Website privacy statement / Data protection

Introduction

Being the operator of our online offering, Bertelsmann Stiftung is the data controller in charge of processing personal data of any users of such online offering. You can find our contact details in the imprint of the online offering, while the contacts for questions concerning processing of the personal data are named directly in this Privacy Statement.

We, the Bertelsmann Stiftung, are strongly committed to protecting your privacy and your private and personal data. We collect, save, and use your personal data strictly in accordance with the provisions of this Privacy Statement and the applicable data protection provisions, including without limitation the European General Data Protection Regulation (GDPR) and national data protection provisions.

With this Privacy Statement, we wish to inform you to what extent and for what purpose your personal data is processed in connection with the use of our online offering.

Personal data

Personal data is all information about an identified or identifiable individual. This includes information about your identity such as your name, your e-mail address, or your postal address. Any information that cannot be directly linked to your identity (e.g. statistical details such as the number of users of the online offering) is, however, not considered to be personal data.

You can essentially use our online offering without disclosing your identity and without providing any personal data. In that case, we will merely collect general information about your visit to our online offering. If any of the services offered requires you to provide certain personal data, as a rule, we will process such data only for purposes connected with the use of this online offering, including without limitation for the provision of the desired information.

There is no automated decision-making on the basis of your personal data in connection with the use of our online offering.

Processing personal data

We store the information provided by you on protected dedicated servers located within the European Union. Technical and organisational measures are taken to protect such servers against loss, destruction, access, modification, or dissemination of your data by unauthorized persons. Access to your data will be permitted only to a limited number of persons in charge of the technical, commercial, or editorial support of the servers. Notwithstanding regular controls, full protection against all risks cannot be provided.

Your personal data is transmitted over the Internet in encrypted form. We use SSL (Secure Socket Layer) encryption for transmission of data.

Disclosure of personal data to third parties

We use your personal information exclusively for providing the services that you have requested from us. Insofar as we use external service providers in performing the service requested, such external service providers will also access the data exclusively for the purpose of performing the service. By taking the necessary technical and organisational measures we ensure compliance with privacy policies and we demand the same of our external partners.

Moreover, we will not disclose the data to any third parties, including without limitation for advertising purposes, without your express consent. We will disclose your personal data only if you have given your consent to disclosure of the data or insofar as we are entitled or obligated to do so under legal provisions and/or administrative or judicial orders. This may include, without being limited to, giving information for purposes of criminal prosecution, in order to avert danger, or in order to enforce intellectual property rights.

Legal basis of data processing

Insofar as we obtain your consent to processing your personal data, Article 6(1)(a) of the GDPR constitutes the legal basis for such data processing.

Insofar as we process your personal data because processing is necessary for the performance of a contract or is necessary under a quasi-contractual relationship with you, the lawfulness of data processing is based on Article 6(1)(b) of the GDPR.

Insofar as we process your personal data because processing is necessary for compliance with a legal obligation, the lawfulness of data processing is based on Article 6(1)(c) of the GDPR.

Furthermore, Article 6(1)(f) of the GDPR may constitute the legal basis for data processing, if processing of your personal data is necessary for the purposes of the legitimate interests pursued by our Foundation or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of personal data.

Throughout this Privacy Statement, we always point to the legal basis underlying our processing of your personal data.

Deletion of data and duration of storage

We invariably delete or block any personal data provided by you as soon as the purpose of storage of such data ceases to apply. However, we may continue to store your personal data beyond that, if such storage is governed by legal provisions to which we are subject, including without limitation the legal obligation to retain business records and documentation. In such a case, we will delete or block the personal data after the prescribed period of time has expired.

Use of our online offering

Use of Cookies

Like many other websites, our online offering uses cookies. Cookies are small text files that are stored on your computer and store certain settings and data of your web browser for the exchange with our online offering. As a rule, a cookie contains the name of the domain from which the cookie file has been sent as well as information about the age of the cookie and an alphanumeric identifier.

Cookies enable us recognise your computer and make any default settings immediately available. Cookies help us to improve our online offering and to provide you with an even better service customised to meet your particular requirements. This also constitutes a legitimate interest in the processing of the data in accordance with Article 6(1)(f) of the GDPR.

