Data Controller

The data controller for the processing of personal data collected when visiting this website is:

Bundesverband Deutscher Stiftungen e.V.
Karl-Liebknecht-Straße 34
10178 Berlin
Email: datenschutz@stiftungen.org

Data Protection Officer

Our Data Protection Officer is available to assist you if you require information or have any suggestions regarding data protection:

datenschutz nord GmbH
Berlin office
Kurfürstendamm 212
10719 Berlin
Email: office@datenschutz-nord.de

Data security

We take technical and organizational measures to protect your data as comprehensively as possible against unauthorized access. We use an encryption method on our websites. Your data is transferred from your computer to our server and back via the Internet using SSL encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Usage data

When you visit our website, we temporarily store so-called usage data on the basis of Art. 6 (1) lit. f GDPR. We use usage data for statistical purposes to improve the quality of our website. We also use this information to enable access to our website, to control and manage our systems, and to improve the design of the website. These purposes we pursue also constitute legitimate interests pursuant to Art. 6 (1) lit. f GDPR. A data record includes:

• the name and address of the content accessed,
• the date and time of access,
• the amount of data transferred,
• the access status (content transferred, content not found),
• a description of the web browser and operating system used,
• the referral link that identifies the page from which you accessed our website,
• the IP address of the requesting computer; this is deleted after seven days.

Use of cookies

We use cookies on our website. Cookies are small text files that can be stored and read in the Internet browser or by the Internet browser on the user’s computer system. They allow information to be stored for a certain period of time and identify the visitor’s computer. This facilitates navigation and makes our website more user-friendly. Cookies also help us to identify particularly popular areas of our website. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

Some cookies are necessary for the use of our website. We do not use these cookies for analysis, tracking, or advertising purposes. In some cases, these cookies only contain information about certain settings and are not personal. They may also be necessary to enable user guidance, security, and implementation of the site. We use these cookies on the basis of § 25 (2) No. 2 TDDDG.

You can set your browser to notify you when cookies are placed. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent new cookies from being set. Please note that our websites may then not be displayed and some functions may no longer be available for technical reasons. In addition, we also use cookies on our website that are not technically necessary. We will inform you separately about the use of these cookies below.

Cookie consent

Our website uses cookie consent technology from Sgalinski to obtain your consent to store certain cookies on your device and to document this in accordance with data protection regulations. This technology is provided by Sgalinski, Bahnhofstraße 52, 37339 Gernrode (hereinafter “Sgalinski”). When you use our website, the following personal data is transmitted to Sgalinski:

• Your consent(s) and/or the revocation of your consent(s)
• Your IP address
• Information about your browser
• Information about your device
• The time of your visit to the website

In addition, Sgalinski stores a cookie in your browser in order to be able to assign the consents given and/or their revocation to you. The legal basis for data processing is Art. 6 (1) lit. c GDPR. Sgalinski is used to obtain the legally required consents for the use of technically unnecessary cookies and to provide proof of the corresponding consents (cf. Art. 7 (1) and Art. 5 (2) GDPR). The aim is to know the preferences of our users and to implement them accordingly and to document them for the purpose of proof.

Contacting us

You can contact us by mail, telephone, or email. In this context, we process the data you provide to us in order to address you personally, process your inquiry, and respond to you.

The legal basis for data processing is Art. 6 (1) lit. f GDPR. We have a legitimate interest in contacting users of the website and responding to inquiries addressed to us.

Subscribe to newsletter

On our website, you have the option of subscribing to our free newsletter. The newsletter informs you about news and current projects at the European Community Foundations Initiative. In order for us to send you the newsletter, we need your email address so that we can address you personally.

The legal basis for data processing is Art. 6 (1) (a) GDPR (consent), which you give us after registering for the newsletter by clicking on the corresponding link in the confirmation email (so-called double opt-in procedure).

Your registration only becomes effective once you have clicked on the link in the confirmation email. The data will be stored for as long as your consent remains valid. You can revoke your consent at any time with effect for the future. To do so, simply use the unsubscribe link at the end of each email. Your email address will then be deleted from the mailing system. The processing of your data that took place until you revoked your consent remains lawful.

Website analysis

We use web analysis tools to customize the design of our websites. Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, provided that you have given your consent via our cookie banner. You can revoke your consent at any time with future effect. You can make the necessary settings in our cookie banner by calling up the cookie banner in the footer of our website (“Manage Consent”).

How does website analysis work?

The web analysis tool providers we use create usage profiles for us based on pseudonyms. The usage profiles created are used to analyze visitor behavior and are evaluated in order to improve and adapt the design of our services. For this purpose, permanent cookies are stored on your device and read by us. In addition, we may access identifying features of your browser or device (e.g., using tracking pixels or browser fingerprints). This enables us to identify and count returning visitors.

Which third-party providers do we use in this context?

An overview of the third-party providers we work with for analysis purposes can be found below. Data processing may also take place outside the EU or the EEA.

