Privacy Policy

The Joachim Herz Foundation (hereinafter “JHS”) is pleased to welcome you to these websites. Personal data is collected on these websites only to the extent technically necessary. Below, we provide information about the collection of personal data when you use our website. Personal data includes any data that can be linked to you personally, such as your name, address, email addresses, and user behavior. We have implemented comprehensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological advancements. 

This Privacy Policy applies to the JHS website at www.joachim-herz-stiftung.de. The other JHS websites have separate privacy policies.

 

1. Data Controller

The data controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:

Joachim Herz Foundation
Langenhorner Chaussee 384
22419 Hamburg
T. +49 40 533295-0
info(at)joachim-herz-stiftung(dot)de

 

2. Contact Information for the Data Protection Officer

You can contact our Data Protection Officer at datenschutz(at)joachim-herz-stiftung(dot)de or at our mailing address with the note “Data Protection Officer.”

 

3. Your Rights

You have the following rights with respect to the personal data we hold about you:

3.1 General Rights

You have the right to access, rectification, erasure, restriction of processing, objection to processing, and data portability. To the extent that processing is based on your consent, you have the right to withdraw that consent with future effect.

3.2 Rights Regarding Data Processing Based on Legitimate Interests

Pursuant to Article 21(1) of the GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) or Article 6(1)(f) of the GDPR (data processing to safeguard a legitimate interest); this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

3.3 Rights Regarding Direct Marketing

If we process your personal data for the purpose of direct marketing, you have the right, pursuant to Art. 21(2) of the GDPR, to object at any time to the processing of your personal data for the purposes of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.

3.4 Right to Lodge a Complaint with a Supervisory Authority

You also have the right to lodge a complaint with a competent data protection supervisory authority regarding our processing of your personal data.

 

4. Collection of Personal Data When Visiting Our Website

When you use our website for informational purposes only—that is, if you do not register or otherwise actively provide us with information—we collect only the personal data that your browser automatically transmits to our server. This data is technically necessary to display the website to you, to ensure its stability and security, and to analyze any errors or security incidents. Processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in providing our website in a secure and functional manner.

Specifically, the following data is processed: IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates, browser, operating system and its user interface, language, and version of the browser software.

This data is stored for a period of 30 days and is then automatically deleted or anonymized, unless there are legal retention requirements or longer storage is necessary to investigate cases of misuse.

 

5. Contact via Email or Contact Form

When you contact us via email or through a contact form—for example, in connection with funding inquiries—we store the data you provide (your email address, and, if applicable, your name and phone number) in order to answer your questions. To the extent that we request information via our contact form that is not necessary for establishing contact, we have always marked such fields as optional. This information helps us clarify your inquiry and better address your request. The provision of this information is expressly voluntary and subject to your consent, in accordance with Article 6(1)(a) of the GDPR. If this information relates to communication channels (such as an email address or phone number), you also consent to us contacting you via that communication channel, if necessary, to address your inquiry. You may, of course, revoke this consent at any time with future effect. To do so, please contact: datenschutz(at)joachim-herz-stiftung(dot)de.

We will delete the data collected in this context once storage is no longer necessary, or restrict its processing if statutory retention obligations apply.

 

6. PlayEconomy

Users interested in the simulation game offered by the PlayEconomy project can register online as course/game leaders and thereby gain access to a password-protected area containing various information, license applications, and teaching materials (e.g., software, presentations, worksheets, manuals, etc.) available for download. If you (course/game leader) decide to register with the PlayEconomy project, your personal data (first name, last name, mailing address, name of institution/school), which you use to log in to the protected area of PlayEconomy via the corresponding form, will be stored on our servers to verify the necessary registration requirements, to provide you with access to the protected area and the materials available to you individually, and to ensure communication between you and the JHS. For communication purposes, the personal data will also be made available to the regional coordinators, provided they handle communication on behalf of the JHS.
The personal data listed here is visible to all registered users. This is intended to facilitate a personal, and above all regional, exchange of experiences regarding the use of the simulation games among registered users. The legal basis for data processing is your consent, Article 6(1)(a) of the GDPR.

The user may request the deletion of their registration at any time. In this case, the JHS will delete all personal data without delay. In addition, in connection with accessing the PlayEconomy server via our login area, other personal data that allows for the identification of the user (e.g., IP address, date, time of access, etc.) is temporarily stored on the servers we use for data security purposes. The data mentioned here is not analyzed, except for statistical purposes and in anonymized form.

