Data Protection Policy
Section 1 Information about the collection of personal data
(1) The following information applies to the collection of personal data when using our website. Personal data are any data that can be related to you personally, e.g. name, address, e-mail addresses or user behaviour.
(2) The legal basis for this declaration is the German Church Data Protection Act (KDG).
(3) The controller in accordance with Section 4, No. 9, KDG, is
Stiftung Liebenau
Kirchliche Stiftung privaten Rechts
Siggenweilerstr. 11
88074 Meckenbeuren
Telefon +49 7542 10-0
info(at)stiftung-liebenau.de
Thomas Kaldenbach
Stiftung Liebenau
Justiziar und Datenschutzbeauftragter
Siggenweilerstraße 11
88074 Meckenbeuren
Telefon +49 7542 10-1101
thomas.kaldenbach(at)stiftung-liebenau.de
(4) ) In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. If we use commissioned service providers for individual functions of our services, we shall inform you in detail about the respective processes below. In that respect we shall also state the defined criteria for the storage period.
(5) If our service providers are based in a country outside the European Economic Area (EEA), we shall inform you about the consequences of this circumstance in the service description.
Section 2 Collection of personal data
(1) In the case of using the website to obtain information, i.e. if you merely view our website and do not register or otherwise forward information to us, we process the personal data that your browser transmits to our server (log files). The processing is necessary to display our website to you and ensure stability and security. This legitimate interest is the basis for the data processing in accordance with Section 6(1), letter g), KDG. This applies to the following data:
a) IP address
b) Date and time of the enquiry
c) Time zone difference to Greenwich Mean Time (GMT)
d) Content of the request (specific page)
e) Access status/HTTP status code
f) Respective transferred data quantity
g) Website from which the request comes Browser
h) Operating system and its interface
i) Language and version of the browser software
The data are deleted as soon as they are no longer required for the purpose of their collection. In the case of recording the data to present the web site, this shall be deemed the case if the respective session has ended. In the case of storing the data in log files, this is deemed the case at the latest after five days. Storage beyond this period is possible. In such a case, the user’s IP address shall be deleted or rendered anonymous so that attributing such an IP address to the requesting client is no longer possible.
Section 3 Use of Cookies
Below we explain the mechanisms we use to recognise you as a user. Cookies are used when you visit our website.
Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the Cookie (in this case us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They are aimed at making the internet service more user-friendly and effective overall.
With regard to Cookies, a distinction must be made between those that are necessary and those that are not. Technically necessary Cookies, on the other hand, are all Cookies that are necessary to operate a website and maintain its functions. All Cookies that are not absolutely technically necessary to operate a website and provide specific page functions are deemed Cookies that are not necessary in a technical sense.
(1) Technically necessary/unconditionally necessary Cookies - Without consent
We use the following technically necessary Cookies and Cookies that are absolutely necessary in accordance with Section 25(2), No. 2, German Telecommunications Telemedia Data Protection Act (TTDSG), because these are necessary for the operation of our website according to their stated purpose:
| Surename | Third parties | Intended use | Storage Period |
| be_lastLoginProvider | stiftung-liebenau.de | Retains the user’s states for all page requests. | 3 months |
| be_typo_user | stiftung-liebenau.de | Retains the user’s states for all page requests. | 3 months |
| PHPSESSID | stiftung-liebenau.de | Retains the user’s states for all page requests. | Session |
| cookie_optin | www.stiftung-liebenau.de | Retains the user’s Cookie opt-in consent. | 1 month |
For an explanation of these Cookies, please refer to the comments below about the third party providers we use.
(2) Technically unnecessary Cookies - With consent
We use technically unnecessary Cookies based on Section 25(1), TTDSG.
With regard to the processing of data as part of technically unnecessary Cookies and the transfer of your data to third countries, your consent is required in accordance with Section 6(1), letter b), in conjunction with Section 41(1), KDG.
