Data Protection Notice for www.global-minds-initiative.de
We appreciate your interest in using our website. The protection of personal data is our highest priority. Below, you will find information concerning the processing of your personal data and your rights when using our website. Your personal data will be processed in accordance with the applicable provisions of data protection law, in particular the General Data Protection Regulation (hereinafter referred to as “GDPR”), the German Federal Data Protection Act (“BDSG”) and the German Telecommunications-Telemedia Data Protection Act (“TTDSG”).
As changes to the law or to our internal processes may require adjustments to this privacy policy, we ask that you review this privacy policy regularly. The privacy policy can be accessed, saved and printed at any time.
I. Who is responsible for data processing and who is the data protection officer(externer Link)
II. What is the subject of data protection(externer Link)
III. What personal data relating to me will be processed(externer Link)
V. Is automated decision-making or profiling used(externer Link)
VI. Disclosure of dat(externer Link)
VIII. Your rights as a data subjec(externer Link)
IX. Data security and security measure(externer Link)
I. Who is responsible for data processing and who is the data protection officer?
1. Controller
The controller for the processing of your personal data is:
Deutsche Forschungsgemeinschaft e. V.
Kennedyallee 40
53175 Bonn
Germany
Tel: +49 228 885-1
postmaster@dfg.d(externer Link)
www.dfg.de/e(interner Link)
2. Data protection officer
You can contact our data protection officer as follows:
Attorney-at-law Dr. Philip Lüghausen
BHO Consulting GmbH
Vorgebirgstraße 132
50969 Köln
Germany
Tel. +49 (0) 221 204 63 884
dfg-dsb@bho-consulting.co(externer Link)
www.bho-consulting.com/e(externer Link)
3. Responsibility
Data processing is carried out exclusively under the responsibility of the DFG.
II. What is the subject matter of data protection?
The subject matter of data protection is personal data. This includes all information relating to an identified or identifiable natural person (known as the data subject). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity.
This includes, for example, information such as your name, postal address, email address, telephone numbers, your IP address and connection data, which may be processed when you visit our website and/or contact us for legitimate purposes.
III. What personal data relating to me will be processed?
We only process personal data relating to your use of and interaction with this website and the services provided, e.g. as a website visitor or when you contact us directly.
This may generally include the following personal data:
- Statistical data and data on usage behaviour: information about whether, how often, for how long and how users use our website and the services offered.
- Content data: information that you provide to us, e.g. via our contact form or other input masks or communication channels.
- Technical data (log files): date and time of access, consent, Internet Protocol (IP) address of your device, actions performed, details about cookies or log data stored by us on your device. Data relating to the browser type and version, time zone setting, location, browser plug-in types and versions, and operating system used, name of the file accessed and the URL, http response code (whether the client request was successful or an error occurred), amount of data transferred, notification of whether data access was successful, the user's internet service provider, if applicable, and other necessary session data.
The personal data mentioned above may include data that is necessary for you to use our website, as well as data that is necessary to take into account or enable the settings you have requested on the website/in the services.
We use technically necessary cookies, functional cookies, and cookies for collecting statistical information (analytical cookies) on our website.
Our website uses so-called cookies and processes log data in log files, which may include the categories of personal data mentioned in III.1. Cookies are small text files that are stored on your computer or mobile device via your web browser.
You can set up your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Please note that deactivating cookies may limit the functionality of the services offered.
2.1 Technically necessary cookies and log files
- We use technically necessary cookies on our website. With the help of technically necessary cookies, we process personal data for the specific purpose of ensuring the proper functioning of our website. Without the use of technically necessary cookies, we would not be able to offer you our website securely.
- These generally serve the purpose of identifying your computer during your visit to our internet pages and providing you with the service. Some functions of our internet pages cannot be offered or do not function properly without the use of necessary cookies.
- Our IT systems use log files to record event data relating to the delivery of our internet offerings and services. This also includes user activity on websites. Each time our website is accessed, information must be processed and stored in log data for the purposes of ensuring information security (detecting and defending against attacks), data protection and effective error analysis.
2.2 Functional cookies
- We use functional cookies on our website. Functional cookies enable us to process personal data for specific purposes, e.g. to simplify registration processes on our website. Functional cookies allow us to save the default settings on our website and store information that you enter in the registration area.
- Session cookies are only stored for the time you spend on our website. When you close your web browser, the session cookies are deleted.
- In addition to session cookies, cookies can also be used to store user settings and other information for a specific period of time (e.g., two years) (so-called “permanent cookies”).