Please also note the Terms of Use for the protected area of PlayEconomy.

 

7. Newsletter

With your consent pursuant to Article 6(1)(a) of the GDPR, you can subscribe to our newsletter, through which we inform you about our current offers. We use the so-called double opt-in procedure for subscribing to our newsletter. This means that after you sign up, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month.

In addition, we store your IP addresses and the times of your registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any potential misuse of your personal data. The only mandatory information required to receive the newsletter is your email address. After your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis is Article 6(1)(a) of the GDPR. We store your email address until you unsubscribe from the newsletter. You may revoke your consent to receive the newsletter at any time and unsubscribe from it. You can revoke your consent by clicking the link provided in every newsletter email, by sending an email to Kommunikation(at)joachim-herz-stiftung(dot)de, or by sending a message to the contact information listed in the legal notice.

 

8. Registration

You have the option to register with us and create an account. For registration, we collect and store the following data from you:

  • Title
  • Middle name
  • Last name
  • Email address
  • Password

Once you have registered, you will receive personal, password-protected access and will be able to view and manage the data you have provided. Registration is voluntary but may be required to use our services. When you use our portal, we store your data until you permanently delete your account. The legal basis is Article 6(1)(a) of the GDPR.

 

9. Events

We offer you the opportunity to register for events via corresponding forms at various locations on our website. In addition, we may process your personal data, for example, in the form of participant lists for in-person events. For this purpose, we generally collect your name and contact information, as well as any additional personal data required for the administration of the respective event (see the corresponding registration forms). The legal basis for the associated processing of your personal data is Article 6(1)(b) of the GDPR, as well as Article 6(1)(a) of the GDPR, to the extent that you provide us with information beyond the data marked as required fields. We will delete the data collected in this context once storage is no longer necessary; we will restrict processing if statutory retention obligations apply; or we will delete it if you withdraw your consent.

In addition, we use the LimeSurvey service (LimeSurvey GmbH, Papenreye 63, 22453 Hamburg) for surveys and registrations in connection with our events. We have entered into a data processing agreement with our service provider in accordance with Article 28 of the GDPR to ensure the security and lawfulness of the processing. In this context, we process only the data from you that is necessary for registration or the survey. The legal basis is your explicit consent pursuant to Article 6(1)(a) of the GDPR, which you may revoke at any time with future effect. Your data will be deleted once the purpose has been fulfilled.

 

10. Applications for Open Positions

You may apply for a position with us electronically, specifically via email. We will, of course, use your information exclusively to process your application and will not share it with third parties. Please note that emails sent without encryption are not transmitted with access protection. If you have applied for a specific position that has already been filled, or if we consider you equally or even more suitable for another position, we would like to forward your application within the company. Please let us know if you do not consent to such forwarding.

Your personal data will be deleted immediately upon completion of the application process, or after a maximum of 6 months, unless you have expressly given us your consent to store your data for a longer period or a contract has been concluded. The legal basis is Art. 6(1)(a), (b), and (f) of the GDPR and § 26 of the BDSG.

 

11. Processing of Personal Data in Connection with Funding Programs

As part of the application process for our funding programs, we process applicants’ personal data (e.g., name, contact information, details regarding educational or academic background, letters of motivation, letters of recommendation, declarations of consent, and, where applicable, information on special life circumstances such as caregiving responsibilities or disabilities) in order to conduct the selection process, make a funding decision, and—in the event of funding—implement the respective program.

The processing is based on:

  • Art. 6(1), sentence 1, lit. b GDPR (implementation of pre-contractual measures or the initiation and implementation of a funding relationship),
  • Art. 6(1), sentence 1, lit. a GDPR, to the extent that the processing is based on voluntarily provided information or separate consent (e.g., for disclosure to third parties or the publication of portrait photos) is required,
  • where applicable, Art. 6(1), sentence 1, subparagraph f of the GDPR (legitimate interest, e.g., to ensure a fair selection process or to prevent multiple applications)
  • Article 9(2)(a) of the GDPR, to the extent that special categories of personal data (e.g., health data) are processed.

In addition, we also process personal data of individuals who write letters of recommendation or provide consent forms as part of the application process (e.g., teachers, instructors, school administrators). This processing is based on Art. 6(1), sentence 1, subparagraph f of the GDPR. Our legitimate interest lies in the proper conduct and documentation of the selection process, as well as in communication with training and educational institutions.

