Data protection

We are happy that you are visiting the website of Stiftung Mercator GmbH and thank you for your interest. We take the protection of your personal data while you use our website very seriously. Your personal data are stored and processed in accordance with the German data-protection regulations. To the extent that you use our website to send us an enquiry, request, application or order, the disclosure of your data takes place on an explicitly voluntary basis. Your personal data will be used for further processing and electronically saved and processed until this consent is withdrawn, which can be done by emailing

1.1 Stiftung Mercator Privacy Policy

Privacy Policy (as of: 15/05/2018)

1.1.1 Introductory remarks

Regardless of whether you are a customer, partner company, funding partner, interested person, applicant or visitor to our website: We (hereinafter: Stiftung Mercator, “we”) take the protection of your personal data very seriously. But what does that mean in concrete terms?

Below, we provide you with an insight into what personal information we collect from you and how we process it. Furthermore, you will receive an overview of your rights under applicable data-protection law. In addition, we will provide a contact person if you have any further questions. Who are we?

As the party responsible under German press law for data-protection laws, we

Stiftung Mercator

Huyssenallee 40

45128 Essen


Address for correspondence:

Postfach 10 33 26

45014 Essen


Tel. +49 201 24522-0

Fax +49 201 24522-44


take all measures required under applicable data-protection law to ensure the protection of your personal data.

If you have any questions about data processing in our company and exercising your rights, you can also contact our Data Protection Officer free of charge.

Data Protection Officer

2B Advice GmbH, Didem Onur

Joseph-Schumpeter-Allee 25

53227 Bonn

Tel: +49 (228) 926165 120

1.1.2 Scope of the Privacy Policy

The law defines the processing of personal data as activities such as gathering; recording; organising; storing; adapting or changing; reading; querying; using; disclosing through transmission, dissemination or any other form; matching or linking; restriction, deletion, or destruction of personal information.

Personal data are any information that relate to an identified or identifiable natural person.

This privacy policy is about the personal data of customers, prospects, applicants or visitors.

This Privacy Policy applies both to our website and to the website

1.1.3 What personal data do we process?

Your personal data will be collected by us, if you contact us, for example as an interested party or customer. This may, for example, occur if you are interested in our products and register for our online services, if you contact us through our communication channels, or if you use our products or services as part of existing business relationships.

The following types of personal data are processed by us:

·         Information for personal identification

  • e.g. first and last name, address, email address, telephone number, fax number

·         Order data

  • e.g. customer number, order number, billing data

·         Company-related data

  • e.g. company name, department, job title

·         Data about your online activity

  • e.g. IP addresses, usernames, data on your visits to our website customer portals or in the app, actions performed on our websites and customer portals, location of access

·         Information about your interests and wishes of which you inform us

  • e.g. via our contact form or via other communication channels

·         Information about your professional career

  • e.g. vocational training, previous employers, other qualifications

and other information comparable to these data categories. Sensitive data

Sensitive data, i.e. special categories of personal data such as information on health, political opinions, religion or trade-union affiliation, are not collected in this manner. Personal data of minors

Our range of products and services is generally not aimed at minors. To the extent that we can detect it, personal data of minors that were processed without the consent of the parent or guardian will be deleted immediately. Usage of cookies and plugins What do we mean by this?

Our website uses a social plugin of the social network which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugin can be recognized by its Facebook logo (white “f” next to the text “Like”).

When you visit our Newsroom, you can establish a connection with the Facebook servers by clicking on a button next to the logo; this allows you to view images and videos from Stiftung Mercator GmbH's Facebook stream. Once you have activated the plugin, Facebook sends the plugin's content directly to your browser, which in turn incorporates it into the website. We have no influence over the extent of the data which Facebook collects with the aid of this plugin and can thus inform you only that, as far as we are aware, activating the plugin gives Facebook the information that you have accessed the corresponding page of our website. If you are signed in to Facebook, Facebook can assign your visit to your Facebook account. If you interact with the plugin, i.e. if you click the Like-button, the corresponding information will be sent by your browser directly to Facebook where it is stored. Even if you are not a member of Facebook, there is still the possibility that Facebook will ascertain and store your IP address. For details of the purpose and scope of the data acquisition and the further processing and use of data by Facebook, and for your rights in this regard and the settings you can make to protect your privacy, please refer to Facebook's Data Use Policy. If you are a member of Facebook and do not wish Facebook to collect data about you via our website or to link this data with your member data stored on Facebook, you will need to sign out of Facebook before activating the plugin on our website. It is also possible to block Facebook social plugins with add-ons for your browser, using for example the “Facebook Blocker”.

