Privacy policy

Privacy policy

Effective: 24 May 2018

  1. General information
  2. Websites
  3. Newsletter, Mailing Lists, Subscriptions, GreenCampus Coaches
  4. Registering for Events
  5. Ordering Publications

1. General Information

1.1 Maintainer and purview

The Heinrich-Böll-Stiftung e.V. maintains these online services in accordance with European and German information privacy laws.

1.2 Right to information

You have the right to request information on personal data, that is, data about you that has been processed and stored, and you are entitled to have such data corrected, deleted, or to demand that it is only used in a limited fashion. To do this, you may contact us here or send an e-mail to datenauskunft@boell.de

1.3 Data security officer

If you have questions regarding data privacy, please contact us by letter or via e-mail datenschutz@boell.de

1.4 Regulatory authority

You have the right to lodge complaints with the relevant regulatory authority the “Berliner Beauftragte für Datenschutz und Informationsfreiheit”. 

 

2. Websites

When using our websites, personal information is collected for the following purposes:

2.1 The transmission of online contents
2.2 The transmission of contents provided by third parties
2.3 The improvement of our web services
2.4 The security of our technical infrastructure
2.5 The transmission of postings (comments)

2.1 The transmission of online contents

2.1.1 Purpose and type of data involved

In order for you to view contents from our websites, your browser will transmit the following information (as part of an HTTP request):

  • Your IP address (a numerical label that identifies your internet access),
  • the web contents you have requested,
  • information about the type of internet browser and operating system used.

2.1.2 Legal basis

The above-mentioned types of data are required in order to transmit contents as requested and to optimise the way in which it is being displayed. The data in question is being processed on the basis that we have a legitimate interest to transmit contents as requested by users.

2.1.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

2.1.4 Retention of data

We retain the data in question only until the requested content has been transferred to the user.

2.1.5 Your rights

Generally, there is no legal right that data transmitted in the process of accessing online contents is being rectified, deleted, or shared with the user, as data is only retained temporarily in order to transmit requested contents and will be deleted immediately after the end of the transaction. Consequently, the data in question will no longer be available for privacy-related requests.

However, you are at liberty to file a request regarding such information, and we will try to consider and honour such requests wherever possible and independently of whether there is any legal requirement to do so. Should be we unable or unwilling to do so, we will give you our reasons in writing.

2.2 The transmission of contents provided by third parties

Our websites are using third-party services in order to embed third-party content. Users are redirected as we have a legitimate interest to enrich contents we provide with that provided by others and thus to correlate contents. In order to achieve this, you will be redirected to the respective services, and, by way of HTTP requests, the services in question will be able to glean that you have been visiting our website. In order to protect your legitimate interests, that is, in order for you to be able to control what provider has access to such information, you will usually only be redirected to third-party sites once you have given your consent.

Once you start using third-party services, their respective privacy policies apply.

2.3. The improvement of our web services

2.3.1 Objectives and types of data

In order to optimise our online contents, we evaluate how users navigate our websites. For this we analyse the following data derived from HTTP requests:

  • Part of your IP address (that is, the numerical label identifying your computer access point). However, your IP address is being anonymised by deleting the final two parts (blocks of numbers) of the address,
  • the web page you have requested,
  • information regarding the type of internet browser and operating system used, and
  • possibly the page visited before accessing our website (referrer information).

In addition, we use cookies to identify returning users. We also collect web data about user behaviour on our websites. For such web analytics we employ the software Matomo (former known as Piwik), which is installed on our servers and certified according to German privacy law. You have the right, at any time, to opt out of this gathering of anonymous, non-personalised data. In order for this opting out to be effective, a cookie will be stored in your internet browser.

Here you may opt out of the non-personalised web analytics (Matomo/Piwik) directly:
 


In addition, we employ the software Heatmap, a tool for charting anonymised heatmaps of user behaviour on our websites. If you would like to opt out of this, please click hereand follow the instructions provided by Heatmap.

Both Piwik and Heatmap honour the "do not track" settings of your internet browser. If you would like to activate these setting, please read the instructions provided here.

2.3.2 Legal basis

The types of data referred to above are being collected and processed because we have a legitimate interest to improve the usability of our websites.

2.3.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

2.3.4 Retention of data

All personalised data is being anonymised right after it has been collected.

2.3.5 Your rights

Generally, there is no legal right for the data in question to be rectified, deleted, or shared with the user, as the data retained is anonymised, thus, as a rule, making it impossible to connect specific data to individual users requesting information.