Personal data is disclosed only to employees responsible for the program, to jury members or selection committees, and—where necessary—to the Foundation’s cooperation partners (e.g., exchange organizations, partner universities, or specialized institutions in Germany and abroad).

Photographs and video recordings may be taken during events and used for the Foundation’s documentation and public relations purposes (e.g., website, annual report, brochures). Processing generally takes place on the basis of a legitimate interest pursuant to Art. 6(1), sentence 1, letter f of the GDPR, provided that no legitimate interests of the data subject conflict with this. Portrait photographs will only be used with separate consent. You have the right at any time to object to such use with future effect for reasons arising from your particular situation (Article 21 of the GDPR).

Even beyond the active funding period, we would like to stay in touch with our former scholarship recipients to promote professional exchange, maintain our network, and inform you about relevant events, publications, or continuing education opportunities offered by the Foundation.

To this end, we process certain contact data (e.g., name, email address) even after the funding relationship has ended. The legal basis for this is Article 6(1)(f) of the GDPR. Our legitimate interest lies in maintaining long-term networks and fostering exchange between the Foundation and former grant recipients. You may object to this processing at any time with effect for the future (Article 21 of the GDPR).

Your data will generally be stored only for as long as is necessary to conduct the selection process and, if applicable, the grant program. In the event of rejection, applicants’ data will generally be deleted no later than six months after the conclusion of the selection process, provided that no legal retention obligations or legitimate interests preclude this.

 

12. Processing in Connection with Nominations for the Joachim Herz Prize

As part of the nomination process for the Joachim Herz Prize, we process personal data of both the nominator and the nominee. Nominators provide their first and last names, academic degree, email address, position, the name of their institution, their address (street, house number, ZIP code, city), and, optionally, a second email address in the nomination portal. After submitting the nomination, they receive a link via email to forward to the nominee.

The nominee can confirm the nomination in the application portal by providing their own first and last names, academic degree, institution (university or research institution, institute, department), and the type of nomination (as an individual or on behalf of one or more research groups). 

It is also possible to apply directly for the Joachim Herz Prize, in which case the personal data listed above will also be collected.

The data is processed for the purpose of conducting the nomination and application process. The data of the nominators is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest), as proper handling of the process is not possible without this information. The processing of nominees’ data is based on Article 6(1)(a) of the GDPR (consent), as they themselves decide whether to accept the nomination and submit their complete application data.

The data collected is used exclusively for processing the nomination and application and is not disclosed to third parties, unless this is necessary for conducting the application process or required by law. The data is stored only for the period necessary for the nomination and application process. Once the process is complete and any statutory retention obligations have expired, the data will be deleted or anonymized.

Participation in the nomination process is voluntary. Nominees are free to decline the nomination. Consent given for data processing may be revoked at any time with future effect. 

 

13. Contests

If you participate in sweepstakes, we collect data necessary to conduct the sweepstakes. This typically includes an individual sweepstakes entry (e.g., a comment or an answer to a question), as well as your name and contact information. We may share your data with our contest partners, for example, to send you your prize. Data processing and data sharing may vary depending on the contest and are therefore specifically described in the respective terms and conditions. Participation in the sweepstakes and the associated data collection is, of course, voluntary. The legal basis for data processing is Art. 6(1)(b) of the GDPR. Your data will be deleted after the sweepstakes ends or after legal retention periods have been met.

 

14. Fellows on uMap

As part of our fellowship program, we use the uMap software (provided by Fossgis e.V., Bundesallee 23, 10717 Berlin). This application is designed to enable current and former Fellows to gain a global overview of where other Fellows are located or have been located. The uMap application is designed to be extremely data-friendly, utilizing the open-source solution from OpenStreetMap (https://openstreetmap.org). Only server log files (browser type, browser version, operating system used, referrer URL, hostname, and time of the server request) and the IP address are processed. Fellows are free to decide whether to participate in this service and place their pins on the map independently.

The legal basis for the processing is the legitimate interest pursuant to Art. 6(1)(f) of the GDPR. The purposes of the processing are to facilitate networking opportunities for the Fellows. The data will be deleted as soon as it is no longer necessary to achieve the purpose.


15. Use of Cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which certain information is transmitted to the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall. We also use cookies to identify you on subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.
This website uses the following types of cookies, the scope and functionality of which are explained below:

15.1 Transient Cookies

These cookies are automatically deleted when you close your browser. This includes, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

15.2 Persistent Cookies

These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

15.3 Blocking Cookies

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then be unable to use all features of this website.

