We would like to welcome you to the website of Stiftung Mercator (hereinafter referred to as ‘we’) and thank you for your interest. The protection of your personal data when you are using this website is very important to us. In our data privacy statement, we would like to inform you about when we collect which data and how we use it.

In the following, we give you an insight into the cookies and plug-ins that wie use, and how you can change your cookie settings. You will furthermore gain an overview of your rights according to the applicable data protection laws. We will also tell you who you can contact if you have any further questions.

1. Who are we?

As the responsible organization pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR), we,

Stiftung Mercator

Huyssenallee 40

45128 Essen

address for correspondence:

Postfach 10 33 26

45033 Essen

Tel. +49 201 245 22-0

Fax +49 201 245 22-44


take all measures required under applicable data protection law to ensure the protection of your personal data.

If you have any questions on data processing in our company or how to exercise your rights, you can also contact our data protection officer free of charge:

Data Protection Officer

2B Advice GmbH

Didem Onur

Joseph Schumpeter Allee 25

53227 Bonn

Tel: +49 228 926 165 120


2. Scope of application of the data privacy statement

Legislators define the processing of personal data as activities such as the collection, recording, organization, filing, storage, adaptation or alteration, readout, retrieval, use, disclosure (by transmission, dissemination or some other form of provision), collation or linking, restriction, deletion or destruction of personal data.

3. What personal data do we process?

Personal data are only collected on this website to the extent that is technically necessary. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. We have taken extensive technical and operational precautions to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

Under no circumstances will we sell your personal data to third parties!

3.1 Sensitive data

Sensitive data, i.e. special categories of personal data such as information on health, political opinions, religious or trade-union affiliation, are not collected in this way.

3.2 Personal data of minors

Our activities are generally not aimed at minors. Should it come to our attention that the personal data of minors have been processed without the consent of their parents or guardians, these data will be deleted immediately.

4. What do we use your personal Data for – and on what legal basis?

4.1 Calling up the website

When you call up our website, your browser transmits certain information to our web server for technical reasons in order to provide you with the information you have called up. To enable you to visit the website, the following information is collected, used and stored for a short time:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Operating system and its interface
  • Access status / HTTP status code
  • Amount of data transferred
  • Website the request is coming from
  • Browser, language and version of the browser software
  • The processing of your data for this purpose is based on Article 6 paragraph 1 letter b of the General Data Protection Regulation (GDPR)

To protect our legitimate interests, we store the above information for a limited time in order to be able to arrange for a derivation of the personal data in the event of unauthorized access or attempted access to our servers (Art. 6(1)(f) GDPR).

4.2 To implement the application procedure

We process the data you send us in your application to check whether your professional qualifications are suitable for the advertised position. We use your information only for the application procedure and transfer it to your personnel file when a contract is concluded. Should no agreement be reached, your information will be deleted or destroyed. We will not use your application documents for any other purpose than for the application process.

4.3 Newsletters

You have the opportunity to register on our website for newsletters on various topics.

We only need your email address to send you our newsletters, all other information is voluntary.

Your data will be processed for this purpose on the basis of your consent given pursuant to Article 6 (1) letter a of the GDPR. Legislators set certain requirements for the validity of consent given electronically, as used for registration for the newsletter. This also includes logging your declaration of consent. We therefore record the date and time of your consent, the text of the declaration of consent, whether the check box was selected, your email address and all other voluntary information given. We also log the date and time of the click on the confirmation link and the link in the confirmation email. This means that you will receive our newsletter only after successful completion of a double-opt-in procedure! We collect this information with the sole purpose of complying with the legal obligations.

You have the right to revoke your consent at any time. However, withdrawal of consent shall not affect the lawfulness of the processing carried out up to the date of revocation.

Email newsletters can be revoked via the link printed in the newsletter and – where appropriate – in the administration settings of the respective online service. Alternatively, please contact us via:


To send our newsletters, we use the Inxmail Professional system from Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg. In some cases they are sent out by our service provider u+i interact GmbH & Co. KG, Karl-Eilers-Str. 13, 33602 Bielefeld. Order data-processing contracts have been concluded with both companies pursuant to Article 28 of the GDPR. Your data will not be used for any other purposes.

4.4 Based on legal requirements or in the public interest

As a company, we are subject to a wide variety of legal requirements (e.g. laid down by tax legislation). We process your personal data to the extent necessary to comply with our legal obligations.

5. Where we transfer data to and why

5.1 Use of data within Stiftung Mercator

Within Stiftung Mercator, access to your personal data is only granted to those units that need to have access in order to fulfil our contractual or legal obligations or to protect our legitimate interests.

5.2 Use of data outside Stiftung Mercator

Own service companies

In order be able to run our business efficiently, we use the services of external service providers that may receive personal data from you to fulfil the purposes described above, including IT service providers and providers of printing and telecommunications services. We select these service providers very carefully and monitor them regularly, particularly their careful handling and safeguarding of the data stored by them. We oblige all service providers to maintain confidentiality and to comply with the legal requirements.

