Data Privacy

 

Introduction:

We would like to welcome you to the HUMAN Foundation website. For the management of the HUMAN Foundation, data protection has a high priority. In principle, the use of the HUMAN Foundation website is possible without providing personal data. However, if you would like to make use of a service via our website, it may be necessary to collect, store and pass on your personal data. Of course, we will always point out possible data collection to you before these processes and this will only be done with your consent.

In the course of the General Data Protection Regulation (GDPR), some new terms were introduced, which we will explain to you in more detail. Some new rights have also been added for you as the data subject.

We will show you what rights you have in the later text.

For us as the controller, there are also several obligations that we would also like to explain to you in this data protection declaration.

But you can be sure that we have taken all the necessary technical and organizational measures to protect your data in the best possible way.

Unfortunately, despite our best efforts, we can never guarantee that a security vulnerability will not arise. If this happens, we will inform you and immediately ensure that this security gap is closed.

As you can see, we stand for open communication and the highest level of data protection.

The transparency created by the HUMAN Foundation in the field of data protection should enable you to build the best possible trust in us.

Responsible for processing

The legal entity / trustee of the HUMAN Foundation is the DS Deutsche STiftungsagentur in Neuss and is administered by it.

Edith Neumann, Founder, and board member
Karlheinz Neumann, Founder and board member

Herzog-Maximilian-Weg 14,
85551 Kirchheim bei München
Phone: +49 89 9037909
E-Mail: info@human-stiftung.org
LINK to Legal Notice: https://human-stiftung.org/en/legal-notice

Responsible for content

Karlheinz Neumann
Herzog-Maximilian-Weg 14,
85551 Kirchheim bei München

Legal entity of the foundation

DS Deutsche Stiftungsagentur GmbH
HUMAN-Stiftung
Brandgasse 4,
41460 Neuss
Telefon: 02131 – 5 25 13 -0
Fax: 02131 – 5 25 13 – 40
E-Mail: info@human-stiftung.org
Website: https://human-stiftung.org

Type of data processed

In the following we will show you which data could possibly be collected from you or which information we could receive from your visit:

  • Address data: first name, last name, street, house number, country, city, post code, location data, etc.
  • Contact details: telephone number, website, mobile number, email address, fax, etc.
  • Technical data: IP address
  • Behavioral data: frequency of website access, interest in website content, click behavior, access times, reading times, etc.

Purpose of processing

Your data are collected for various reasons. The survey primarily serves to enable us to make our online offer available in the form of our website. Certain functions and content can only be provided with the help of your data and information.
Furthermore, the survey serves to enable us to analyze your user behavior in order to possibly create a better visitor experience on our website for you.
We also collect data so that we can analyze our own website. It is very important for us to recognize visitor behavior and wishes and to use them to optimize our web offerings. This way, a better user experience can be created for you as the person concerned and we can operate and expand our company and our website in a more targeted manner.
The contact form also collects data so that we can process and answer your inquiries and suggestions. The same applies to comment functions. Finally, we can also use the data to take various security measures to make our website more secure.
In summary:
● Reply to comments
● Simplified contacting

Category of the data subject

According to the GDPR, the data subject means you. This means that when you come to our website, we process your data. In the following we will describe you as a data subject or as a user.

Terminology

In the following, we will now explain the terms that are explained in the law.

  1. Personal data

All information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable person is a natural person who, directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

  1. Affected Person

To understand every identified or identifiable natural person whose personal data are processed by the responsible.

  1. Processing

Any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, collection, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

  1. Restriction of processing

The marking of stored personal data with the aim of restricting their future processing.

  1. Profiling

Any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects relating to a natural person, in particular to aspects related to work performance, economic situation, health, personal preferences, Analyze or predict the interests, reliability, behavior, location or relocation of this natural person.

  1. Pseudonymization

Processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not identified or identifiable natural person.

  1. Responsible or Responsible for processing

The natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided according to Union law or the law of the Member States.

  1. Processors

A natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.

  1. Recipient

A natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under Union law or the law of the Member States are not considered recipients. The processing of this data by the aforementioned authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.

  1. Third Party

A natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under Union law or the law of the Member States are not considered recipients. The processing of this data by the aforementioned authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.

  1. Consent

Any expression of will voluntarily given by the data subject for the specific case in an informed manner and unequivocally in the form of a declaration or other clear confirmatory act, with which the data subject indicates that they consent to the processing of their personal data.

Rights of the data subject

  1. Right to confirmation

You have the right to request confirmation from the data controller about the processing of personal data. If you would like to do this, you can contact employees or the data protection officer of the HUMAN Foundation at any time.

