of these offerings are also collectively referred to as the “Services”

3. Responsible entity

The entity responsible for the data processing in the context of the Services – i.e. who decides on the purposes and means of processing personal data – is: 

Christian-Liebig-Stiftung e.V.
Arabellastraße 23
81925 München
Germany

4. Data Protection Officer

You can contact our Data Protection Officer at the address in section I.3. (att. Responsible entity) or at:

E-Mail: 

Telephone: ++49 /(0)89/9250-1700

II. The data processing in detail

In this section of the Privacy Statement, we inform you in detail about the processing of personal data within the context of our Services. For ease of understanding, we categorise these data according to certain functionalities of our Services. In the normal use of the Services, various different functionalities, and therefore also different types of processing, can take place successively or simultaneously.

1. About our data processing

Unless otherwise stated, the following applies for all the processing described below:

1.1. No obligation to provide personal information, and consequences of not doing so

It is not prescribed by law or contract that you have to provide personal data. You are not obliged to do so. While you are entering your data, we inform you if personal data are required for the Service in question or not (e.g. by labelling the text box as “mandatory”). If you do not provide mandatory data, we cannot render the Service in question for you. The failure to provide other data may mean that we cannot render our Services in the same way and quality.

1.2. Consent

In some cases you have the option of giving us your consent to further processing in the context of the processing described below (e.g. for part of the data). In such cases, we inform you separately of all modalities and the extent of the consent, and of the purpose we pursue with the relevant processing. For this reason, we have not listed the processing procedures based on your consent again here (Art. 13 para. 4 GDPR).

1.3. Forwarding personal data to third-party countries 

If we send data to third-party countries, i.e. countries outside the European Union, we do so only in accordance with the statutory admissibility requirements.

If the forwarding of your data to a third-party country does not serve to fulfil our contract with you, if we do not have your consent, if the forwarding is not required to assert, exercise or defend legal rights and no other exception under Art. 49 GDPR applies, we only forward your data to a third-party country if there is an adequacy decision pursuant to Art. 45 GDPR or suitable guarantees are provided in accordance with Art. 46 GDPR.

Alternatively, or additionally, EU standard data protection clauses passed by the European Commission agreed upon with the recipient pursuant to Art. 46 para. 2 c) GDPR  achieve suitable guarantees and an appropriate level of data protection. You can find copies of the EU standard data protection clauses on the European Commission website, here.

1.4. Hosting by external service providers

Our data processing is largely performed through hosting services providers that equip us with memory and processing capacities in their computing centers, and also process personal data on our behalf and by our order. Personal data can be passed on to hosting services providers for all the functions stipulated below. These service providers process data either only in the EU or we have guaranteed an appropriate level of data protection with the aid of the EU standard protection clauses (see c.).

1.5. Forwarding to state authorities

We forward personal data to public authorities (including law enforcement authorities) if this is required to meet a legal obligation we are subject to (legal basis: Art. 6 para. 1 c) GDPR) or to assert, exercise or defend against legal claims (legal basis Art. 6 para. 1 f) GDPR).

1.6. Storage duration

In the “Storage Duration” section we state how long we use data for each purpose. After this period we no longer process the data but delete them at regular intervals unless statute provides for ongoing processing and storage (especially because it is required to meet a legal obligation or assert, exercise or defend against legal claims), or if you grant us additional consent.

1.7. How long cookies work

The data processing described in the following sections sometimes use cookies. Only the provider of the webserver that originally installed the cookie can access the information stored in a cookie through the internet. Third parties cannot access data by this means. The cookies remain in action for varying durations. Some are only active during a browser session and are then deleted, others function for longer periods generally shorter than one year. After the end of its working life, the browser deletes the cookie. You can manage cookies using the browser functions (generally to be found in “Options” or “Settings”), deactivating the storing of cookies, making their storage dependent on your individual consent or limit their storage in other ways. You can also delete cookies at any time.

