Data protection

We would like to welcome you to the website of Stiftung Mercator (hereinafter referred to as 'we') and thank you for your interest. The protection of your personal data when you are using this website is very important to us. In our data privacy statement, we would like to inform you about when we collect which data and how we use it.

Data Privacy Statement of Stiftung Mercator (last updated on 1 May 2020)

1 Foreword

Regardless of whether you are a project partner, a partner company, an applicant or a visitor to our website, we take the protection of your personal data very seriously. But what does this mean in concrete terms?

In the following, we give you an insight into the personal data we collect from you and the ways in which we process it. You will furthermore gain an overview of your rights according to the applicable data protection laws. We will also tell you who you can contact if you have any further questions.

Who are we?

As the responsible organization pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR), we,

Stiftung Mercator

Huyssenallee 40

45128 Essen

address for correspondence:

Postfach 10 33 26

45014 Essen

Tel. +49 201 245 22-0

Fax +49 201 245 22-44

info@remove-this.stiftung-mercator.de

take all measures required under applicable data protection law to ensure the protection of your personal data.

If you have any questions on data processing in our company or how to exercise your rights, you can also contact our data protection officer free of charge:

Data Protection Officer

2B Advice GmbH

Didem Onur

Joseph Schumpeter Allee 25

53227 Bonn

Tel: +49 228 926 165 120

mercator@remove-this.2b-advice.com

2 Scope of application of the data privacy statement

Legislators define the processing of personal data as activities such as the collection, recording, organization, filing, storage, adaptation or alteration, readout, retrieval, use, disclosure (by transmission, dissemination or some other form of provision), collation or linking, restriction, deletion or destruction of personal data.

3 What personal data do we process?

Personal data are only collected on this website to the extent that is technically necessary. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. We have taken extensive technical and operational precautions to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

Under no circumstances will we sell your personal data to third parties!

3.1 Sensitive data

Sensitive data, i.e. special categories of personal data such as information on health, political opinions, religious or trade-union affiliation, are not collected in this way.

3.2 Personal data of minors

Our activities are generally not aimed at minors. Should it come to our attention that the personal data of minors have been processed without the consent of their parents or guardians, these data will be deleted immediately.

3.3 Use of cookies and plug-ins

Facebook

Our website uses a social plug-in of the social network 'facebook.com', which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ('Facebook'). The plug-in can be recognized by the Facebook logo (white 'f' next to the text 'Like').

By clicking on a button next to the Facebook logo, you can connect to the Facebook servers to view pictures and videos from Stiftung Mercator's Facebook stream. After activation by you, the content of the plug-in is transmitted directly by Facebook to your browser, which integrates it into the website. We have no influence over the amount of data that Facebook collects with the help of this plug-in and are therefore informing you according to the knowledge available to us: when you activate the plug-in, Facebook is informed that you have accessed the corresponding page of our website. Once you are logged in to Facebook, Facebook can assign the visit to your Facebook account. When you interact with the plug-in, i.e. by pressing the Like button, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, it is still possible that Facebook will find out and store your IP address. For information on the purpose and scope of Facebook's collection of data, on how Facebook further processes and uses data, and on your rights and setting options for protecting your privacy, please refer to the Facebook privacy policy. If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your membership data stored on Facebook, you must log out of Facebook before activating the plug-in on our site. It is also possible to block Facebook social plug-ins with add-ons for your browser, for example using the 'Facebook Blocker'.

YouTube

Some pages on our website include third-party content, such as videos from YouTube. This always presupposes that the providers of this content (hereinafter referred to as 'third-party providers') know the user's IP address because, without the IP address, they could not send the content to the respective user's browser. The IP address is therefore needed in order to display this content. We make every effort to use only content whose respective providers use the IP address only to deliver the content. However, we have no influence over whether the third-party providers store the IP address, e,g, for statistical purposes. Should we become aware of this, we will immediately inform the users.

If you are logged into the respective third-party providers with your own account, it is possible that the providers will assign information on your user behaviour to your personal account on these platforms. You can prevent this by logging out of your account before using the plug-ins. For information on the purpose and scope of data collection and the further processing and use of data by YouTube, as well as on your rights and setting options for protecting your privacy, please refer to the YouTube privacy policy. Stiftung Mercator operates its own channel on YouTube. We have developed a separate Netiquette for this purpose.

Twitter

Our website also uses plug-ins of the microblogging service 'twitter.com', which is operated by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ('Twitter'). The plug-ins are marked with a Twitter logo.

