The collection and processing of your personal data occurs in compliance with the applicable data protection provisions, in particular the General Data Protection Regulation (GDPR).
The controller responsible for the collection, processing and use of your personal data within the meaning of Article 4(7) GDPR is
Sonnenfeld – Stiftung
Stiftung des privaten Rechts (Foundation established under private law)
Tel.: 030/895 40 408
Fax: 030/896 80 640
If you wish to object to the collection, processing or use of your data by us according to these data protection provisions as a whole or to individual measures, you may
send your objection to the executive management of Sonnenfeld-Stiftung.
B: General purposes of processing
We use personal data for the purpose of operating the website and contacting scholarship holders and parties interested in our organisation.
C: Which data we use and why
C. 1: Hosting
The hosting services we use serve to provide the following services: Infrastructure and platform services, computer capacity, storage space and database services, security services, as well as technical maintenance services which we use for the purpose of operating the website.
We or our hosting provider process inventory data, contact details, content data, contract data, usage data, meta and communication data of scholarship holders, interested parties and visitors to this website based on our legitimate interest in providing an efficient and secure website in accordance with Article 6(1)(1)(f) GDPR in conjunction with Article 28 GDPR.
C.2: Access data
When you use this website, information about your user behaviour and your interaction with the website is automatically captured and data on your computer or mobile device is registered. The following access data is collected and stored:
- Name and URL of the page requested by the visitor
- Date and time of access by the visitor
- Notification of successful access
- Browser and, if necessary, operating system of the visitor’s computer, as well as the name of the access provider
- Website from which the site is accessed
- Websites which are visited by the visitor’s system via our website
- The visitor’s internet service provider
- IP address of the visitor’s end device
The data stated is used by us for the following purposes:
- To guarantee that a smooth connection to the website is established,
- To guarantee that our website can be used easily,
- To evaluate system security and stability, and
- For other administrative purposes.
The legal basis for the data processing is Article 6(1)(1) et seq GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of personally identifying you.
We reserve the right to subsequently check the log files if there is concrete evidence to suspect unlawful use. We store IP addresses for a limited time in the log files if this is necessary for security purposes or to provide the service or payment required for the service, if you use our services, for example. After the process is complete, we delete the IP address if this is no longer required for security purposes. We also store IP addresses if we suspect a criminal act has been committed in connection with use of our website. We also store the date of your last visit as part of your account. (for example, at registration, login, clicking on links, etc.)
We use session cookies in order to optimise our website. A session cookie is a small text file which is sent by the respective server when a website is visited and is temporarily stored on your hard drive. This file contains a session ID which allows different requests from your browser to be assigned to the general session. This enables your computer to be recognised if you return to our website. These cookies are deleted as soon as you close your browser.
Temporary cookies are used to make the website more user-friendly. They are stored on a visitor’s device for a limited period. When a visitor visits returns to a website, the website automatically recognises that the visitor has been to the website before, any input made, and the how it was configured so that the visitor does not have to repeat this.
The data processed by cookies is necessary for the purposes mentioned above to safeguard our legitimate interests in accordance with Article 6(1)(1)(f) GDPR.
These cookies store the following data and information:
- Login information,
- Language settings,
- Search terms entered,
- Information about the number of times our website is requested and the use of individual functions of our online content.
An identification number is assigned to the cookie when it is activated. Your personal data is not assigned to this identification number. Your name, IP address or similar data which would allow the cookie to be assigned to you are not assigned to the cookie. Based on cookie technology, we only receive pseudonymised information, about which pages of the website have been visited, for example.
You can set up your browser in such a way that you are informed about the placement of cookies in advance and can decide separately whether to accept cookies for particular cases, or generally exclude them, or completely block cookies. Consequently, the functionality of the website may be restricted.
C.4: Data for the fulfilment of our contractual obligations
We process personal data which we require for the fulfilment of our contractual obligations, such as name, address, e-mail address. The collection of this data is necessary for conclusion of a contract.
The data is deleted after the guarantee periods and statutory retention periods have expired.
The legal basis for processing this data is Article 6(1)(1)(b) GDPR because this data is required so that we can fulfil our contractual obligations towards you.
C.5: E-mail contact
When you contact us, (for example, via contact form or e-mail), we process your details to handle the enquiry and for the event that there are follow-up questions.
If data is processed for the performance of pre-contractual measures which arise at your request from the performance of the contract, the legal basis for this data processing is Article 6(1)(1)(b) GDPR.
We only process personal data if you have given your consent to this (Article 6(1)(1)(a) GDPR) or we have a legitimate interest in processing your data (Article 6(1)(1)(f) GDPR). For example, we have a legitimate interest in replying to your e-mail.
D: Storage period
If not specifically stated, we only store personal data for as long as this is necessary for the intended purpose.
In some cases, the legislation prescribes the retention of personal data, such as in tax or commercial law. In these cases, the data is only stored by us for these legal purposes, but not processed, and is deleted after the statutory retention requirement has expired.
E: Your rights as a data subject
According to the applicable laws, you have various rights relating to your personal data. If you would like to assert these rights, direct your request via e-mail or post to the address stated under A, indicating your name.