Third-party tracking technologies for advertising purposes

We use cross-device tracking technologies so that targeted advertising can be displayed to you on other websites based on your visit to our website and so that we can track how effective our advertising measures have been. Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, if you have given your consent via our banner. Your consent is voluntary and can be revoked at any time with effect for the future. You can select the required settings in our cookie banner by calling up the cookie banner in the footer of our website (“Manage Consent”).

How does tracking for advertising purposes work?

When you visit our website, the third-party providers listed below may access identifying features of your browser or device (e.g., a so-called browser footprint), analyze your IP address, store and/or read identifying features on your device (e.g., cookies), or gain access to individual tracking pixels. The individual features can be used by third-party providers to recognize your device on other websites. We may commission the respective third-party providers to place advertisements that reflect the pages of our website that you have visited.

What is cross-device tracking?

When you log in to a third-party website with your own user data, the respective identification features of different browsers and end devices can be linked together. If, for example, the third-party provider has created its own identifier for the laptop, desktop PC, or smartphone/tablet you use, these individual identifiers can be assigned to each other as soon as you use a third-party provider’s service with your login details. In this way, the third-party provider can also display our advertising campaigns in a targeted manner across different devices.

Which third-party providers do we use in this context?

The third-party providers with whom we collaborate for advertising purposes are listed below. If data is processed outside the EU or the EEA in this context, we will provide information about the appropriate level of data protection.

Embedded videos

We also embed videos on our website that are not stored on our servers. To ensure that visiting our website with embedded videos does not automatically result in third-party content being loaded, we initially only display locally stored preview images (thumbnails) of the videos. This does not result in the third-party provider receiving any information. Only after clicking on the preview image is the third-party provider’s content loaded. This provides the third-party provider with the information that you have accessed our site and the technically necessary usage data. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on the further processing of the data by the third-party provider. By clicking on the preview image, you give us your consent to load the third-party provider’s content.

The embedding is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, provided that you have given your consent by clicking on the thumbnail. Please note that in many cases, embedding videos means that your data will be processed outside the EU and the EEA.

We use videos from the following third-party providers:

Integration of additional technical content and third-party functions

We use the technical functions and content from third-party providers listed below to display our websites. When you visit our pages, content from third-party providers who provide these functions and content is loaded. This provides the third-party provider with information that you have visited our site and the technically necessary usage data. We have no influence on the further processing of the data by the third-party provider.

Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, provided that you have previously given your consent via our banner solution.

Please note that the use of third-party content and functions may result in your data being processed outside the EU and the EEA.

Map services

We embed map services on our websites that are not stored on our servers. For data protection reasons, however, no third-party content is loaded when you visit our websites, and the third-party provider does not receive any information.

Only when you give your consent via our banner will third-party content be loaded. This provides the third-party provider with the information that you have visited our site and the technically necessary usage data. We have no influence on further data processing by the third-party provider. Your consent includes the loading of third-party content.

The embedding is based on your consent, provided that you have given your consent via our banner.

Please note that the embedding of some map services means that your data will be processed outside the EU or the EEA (in particular in the USA). If the data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information on the level of data protection in the table below.

Obligation to provide data

There is no legal obligation to provide your data, and you do so voluntarily. However, in order to use certain services, it is necessary for you to provide your data. When you enter your data, we will inform you whether this data must be provided for the respective service or function. This data is marked as mandatory fields. If you do not provide the required data, the relevant service or function will not be available. Failure to provide optional data may mean that we are unable to provide our services in the same form and to the same extent as usual.

Duration of data storage

Unless we have already informed you of the storage period in individual cases, we will delete personal data as soon as it is no longer required for the aforementioned processing purposes and provided that there are no legal retention obligations to the contrary.

Use of service providers

As part of processing, we pass on your data in accordance with Art. 28 GDPR to service providers who support us in operating our websites and the associated processes. Our service providers are strictly bound by our instructions and are contractually obligated accordingly. These are service providers in the following categories:

• Hosting service providers/cloud service providers for the operation of our servers
• Service providers for ensuring IT security
• Development service providers for the programming, development, maintenance, and support of software applications
• Service providers for the delivery and performance evaluation of our website
• Email service providers for sending emails in connection with our contractual services
• Email marketing service providers for sending newsletters
• Advertising network operators for advertising campaigns and the display of online advertising

The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and only have access to your data to the extent and for the period necessary to provide the services.

Your rights as a data subject

As a data subject, you have the right to obtain information about your personal data (Art. 15 GDPR) and to have inaccurate data corrected (Art. 16 GDPR) or deleted if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. In addition, you have the right to restrict processing if one of the conditions listed in Art. 18 GDPR applies, and in the cases listed in Art. 20 GDPR, you have the right to data portability. If the processing of the data is based on your consent, you have the right to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Every data subject also has the right to lodge a complaint with a supervisory authority if they believe that the processing of data concerning them violates data protection law (Article 77 GDPR).

Right to object

In cases where we process your personal data on the legal basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object at any time for reasons arising from your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

You also have the right to object at any time to the processing of your data for direct marketing purposes. This includes profiling in connection with such direct marketing.