2.3 Performance and analytical cookies
- We use performance cookies on our website for statistical analysis. With the help of performance cookies, we can process personal data for specific purposes in order to analyse user behaviour. This enables us to make our website more user-friendly and ensure that it will be easier to use in the future. These cookies are also used to identify possible error messages, website loading times, and website behavior in different browsers.
- By giving your voluntary consent (in accordance with Art. 6 (1) (a) GDPR) via the cookie banner, you can decide to allow the DFG to collect data about your user behaviour in order to improve the website and its services. You can revoke your consent at any time via the cookie setting(interner Link).
IV. What are the purposes of processing my personal data and on what legal basis is this done?
Below, we provide an overview of the purposes, legal bases and storage periods of the functions we use:
Data catagories: Technical data: date and time of access, duration of the visit, type of device, operating system used, functions used, amount of data sent, type of data, event, IP address, domain name.
Purpose: Secure and error-free provision
Legal basis: Article 6 (1) (f) GDPR and § 25 (2) TTDSG
Legitimate interests pursued: The overriding legitimate interest of the DFG and the users lies in providing the service in a technically secure, error-free, functional and user-friendly manner.
(Categories of) Recipients: Hosting provider, IT department, external service provider for technical support
Storage period: 3 months after creation
Obligation to provide personal data and consequences of non-provision: Automated collection by accessing the website/service. Consequences of non-provision: The service may not be available and/or error-free.
Possibility to exercise objection/withdrawal: Not required, the IP address of the visitor is anonymised.
Source of data: Direct collection when accessing the website/service
Data categories: Cookie value depending on selection: only selection of technically necessary cookies (value: 'essential') OR additional selection of statistical cookies (value: 'analytics'), AND IP address, date and time of selection
Purpose: Consent management
Legal basis: Article 6 (1) (b) GDPR and § 25 TTDSG OR Article 6 (1) (a) GDPR and § 25 (2) TTDSG
Legitimate interests pursued: Consent management and proof of consent/refusal.
Recipients: Hosting provider, IT department, 'external' service provider for technical support
Storage period: 30 days after collection
Possibility to exercise objection/withdrawal: Possibility of withdrawal via the cookie settings
Source of data: Selection by the data subject
Data categories: Technical data: accessed URL, IP address, time and date of access, transferred data volume, source/referrer, users accessing the site, called redirects to other websites, http status, information about browser type, version used, operating system, possibly internet service provider
Purposes: Anonymous statistical evaluations, improvement of website and performance, load monitoring, security and clarification of unlawful use
Legal basis: Article 6 (1) (f) GDPR and § 25 (2) TTDSG
Legitimate interests pursued: The overriding legitimate interest of the DFG and the users lies in providing the service in a technically secure, error-free, functional and user-friendly manner. Anonymous statistical evaluations of general web traffic of websites and services take place in aggregated form to improve the service. In individual cases, processing takes place to take defensive measures, to uncover criminal offences or breaches of contract.
Recipients: Hosting provider, IT department, external service provider for technical support, government authorities upon request
Storage period: 3 months after collection of individual security-relevant log data. If stored in general log files, no more than seven days. Longer storage is possible only in anonymised form. In this case, users’ IP addresses are deleted or altered (anonymised), so that assigning the accessing client is no longer possible. Exceptions for longer retention periods exist only in individual cases for the detection of criminal offences or breaches of contract.
Obligation to provide personal data and consequences of non-provision: No obligation to provide data. Automated collection by accessing the service.
Possibility to exercise objection/withdrawal: Additionally, automatic deletion occurs after 7 days with a maximum period of up to 3 months unless personal data has already been anonymised.
Source of data: Direct collection when accessing the website/service
Data categories: This cookie contains a unique identifier assigned by the server to store the session data for the duration of the page visit. It is automatically created once a user visits the pages.
Purposes: Security and availability
Legal basis: Article 6 (1) (f) GDPR and § 25 (2) TTDSG
Legitimate interests pursued: The overriding legitimate interest of the DFG and the users lies in protection against attacks and in ensuring the availability and security of the website for users through the use of a load balancer. Requests from logical clients are forwarded to a backend web server to process session data for the load balancer and to protect against attacks (DDoS).
Recipients: Hosting provider, IT department, external service provider for technical support, government authorities upon request
Storage period: The cookie is not permanent and will be deleted after logging out or closing the browser. Exceptions for longer retention periods exist only in individual cases for the detection of criminal offences or breaches of contract.
Obligation to provide personal data and consequences of non-provision: No obligation to provide data, automated collection by accessing the service for security purposes.
