We are committed to protecting your personal data. Since protecting your privacy and your business data is of particular importance to us, we will comply with the data privacy regulations applicable in Germany.
This policy aims to inform you in detail about which data are collected when you visit our website and use what we offer on it and how they are subsequently processed or used by us, as well as which accompanying protective measures we have also taken in technical and organisational terms.
1. Controller / service provider
The Foundation for Family Businesses is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and also the service provider within the meaning of the German Telemedia Act (TMG); please also refer to the publication details.
Foundation for Family Businesses
(1) We do not collect any personal data when you merely visit the website. However, each server automatically stores information on access to Internet pages. Temporary storage of the IP address by the system is necessary so that the website can be delivered to the user’s computer system. To enable that, the user’s IP address must be stored for the duration of the session. For the purpose of system security, our web server temporarily records the IP address of the computer system calling the site, the browser you use, the operating system used, the date and time of access, the Internet pages you visit, the Uniform Resource Locator (URL) requested on our Internet pages, and the website you previously visited (referrer URL). This information is stored anonymously and is not linked to your personal data. It cannot be used to identify you or draw any conclusions about your individual behaviour.
The legal basis for temporary storage of the data and log files is Article 6 (1) point (f) GDPR.
We store data related to your computer system in order to record trends and compile statistics. These stored data are also used for the purpose of identification and tracking of unauthorised attempts to access our servers. We compile profile information on the use of our own Internet pages exclusively in anonymised form and only in order to improve the user guidance and tailor our offering to users’ interests as best possible. No personal surfing profiles or the like are created or processed using the data.
The following data may be transmitted using them: search terms you entered, the frequency of page views, and the use of website functions.
You yourself can choose whether cookies are to be set and called by means of your browser settings. For example, you can completely disable storage of cookies in your browser, confine storage of them to certain Internet pages or configure your browser so that it automatically notifies you as soon as a cookie is to be placed and asks how you wish to respond. For technical reasons, however, it is necessary to permit these session cookies so that the full functionality of our Internet presence can be used.
We do not collect or store personal data in cookies in this connection. We also do not use technologies that link information generated by cookies with user data.
The legal basis for processing personal data using cookies is Article 6 (1) point (f) GDPR.
The data are erased as soon as they are no longer required for achieving the purpose for which they were collected. As regards data recorded to deliver the website, this is the case when the session in question is over. In general, IP addresses are erased no later than seven days after they are collected. The data may be stored above and beyond that. In that case, the IP addresses of users are erased or anonymised so that the client calling the website can no longer be identified.
Recording of data in order to deliver the website and storage of the data in log files are absolutely necessary for operating the website. Consequently, users do not have the possibility of objecting and opting out.
3. Google Analytics
You can prevent installation of the cookies by making the appropriate setting in your browser software; we point out here that if you do so, you might not be able to use all the functions of this website in full.
Moreover, you can prevent recording of the data generated by the cookie and relating to your use of the website (including your IP address) and processing of these data by Google by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=en-GB)
We collect, store and process the personal data you actively transmit insofar as that is necessary to deal with requests or fulfil our contractual obligations. Personal data are usually collected and used only subject to the user’s prior consent. An exception to that is when such prior consent cannot be obtained for factual reasons and we are permitted by law to process the data.
If we obtain consent from data subjects to process their personal data, the legal basis for processing personal data is Article 6 (1) point (a) GDPR.
The legal basis for processing personal data required in order to perform a contract to which the data subject is a party is Article 6 (1) point (b) GDPR. That also applies to processing activities required as part of steps prior to entering into a contract.
If processing of personal data is necessary for compliance with a legal obligation on the part of our company, the legal basis for that is Article 6 (1) point (c) GDPR.
If processing is necessary to safeguard legitimate interests of our company or a third party and the data subject’s interests, fundamental rights and freedoms do not override the interests of our company or the third party, the legal basis for that is Article 6 (1) point (f) GDPR.
Your registered data are always transmitted to our systems in encrypted form. This protects communication between you and our server and prevents data being misused. We deploy a recognised and widely used system for encryption that is regarded as secure in its latest version.
Users may also contact us under the e-mail address provided. In this case, the user’s personal data sent with the e-mail are stored.
The data are not passed on to third parties in this connection. The data are used exclusively to process the conversation.
The legal basis for processing the data is Article 6 (1) point (a) GDPR if the user has given consent.
The legal basis for processing data sent with an e-mail is Article 6 (1) point (f) GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for processing of the data is Article 6 (1) point (b) GDPR.
We process personal data from the input screen solely for handling contacts. This also constitutes the necessary legitimate interest in processing the data.
Our website contains a form that can be used for contacting us electronically. If a user makes use of this option, the data entered in the input screen are transmitted to us. These data are: last name, first name, company, telephone number, address, e-mail address and the content of the message.
The following data are also stored at the time the message is sent: the IP address of the website visitor, and the date and time of contact.
The legal basis for processing the data is Article 6 (1) point (a) GDPR if the user has given consent.
We process personal data from the input screen solely for handling contacts. If we are contacted by e-mail, that also constitutes the legitimate interest required for processing the data.
The other personal data that are processed when a message is sent help prevent misuse of the contact form and ensure the security of our IT systems.
You can also subscribe to our newsletter on our website. If the user makes use of this option, the data entered in the input mask will be transmitted to us and thus the CRM system Vewa of the GRÜN Group, Aachen, Germany, and stored there; the GRÜN Group is subject to the GDPR. These data are: e-mail address, title, first name, last name, company and position.
The following data are also collected during the subscription process: the IP address of the computer system calling the site, and the date and time the newsletter was subscribed to.
No data are passed on to third parties in connection with the processing of data needed to send newsletters. Instead, the mailings are sent locally via a mail server of our own.
