Privacy

Privacy Policy

We are delighted about your interest in our foundation and our work. The protection of your personal data (such as your name, address, e-mail address or telephone number) is very important to us. With the following Privacy Policy we would like to inform you which personal data are processed when using our website and during our foundation work and for what purposes these data are used. We would also like to inform you of your rights. This Privacy Policy implements the requirements of the new EU General Data Protection Regulation (hereinafter referred to as GDPR), which came into force on 25 May 2018.

I. Terms used

The terms used in our Privacy Policy are based on the definitions laid down in Article 4 of the GDPR. For ease of understanding, we would like to first of all explain the main terms used in the policy:

(1) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(2) Data subject

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

(3) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(4) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

(5) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

(6) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

(7) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

(8) Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(9) Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, regardless of whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

(10) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

(11) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

II. Name and address of the controller:

knodel foundation

1st chairman: Patrick Knodel

Administration / postal address:

Im Mediapark 8
D-50670 Cologne

Telephone: +49 221 71600110

E-Mail: patrick@knodelfoundation.org

III. How to contact the data protection officer

The knodel foundation has announced a data protection officer, who is responsible for this website. He can be contacted as follows:

knodel foundation
Data Protection Officer
Im Mediapark 8, 50670 Köln
E-Mail: info@knodelfoundation.org

IV. Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights towards us as the controller:

(1) Right to information

You can ask the controller to confirm whether personal data concerning you are being processed by us.

If such processing takes place, you can request the following information from the controller:

  • the purposes for which the personal data are processed;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
  • the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to correction or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information on the origin of the data, if the personal data are not collected from the data subject;
  • the existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information as to whether the personal data concerning you are transmitted to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

(2) Right to rectification

You have the right to rectification and/or completion towards the controller if the personal data processed concerning you are incorrect or incomplete. The controller must make the correction without delay.

(3) Right to restriction of processing

You may request that the processing of personal data concerning you be restricted under the following conditions:

  • if you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
  • The processing is unlawful, you reject the erasure the personal data and instead demand the restriction of the use of personal data;
  • The controller no longer needs the personal data for the purposes of processing, but you require them to assert, exercise or defend legal claims; or
  • if you have filed an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed, except for being stored, with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

(4) Right to erasure

a) Erasure obligation

You may demand that the data controller deletes the personal data relating to you without delay and the controller is obliged to delete these data without delay if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR and there is no other legal basis for processing.
  • You object to processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to processing in accordance with Art. 21 (2) GDPR.
  • Your personal data were processed unlawfully.
  • The erasure of your personal data is necessary to fulfil a legal obligation under Union or Member State law which the controller is subject to.
  • The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the erasure of all links to these personal data or of copies or replications of these personal data.

c) Exceptions

The right to erasure does not exist insofar as the processing is necessary

  • to exercise the right to freedom of expression and information;
  • for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law referred to under section a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  • to assert, exercise or defend legal claims.

(5) Right to information

If you have exercised your right to have the controller correct or erase the data or restrict the processing, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or erasure of the data or the restriction on processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of such recipients by the controller.

(6) Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to pass these data on to another controller without obstruction by the controller to whom the personal data was provided, if:

  • processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and
  • processing is carried out using automated methods.

In exercising this right, you further also have the right to request that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

(7) Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Art. 6 (1) lit. e or f GDPR; this also applies to any profiling based on these provisions. 

The controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is required for the establishment, exercise or defence of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes towards our company, we shall no longer process the personal data concerning you for such purposes.

Further, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.

(8) Right to withdraw the data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

(9) Automated decisions in individual cases including profiling

You have the right to not be subject to a decision based exclusively on automated processing, including profiling, that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the controller,
  • is admissible by law of the Union or of the Member States to which the controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
  • takes place with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, the right to state one’s own position and to challenge the decision.

(10) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is in breach of the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

V. General information on data processing on our webpages

(1) Scope of processing of personal data

We categorically only process personal data of our users if this is necessary to provide a functional website and our contents and services.