For an explanation of these Cookies, please refer to the comments below about the third party providers we use.
| Surename | Third parties | Intended use | Storage Period |
| _clck | Microsoft Clarity | Microsoft Clarity sets this cookie to store the browser's Clarity user ID and preferences exclusively for this website. This ensures that actions taken on subsequent visits to the same website are linked to the same user ID. | 1 year |
| _clsk | Microsoft Clarity | Microsoft Clarity sets this cookie to store a user's page views and combine them into a single session record. | 1 year |
| _gcl_au | Google Ads | Includes a randomly generated user ID. | 90 days |
| _gcl_aw | Google Ads | This cookie is set when a user arrives at the site having clicked on a Google ad. It contains information about which ad was clicked, so that actions such as orders or contact requests can be attributed to the ad. | 90 days |
| _gcl_dc | Google Ads | This cookie is set when a user arrives at the site having clicked on a Google ad. It contains information about which ad was clicked, so that single tasks such as orders or contact requests can be assigned to the ad. | 90 days |
| _fbp | The purpose of _fbp is attributable to Facebook's advertising and analysis efforts. This cookie is a first-party cookie, meaning Facebook places it while a consumer is on Facebook. This cookie tracks a user's visits to various websites and reports this behaviour to Facebook. Facebook can then use the collected data to better understand the user and display better, more relevant advertising. The _fbp cookie does not collect any personally identifiable information and is only placed by Facebook to send data back to the company. | 3 months |
(3) If you do not wish Cookies to be processed, you can configure your browser settings according to your wishes and, for example, refuse to accept third party Cookies Cookies or all Cookies. Please note that you may not be able to use all the functions of this website.
Section 4 Contact form and e-mail contact
(1) Our website contains contact forms that can be used for electronic contact. If a user makes use of this option, the following data shall be forwarded to us and stored in addition to the data entered in the input window:
a) The user’s IP address
b) Date and time of the registration
(2) Your consent is obtained in respect of processing the data as part of the sending procedure, and reference is made to this Data Protection Policy.
(3) Alternatively, you can establish contact via the stated e-mail address. In such a case, the user's personal data forwarded by e-mail are stored. In this context, the data are not forwarded to third parties. The data are used exclusively to process the conversation.
(4) The legal basis for processing the data in the case of obtaining the user's consent is Section 6(1), letter b), KDG. The legal basis for processing the data that are forwarded during the course of sending an e-mail is Section 6(1), letter g), KDG. If the e-mail contact is aimed at entering into a contract, the additional legal basis for the processing is Article 6(1), letter c), KDG.
(5) Processing the personal data from the entry window is intended solely for processing cases in which contact is established. In the event of establishing contact by e-mail, this also constitutes a justified interest in processing the data. The other personal data processed during the forwarding process are aimed at preventing misuse of the contact form and ensuring that our IT systems are secure.
(6) The data are deleted as soon as they are no longer required for the purpose of their collection. With regard to personal data from the entry window of the contact form and personal data that have been sent via e-mail, this is the case if the respective conversation with the user has ended. The conversation is deemed to have ended if based on the circumstances it is clear that the respective matter has been conclusively clarified.
(7) The additional personal data collected during the forwarding process shall be deleted at the latest following a period of seven days.
Section 5 Newsletter and press distribution list
(1) By way of your consent you can subscribe to our newsletter or be included in our press distribution list, which we use to inform you about our work, projects or the current legal situation.
(2) We use the so-called double-opt-in procedure for subscriptions to our newsletter. This means that after your registration, we shall send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter or be included in the press distribution list. If you do not confirm your registration within 3 days, your information shall be blocked and automatically deleted after one month. Furthermore, we store your IP addresses and the times of registration and confirmation. The procedure is aimed at being able to prove your registration and, if necessary, clarify potential misuse of your personal data.
(3) ) The only compulsory information for sending the newsletter is your e-mail address. Your e-mail address and your request for inclusion in the press distribution list stated in the message field are among the compulsory data for sending press releases. Providing further, separately marked data is voluntary. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter or press releases. The legal basis for this form of data processing is your consent in accordance with Section 6(1), letter b), KDG.
(4) You may withdraw your consent to receive the newsletter or be included in the press distribution list at any time and unsubscribe from the newsletter or press releases. You may state your cancellation by clicking on the link provided in every newsletter e-mail. After cancelling, your IP shall be anonymised after seven days. Your e-mail address shall then only be added to our blacklist so that we cannot write to you again.
Section 6 Applications
(1) You can use the Jobfinder to find out about vacancies at Stiftung Liebenau, our subsidiaries or our co-operation partners. In the case of a search via the Jobfinder only, no personal data are collected apart from the log files (Section 3). Any additional collection of data only occurs when you use the online application form linked to the job you have called up to send us a personal enquiry or your application.