If you call up internet pages on our website that show such a plug-in, a connection is set up to the Twitter servers and the plug-in is displayed on the website by sending a message to your browser. This will tell the Twitter server which of our internet pages you have visited. If you are logged in to Twitter as a member, Twitter assigns this information to your personal Twitter user account. When the plug-in functions are used (e.g. by posting a comment), this information is also assigned to your Twitter account, which you can only prevent by logging out before using the plug-in. For more information on the collection and use of data by Twitter, on your rights in this context, and on ways to protect your privacy, please refer to Twitter's privacy policy.

Matomo (formerly Piwik)

Our website also uses Matomo. This is what is known as a web-analysis service. Matomo uses so-called 'cookies', text files that are stored on your computer and enable us to analyse the use of the website. For this purpose, the user information generated by the cookie (including your shortened IP address) is transferred to our server and stored for user analysis. This enables us to further optimize our website. Your IP address is immediately anonymized during this process, so that you as a user remain anonymous to us. The information generated by the cookie about your use of this website will not be disclosed to third parties. You can prevent the use of cookies by adjusting your browser software settings accordingly. However, this might mean that you will not be able to use all functions of this website to their full extent.

By using this website, you agree to Matomo processing the data collected about you in the manner and for the purpose described above.

 

4. Why do we process your personal data – and on what legal basis?

4.1 To implement the application procedure

We process the data you send us in your application to check whether your professional qualifications are suitable for the advertised position. We use your information only for the application procedure and transfer it to your personnel file when a contract is concluded. Should no agreement be reached, your information will be deleted or destroyed. We will not use your application documents for any other purpose than for the application process.

4.2 Legitimate interest in data processing

We have a legitimate interest in detecting and preventing abuses of our service; similarly, we have a legitimate interest in improving our service and adapting it to your requirements.

We also use your personal data in the following cases, among others:

  • We analyse your data to protect you from fraudulent activities. This can happen, for example, if you have been the victim of identity theft, or if unauthorized persons have gained access to your user account in some other way;
  • To be able to guarantee IT security;
  • To be able to record and prove facts in the event of any legal disputes.

4.3 Newsletters

You have the opportunity to register on our website for newsletters on various topics.

We only need your email address to send you our newsletters, all other information is voluntary.

Your data will be processed for this purpose on the basis of your consent given pursuant to Article 6 (1) letter a of the GDPR. Legislators set certain requirements for the validity of consent given electronically, as used for registration for the newsletter. This also includes logging your declaration of consent. We therefore record the date and time of your consent, the text of the declaration of consent, whether the check box was selected, your email address and all other voluntary information given. We also log the date and time of the click on the confirmation link and the link in the confirmation email. This means that you will receive our newsletter only after successful completion of a double-opt-in procedure! We collect this information with the sole purpose of complying with the legal obligations.

You have the right to revoke your consent at any time. However, withdrawal of consent shall not affect the lawfulness of the processing carried out up to the date of revocation.

Email newsletters can be revoked via the link printed in the newsletter and – where appropriate – in the administration settings of the respective online service. Alternatively, please contact us via:

info@remove-this.stiftung-mercator.de

To send our newsletters, we use the Inxmail Professional system from Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg. In some cases they are sent out by our service provider u+i interact GmbH & Co. KG, Karl-Eilers-Str. 13, 33602 Bielefeld. Order data-processing contracts have been concluded with both companies pursuant to Article 28 of the GDPR. Your data will not be used for any other purposes.

4.4 Based on your consent

If you have consented to your personal data being processed for one or more specific purpose, we are permitted to process your data. With regard to the future, you can revoke this consent at any time without incurring any costs other than the transmission costs according to the basic rates (costs of your internet connection). However, withdrawal of consent shall not affect the lawfulness of the processing carried out up to the date of revocation.

4.5 Based on legal requirements or in the public interest

As a company, we are subject to a wide variety of legal requirements (e.g. laid down by tax legislation). We process your personal data to the extent necessary to comply with our legal obligations.

5 Where we transfer data to and why

5.1 Use of data within Stiftung Mercator

Within Stiftung Mercator, access to your personal data is only granted to those units that need to have access in order to fulfil our contractual or legal obligations or to protect our legitimate interests.

5.2 Use of data outside Stiftung Mercator

We respect the protection of your personal data and only pass on information about you if required by law, if you have given your consent, or to fulfil contractual obligations. For example, we may be subject to a legal obligation to pass on your personal data to the following recipients:

  • public bodies or supervisory authorities, e.g. tax authorities, customs authorities,
  • judicial and law enforcement authorities, e.g. police, courts, public prosecutors,
  • lawyers or notaries, e.g. in legal disputes,
  • chartered accountants.

To enable us to fulfil our contractual obligations, we cooperate with other companies. These include:

  • banks and financial services companies for handling all financial matters.