Content from third parties is incorporated into some pages of this website, such as videos from YouTube or photographs from Flickr. This always requires the providers of such content (herein after referred to as “third-party providers”) to register the IP address of the user, as without the IP address they cannot send the content to the browser of the user in question. Thus, the IP address is required for this content to be displayed. We make every effort to use only content from suppliers who use the IP address solely for the purposes of delivering the content. Nonetheless, we have no means of preventing third party suppliers from storing the IP address, for example for statistical purposes. Where we are aware of this happening, we inform users accordingly.

If you are signed in to your own account with one of these third-party suppliers, it is possible that the supplier will assign information about your usage to your respective personal user accounts of these platforms. You can prevent this from happening by signing out of your user account before using the plugins. For details of the purpose and scope of the data acquisition and the further processing and use of data by Flickr and YouTube, and for your rights in this regard and the settings you can make to protect your privacy, please refer to the data use policies of Flickr and YouTube.

Our Internet presence also uses plug-ins from the micro-blogging service, operated by Twitter, Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The plug-in is indicated by the Twitter logo.

When you visit a webpage on our website containing this plugin, a connection is made to the Twitter server and the plug-in is displayed through the website on your browser. The Twitter server then receives information about the webpages you have visited on our site. If you are logged in as a member of Twitter, Twitter will allocate this information to your personal twitter user account. This information will also be allocated to your Twitter account when you use the plug-in functions (for example leaving a comment). This can only be prevented by logging out of the plug-in beforehand. More information on Twitter's use and storage of data, the user's associated rights and privacy protection can be found in Twitter's privacy policy.

In addition, our website uses the web-analysis service Piwik. Piwik uses so-called “cookies”, which are stored on your computer and enable us to analyse user traffic on the website. The user information produced by the cookie (including your abbreviated IP address) is transmitted to our server and stored for user-analysis purposes. This helps us to optimize our web site. Your IP address is automatically anonymised in this process, so that you remain anonymous to us as a user. The information produced by the cookie about your use of this website will not be shared with any third parties. You are able to prevent the use of cookies by selecting the appropriate settings on your browser. However, please note, that if you do this, you may not be able to use the full functionality of this website.

If you do not agree with the storage and analysis of the data from your visit to our website, you may decline with a mouse click at any time. In this case, a so-called opt-out cookie is stored in your browser that prevents Piwik from collecting any data during your session. Please note: By deleting your cookies, you also delete the opt-out cookie, which will then have to be reactivated.

By using this website, you agree to have the data that has been collected about you to be processed by Piwik in the manner and for the purposes described above.

Netiquette for Stiftung Mercator's YouTube-Channel

Stiftung Mercator operates its own channel on YouTube. We developed custom netiquette for it.

1.1.4 Why do we process your personal data—and on what legal basis? Fulfilment of contract

We process your data in order to be able to fulfil our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purposes of the data processing depend on the particular product and the application submitted, and can also be used to analyse your needs and to check which products and services (e.g. event documentation, newsletters, further information from Stiftung Mercator) are suitable for you. Execution of the contractual relationship

For the execution of the contractual relationship we need your name, your address, your telephone number or your email address, so that we can contact you. Offering goods and services

We also need your personal information in order to check whether we can offer you products and services and which ones.

Details of the respective purposes of data processing can be found in the contract documents and our General Terms and Conditions. Execution of the application process

We process your data that you have sent to us as part of your application to check whether your professional qualifications are suitable for the advertised position. We only use your information for the application process and transfer it to your personnel file if the contract is concluded. If no agreement is made, your information will be deleted or destroyed. We will not use your application information for any other purpose than to conduct the application process. After balancing interests: We improve our services and offer you suitable products To strengthen and optimise the customer relationship

As part of our efforts to continuously improve our relationship with you, we may occasionally ask you to participate in our feedback surveys. Survey results serve to better tailor our products and services (including events) to your needs. Data processing and analysis for marketing purposes

Your needs are important to us, and we try to give you information on products and services that suit you. To do this, we use insights from our business relationship as well as from market research. The main goal is to adapt our product suggestions to your needs. In this context, we guarantee that we will always process the data in accordance with applicable data-protection laws. Important: You can veto the use of your personal data for this purpose at any time.

