Data Protection Statement Website

 1. General Information Regarding the Collection of Personal Data

1.1 In general
The safeguarding of your private sphere when using our website is very important to us. Accordingly, we utilize your personal data in compliance with the statutory regulations pertaining to data protection. Personal data are all data that are obtainable about you personally, for example name, address, email address, user behavior. In the following we provide you with information about how we handle your personal data.

1.2 Entity responsible
Responsible as “Controller” pursuant to Article 4 para. 7 of the EU General Data Protection Regulation (GDPR) is 
Else Kröner-Fresenius-Stiftung
Rathausplatz 3-7
61348 Bad Homburg v.d. Höhe, Germany.

You can reach our data protection officer,

bpc GmbH
Einigkeitsstraße 9
45133 Essen,

at Datenschutz_EKFS@b-p-c.eu or at our postal address by adding “Attn. Data Protection Officer” to the address.

1.3 No collection of data on minors
The foundation Else Kröner-Fresenius-Stiftung takes the safeguarding of children’s private sphere very seriously. We do not knowingly collect personal information from children under the age of 16 via our website. If you are younger than 16 years old, please obtain permission from a parent/legal guardian before you make personal data available to Else Kröner-Fresenius-Stiftung. 

2. Scope of Data Collection upon Visiting our Website

2.1 In general
Strictly speaking, you are able to use our website without notifying us as to who you are. If you do not convey information to us via another method, we collect merely the personal data that your browser communicates to our server. The following data are necessary for us due to technical features and ensure the stability and security of the website: 

  • IP address
  • date and time of the query
  • time-zone difference in comparison to Greenwich Mean Time (GMT)
  • content of the request (concrete page)
  • access status/http status code
  • data volume transmitted in each case
  • website from which the request originates
  • browser
  • operating system and its interface
  • language and version of the browser software.

Data storage takes place to ensure the website’s functionality. In addition, we use the data to optimize the website and safeguard the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. However, our abovementioned purposes do include our legitimate interest in data processing pursuant to Art. 6 para. 1 f) of the GDPR. The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case whenever the respective session has ended after data have been collected for providing the website itself. The web server logs are automatically deleted after 60 days.

2.2 Deployment of cookies
We use cookies to optimize our website for you. This includes cookies that are necessary for the operation of our website, as well as others we use for anonymous web statistics. Cookies deal with small text files that are stored on your hard-disk drive and assigned to the browser you utilize. As a result of the entity setting the cookie (in this case by us), certain information flows to these text files.

2.2.1 Necessary cookies:
These cookies support the function and usage of our website and serve towards having the technical features of our website operate correctly. They are necessary to keep your visit to our website consistent. In other words, to ensure that, for example, your entries during the session are retained. These session cookies are automatically deleted after the end of the session.

2.2.1 Statistical cookies (analytics cookies):
We use the open source tool Matomo for statistical purposes. This is used to analyze visitor traffic on the Internet. The information generated by the cookie about your use of the Internet is transmitted to our server and stored there. Unlike other widely used web analytics tools such as Google Analytics, these data are not stored on the service provider’s web servers in third countries, where they would be beyond our control. We use this data for statistical purposes and the analysis, further development and improvement of the website. The collection of IP addresses principally occurs on an anonymized basis (via the AnonymizeIP plugin). In doing so, the last 2 bytes are anonymized.

In particular, the following dataset is stored for each call-up:

(1) 2 bytes of the IP address of the user’s calling system
(2) the accessed web page
(3) the web page from which the user has reached the accessed web page (referrer)
(4) the subpages that are called up from the called-up website
(5) the time spent on the website
(6) the frequency with which the website is accessed
(7) device type (desktop, smartphone, etc.)
(8) operating system
(9) browser (including language setting)
(10) outgoing links (exit pages)

The software runs exclusively on our website’s servers. A saving of users’ personal data only takes place there. The data are not disclosed to third parties. The software is set so that the complete IP address is not stored: the last two bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This way an assignment of the shortened IP address to the accessing server is no longer possible.

You can also make your personal settings at any time by using the Cookie Settings button in the footer of our website. There you’ll find an overview of all cookies deployed on our website: Adjust Cookie-Settings. When our website is called up, the cookie banner regularly notifies visitors about the cookies used and the setting option for cookies that are technically not necessary. Visitors are also referred to our privacy policy (Data Protection Notice).

