Navigation einblenden
Navigation ausblenden

Privacy policy

We take the protection of your personal data during their collection, processing and use when you visit our website and use our services very seriously. Your data will be protected within the framework of the statutory regulations. Please find information below about which data are collected on which legal basis when you visit our website and use our services and how these data are processed. Furthermore, we inform you about your rights in connection with the processing of your personal data.


Controller


The controller responsible for processing the personal data collected during visits to this website is:

Bundesverband Deutscher Stiftungen e.V. (Association of German Foundations)
Karl-Liebknecht-Straße 34
10178 Berlin
E-Mail: datenschutz@stiftungen.org


Data protection officer


Our data protection officer will be happy to help you if you require any information or have any suggestions about the issue of data protection:

datenschutz nord GmbH
Zweigstelle Berlin-Charlottenburg
Kurfürstendamm 212
10719 Berlin
E-Mail: office@datenschutz-nord.de


Data security and data processing


We take technical and organizational measures to protect your data against unauthorized access as comprehensively as possible. We use an encryption process on our websites. Your data are transferred from your computer to our server and back via the internet using SSL encryption. As a rule, you will recognize this from the fact that the lock icon in your browser’s status bar is closed and the address line begins with https://.

Usage data
When you visit our website, we temporarily save so-called usage data on the basis of Art. 6 Paragraph 1(f) of the GDPR. We use usage data for statistical purposes to improve the quality of our website. We also use this information to enable our website to be accessed, to control and administer our systems and to improve the design of the website. These purposes pursued by us also constitute the legitimate interests referred to in Art. 6 Paragraph 1 (f) of the GDPR. A data set comprises:

  • the name and address of the accessed content,
  • the date and time of access,
  • the data quantity transferred,
  • the access status (content transferred, content not found),
  • a description of the web browser and operating system used,
  • the referral link that identifies the page from which you accessed our website,
  • the IP address of the requesting computer; this is deleted after seven days.

Use of cookies
We use cookies on our website. Cookies are small text files that can be stored and read in the internet browser or by the internet browser on the user’s computer system. They allow information to be retained for a certain period of time and the visitor’s computer to be identified. This facilitates navigation and makes our website more user-friendly. Cookies also help us identify particularly popular areas of our website. A distinction is made between session cookies that are deleted again as soon as you close your browser and permanent cookies that are stored for longer than an individual session.

Some cookies are necessary for the use of our website. We do not use these cookies for analysis, tracking or advertising purposes. In some cases, these cookies merely contain information about particular settings and are not personalized. They may also be needed to enable the site’s user guidance, security and implementation. We use these cookies on the basis of Art. 6 Paragraph 1 (f) of the GDPR, based on our legitimate interest in being able to offer essential functions of the website in order to maintain its functionality.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. Furthermore, you can delete cookies at any time using the corresponding browser setting and prevent the placement of new cookies. Please note that our websites may then not be able to be displayed and that some functions may no longer be available for technical reasons. In addition, we also use technically non-essential cookies on our website. We will inform you separately about the use of these cookies below.

Cookie consent
Our website uses Sgalinski’s cookie consent technology to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations. This technology is provided by the company Sgalinski, Bahnhofstraße 52, 37339 Gernrode (hereinafter “Sgalinski”). When you use our website, the following personal data will be transferred to Sgalinski:

  • your consent(s) and/or the withdrawal of your consent(s)
  • your IP address
  • information about your browser
  • information about your end device
  • the time of your visit to the website

Furthermore, Sgalinski stores a cookie in your browser to be able to attribute the consents granted and/or their withdrawal to you. The legal basis for data processing is Art. 6 Paragraph 1 (c) of the GDPR. Sgalinski is used to obtain the legally required consents for the use of technically non-essential cookies and to provide proof of the corresponding consents (cf. Art. 7 Paragraph 1 and Art. 5 Paragraph 2 of the GDPR). The aim is to know the preferences of our users and implement them accordingly, and to document these for the purposes of providing proof.

Contacting us
You can contact us by post, phone or e-mail. You can also use the contact form provided on our website for this purpose. In this context, we process the following required information: your name, your e-mail address and your message. We use these data to address you personally, to process your enquiry and to respond to you. You can also give us your telephone number voluntarily. We need this information to be able to contact you more quickly in case of questions. Your data will be deleted once your enquiry has been dealt with. This is the case when the circumstances indicate that the matter in question has been conclusively resolved and provided that there are no statutory retention requirements to the contrary.