What do we analyse and process in concrete terms?

  • Results of our marketing campaigns to measure the efficiency and relevance of our projects and events;
  • Information from your visits to our website;
  • We analyse the possible demand for our products and services. Newsletter

On our website, you have the option of subscribing to newsletters relating to different themes. We need your e-mail address to be able to send you the desired newsletter, and if you wish you can also provide us with your title, first name and surname. You will only receive our newsletter once you have successfully completed a double opt-in process. You can view your declaration of consent or unsubscribe from the newsletter at any time. The links needed to do so can be found in every e-mail that accompanies our newsletter. If you unsubscribe, we will immediately delete your contact details from our newsletter distribution list. There are certain legal requirements regarding the effectiveness of the kind of electronic consent that is used when subscribing to our newsletter. These also include logging your declaration of consent. We therefore log the date and time that consent was given, the text contained in the declaration of consent, your e-mail address, and if applicable your title, first name and surname. We likewise log the date and time that the Send button and the link in the confirmation e-mail were clicked. We record and save these details solely in order to comply with the legal requirements for electronic consent (Section 28 (3a) of Germany's Federal Data Protection Act). We send our newsletters using the Inxmail Professional system of Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg. In certain cases, the newsletters are sent by our service provider u+i interact GmbH & Co. KG, Karl-Eilers-Str. 13, 33602 Bielefeld. Commissioned data processing agreements in accordance with Section 11 of Germany's Federal Data Protection Act have been concluded with both companies. Your data will not be used for any other purposes.

We use your personal information in the following cases (amongst others):

  • We analyse your data to protect you or your company from fraudulent activity. This may happen, for example, if you have been the victim of identity theft or if unauthorised persons have gained access to your user account in some other way;
  • To improve the reliability of our web applications, our IT support will work closely with you in case of any technical problems. In this context, we also evaluate logging of page views, actions performed, etc.;
  • To ensure IT security;
  • To record and prove facts in case of possible litigation. With your consent

If you have consented to the processing of your personal data for one or more specific purposes, we may process your data. You may revoke this consent for the future at any time without incurring any costs other than the base-rate transmission costs (the cost of your Internet connection). However, the revocation of consent does not affect the legality of the processing carried out until the revocation. Due to legal requirements or in the public interest

As a company, we are subject to a wide variety of legal requirements (for example, under tax legislation). We process your personal data to the extent necessary to comply with our legal obligations.

1.1.5 Where we transfer data to and why Data usage within Stiftung Mercator

Within Stiftung Mercator, your personal information is only shared with those offices that require it to fulfil our contractual or legal obligations, or to protect our legitimate interests. Data usage outside Stiftung Mercator

We respect the privacy of your personal information and will only share information about you if required by law, if you have consented, or to fulfil contractual obligations.

A legal obligation to disclose your personal information may arise with the following recipients:

  • Public authorities or supervisory authorities, e.g. tax authorities, customs authorities;
  • Judicial and law enforcement agencies, e.g. police, courts, prosecution;
  • Lawyers or notaries, e.g. in litigation;
  • Auditors.

In order to be able to fulfil our contractual obligations we cooperate with other companies. These include:

  • Transport service providers and forwarding agencies;
  • Event organisers and training service providers if you have registered for certain trade fairs or events through us;
  • Banks and financial service providers to handle all financial matters.
  • Partner companies/funding partners
  • Strategic partners

Our own service providers

To make our operations efficient, we rely on services from external service providers who may receive your personal information for the described purposes, including IT service providers, printing and telecommunications service providers, collections, consulting or distribution companies.

Important: We take great care with your personal data!

In order to ensure that our service providers adhere to the same data-protection standards as in our company, we have concluded corresponding order-processing contracts. These contracts stipulate, amongst other things:

  • that third parties only receive access to the data they need to perform the tasks assigned to them;
  • that only service-provider employees who have explicitly committed to complying with the data-protection regulations may access your data;
  • that the service providers implement technical and organisational measures that ensure data security and protection;
  • what happens to the data when the business relationship between the service provider and us is terminated.

For service providers located outside the European Economic Area (EEA), we take special security measures (e.g. through the use of special contract clauses) to ensure that the data are treated with the same degree of care as in the EEA. We regularly review all our service providers for compliance with our requirements.

Very important: Under no circumstances will we sell your personal data to third parties! Data usage within the Stiftung Mercator

In order to offer you the best possible service, we occasionally exchange data within the Foundation. In doing so, we ensure that the applicable data-protection regulations are adhered to and your personal data are adequately protected at all times.