Our users’ personal data is therefore generally only processed with their consent. An exception applies in those cases where prior consent cannot be obtained for justified reasons and if processing of the data is permitted by law.

(2) Legal bases for the processing of personal data

The legal bases on which we process personal data are usually specified in the following Privacy Policy in connection with the respective processing. If this is not the case, we process the data on the basis of the following legal bases:

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If processing is necessary for compliance with a legal obligation to which our foundation is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) lit. d GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our foundation or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.

(3) Data erasure and storage duration

We will erase or block the personal data of the data subject as soon as the purpose of storage ceases to apply. Data may be stored beyond this point in time if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is required for the conclusion or fulfilment of a contract.

(4) Security measures

We take technical and organisational security measures to ensure a level of protection of our users’ personal data and other confidential contents appropriate to the risk (e.g. inquiries to the controller). We continually adapt these measures to the current state of the art. In addition to the (e.g.) means of access control, we therefore use an encryption procedure in all relevant areas of our webpages. In this case, the information provided by our users is transmitted in encrypted form, i.e. using the SSL protocol (Secure Socket Layer). Encrypted connections are indicated by the character string “https://” and the padlock symbol in the browser line.

VI. Provision of the website and creation of log files

(1) Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • the user’s IP address
  • Date and time of access
  • Websites from which the user’s system gets to our website
  • Websites accessed by the user’s system through our website

The data are also stored in the log files of our system. However, these data are not stored together with other personal data of the user.

(2) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.

(3) Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the webpages to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The data are stored in log files to ensure the functionality of our webpages. In addition, the data help to optimise our webpages and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes.

(4) Duration of storage

The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the webpages, this is the case when the respective session has ended.

If the data are stored in log files, these are deleted after seven days at the latest. Further storage is possible. In this case however, the IP addresses of the users are deleted or anonymised, so that an assignment of the accessing client is no longer possible.

(5) Possibility of objection and deletion

The collection of the data for the provision of the webpages and the storage of the data in log files are absolutely necessary for the operation of the website. There is thus no possibility of objection on the part of the user.

VII. Use of cookies

(1) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser in the user’s IT system. If a user visits a website, a cookie may be stored in the user’s operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is accessed again.

We use cookies to make our webpages more user-friendly. Some elements of our webpages require that the accessing browser can be identified even after a page change.

We also use cookies on our webpages which enable an analysis of the user’s browsing behaviour.

Technical measures are used to pseudonymise user data collected in this way. It is therefore no longer possible to assign the data to the accessing user. The data are not being stored together with other personal data of the users.

The user is informed about the use of cookies for analytical purposes when accessing our website and his or her consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this Privacy Policy.

(2) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes, if corresponding consent by the user has been provided, is Art. 6 (1) lit. a GDPR.

(3) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of our webpages for users. Some functions of our website cannot be provided without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The user data collected by technically required cookies are not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content. Analysis cookies tell us how the website is used, allowing us to continuously optimise our offer.

Our legitimate interest in the processing of personal data pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes.

(4) Duration of storage, possibility of objection and deletion

Cookies are stored on the user’s computer and transmitted from this computer to our website. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

VIII. Online donations and payment methods

(1) Description and scope of data processing

On our website you have the option to support our projects through online donations. We use a donation form for this purpose. Donations can be made via PayPal (Europe) S.à.r.l. et Cie, S.C.A.  (22-24 Boulevard Royal, L-2449 Luxembourg) or by bank transfer.

If this option is used, the data entered into the input mask are collected. These are:

  • If applicable, name of the organisation / company
  • Title, surname and first name
  • Street and house number
  • Postcode, town and country
  • Email address
  • Donation amount
  • Desired method of payment; if payment is made via PayPal, the user is forwarded to the website of the payment service. PayPal is responsible for further data processing, the information specified by PayPal therefore must be provided (PayPal’s current data protection regulations can be found at www.paypal.com/de/webapps/mpp/ua/privacy-full).
  • And optional: Telephone and any contents of the comments field

In addition, the following data is transmitted to us and stored:

  • Date and time of the donation
  • With payment method PayPal, transaction information by PayPal

For the transmission of data in connection with the online donation we use a secure SSL connection (recognisable by the padlock symbol in the address line of the browser). The data transmitted to us therefore cannot be read by third parties.