The data are used solely for sending the newsletter.
The legal basis for processing the data after the user has subscribed to the newsletter is Article 6 (1) point (a) GDPR if the user has given consent.
The user’s e-mail address is collected so that the newsletter can be delivered.
The data are erased as soon as they are no longer required for achieving the purpose for which they were collected. Accordingly, the user’s e-mail address is stored for as long as the newsletter subscription is active.
Users can cancel their subscription to the newsletter at any time. Every newsletter contains a link allowing them to do that. Cancelling the subscription also withdraws your consent to storage of your personal data collected during the subscription process.
The data subject’s personal data are erased or blocked as soon as the purpose for which they have been stored no longer applies. As regards personal data from the contact form’s input screen and personal data sent by e-mail, this is the case when the particular conversation with the user is over. The conversation is over when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The personal data additionally collected when a message is sent are erased after no later than seven days. If users contact us by e-mail, they can object to their personal data being stored at any time. That then means the conversation cannot be continued.
The data can also be stored if this is envisaged by European or national legislators in EU regulations, laws or other provisions to which we are subject. The data will also be blocked or erased when a period of time prescribed for their storage under the above legal provisions expires, unless it is necessary for the data to still be stored so that a contract can be concluded or performed.
5. Google Maps
Wir We have integrated an API of the map service Google Maps on the subpage of our website https://veranstaltungen.familienunternehmen.de/. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address must be stored so that the features of Google Maps can be used. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on transfer of the data.
Google Maps is used to make the presentation of our online offerings more appealing and so that the places specified on
the website are easy to find.
possibility of opting out: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB, settings for the display of advertisements: https://adssettings.google.com/authenticated.
6. Right to access and obtain information
You can demand confirmation from us as to whether personal data concerning you are processed by us.
If they are processed, you can demand the following information from us:
the purposes for which the personal data are processed;
the categories of personal data processed;
the recipients or categories of recipients to whom the personal data concerning you have been or are to be disclosed;
the planned length of time for which the personal data concerning you will be stored or, if concrete details of that are
not possible, the criteria used to determine that length of time;
the existence of a right to request from us rectification or erasure of personal data or restriction of processing of
personal data concerning you or to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information on the origin of the data if the personal data have not been collected from you;
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at
least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged
consequences of such processing for you;
You have the right to demand information on whether the personal data concerning you are transferred to a third country or an international organisation. You can demand to be informed about the appropriate safeguards in accordance with Article 46 GDPR that have been provided in connection with such transfer of your data.
7. Right to rectification
You have a right to demand that we correct and/or supplement processed personal data concerning you if they are incorrect or incomplete. We will rectify the data immediately.
8. Right to restriction of processing
You can demand that processing of personal data concerning you be restricted subject to the following conditions:
if you contest the accuracy of the personal data concerning you, processing of the data will be restricted for a period enabling us to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request restriction of their use instead;
if we no longer need the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims; or
if you have objected to processing pursuant to Article 21 (1) GDPR and it has yet to be verified whether our legitimate grounds override your grounds.
Where processing of personal data concerning you has been restricted, the data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If processing of data has been restricted pursuant to the above circumstances, you will be informed by us before the restriction is lifted.
9. Right to erasure
Obligation to erase data
You can demand that we erase the personal data concerning you without undue delay where one of the following grounds
the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
you withdraw your consent on which the processing was based in accordance with Article 6 (1) point (a) or Article 9 (2) point (a) GDPR, and where there is no other legal ground for the processing;
you object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR;
the personal data concerning you have been unlawfully processed;
the personal data concerning you must be erased to ensure compliance with a legal obligation under Union or Member State law to which we are subject;
the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
Notification of third parties
Where we have made the personal data concerning you public and are obliged pursuant to Article 17 (1) GDPR to erase them, we will – taking account of available technology and the cost of implementation – undertake reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
You do not have a right to demand erasure of your data if processing of them is necessary
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
for reasons of public interest in the area of public health in accordance with Article 9 (2) points (h) and (i) and Article 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR insofar as the right referred to in a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
10. Right to notification
If you have asserted your right to demand that we rectify, erase or restrict processing of data, we must communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to demand that we inform you who these recipients are.
11. Right to data portability
You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us provided that
processing of the data is based on consent in accordance with Article 6 (1) point (a) GDPR or Article 9 (2) point (a) GDPR or on a contract in accordance with Article 6 (1) point (b) GDPR and
the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from us
to another controller, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data necessary for the performance of a task
carried out in the public interest or in the exercise of official authority vested in us.
12. Right to withdraw consent and right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) point (e) or (f) GDPR, including profiling based on those provisions.
We will then no longer process the personal data concerning you unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of any processing conducted on the basis of the consent up to the point of its withdrawal.
13. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the General Data Protection Regulation (GDPR).
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
We will maintain confidentiality on all information that has to be treated confidentially and of which we have gained knowledge as part of the contractual relationship and will use it vis-à-vis third parties – for whatever purpose – only with the prior consent of the respective other contractual partner. Information that must be treated as confidential includes information explicitly designated as confidential by the party providing it and information that from the circumstances of its disclosure must obviously be kept confidential. In particular, your personal data and the data used must be treated confidentially by us if we gain knowledge of them.
The obligations under (1) do not apply to information or parts thereof for which we prove that they
were already known to us or generally available before the date they were received;
were already public domain or generally available before the date they were received;
became public domain or generally available after the date they were received through no fault of ours.
Public declarations by the parties about cooperation between them will only be issued subject to prior mutual consent.
The obligations under (1) will remain in force beyond the end of the contract for an indefinite period of time, namely
for as long as an exception under (2) is not proven.