We would like to welcome you to the website of Stiftung Mercator (hereinafter referred to as ‘we’) and thank you for your interest. The protection of your personal data when you are using this website is very important to us. In our data privacy statement, we would like to inform you about when we collect which data and how we use it.
In the following, we give you an insight into the cookies and plug-ins that wie use, and how you can change your cookie settings. You will furthermore gain an overview of your rights according to the applicable data protection laws. We will also tell you who you can contact if you have any further questions.
1. Who are we?
As the responsible organization pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR), we,
address for correspondence:
Postfach 10 33 26
Tel. +49 201 245 22-0
Fax +49 201 245 22-44
take all measures required under applicable data protection law to ensure the protection of your personal data.
If you have any questions on data processing in our company or how to exercise your rights, you can also contact our data protection officer free of charge:
Data Protection Officer
2B Advice GmbH
Joseph Schumpeter Allee 25
Tel: +49 228 926 165 120
2. Scope of application of the data privacy statement
Legislators define the processing of personal data as activities such as the collection, recording, organization, filing, storage, adaptation or alteration, readout, retrieval, use, disclosure (by transmission, dissemination or some other form of provision), collation or linking, restriction, deletion or destruction of personal data.
3. What personal data do we process?
Personal data are only collected on this website to the extent that is technically necessary. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. We have taken extensive technical and operational precautions to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
Under no circumstances will we sell your personal data to third parties!
3.1 Sensitive data
Sensitive data, i.e. special categories of personal data such as information on health, political opinions, religious or trade-union affiliation, are not collected in this way.
3.2 Personal data of minors
Our activities are generally not aimed at minors. Should it come to our attention that the personal data of minors have been processed without the consent of their parents or guardians, these data will be deleted immediately.
4. What do we use your personal Data for – and on what legal basis?
4.1 Calling up the website
When you call up our website, your browser transmits certain information to our web server for technical reasons in order to provide you with the information you have called up. To enable you to visit the website, the following information is collected, used and stored for a short time:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Operating system and its interface
- Access status / HTTP status code
- Amount of data transferred
- Website the request is coming from
- Browser, language and version of the browser software
- The processing of your data for this purpose is based on Article 6 paragraph 1 letter b of the General Data Protection Regulation (GDPR)
To protect our legitimate interests, we store the above information for a limited time in order to be able to arrange for a derivation of the personal data in the event of unauthorized access or attempted access to our servers (Art. 6(1)(f) GDPR).
4.2 To implement the application procedure
We process the data you send us in your application to check whether your professional qualifications are suitable for the advertised position. We use your information only for the application procedure and transfer it to your personnel file when a contract is concluded. Should no agreement be reached, your information will be deleted or destroyed. We will not use your application documents for any other purpose than for the application process.
You have the opportunity to register on our website for newsletters on various topics.
We only need your email address to send you our newsletters, all other information is voluntary.
Your data will be processed for this purpose on the basis of your consent given pursuant to Article 6 (1) letter a of the GDPR. Legislators set certain requirements for the validity of consent given electronically, as used for registration for the newsletter. This also includes logging your declaration of consent. We therefore record the date and time of your consent, the text of the declaration of consent, whether the check box was selected, your email address and all other voluntary information given. We also log the date and time of the click on the confirmation link and the link in the confirmation email. This means that you will receive our newsletter only after successful completion of a double-opt-in procedure! We collect this information with the sole purpose of complying with the legal obligations.
You have the right to revoke your consent at any time. However, withdrawal of consent shall not affect the lawfulness of the processing carried out up to the date of revocation.
Email newsletters can be revoked via the link printed in the newsletter and – where appropriate – in the administration settings of the respective online service. Alternatively, please contact us via:
To send our newsletters, we use the Inxmail Professional system from Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg. In some cases they are sent out by our service provider u+i interact GmbH & Co. KG, Karl-Eilers-Str. 13, 33602 Bielefeld. Order data-processing contracts have been concluded with both companies pursuant to Article 28 of the GDPR. Your data will not be used for any other purposes.
4.4 Based on legal requirements or in the public interest
As a company, we are subject to a wide variety of legal requirements (e.g. laid down by tax legislation). We process your personal data to the extent necessary to comply with our legal obligations.
5. Where we transfer data to and why
5.1 Use of data within Stiftung Mercator
Within Stiftung Mercator, access to your personal data is only granted to those units that need to have access in order to fulfil our contractual or legal obligations or to protect our legitimate interests.
5.2 Use of data outside Stiftung Mercator
Own service companies
In order be able to run our business efficiently, we use the services of external service providers that may receive personal data from you to fulfil the purposes described above, including IT service providers and providers of printing and telecommunications services. We select these service providers very carefully and monitor them regularly, particularly their careful handling and safeguarding of the data stored by them. We oblige all service providers to maintain confidentiality and to comply with the legal requirements.
In the case of service companies based outside the European Economic Area (EEA), we take specific security measures (e.g. by using special contractual clauses) to ensure that the data are treated with the same level of care as in the EEA. We regularly check all our service companies for compliance with our specifications.
Other data transfers
We respect the protection of your personal data and only pass on information about you if required by law, if you have given your consent, or to fulfil contractual obligations. For example, we may be subject to a legal obligation to pass on your personal data to the following recipients:
- public bodies or supervisory authorities, e.g. tax authorities, customs authorities,
- judicial and law enforcement authorities, e.g. police, courts, public prosecutors,
- lawyers or notaries, e.g. in legal disputes,
- chartered accountants.
