Our notice regarding data protection
The Fritz Thyssen Stiftung takes the protection of your personal data very seriously. We would therefore like to inform you about whether and which data we process. Our obligation to do this emanates from the German Telemedia Act (Telemediengesetz – TMG) and the General Data Protection Regulation (GDPR). We provide our information at www.fritz-thyssen-stiftung.de.
1. Personal data
Personal data means all information that relates to an identified or identifiable natural person (referred to in the following as data subject); an identifiable persons is deemed to mean a natural person who can be identified directly or indirectly, in particular by means of association with a form of identification such as a name, an identification number, location-related data, an online identification or one or more special features that manifest the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
Our personal data therefore includes, for example, your name, the address where you reside, your gender, your date of birth, your age, your telephone number, your e-mail address or your IP address. This list is not complete and is merely intended to show you what the term personal data may designate.
2. Name and contact data of the instance in charge
The Fritz Thyssen Foundation is the instance in charge of processing your personal data. You can contact us at this address:
Fritz Thyssen Stiftung
Apostelnkloster 13-15
50672 Köln
3. Data protection officer
This is where to contact the Fritz Thyssen Foundation’s Data Protection Officer:
Dr. Thomas Suermann
Fritz Thyssen Stiftung
Apostelnkloster 13-15
50672 Köln
Telefax: 0049.221.277 496-196
E-Mail: datenschutz@fritz-thyssen-stiftung.de
4. What data from you that we collect, process or use
In the following we inform you whether and what data we collect, process or use when you use one of our information services:
a) General principle
We do not collect, process or use any personal data on you in principle when you use our information services.
b) Enquiries by e-mail
If you contact us by e-mail, it may be the case that we require personal data from you. We only collect, process or use your personal data to the extent and as long as we need such in order to render our information services to you. We delete your personal data after we have rendered our information services to you unless a statutory retention obligation requires us to store your personal data for a longer period.
c) Data collection for technical reasons
Each time you visit www.fritz-thyssen-stiftung.de, we automatically collect and store your data that your browser sends to our server. This involves the following information:
- Type and version of the browser used by you
- What operating system you are using
- The URL of the site being requested
- Date and time of day when the site is called up
- Your IP address
We do not have any possibility to assign this data to you individually, nor do we place this data together with other data sources. Error logs which record incorrect page call-ups are stored for 7 days. In addition to error messages, these include the IP address that accesses the site and, depending on the error, the website accessed.
If we obtain knowledge of your IP address when you call up our site, we shall store the aforementioned data for a period of 60 days and delete it after the expiry of this period of time unless statutory retention obligations require us to store your data for a longer period of time. We shall only assess data which has been recorded in a protocol on your visit to our website or have such assessed if we are obligated to do such by law or a court decision or
we need the protocolled data in order to be able to take legal action under penal and/or civil law against attacks on our infrastructure.
d) Downloading of files
On our website we offer you the possibility to download files. In order to make this possible, we automatically collect data which your browser transmits to our server. This involves the following information:
- Type and version of the browser used by you
- What operating system you are using
- The URL of the site being requested
- Date and time of day when the site is called up
- Your IP address
To the extent that we acquire knowledge of your IP address through your download, we shall store the aforementioned data for a period of 60 days and delete it after the expiry of this period of time unless statutory retention obligations require us to store your data for a longer period of time.
In order to foster reasonably transparent actions in the interest of the public weal, the Fritz Thyssen Foundation publishes annual reports in printed form, within the framework of which we report on the names of recipients of support, their institutions and their research projects. You can download these annual reports from our website. The Foundation reserves the right to also report on its website about projects for which support has been approved. These forms of publication are not associated with any assessments or evaluations.
e) No use of cookies
We do not use any “cookies” (text files that are saved on the web browser on your computer that make it possible to analyse use of the website).
f) No use of data traffic analysis services
We do not use any data traffic analysis services such as, for example, Google Analytics, the web analysis service of Google Inc. (“Google”), on our website.
g) Newsletter by e-mail
The Fritz Thyssen Foundation’s head office is located in Cologne centre city near Neumarkt. With several event rooms, the building serves as a venue for scholarly dialogue and cultural events.
We would be glad to inform you about the Foundation’s public events by e-mail. To subscribe from the newsletter, please click on the “Newsletter subscription” button at the bottom left-hand side of our website.
Please note that for your and our security, we use the double opt-in procedure in registering for our newsletter. In accordance with Art. 6 para. 1 p. 1 lit. a) of the GDPR, you will only be registered for our newsletter when you confirm your registration by clicking a link contained in an e-mail sent by us to you. If you do not confirm your registration within seven days, your information will be blocked and automatically deleted. In the event of a registration, we will store your respective IP address used, the time of registration and confirmation for as long as you receive our newsletter. The purpose of this procedure is to have a record of your registration and/or to clarify any possible abuse of your personal data. If you do not want us to process your e-mail address and do not enter it, we cannot send you our newsletter.
We will use your e-mail address solely for the purpose of informing you by e-mail about public events of the Fritz Thyssen Stiftung. We use a service provided by CleverReach GmbH & Co KG to send our email newsletter. We have concluded an order processing agreement with this company in accordance with Art. 28 of the GDPR.
Your e-mail address and any data voluntarily provided by you as part of your newsletter subscription will be stored for as long as you receive our newsletter. After you have unsubscribed from our newsletter, this personal data will be deleted.