  1. Right to information

You have the right to request confirmation from the controller as to whether personal data concerning you are being processed; if this is the case, you have the right to information about this personal data and the following information:

  • The processing purposes
  • The categories of personal data that are processed
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, especially for recipients in third countries or with international organizations
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, especially for recipients in third countries or with international organizations
  • The existence of a right to correction or deletion of the personal data concerning them or to restriction of processing by the person responsible or a right to object to this processing
  • The right to lodge a complaint with a supervisory authority
  • If the personal data is not collected from the data subject: All available information about the origin of the data
  • The existence of automated decision-making, including profiling, in accordance with Article 22 Paragraph 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
  • If personal data are also transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate guarantees in accordance with Article 46 in connection with the transfer.
  • If the data subject wishes to exercise their right to information, they can contact employees of the HUMAN Foundation at any time
  1. Right to rectifiction

You have the right to request the person responsible to correct your incorrect personal data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration. If you want to exercise your right to correction, you can contact the staff of the HUMAN Foundation at any time.

  1. Right to erasure (right to be forgotten)

As a data subject, you have the right to request that the person responsible delete your personal data immediately. The controller is obliged to delete personal data immediately if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject withdraws their consent on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.
  • The data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR the processing.
  • The personal data was processed illegally.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
  • The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
  • If one of the above-mentioned reasons applies and a data subject wishes to delete the personal data deposited with the HUMAN foundation, they can contact an employee of the HUMAN foundation at any time, who will ensure that the request for deletion is immediate is complied with.
  • If the responsible has made the personal data public and is obliged to delete them in accordance with paragraph 1, he will take appropriate measures, including technical measures, taking account of the available technology and implementation costs, to ensure that the controller is responsible for the data processing Process data to inform that a data subject has asked them to delete all links to this personal data or copies or replications of this personal data.
  1. Right to restriction of processing

You have the right to request the controller to restrict processing if one of the following conditions is met:

  • The correctness of the personal data is contested by the data subject for a period of time that enables the person responsible to check the correctness of the personal data.
  • The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
  • The responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
  • The data subject has objected to processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the data subject.
  • If one of the reasons mentioned above applies and a data subject wishes to exercise their right to restrict processing, they can contact an employee of the HUMAN Foundation at any time.
  1. Right to data portability

As a data subject, you have the right to receive the personal data concerning you that you have provided to a person responsible in an orderly and common format. Furthermore, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 Paragraph 2 letter a or based on a contract in accordance with Article 6 paragraph 1 letter b and the processing takes place with the aid of automated processes. This does not apply if it involves processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.
In addition, when exercising your rights to data portability in accordance with Art. 20 Para. 1 GDPR, you have the right to have your personal data transferred directly from one responsible person to another, as far as this is technically feasible and the rights and freedoms other people are not affected.
If you want to exercise your rights to data portability, you can contact employees or the data protection officer of the HUMAN Foundation at any time.

  1. Right of withdrawal

You have the right to withdraw your consent for the future. This right is based on Article 7 of the GDPR.

  1. Right to object

You have the right to object at any time to the processing of your personal data based on Art. 6 Para. 1 Letter e or f GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. The controller will no longer process your personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You also have the right, for reasons arising from your particular situation, to object to the processing of your personal data relating to you, which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR unless the processing is necessary to fulfill a task in the public interest.
To exercise your right to object, you can contact any employee or the data protection officer of the HUMAN Foundation at any time. You are also free to exercise your right to object to automated procedures that use technical specifications in connection with the use of information society services.

Provision of personal data

If you conclude a contract with us, you are obliged to provide us with your personal data relevant to the contract so that a contractual relationship can come into existence and exist. As the person responsible, we have to show you what would have happened if you did not provide the data.
The provision of personal data is partly required by law, for example through tax regulations. The provision can also result from contractual regulations such as information on the contracting party, etc. For the conclusion of a contract between you and us, it may be necessary for you to provide your personal data. This mandatory provision then serves to carry out the contract.
If you do not provide us with the data in such a case, it is not possible to conclude a contract. However, before you, as the data subject, provide your personal data, you must either contact one of our available employees or our data protection officer. Taking into account your individual case, this will show you whether the provision of your data is required by law or contract or even necessary for the conclusion of the contract. Conversely, there could also be an obligation to provide the HUMAN Foundation with personal data.

Storage period of personal data

We may only store and store your personal data on the basis of the statutory deadlines. After this period, we are obliged to delete your personal data if it is no longer required for the execution of a contract or for the initiation of a new contract. Otherwise our legal claim under Article 6 GDPR would apply here. We also have to comply with certain statutory deadlines that stipulate longer retention periods.

