Privacy Policy

As the operator of this website, we at the Hanns R. Neumann Stiftung take the protection of your privacy and your personal data very seriously. For this reason, we treat your personal data as strictly confidential and adhere strictly to the data protection rules and regulations, in particular the European General Data Protection Regulation (“GDPR”).

1. General

1.1 Controller
Controller as defined by the GDPR and service supplier as defined by the German Telemedia Act (TMG) is:

Hanns R. Neumann Stiftung
Coffee Plaza – Am Sandtorpark
 4
20457 Hamburg
Germany
Tel:       +49 (0)40 808112 419
Fax:      +49 (0)40 808112 433
Email:  info@hrnstiftung.org

1.2 Data protection officer
You can contact our data protection officer at

Hanns R. Neumann Stiftung
Data Protection Officer
Coffee Plaza – Am Sandtorpark
 4
20457 Hamburg
Germany
Tel:       +49 (0)40 808112 419
Fax:      +49 (0)40 808112 433
Email:  info@hrnstiftung.org

1.3 Recipients of personal data
We will disclose this data to third parties only with your express permission given for this purpose or when the disclosure is necessary for the provision of the service or when we are required to do so by law or by an order of court or an administrative authority.

In some cases, we use external service providers who provide services for us within data processing agreements or other service contracts (especially IT services). We carefully select these external service providers, they are bound on our instructions and we regularly control them.

1.4 Period for which the personal data will be stored
The personal data will be deleted when they are no longer necessary for the purposes for which they were stored.

We will not erase your data if a retention is necessary due to statutory storage obligations or in individual cases a longer storage is necessary due to the assertion or the possible assertion of claims against us in connection with a contract or pre-contractual measures. In case of legal retention requirements, the processing of the data will be restricted first and then will be deleted once the retention period has expired.

1.5 Your rights

  • Article 15 of the GDPR: Right of access by the data subject
You are entitled to request information about the personal data concerning you is being processes by Hanns R. Neumann Stiftung
  • Article 16 of the GDPR: Right to rectification
In the event that the data concerning you is incorrect or incomplete, you may obtain the rectification of inaccurate personal data.
  • Article 17 of the GDPR: Right to erasure („right to be forgotten“) 
You may obtain the erasure of your personal data under the conditions of Article 17 of the GDPR. Your claim for erasure depends, among other things, on whether the data concerning you is still necessary to the purposes for which they were collected or otherwise processed.
  • Article 18 of the GDPR: Right to restriction of processing
You may obtain the restriction of processing your personal data under the conditions of Article 18 of the GDPR.
  • Article 20 of the GDPR: Right to data portability
You may request receiving your personal data, which you have provided to us, in a structured, commonly used and machine-readable format under the conditions of Article 20 of the GDPR.
  • Article 21 of the GDPR: Right to object
If we process your personal data based on point (f) or point (e) of Article 6 (1) of the GDPR you have the right to object, on grounds relating to your particular situation.
  • Article 7 (3) of the GDPR: Right to withdraw your consent
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Hanns R. Neumann Stiftung will be happy to respond to any queries regarding these rights of yours. Please contact us via e-mail or via message to the contact data given in the legal notice.

You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR. The address of the competent authority is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Kurt-Schumacher-Allee 4, 20097 Hamburg, Germany.

1.6 Transmission of personal data to third countries
We only transfer your personal data to third countries outside the EU or the EEA (i) if the third country has an adequate level of protection, (ii) if appropriate or suitable safeguards are provided, (iii) if you gave your permission or (iv) if the transmission is permissible for other reasons, e.g. at your request to prepare and/or fulfil a contract with you.

If we transfer your personal data based on appropriate or suitable safeguards, you can obtain a copy via info@hrnstiftung.org

1.7 Obligation to provide personal data
You are neither statutory nor contractually obliged to provide us with personal data. If you wish to conclude a service with us, it is necessary that you transfer your personal data to us. If you do not provide us with personal data in individual cases, you will not be able to conclude a contract with us or to obtain our services (e.g. newsletter, press release).

2. Data processing on our website
On our website, we collect three types of data: communication data, which your device provides to communicate with us, tracking data, which is generated when you use our website and personal contact information, which you provide to communicate with us or to use one of our services.

2.1 Data for technical or organisationally necessary purposes
We collect communication data on this website for technical or organisationally necessary purposes, especially to ensure an optimum viewing and security and stability of our website. Therefore, we collect the following data:
• IP address,
• date and time of the request,
• time zone difference to Greenwich Mean Time (GMT),
• content of the request (the actually requested part of the website),
• access status/HTTP status code,
• the quantity of data transmitted,
• the website you were referred from (referrer URL),
• web browser used,
• the operating system and its interface,
• Language and version of the browser software.

Legal basis for the collecting of this personal data is point (f) of Article 6 (1) of the GDPR.