For the purpose of payment processing, the data entered in the donation form are automatically transmitted to the online payment service provider PayPal. The data are not passed on to any other third parties.

By clicking the button “Spenden” (“Donate”) the donation process is completed.

By donating, you consent to the collection and storage of the above data. During the donation process you will also be referred to this Privacy Policy and confirm by clicking on a mandatory checkbox that you have read and accepted the Privacy Policy.

(2) Legal basis for data processing

The legal basis for data processing is Art. 6 (1) lit. a GDPR (consent) and Art. 6 (1) lit. b GDPR (processing for the fulfilment of a contract).

(3) Purpose of data processing

The sole purpose of processing the data is to fulfil and process the donation.

(4) Duration of storage

The data will be deleted or blocked as soon as the purpose of storage ceases to apply and there are no longer any legal regulations on the obligation to store data.

(5) Possibility of objection and deletion

Consent to the processing of personal data can be withdrawn at any time. The data will be deleted in this case, provided that there are no legal regulations on the obligation to store data. If such obligations exist, the data will initially be blocked for further use and deleted after expiry of the retention periods.

The legality of the data processing that takes place until the withdrawal remains unaffected by the withdrawal.

The contact data of the controller provided at the start of this Privacy Policy can be used to object to the storage.

IX. Web analysis with Google Analytics (with anonymisation function)

(1) Description and scope of data processing

On our website we use Google Analytics (including the operating type “Universal Analytics”) a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies (as already outlined under section V.) are used. The information generated by the cookie about your use of this website such as:

  • browser type/version,
  • operating system used
  • referrer URL (the previously visited page),
  • access times and visitor frequency,
  • host name of the accessing computer (IP address),
  • time of the server request,

are transmitted to a Google server in the USA and stored there. These collected data may also be transferred by Google to third parties if required by law or if third parties are commissioned to process these data.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. The certificate can be viewed here:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We only use Google Analytics with activated IP anonymisation (so-called IP masking). This means that the IP address of the users will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not connected with any other Google data.

(2) Legal basis

The legal basis for processing users’ personal data is

Art. 6 (1) sentence 1 lit. f GDPR.

(3) Purpose of data processing

On our order, Google uses this information to assess the use of the website, to compile online reports on website activities and to provide us with further services related to the use of the website and the internet. The processed data may be used to create pseudonymous usage profiles. This processing helps us to continuously improve our website and its user-friendliness.

Our legitimate interest in the processing of the data pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes. By anonymising the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

(4) Duration of storage

Users’ personal data is automatically deleted or anonymised after 14 months.

(5) Possibility of objection and deletion

Users can prevent the storage of cookies by setting their browser software accordingly and thereby objecting to the setting of cookies permanently. Additionally, a cookie already set by Google can be deleted at any time via the internet browser or other software programs.

Furthermore, users can prevent the collection of data generated by the cookie and the transmission of data relating to their use of our website to Google and the processing of this data by Google by downloading and installing the browser add-on available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

The browser add-on prevents future collection of your data when you visit this website. To prevent Universal Analytics from collecting data from different devices, the browser add-on must be installed on all systems used. Furthermore, tracking by Google Analytics can be deactivated by setting an opt-out cookie. The opt-out cookie can be set by clicking on the following link:

Set opt-out cookie

The opt-out cookie only prevents web analysis as long as it is not deleted.

Further information and Google’s current privacy policy can be found at:

https://www.google.de/intl/de/policies/privacy/

and at

http://www.google.com/analytics/terms/de.html

Additional explanations on Google Analytics can be found at:

https://www.google.com/intl/de_de/analytics/

X. Use of Google Adwords Conversion Tracking

(1) Description and scope of data processing

To promote our website we use “Google Adwords” and in this context the “Conversion-Tracking” of the provider Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA). As a result, if a user accesses our website via a Google ad, a so-called “conversion cookie” is stored on the user’s computer (the term “cookie” is already explained in section VI.). Conversion cookies have a limited validity and do not serve to identify the data subject.

