Privacy Policy

As the operator of this website, we at the Hanns R. Neumann Stiftung take the protection of your privacy and your personal data very seriously. For this reason, we treat your personal data as strictly confidential and adhere strictly to the data protection rules and regulations, in particular the European General Data Protection Regulation (“GDPR”).

1. General

1.1 Controller

Controller as defined by the GDPR and service supplier as defined by the German Telemedia Act (TMG) is:

Hanns R. Neumann Stiftung
Coffee Plaza – Am Sandtorpark 4
20457 Hamburg
Germany
Tel: +49 (0)40 808112 419
Fax: +49 (0)40 808112 433
Email: info@hrnstiftung.org

1.2 Data protection officer

You can contact our data protection officer at

Hanns R. Neumann Stiftung
Data Protection Officer
Coffee Plaza – Am Sandtorpark 4
20457 Hamburg
Germany
Tel: +49 (0)40 808112 419
Fax: +49 (0)40 808112 433
Email: info@hrnstiftung.org

1.3 Recipients of personal data

We will disclose this data to third parties only with your express permission given for this purpose or when the disclosure is necessary for the provision of the service or when we are required to do so by law or by an order of court or an administrative authority.

In some cases, we use external service providers who provide services for us within data processing agreements or other service contracts (especially IT services). We carefully select these external service providers, they are bound on our instructions and we regularly control them.

1.4 Period for which the personal data will be stored

The personal data will be deleted when they are no longer necessary for the purposes for which they were stored.

We will not erase your data if a retention is necessary due to statutory storage obligations or in individual cases a longer storage is necessary due to the assertion or the possible assertion of claims against us in connection with a contract or pre-contractual measures. In case of legal retention requirements, the processing of the data will be restricted first and then will be deleted once the retention period has expired.

1.5 Your rights

  • Article 15 of the GDPR: Right of access by the data subject
You are entitled to request information about the personal data concerning you is being processes by Hanns R. Neumann Stiftung
  • Article 16 of the GDPR: Right to rectification
In the event that the data concerning you is incorrect or incomplete, you may obtain the rectification of inaccurate personal data.
  • Article 17 of the GDPR: Right to erasure („right to be forgotten“) You may obtain the erasure of your personal data under the conditions of Article 17 of the GDPR. Your claim for erasure depends, among other things, on whether the data concerning you is still necessary to the purposes for which they were collected or otherwise processed.
  • Article 18 of the GDPR: Right to restriction of processing
You may obtain the restriction of processing your personal data under the conditions of Article 18 of the GDPR.
  • Article 20 of the GDPR: Right to data portability
You may request receiving your personal data, which you have provided to us, in a structured, commonly used and machine-readable format under the conditions of Article 20 of the GDPR.
  • Article 21 of the GDPR: Right to object
If we process your personal data based on point (f) or point (e) of Article 6 (1) of the GDPR you have the right to object, on grounds relating to your particular situation.
  • Article 7 (3) of the GDPR: Right to withdraw your consent
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Hanns R. Neumann Stiftung will be happy to respond to any queries regarding these rights of yours. Please contact us via e-mail or via message to the contact data given in the legal notice.

You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR. The address of the competent authority is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Kurt-Schumacher-Allee 4, 20097 Hamburg, Germany.

1.6 Transmission of personal data to third countries

We only transfer your personal data to third countries outside the EU or the EEA (i) if the third country has an adequate level of protection, (ii) if appropriate or suitable safeguards are provided, (iii) if you gave your permission or (iv) if the transmission is permissible for other reasons, e.g. at your request to prepare and/or fulfil a contract with you.

If we transfer your personal data based on appropriate or suitable safeguards, you can obtain a copy via info@hrnstiftung.org

1.7 Obligation to provide personal data

You are neither statutory nor contractually obliged to provide us with personal data. If you wish to conclude a service with us, it is necessary that you transfer your personal data to us. If you do not provide us with personal data in individual cases, you will not be able to conclude a contract with us or to obtain our services (e.g. newsletter, press release).

2. Data processing on our website

On our website, we collect three types of data: communication data, which your device provides to communicate with us, tracking data, which is generated when you use our website and personal contact information, which you provide to communicate with us or to use one of our services.

2.1 Data for technical or organisationally necessary purposes

We collect communication data on this website for technical or organisationally necessary purposes, especially to ensure an optimum viewing and security and stability of our website. Therefore, we collect the following data:

  • IP address,
  • date and time of the request,
  • time zone difference to Greenwich Mean Time (GMT),
  • content of the request (the actually requested part of the website),
  • access status/HTTP status code,
  • the quantity of data transmitted,
  • the website you were referred from (referrer URL),
  • web browser used,
  • the operating system and its interface,
  • Language and version of the browser software.

