1. Name and contact details of the party responsible for processing data (data controller) and of the company data protection officer
Data controller (hereinafter referred to as “Minor”): Minor – Projektkontor für Bildung und Forschung gemeinnützige GmbH (hereinafter referred to as “Minor”), Alt-Reinickendorf 25, 13407 Berlin, Telephone: +49 30 – 45 79 89 500, Email: firstname.lastname@example.org
Minor’s company data protection officer can be contacted at the above address or at email@example.com.
2. Collection and storage of personal data, and type and purpose of its use
a) When visiting the website
When you visit our website, www.minor-kontor.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer
- date and time of access
- name and URL of the downloaded file,
- Website from which access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The data listed will be processed by us for the following purposes:
- ensuring a smooth connection to the website;
- ensuring comfortable use of our website;
- evaluation of system security and stability as well as
- for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
c) When using our contact form
If you have any questions, you may contact us using the form provided on the website. A valid email address is required so that we know who sent the request and can respond to it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) (1) (a) GDPR on the basis of your voluntary consent.
The personal data collected by us for the use of the contact form will be deleted after your request has been processed.
3. Sharing of data
Your personal data will not be transmitted to third parties for reasons other than those listed below.
We will only disclose your personal data to third parties if:
- you have expressly consented to this under art. 6 para. 1 sentence 1 (a) GDPR,
- disclosure is necessary, in accordance with art. 6 para 1 sentence 1 (f) GDPR to assert, exercise or defend
- legal claims and there is no reason to believe that you have an overriding legitimate interest in your data not being disclosed,
- disclosure is required by law in accordance with art. 6 para. 1 sentence 1 (c) GDPR,
- this is legally permissible and is necessary to transact contractual relations with you in accordance with art. 6 para. 1 sentence 1 (b) GDPR, and
- it is necessary under art. 6 para. 1 sentence 1 (f) GDPR in order to conduct scientific research and there is no reason to believe that your legitimate interest in excluding the processing or use of your data outweighs this.
Information is stored in the cookie that results in each case in connection with the specifically used terminal device. However, this does not mean that we immediately become aware of your identity.
In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimise user-friendliness. If you visit our site again to use our services, it will automatically recognise that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
The data processed by cookies are required for the purposes mentioned for the protection of our legitimate interests as well as of third parties according to Art. 6 para. 1 page 1 (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or so that a message always appears before a new cookie is created. The complete deactivation of cookies, however, may result in you being unable to use all of the features of our website.
5. Analytical tools
The tracking measures listed below and used by us are based on art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer. These interests are to be regarded as legitimate under the aforementioned provision.
The relevant data processing purposes and data categories can be found in the corresponding tracking tools.
A) Google Analytics
For the purpose of customising and continually optimising our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this context, pseudonymised user profiles are created and cookies (see Section 4) are used. The information generated by the cookie about your use of this website, such as
- the browser type/version,
- the operating system used,
- the referrer URL (the previously visited website),
- the host name of the accessing computer (IP address),
- the time of the server request
- are sent to and stored on a server hosted by Google Inc. in the USA. The information is used to evaluate the use of the website, to compile reports on advertising activities and to provide further services associated with the use of the website and of the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties, provided this is legally required, or to the extent that such third parties process the information. Under no circumstances will your IP address be merged with other data from Google. The IP address is rendered anonymous so that an assignment is not possible (so-called IP masking).
You can prevent the installation of cookies by the appropriate setting of the browser software; however, we would like to point out that you may not be able to use all the functions of this website in this case.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing the browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking this link. This sets an opt-out cookie, which prevents any future collection of your data when visiting this website. The opt-out cookie applies only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
b) Google Adwords Conversion Tracking
We also use Google Conversion Tracking to statistically record and evaluate the use of our website for the purpose of optimising it for you. Google Adwords will set a cookie (see Section 4) on your computer if you have accessed our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. Should the user visit certain pages of the Adwords advertiser’s website and the cookies have not yet expired, Google and their advertiser can tell that the user clicked on the ad and proceeded to that page.