The conversion cookie collects information about the activities of the user on our website (e.g. surfing behaviour or visited sub-pages of our web presence). All usage data is stored using a pseudonym, so that personal identification is generally excluded.

Google also uses the information collected via the conversion cookie to generate visit statistics about our websites. This tells us the total number of users who have been referred to us via AdWords ads. The information collected and the IP address of the user are transmitted to Google in the USA and stored there. Google may share these data with third parties.

More information about Google AdWords Conversion Tracking can be found at:

https://support.google.com/adwords/answer/1722022?hl=de

(2) Legal basis

The processing of personal data within the framework of Google AdWords is carried out on the basis of Art. 6 (1) lit. f GDPR on the basis of legitimate interest in targeted advertising and the analysis of the effect and efficiency of this advertising.

(3) Purpose of data processing

The purpose of Google AdWords is the targeted advertising of our website. The visit statistics serve the analysis of the effect and efficiency and therefore the optimisation of our AdWords ads.

Our legitimate interest in the processing of these data pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes.

(4) Possibility of objection and deletion

Users can prevent the storage of cookies by setting their browser software accordingly and thereby objecting to the setting of cookies permanently. Additionally, a cookie already set by Google can be deleted at any time via the internet browser or other software programs.

Furthermore, users can disable personalised advertising for them in Google’s advertising preferences. Instructions can be found at the following link:

https://support.google.com/ads/answer/2662922?hl=de

XI. Integration of third-party services and content

(1) Description and scope of data processing

On our website we have integrated YouTube Videos of the Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The integration of such contents requires that the third-party providers have access to the IP address of the user, otherwise the contents cannot be transmitted to the user’s browser.

In addition, some third-party providers also use web beacons, which make it possible to statistically evaluate the number of visitors and surfing behaviour. The data collected in this way can be stored together with further technical information (in particular browser type, operating system and referring website) in cookies (as already described under section VI.), on the user’s computer. Usage data is stored using a pseudonym, so that personal identification is generally not possible.

However, if the user has his or her own account with the third-party provider and is logged in there while visiting our webpages, the information can be assigned to the user’s account.

The processing of personal data by the provider Google LLC takes place on servers in the USA. However, Google have submitted to the EU-US Privacy Shield and guarantees a level of data protection comparable to European regulations. More information on the EU-US Privacy Shield can be found at the following link:

https://www.privacyshield.gov/EU-US-Framework.

Further, additional information on the data protection provisions of the provider is available at the following lins:

For better data control, we also use the so-called “extended data protection mode” for the integration of YouTube videos, i.e. no data about the user is transmitted to YouTube until the video is played. A transmission of the aforementioned data occurs only when a video is actively clicked.

(2) Legal bases for the processing of personal data

The legal basis for the integration of third-party content is Art. 6 (1) lit. f GDPR.

(3) Purpose of data processing

The integration takes place in order to be able to provide our users with a needs-oriented website and in the interest of continuously optimising the content and operation of our pages.

Our legitimate interest pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes.

(4) Removal option

Data processing in connection with the integration of YouTube videos on our pages is deactivated by default. Processing therefore only takes place when a video is actively clicked on by the user. The user therefore has control over whether he or she wishes to allow the data to be transmitted to the relevant providers and processed by them.

With regard to the integration of “YouTube” videos, a removal or opt-out option is also available at the following link:

https://adssettings.google.com/authendicated

XII. Up-to-dateness and amendment of this Privacy Policy

This Privacy Policy is currently valid and was last updated in May 2018.

An amendment of this Privacy Policy may be required from time to time due to further development of our website or due to changed legal and that regulatory requirements. You can access and print out the current Privacy Policy at any time at knodelfoundation.org/en/privacy/.

XIII. Queries on data protection

Should you have any further queries regarding data protection with regard to our website or our foundation, you can contact us at any time at the contact address provided above.