The EVZ Foundation has implemented numerous technical and organizational measures to ensure end-to-end protection of the personal data processed via this website wherever possible. Nevertheless, security vulnerabilities may arise when transmitting data via the Internet and, therefore, complete protection cannot be guaranteed. For this reason, all data subjects are also welcomed to use alternative means, such as the phone, to provide us with personal data.
Our contact details are as follows:
Stiftung Erinnerung, Verantwortung und Zukunft
Any data subject with queries or suggestions regarding data protection may contact our Data Protection Officer at any time by emailing email@example.com.
Cookies enable us to optimize the information and services on our website for the benefit of users. When you visit our website, you are informed in a cookie pop-up that cookies are set on our site, and you consent to this when you use the website.
Data subjects may prevent cookies being placed by our website at any time by changing their browser settings accordingly so that all cookies are rejected. Furthermore, cookies already set may be deleted at any time using a browser or other software programs. This is an option in all common browsers. By disabling cookies in their browser, however, data subjects may not have full use of all the features of our website.
Scope and description of personal data processing
Our website uses “Matomo,” a web analytics service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo stores cookies on your end device that can be used to analyze your use of our website. The information collected through this is stored exclusively on our server. These data are:
- Two bytes of the IP address of the user’s accessing system
- The website accessed
- The website from which the user has accessed the website (referrer)
- The subpages accessed from the website
- The time spent on the website
- The frequency with which the website is accessed
Our website uses Matomo with the “Anonymize Visitors’ IP addresses” setting enabled. This allows IP addresses to be truncated for further processing so that data are not directly linked to individuals. The software is configured in such a way that full IP addresses are not stored. Instead, two bytes of the IP address are masked (e.g., 192.168.xxx.xxx). The effect of this is that the truncated IP address can no longer be associated with the calling computer. The IP address transmitted by your browser by means of Matomo is not aggregated with other data collected by us.
Legal basis for the processing of personal data
The legal basis for processing the user’s data is point (f) of Art. 6(1) GDPR and Section 15(3) of the German Telemedia Act (TMG).
Purposes of processing
We use Matomo to analyze usage of our website and individual functions and offerings so that we can improve the user experience on an ongoing basis. Through statistical analysis of user behavior, we improve our offering and make it more interesting to visitors.
Duration of storage
The data related to the processing described here are erased after a storage period of 365 days.
Opt-out and removal options
COLLECTION OF GENERAL DATA AND INFORMATION
The EVZ Foundation website collects a range of general data and information each time it is accessed by a data subject or automated system. These general data and information are stored in server log files. The data and information collected may include (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system accessed our website (“referrer”), (4) the subpages via which an accessing system was taken to our website, (5) the date and time the website was accessed, (6) an Internet Protocol (IP) address, (7) the Internet service provider of the accessing system, and (8) other similar data and information.
This information is required to (1) correctly deliver our website content, (2) optimize our website content and promotion thereof, (3) ensure permanent functionality of our information technology systems and our website’s technology, and (4) provide law enforcement agencies with the information needed for criminal prosecution in the event of a cyberattack. Therefore, the EVZ Foundation analyzes these collected data and information for statistical purposes and with the goal of improving our company’s data protection and data security, which ultimately ensures the best level of protection for the personal data processed by us. The data contained in the server log files are stored separately from all personal data provided by a data subject.
We carry out this data processing based on our legitimate interest pursuant to point (f) of Art. 6(1) GDPR. Our legitimate interest is covered by the aforementioned reasons for our data processing.
Users can subscribe to the EVZ Foundation newsletter on the Foundation’s website. The personal data transmitted to the controller on subscribing to the newsletter are clear from the input screen used for this.
We use what is known as a double opt-in process for this, whereby we only email you a newsletter if you have previously expressly confirmed the activation of the newsletter service by clicking on a link in a message. If you subsequently change your mind about receiving the newsletter, you can cancel your subscription at any time by withdrawing your consent. You can withdraw your consent to receiving the email newsletter using the link provided in the newsletter or the website’s administration settings. Alternatively, please contact us via the details provided in the Contact section.