To enable us to fulfil our contractual obligations, we cooperate with other companies. These include:
- banks and financial services companies for handling all financial matters.
6. Deletion deadlines
In accordance with the applicable data protection regulations, we do not store your personal data for longer than we need them for the respective processing purposes. If the data are no longer required to fulfil contractual or legal obligations, they are regularly deleted by us unless their temporary storage is still necessary. The following reasons can justify continued storage:
- Retention obligations under commercial or tax law must be observed: the time periods prescribed for retention, primarily according to the regulations of the German Commercial Code and the German Fiscal Code, are up to 10 years.
- To obtain evidence in the event of legal disputes within the framework of the legal statute of limitations: limitation periods can be up to 30 years in civil law, whereby the regular limitation period ends after three years.
7.1 What are cookies?
Cookies are small text files that are stored in your device’s hard drive through your browser. Cookies store certain information (e.g. your preferred language or page settings), which can be sent back to us by your browser when you visit the website again (depending on the lifetime of the cookie).
Your consent is assumed.
In addition to essential cookies, which enable basic functions and are necessary for the proper functioning of the website, we use optional cookies (for statistics and external media). These optional cookies are only used with your prior consent (Article 6 paragraph 1 letter a of the GDPR). Provided that you visit our website for the first time, a banner appears on our website on which we ask for your consent to use optional cookies. Your settings will be saved and the banner will not be displayed again the next time you visit our website.
Changing cookie settings
You can change your cookie settings here.
Our website uses a social plug-in of the social network ‘facebook.com’, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plug-in can be recognized by the Facebook logo (white ‘f’ next to the text ‘Like’).
On some pages of this website, Instagram content is embedded, which is operated by Meta Platforms Inc (formerly Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA (‚Instagram‘). This always requires Instagram to see the user’s IP address. Without the IP address, they could not send the content to the browser of the respective user. The IP address is thus necessary displaying this content. We try our best to only use content by providers that need and use the IP address for the delivery of the content only. However, we have no influence on third-party providers who store the IP address for statistical purposes for example. Insofar as this is known to us, we inform the users about it.
Some pages on our website include third-party content, such as videos from YouTube. This always presupposes that the providers of this content (hereinafter referred to as ‘third-party providers’) know the user’s IP address because, without the IP address, they could not send the content to the respective user’s browser. The IP address is therefore needed in order to display this content. We make every effort to use only content whose respective providers use the IP address only to deliver the content. However, we have no influence over whether the third-party providers store the IP address, e,g, for statistical purposes. Should we become aware of this, we will immediately inform the users.
Our website also uses plug-ins of the microblogging service ‘twitter.com’, which is operated by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (‘Twitter’). The plug-ins are marked with a Twitter logo.
8. Data privacy statement relating to our social media presence
You have certain rights relating to the processing of your personal data. More detailed information can be found in the corresponding provisions in the EU’s General Data Protection Regulation (Chapter III, Articles 15 to 21 of the GDPR).
9.1 Right of access and rectification
You have the right to receive information from us about which of your personal data we process. If this information is not (or no longer) correct, you can demand that we correct the data and, if the information is incomplete, you can demand that it be supplemented. If we have passed on your data to third parties, we will inform the respective third parties in the corresponding legal situation.
9.2 Right of deletion
Under the following circumstances, you can demand the immediate deletion of your personal data:
- if your personal data are no longer needed for the purposes for which they were collected;
- if you have revoked your consent and there is no other legal basis for data processing;
- if you object to processing and there are no overriding legitimate reasons for data processing;
- if your data are being processed unlawfully;
- if your personal data have to be deleted to comply with legal obligations.
Please note that before deleting your data, we must check to make sure that there is no legitimate reason to process your personal data.
9.3 Right to restrict processing (‘right to block’)
You can demand that we restrict the processing of your personal data for one of the following reasons:
- if you dispute the accuracy of the data, until we have had an opportunity to satisfy ourselves as to the accuracy of the data;
- if the data are being processed unlawfully, but instead of deletion of the data you only request that the use of the personal data be restricted;
- if, although we no longer need the personal data for processing purposes, you still need them to assert, exercise or defend legal claims;
- if you have lodged an objection to processing and it is not yet clear whether your legitimate interests outweigh ours.
9.4 Right of objection
If the processing is being carried out in the public interest or on the basis of a legitimate interest in data processing, you have the right to object to processing for reasons arising from your particular situation. If you lodge an objection, we will not continue processing your personal data unless we can prove compelling, legitimate reasons for processing your data which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection does not preclude the lawfulness of processing carried out prior to the objection.
The objection is not subject to any condition as to form and should be addressed to:
9.5 Right to data transferability
On request, you have the right to receive, in a transferable and machine-readable format, personal data that you have given us for processing.
9.6 Right of complaint to the supervisory authority (Article 77 of the GDPR)
We always try to process your inquiries and claims as quickly as possible to protect your rights accordingly. However, depending on the frequency of inquiries, it may take up to 30 days before we can give you any further information about your request. Should it take longer, we will inform you promptly of the reasons for the delay and discuss the further procedure with you.
In some cases we are either not allowed or not able to give you any information. Whenever legally permissible, we will inform you of the reason for refusing to provide information.
If you are nevertheless not satisfied with our answers and reactions, or if you believe that we are violating applicable data protection laws, you are free to lodge a complaint both with our data protection officer and with the relevant supervisory authority. The regulatory agency responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)
Postfach 20 04 44