On the basis of the current legal framework, the Gerda Henkel Foundation has developed a new concept for data protection. In the following, you will find information on what personal data we collect and process and for what purposes and on which legal basis we use this data on our website https://lisa.gerda-henkel-stiftung.de (“science portal”). Furthermore, we inform you of our uses of personal data in the cases that you contact us in written form.
Personal data means all data that can be personally related to you, e.g. your name, your address or your E-mail address, but also the IP address allocated to you, all technical data concerning your mobile device as well as the type of device or operating system, your location data or all data that has been conveyed to us through access authorization on your mobile device.
1. Who is responsible for data processing?
The Gerda Henkel Foundation, Malkastenstraße 15, 40211 Düsseldorf, Germany is responsible for processing all personal data related to the use of the website. Further details about the Gerda Henkel Foundation as well as the means of contacting the foundation can be found here.
2. Data Protection Officer
In accordance with legal principles, the Gerda Henkel Foundation has appointed a data protection officer. The data protection officer of the Gerda Henkel Foundation can be contacted via email:
or via mail:
Gerda Henkel Stiftung
Data protection officer
3. The legal basis for data processing
In accordance with the GDPR (General Data Protection Regulation) it is our responsibility to inform the user about the legal principles and the purposes of all data processing undertaken by us. Principally, we refer to four different legal principles that allow us to process data on this website and for communication purposes:
- Art. 6, par. 1 lit. a) GDPR allows data processing if “the data subject has given consent to the processing of his or her personal data for one or more specific purposes“.
- Art. 6, par. 1 lit. b) GDPR allows data processing if “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
- Art. 6, par. 1, lit. c) GDPR allows data processing if “processing is necessary for compliance with a legal obligation to which the controller is subject“.
- Art. 6, Abs. 1 lit. f) GDPR allows data processing if “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data […].“
In the following you will find a list of the different purposes for which we process data and a respective reference to the relevant legal principle.
4. Data collection, data processing and data use
The manner of data processing depends on the use of our services. In the following we list which data we collect at what time.
a) Availability of the website of the website and creation of log files
By visiting our website, data will automatically be gathered and temporarily be stored. This data serves as a means for the user’s computer to communicate with our server (viewing of texts, pictures, the download of files etc.) It is automatically transferred through the user’s browser. It consists of the following information:
- Type and version of the user’s browser
- Type and version of the user’s operating system
- The internet address (URL) of the requested website
- Date and time of accessing the website
- The IP address allocated to the user
The legal basis for the collection of data is Art. 6 par. 1 lit. f) GDPR. We cannot attribute the collected data to the user. An attribution by means of merging the data with other sources of data will not be undertaken by us. For technical reasons, the data will be stored for the duration of seven days and will be deleted after the expiration of this retention period, given that there is no legal obligation for us to preserve the data for a longer period of time.
The temporary storage of the IP address is necessary to enable the delivery of the website to the computer of the user. For this purpose, the user’s IP address has to be stored for the duration of the session.
The storage in the form of log files must take place to safeguard the functionality of the website. In addition, the data helps us in optimizing the website and to safeguard the security of our information technology systems. This means that the data collected by the Gerda Henkel Foundation is used for the purposes of administration, web-protocol, research and collective statistics. The Gerda Henkel Foundation can use the data for statistical purposes (e.g. visited webpages, time spent on website, number of visits, date and time) as well as for the customization of the websites, the content, the layout and of services.
An analysis of the stored data only takes place if
- we have the legal obligation or a respective judicial ruling takes place or
- we need the logged data to prosecute attacks on our infrastructure by criminal and/or civil law.
An analysis of the data for marketing purposes does not take place.
The website of the science portal uses different kinds of cookies. These cookies have the function to make the user’s visit of the website more attractive and to enable the use of specific functions. The cookies in this case are small text files that will be stored on the user’s device. They can be transmitted to the website when visiting it and thus enable the attribution to a user. Cookies help in simplifying the use of websites for users. Some of them will be deleted after closing the browser (so-called session cookies). Others remain on the user’s device and enable us to recognize the user during their next visit (so-called persistent cookies).
c) Matomo – data traffic analysis
The website of the science portal also uses the Open Source Software tool Matomo (used to be PIWIK) in order to analyze the users’ surf-behavior. The software places a cookie on the user’s computer (Cookies, see above). If individual pages of the websites are visited, the following data is stored:
- Two bytes of the IP address of the user’s system
- The opened website
- The website the user was referred from (the referrer)
- The subpages that are opened from the opened website
- The time spent on the website
- The frequency of visiting the website
The software is set to not completely storing the IP address, but to instead masking 2 bytes of the IP address (e.g. 192.168.xxx.xxx). In this way, matching up the abridged IP address to the referring computer is no longer possible.
The software runs exclusively on the servers of our website. The storage of personal data only takes place here. Data is not passed on to third parties.
Processing of personal data resulting from the use of Matomo-Cookies relies on the user’s revocable consent according to Art. 6 Abs. 1 lit. a) GDPR.