In the case of service companies based outside the European Economic Area (EEA), we take specific security measures (e.g. by using special contractual clauses) to ensure that the data are treated with the same level of care as in the EEA. We regularly check all our service companies for compliance with our specifications.

Other data transfers

We respect the protection of your personal data and only pass on information about you if required by law, if you have given your consent, or to fulfil contractual obligations. For example, we may be subject to a legal obligation to pass on your personal data to the following recipients:

  • public bodies or supervisory authorities, e.g. tax authorities, customs authorities,
  • judicial and law enforcement authorities, e.g. police, courts, public prosecutors,
  • lawyers or notaries, e.g. in legal disputes,
  • chartered accountants.

To enable us to fulfil our contractual obligations, we cooperate with other companies. These include:

  • banks and financial services companies for handling all financial matters.

6. Deletion deadlines

In accordance with the applicable data protection regulations, we do not store your personal data for longer than we need them for the respective processing purposes. If the data are no longer required to fulfil contractual or legal obligations, they are regularly deleted by us unless their temporary storage is still necessary. The following reasons can justify continued storage:

  • Retention obligations under commercial or tax law must be observed: the time periods prescribed for retention, primarily according to the regulations of the German Commercial Code and the German Fiscal Code, are up to 10 years.
  • To obtain evidence in the event of legal disputes within the framework of the legal statute of limitations: limitation periods can be up to 30 years in civil law, whereby the regular limitation period ends after three years.


7. Use of cookies and plug-ins

7.1 What are cookies?

Cookies are small text files that are stored in your device’s hard drive through your browser. Cookies store certain information (e.g. your preferred language or page settings), which can be sent back to us by your browser when you visit the website again (depending on the lifetime of the cookie).

Your consent is assumed.

In addition to essential cookies, which enable basic functions and are necessary for the proper functioning of the website, we use optional cookies (for statistics and external media). These optional cookies are only used with your prior consent (Article 6 paragraph 1 letter a of the GDPR). Provided that you visit our website for the first time, a banner appears on our website on which we ask for your consent to use optional cookies. Your settings will be saved and the banner will not be displayed again the next time you visit our website.

Changing cookie settings

You can change your cookie settings here.


7.2 Matomo

Our website uses Matomo. This is a so-called web analysis service. Matomo uses cookies that enable us to analyze the use of the website. For this purpose, the usage information generated by the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. This serves to optimize our website. Your IP address is immediately anonymized during this process so that you as a user remain anonymous to us. The information generated by the cookie about your use of this website is not passed on to third parties.

7.3 Plug-ins

Facebook plug-ins 

Our website uses a social plug-in of the social network ‘facebook.com’, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plug-in can be recognized by the Facebook logo (white ‘f’ next to the text ‘Like’).

By clicking on a button next to the Facebook logo, you can connect to the Facebook servers to view pictures and videos from Stiftung Mercator’s Facebook stream. After activation by you, the content of the plug-in is transmitted directly by Facebook to your browser, which integrates it into the website. We have no influence over the amount of data that Facebook collects with the help of this plug-in and are therefore informing you according to the knowledge available to us: when you activate the plug-in, Facebook is informed that you have accessed the corresponding page of our website. Once you are logged in to Facebook, Facebook can assign the visit to your Facebook account. When you interact with the plug-in, i.e. by pressing the Like button, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, it is still possible that Facebook will find out and store your IP address. For information on the purpose and scope of Facebook’s collection of data, on how Facebook further processes and uses data, and on your rights and setting options for protecting your privacy, please refer to the Facebook privacy policy. If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your membership data stored on Facebook, you must log out of Facebook before activating the plug-in on our site. It is also possible to block Facebook social plug-ins with add-ons for your browser, for example using the ‘Facebook Blocker’.

Instagram plug-ins

On some pages of this website, Instagram content is embedded, which is operated by Meta Platforms Inc (formerly Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA (‚Instagram‘). This always requires Instagram to see the user’s IP address. Without the IP address, they could not send the content to the browser of the respective user. The IP address is thus necessary displaying this content. We try our best to only use content by providers that need and use the IP address for the delivery of the content only. However, we have no influence on third-party providers who store the IP address for statistical purposes for example. Insofar as this is known to us, we inform the users about it.

If you are logged in to Instagram with your own account, Instagram might attribute information about your user behavior to your personal user account. You can prevent this by logging out of your user account before viewing the Instagram content on our website. The purpose and scope of the data collection and further processing and use of the data by Instagram, as well as your rights in this regard and your options for protecting your privacy, can be found in Instagram’s privacy policy.

YouTube plug-ins 

Some pages on our website include third-party content, such as videos from YouTube. This always presupposes that the providers of this content (hereinafter referred to as ‘third-party providers’) know the user’s IP address because, without the IP address, they could not send the content to the respective user’s browser. The IP address is therefore needed in order to display this content. We make every effort to use only content whose respective providers use the IP address only to deliver the content. However, we have no influence over whether the third-party providers store the IP address, e,g, for statistical purposes. Should we become aware of this, we will immediately inform the users.