15.4 Legal Bases and Retention Periods

The legal bases for the processing of personal data and their retention periods vary and are outlined in the following sections.

 

16. Website Analytics

For the purpose of analyzing and optimizing our websites, we use various services, which are described below. This allows us, for example, to analyze how many users visit our site, which information is most in demand, or how users find our website. Among other things, we collect data on which website a data subject came from (known as the “referrer”), which subpages of the website were accessed, and how often and for how long a subpage was viewed. This helps us design and improve our offerings to make them more user-friendly. The data collected in this process is not used to personally identify individual users. We collect anonymous or, at most, pseudonymous data. The legal basis for this is Article 6(1)(f) of the GDPR.

16.1 Matomo (formerly Piwik)

This website uses the web analytics service Matomo (formerly Piwik) to analyze the use of our website, assess the effectiveness of our campaigns, and make regular improvements. The statistics obtained enable us to improve our offerings and make them more interesting for you as a user. The legal basis for the use of Matomo is Article 6(1)(f) of the GDPR. Cookies are stored on your computer for this analysis. You can opt out of this analysis by deleting existing cookies and preventing the storage of cookies. Please note that if you prevent the storage of cookies, you may not be able to use this website to its full extent. You can prevent the storage of cookies by adjusting the settings in your browser. 

This website uses Matomo with the “Privacy Manager” extension. This anonymizes IP addresses, thereby preventing direct identification of individuals. The IP address transmitted from your browser via Matomo is not combined with any other data we collect. Matomo is an open-source project. You can find the third-party provider’s privacy policy at https://matomo.org/privacy/.  

 

17. YouTube

We use services provided by YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users whose habitual residence is in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, is the data controller responsible for your data.

We have integrated YouTube’s services using a so-called additional layer. This layered solution prevents data (e.g., IP address) from being transmitted to social networks such as YouTube as soon as our website is opened. This means that data is only transmitted to the provider when you click on the respective button. In addition, to protect your personal data, we use the enhanced privacy option provided by YouTube. When you visit a page that contains an embedded YouTube video, a connection is established with the YouTube servers, and the content is displayed on the website by being sent to your browser. According to YouTube, however, in “enhanced privacy mode,” data is only transmitted to the YouTube server when you actively start the video. If you are logged into YouTube at that time, information about the videos you watch will be associated with your YouTube account. You can prevent this by logging out of your YouTube account before visiting our website. To the extent that data is processed outside the European Economic Area (EEA) or the EU, where data protection standards do not meet European standards, Google states that it uses standard contractual clauses.

For more information on YouTube’s data processing practices, see: https://www.google.de/intl/de/policies/privacy/

The legal basis for the use of third-party services is Art. 6(1)(a) of the GDPR.

 

18. Vimeo

We embed videos from the provider Vimeo.com Inc., headquartered at 555 West 18th Street, New York, New York 10011. When you view a Vimeo video on one of our web pages, a connection is established with the Vimeo servers. This transmits information to the Vimeo server regarding which of our web pages you have visited. If you are logged in to your Vimeo account at the time, Vimeo associates this information with your personal user account. Clicking the play button on a video may also result in this information being associated with an existing user account. You can prevent this association by logging out of your Vimeo user account before using our website and deleting the relevant Vimeo cookies.

We use this service on our website based on your explicit consent in accordance with Art. 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect. For more information on data processing and Vimeo’s privacy policy, please visit vimeo.com/privacy.

In addition, Vimeo calls the Google Analytics tracker via an iFrame in which the video is embedded. This is Vimeo’s own tracking system, to which we have no access. You can prevent tracking by Google Analytics by using the opt-out tools that Google provides for certain web browsers. Users can also prevent Google Analytics from collecting data generated by the service and related to their use of the website (including their IP address) and from processing this data by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

 

19. Our Company Profiles on Facebook and Instagram

19.1 General Information

We maintain publicly accessible profiles on Facebook and Instagram (hereinafter collectively referred to as the “Fan Page”). The Fan Page is provided to the Joachim Herz Foundation by Meta Platforms Ireland Limited (hereinafter “Meta”), and the Joachim Herz Foundation administers it using a corresponding user account. The Fan Page enables the Joachim Herz Foundation to present itself to Facebook and Instagram users and to interact with them. When the Fan Page is accessed, so-called Insights data is collected. This consists of anonymized data that enables us to view statistical analyses of the Fan Page’s usage. 
When this Insights data is collected, personal data is also processed. Meta and we are jointly responsible for this processing within the meaning of Art. 26 of the GDPR. The key provisions of the agreement concluded between Meta and us, the operator, are explained below.