The processing of users’ personal data enables us to make an analysis of the users’ surf-behavior. The analysis of collected data enables us to compile information on the use of individual components of our website. This helps us in improving our website as well as its user friendliness.
The data will be deleted as soon as it is no longer necessary for the attainment purpose of its collection. In our case, this is achieved after two years.
Cookies are stored on the user’s computer and are transmitted from there to our website. Through a change in settings in the user’s internet browser, the transmission of cookies can be deactivated or limited. Cookies already stored can be deleted at any time. This can also be set to automatic deletion. If cookies for our website are deactivated, full functionality of our website might no longer be available. More information can be found in the privacy settings of Matomo software: https://matomo.org/docs/privacy/.
d) Registration and composing contributions
We provide users of the science portal the opportunity to register stating their personal data. A registered user can write articles for L.I.S.A. and upload them as well as pictures, audio files and videos. They can also contact other authors registered at the science portal. The conditions of use for registration can be found here: https://lisa.gerda-henkel-stiftung.de/agb?language=en
Registration requires the completion of the application form, which requires the provision of data that will be transmitted to and stored by us. There is no transfer of data to third parties. The following data will be collected during the registration process:
- Name, surname
- E-Mail address
This data will be supplemented by the automatic collection of the following data:
- The user’s IP address
- Date and time of registration
Without the transmission of this data, registration is not possible. There is an opportunity to voluntarily provide additional data as well as to create a profile.
During the process of registration, the user will be asked for consent to collect this data. The legal basis for the processing of this data with the condition of proof of consent is Art. 6 par. 1 lit. a) GDPR. The data will be deleted as soon as it is no longer necessary for the attainment purpose of its collection. This is the case for all data collected during the registration process if the registration on our site is rescinded or changed. The user has the opportunity at all times to terminate his/her registration. The user can change the data stored on him/her at any time.
Changes concerning the stored data can be made independently in the section “My Profile“ when logged in. The consent to storing your data can be revoked at any time and the account created can be deleted by sending an email to email@example.com or by sending a message through the contact details provided in our imprint.
e) Comment section
The science portal enables the possibility to leave comments under every contribution. When logged in, the comment will be linked to the user‘s name as well as the email address the user provided. When not logged in, the user still has the opportunity to leave a comment by giving a pseudonym and a freely chosen email address. There is no obligation to use the user’s given and surname or correct email address. When leaving a comment, the following data will be collected in connection with the name and email address given:
- IP address
- Date and time
Given consent can be revoked at any time and the comment can be deleted by sending an email to firstname.lastname@example.org or by sending a message through the contact details provided in our site notice.
f) Contact via email
The user can contact us through the email address provided. If the user contacts us t, the personal data sent to us will automatically be stored. We only process personal data as far and as long as we need it to provide the user with our supply of information. We delete personal data after we have provided our services, unless a legal obligation requires us to do so otherwise. The legal basis for data collection of this kind is: Art. 6 par. 1 lit. f) GDPR. The purpose for data processing and our rightful interest therein lies in being able to answer all messages directed towards us.
Our science portal provides the opportunity to subscribe to a free newsletter. In this case the email address provided in the subscription form for the newsletter is transmitted to us. Furthermore, the following data is requested upon subscription:
- IP address
- Date and time of registration
The data will be deleted as soon as it is no longer necessary for the attainment purpose of its collection. The user’s email address will therefore be stored as long as the subscription to the newsletter is active.
The consent given can be revoked at any time and the user can unsubscribe from the newsletter by clicking on the provided link in each newsletter, by emailing email@example.com or by sending a message through the contact details provided in our imprint.
5. Storage of data
We only process personal data as long as is necessary for the attainment of the respective processing purpose. Furthermore, we are liable to different storage and documentation obligations that result from the commercial code (HGB) as well as the revenue code (AO). These can last for up to ten years. Finally, the retention period for storage is also estimated according to the statute of limitations, which can last for up to thirty years according to §§ 195 ff. of the Civil Law Code (BGB), whereby the regular statute of limitations amounts to three years.
6. User Rights
The user has the following rights:
- Repeal of given consent in terms of the data protecting law Art. 7 par. 3 GDPR
- Disclosure according to Art. 15 GDPR
- Corrections according to Art. 16 GDPR
- Deletion (“The Right to be forgotten“) according to Art. 17 GDPR
- Restriction of processing according to Art. 18 GDPR
- Notice according to Art. 19 GDPR
- Data portability according to Art. 20 GDPR
- Repeal according to Art. 21 GDPR
Complaint at regulatory authority according to Art. 77 GDPR
The regulatory authority responsible for the Gerda Henkel Foundation can be reached at: Landesbeauftragter für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
PO 20 04 44
8. Data security
In order to protect the data collected by us, we have established technical and organizational safety measures. These are especially directed towards dangers of loss, manipulation or unwarranted access to your data. The security concept is being examined for its functionality and adequacy and it is customized according to the state of the art on a regular basis.