Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Christian-Liebig-Stiftung e.V.
Frundsbergstraße 23
80634 Munich, Germany
E-mail: info@christian-liebig-stiftung.de

A data protection officer has not been appointed.

2. General Information on Data Processing

We process personal data of users of our website only to the extent necessary to provide a functional website as well as our content and services. Personal data is generally processed only with the consent of the data subject or where processing is permitted by statutory provisions.

Personal data is deleted or blocked as soon as the purpose of storage no longer applies. Further storage may take place if this is required by statutory retention obligations.

3. Provision of the Website and Hosting

Our website is hosted by an external hosting provider (Domainfactory GmbH). The hosting provider processes personal data exclusively within the framework of data processing on our behalf in accordance with Art. 28 GDPR.

Each time the website is accessed, the hosting provider automatically collects and stores information in so-called server log files. This includes in particular:

  • IP address (shortened/anonymized)
  • Date and time of access
  • Accessed page or file
  • Browser type and browser version
  • Operating system used

Processing is carried out to ensure the technical security and stability of the website on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure provision of our online services.

4. Integration of External Media

Our website may integrate content from external platforms (e.g. video or media providers). This content is only loaded after users have actively given their consent. Before consent is given, no personal data is transmitted to the external services.

  • YouTube videos: Videos are only played after consent has been given. No data is transmitted to YouTube or Google before the user actively agrees.

5. Contact by E-mail and Contact Form

When contacting us by e-mail or via the contact form, the personal data you provide (e.g. name, e-mail address, content of the message) is processed solely for the purpose of handling your request.

In the contact form, you confirm by selecting a checkbox that your data may be processed for the purpose of handling your inquiry.

The legal basis for processing is Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in preventing misuse/spam). Data will be deleted as soon as it is no longer required and no statutory retention obligations apply.

If the inquiry is related to the conclusion or performance of a contract, legal basis is Art. 6(1)(b) GDPR; otherwise Art. 6(1)(f) GDPR.

6. Donations via the Donation Form

To process donations, we use an external donation form provided by twingle GmbH, Prinzenallee 74, 13357 Berlin, which is integrated into our website via an iframe.

In the course of a donation, the following data in particular is processed:

  • Personal master data
  • Address data
  • Contact data
  • Payment data

Processing is carried out for the purpose of identification, contacting, processing the donation, and issuing donation receipts.

Legal basis: Art. 6(1)(a) and (b) GDPR. Data is stored for up to 10 years according to statutory commercial and tax retention requirements. Processing by twingle is under Art. 28 GDPR with agreements in place. Data is stored on servers in Germany.

Depending on the chosen payment method, data may be transferred to external payment providers such as PayPal. The respective provider is responsible for processing and privacy compliance.

7. Sale of the Christian-Liebig-Stiftung Notebook

When purchasing the notebook, personal data is processed for order handling, delivery, communication, and legal compliance.

  • Personal master data
  • Address and contact data
  • Order and payment data

We use Friendly Captcha for spam and misuse protection. More information: Privacy Policy Friendly Captcha

Legal basis: Art. 6(1)(b) GDPR. Data is stored up to 10 years after the last order. External payment providers like PayPal process data independently under their own privacy terms.

8. Processing of Member, Sponsor and Donor Data (openhearts)

We use an external administration system (openhearts) to manage members, sponsors, and donors.

Processed data includes name, address and contact details, bank details, and donation history.

Purpose: member management, donation processing, communication, and legal compliance. Legal basis: Art. 6(1)(b) and (c) GDPR. Processing under Art. 28 GDPR with agreements in place.

No special categories of personal data are processed.

9. Newsletter

Users may subscribe to a newsletter, sent via CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.

Double opt-in is used. Processed data:

  • Email address
  • Name (if provided)
  • Date/time of subscription and confirmation
  • Usage data (open/click rates)

Legal basis: Art. 6(1)(a) and (f) GDPR. Processing under Art. 28 GDPR agreements. Unsubscribe anytime via the link in every email.

10. Postal Mailings

Personal data may be processed for sending information and advertising by post:

  • Name and address

Legal basis: Art. 6(1)(a) or (f) GDPR. Legitimate interest: direct marketing according to Recital 47 GDPR.

11. Bank and Payment Data (WinData)

Payment and contract data are processed via the banking software:

Windata GmbH
Weißgerberei 11
88239 Wangen im Allgäu, Germany

Processed data includes:

  • Personal data
  • Communication data
  • Contract data
  • Billing and payment data

Purpose: proper management of member and donor payments.

12. Envelope Stuffing and Postal Shipping (Lettershop Nagl)

For postal newsletter distribution, we use an external service provider:

Nagl Papierverarbeitung GmbH
Martin-Festl-Ring 8
85609 Aschheim, Germany

We provide only the necessary address data for shipping. Processing is carried out exclusively on our behalf in compliance with GDPR.

13. Rights of Data Subjects

Data subjects have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

Requests may be sent to the contact address above. Complaints can also be filed with the relevant data protection supervisory authority.

14. Changes to this Privacy Policy

We reserve the right to amend this privacy policy if necessary due to legal or technical developments.

Service
Legal
Contact

Christian-Liebig-Stiftung e.V.
Frundsbergstraße 23
80634 München
info@christian-liebig-stiftung.de

Donation account

Christian-Liebig-Stiftung e.V.
IBAN: DE20 700 700 240 7003700 00
BIC: DEUTDEDBMUC
Deutsche Bank München

© 2026 by Christian-Liebig-Stiftung e.V. – Kindly supported by Hubert Burda Media.