The cookies we use are so-called session cookies that are automatically deleted after the end of the browser session. In individual cases, we may use cookies with a longer storage time so that your default settings and preferences may be considered when you visit our online offering the next time.

Most web browsers are set to accept cookies by default. However, you can disable the storage of cookies or set up your web browser to inform you when you receive a cookie. It is also possible to manually delete stored cookies in the browser settings. Please note that your use of our online offering may be limited or restricted if you refuse to save cookies or delete necessary cookies.

Analysis of Cookies

Our online offering uses cookies which, based on the technologies of etracker GmbH, allow the analysis of your user behaviour, so-called analysis cookies. We use these cookies to collect and save the following data:

  • Frequency of page views

  • Search terms used

  • Use of website functions

  • Shortened IP address

  • Date and time of the query

  • Access status/HTTP status code

  • Respective data quantity transferred

  • Website from which the request comes

  • Browser

  • Operating system and its Interface

  • Language and version of the browser Software

When storing website visitor data, certain data, including without limitation visitors’ IP addresses, device and domain data, is stored in shortened and/or encrypted form so that the individual user cannot be identified based on the data. The data collected is never merged with other existing data, e.g. for the purpose of identifying an individual.

The IP address is shortened as soon as possible on an automated basis without you as a user having to carry out any special adjustments or configurations.

We use analysis cookies in order to improve the quality of our online offering and its contents and in order to examine and optimise the reach and searchability of our online offering. These purposes at the same time constitute a legitimate interest within the meaning of the legal basis for data processing in accordance with Article 6(1)(f) of the GDPR.

Your rights; contact

We, the Bertelsmann Stiftung, are committed to explaining how we process personal data and to inform you about your rights as transparently as possible. If you want more detailed information or wish to exercise your rights, you can contact us at any time so that we can take care of your concerns.

Rights of persons concerned

You have extensive rights with respect to the processing of your personal data. First of all, you have an extensive right to information and under certain circumstances may demand correction and/or deletion or blocking of your personal data. You can also demand restriction of processing and you have a right of objection. You also have a right to data portability with a view to personal data that you have transmitted to us.

If you wish to assert any of your rights and/or want more detailed information concerning your rights, please contact us or our data protection officer.

Revocation of consent and objection

You may at any time revoke your consent with future effect. Revocation of the consent does not affect the legality of any processing performed on the basis of such consent given up until the revocation thereof. In such cases, too, please contact us or our data protection officer.

Insofar as the processing of your personal data is not based on consent given by you but on another legal basis, you can object to the data processing. Your objection will lead to a review and, if necessary, to termination of the data processing. You will be informed of the outcome of the review and – if the data processing is to be continued after all – you will receive further information from us on why the data processing is admissible.

Data protection officer; contact

We have appointed an external data protection officer who supports us in data protection issues and who you can contact directly. If you have questions regarding our handling of personal data or if you require other information on data protection issues, please do not hesitate to contact our Data Protection Officer and his team:

RA Dr. Sebastian Meyer, LL.M.
c/o BRANDI Rechtsanwälte

Adenauerplatz 1, 33602 Bielefeld
Phone: 052196535-812
E-mail: datenschutz@bertelsmann-stiftung.de

If you wish to contact our data protection officer personally by e-mail, you may send an e-mail to sebastian.meyer@brandi.net.

Complaints

If you are of the opinion that the processing of your personal data does not comply with this Privacy Statement or the applicable data protection provisions, you can file a complaint with our data protection officer. Our data protection officer will review the matter and inform you of the outcome of the review. In addition, you are entitled to lodge a complaint with a supervisory authority.

Further information; amendments

Links to other websites

Our online service may contain links to other websites. Generally, these links are identified as such. We cannot control to what extent linked websites comply with the applicable data protection provisions. We therefore recommend that for other providers’ data protection statements, you refer to the information given on their respective websites.

Amendments of this Privacy Statement

Any revision of this Privacy Statement is identified by the date specified (see below). We reserve the right to amend this Privacy Statement at any time with effect for the future. Amendments will be made, among other things, in case of technical adjustments of the online offering or changes of the data protection laws. The Privacy Statement as amended from time to time is always made available directly through our online offering. We recommend obtaining information on any changes of this Privacy Statement on a regular basis.

This Privacy Statement was last revised in: May 2018