Deletion of personal data

Processed data are deleted in accordance with Art. 17 and 18 GDPR or their processing is restricted. Unless otherwise stated in this data protection declaration, stored personal data will be deleted as soon as they are no longer required for their intended purpose and there are no legal retention obligations to prevent deletion. If the data is not deleted because it is required for other and legally permissible purposes, processing will be restricted. This means that the data is blocked and not used for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
According to legal requirements, storage is carried out in Germany for 10 years in particular according to §§ 147 Paragraph 1 AO, 257 Paragraph 1 No. 1 and 4, Paragraph 4 HGB (books, records, management reports, booking vouchers, trading books, documents relevant for taxation , etc.) and 6 years according to § 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).

Automatic decision making (profiling)

As a data subject, you have the right not to be subject to a decision based solely on automated processing – including profiling – that has a legal effect on you or similarly significantly affects you. However, this does not apply if the decision:

  • is necessary for the conclusion or performance of a contract between the data subject and the person responsible,
  • is permitted by Union or Member State law to which the controller is subject and this law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or
  • with the express consent of the data subject.

Should the decision:

  1. may be necessary for the conclusion or performance of a contract between the data subject and the person responsible, or
  2. it takes place with the express consent of the data subject,

As a result, the HUMAN Foundation takes appropriate measures to safeguard your rights and freedoms and legitimate interests, including the right to have a person intervene on the part of the person responsible, to state their own position and to contest the decision.

If you want to exercise your right to make automated decisions, you can contact the Foundation’s staff or data protection officer at any time.

Legal basis according to Art. 6 ff. GDPR

According to Art. 13 GDPR, we will inform you of the legal basis for our data processing. Unless the legal basis is mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as answering inquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Safety precautions & -measures

Taking into account Article 32 GDPR and taking into account the state of the art, we take suitable technical and organizational measures that minimize the risk of improper handling of your personal data. We want to ensure the highest level of security and legal compliance.
This includes, for example, the security, confidentiality, integrity and availability of your personal data. We guarantee this through physical access controls to buildings and data carriers, separation of the different data categories, control of access rights under transfer and much more. In addition, the same, careful backup of your data takes place through suitable, technical measures of your electronic, personal data. Our measures are continuously improved and adapted based on the latest knowledge. This is how we ensure the best possible security for your personal data.

Administration of personal data

We process your data in the context of administrative tasks as well as the organization of our company and / or to comply with legal obligations. We process the same data that we also process as part of the provision of our contractual services. In the course of this processing basis, we rely on Article 6 (1) lit. c. GDPR and Article 6 (1) lit. f. GDPR. As a customer, interested party, business partner and website visitor, you are affected by the processing. The purpose and our interest in the processing lies in the administration and archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services.

Personal data in the context of contact management

We process your data in the context of and for the purposes of contact management, also in the context of organizational purposes and / or to comply with legal obligations. We process the same data that we also process as part of the provision of our contractual services. In the course of this processing basis, we rely on Article 6 (1) lit. c. GDPR and Article 6 (1) lit. f. GDPR. Processing affects you as a customer, prospect, business partner and website visitor. The purpose and our interest in processing your data is to manage your contact details for organizational purposes and to fulfill our services.

Personal data in the context of the internal organization

We process your data in the context of and for the purposes of contact management, also in the context of organizational purposes and / or to comply with legal obligations. We process the same data that we also process as part of the provision of our contractual services. In the course of this processing basis, we rely on Article 6 (1) lit. c. GDPR and Article 6 (1) lit. f. GDPR. Processing affects you as a customer, prospect, business partner and website visitor. The purpose and our interest in the processing lies in the management of your personal data for organizational purposes in order to ensure a smooth, operational process.

Cookies

The HUMAN Foundation website uses cookies. Cookies are text files that are stored and saved on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.

By using cookies, the HUMAN Foundation can provide users of this website with more user-friendly services that would not be possible without the cookie setting.

A cookie can be used to optimize the information and offers on our website in the interests of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. The user of a website that uses cookies, for example, does not have to enter his access data every time he visits the website, because this is taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies in the internet browser used, under certain circumstances not all functions of our website can be used to their full extent.

As it is a multilingual site, the plugin WPML (WordPress Multi Language) is used. WPML uses cookies to determine the current language of the visitor, the language last visited and the language of the users who have logged in. While using the plugin, WPML will share the data regarding the page via the installer. No data is shared by the user himself.