2.2 Cookies
We use so-called “cookies” to optimise this website. Cookies are small text files that are stored on your computer and that facilitate an analysis of the way you use the website. From the user’s perspective, cookies make websites more convenient to use. From the operator’s perspective, they enable the collection and analysis of statistical data about the use of the website to improve the website’s content. Cookies do not harm your computer, contain no viruses, and are deleted when they are no longer required. Legal basis for the collecting and processing of this personal data is point (f) of Article 6 (1) of the GDPR.

You could configure your browser’s settings in compliance with your wishes, e.g. refusing third party cookies or cookies in general. We would like to make you aware of the fact that in this case you might not be able to use all functions of this website.
This website uses two different kinds of cookies:

2.2.1 Transient cookies
Transient cookies, especially session cookies, are being deleted automatically once you close your browser. They save a so called session ID, which enables to match different requests of your browser to joint session. Thus, your computer could be recognized, once you return to our website. Session cookies are being deleted once you log out and close your browser.

2.2.2 Persistent cookies
Persistent cookies are being deleted automatically after a pre-defined period, which may vary for different cookies. You are able to delete these cookies in your browser’s security settings at any time.

2.3 Contact form
You can use the online form on our website to contact us. We collect the personal data (name, telephone number, email address, company) used to complete the online form. At the time of sending, we also collect your IP address and date and hour of your registration. For processing the data, we will seek your express permission and refer to this privacy policy during the sending process. We do not disclose this personal data to third parties or use it for any purpose other than to process the query. Legal basis for the collecting and processing of this personal data is point (a) of Article 6 (1) of the GDPR or point (f) of Article 6 (1) of the GDPR. Thereby, processing the query is a legitimate interest.

Alternatively, you could contact us via e-mail. In this case, we collect the personal data transmitted by the e-mail. Legal basis for the collecting and processing of this personal data is point (f) of Article 6 (1) of the GDPR. Thereby, processing the query is a legitimate interest as well. The same applies to queries we receive by post or telephone. The data concerned will be deleted when they are no longer necessary for the purposes for which they were stored. This is the case if the conversation is finished. The data stored at the time of sending the message will be deleted after seven days at the latest.

If you exercised the withdrawal or objection as mentioned in Section 1.5 the conversation could not be continued.

In this case, all personal data stored through the process of contacting this website will be deleted as mentioned in Section 1.4.

2.4 Newsletter/press release
With your consent you can subscribe to our newsletter or/and press release, which will keep you informed about our current projects.
Registration for our newsletter/press release is completed as part of a double opt-in process. This means you will receive an email after registering in which you will be asked to confirm your registration. This confirmation is required so that nobody can register with email addresses that do not belong to them. If you do not confirm your registration, your information will be blocked and automatically deleted after one month.

The newsletter registrations are recorded in order to be able to verify the registration process in accordance with legal requirements and, if necessary, to investigate any possible misuse of your personal data. This includes storing the time of registration and confirmation and the IP address. The changes to your data that is held by MailChimp are also recorded.

You only need to provide your email address to register for the newsletter/press release. If you also provide us voluntarily with your first and last name, this enables us to personalise our email. However, it is not strictly necessary to provide the first and last name to register for the newsletter or press release.

We will store your email address (first and last name) solely for the purpose of sending you the newsletter/press release. Legal basis for the collecting and processing of this personal data is point (a) of Article 6 (1) of the GDPR.

You have the right to withdraw your consent to the processing of your personal data at any time as mentioned in Section 1.5. You can withdraw your consent by clicking the “Unsubscribe” button set up in our newsletter/press release e-mails as well as in writing or by email to our above mentioned contact details.

The newsletter/press release is dispatched by “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter/press release recipients and their further details described in this information are stored on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. MailChimp can by its own admission also use this data to enhance or improve its own services, e.g. to technically enhance the dispatch procedure and display of the newsletter or for commercial purposes to be able to determine which countries the recipients are from. However, MailChimp will not use the data of our newsletter recipients to contact them itself or forward it to third parties.

MailChimp is certified under the US-EU data privacy agreement “Privacy Shield“ and agrees to comply with the EU data privacy guidelines. You can view the MailChimp privacy policy here [https://mailchimp.com/legal/privacy/]. To learn more about the Privacy Shield Frameworks, and to view the certification of MailChimp, visit the U.S. Department of Commerce’s Privacy Shield website, here [https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active].

2.5 Google Analytics
This website uses Google Analytics, a website analysis service provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”). Google Analytics uses cookies. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

We have concluded a contract with Google for contract data processing and we have activated the “IP anonymisation” feature on this website. This means that Google will truncate your IP address within member states of the European Union or other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. Google uses this information on our behalf to analyse your use of this website, compile reports on the activity on Hanns R. Neumann Stiftung website, and to provide other services relating to website activity and internet use.

Google may also pass this information on to third parties in so far as this is required by law or if third parties process the data on Google’s behalf. Google will in no case ever associate your IP address with any other data held by Google. You can prevent cookies from being installed on your computer by setting your browser not to accept cookies. Please note that if you do this, however, some features of this website may no longer function properly.

We use Google Analytics to analyze and constantly improve the use of our website. Because of the statistics gained we are able to improve our offer and make it more interesting for you as a user. Regarding the exceptional cases, where personal data is transmitted to the United States, Google has subjected to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for using Google Analytics is point (f) of Article 6 (1) of the GDPR.