Our website may contain links to third-party websites. After a link is clicked, we no longer have any influence over the collection, processing, or use of any personal data transmitted to the third party when the link is clicked (such as the IP address or the URL of the page on which the link was placed), as we cannot control the actions of third parties. We do not assume any responsibility for the processing of such personal data by third parties.
Our employees and the service providers commissioned by us are bound to secrecy and are obliged to comply with the provisions of applicable data protection law. We take all necessary technical and organizational precautions to ensure an adequate level of protection and to protect your data managed by us against, in particular, the risks of accidental or unlawful destruction, manipulation, loss, and alteration as well as to prevent the unauthorized disclosure of or access to these data. We continuously improve our security measures in line with technological advancements.
RIGHTS OF USERS
If you wish to exercise your rights, please use the details provided in the Contact section.
a) Right of confirmation
Every data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Any data subject wishing to exercise this right of confirmation may contact an employee of the controller regarding this at any time.
b) Right of access
Every data subject has the right granted by the European legislator to obtain from the controller, at any time and free of charge, information about the personal data concerning him or her that are stored and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information: the purposes of the processing the categories of personal data concerned the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing the right to lodge a complaint with a supervisory authority where the personal data are not collected from the data subject: any available information as to their source the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject Furthermore, the data subject has the right to be informed as to whether personal data were transferred to a third country or to an international organization. Where that is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer. Any data subject wishing to exercise this right of access may contact an employee of the controller regarding this at any time.
c) Right to rectification
Every data subject has the right granted by the European legislator to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. Any data subject wishing to exercise this right to rectification may contact an employee of the controller regarding this at any time.
d) Right to erasure
Every data subject has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and to the extent that processing is not necessary: The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. The data subject withdraws consent on which the processing is based according to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR, and where there is no other legal ground for the processing. The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR. The personal data have been unlawfully processed. The personal data have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject. The personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR. If any of the aforementioned grounds apply and a data subject would like to have personal data stored by the EVZ Foundation erased, they may contact an employee of the controller regarding this at any time. The employee of the EVZ Foundation will ensure that the request for erasure is complied with without undue delay. Where the EVZ Foundation has made the personal data public and our company is obliged as the controller pursuant to Art. 17(1) GDPR to erase the personal data, taking account of available technology and the cost of implementation, the EVZ Foundation shall take reasonable steps, including technical measures, to inform other controllers which are processing the disclosed personal data that the data subject has requested the erasure by these other controllers of any links to, or copy or replication of, those personal data to the extent that processing is not necessary. The employee of the EVZ Foundation shall make the necessary arrangements on a case-by-case basis.
e) Right to restriction of processing
Every data subject has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims. The data subject has objected to processing pursuant to Art. 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject. If any of the aforementioned conditions is met and a data subject wishes to have personal data stored by the EVZ Foundation restricted, he or she may contact an employee of the controller regarding this at any time. The employee of the EVZ Foundation shall take steps to have the processing restricted.
f) Right to data portability
Every data subject has the right granted by the European legislator to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in exercising his or her right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where this is technically feasible and does not adversely affect the rights and freedoms of others. The data subject may contact an employee of the EVZ Foundation at any time in order to exercise the right to data portability.
g) Right to object
Every data subject has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions. The EVZ Foundation then no longer processes the personal data in the case of objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. Where the EVZ Foundation processes personal data for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, shall also have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest. The data subject may contact an employee of the EVZ Foundation directly to exercise the right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise his or her right to object by automated means using technical specifications.
h) Right to withdraw data protection consent
Every data subject has the right granted by the European legislator to withdraw his or her consent to the processing of personal data at any time. Any data subject wishing to exercise his or her right to withdraw his or her consent may contact an employee of the controller regarding this at any time.
DURATION OF STORAGE OF PERSONAL DATA
We erase personal data after they are no longer needed for a specific purpose or once statutory retention periods have passed, whichever is longer.
If you would like to contact us, you will find our address in the Controller section. To exercise your rights regarding the processing of your personal data, please contact our Data Protection Officer. To withdraw your consent, please contact us at:
Stiftung Erinnerung, Verantwortung und Zukunft