The legal basis for data processing is Art. 6 Paragraph 1 (f) of the GDPR. We have a legitimate interest in being in contact with the users of the website and in responding to enquiries addressed to us.

Events of the Association of German Foundations
Within the framework of registration for and conduct of events, we process the personal data of participants. As a rule, these data include your name, your e-mail address and if applicable further information relevant to the organization of the event (e.g. name of the foundation/organization to which you belong and your role there). For fee-paying events, we may also process your payment data.

Data are processed in order to be able to identify those persons who have registered, to plan and condct the event and for the purposes of communication relating to the event (e.g. confirmation of registration or information about programme changes).

Your personal data are processed for the aforementioned purposes on the legal basis of the performance of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 Paragraph 1 (b) of the GDPR where you register for a fee-paying event and we process the personal data necessary for fulfilling the contract. Data processing in connection with free events is based on Art. 6 Paragraph 1 (f) of the GDPR where we process your data within the framework of our legitimate interest in organizing and conducting the event. If we wish subsequently to send you surveys or further event announcements, we will request your consent in advance. The provision of your data on the form is necessary for registration in order to enable your participation and fulfil our obligations. We will clearly indicate any information that is voluntary.

Your personal data will be stored for the period required for the fulfilment of the aforementioned purposes, and additionally in accordance with the statutory retention periods, for a maximum period of 10 years.

For documentation purposes, photographs and videos are taken at events of the Association of German Foundations such as the Deutscher Stiftungstag (German Foundation Congress). The Association of German Foundations uses these for the purposes of its reporting, for its general press and public relations work, especially on social media, on the Association’s website and in other Association media. Furthermore, the material for the public relations activities of the Association of German Foundations may be passed on to other media as press information. You have the right to object to the production and use of photographs and videos that relate to you.

The data we store will be deleted as soon as they are no longer necessary for their intended purpose and provided that there are no statutory retention requirements to the contrary.

Newsletter subscription
Our website gives you the option of subscribing to our free newsletter from the Association of German Foundations. The newsletter informs you about news and current projects at the Association of German Foundations. For us to be able to send you the newsletter, we need your e-mail address so that we can address you personally. We use these data to attribute your enquiry to you.

The legal basis for data processing is Art. 6 Paragraph 1 (a) of the GDPR (consent), which you give us after registering for the newsletter by clicking on the corresponding link in the confirmation e-mail (so-called double opt-in process).

Your registration will only take effect once you have clicked on the link in the confirmation e-mail. The data will be stored for as long as your consent remains in place. You can withdraw your consent at any time with future effect. To do so, simply use the unsubscribe link at the end of each e-mail. Your e-mail address will then be deleted from the mailing system. The processing of your data that took place until the withdrawal of your consent remains lawful.


Website analysis


We use web analysis tools to customize the design of our websites. Data are processed on the basis of your consent in accordance with Art. 6 Paragraph 1 (a) of the GDPR and § 25 Section 1 of the TTDSG (the German Telecommunications and Telemedia Data Protection Act) where you have given your consent via our cookie banner. You can withdraw your consent at any time with future effect. You can select the required settings in our cookie banner by accessing the cookie banner in the footer of our website (“Cookie consent”).

How does tracking work?
The web analysis tool providers we use create usage profiles for us based on pseudonyms. The usage profiles created are used to analyse visitor behaviour and are evaluated in order to improve and customize the design of our services. To this end, permanent cookies are stored on your end device and read by us. In addition, it is possible that we will access identifying characteristics of your browser or your end device (e.g. with the help of tracking pixels or so-called browser fingerprints). This enables us to identify returning visitors and count them as such.

Which third-party providers do we use in this context?
An overview of the third-party providers we cooperate with for analysis purposes can be found below. Data processing may also take place outside the EU or EEA. If the data in this context are processed outside the EU or EEA, we provide information about the adequate level of data protection. With respect to providers from the USA, no adequate data protection level can be assumed because they process the data in the USA. There is a risk of authorities accessing the data for security or surveillance purposes without you being informed about this or having the right to appeal. Please bear this in mind if you decide to give your consent to our use of the web analysis tools.