If you are logged into the respective third-party providers with your own account, it is possible that the providers will assign information on your user behaviour to your personal account on these platforms. You can prevent this by logging out of your account before using the plug-ins. For information on the purpose and scope of data collection and the further processing and use of data by YouTube, as well as on your rights and setting options for protecting your privacy, please refer to the YouTube privacy policy. Stiftung Mercator operates its own channel on YouTube. We have developed a separate Netiquette for this purpose.


Twitter plug-ins 

Our website also uses plug-ins of the microblogging service ‘twitter.com’, which is operated by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (‘Twitter’). The plug-ins are marked with a Twitter logo.

If you call up internet pages on our website that show such a plug-in, a connection is set up to the Twitter servers and the plug-in is displayed on the website by sending a message to your browser. This will tell the Twitter server which of our internet pages you have visited. If you are logged in to Twitter as a member, Twitter assigns this information to your personal Twitter user account. When the plug-in functions are used (e.g. by posting a comment), this information is also assigned to your Twitter account, which you can only prevent by logging out before using the plug-in. For more information on the collection and use of data by Twitter, on your rights in this context, and on ways to protect your privacy, please refer to Twitter’s privacy policy.

8. Data privacy statement relating to our social media presence

You can find our full privacy policy for social media here.

9.Your rights

You have certain rights relating to the processing of your personal data. More detailed information can be found in the corresponding provisions in the EU’s General Data Protection Regulation (Chapter III, Articles 15 to 21 of the GDPR).

9.1 Right of access and rectification

You have the right to receive information from us about which of your personal data we process. If this information is not (or no longer) correct, you can demand that we correct the data and, if the information is incomplete, you can demand that it be supplemented. If we have passed on your data to third parties, we will inform the respective third parties in the corresponding legal situation.

9.2 Right of deletion

Under the following circumstances, you can demand the immediate deletion of your personal data:

  • if your personal data are no longer needed for the purposes for which they were collected;
  • if you have revoked your consent and there is no other legal basis for data processing;
  • if you object to processing and there are no overriding legitimate reasons for data processing;
  • if your data are being processed unlawfully;
  • if your personal data have to be deleted to comply with legal obligations.

Please note that before deleting your data, we must check to make sure that there is no legitimate reason to process your personal data.

9.3 Right to restrict processing (‘right to block’)

You can demand that we restrict the processing of your personal data for one of the following reasons:

  • if you dispute the accuracy of the data, until we have had an opportunity to satisfy ourselves as to the accuracy of the data;
  • if the data are being processed unlawfully, but instead of deletion of the data you only request that the use of the personal data be restricted;
  • if, although we no longer need the personal data for processing purposes, you still need them to assert, exercise or defend legal claims;
  • if you have lodged an objection to processing and it is not yet clear whether your legitimate interests outweigh ours.

9.4 Right of objection

If the processing is being carried out in the public interest or on the basis of a legitimate interest in data processing, you have the right to object to processing for reasons arising from your particular situation. If you lodge an objection, we will not continue processing your personal data unless we can prove compelling, legitimate reasons for processing your data which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection does not preclude the lawfulness of processing carried out prior to the objection.

The objection is not subject to any condition as to form and should be addressed to:


9.5 Right to data transferability

On request, you have the right to receive, in a transferable and machine-readable format, personal data that you have given us for processing.

9.6 Right of complaint to the supervisory authority (Article 77 of the GDPR)

We always try to process your inquiries and claims as quickly as possible to protect your rights accordingly. However, depending on the frequency of inquiries, it may take up to 30 days before we can give you any further information about your request. Should it take longer, we will inform you promptly of the reasons for the delay and discuss the further procedure with you.

In some cases we are either not allowed or not able to give you any information. Whenever legally permissible, we will inform you of the reason for refusing to provide information.

If you are nevertheless not satisfied with our answers and reactions, or if you believe that we are violating applicable data protection laws, you are free to lodge a complaint both with our data protection officer and with the relevant supervisory authority. The regulatory agency responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)

Helga Block

Postfach 20 04 44
40102 Düsseldorf


Kavalleriestrasse 2-4
40213 Düsseldorf

Phone: +49 211/384 24-0
Fax: +49 211/384 24-10
Email: @
Web: https://www.ldi.nrw.de


10. Version

This privacy policy statement is dated July 3 2023. We reserve the right to change our security and data protection measures if this is made necessary by technical developments. In these cases we will also adapt our data protection information accordingly. Therefore, please note the latest version of our privacy policy notice. Should individual provisions of this privacy policy statement be or become invalid, the validity of the remaining conditions shall remain unaffected. This and the entire legal relationship between the users of this website and Stiftung Mercator shall be governed exclusively by German law to the exclusion of international conflict-of-laws regulations. The place of jurisdiction is Essen