The legal basis for data processing is Art. 6 para. 1 (1) a), f) of the GDPR. Our legitimate interest ensues from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

However, you can specify that cookies are rejected via the browser settings. When cookies are rejected, it can occur that you are no longer able to make use of some functions on the website. When cookies are accepted, you can delete these accepted cookies again at a later point in time.

When you delete cookies, all of the settings that are controlled by these cookies are deleted, including ad settings, and might possibly not be restorable anymore.

When you delete cookies, it is possible that you are furthermore requested to confirm certain dialogues again. 

Please note that your cookies settings always refer to the internet browser you use. This means that if you want to call up our website using a different internet browser you have to perform the setting(s) again.

2.3 Integration of YouTube videos
We have integrated YouTube videos into our online offer which are stored at http://www.YouTube.com and can be played back directly from our website. [They have all been integrated within the “Enhanced Data Protection Mode”. In other words, no data about you as user is transmitted to YouTube when you do not play back the videos. It’s only when you play back the videos that the data stated in Section 2. are transmitted. We have no influence on this data transmission.]
As a result of visiting the website YouTube receives the information that you have called up the corresponding subpage on our website. In addition, the data stated in Section 2. of this document are communicated. This occurs independent thereof whether YouTube provides a user account through which you are logged in or no user account exists. If you are logged in at Google, your data are assigned directly to your account. If you do not want this assignment at YouTube using your profile, you must log out before activating the button. YouTube stores your data as usage profiles and makes use of the data for purposes of advertising, market research and/or demand-based design of its website. An analysis of this nature occurs especially (even for not logged-on users) towards providing demand-based advertising and to inform other users within the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must direct the objection to YouTube in order to exercise this right.
You obtain additional information pertaining to the purpose and scope of data collection and the processing thereof by YouTube in the Privacy Policy from YouTube, a subsidiary of Google LLC.. You also obtain further information pertaining to your rights and settings options towards protecting your private sphere there: https://policies.google.com/privacy?hl=en-us

2.4 Establishing contact
In the event of email queries addressed to us, the data you have disclosed (your email address, possibly or where required your name, telephone number and the institution on whose behalf you are active) are stored in order to reply to your questions. 
We process the information towards establishing contact on the basis of Article 6 para. 1 (b) of the GDPR (towards performance of a contract or towards implementation of steps prior to entering into a contract), and as needed possibly on the basis of Article 6 para. 1 (f) of the GDPR (Legitimate Interests).

We delete the data incurred in conjunction with the above context once the storage thereof is no longer necessary, or restrict the processing thereof in the event that statutory retention provisions exist.

2.5 Funding by the foundation
2.5.1 Implementation of funding
We require personal data towards implementing a case of funding and for upstream review of the application for funding 

  • first and last names
  • postal address
  • email address
  • institutional and private contact data 
  • position 
  • function 
  • date of birth 
  • gender 
  • occupational history 
  • letter of recommendation 
  • bank account data.

The processing of your personal data is fundamentally based on Article 6 para. 1 (b) of the GDPR, because no review of the application for funding or an actual case of funding itself can be carried out without your disclosures. 
Insofar as the provision of your personal data is necessary for funding by us, you are fundamentally obliged to provide us with your personal data. Should you decide not to provide us with your personal data, we cannot commence the funding with you or proceed any further with it.

No automatic decision-making shall be conducted which is based solely on automated processing, including profiling, and evolves to have legal effect for you or impairs you in a similar way.

We retain your data for as long as a funding relationship exists with you. Upon termination of the funding relationship, your data shall generally be retained for 10 more years insofar as no statutory retention periods exist to the contrary or you do not call on us for the deletion thereof. 

We point out that your right to deletion of data may be restricted due to statutory retention obligations we are obliged to comply with.
It may be necessary that we require the support of service providers. However, we divulge your personal data solely to such entities which require your data towards performance of tasks on our behalf. 
The foundation Else Kröner-Fresenius-Stiftung essentially processes your personal data within Germany. Due to the foundation’s funding activity we may transmit your personal data within the EU and also to the USA and to other countries whose data protection legislation is possibly less comprehensive than such laws within the EU. The access to your personal data is limited thereby to legal persons who must be familiar with this data for the purposes described in this Data Protection Statement. As a basic principle, a disclosure of your data to third countries with a commensurate level of data protection occurs solely under the application of appropriate protective measures.

The foundation Else Kröner-Fresenius-Stiftung furthermore utilizes various IT service providers. It is therefore not to be ruled out that personal data are transmitted within the EU and also to the USA and to other countries whose data protection legislation is possibly less comprehensive than such laws within the EU. As a basic principle, a disclosure of your data to third countries occurs under the application of appropriate protective measures.