Google Analytics (USA)
Adequate data protection level: for data transferred to the USA, an adequate data protection level is guaranteed thanks to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).

Withdrawal of consent: If you wish to withdraw your consent, please select the corresponding setting via our cookie banner, which can be accessed for example via the cookie link in the footer of the website (“Cookie settings”). Further information can be found here.


Tracking technologies from third-party providers for advertising purposes


We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our website and we can identify how effective our advertising measures have been. Data are processed on the basis of your consent in accordance with Art. 6 Paragraph 1 (a) of the GDPR and § 25 Section 1 of the TTDSG (the German Telecommunications and Telemedia Data Protection Act) where you have given your consent via our banner. Your consent is voluntary and can be withdrawn at any time with future effect. You can select the required settings in our cookie banner by accessing the cookie banner in the footer of our website (“Cookie settings”).

How does tracking work?
When you visit our websites it is possible that the third-party providers named below will access identifying characteristics of your browser or your end device (e.g. a so-called browser footprint), analyse your IP address, store and/or read identifying characteristics on your end device (e.g. cookies) or obtain access to individual tracking pixels. The individual characteristics may be used by the third-party providers to recognize your end device on other websites. We can commission the respective third-party providers to activate advertising that reflects the pages you visit of our website.

What is meant by cross-device tracking?
If you log in to a third-party provider’s website using your own user data, the respective identifying characteristics of different browsers and end devices can be interlinked. If for example the third-party provider has created a separate characteristic for the laptop, desktop PC or smartphone/tablet you are using, these individual characteristics can be assigned to each other as soon as you use a service of the third-party provider with your log-in data. In this way, the third-party provider can also run our advertising campaigns across different end devices in a targeted manner.

Which third-party providers do we use in this context?
The third-party providers we cooperate with for advertising purposes are named below. If the data in this context are processed outside the EU or EEA, we provide information about the adequate level of data protection. With respect to providers from the USA, no adequate data protection level can be assumed because they process the data in the USA. There is a risk of authorities accessing the data for security or surveillance purposes without you being informed about this or having the right to appeal. Please bear this in mind if you decide to give your consent to our use of the marketing tools.

Facebook/Meta (USA and/or Ireland)
Adequate data protection level: for data transferred to the USA, an adequate data protection level is guaranteed thanks to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework.

Withdrawal of consent: If you wish to withdraw your consent, please select the corresponding setting via our cookie banner, which can be accessed for example via the cookie link in the footer of the website (“Cookie settings”). Further information can be found here.

LinkedIn
Adequate data protection level: data may also be processed outside the EU/EEA. No adequate data protection level. Data are transferred on the basis of Art. 49 Paragraph 1 (a) of the GDPR.

Withdrawal of consent: If you wish to withdraw your consent, please select the corresponding setting via our cookie banner, which can be accessed for example via the cookie link in the footer of the website (“Cookie settings”). Further information can be found here.


Embedded videos


We also embed videos on our website that are not stored on our servers. To ensure that accessing our website with embedded videos does not automatically result in content of a third-party provider being loaded, we initially display only locally stored preview images (thumbnails) of the videos. This does not result in the third-party provider obtaining any information. Only following a click on the thumbnail will content of the third-party provider be loaded. This provides the third-party provider with the information that you have accessed our site and with the usage data that are technically necessary to do so. In addition, the third-party provider is then able to implement tracking technologies. We have no influence over the further processing of the data by the third-party provider. By clicking on the thumbnail you give us your consent to load content from the third-party provider.

Embedding takes place on the basis of your consent in accordance with Art. 6 Paragraph 1 (a) of the GDPR and § 25 Section 1 of the TTDSG (the German Telecommunications and Telemedia Data Protection Act) where you have given your consent by clicking on the thumbnail. Please note that the embedding of videos results in many cases in your data being processed outside the EU and EEA. In some countries this entails the risk of authorities accessing the data for security or surveillance purposes without you being informed about this or having the right to appeal. If we use providers in unsafe third countries and you give your consent, the transfer to an unsafe third country takes place on the basis of Art. 49 Paragraph 1 (a) of the GDPR.

