We, the Arnold Liebster Foundation (hereinafter: “we” or “us“) take the protection of your personal data seriously and would like to inform you here about data protection.
Within the scope of our responsibility under data protection law, additional obligations have been imposed on us through the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR“) in order to ensure the protection of personal data of a person affected by a processing operation (we also address you as a data subject hereinafter with “user“, “you“, “(to) you” or “data subject“).
– “personal data” (Art. 4 No. 1 GDPR) is any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if it can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to its physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is insignificant (photographs, video or audio recordings may also contain personal data).
– “processing” (Art. 4 No. 2 GDPR) is any operation whereby personal data is handled, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e., acquisition), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, linkage, restriction, deletion or destruction of personal data, as well as the change of a purpose or intended use on which a data processing was originally based.
– “controller” (Art. 4 No. 7 GDPR) is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
– “third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who under the direct authority of the controller or processor, are authorized to process personal data; this also includes other group-affiliated legal persons.
– “processor” (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In particular, a processor is not a third party in the sense of data protection law.
– “consent” (Art. 4 No. 11 GDPR) means any freely given specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or any other definite affirmative action by which the data subject signifies agreement to the processing of personal data relating to it.
We are the controller for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR:
Hanauer Straße 24
Tel.: 0049 6039 9382277
Fax: 0049 6039 9382288
Represented by the Foundation’s Board of Directors: Uwe Klages (Chairman), Andreas Paul (Vice Chairman), Uwe Langhals, Dr. Tim Müller, Kirsten Paul, Lena Schortgen and the Founder Simone Liebster.
For further information about us, please refer to the imprint information on our website.
Our company data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection at our Foundation. His contact details are:
Paul & Paul Rechtsanwälte PartG mbB
In der Eulsheck 23
65779 Kelkheim / Ts.,
Tel.: 0049 6195 99550
By law, in principle, any processing of personal data is prohibited and only permitted if the data processing falls under one of the following justification facts:
– Art. 6 1) p. 1 lit. a GDPR (“consent”): Where the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or another definite affirmative action that it consents to the processing of personal data relating to it for one or more specified purposes;
– Art. 6 1) p. 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
– Art. 6 1) p. 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to preserve business records);
– Art. 6 1) p. 1 lit. d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
– Art. 6 1) p. 1 lit. e GDPR: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
– Art. 6 1) p. 1 lit. f GDPR (“legitimate interests”): When processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject override (in particular where the data subject is a minor).
For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be founded on more than one legal basis.
For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage is no longer applicable. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the provisions in A. (7) and A. (8).
However, storage may take place beyond the specified time in the event of a (impending) legal dispute with you or other legal proceedings or if storage is prescribed by statutory provisions to which we are subject as the controller (e.g. s. 257 HGB=German Commercial Code, s. 147 AO=German Fiscal Code). When the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for it.
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see under A.(3)).
We do not use neither domestic nor foreign service providers for our data processing.
In the course of our activities, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.
Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we take care that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see under A.(3)) if you would like more information on this.
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products offered by us presented below, you will be informed of this separately.
We may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies (Art. 6 (1) p. 1 lit. c GDPR).
You can assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A. (2). As a data subject you have the following rights:
You can obtain information about us and the services we offer in particular at https://www.alst.org/ together with the associated sub-pages (hereinafter collectively referred to as: “websites”). When you visit our websites, your personal data may be processed.
During the informative use of the websites, the following categories of personal data are collected, stored and processed by us:
We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations, in particular the (German) Federal Data Protection Act (BDSG) and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 1) p. 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.
The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 (1) p. 1 lit. f GDPR).
Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly.
The following categories of recipients may receive access to your personal data:
– Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 1) p. 1 lit. b or lit. f GDPR, insofar as it does not involve processors;
– State agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6 1) p. 1 lit. c GDPR;
– Persons appointed to carry out our operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities). The legal basis for the transfer is then Art. 6 1) p. 1 lit. b or lit. f GDPR.
In addition, we will only transmit your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 1) p. 1 lit. a GDPR.
Cookies can contain data that makes the recognition of the device used possible. In some cases, however, cookies only contain information about certain settings that are not personally identifiable. However, cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
On the website on the basis of Art. 6 1) p. 1 lit. f GDPR the social plug-in of the social network Twitter and YouTube is used. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection compliant operation is to be ensured by their respective providers. The integration of these plug-ins by us takes place by way of the so-called two-click method in order to protect visitors to our website as best as possible.
Plug-ins of the short message network of Twitter Inc. (Twitter) are integrated on the website. You can recognize the Twitter plug-ins (tweet button) by the Twitter logo on the page. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons).
If you do not want Twitter to be able to associate your visit to our site, please log out of your Twitter user account.
We have integrated YouTube videos into our online offering that are stored on http://www.YouTube.com and can be played directly from our website. [These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission].
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under B. (2) of this statement are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customized design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.