Data Privacy Statement
This data privacy statement is intended to inform you about the type, scope and purpose of processing personal data (hereinafter referred to as 'data') for our internet site or any related websites, functions or contents (hereinafter referred to as ‘website'). With respect to the terminlogy used, we refer to the definitions pursuant to Article 4 of the General Data Protection Regulation (GDPR). Personal data that you make available to the German Sparkassenstiftung for International Cooperation (DSIK) (hereinafter referred to as German Sparkassenstiftung) by visiting its website are processed in line with the regulations given in the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other legal provisions that apply to electronic business transactions.
Controller
Harald Felzen
Simrockstraße 4
53113 Bonn
Phone: +49 228 9703-6605
Email: Harald.Felzen(at)sparkassenstiftung.de
Terminology
'Personal data' means any information relating to an identified or identifiable natural person (hereinafter referred to as 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This term has a broad meaning and covers virtually every operation performed on data.
‘Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Statutory legal framework
Pursuant to Article 13 GDPR, we are hereby informing you of the legal basis for our data processing operations. Where the data privacy statement does not state the legal basis, the following shall apply: The legal basis for obtaining consent is Article 6 (1) lit. a and Article 7 GDPR; the legal basis for data processing for the performance of our services and execution of our contractual measures and response to enquiries is Article 6 (1) lit. b GDPR; the legal basis for data processing for compliance with our legal obligations is Article 6 (1) lit. c GDPR; and the legal basis for data processing for the purpose of our legitimate interests is Article 6 (1) lit. f GDPR. In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, then Article 6 (1) lit. d GDPR shall form the legal basis.
Collection and use of data
Every time a user visits Sparkassenstiftung's website and every time a file is accessed, data on this operation is recorded. This includes:
- Your IP address,
- the internet site you are coming from,
- the pages you click on and,
- the date and duration of your visit.
German Sparkassenstiftung analyses this information for statistical purposes and to improve its website, without creating personal user profiles. No data is forwarded to third parties.
Transfers to third countries
Should we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) for processing, or if this takes places within the scope of the use of third-party services or the disclosure and/or transfer of data to third parties, it is only done in order for us to fulfill our (pre)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we only process or have data processed in a third country if the special conditions pursuant to Article 44 ff. GDPR are complied with. In other words, processing only takes place, for example, on the basis of specific guarantees, such as the official attestation of a level of data protection compliant with EU standards (e.g. the privacy shield for the USA) or the observance of officially recognised special contractual obligations (so-called standard contractual clauses).
Use of cookies
Cookies are small text files that are sent from German Sparkassenstiftung's web server to your PC where they are stored on your hard drive. Cookies are used to store information about user page activity during and after a visit to our website. Users can prevent cookies being stored by adjusting the settings on their browser software accordingly; moreover, users can prevent Google from recording and processing cookie-generated data relating to the user page activity by downloading and installing the browser plugin under the following link:
http://tools.google.com/dlpage/gaoptout?hl=de
Use of Google Maps and YouTube
On its contact page, German Sparkassenstiftung uses the mapping app Google Maps API by Google Inc. to show locations on an interactive map. As a result, information about your use of German Sparkassenstiftung's website, including your IP address, is transferred to a google server in the USA where it is stored. Likewise, in some places, YouTube videos are embedded in the web page by means of framing.
In its own data protection statement, Google does commit not to forward any information to third parties, but also includes exceptions. Thus, data collected in this way can under certain circumstances be transferred to third parties, if this is required by law in the USA or if third parties process data on Google's behalf. Click here to read Google Inc.'s data protection statement: http://www.google.com/policies/privacy/
You can disable the mapping app and prevent data from being transferred to Google by deactivating Java Script in your browser. ser.
German Sparkassenstiftung's website features selected Facebook posts. These do not constitute a social plugin. As soon as you click on 'read more' without having logged into Facebook, a new window appears with the Facebook log-in form. At the same time, Facebook installs a cookie on your hard drive. If you use and recommend the link while logged into Facebook, this information is transferred to Facebook. Visitors to your Facebook page can then – depending on your privacy settings in Facebook – see that you recommend the article.
Pages within Facebook are operated exclusively by Facebook Inc., 601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). For this reason, it is not possible for German Sparkassenstiftung to know or influence which data Facebook records on these sites.
For more general information about this matter, read: http://www.facebook.com/about/privacy/your-info-on-other#applications
Other links to external providers
This data privacy statement does not apply to the contents of any websites by other providers we have linked to our own. It is not possible for German Sparkassenstiftung to know which data the operators of these sites might record or to exert any influence in this respect. You can access information in the respective site's data protection notice.
Encryption of personal data
Any information you entrust to German Sparkassenstiftung in dialogue and application forms is transferred securely using state-of-the-art internet technology and used exclusively for the designated purpose.
German Sparkassenstiftung uses a transmission procedure based on the SSL protocol (Secure Sockets Layer Protocol). The SSL protocol enables the encryption of all data transmitted between your browser and German Sparkassenstiftung's server. In this way, your data are protected against manipulation and unauthorised access by third parties during transmission.
Purpose specification
Your personal data are used exclusively for the purpose for which you entrusted them to German Sparkassenstiftung and/or for the use and disclosure you have consented to. Collection by and/or transmission to government agencies and authorities only occurs where unequivocally required by national law. German Sparkassenstiftung employees are instructed about data protection and are legally obliged to observe confidentiality and data secrecy.
Rights of data subject
You have the right to demand confirmation as to whether or not your data has been processed and to access the data as well as further information and copies of this data pursuant to Article 15 GDPR.
Pursuant to Article 16 GDPR, you have the right to have incomplete personal data completed or inaccurate personal data rectified.
In keeping with Article 17 GDPR, you have the right to demand the erasure of personal data without undue delay. Alternatively, according to Article 18 GDPR, you have the right to demand the restriction of processing.
Pursuant to Article 20 GDPR, you have the right to data portability and thus to receive personal data you have provided to us and to demand those data be transmitted to another controller.
Furthermore, pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority.
Deleting data
Pursuant to Articles 17 and 18 GDPR, the data we process are deleted or their processing restricted. Unless otherwise explicitly stated within the scope of this data privacy statement, the data we store are deleted as soon as they are no longer needed for the designated purpose and there are no statutory retention periods preventing their erasure.
This data privacy statement was compiled on 1 August 2017 and updated on 23 May 2018.