Own service companies

In order be able to run our business efficiently, we use the services of external service providers that may receive personal data from you to fulfil the purposes described above, including IT service providers and providers of printing and telecommunications services. We select these service providers very carefully and monitor them regularly, particularly their careful handling and safeguarding of the data stored by them. We oblige all service providers to maintain confidentiality and to comply with the legal requirements.

In the case of service companies based outside the European Economic Area (EEA), we take specific security measures (e.g. by using special contractual clauses) to ensure that the data are treated with the same level of care as in the EEA. We regularly check all our service companies for compliance with our specifications.

6 Deletion deadlines

In accordance with the applicable data protection regulations, we do not store your personal data for longer than we need them for the respective processing purposes. If the data are no longer required to fulfil contractual or legal obligations, they are regularly deleted by us unless their temporary storage is still necessary. The following reasons can justify continued storage:

  • Retention obligations under commercial or tax law must be observed: the time periods prescribed for retention, primarily according to the regulations of the German Commercial Code and the German Fiscal Code, are up to 10 years.
  • To obtain evidence in the event of legal disputes within the framework of the legal statute of limitations: limitation periods can be up to 30 years in civil law, whereby the regular limitation period ends after three years.

7 Your rights

You have certain rights relating to the processing of your personal data. More detailed information can be found in the corresponding provisions in the EU's General Data Protection Regulation (Chapter III, Articles 15 to 21 of the GDPR).

7.1 Right of access and rectification

You have the right to receive information from us about which of your personal data we process. If this information is not (or no longer) correct, you can demand that we correct the data and, if the information is incomplete, you can demand that it be supplemented. If we have passed on your data to third parties, we will inform the respective third parties in the corresponding legal situation.

7.2 Right of deletion

Under the following circumstances, you can demand the immediate deletion of your personal data:

  • if your personal data are no longer needed for the purposes for which they were collected;
  • if you have revoked your consent and there is no other legal basis for data processing;
  • if you object to processing and there are no overriding legitimate reasons for data processing;
  • if your data are being processed unlawfully;
  • if your personal data have to be deleted to comply with legal obligations.

Please note that before deleting your data, we must check to make sure that there is no legitimate reason to process your personal data.

7.3 Right to restrict processing ('right to block')

You can demand that we restrict the processing of your personal data for one of the following reasons:

  • if you dispute the accuracy of the data, until we have had an opportunity to satisfy ourselves as to the accuracy of the data;
  • if the data are being processed unlawfully, but instead of deletion of the data you only request that the use of the personal data be restricted;
  • if, although we no longer need the personal data for processing purposes, you still need them to assert, exercise or defend legal claims;
  • if you have lodged an objection to processing and it is not yet clear whether your legitimate interests outweigh ours.

7.4 Right of objection

7.4.1 Right of objection in individual cases

If the processing is being carried out in the public interest or on the basis of a legitimate interest in data processing, you have the right to object to processing for reasons arising from your particular situation. If you lodge an objection, we will not continue processing your personal data unless we can prove compelling, legitimate reasons for processing your data which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection does not preclude the lawfulness of processing carried out prior to the objection.

The objection is not subject to any condition as to form and should be addressed to info@remove-this.stiftung-mercator.de

7.5 Right to data transferability

On request, you have the right to receive, in a transferable and machine-readable format, personal data that you have given us for processing.

7.6 Right of complaint to the supervisory authority (Article 77 of the GDPR)

We always try to process your inquiries and claims as quickly as possible to protect your rights accordingly. However, depending on the frequency of inquiries, it may take up to 30 days before we can give you any further information about your request. Should it take longer, we will inform you promptly of the reasons for the delay and discuss the further procedure with you.

In some cases we are either not allowed or not able to give you any information. Whenever legally permissible, we will inform you of the reason for refusing to provide information.

If you are nevertheless not satisfied with our answers and reactions, or if you believe that we are violating applicable data protection laws, you are free to lodge a complaint both with our data protection officer and with the relevant supervisory authority. The regulatory agency responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)

Helga Block

Postfach 20 04 44
40102 Düsseldorf

or: 

Kavalleriestrasse 2-4
40213 Düsseldorf

Phone: +49 211/384 24-0
Fax: +49 211/384 24-10
Email: poststelle{at}ldi.nrw{dot}de
Web: https://www.ldi.nrw.de

8 Version

This privacy policy statement is dated 1 May 2020. We reserve the right to change our security and data protection measures if this is made necessary by technical developments. In these cases we will also adapt our data protection information accordingly. Therefore, please note the latest version of our privacy policy notice. Should individual provisions of this privacy policy statement be or become invalid, the validity of the remaining conditions shall remain unaffected. This and the entire legal relationship between the users of this website and Stiftung Mercator shall be governed exclusively by German law to the exclusion of international conflict-of-laws regulations. The place of jurisdiction is Essen.