Heinrich Böll Stiftung
Interreg Baltic Sea Region

Private Policy

Effective:  May 2019

  1. General information
  2. Websites
  3. Newsletter, Mailing Lists, Subscriptions,
  4. Registering for Events
  5. Ordering Publications

1. General Information

1.1 Maintainer and purview

The Heinrich-Böll-Stiftung Schleswig Holstein e.V. maintains these online services in accordance with European and German information privacy laws.

1.2 Right to information

You have the right to request information on personal data, that is, data about you that has been processed and stored, and you are entitled to have such data corrected, deleted, or to demand that it is only used in a limited fashion. To do this, you may send an e-mail to datenauskunft@boell-sh.de

1.3 Regulatory authority

You have the right to lodge complaints with the relevant regulatory authority Unabhängiges Landeszentrum für Datenschutz  Schleswig-Holstein  [https://www.datenschutzzentrum.de/]

2. Websites

When using our websites, personal information is collected for the following purposes:

2.1 The transmission of online contents
2.2 The transmission of contents provided by third parties
2.3 The improvement of our web services
2.4 The security of our technical infrastructure
 

2.1 The transmission of online contents

2.1.1 Purpose and type of data involved

In order for you to view contents from our websites, your browser will transmit the following information (as part of an HTTP request):

  • Your IP address (a numerical label that identifies your internet access),
  • the web contents you have requested,
  • information about the type of internet browser and operating system used.

2.1.2 Legal basis

The above-mentioned types of data are required in order to transmit contents as requested and to optimise the way in which it is being displayed. The data in question is being processed on the basis that we have a legitimate interest to transmit contents as requested by users.

2.1.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

2.1.4 Retention of data

We retain the data in question only until the requested content has been transferred to the user.

2.1.5 Your rights

Generally, there is no legal right that data transmitted in the process of accessing online contents is being rectified, deleted, or shared with the user, as data is only retained temporarily in order to transmit requested contents and will be deleted immediately after the end of the transaction. Consequently, the data in question will no longer be available for privacy-related requests.

However, you are at liberty to file a request regarding such information, and we will try to consider and honour such requests wherever possible and independently of whether there is any legal requirement to do so. Should be we unable or unwilling to do so, we will give you our reasons in writing.

2.2 The transmission of contents provided by third parties

Our websites are using third-party services in order to embed third-party content. Users are redirected as we have a legitimate interest to enrich contents we provide with that provided by others and thus to correlate contents. Once you start using third-party services, their respective privacy policies apply.

2.3. The improvement of our web services

2.3.1 Objectives and types of data

In order to optimise our online contents, we evaluate how users navigate our websites. For this we analyse the following data derived from HTTP requests:

  • Part of your IP address (that is, the numerical label identifying your computer access point). However, your IP address is being anonymised by deleting the final two parts (blocks of numbers) of the address,
  • the web page you have requested,
  • information regarding the type of internet browser and operating system used, and
  • possibly the page visited before accessing our website (referrer information).

In addition, we use cookies to identify returning users. The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

 

2.3.2 Legal basis

The types of data referred to above are being collected and processed because we have a legitimate interest to improve the usability of our websites.

2.3.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

2.3.4 Retention of data

All personalised data is being anonymised right after it has been collected.

2.3.5 Your rights

Generally, there is no legal right for the data in question to be rectified, deleted, or shared with the user, as the data retained is anonymised, thus, as a rule, making it impossible to connect specific data to individual users requesting information.

2.4 The security of our technical infrastructure

2.4.1 Objectives and types of data

To secure our technical infrastructure, we draw on the following information contained in the HTTP request:

  • Your IP address (a sequence of numbers identifying your current computer access point to the web)
  • the website you requested,
  • information about the type of internet browser and operating system used,
  • and, possibly, the web page viewed before visiting our website (referrer information).

2.4.2 Legal basis

The information in question is being retained, as we have a legitimate interest to analyse malfunctions and attacks targeting our technical systems.

2.4.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

2.4.4 Retention of data

Unless breaches of security have been identified, the data in question will be deleted within seven days. In case of breaches of security, the data will be deleted as soon as there is no further legitimate interest to retain them.

2.4.5 Your rights

Generally, there is a legal right to request information about the above-mentioned types of data, as well as a right to having them rectified. However, as a rule, the data in question can only be personalised via the IP address, and, at the same time, we are obliged to disclose information only to eligible persons. This means, in order to get access to the data in question, you will have to prove that this data actually pertains to you.

3. Newsletter, Mailing Lists, Subscriptions, Conferences

3.1 Objectives and types of data

Here, personal data will be gathered and retained in order to fulfil one of the main missions of the Heinrich Böll Foundation (see § 2 of our bylaws. At most, the data in question comprises:

  • name
  • title
  • gender / form of address
  • date of birth
  • contact information (postal address, e-mail, phone no., fax no., instant messager, website)
  • areas of interest
  • relationship with Foundation
  • when/how contacted by Foundation
  • specifics
  • privacy information

3.2 Legal basis

The data in question is being retained as the Foundation has a legitimate interest to fulfil its mission as defined in its bylaws.

3.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

3.4 Retention of data

The personal data in question will be retained, unless the person in question opts out, asking us to delete the data. Additionally, we regularly review all cases where, over the course of the last 18 months, information could not be delivered. In such cases, all personal data will be deleted after review within a reasonable processing period of up to three months.

3.5 Your rights

You have the right to have such data deleted, rectified, and to limit the ways in which it may be processed.

4. Registering for Events

4.1 Objectives and types of data

For this, personal data will be retained in order to fulfil one of the main missions of the Heinrich Böll Foundation (see § 2 of our bylaws). At most, the data in question comprises:

  • name
  • title
  • gender / form of address
  • contact information (postal address, e-mail, phone no.)
  • information about events
  • when/how contacted by Foundation
  • privacy information

4.2 Legal basis

The data in question is being retained as the Foundation has a legitimate interest to fulfil its mission as stated in its bylaws.

4.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

4.4 Retention of data

Persons registering for an event consent to being contacted, and they give permission for their data to be retained in order to prepare, organise, follow up on, and document the event in question.

4.5 Your rights

  • You have the right to have such data deleted, rectified, and to limit the ways in which it may be processed.
  • Right of cancelation to registered event, with the whole fee refunded is possible until 7 days before the date of the event. Cancelation after that 50% of the fee will be withhold.

5. Ordering Publications

5.1 Objectives and types of data

When ordering publications, the following customer data will be retained:

  • name
  • address and, where needed, billing address
  • e-mail
  • publication ordered
  • billing information

5.2 Legal basis

The retention of data is based on a contractual agreement or on a pre-contractual legal relationship.

5.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

5.4 Retention of data

Your personal data will be deleted upon request sent to datenauskunft@boell-sh.de. In case a publication requires payment, your data will be retained for at least the period required by law.

5.5 Your rights

You have the right to be informed about such data, and to have such data deleted, rectified, and to limit the ways in which it may be processed, provided there are no legal requirements to the contrary.