(2) We process the personal data concerned for the purpose of processing your application, insofar as this is necessary for the decision about establishing an employment relationship with us. The legal basis for this is Section 53, KDG. Insofar as we also refer to job offers of our subsidiaries or other institutions, your applications will then be forwarded to these institutions.
(3) Further information about data processing in conjunction with your application can be found in our data protection information for applicants, which you can access here.
Section 7 Events
(1) On our website we offer you the opportunity to find out about cultural and religious events organised by Stiftung Liebenau and affiliated companies or organisations and, if applicable, register for these events by e-mail, in writing or by telephone. If you register for such an event with us by e-mail or wish to receive additional information, we shall process your data as described above in accordance with Section 4. Your data shall only be passed on to third parties if the implementation of the event requires such action.
(2) Photos shall be taken and videos made at these events for documentation, communication and marketing purposes. We use these recordings for reporting and public relations, in our magazines, on our website and in social media. They may also be shared with other media as part of our media relations. We shall additionally inform you appropriately about the taking of photos and making of videos as well as your rights as part of the invitation and during the event. You have the right to object to the taking and use of photos and videos that apply to you, that have already been taken in relation to the photographer or during the event or afterwards with regard to us.
(3) In the context of communication and entering into a contract regarding your participation, the data processing that occurs in this context is based on Section 6(1), letter c), KDG. The legal basis for processing your recordings in the context of our events is our legitimate interest in effective public relations work within the meaning of Section 6(1), letter g), KDG.
(4) We shall store your data for as long as is necessary for the aforementioned purposes.
Section 8 Further education and training offered by Akademie Schloss Liebenau
(1) On our website we offer you the opportunity to find out about the further education and training courses offered by Akademie Schloss Liebenau and, if necessary, register online or by e-mail.
(2) It may be necessary for us to process your personal data for online registration for events. These are necessary to organise your participation and are set out in the respective input window. Compulsory data required for the organisation of participation are marked separately, other data are voluntary. We forward your payment data to our bank in the context of paid events. The legal basis for data processing is the participation contract entered into with you in accordance with Section 6(1), letter c), KDG.
(3) Due to commercial and tax law requirements, your address, payment and registration data shall be stored for a period of ten years. However, we shall restrict processing after two years, i.e. your data shall only be used to honour legal obligations.
Section 9 Donations
(1) We would like to inform you about our work and establish a good relationship with you. To honour our statutory purpose, we also rely on the support of your donations. Donations can be made to us online or via simple bank transfer to our specified donation account. When transferring your donation, please state your first and last name as well as your address on the transfer form or by e-mail so that we can correctly allocate your donation and, if necessary, issue a donation receipt.
(2) Online donation
a) To give you the opportunity to donate directly on our website, we use the donation tool of our order processor Altruja GmbH - Augustenstraße 62, D-80333 Munich. The information you enter in the donation tool, and therefore also your personal data, is transmitted to Altruja via a secure connection to process your donation. This ensures that Altruja only receives your data once you have completed and submitted the donation form. Once your data have reached Altruja, Altruja is also responsible for protecting your data. The data shall then be forwarded to us.
b) In order for your donation to reach us, you can choose between direct debit and PayPal as our payment service provider. If you choose direct debit, we shall forward your payment data to our bank, Sparkasse Bodensee, to execute the direct debit. If you choose Paypal, you shall be redirected directly to the Paypal website and enter your payment data there. From the moment of transfer, Sparkasse Bodensee or Paypal is responsible for processing your data.
Data Protection Policy of Sparkasse Bodensee >
Data Protection Policy of Paypal >
c) Your personal data are processed in the context of your online donation to honour your donation in accordance with Section 6(1), letter c), KDG.
d) ) In addition to your details, your IP address and the time and date of use are also collected and stored at the time of sending the donation form. This information is related to the payment process and due to Section 8, German Money Laundering Act, we undertake to store this information for up to ten years.
Section 10 Use of third party providers
Incorporation of YouTube videos
(1) We have incorporated YouTube videos in our online services. These videos are stored on YouTube and can be played directly from our website. These are all incorporated in “Extended data protection mode”, i.e. no data about you as a user are forwarded to YouTube if you do not play the videos. Only when you play the videos shall the data stated in paragraph 2 be forwarded by us to YouTube on the basis of your consent in accordance with Section 6(1), letter b) ,KDG, in conjunction with Section 41(1), KDG.
(2) We have no influence on further data processing, in particular the setting of Cookies, by YouTube. However, you can prevent the setting of Cookies in your browser settings.