1.1.6 Are you required to provide us with personal information?

In the context of the business relationship between you and Stiftung Mercator, we require the following categories of personal data:

  • all data necessary for the establishment and conduct of a business relationship;
  • data required to fulfil contractual obligations;
  • data that we are legally required to collect.

Without this data, we are unable to enter into or execute contracts with you.

1.1.7 Deletion periods

In accordance with applicable data-protection regulations, we do not store your personal data longer than we need for the purposes of the corresponding processing. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted by us, unless their temporary retention is still necessary. The following reasons may exist for further retention:

  • To comply with commercial or fiscal retention requirements: The retention periods in accordance with the provisions of the Commercial Code and the Tax Code are up to 10 years.
  • To preserve evidence in case of legal disputes within the framework of the statutory limitation provisions: limitation periods can be up to 30 years in civil law, with the regular statute of limitation expiring after three years.

1.1.8 Your rights

Within the scope of the processing of your personal data, you also have certain rights. More details can be found in the corresponding provisions of the General Data Protection Regulation (Articles 15 to 21). Right of access and rectification

You have the right to obtain information from us as to which of your personal data we process. If this information is no longer correct, you may request the correction of the data from us, or in the case of incomplete information its extension. Insofar as we have passed on your data to third parties, we will inform the corresponding third parties in the appropriate legal situation. Right to deletion

In the following circumstances, you may request the immediate deletion of your personal data:

  • If your personal information is no longer needed for the purposes for which it was collected;
  • If you have revoked your consent and there is no other legal basis for data processing;
  • If you object to the processing and there are no overriding legitimate reasons for data processing;
  • If your data are processed unlawfully;
  • If your personal data need to be deleted to fulfil legal obligations.

Please note that before deleting your data, we must verify that there is no legitimate reason to process your personal information. Right to restriction of processing (“right to block”)

You may require us to restrict the processing of your personal data for one of the following reasons:

  • If you deny the correctness of the data until we have had the opportunity to verify the correctness of the data;
  • If the data are processed unlawfully, but instead of deletion, you require only the restriction of the use of personal data;
  • If we no longer need your personal information for the purposes of processing, but you still need them to assert, exercise or defend your legal rights;
  • If you have objected to the processing and it is not yet clear whether your legitimate interests outweigh ours. Right to objection Case-specific right of objection

If the processing is in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons that arise from your particular situation. Upon objection, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing your data that outweighs your interests, rights and freedoms, or because your personal information serves the assertion or exercise of or defence against legal claims. The objection does not preclude the lawfulness of the processing up to the time of the objection. Advertising objection

In cases where your personal information is used for advertising purposes, you may object to this form of processing at any time. We will then no longer process your personal information for these purposes.

There are no form requirements and the objection should be addressed to: Right to data portability

You have the right to receive personal information you have given us for processing on request in a portable and machine-readable format. Right to complain to the regulatory authority (Art. 77 GDPR)

We try to process your requests and claims as quickly as possible in order to accordingly protect your rights. However, depending on the frequency of inquiries, it may take up to 30 days before we can provide information regarding your concern. If it takes longer, we will promptly notify you of the reasons for the delay and discuss the further procedure with you.

In some cases, we cannot or may not be able to give you any information. If legally permissible, we will inform you of the reason for the refusal to provide you with information.

However, if you are not satisfied with our responses and reactions or believe that we are violating applicable data-protection laws, you are free to file a complaint with both our Data Protection Officer and the appropriate regulatory body. The regulatory authority responsible for us is:


The State Data Protection and Freedom of Information Officer for North Rhine-Westphalia

Helga Block

Postfach 20 04 44
40102 Düsseldorf


Kavalleriestrasse 2-4
40213 Düsseldorf

Phone: +49 211/384 24-0
Fax: +49 211/384 24-10
Email: poststelle{at}{dot}de

1.2 Version

This Privacy Policy is as of 15/05/2018 Registered customers will be informed about changes in the Privacy Policy. Earlier versions of the Privacy Policy are available through the website or from our Data Protection Officer. 

Should individual provisions of this Privacy Policy be or become invalid, the validity of the remaining conditions shall remain unaffected. This and the entire legal relationship between the users of this website and Stiftung Mercator GmbH are subject solely to German law, excluding international rules on conflict-of-law. The court venue shall be Essen.