19.2 Data Controller

The Joachim Herz Foundation, together with Meta (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland), is responsible for data processing in connection with the use of the fan page.

19.3 Right to Object

If you wish to object to the processing of your data by us on the fan page, either in general or with respect to specific activities, you may do so by sending a private message via the fan page. You may also object directly to Meta regarding the processing of Insights data. You may likewise object to data processing by Meta by contacting us. Your objection will be forwarded to Meta immediately. Please note that in the event of such an objection, the use of the fan page and access to the services and information offered through it will be limited or not possible at all.

19.4 Nature of the Processing

19.4.1 Page Insights

When you access and use the Fan Page, Page Insights (statistics regarding access to the Fan Page) are made available and processed by us. We have no way of personally identifying you or linking you to your account. This feature constitutes an indispensable part of the Terms of Use agreement we have with Meta. This means that we cannot unilaterally decide whether or not to collect Page Insights.

For more information about the “Page Insights” feature, the use of cookies, and your settings options, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data, https://www.facebook.com/policies/cookies 

Please note that the Page Insights feature may also collect personal data from individuals who do not have a profile on Facebook or Instagram.
You can also restrict or completely prevent the use of cookies in your browser settings. In addition, you can configure your browser to automatically delete cookies when you close the browser window.

If you use the Facebook or Instagram app, you can change settings regarding the placement of cookies by apps in your mobile device’s settings. You can view information on the legal basis and purpose of Meta’s processing, as well as the respective retention periods, here: https://de-de.facebook.com/about/privacy/update 

To the extent that we process your personal data when you visit the fan page, the lawfulness of this processing is based on Article 6(1)(f) of the GDPR (legitimate interest).

We want to analyze the anonymized Insights data to understand user behavior on the fan page and optimize the content. To market your services as effectively as possible, we need a high volume of fan page visits. The Insights data helps us achieve this. The Insights data collected via the fan page is provided to us in anonymized form. This means that the personal data collected is modified in such a way that it can no longer be attributed to a specific individual, or can only be attributed with a disproportionately large amount of time, cost, and effort. If you are registered with Facebook and/or Instagram, the provision of Insights data is contractually required. Otherwise, you cannot open an account. For unregistered users, the processing of Insights data is voluntary. However, objecting to the processing or disabling certain settings will result in you being unable to access the fan page.

19.4.2 Contacting Us via Fan Page Features

If you use our profiles on social networks to contact us (e.g., by creating your own posts, reacting to one of our posts, or sending us private messages), we will process the data you provide to us exclusively for the purpose of contacting you. The legal basis for data collection is therefore Article 6(1)(f) of the GDPR.
We will delete the data we have received from you in the course of this contact as soon as it is no longer needed to achieve the purpose for which it was collected—that is, once your request has been fully processed and no further communication with you is required or desired by you.

  • You can view the privacy policy for the social network Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, under Privacy Policy;
  • You can view the privacy policy for the social network Instagram, operated by Meta Platforms Ireland Limited, under Privacy Policy;

19.5 Retention Period

We delete personal data once the purpose of data processing has been achieved and there are no other legal grounds preventing the deletion of the data. Beyond that, we store your personal data only to comply with any applicable legal retention requirements. We have no control over the deletion of your data by Meta itself.

19.6 Transfer to Third Countries

The data collected when you access and use the fan page, as well as the information you provide when contacting us, is transferred to Meta and stored there. Some of the Insights data is transferred to Meta’s servers in the U.S. and stored there. Meta has been certified under the Data Privacy Framework (DPF) program and is listed on the International Trade Administration’s (ITA) Data Privacy Framework list. This means that Meta has publicly committed to complying with DPF obligations, and any data transfer to the United States is considered safe based on the European Commission’s current adequacy decision dated July 10, 2023. The United States is considered a safe third country with regard to a comparable level of data protection.

 

20. Our Company Profile on LinkedIn

20.1 Data Controller

When you visit our LinkedIn company page, we are jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/help/linkedin/solve) for the processing of your personal data.