(3) By clicking on the video, YouTube is informed that you have accessed the corresponding sub-page of our website. In addition, the data stated under this declaration are forwarded. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged-in to Google, your data shall be directly allocated to your account. If you do not wish this to be allocated to your profile at YouTube, you need to log-out before activating the button. YouTube retains your data as use profiles and uses them for advertising and market research purposes and/or tailor-made management of its website. Such an evaluation applies, in particular (including for users who are not logged-in), to provide tailor-made advertising and to inform other users of the social network about your activities on our website. You have the right object to the creation of user profiles, whereby will need to contact YouTube to exercise this right.
(4) Please refer to the Data Protection Policy for additional information about the purpose and scope of data collection and processing by YouTube. These also provide further information about your rights and settings options for protecting your privacy. Google processes your personal data in the USA as well.
Use of Google Fonts
(1) This website uses so-called web fonts provided by Google to ensure fonts used on the site are displayed consistently. When you access a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
(2) To meet data protection requirements and minimise Google's access to your data, we have stored the Google Fonts locally on our server. This means that no connection to Google's servers is established when you visit our website. Your IP address and other personal data are therefore not forwarded to Google.
(3) By storing Google Fonts locally, we ensure that your data remains protected while also guaranteeing a consistent and aesthetically pleasing presentation of our website. Local storage is based on (§ 6 Abs. 1 lit. g) to protect legitimate interests in ensuring the security and integrity of our services and in the consistent and aesthetically pleasing presentation of our website. Further information about google web fonts can be found here> and in Google's privacy policy >.
ReadSpeaker
(1) We use the ReadSpeaker reading service of ReadSpeaker GmbH, Am Sommerfeld 7, D-86825 Bad Wörishofen, Germany, Tel.: +49 8247 / 906 30 10, e-mail: deutschland@readspeaker.com.
(2) ReadSpeaker is a reading service for public internet content. When the “Read Aloud” button is clicked, the corresponding text is converted into an audio file and streamed to the user. In this context, the user’s IP is forwarded to the ReadSpeaker server. The process and the user's IP address are deleted from the ReadSpeaker server immediately after delivery of the audio file. ReadSpeaker does not store any personal data. All services are realised in Europe (Sweden and Ireland).
(3) We use this service and process your data based on our legitimate interest in the full functionality of our website. Section 6(1), letter g), KDG, forms the legal basis in respect of the processing. You can find more information on the handling of the forwarded data in the Data Protection Policy of ReadSpeaker.
(4) You can prevent the collection as well as the processing of your data by ReadSpeaker by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, for example, under NoScript or Ghostery).
Matomo
(1) We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. We have set Matomo such that no Cookie is stored on the user’s computer (for Cookies, see above). The following data are stored if individual pages of our website are called up:
- Two bytes of the IP address of the user’s calling system.
- The website called up
- The website from which the user accessed the accessed website
- The subpages called-up from the called-up web page
- The dwell-time spent on the website
- The frequency with which the website is accessed
The software runs exclusively on the servers of our website. Personal user data are only stored there. The data are not forwarded to third parties. The software is set in such a way that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (ex: 192.168.xxx.xxx). This means it is no longer possible to assign the shortened IP address to the calling computer.
(2) The legal basis for the processing of the users’ personal data is our legitimate interest within the meaning of Section 6(1), letter g), KDG. The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.
(3) The data are deleted as soon as they are no longer required for our recording purposes.
(4) We offer our users the option of opting out of the analysis process on our website. To that end you need to follow the corresponding link. In this manner, a Cookie is, in fact, set on your system, which signals to our system not to save the user's data. If the user deletes the corresponding Cookie from their own system in the meantime, they must set the opt-out Cookie again. Further information about Matomo privacy settings can be found here.
Matomo opt-out
You have the option of preventing action you take here from being analysed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.
Your visit on this website is currently being recorded by the Matomo web analysis. Deselect this checkbox to opt-out.
Matomo Opt-Out
Microsoft Clarity
We use Microsoft Clarity to better understand our users‘needs and to optimise the offer and experience on this website. Microsoft Clarity technology enables us to better understand our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and helps us to tailor our offering based on user feedback. Microsoft Clarity uses cookies and other technologies to collect data about the behaviour of our users and their devices, in particular the IP address of the device (which is only collected and stored anonymously while using the website), screen size, device type (unique device identifiers), information about the browser used, location (country only) and preferred language for displaying our website. Microsoft Clarity stores this information on our behalf in a pseudonymised user profile. Microsoft Clarity is contractually prohibited from selling the data collected on our behalf.