We use videos from the following third-party providers:

YouTube/Google (USA)
We use embedded YouTube videos in extended data protection mode. This means that YouTube does not store any cookies for a user who accesses a website with an embedded YouTube video player but does not click on the video to start playback. If the YouTube video player is clicked, YouTube may under certain circumstances store cookies (including from DoubleClick) on the user’s computer, though no personal cookie information for playing embedded videos will be stored.

Adequate data protection level: for data transferred to the USA, an adequate data protection level is guaranteed thanks to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework.

Withdrawal of consent: once you have clicked on a thumbnail the third-party provider’s content will be immediately loaded. If you do not wish such loading of content to happen on other sites, please do not click on the thumbnails any more. Further information can be found here.


Integration of other technical third-party content and functions


We use the technical functions and content of third-party providers listed below to display our websites. Accessing our sites results in content from the third-party providers being loaded that makes these functions and content available. This provides the third-party provider with the information that you have accessed our site and with the usage data that are technically necessary to do so. We have no influence over the further processing of the data by the third-party provider.

Data are processed on the basis of your consent in accordance with Art. 6 Paragraph 1 (a) of the GDPR and § 25 Section 1 of the TTDSG (the German Telecommunications and Telemedia Data Protection Act) where you previously gave your consent via our banner solution.  

Please note that the use of third-party content and functions can result in your data being processed outside the EU and EEA. In some countries this entails the risk of authorities accessing the data for security or surveillance purposes without you being informed about this or having the right to appeal. If we use providers in unsafe third countries, the transfer to a third country takes place on the basis of Art. 46 Paragraph 2 (c) of the GDPR (standard data protection clauses).

Google Tag Manager
Adequate data protection level: for data transferred to the USA, an adequate data protection level is guaranteed thanks to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework.  

Withdrawal of consent: If you wish to withdraw your consent, please select the corresponding setting via our cookie banner, which can be accessed for example via the cookie link in the footer of the website (“Cookie settings”).


Is it compulsory to make data available?


There is no legal requirement to make your data available and you do so voluntarily. The use of certain services does require you to provide your data, however. For example, it is necessary to state your e-mail address in the contact form, as without it we are unable to respond to your electronic enquiry. When you enter your data, we inform you whether these data need to be provided for the particular service or function in question. These data are marked as mandatory fields. If you do not provide necessary data, the service or function in question will not be available. Failure to provide optional data may mean that we are unable to provide our services in the same form and to the same extent as usual.


Duration of data storage


Where we have not already provided information about the storage duration in individual cases, we delete personal data once they are no longer needed for the aforementioned processing purposes and provided that there are no statutory retention requirements to the contrary.
 

Use of service providers


Within the context of processing in accordance with Art. 28 of the GDPR, we pass your data on to service providers who support us with the operation of our websites and the associated processes. Our service providers are strictly bound by our instructions and contractually obliged accordingly. These are service providers in the following categories:

  • Hosting service providers/cloud service providers for the operation of our servers
  • Service providers for ensuring IT security
  • Development service providers for the programming, development, maintenance and support of software applications
  • Service providers for the delivery and performance assessment of our website
  • E-mail service providers for the sending of e-mails in connection with our contractual services
  • E-mail marketing service providers for the sending of newsletters
  • Advertising network operators for advertising campaigns and the display of online advertising

The service providers process the data solely on our instruction and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and receive access to your data only to the extent and for the period necessary to provide the services.
 

Social media


When you visit our social media sites, it may be necessary for your personal data to be processed. We wish to inform you below about how your data are handled in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Controller
We, the European Community Foundation Initiative, Karl-Liebknecht-Straße 34, 10178 Berlin, operate the following social media channels:

Besides us, the respective operator of the social media platform is also responsible for processing your personal data. Where we can influence this and parametrize the data processing, we do everything we can to ensure that data are handled by the operator of the social media platform in accordance with data protection regulations. In this context, please also note the data protection information provided by the respective social media platform.

Data processing by us
The data you enter on our social media sites, e.g. user name, comments, videos, images, likes, public messages etc., are published by the social media platform and not processed by us for other purposes. We merely reserve the right to delete content if this should be necessary. We may share your content on our website if this is a function of the social media platform and communicate with you via the social media platform.