We operate our LinkedIn company page to provide information and communicate with you as a user and person interested in our offerings, or as a potential employee or applicant. In accordance with LinkedIn’s Terms of Service, which every user agrees to when creating a LinkedIn profile, we can identify the page’s followers and view their profiles as well as other information they have shared. For example, your LinkedIn name and profile picture are visible to us (and other LinkedIn users) when you visit our page or comment on our posts. We therefore collect only the personal data that, through your active participation, has become an obvious part of our LinkedIn company page. We have no interest in collecting and further processing your individual personal data for marketing purposes. Accordingly, we use the data, if at all, to tailor and improve our offerings.

20.2 Use of Insights and Cookies

In connection with the operation of our LinkedIn company page, we use LinkedIn’s Insights feature to obtain anonymized statistical data about the users of our LinkedIn page. To do this, LinkedIn stores a cookie on the device of users who visit our LinkedIn company page. Session cookies remain on your device only until you stop browsing. Persistent cookies remain on your computer or mobile device until they expire or are deleted. The information stored in the cookies is received, recorded, and processed by LinkedIn, particularly when the user uses LinkedIn services, services provided by other members of the LinkedIn Corporation group, and services provided by other companies that use LinkedIn services. In addition, other entities, such as LinkedIn partners or even third parties, may use cookies on the services to provide services to companies advertising on LinkedIn. For more information on LinkedIn’s use of cookies, please see their Cookie Policy: Cookie Policy | LinkedIn.

LinkedIn’s Privacy Policy contains further information on data processing: LinkedIn Privacy Policy.

20.3 Legal Basis for Processing

The operation of the LinkedIn page, including the processing of users’ personal data, is based on Article 6(1)(f) of the GDPR to pursue our legitimate interests in providing a platform for information and interaction via LinkedIn for and with our users and visitors. Additional legal bases for data processing may arise in individual cases under Article 6(1)(a), (b), and (c) of the GDPR.

20.4 Right to Object

If you wish to object to our processing of your data on our LinkedIn company page—either in general or with respect to specific activities—you may do so by sending a private message via the LinkedIn company page. You may also object directly to LinkedIn regarding the processing of Insights data. You may also object to data processing by LinkedIn by contacting us. Your objection will be forwarded to LinkedIn immediately. 

Please note that in the event of such an objection, the use of the LinkedIn company page and access to the services and information offered through it will be limited or not possible at all.

20.5 Retention Period

We delete personal data once the purpose of data processing has been fulfilled and there are no other legal grounds preventing the deletion of the data. Beyond that, we retain your personal data only to comply with any applicable legal retention requirements. We have no control over the deletion of your data by LinkedIn itself.

20.6 Transfer to Third Countries

It is possible that collected information may also be processed outside the European Union, in the United States. LinkedIn Corporation and its U.S. subsidiaries (“LinkedIn”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), as established by the U.S. Department of Commerce. Accordingly, data transfers to the U.S. are based on the European Commission’s Adequacy Decision of July 10, 2023, pursuant to Article 45 of the GDPR.

 

21. Mastodon

We maintain a profile on the Mastodon instance stiftungen.social at the address stiftungen.social/@joachimherzstiftung.

The stiftungen.social instance is technically operated by Save Social – Networks For Democracy gUG, Emil-Andresen-Str. 47K, 22529 Hamburg. The privacy policy can be found at stiftungen.social/privacy-policy.

We use our Mastodon profile for institutional communication as well as for press and public relations work. The processing of personal data is based on our legitimate interest in modern and wide-reaching communication with the public in accordance with Art. 6(1)(f) of the GDPR.

If you follow our profile or interact with our posts, your username, display name, profile picture, and, if applicable, the content of your interaction will be processed and displayed publicly, depending on your visibility settings. If you send us a direct message, your username and the content of the message will be processed. Content can be distributed to other instances in the Fediverse via the ActivityPub protocol; we have no control over how that content is processed.

Data processed in connection with interactions with our profile remains on the instance until it is deleted by you or by us. As part of technical operations, the instance operator and its hosting provider have access to the data stored on the instance.
 

22. Data Transfer

Your data is generally not transferred to third parties unless we are legally obligated to do so, the transfer is necessary to fulfill the contractual relationship, or you have expressly consented to the transfer of your data in advance. To the extent that external service providers may come into contact with your personal data, we ensure, within the framework of data processing on our behalf pursuant to Art. 28 of the GDPR, that they comply with data protection laws in the same manner. Please also refer to the respective privacy policies of the providers. The respective service provider is responsible for the content of third-party services, although we will, to the extent reasonably possible, verify that these services comply with legal requirements.

 

23. Data Security

We have implemented comprehensive technical and organizational safeguards to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological advancements.

 

As of June 2026

Back to top