Automatic data storage

When you visit our website, our provider automatically stores data such as on the web server (computer on which this website is stored)

  • The address (URL) of the website accessed
  • Browser and Browserversion
  • the operating system used
  • the address (URL) of the previously visited page (referrer URL)
  • The host name and the IP address of the device from which access is being made
  • Date and Time

in files (web server log files). This data is not merged with other data sources.
The basis for data processing is Art. 6 Para. 1 lit. f GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

Contact Form – Function

The information provided by the user is used when contacting us (via the contact form, email, telephone or via social media) to process the contact request and process it in accordance with Art. 6 para. 1 lit. b. (within the framework of contractual / pre-contractual relationships) and Art. 6 para. 1 lit. f. (other inquiries) GDPR processed. This user information is stored in a customer relationship management system (CRM system) or similar request organizations.

We will delete these requests as soon as they are no longer necessary. The necessity of these inquiries is checked every two years, furthermore the legal archiving obligations apply.

Comment – Function

When visitors post comments on the website, we collect the data that is displayed in the comment form, as well as the visitor’s IP address and the user agent string (this identifies the browser) to help detect spam .
The IP addresses of the comments are anonymized directly when they are sent before they are saved.

Newsletter

To receive the newsletter offered on our website, you can register using our form. We use the so-called double opt-in procedure. Here, a confirmation email is first sent to the email address you provided, asking for confirmation. Registration will not take effect until you click the activation link contained in the confirmation email. We use your data transmitted to us only for sending the newsletter, which may contain information or offers.

We use rapidmail to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. Rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. Rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider, which was carefully selected according to the requirements of the GDPR and the BDSG.

You can revoke your consent to the storage of the data and its use for sending the newsletter at any time, e.g. via the unsubscribe link in the newsletter. You can find more detailed information on the data protection declaration of rapidmail: https://rapidmail.de/datenschutz

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 Para. 1 lit. b GDPR and Section 7 (3) UWG.

Vimeo

We integrate videos from the “Vimeo” platform from Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. The data protection declaration can be found under the following link:  https://vimeo.com/privacy.

We draw your attention to the fact that Vimeo could use Google Analytics and therefore refer to the corresponding data protection declaration (https://www.google.com/policies/privacy) and the opt-out options (http://tools.google.com/dlpage/gaoptout?hl=de) and Google’s settings for data use for marketing purposes (https://adssettings.google.com/.).

On the basis of our legitimate interests, in accordance with Article 6 paragraph: 1 lit. f. GDPR, this processor is used by us.

PayPal

On our website we offer a donation button via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

If you select payment via PayPal, the payment data you have entered will be transmitted to PayPal.

Your data will be transmitted to PayPal on the basis of Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.

Google Fonts

This page uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.

Google MAPS

This website uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this page has no influence on this data transmission. The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easier to find the places we have indicated on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. More information on the handling of user data can be found in Google’s data protection declaration: https://www.google.de/intl/de/policies/privacy/.

TLS-Encryption with https

We use https to transfer data securely on the Internet (data protection through technology design article 25 par.1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transfer protection by the small lock symbol in the top left of the browser and the use of the https scheme (instead of http) as part of our Internet address.

External Links

If we use external links that are offered on our website, this data protection declaration does not extend to these links. When we offer links, we strive to ensure that they also comply with our data protection and security standards. However, we have no influence on the compliance with data protection and security regulations by other providers. Therefore, please inform yourself on the websites of other providers about the data protection declarations provided there.

Visitor Counter

Our website uses the Fastcounter visitor counter. Fastcounter is operated by Stefan Dreher, Tulpenweg 31, 24837 Schleswig, Germany. Fastcounter is a free visitor counter that analyzes and evaluates the visitors and page views on this website. The IP address, date and time of the request, browser type, browser language, screen resolution, referrer and device type are read out and transmitted to the operator of Fastcounter. All data is transmitted SSL-encrypted and of course completely anonymized and evaluated according to the guidelines of the GDPR. The IP address is pseudonymized during the transmission so that no personal data is transmitted to the operator of Fastcounter.

You can object to data collection and storage at any time with effect for the future. In order to object to the collection and storage of your visitor data in the future, you can obtain an opt-out cookie from Fastcounter under the following link, which means that no visitor data from your browser will be collected and stored by Fastcounter in the future: https://www.fastcounter.de/de/privacy/26381.htm. This will set an opt-out cookie with the name “privcookie” from Fastcounter. Please do not delete this cookie as long as you want to maintain your objection. Further information can be found in Fastcounter’s privacy policy: https://www.fastcounter.de/datenschutz.html

Final word

If you have any further questions or if you have noticed incomplete information, please contact us at any time.