On the basis of valid legislation, the Gerda Henkel Foundation has developed a new data privacy concept. We would like to take this opportunity to inform you about whether and, if so, which of your personal data we collect and process, and for what purposes, as well as the legal basis on which we use them on our website www.gerda-henkel-stiftung.de (“website”). Furthermore, we would like to inform you about how we handle your personal data in the event of your contacting us in writing, submitting applications for project funding, or receiving funding from us.
Personal data are all data that can be related to you personally, e.g., your name, your postal address or your e-mail address, as well as the IP address allocated to you, the technical data of your mobile terminal devices such as the type of device and the operating system, your location data, and data transmitted to us on the basis of granted access authorisation on your mobile terminal devices.
1. Who is responsible for the data processing and whom can you contact?
The Gerda Henkel Foundation, Malkastenstrasse 15, 40211 Düsseldorf, Germany is responsible for processing your personal data in the context of your use of the website. Please find further details about the Gerda Henkel Foundation and ways of contacting us here.
2. Data protection officer
In line with current legislation the Gerda Henkel Foundation has a data protection officer. The Gerda Henkel Foundation data protection officer can be reached by e-mail at: firstname.lastname@example.org
or by post at:
Gerda Henkel Stiftung
3. Legal bases for the data processing
In line with the General Data Protection Regulation (GDPR) we are obliged to inform you about the legal basis for, and purposes of the data processing we perform. We refer in principle to four different legal bases, which allow us to process the data on this website, and to communicate with you:
1.) Art. 6, para. 1 lit. a) GDPR permits data processing if the “data subject has given consent to the processing of his or her personal data for one or more specific purposes”.
2.) Art. 6, para. 1 lit. b) GDPR permits data processing if “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
3.) Art. 6, para. 1, lit. c) GDPR permits data processing if the “processing is necessary for compliance with a legal obligation to which the controller is subject”. .
4.) Art. 6, para. 1 lit. f) GDPR permits data processing if “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, […]”.
In the following list of the various purposes for which we process data we draw your attention in each case to the relevant legal basis for the purpose.
4. Data collection, data processing, and data use
The type of data processing depends on the way our services are used. The following is a list of which data we collect when.
a) Provision of the website and compilation of log files
When you visit our website, data are automatically collected and temporarily stored. These data serve communication between your computer and our server (retrieval of texts, images, download of files etc.). They are automatically transmitted by your browser. The data relates to the following information:
- Type and version of your browser
- Type and version of your operating system
- The Internet address (URL) of the requested page
- Date and time of the page request
- The IP address allocated to you
The legal basis for the collection of the data is art. 6 para. 1 lit. f) GDPR. The collected data cannot be assigned to you personally. We do not assign data by combining them with other data sources. For technical reasons the data are stored for a period of seven days and then deleted unless, that is, we are legally obliged to store them for a longer period of time.
Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this, the user’s IP address must be stored for the duration of the session. Storage in log files occurs in order to ensure the functionality of the website. The data serve to help us optimise the website and ensure the security of our IT systems. The data collected by the Gerda Henkel Foundation are used for administrative purpose, web logs, research, and collective statistics. The Gerda Henkel Foundation can use the data for statistical purposes (e.g., pages visited, time spent on the website, number of visits, date and time of a visit), as well as for adapting the web pages, content, layout, and services.
The stored data are evaluated only to the extent that
- we are obliged to by law or a court ruling or
- we need the logged data in order to be able to prosecute attacks on our infrastructure under criminal and/or civil law.
The data are not evaluated for marketing purposes.
b) Cookies and data traffic analysis
- Data collection via application and contact forms
- Saving of language settings
- Remembering search terms
c) Making contact by e-mail or filling out the contact form
On our website you will find a contact form, which can be used for making contact electronically. Alternatively, you can contact us via the e-mails provided. If you contact us using one of these channels, the personal data that are entered and transmitted are automatically stored. We process your personal data inasmuch as and for as long as we need them in order to deliver our information services for you. We delete your personal data once we have performed our service for you unless, that is, we are obliged by law to store them longer. The legal basis for the collection of the data is art. 6 para. 1 lit. f) GDPR. The purpose of the data processing and our legitimate interest lie in our being able to answer the messages sent to us.
d) Data collection in the case of an application
In order to submit an application to the Gerda Henkel Foundation for project funding or the award of a scholarship, personal data absolutely has to be provided. If you do not make your personal data available to us we are not able to process your application, or have it appraised. With regard to the application we only ask you to provide, electronically or in writing, such data that pursuant to art. 5, 6 para. 1 lit. b) GDPR are necessary for the processing of and a decision about your application and it possibly being granted.