Possibility to exercise objection/withdrawal: The cookie is deleted after logging out or closing the browser.
Matom(externer Link) is an open-source software for analysing usage behavior
Data categories: Cookie ID, usage profile based on pseudonyms, shortened IP address of the user, accessed website, website from which the user reached the requested page (so-called 'referrer URL'), subpages accessed from the accessed website, referrer to the website, frequency of website visits
Purposes: Analysis of user behaviour to optimise provided services and statistical purposes
Legal basis: Article 6 (1) (a) GDPR and § 25 (1) TTDSG
Recipients: Internal departments, especially Press and Public Relations, hosting provider, technical support service providers
Storage period: You can object to the use of your data by Matomo at any time by using the Consent Manager. Your data will only be processed as long as the processing purpose has not been achieved. The IP address of each visitor is shortened immediately after processing/ anonymised before storage.
Obligation to provide personal data and consequences of non-provision: No obligation to provide data
Possibility to exercise objection/withdrawal: Withdrawal of consent via the cookie settings. If you declare withdrawal of your consent to us in accordance with Art. 7 (1) GDPR, and Art. 4 No. 11 GDPR, your personal data will be deleted immediately.
Source of data: Direct collection after declaration of consent
V. Is automated decision-making or profiling used?
Automated decisions in individual cases, including profiling within the meaning of Article 22 GDPR, do not take place in connection with the use of our service.
VI. Disclosure of data
We will only disclose your personal data to third parties if:
- you have given your consent in accordance with Art. 6 (1) (a) GDPR;
- it is legally permissible and necessary for the performance of a contractual relationship with you in accordance with Art. 6 (1) (b) GDPR;
- there is a legal obligation to disclose the data in accordance with Art. 6 (1) (c) GDPR;
- the transfer is necessary in accordance with Art. 6 (1) (f) GDPR to safeguard legitimate business interests and to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
VII. Hyperlinks
Our website contains hyperlinks (website redirection/URL redirection) to websites of other controllers. Clicking on these hyperlinks will redirect you directly to the other provider's website. You can recognise this by the change in the URL, among other things. We cannot assume any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on it.
Please refer to these controllers directly for information on how these organisations handle your personal data.
VIII. Your rights as a data subject
As a data subject, you have the following rights under the General Data Protection Regulation (GDPR), provided that the relevant statutory requirements contained therein are present:
- Access to information: You have the right to be informed about the data relating to your person which is being processed.
- Rectification: You can request that incorrect data relating to your person be corrected. In addition, you can request that incomplete data be completed.
- Erasure: In certain cases, you can request that your personal data be erased.
- Restriction of processing: In certain cases, you can request that the processing of your data be restricted.
- Data portability: Should you have provided data under a contract or with your consent, you can request to receive the data which you have provided in a structured, commonly used and machine-readable format or request that we transfer this data to another controller.
Right of objection
Right of objection in an individual case
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 Paragraph 1 Sentence 1 GDPR; this also applies to any profiling which is based on these provisions. This personal data will no longer be processed for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms or unless the purpose of the processing is the establishment, exercise or defence of legal claims.
Right to object to the processing of data for direct advertising purposes
In individual cases, your data will be processed in order to carry out direct advertising. You have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising. This also applies to profiling, should it be connected to such direct advertising. Should you object to the processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
- Withdrawal of consent: Should you have given us your consent to the processing of your data, you can withdraw this at any time with effect for the future. The lawfulness of the processing of your data prior to the withdrawal remains unaffected by this.
- Asserting your rights: In order to exercise any of the rights listed above, please send an e-mail to postmaster@dfg.d(externer Link) or send a letter to the address provided under Number 1. Please ensure that we are able to clearly identify you.
- Right to complain to the supervisory authority: You have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your usual place of residence, place of employment or location of the alleged breach, should you consider that the processing of the personal data relating to you is unlawful.
IX. Data security and security measures
We are committed to protecting your privacy and treating your personal data confidentially. To prevent manipulation, loss or misuse of your personal data, we take technical and organisational security precautions, which are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognised encryption methods (SSL or TLS).
However, we would like to point out that, due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data—e.g. when sent by email—can be read by third parties. We have no technical influence on this.
X. Who can I contact if I have questions or wish to assert my rights as a data subject?
If you have any questions about the processing of your personal data or wish to assert your rights as a data subject as specified in Section VIII, Nos. 1–7, you can contact us free of charge. Please use our contact details in Section I, No. 1. To revoke your consent, you can also use the same contact method you used when submitting your declaration of consent.