Legal basis for the collecting of this personal data is point (f) of Article 6 (1) of the GDPR.

2.2 Cookies

We use so-called “cookies” to optimise this website. Cookies are small text files that are stored on your computer and that facilitate an analysis of the way you use the website. From the user’s perspective, cookies make websites more convenient to use. From the operator’s perspective, they enable the collection and analysis of statistical data about the use of the website to improve the website’s content. Cookies do not harm your computer, contain no viruses, and are deleted when they are no longer required. Legal basis for the collecting and processing of this personal data is point (f) of Article 6 (1) of the GDPR.

You could configure your browser’s settings in compliance with your wishes, e.g. refusing third party cookies or cookies in general. We would like to make you aware of the fact that in this case you might not be able to use all functions of this website.
This website uses two different kinds of cookies:

2.2.1 Transient cookies

Transient cookies, especially session cookies, are being deleted automatically once you close your browser. They save a so called session ID, which enables to match different requests of your browser to joint session. Thus, your computer could be recognized, once you return to our website. Session cookies are being deleted once you log out and close your browser.

2.2.2 Persistent cookies

Persistent cookies are being deleted automatically after a pre-defined period, which may vary for different cookies. You are able to delete these cookies in your browser’s security settings at any time.

2.3 Contact form

You can use the online form on our website to contact us. We collect the personal data (name, telephone number, email address, company) used to complete the online form. At the time of sending, we also collect your IP address and date and hour of your registration. For processing the data, we will seek your express permission and refer to this privacy policy during the sending process. We do not disclose this personal data to third parties or use it for any purpose other than to process the query. Legal basis for the collecting and processing of this personal data is point (a) of Article 6 (1) of the GDPR or point (f) of Article 6 (1) of the GDPR. Thereby, processing the query is a legitimate interest.

Alternatively, you could contact us via e-mail. In this case, we collect the personal data transmitted by the e-mail. Legal basis for the collecting and processing of this personal data is point (f) of Article 6 (1) of the GDPR. Thereby, processing the query is a legitimate interest as well. The same applies to queries we receive by post or telephone. The data concerned will be deleted when they are no longer necessary for the purposes for which they were stored. This is the case if the conversation is finished. The data stored at the time of sending the message will be deleted after seven days at the latest.

If you exercised the withdrawal or objection as mentioned in Section 1.5 the conversation could not be continued.

In this case, all personal data stored through the process of contacting this website will be deleted as mentioned in Section 1.4.

2.4 Newsletter/press release

With your consent you can subscribe to our newsletter or/and press release, which will keep you informed about our current projects.
Registration for our newsletter/press release is completed as part of a double opt-in process. This means you will receive an email after registering in which you will be asked to confirm your registration. This confirmation is required so that nobody can register with email addresses that do not belong to them. If you do not confirm your registration, your information will be blocked and automatically deleted after one month.

The newsletter registrations are recorded in order to be able to verify the registration process in accordance with legal requirements and, if necessary, to investigate any possible misuse of your personal data. This includes storing the time of registration and confirmation and the IP address. The changes to your data that is held by MailChimp are also recorded.

You only need to provide your email address to register for the newsletter/press release. If you also provide us voluntarily with your first and last name, this enables us to personalise our email. However, it is not strictly necessary to provide the first and last name to register for the newsletter or press release.

We will store your email address (first and last name) solely for the purpose of sending you the newsletter/press release. Legal basis for the collecting and processing of this personal data is point (a) of Article 6 (1) of the GDPR.

You have the right to withdraw your consent to the processing of your personal data at any time as mentioned in Section 1.5. You can withdraw your consent by clicking the “Unsubscribe” button set up in our newsletter/press release e-mails as well as in writing or by email to our above mentioned contact details.

The newsletter/press release is dispatched by “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter/press release recipients and their further details described in this information are stored on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. MailChimp can by its own admission also use this data to enhance or improve its own services, e.g. to technically enhance the dispatch procedure and display of the newsletter or for commercial purposes to be able to determine which countries the recipients are from. However, MailChimp will not use the data of our newsletter recipients to contact them itself or forward it to third parties.

MailChimp is certified under the US-EU data privacy agreement “Privacy Shield“ and agrees to comply with the EU data privacy guidelines. You can view the MailChimp privacy policy here. To learn more about the Privacy Shield Frameworks, and to view the certification of MailChimp, visit the U.S. Department of Commerce’s Privacy Shield website, here.

2.5 Matomo

This website uses Matomo, a website analysis service provided by...

tbd