1.8. Names of data categories

In the following sections, the following category names are used to group certain types of data:

  • Personal master data: title, form of address/gender, first name, last name, date of birth
  • Address data: street, no. and any additional address information, postal code, city, country
  • Contact data: telephone number(s), telefax number(s), e-mail address(es)
  • Order data: products ordered, prices, payment and delivery information
  • Payment data: account data, credit card data, data on other payment services such as Paypal
  • Newsletter usage profile data: Date time of opening the newsletter, contents, selected links. Also the following information from the accessing computer systems: internet protocol address (IP address), browser type and version, device type, operating system and similar technical information.
  • Access data: date and time of the visit to our service; the page from which the accessing system accessed our site; pages viewed; data about the pages; session ID; and the following information from the accessing computer system: internet protocol address (IP address), browser type and version, device type, operating system and similar technical information.
2. Using our Services

In the following we describe how your personal data are processed when you use our Services (e.g. loading and viewing the website, opening and navigating in the mobile app). We also use technically or legally required tools that do not gather data themselves (e.g. the Google Tag Manager), but that only serve to manage and operate other tools or to manage your consents (Consent Management Platform). We point out in particular that it is unavoidable that access data be set to external content providers (see b.) because of the way information is transferred on the internet. The third-party providers are responsible for the proper operation of the IT systems they use, with regard to data protection conformity. The service providers are responsible for deciding how long they store the data.

2.1. Purposes of the data processing, legal basis, justified interests, storage duration
  • Data category: Access data
  • Purpose: Making the connection; presenting the services; recognizing attacks on our site using unusual activities; error diagnosis
  • Legality of the processing: Art. 6 para. 1 lit. f) GDPR
  • Our justified interest: Proper function of the services; security of data and business processes; preventing misuse and damage caused by accesses to information systems
  • Storage duration: 4 weeks
2.2. Recipients of the personal data
  • Recipient category: External content providers that provide e.g. images, videos, embedded posts from social networks, advertising banners, fonts, update information, shortened links that are required to display the service 
  • Affected data: Access data
  • Legal basis: Art. 6 para. 1 lit. f) GDPR
  • Our justified interest: Proper function of the services; (faster) presentation of the content
  • Recipient category: IT security providers
  • Affected data: Access data
  • Legal basis: Art. 6 para. 1 lit. f) GDPR
  • Our justified interest: Preventing attacks by exploiting security gaps/weaknesses
3. Donating using the donation form

In the following we describe how your personal data are processed in the context of donations when there is a customer relationship between you and us

3.1. Purposes of the data processing, legal basis, justified interests, storage duration
3.2. Recipients of the personal data
  • Recipient category: Payment services providers
  • Affected data: Personal master dataaddress datapayment data
  • Service provider for donation processing (this website uses the donation form of twingle GmbH, Prinzenallee 74, 13357 Berlin. twingle only stores the data you enter when making a donation on servers in Germany to process the donation).
  • Legal basis: Art. 6 para. 1 lit. a) and b) GDPR

We use PayPal, a service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and the service provider Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm (“immediate money transfer”). By electing to pay using PayPal or an immediate money transfer, we redirect you to a page of PayPal or Klarna Bank AB. All PayPal and immediate money transfer transactions are subject to the PayPal or Klarna Bank AB data protection declaration. We act independently of PayPal or Klarna Bank AB in terms of data protection.

4. Newsletter subscriptions

In the following we describe how your personal data are processed when you subscribe to a newsletter:

4.1. Purposes of the data processing, legal basis, justified interests, storage duration
  • Data category: Personal master data; e-mail address
  • Purpose: To verify the registration (double opt-in); send the newsletter; personalize the newsletter
  • Legality of the processing: Art. 6 para. 1 lit. b) GDPR
  • Storage duration: Duration of the newsletter subscription
  • Data category: Registration data
  • Purpose: To verify the newsletter registration/confirmation/cancellation
  • Legality of the processing: Art. 6 para. 1 lit. b) and f) GDPR
  • Our justified interest: Evidence of newsletter registration/confirmation/cancellation
  • Storage duration: Duration of the newsletter subscription
4.2. Recipients of the personal data
  • Recipient category: Service providers for newsletter dispatch
  • Affected data: All data specified in item a) of this section
  • Legal basis: Art. 28 GDPR
5. Sale of the Christian Liebig Foundation notice book

In the following we describe how your personal data are processed when you buy the Christian Liebig Foundation notebook.

5.1. Purposes of the data processing, legal basis, justified interests, storage duration
  • Data category: Personal master dataaddress datacontact dataorder data
  • Purpose: Identification; making contact; registering as a customer; age check; providing information that suits individual interests; advertising for own and third-party offerings; order processing
  • Legality of the processing: Art. 6 para. 1 lit. b) and f) GDPR, §7 para. 3 UWG
  • Our justified interest: Advertising purposes; customer support; marketing our Services
  • Storage duration: 10 years after completion of the last order
  • Data category: payment data
  • Purpose: Processing payments for the Service
  • Legality of the processing: Art. 6 para. 1 lit. b) GDPR
  • Storage duration: Duration of the contractual relationship
5.2. Recipients of the personal data

We use PayPal, a service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and the service provider Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm (“immediate money transfer”). By electing to pay using PayPal or an immediate money transfer, we redirect you to a page of PayPal or Klarna Bank AB. All PayPal and immediate money transfer transactions are subject to the PayPal or Klarna Bank AB data protection declaration. We act independently of PayPal or Klarna Bank AB in terms of data protection.