When you visit this website, personal data is processed. The categories of data processed: data for creating usage statistics. Purpose of processing: anonymisation and creation of statistics and analysis of usage behaviour. The legal basis for processing: your consent according to § 6 Abs.1 lit. b KDG. Data is transferred: to the independent controller Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The legal basis for the data transfer to Microsoft Ireland Operations Ltd. is your consent according to § 6 Abs.1 lit. b KDG. This may also mean that personal data is transferred to a country outside the European Union. The data is transferred on the basis of your consent in accordance with § 6 Abs.1 lit. b KDG. To contact the data protection officer of Microsoft Ireland Operations Ltd by email, click here>. Duration of processing: ends after three months at the latest.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available on Google (e.g. location data and interests) (target group targeting). We as the website operator can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many ads led to corresponding clicks. This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here > and here > The company is certified according to the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards when processing data in the United States. Every DPF-certified company is obliged to comply with these data protection standards. Further information is available from the provider at the following link >
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider of this service is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads Remarketing allows us to assign people who interact with our online offering to specificly target groups so that we can then display interest-based advertising in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to the cross-device functions of Google. This way, interest-based, personalised advertising messages that have been adapted to you based on your previous usage and surfing behaviour on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have a Google account, you can opt out of personalised advertising by clicking on the following link >. This service is used on the basis of your consent in accordance with Section 6 (1) b KDG and Section 25 (1) TDDDG. This consent can be withdrawn at any time. Further information and the data protection provisions can be found in Google's privacy policy here >. The company is certified according to the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is obliged to comply with these data protection standards. Further information is available from the provider at the following link >
Meta Pixel
We have implemented on our website the so-called ‘Meta Pixel’, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Meta-Pixel allows Meta to identify you as a visitor to our website as a target group for advertisements (‘Meta Ads’). We use the Meta-Pixel to ensure that our Meta Ads are only displayed to those Meta users who are interested in our online offers or have certain characteristics that we pass on to Meta (‘Custom Audiences’). Our goal is to tailor our Meta Ads to the potential user's interest and to avoid annoying them. With the help of the Meta-Pixel, we can also track the effectiveness of our Meta Ads by seeing whether the user has come to our website through our ad (so-called ‘conversion’).
The data policy published by Meta, which can be accessed here, provides information about the collection, processing and use of personal data by Meta. It also explains the settings options that Meta offers to protect your privacy.
You can find more information about the Meta-Pixel here.
The use of Meta-Pixels and the storage of ‘conversion cookies’ are based on § 6 paragraph. 1 lit. b KDG, i.e. we use Meta-Pixels only with your prior consent. You can revoke this consent at any time via the settings of the cookie banner.
Facebook Conversion API
We have integrated Facebook Conversion API into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third-party countries. Facebook Conversion API enables us to record the interactions of the website visitor with our website and to pass this information on to Facebook in order to improve the advertising performance on Facebook. For this purpose, in particular the time of access, the accessed website, your IP address and your user agent, as well as any other specific data, are recorded. A complete overview of the data that can be collected can be found here.
This service is provided on the basis of your consent in accordance with Section 6 Paragraph 1. b KDG and Section 25 Paragraph 1 TDDDG. This consent can be withdrawn at any time. Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (§ 28 KDG). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the data is forwarded is not part of the joint responsibility. The obligations incumbent on us have been set out in a joint processing agreement. You can find the Text of the agreement here. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert rights of data subjects with us, we are obliged to forward them to Facebook. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here and here. You can find more information about protecting your privacy in Facebook's data policy. The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US to ensure that European data protection standards are met when processing data in the US. Every DPF-certified company is committed to complying with these data protection standards. For more information, contact the provider here. As of September 2023, Meta relies on the Data Privacy Framework (DPF, EU-US Privacy Shield) for the transfer of certain types of data from the EU to the US, including Facebook user data. The Meta DPF certification (and here) indicates the processing activities covered by the data protection framework. Data transfers not included in the DPF certification continue to be covered by the standard contractual clauses.
