Data Protection Declaration

 

The protection and security of your personal data are matters of great importance to us. This data protection declaration complies with the standards of the EU General Data Protection Regulation (GDPR) and the new version of the Federal Data Protection Act (BDSG 2018). In the following you will be informed about the type, purpose and use of personal data.

 

Although our site is equipped with various security measures, complete protection of your data cannot be guaranteed, as security gaps on the Internet cannot be ruled out. If you have any concerns regarding your data, you will find the relevant contact details for our contact persons at the end of the text.

 

Definitions of terms

 

In our data protection declaration we use terms that are explained below:

 

“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online ID or with one or several special features reflecting the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person.

 

“Processing” is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, erasure or destruction.

 

A “data controller” is a natural or legal person, public authority, agency or other body which, either alone or with others, determines the purposes and means of processing personal data; where purposes and means of such processing are laid down by Union or Member State law, the Controller or the specific criteria for their nomination may be provided for by Union or Member State law.

 

A “recipient” is a natural or legal person, authority, institution or other body to which personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate are not considered recipients; the processing of such data by the said authorities is carried out in accordance with the applicable data protection standards pursuant to the purposes of the processing.

 

A “third party” is a natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

Type, purpose and use of personal data

 

Storage of access data

 

Each time a user accesses a page from our website, access data are stored in a log file on our server. These data include, e. g.,

the browser type and version,

the operating system used,

the page from which the data were requested (referrer URL),

the IP address of the requesting computer,

the access date and time of the server request and

the file name and URL.

 

These data are used solely for statistical purposes. They are not disclosed to third parties for commercial or non-commercial purposes. The operator may only save, issue or subsequently access server log files for a longer period if this is permitted within the legal framework (e.g. if illegal activities are suspected)

 

Contact option via the website

 

If there is the option of entering personal or business data (e-mail addresses, names, addresses) on our website, this is done voluntarily. You may revoke in writing (e.g. by email or fax) your previously granted consent for us to store your personal data, at any time and with immediate effect, unless such storage is necessary for reasons relating to a business transaction. Your data will not be disclosed to third parties unless disclosure is required by law.

Insofar as we obtain the data subject’s consent to the processing of their personal data, Art. 6 para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for such processing.

For the processing of personal data which is necessary in order to fulfil a contract with a contractual party who is the data subject, Art. 6 para. 1 (b) GDPR forms the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

If the processing takes place in order to safeguard the legitimate interests of the Johann Daniel Lawaetz Foundation or those of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh said interest, Art. 6 para. 1 lit. (f) GDPR forms the legal basis for such processing.

The personal data will be deleted or blocked as soon as the purpose for their storage no longer applies. In addition, the data may be stored if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the Johann Daniel Lawaetz Foundation is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed, unless further storage of the data is necessary for the conclusion or fulfilment of a contract.

Various forms are available on our website which can be used to contact us. For the forms, we use the services of JotForm Inc., which, as the data processor, processes all personal data in accordance with its obligations under a data processing addendum in accordance with the General Data Protection Regulation.

If a user takes the opportunity to make contact or register using such a form, the data entered in the input mask will be transmitted to us and stored on EU servers.  Reference is also made to this data protection declaration. The data will only be used to process the common concern.

The legal basis for data processing in the use of the form is, provided consent has been obtained, Art. 6 para. 1 (a) of the GDPR. Personal data provided on contact forms is only processed to process the concern in question. The user always has the option of revoking their consent to the processing of personal data by the listed contact persons.

 The administration and storage of your personal information takes place on the systems of JotForm Inc, USA. Your personal data will be disclosed to government institutions and authorities only where such disclosure is mandated by the law or is required for the purpose of legal or criminal prosecution in the event of attacks on our network infrastructure. Personal data will not be transferred to third parties for any other purpose.

 

Cookies

 

We use “session cookies” on some of our web pages to facilitate your use of our website. These are small text files which are stored on your hard drive only for the duration of your visit to our website and, depending on your browser settings, are deleted when you exit the browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by means of which websites and servers can be assigned to the specific internet browser in which the cookie has been stored. This allows websites and servers that have been visited to distinguish the individual’s browser of the Data Subject from other internet browsers that contain other cookies. A particular internet browser can be recognised and identified by the unique cookie ID.

 

Most browsers are initially set to accept cookies automatically. The storage of cookies can, however, be deactivated or the browser can be set to indicate that cookies are being sent. However, this may mean that certain features on the page will no longer work or only work to a limited extent.

 

Data protection provisions about the application and use of Google Analytics (with anonymisation function)

 

This website uses the “Google Analytics” service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to analyse usage of the website by users. The service uses “cookies”, i.e. text files which are stored on your device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

 

This website uses IP anonymisation. The IP address of users within the Member States of the EU and the European Economic Area will be truncated. This truncation eliminates the personal reference to your IP address. As part of the data processing agreement concluded between the website operators and Google Inc., Google uses the information collected to evaluate the use of the website and the website activity and to provide services related to Internet use.

 

You have the option of preventing the storage of cookies on your device by making the appropriate settings in your browser. There is no guarantee that you will be able to access all of the functions of this website without restrictions if your browser does not allow cookies.

 

Furthermore, you can use a browser plug-in to prevent the information that is collected from cookies (including your IP address) from being sent to Google Inc. and being used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Under the following you can find more information on the use of data by the Google Inc.: https://support.google.com/analytics/answer/6004245?hl=de

 

Deleting and blocking

 

We undertake to delete personal data that has been used for internal purposes as soon as the information is no longer required and once the storage of data to fulfil those purposes is no longer necessary. The blocking of data will take place instead of deletion insofar as deletion contravenes legal, statutory or contractual retention periods, and where there is reason to believe that the legitimate interests of the data subject would be adversely affected by deletion, or where deletion would not be possible due to the specific type of storage or where it would only be possible by incurring disproportionately high costs.

 

In addition, you can also have your data collected by us blocked, corrected or deleted at any time. Deletion also takes place if you revoke your consent to the collection, processing and use of your personal data. If such revocation takes place during an ongoing business transaction, deletion takes place immediately after its conclusion.

Additional legal obligations regarding deletion or blocking thereby remain unaffected.

 

Disclosing data to third parties

 

In principle, we will not pass on your data to third parties. In addition, we use appropriate measures and regular controls to ensure that third parties cannot view or tap into the data we collect from the outside.

 

We only transfer your data to third parties if you have given your consent to the processing of your personal data for one or more specific purposes and we have obtained your consent for this.

We assure you that the data passed on in this way correspond to the legal requirements.

 

Rights of data subjects

 

According to the applicable law, we are obliged to inform you about your rights. The use and implementation of these rights is free of charge for you.

 

Right to object

 

You have the right to withdraw your consent to the collection of data at any time. This right applies with effect for the future; the data collected until the revocation takes legal effect thereby remain unaffected.

 

Please contact the above-mentioned data controller or data protection officer if you would like to exercise your right of objection.

 

Right to data portability

 

You have the right to request a transfer of your data from us to another location.

 

Right to correction, deletion or blocking

 

You have the right to have your data corrected, deleted or blocked. The latter is used if the legal situation does not permit deletion.

 

Right of Complaint

 

You have the right to complain to a supervisory authority or a competent body if you have reason for such a complaint. To exercise this right and the two previously mentioned, please contact the contact persons listed at the end of this data protection declaration.

 

Name and address of the data controller responsible for data processing

 

The data controller within the meaning of the general data protection regulation, other data protection laws in the Member States of the European Union and other provisions of a data protection character is:

 

Johann Daniel Lawaetz Foundation

Gemeinnützige Stiftung des bürgerlichen Rechts (Foundation under civil law)

 

Executive Board:

Jörg Lindner, Peer Gillner

 

Your contact for data protection:

Peer Gillner

Gillner@lawaetz.de

 

Neumühlen 16-20; D-22763 Hamburg

Telephone + 49 40/39 99 36-0

Fax + 49 40/39 99 36 90

 

Name and address of the Data Protection Officer

 

The Data Controller’s Data Protection Officer is:

Uwe Jochens

Johann Daniel Lawaetz Foundation

Neumühlen 16-20; D- 22763 Hamburg

Telephone + 49 40/39 99 36-0

Fax + 49 40/39 99 36 90

dsb@lawaetz.de

 

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.