2.5.2 Information about calls for applications
Furthermore, a legitimate interest on our part towards carrying out concomitant communications measures and/or calls for applications procedures can exist due to Article 6 para. 1 (f) of the GDPR to the extent that no consent is required on your part for these purposes.

2.6 Newsletter
You can subscribe to our newsletter via our website. The newsletter provides you with information about our activities – such as calls for applications, projects being funded or awards ceremonies. Your email address is required for registration. All other disclosures are voluntary.

Registration occurs via a double opt-in process. This means that following registration on our website you receive an email to the address indicated. The registration does not become effective until you click on the activation link enclosed in the confirmation email. The unconfirmed activation link remains valid for 4 weeks. Your email address subsequently remains in our database until you revoke your consent.

You can unsubscribe to our newsletter at any time and revoke your consent by clicking on the corresponding link at the end of each newsletter or by sending an email to kontakt@ekfs.de.

We evaluate your clicks in our newsletter with the help of so-called tracking pixels, in other words invisible image files. They are assigned to your email address and interlinked to a unique ID in order to clearly assign clicks within the newsletter to you. This usage profile is intended to serve towards enabling the newsletter offer to be tailored to your interests. We capture when you read the newsletter and which links you click on, then deduce an interest profile from this information.

You can object at any time by clicking on the corresponding link at the end of the newsletter or by contacting us. However, this means that you will not receive any more newsletters.

3. Your Rights
You have the following rights towards us with respect to the personal data affecting you:

  1. Right of access by the data subject (Art. 15 GDPR)
  2. Right to rectification (Art. 16 GDPR)
  3. Right to erasure (Art. 17 GDPR)
  4. Right to restriction of processing (Art. 18 GDPR)
  5. Right to data portability (Art. 20 GDPR)
  6. Right to object to processing (Art. 21 GDPR)

Insofar as the processing of your personal data is based on your consent, you have the right to revoke your consent at any time, effective as of the future. The legitimacy of the processing which has occurred until revocation due to the consent given remains unaffected.
To assert one of your rights listed above you can approach us at any time: 
Else Kröner-Fresenius-Stiftung, Louisenstraße 120, 61348 Bad Homburg v.d. Höhe, Germany, or at kontakt@ekfs.de
If you are of the opinion that we process your personal data in an impermissible manner, please contact us at Datenschutz_EKFS@spie.com or at our postal address by adding “Attn. Data Protection Officer” to the address.
You also have the right to apply to the German data protection supervision authority. 

The German government authority in charge is:
Der Hessische Beauftragte für den Datenschutz und die Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany

4. Security Measures
Insofar as we forward data to our service providers within the framework of the services described here, in addition to mandatory statutory regulations these service providers are bound to contractual stipulations with us pertaining to the subject of data protection.
We employ security measures which we continuously optimize in accordance with technical and legislative development in order to safeguard your data to the best possible extent against accidental or willful manipulation, loss, destruction or access by unauthorized third parties.

5. Links to Other Websites / Social Media 
Our online offer can also contain links to other websites, for instance to social media platforms or universities. This Data Protection Statement does not extend to these providers.

If you wish additional information regarding the scope of personal data collected and processed by the providers of social media, regarding the purpose of data processing, as well as regarding your respective rights and measures towards safeguarding your personal data (including your right to object), please read the privacy policy of the respective social media networks: 

Twitter: https://twitter.com/en/privacy
Linkedin: https://www.linkedin.com/legal/privacy-policy
XING: https://privacy.xing.com/en/privacy-policy
YouTube: https://policies.google.com/privacy?hl=en-US

We have no influence over operators’ compliance with data protection provisions and therefore assume no responsibility whatsoever for the correctness, up-to-dateness and completeness of the information provided there.

Hootsuite
We use Hootsuite (Hootsuite Media Inc., 5 East 8th Avenue, Vancouver, British Columbia, V5T 1R6, Canada) to manage our social media channels in order to plan, publicize and analyze our posts. The portal processes data which have been uploaded by users on social media channels or circulated and published due to shares and likes for posts. Additional information along with the current privacy policy in force at Hootsuite can be read up on at https://hootsuite.com/de/legal/privacy and at https://hootsuite.com/de/legal/general-data-protection-regulation.

6. Additional Questions Regarding the Subject
In the event that you have questions or remarks pertaining to this Data Protection Statement and explanatory guideline for cookies, please contact us via the contact data for the “Controller” indicated in this document (see section 1.2).

 
Status: May 2022