By calling up the application forms linked in the individual funding schemes you can find out in advance which data we require for your application. The data requested are personal master data (e.g., given name, name, date of birth, …), communication data (e.g., address, , e-mail address, telephone number, …), application data (e.g., information about your academic career, employment relationships, …) and project data.
We store the data collected from you for the application as follows. The personal data we receive as part of applications for research grants are stored on the basis of art. 6 para. 1 lit. f) GDPR in accordance with no. 5. Among other things, our legitimate interest lies in being able to counter possible accusations of fraud and being able to defend ourselves against accusations of discrimination. A further legitimate interest lies in having available the information necessary for us to adhere to our application criteria, which for example prohibit previously rejected applications being re-submitted. Provided that you give your consent, we keep your application documents permanently, in order to take them into account for archiving and evaluation purposes. You can revoke this consent at any time.
The foundations’ decisions about grants necessarily require the applications that are submitted to be appraised by experts in line with normal academic standards. For this reason, it is necessary for us to forward the applications submitted, including the personal data they contain, to members of the foundations’ committees and/or external experts, who can be resident in Germany, the EU, and countries outside the EU (third countries).
e) The treatment of data in the event of funding being granted
In the event of funding being granted, the data you make available when submitting the application, and in communication relating to the funding, are stored on the basis of art. 6 para. 1 lit. b) GDPR. These are personal master data (e.g., given name, name, date of birth, …), communication data (e.g., address, e-mail address, telephone number, …), application data (e.g., information about your academic career, to employment relationships, …), project data, and accounting data. The data are not passed on to third parties.
The foundation also uses the data collected in the application submission process to inform funding partners about its activities, extend in invitations to foundation events, initiate public relations work about the research projects, and coordinate activities indirectly linked to the funding. Agreement to be included in the information mailing list is voluntary and can be revoked at any time. The legal basis for the information mailing list is art. 6, para. 1, lit. a) GDPR.
The Gerda Henkel Foundation is committed to not-for-profit, transparent work, and for this reason provides information about its funding activities in various ways. This occurs regularly, for example by maintaining a register of funded projects on the foundation’s website, by publishing an annual report in both a print and digital version, and by irregular PR activities. In the context of these activities the foundation publishes the names of the funding recipients and their institutions collected in connection with the application, and reports on the projects funded. The legal bases for these activities are art. 6, para. 1, lit c) and art. 6, para. 1, lit. f) GDPR.
5. Data storage
We process data only for as long as this is necessary for the respective purpose. Moreover, we are subject to various storage and documentation obligations pursuant to, among other things, the German Commercial Code (HGB) and the Tax Code (AO). These can be for a period of up to 10 years. The storage period is ultimately also determined by statutory limitation periods, which for example in accordance with sections 195 ff. of the German Civil Code (BGB) can be up to 30 years, although the standard limitation period is three years.
6. Your rights as the data subject
As the data subject you have the following rights:
- Revocation of your consent pursuant to art. 7 para. 3 GDPR
- Information pursuant to art. 15 GDPR
- Correction pursuant to art. 16 GDPR
- Deletion (“Right to be forgotten”) pursuant to art. 17 GDPR
- Restriction of the processing pursuant to art. 18 GDPR
- Notification pursuant to art. 19 GDPR
- Data portability pursuant to art. 20 GDPR
- Right to object pursuant to art. 21 GDP
- Right to lodge a complaint with a supervisory authority pursuant to art. 77 GDPR
You can reach the supervisory authority responsible for the Gerda Henkel Foundation at:
Landesbeauftragter für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
Tel.: + 49 (0)211/38424-0
Fax:+ 49 (0)211/38424-10
8. Data security
We have taken technical and organisational precautions to protect the data we collect. These are geared in particular against the danger of loss of, manipulation of, and unauthorised access to your data. The security concept is regularly inspected with regard to functionality and appropriateness and brought up to date.