Below you will find an overview of your rights (not definitive)
F.1: Right to obtain confirmation and access
You have the right to access information about how your personal data is processed.
You have the right to obtain from us, at any time, confirmation as to whether or not your personal data is being processed. If this is the case, you have the right to obtain information from us about your personal data stored in addition to a copy of this data, free of charge. Furthermore, the right to the following information exists:
- the purposes of processing
- the categories of personal data that are being processed
- the recipients or the categories of recipients to whom the personal data has been or will be disclosed, in particular also in the case of recipients in third countries or international organisations;
- where possible the planned duration for which the personal data will be stored, or where this is not possible, the criteria for determining the duration;
- the existence of a right to rectify or erase your personal data, or to restrict the processing thereof by the controller, or the right to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from you, all available information about the origin of the data;
- the presence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved as well as the significance and the intended consequences of such processing for you.
If personal data has been transmitted to a third country or an international organisation, you have the right to be informed of the appropriate safeguards in accordance with Article 46 GDPR associated with the transmission.
F.2: Right to rectification
You have the right to obtain the rectification of your personal data if inaccurate, and if necessary, you have the right to have incomplete personal data completed.
You have the right to demand immediate rectification of your incorrect personal data. In consideration of the purposes of the processing, you have the right to demand the completion of incomplete personal data, including by means of a supplementary statement.
F.3: Right to erasure
In a range of cases, we undertake to erase your personal data.
In accordance with Article 17(1) GDPR you have the right to demand that your personal data is immediately erased and we are obliged to erase personal data immediately where one of the following grounds applies:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing is based in accordance with Article 6(1)(1)(a) or Article 9(2)(a) and there are no other legal grounds for the processing.
- You submit an objection to the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you submit an objection to the processing in accordance with Article 21(2) GDPR.
- The personal data was processed unlawfully.
- The personal data has to be erased to fulfil a legal obligation under Union Law or the Member State law by which we are governed.
- The personal data was collected in relation to information society services offered in accordance with Article 8(1) GDPR.
If the controller has made your personal data public and is obliged to erase it in accordance with Article 17(1) GDPR, it shall take reasonable steps, taking into account available technology and implementation costs, including technical measures, to inform controllers who are processing the personal data that you as the data subject, have requested the erasure of all links to this personal data or of copies or replications of this personal data.
F.4: Right to restriction of processing
In a range of cases, you are entitled to request the restriction of processing of your personal data.
You have the right to obtain from us the restriction of processing where one of the following applies:
- You contest the accuracy of your personal data; the restriction in this case shall be for a period of time that enables us to verify the accuracy of your personal data;
- The processing is unlawful and you opposed the erasure of the personal data and requested the restriction of use of the personal data instead;
- We no longer need the personal data for processing purposes, but you need it to establish, exercise or defend your legal claims; or
- You have objected to the processing in accordance with Article 21(1) GDPR and verification of whether the controller’s legitimate grounds override your grounds is still pending.
F.5: Right to data portability
You have the right to receive your personal data, to transmit it or have it transmitted by us in a machine-readable format.
You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, to whom the personal data has been provided, where:
- the processing is based on consent in accordance with Article 6(1)(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract in accordance with Article 6(1)(1)(b) GDPR and
- the data is being processed by automated means.
F.6: Right to object
You have the right to object to lawful processing of your personal data by us on grounds relating to your particular situation insofar as our interests in the processing do not override these.
You have the right, for reasons arising from your own particular situation, to object at any time to the processing of your personal data that is performed in accordance with Article 6(1)(1)(e) or (f) GDPR; this also applies to any profiling based on these provisions. We will then no longer process this personal data unless there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
Where your personal data is processed for direct advertising purposes, you have the right to object at any time to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
Where personal data is processed for scientific, historical research or statistical purposes in accordance with Article 89(1) GDPR, you, on grounds relating to your particular situation, will have the right to object to the processing of your personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
F.7: Automated decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or similar significant adverse effects for you.
Automated decision-making based on the personal data collected shall not take place.
F.8: Right to withdraw consent in relation to a data protection ruling
You have the right to withdraw your consent to the processing of your personal data at any time.
F.9: Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.
G: Data security
We make every effort in the context of the applicable data protection laws and technical possibilities to secure your data.
We do not guarantee that our website will be available at specific times; problems, disruptions or failures cannot be excluded. The servers used by us are regularly backed up.
H: Forwarding data to third parties, no data transfer to non-EU countries
In principle, we only use your personal data within Sonnenfeld-Stiftung.
If and to the extent to which we engage third parties in the context of fulfilling contracts (for example, logistics service providers), these receive personal data only to the extent to which the transmission is necessary for the relevant service.
For the case where we outsource certain parts of data processing (‘Contract data processing’), we contractually require data processors to use personal data only in accordance with the requirements of data protection legislation and to guarantee the protection of the data subject rights.
A data transfer to places or persons outside of the EU in the case stated under letter D of this Policy shall not take place and is not planned.
The following trust foundations are currently under the umbrella of the Sonnenfeld-Stiftung:
- Prof. Dr. Hans und Elona Ebel Stiftung