To unsubscribe from the newsletter, please click on the “Unsubscribe from Newsletter” button at the bottom left-hand side of our website. You will not be unsubscribed until you confirm your unsubscription by clicking a link we send to you in an e-mail, however. Alternatively, you can write an e-mail to the event management of the Fritz Thyssen Stiftung, c/o Ms Lene Schwerdtfeger (lene.schwerdtfeger@fritz-thyssen-stiftung.de) or unsubscribe from the newsletter in another way (e.g. by telephone or post).
h) Data processing when registering for an event
On our website https://www.fritz-thyssen-stiftung.de/veranstaltungen/liste-veranstaltungen/ you can register for events organised by the Fritz Thyssen Stiftung. If third-party events are taking place on our premises, you will be redirected to the website of the relevant organiser by clicking on the “registration” button. With this eventuality in mind, we describe in the following how you can register for an event organised by the Fritz Thyssen Stiftung and what personal data we require from you.
In the first step, please select the desired event.
In the next step, you have to in any case enter your first and last name as well as your e-mail address. We need your first and last name in accordance with Art. 6 para. 1 p. 1 lit. b) of the GDPR in order to include you on our list of participants. We need your e-mail address to confirm your registration for the event. Please note that we use the double opt-in procedure for your and our security. You will only be registered for the desired event when you confirm your registration by clicking a link which we send to you in an e-mail. If you do not confirm your registration within seven days, your information will be blocked and automatically deleted. In the case of registration, we will store your IP address used, time of registration and confirmation in each case. The purpose of the procedure is to have a record of your registration and/or to clarify any possible abuse of your personal data.
If applicable, you can click on whether you will be accompanied by another person at the event. In this case, please enter the first and last name of your companion. We also ask you to confirm that the person accompanying you has authorised you to register them for this event and to transmit their personal data for this purpose. You can provide this confirmation by ticking the relevant check box. We require the details of your companion in accordance with Art. 6 para. 1 p. 1 lit. b) of the GDPR in order to also include them on our list of participants.
aa) Storage period of your personal data
We only store your personal data for as long as we need it in order to provide you with our information services or as we are legally obliged to do so. If the purpose of the storage no longer applies or a legal storage period expires, we will delete your personal data. We process the personal data you enter using cobra CRM software. This enables us to include you and, if applicable, your companion on our list of participants. We will delete your personal data and, if applicable, that of your companion 30 days after the end of the event in order to review any claims against the Foundation or third parties (the legal basis for this is Art. 6 para. 1 p. 1 lit. f) of the GDPR).
bb) Possible consequences of not providing data
If you do not want us to process your personal data, we cannot present our website or render information services to you.
i) Online meetings and video conferences
We use the BigBlueButton video conferencing service to conduct online meetings and video conferences (hereinafter referred to as online meetings).
We do not operate BigBlueButton ourselves, but use a corresponding service offered by invokable GmbH, which is based in Germany, for this purpose (the legal basis for this is Art. 6 para. 1 p. 1 lit. f) of the GDPR). The servers of invokable GmbH are located within a country of the European Union or the European Economic Area. We have concluded an order processing agreement with invokable GmbH in accordance with Art. 28 of the GDPR. You can find more information on data processing by invokable GmbH at https://bbbserver.de/datenschutz.
When participating in an online meeting, your following personal data will be processed:
- Name (if you provide it)
- Audio data (spoken word)
- Video data (webcam image and screenshare)
- Chat messages
- IP address
We do not record online meetings. We do not record your attendance, either.
Insofar as personal data of employees of the Fritz Thyssen Stiftung is processed during online meetings, § 26 of the GDPR serves as the legal basis.
Furthermore, Art. 6 para. 1 p. 1 lit. f) of the GDPR serves as the legal basis. Our legitimate interest lies in logical measures to combat the pandemic, in the efficient utilisation of our space capacities and in taking into account users’ increased desires for modern means of communication, including video conferencing, in recent years.
Your personal data will only be transmitted to our service provider, invokable GmbH, for the technical implementation of online meetings. Other than this, we do not and will not transmit your personal data to third parties.
Your personal data will be automatically deleted when you leave the conference, but no later than five minutes after the end of the conference. After 48 hours at the latest, invokable GmbH will delete the server used to execute the conference, so that your personal data will also deleted in this manner in the event that the automatic deletion routine described above should fail.
5. Your rights as a data subject
As a data subject, you have the following rights towards us:
- Right to withdraw data protection-related consent in accordance with Art. 7, section 3 of the General Data Protection Regulation
- Right of access in accordance with Art. 15 of the General Data Protection Regulation
- Right to rectification in accordance with Art. 16 of the General Data Protection Regulation
- Right to erasure (“right to be forgotten”) in accordance with Art. 17 of the General Data Protection Regulation
- Right to restriction of processing in accordance with Art. 18 of the General Data Protection Regulation
- Notification obligation in accordance with Art. 19 of the General Data Protection Regulation
- Right to data portability in accordance with Art. 20 of the General Data Protection Regulation
- Right to object in accordance with Art. 21 of the General Data Protection Regulation
- Right to lodge a complaint with a supervisory authority in accordance with Art. 77 of the General Data Protection Regulation
6. Legal foundations for processing; statutory or contractual provi-sions pursuant to the provision of personal data; requirement that a contractual agreement be concluded; obligation of the data sub-ject to provide personal data; possible consequences of not providing data
Under Art. 6, section 1, subsection 1, letter b) of the General Data Protection Regulation, we require some of your personal data in order to present the content of our website to you or to render information services to you.
If you do not want us to process your personal data, we cannot present our website or render information services to you.
7. Data security
We have taken technical and organisational security precautions in order to protect your data, in particular against loss, manipulation or unauthorised access. We modify our security precautions on a regular basis in order to stay abreast of ongoing technological developments.
8. Regular updating of this data protection note
The underlying legal conditions for us in our capacity as providers of information services are of course subject to change and modification. These changes and modifications make it necessary to update this data protection notice from time to time.