6. Data processing on our Facebook Fan Page

We operate this fan page on the platform of Facebook Inc, 1601 S. California Avenue, Palo Alto, CA, 94304, USA (Facebook data policy). Every call and every interaction on our fan page leads to data processing, regardless of whether you have a Facebook account or not. In the case of a logged-in account, Facebook Inc. combines the information about the call-up of the Fanpage with your account information and may use this to create profiles. If you do not wish to be profiled in this way, please log out before accessing our fan page.

By means of “Facebook Insights”, we process statistical data of our fan page such as the total number of page views, “Like” votes, page activities, post interactions, video views, post reach, comments, shared content, replies, the proportion of female and male visitors to our website, the origin in terms of country and city, language, calls and clicks in the shop, clicks on route planners and clicks on telephone numbers. This is done on the basis of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) to make posts on the site more attractive or to find the right time to publish them.

You have the right to information, deletion and correction of your data, restriction of processing, objection to processing, data portability and complaint to the supervisory authority. You can exercise these rights both against Facebook Inc. [contact form] as well as against us , whereby we will forward your requests to them in accordance with our agreement with Facebook.

As we are jointly responsible for processing your data, we have a Page Controller Addendum with Facebook.

7. Social Media Plugins

This website may contain add-on programmes (plugins) from social networks such as YouTube, which are operated by third parties and via which data can be transmitted to the corresponding social network with the help of a button in order to display, rate, recommend or share content, for example. In this way, we want to make our services better known and enrich them with relevant content. We configure our services so that data is only transmitted when you click the button. The legal basis for the data transfer in this case is Art. 6 para. 1 lit a) GDPR. The respective provider is responsible for the data protection-compliant processing of the transmitted data.

YouTube

Provider: YouTube LLC., 901 Cherry Avenue, San Bruno, CA 94066. USA
Provider’s privacy information: https://www.youtube.com/static?template=privacy_guidelines

III. Rights of involved parties

  1. Right to object
    If we process your personal data for the purposes of direct advertising, you have the right to object to the processing for this purpose at any time, with effect for the future. This also applies to profiling, in as much as this is in connection direct advertising.
    You also have the right, for reasons of your particular situation, to object to the processing of your personal data as conducted pursuant to Art. 6 para. 1 lit. e) or f) GDPR at any time, with effect for the future. This also applies to profiling based on these provisions.
    The right to object is free of charge for you.
    You can contact us using the contact data provided in I.4.
  2. Right to be informed
    You have the right to demand confirmation from us as to whether personal data relating to you are being processed, and, where applicable, to information about these personal data and the other data specified in Art. 15 GDPR.
  3. Right to correction
    You have the right to demand that we correct without delay any incorrect personal data pertaining to you (Art. 16 GDPR). Under consideration of the purpose of the processing, you have the right to demand that incomplete personal data be completed – also by means of an additional explanation.’
  4. Right to deletion (“right to be forgotten”)
    You have the right to demand that we immediately delete the personal data relating to you if one of the reasons provided for by Art. 17 para. 1 GDPR applies and the processing is not required for one of the purposes specified in Art. 17 para. 3 GDPR.
  5. Right to limit the processing of your data
    You have the right to demand the restriction of the processing of your personal data if one of the prerequisites provided for in Art. 18 para. 1 lit. a) to d) GDPR applies.
  6. Right to data portability
    Under the conditions specified in Art. 20 para. 1 GDPR, you have the right to receive the personal data that you have provided us with, in a structured, common and machine-readable format, and to forward these data to another responsible person without our obstruction. When exercising this right to data portability, you have the right to have us forward the personal data directly to another responsible party, to the extent that this is technically possible.
  7. Right to revoke consent
    In so far as the processing is based on your consent, you have the right to revoke that consent at any time. This does not affect the legality of the processing that has taken place prior to your revocation.
  8. Right to complain
    You have the right to lodge a complaint with the supervisory authority responsible for our company. the supervisory authority responsible for our company is:
    Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, http://www.lda.bayern.de

As of March, 30 2021.

© 2024 by Christian-Liebig-Stiftung e.V. – Kindly supported by Hubert Burda Media.