If you post an enquiry to us on the social media platform, we may also refer you, depending on the content, to other secure communication channels that guarantee confidentiality. For example, you have the possibility at any time to send your enquiries to us at the address stated in the legal notice or at info@communityfoundations.eu. The choice of appropriate communication channel is your own responsibility.

The legal basis is Art. 6 Paragraph 1 (f) of the GDPR. Data are processed in the interests of our public relations work and communication with you. Some social media platforms compile statistics on the basis of usage data and contain information about your interaction with our social media site. We cannot influence or prevent the compilation and provision of these statistics. We process this information in accordance with Art. 6 Paragraph 1 (f) of the GDPR in the legitimate interest of validating the use of our social media sites and improving our content in a target group-oriented manner.

We use the demographic, interest-based, behavioural-based or location-based target group definitions for advertising that the operator of the social media platform may make available to us. If you wish to object to the processing of certain data that we can influence please contact the persons named in the legal notice. We will then review your objection or if necessary pass it on to the social media platform.

Use of Insights
In connection with the operation of our Facebook page, we use the Insights function from Meta (Facebook) to obtain statistical data about the users of our Facebook page. This is done on the basis of Art. 6 Paragraph 1 (f) of the GDPR, based on our interest in being able to measure the use of our presence on Facebook.

You can find out which information is used for this purpose in the “Information about Page Insights Data”. You will also find information there about the joint responsibility of us and Meta (Facebook) when using the Insights function. Furthermore, you will find information there about your rights as a data subject. We have entered into an arrangement with Meta (Facebook). In it, we have agreed that Meta (Facebook) is primarily responsible for providing you with information about joint processing and for enabling you to exercise your rights in accordance with the GDPR.

Data processing by the operator of the social media platform
The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged into or registered with the social media platform.

We therefore wish to draw your attention to the fact that it cannot be ruled out that the provider of the social media platform will use your profile and behavioural data to analyse for example your habits, personal relationships, preferences etc. We have no influence on the processing of your data by the provider of the social media platform, so use of the social media platform is at your own risk.

More detailed information about data processing by the provider of the social media platform, configuration options to protect your privacy and further objection options and, to the extent one is available and has been concluded, the arrangement in accordance with Art. 26 of the GDPR, can be found in the provider’s data protection information:

Storage duration

We delete your personal data once they are no longer needed for the aforementioned processing purposes and provided that there are no statutory retention requirements to the contrary.

Your rights as a user
As a website user, you have the option of asserting the following rights vis-à-vis both us and the provider of the social media platform, if the requirements are met:

Right of access (Art. 15 of the GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information listed in Art. 15 of the GDPR.

Right to rectification and erasure (Art. 16 and 17 of the GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if applicable, to have incomplete personal data completed. You further have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 of the GDPR applies, e.g. if the data are no longer necessary for the pursued purposes.

Right to restriction of processing (Art. 18 of the GDPR):
You have the right to obtain restriction of processing where one of the prerequisites listed in Art. 18 of the GDPR applies, e.g. if you have objected to processing for the duration of a possible review.

Right to data portability (Art. 20 of the GDPR):
In certain cases, which are listed in Art. 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and/or to demand that these data are transmitted to a third party.


Your rights as a data subject


As a data subject, you have the right of access to the personal data concerning you (Art. 15 of the GDPR) and to the rectification of inaccurate data (Art. 16 of the GDPR) or to erasure where one of the grounds listed in Art. 17 of the GDPR applies, e.g. if the data are no longer necessary for the pursued purposes. Furthermore, you have the right to restriction of processing where one of the prerequisites listed in Art. 18 of the GDPR applies and, in the cases listed in Art. 20 of the GDPR, the right to data portability. Where processing of the data is based on your consent, you have the right, in accordance with Art. 7 of the GDPR, to  withdraw your consent to the use of your personal data at any time. A withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Every data subject further has the right to lodge a complaint with a supervisory authority if he or she considers that the processing of data relating to him or her infringes data protection laws (Art. 77 of the GDPR).

Right to object

In cases in which we process your personal data on the legal basis of Art. 6 Abs. 1 (e) or (f) of the GDPR, you have the right to object at any time on grounds relating to your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You further have the right to object at any time to processing of your data for direct marketing purposes. This includes profiling related to such direct marketing.