Each Google Adwords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an Adwords advertiser. The information obtained using the conversion cookie information is used to create conversion statistics for the Adwords advertisers who have opted in to conversion tracking. The Adwords advertisers can find out the total number of users who have clicked on their advert and were directed to the page using the conversion tracking tag. However, advertisers do not obtain any information that can be used to personally identify users.
6. Microsoft Cloud services
We use Microsoft’s Cloud and cloud software services (so-called software as a service, e.g., Microsoft Office) for the following purposes: document storage and management, calendar management, sending emails, spreadsheets and presentations, exchanging documents, content and information with particular recipients, or publishing web pages, forms or other content and information, as well as chats and participating in audio and video conferencing.
Users’ personal data are processed here insofar as they become a part of the documents and contents processed within the described services or are a part of communication processes. This may include, for example, master data and contact data of users, data on transactions, contracts, other processes and their contents. Microsoft also processes usage data and metadata that is used by Microsoft for security and service optimisation purposes.
When using publicly available documents, web pages or other content, Microsoft may save cookies on users’ computers for the purposes of web analysis or to remember users’ preferences.
We would like to point out that, in the event of requests for information and the assertion of user rights, these can most effectively be directed at the providers. Only the providers have access to the user data and can directly take appropriate measures as well as provide information. If you still need further assistance, you can contact us.
We use Microsoft Cloud services on the basis of our legitimate interests under art. 6 para. 1 (f) GDPR in efficient and secure administrative and collaborative processes. Furthermore, processing is based on an order processing contract with Microsoft.
The Microsoft Cloud services are offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. If data is processed in the USA, we refer to Microsoft’s certification under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).
7. Online social media presence
We maintain an online presence on social networks and platforms in order to communicate with active users and to inform them about our services.
We would like to point out that this might cause user data to be processed outside the European Union, which can pose risks for users because this might hinder the enforcement of users’ rights, for example. With regard to US providers certified under the Privacy Shield, we would like to point out that they commit themselves to comply with EU data protection standards.
Furthermore, user data are generally processed for market research and advertising purposes. Thus, for example, user profiles can be created from the user behaviour and the associated user interests. The usage profiles can in turn be used, for example, to display advertisements that presumably correspond to the interests of the users both within and outside of the platforms. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in user profiles separate from the devices used by the users (especially if the users are members of the respective platforms and are logged in).
The processing of users’ personal data is carried out on the basis of our legitimate interests to effectively offer users information and communicate with users, in accordance with art. 6 para. 1 (f) GDPR. If the users are asked by the respective providers of the platforms for consent to the above-mentioned data processing, the legal basis of the processing is Art. 6 para. 1 (a) and Art. 7 GDPR.
For a detailed description of the relevant processing and the possibilities to object to this (opt-out), we refer to the information supplied by the providers, linked below.
- Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on an agreement on joint processing of personal data.
– Especially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data
– Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
– Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
- Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
– Opt-out: https://adssettings.google.com/authenticated
– Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
– Opt-out: https://twitter.com/personalization
– Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
8. Rights of the data subject
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this has not been collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about its detail;
- to immediately request the completion of or the correction of incorrect personal data stored by us in accordance with art. 16 GDPR;
- to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR to demand the restriction of processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you need this to assert, exercise or for the defence of legal claims or you have objected to processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another responsible person;
- pursuant to Art. 7 para 3 GDPR to revoke your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
- to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or our main legal office.
9. Right to object
If your personal data is processed on the basis of legitimate interests under art. 6 para. 1 sentence 1 lit. f GDPR, you have the right in accordance with Art. 21 GDPR to object to the processing of your personal data if there are reasons for this which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without any need for a particular situation to be specified.
If you would like to exercise your right of revocation or objection, please send an email to firstname.lastname@example.org
10. Data security
For visits to our website, we always use the most common SSL (Secure Socket Layer) method together with the highest level of encryption supported by your browser. Usually, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are improved continuously in order to meet state-of-the-art requirements.