2.4 The security of our technical infrastructure

2.4.1 Objectives and types of data

To secure our technical infrastructure, we draw on the following information contained in the HTTP request:

  • Your IP address (a sequence of numbers identifying your current computer access point to the web)
  • the website you requested,
  • information about the type of internet browser and operating system used,
  • and, possibly, the web page viewed before visiting our website (referrer information).

2.4.2 Legal basis

The information in question is being retained, as we have a legitimate interest to analyse malfunctions and attacks targeting our technical systems.

2.4.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

2.4.4 Retention of data

Unless breaches of security have been identified, the data in question will be deleted within seven days. In case of breaches of security, the data will be deleted as soon as there is no further legitimate interest to retain them.

2.4.5 Your rights

Generally, there is a legal right to request information about the above-mentioned types of data, as well as a right to having them rectified. However, as a rule, the data in question can only be personalised via the IP address, and, at the same time, we are obliged to disclose information only to eligible persons. This means, in order to get access to the data in question, you will have to prove that this data actually pertains to you.

2.5 The transmission of postings (comments)

2.5.1 Objectives and types of data

Users of our websites may post comments. Whenever this happens, we will save the mandatory data, that is, the information you need to provide in order to be able to post a comment, namely

  • Your name (displayed on web),
  • your e-mail address (not displayed on web),
  • your posting (displayed on web).

In addition, the user agent string that identifies your internet browser will be retained, in order to facilitate the filtering of spam. 

2.5.2 Legal basis

Data is being retained and published with your consent.

2.5.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers. The above-mentioned “user agent string” is being processed, as we have a legitimate interest to identify and filter spam.

2.5.4 Retention of data

The personal data in question will be retained, unless the person in question withdraws permission to use the data and requests deletion.

2.5.5 Your rights

Regarding this type of data, there is a general right to request information and rectification.

 

3. Newsletter, Mailing Lists, Subscriptions, GreenCampus Coaches

3.1 Objectives and types of data

Here, personal data will be gathered and retained in order to fulfil one of the main missions of the Heinrich Böll Foundation (see § 2 of our bylaws. At most, the data in question comprises:

  • name
  • title
  • gender / form of address
  • date of birth
  • contact information (postal address, e-mail, phone no., fax no., instant messager, website)
  • areas of interest
  • relationship with Foundation
  • when/how contacted by Foundation
  • specifics
  • privacy information

3.2 Legal basis

The data in question is being retained as the Foundation has a legitimate interest to fulfil its mission as defined in its bylaws.

3.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

3.4 Retention of data

The personal data in question will be retained, unless the person in question opts out, asking us to delete the data. Additionally, we regularly review all cases where, over the course of the last 18 months, information could not be delivered. In such cases, all personal data will be deleted after review within a reasonable processing period of up to three months.

3.5 Your rights

You have the right to have such data deleted, rectified, and to limit the ways in which it may be processed.

 

4. Registering for Events

4.1 Objectives and types of data

For this, personal data will be retained in order to fulfil one of the main missions of the Heinrich Böll Foundation (see § 2 of our bylaws). At most, the data in question comprises:

  • name
  • title
  • gender / form of address
  • contact information (postal address, e-mail, phone no.)
  • information about events
  • when/how contacted by Foundation
  • privacy information

4.2 Legal basis

The data in question is being retained as the Foundation has a legitimate interest to fulfil its mission as stated in its bylaws.

4.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

4.4 Retention of data

Persons registering for an event consent to being contacted, and they give permission for their data to be retained in order to prepare, organise, follow up on, and document the event in question. If there are no further points of contact with the Foundation, all such personal data will be reviewed and deleted after 18 months within a reasonable processing period of up to three months.

4.5 Your rights

You have the right to have such data deleted, rectified, and to limit the ways in which it may be processed.

 

5. Ordering Publications

5.1 Objectives and types of data

When ordering publications, the following customer data will be retained:

  • name
  • address and, where needed, billing address
  • e-mail
  • publication ordered
  • billing information

5.2 Legal basis

The retention of data is based on a contractual agreement or on a pre-contractual legal relationship.

5.3 Transmission of data and persons eligible to access such data

The right to access data is based on our respective internal rules regarding access permissions, as well as on the relevant written agreements with our service providers.

5.4 Retention of data

Your personal data will be deleted once the publication in question has been shipped. In case a publication requires payment, your data will be retained for the period required by law.

5.5 Your rights

You have the right to be informed about such data, and to have such data deleted, rectified, and to limit the ways in which it may be processed, provided there are no legal requirements to the contrary.