Facebook Custom Audiences
We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. When you visit or use our websites and apps, or take advantage of our free offers, transmit data to us or interact with our foundation's Facebook content, we collect your personal data. If you give us permission to use Facebook Custom Audiences, we will transfer this data to Facebook, which Facebook can use to display suitable advertising to you. Furthermore, your data can be used to define target groups (lookalike audiences). Facebook processes this data as our processor. Details can be found in the Facebook user agreement. This service is used on the basis of your consent in accordance with Section 6 (1) b KDG and Section 25 (1) TDDDG. This consent can be withdrawn at any time. Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here and here. The company is certified according to the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every DPF-certified company is obliged to comply with these data protection standards. Further information is available from the provider at the following link.
Social Plugins
(1) We currently use the following social media plug-ins: Facebook, Xing, LinkedIn, WhatsApp. We use the so-called Shariff solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. However, we do give you the option to communicate directly with the plug-in provider via a button. Only when you click on the button will data be transmitted and the plug-in provider will receive the information that you have accessed the corresponding page of our online offering. By activating the plug-in, personal data about you may be transmitted to the respective plug-in provider, possibly to third countries such as the USA, and stored there. Since the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies using your browser's security settings before clicking the button. The legal basis for the use of the respective plug-in is your decision to activate the data transfer and thus your consent in accordance with Section 6 (1) b) KDG, if applicable in conjunction with § 41 para. 1 KDG in the event of a third country transfer.
(2) The plug-in provider can store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the customised design of its website or various other purposes. Such an evaluation is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but to exercise this right, you must contact the respective plug-in provider. The plug-ins enable us to offer you the opportunity to interact with social networks and other users, allowing us to improve our service and make it more interesting for you as a user.
(3) Data is forwarded regardless of whether you have an account with the plug-in provider and are logged in to it. If you are logged in with the plug-in provider, the data collected by us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider will also store this information in your user account and publicly share it with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider. We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
(4) The collected information is stored on the servers of the providers, and in the case of international providers, also outside Europe. For these cases, the provider has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has agreed to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to maintain an adequate level of data protection in the third country.
(5) You may revoke your consent at any time without affecting the lawfulness of the processing carried out up to the revocation. You can carry out the revocation using the functions of the social media providers.
(6) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the following data protection declarations of these providers. These also provide further information about your rights in this regard and settings options for protecting your privacy. Addresses of the respective plug-in providers and URLs with their data protection notices:
a) For Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, here, further information on data collection here, here and here.
b) Xing: New Work SE, Am Strandkai 1, 20457 Hamburg, DE, here.
c) LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, here.
d) WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, here.
Section 11 Your rights
You have the following rights with regard to the processing of your personal data by us:
Information
You may request information at any time as to whether and which of your personal data we have stored. The provision of information by us is free of charge for you. The right to information does not exist or is restricted if and insofar as information requiring secrecy would be disclosed by the information, for example information subject to professional secrecy.
Correction
If your stored personal data that are incorrect or incomplete, you have the right to request that such data be corrected.
Erasure
You have the right to request the erasure of your personal data if and to the extent that the data are no longer needed for the purposes for which they were collected or if the processing is based on your consent and you have withdrawn your consent. You have the right to request the erasure of your personal data if and to the extent that the data are no longer needed for the purposes for which they were collected or if the processing is based on your consent and you have withdrawn your consent.
Restriction
You have the right to request the restriction of processing of your personal data.
Objection
If the processing of your data is based on Section 6(1), letter (g), KDG, you may object to the processing at any time. In the event of your justified objection, we shall examine the facts of the case and either discontinue or restrict the data processing or show you our compelling legitimate grounds on the basis of which we shall continue the processing.
Data portability
You may request the transfer of your data in a structured, common and machine-readable format to yourself or another controller.
Withdrawal
You may withdraw your consent granted to us at any time with effect for the future.
Complaint
You have the right to complain to the data protection supervisory authority if you are of the opinion that the processing of personal data concerning you violates provisions of the KDG or other data protection regulations (Section 48(1), sentence 1, KDG). The competent data protection supervisory authority is:
Katholisches Datenschutzzentrum
Haus am Dom
Roßmarkt 23
60311 Frankfurt/M.
Telefon +49 69 5899 755-10
Telefax +49 69 5899 755-11
info(at)kdsz-ffm.de
www.kdsz-ffm.de
You may exercise your above rights, with the exception of the complaint, against us by sending your specific request by e-mail or by post to our contact details set out in Section 1(3) of this Data Protection Policy. Insofar as you have granted your consent by placing a corresponding tick, you may withdraw your consent by removing the tick.
Status: December 2020