For more information, please refer to: Google Dublin, google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax +353 (1) 436 1001; terms of use: http://www.google.com/analytics/terms/de.html; overview of privacy: http://www.google.com/intl/de/analytics/learn/privacy.html; privacy statement: https://www.google.com/intl/en-GB/policies/privacy/.
You can prevent cookies from being stored by changing the relevant browser settings. Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent the collection of your data by Google Analytics by clicking on the following link. This sets an opt-out cookie which will prevent future collection of your data when visiting this website. Please note that if you delete your cookies, you will then have to re-activate the opt-out cookie. Google Analytics opt-out browser add-on https://tools.google.com/dlpage/gaoptout?hl=de.

2.6 HeatMap
This website uses HeatMap, a website analysis service provided by HeatMap Inc. [Please add Address of HeatMap]. HeatMap uses cookies and a tracking code to generate information about your activity of this website. The information generated by the cookies and the tracking code about your use of this website are mouse and touch activity (but no keyboard activity), device screen size, geographic location (country only), pages visited, date and time when website pages were accessed. This information will be transmitted to and stored by HeatMap on servers in the United States, Canada or/and Europe. We do not expose personally identifiable information to HeatMap.

You can prevent cookies from being stored by changing the relevant browser settings. Furthermore, you can also prevent the collection of your data by HeatMap by following the link https://heatmap.me/privacy and clicking the HeatMap opt-out cookie that applies to all sites using HeatMap.

For more information about the collection and processing of your data by HeatMap, please refer to HeatMap’s privacy policy available at https://heatmap.me/privacy.

2.7 Google Maps API
This website uses Google Maps API from Google to display an interactive local area map. By visiting our website, Google will receive the information that you accessed the respective sub-website of our website. The data mentioned in Section 2 of this privacy statement will also be transmitted. This will occur without regard to whether you are logged into a Google account or not. If you are logged in your data will be allocated with your account. You can prevent this allocation by logging out before usage. Google stores your data as usage profiles and uses it for advertising and market research purposes. This data processing occurs especially to create needs-based advertising and to inform other users of the social network about you visiting our website.

You have the right to object to these usage profiles. To do so, please contact Google.
For more information about the collection and processing of your data by Google, please refer to Google’s privacy policy available at https://www.google.com/intl/en-GB/policies/privacy/. For data processing within the United States Google has subjected to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

2.8 Social plugins and feeds
This website uses social plugins and feeds, which help integrate the website with a number of social media platforms. This lets users send data to social media, by clicking on the respective logos or icons of the social media sites to “tweet”, “share” or “like” the content. At present, the website uses Facebook and Twitter plugins as well as Facebook, Twitter and Instagram feeds. Merely visiting our website will not result in any of your data being transferred to the social media platforms. Data will be transferred and stored on to social media sites by clicking on the corresponding social plugins or on buttons in the social media feeds. You could identify the plugin’s provider through the label at the button, its initial letter or its logo.

The provider of the respective service will then be informed that you have accessed our website and, if you are logged into your user account on the respective service at the same time, can link this information to your user account. This processing will only occur if you have clicked the relevant button and thereby have activated the plugin. Hanns R. Neumann Stiftung has no influence on the scope, purpose or duration of the storage. Social media providers may also use cookies. Thus, we advise you to delete all cookies before using the plugin. By their own terms Facebook will immediately anonymize your IP address after collecting in Germany.

We have no control over the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing and the storage periods. We also have no information on the erasure of the data collected by the plug-in or feed provider.

The transmission of the data will occur without regard whether you are logged into an account of the provider or not. If you are logged in your data will be allocated with your account. You can prevent this allocation by logging out before usage. The provider of the respective service stores your data as usage profiles and uses it for advertising and market research purposes. This data processing occurs especially to create needs-based advertising and to inform other users of the social network about you visiting our website. You have the right to object to these usage profiles. To do so, please contact the respective provider.

Legal basis for using social plugins is point (f) of Article 6 (1) of the GDPR.

Through the social plugins on our website you can use the services of the following providers and you get further information about their privacy policies on their websites:

2.8.1 Facebook Ireland Ltd.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, http://www.facebook.com/policy.php; for more information to the data processing:
http://www.facebook.com/help/186325668085084,
http://www.facebook.com/about/privacy/your-info-onother#
http://www.facebook.com/about/privacy/your-info#everyoneinfo.
https://help.instagram.com/519522125107875
Facebook is certified under the US-EU data privacy agreement “Privacy Shield“. To learn more about the Privacy Shield Frameworks, and to view the certification of Facebook, visit the U.S. Department of Commerce’s Privacy Shield website, here [Please insert link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active].

2.8.2 Twitter Inc.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is certified under the US-EU data privacy agreement “Privacy Shield“. To learn more about the Privacy Shield Frameworks, and to view the certification of Twitter, visit the U.S. Department of Commerce’s Privacy Shield website, here [https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO].