Data Protection at a Glance - Das Magazin der Dieter Schwarz Stiftung

We want you to feel safe and comfortable when you visit our website. The protection of your privacy is very important to us, because we understand data protection as a customer-oriented quality feature. This privacy policy is intended to inform you about how Dieter Schwarz Stiftung Heilbronn gGmbH collects, processes and uses personal data when you visit our website.

1. Controller

The controller responsible for the collection and processing of data described below is
Dieter Schwarz Stiftung Heilbronn gemeinnützige GmbH (hereinafter referred to as “DSS Hn”)
Bildungscampus 9
74076 Heilbronn, Germany
Tel. +49 07132 30-7024

E-mail: info@dieter-schwarz-stiftung.de

Data Protection Officer Contact information:

You can reach the DSS Hn Data Protection Officer using the contact details provided in section 9.

2. Cookies

This website uses “cookies” and other similar technologies to process usage data on our websites and the associated subdomains or subpages.

Cookies are small text files that are sent from our web server to your terminal device (PC, notebook, smartphone or tablet) when you visit this website and stored in your Internet browser. Cookies may serve a variety of technical functions. The cookie stores certain information connected with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.

You may also configure your browser to ensure that a warning appears every time a new cookie is placed. This makes the use of cookies more transparent for you. You may also configure your browser to refuse acceptance of all or some cookies from certain sources. Please be advised, however, that disabling cookies may limit the functionality of this website.

We use the following cookie:

PHPSESSID: is a local, temporary session identifier and serves security purposes by protecting the website (particularly forms) from bot attacks. The cookie is automatically deleted at the end of the session. It therefore does not remain on your end device. (Session cookies)

Categorized as “technically necessary”: these are cookies and similar technologies without which you cannot use our services (e.g., for the correct display of our website/functions requested by you, to record you signing in, etc.).

Technically necessary cookies and similar technologies are used on the basis of section 25 (2) no. 2 of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG). Data is subsequently processed based on our legitimate interests pursuant to Article 6(1)(f) GDPR.

3. Statistical analysis of our visitor numbers

The provider of the pages automatically collects and stores information in “server log files”, which your browser automatically transmits to us.

Storage of the IP address and usage data

Every time you access our website, your web browser transmits usage data. This includes your IP address and a description of the content accessed (URL). The IP address of the accessing computer and the name of the retrieved file must be collected, otherwise no connection to the server can be established and the website cannot be accessed. In addition, your browser – depending on the configuration – transmits further data (browser type, browser version, operating system used, referrer URL, time of the server query, host name of the accessing computer). We also store the full IP address transmitted by your web browser for seven days strictly for the limited purpose of detecting, limiting and repelling attacks on our web pages. After 90 days, we delete or anonymize your IP address. Article 6(1)(f) GDPR is the legal basis for this. You must provide the personal data that is technically necessary for the use of our website. Otherwise you will not be able to access our website.

4. Matomo

Purpose of Processing/Legal Basis:

We use optional cookies from the provider “Matomo” as part of integrating the service and the service stores data on your device or reads data from it pursuant to section 25 (1) TDDDG. Data is subsequently processed based on your consent pursuant to Article 6(1)(a) GDPR assuming you have granted your consent.

With the help of Matomo, we are able to collect and analyze data about visitors’ usage of our website. This allows us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g., IP address (truncated/anonymized), referrer, browser and operating system used) and can measure certain actions performed by our website visitors (e.g., clicks, etc.).

Your consent is voluntary and you can withdraw it at any time with effect for the future in accordance with Article 7(3) sentence 1 GDPR by accessing the cookie settings under edit cookie settings and changing your selection there. This will not affect the lawfulness of the processing based on consent before its withdrawal.

Storage Time/Criteria for Determining Storage Time

The _pk_id-Cookie remains stored for 13 months, the _pk_ses-Cookie remains stored for 30 minutes and is then deleted from your end device.

5. Our Social Media Sites

The party responsible for the collection and processing of data described below (the controller) is in some cases us, Dieter Schwarz Stiftung Heilbronn gGmbH, and in some cases the operator of the relevant social media platform. For certain types of processing, we and the platform operator act as joint controllers as defined in Article 26 GDPR.

We use the following social media sites:

LinkedIn: https://de.linkedin.com/company/dieter-schwarz-stiftung

5.1. The Platform Operator as Controller

We have only limited control over the processing of data by the operators of social media platforms (e.g., the management of members and the information shared). In the situations in which we are able to have influence and can set parameters for the data processing, we endeavor to ensure within the confines of the options available to us that the social media platform operator deals with the data in accordance with data protection law requirements. In many cases, however, we are unable to influence the way in which social media platform operators process data and also do not know exactly which data they process.

Platform operators operate the entire IT infrastructure of the service, have their own privacy policies and maintain their own user agreements with you (where you are a registered user of the social media service). The operator is also solely responsible for all questions relating to the data that makes up your user profile, which we as DSS Hn have no access to.

You will find further information about the data processing performed by social media platform operators and your rights to object in the privacy policies of the operators.

LinkedIn: https://de.linkedin.com/legal/privacy-policy?trk=d_org_guest_company_overview_footer-privacy-policy

5.2. Processing as Joint Controllers

In some cases, we and the operator of the social media service act as joint controllers as defined in Article 26(1) GDPR:

We and the platform operator act as joint controllers with regard to the web tracking methods used by the social media platform operator. Web tracking can occur regardless of whether you are logged in or registered on the social media platform. As already explained, unfortunately we have almost no control over the web tracking methods used by social media platforms. We are unable, for example, to switch web tracking off.

Purpose of Processing/Legal Basis:

The legal basis for the web tracking methods is Article 6(1)(f) GDPR. Optimizing social media platforms and the company site is seen as a legitimate interest for the purpose of the above provision.

We have only a very limited ability to influence and prevent the provision of statistics to us by social media platform operators. However, we do make sure that we do not receive any additional optional statistics.

5.3. DSS Hn as Controller

Purpose of Processing/Legal Basis:

We process data on our social media sites for the purpose of providing information about our projects, and to interact with visitors to our social media sites on these topics, and to respond to relevant inquiries and positive or negative feedback.

Article 6(1)(f) GDPR is the legal basis for this. The processing is carried out for the purpose of our public relations work and communications. Operators have no ability to influence our processing of your data in connection with communications.

Recipients/Categories of Recipients

The data entered by you on our social media sites, such as comments, videos, images, likes, public messages, etc., is published by the social media platforms and is not used or processed by us for other purposes at any time. We merely reserve the right to delete unlawful content if it becomes necessary to do so.

We may share your content on our site if this is one of the functions of the social media platform, and communicate through the social media platform. If you post an inquiry on the social media platform, we may also, depending on the required response, refer you to other more secure modes of communication that guarantee confidentiality. You always have the option of sending confidential inquiries to us at our address listed under no. 1 above or in the “legal notice” section of our website.

Storage Time/Criteria for Determining Storage Time

We delete or securely anonymize all information we receive from you when you make inquiries no later than 90 days after the final response is sent to you. The information is retained for 90 days in case you contact us again after receiving a response from us on the same matter and we need to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.

All public posts that you put on our social media sites remain in the timeline for an indefinite period, unless we delete them as part of updating the information on the topic, they violate the law or breach our guidelines or policies, or you delete the post yourself. We have no control over the deletion of your data by the operator itself. The privacy policy of the relevant operator therefore also applies in relation to the storage period.

6. Encryption

We have technical and organizational security measures in place to protect your data from unauthorized access to the greatest extent possible. In addition to securing the operating environment, we use encryption procedures. The information you provide will be transmitted in encrypted form using a TLS protocol (Transport Layer Security) and checked for authenticity in order to prevent misuse of the data by third parties. You can tell the connection is secure because the padlock icon in your browser is locked and the URL begins with “https …”.

7. Your Rights as Data Subject

Pursuant to Article 15(1) GDPR, you have the right to request information, free of charge, on the personal data stored about you by Dieter Schwarz Stiftung.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection. If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may withdraw that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer.

You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

YOU MAY OBJECT TO DATA PROCESSING ON THE BASIS OF ARTICLE 6(1)(f) GDPR IN ACCORDANCE WITH ARTCLE 21 GDPR AT ANY TIME. WE WILL THEN NO LONGER PROCESS THE PERSONAL DATA YOU HAVE PROVIDED, UNLESS THERE ARE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE THE INTERESTS; RIGHTS AND FREEDOMS OF THE DATA SUBJECT, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

YOU CAN SEND YOUR OBJECTION TO US, PREFERABLY TO INFO@DIETER-SCHWARZ-STIFTUNG.DE, OR TO THE CONTROLLER NAMED ABOVE. IF YOUR DATA HAS ALREADY BEEN FORWARDED TO AIM, WE WILL OF COURSE FORWARD YOUR REQUEST TO AIM.

8. Obligation to Provide Your Data

You are under no statutory or contractual obligation to provide personal data to us.

9. DSS Hn Data Protection Officer Contact Information:

Our company data protection officer is at your disposal for further information or suggestions relating to data protection:

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg, Germany

Web: https://www.dsn-group.de
E-mail: office@datenschutz-sued.de