We are pleased that you are visiting the website of the Bundesstiftung Magnus Hirschfeld and thank you for your interest. The protection of your personal data when using our websites is very important to us. In the following text, we would like to inform you about when we collect which data and how we use it.
When you use this website, your personal data will be processed by us as the data controller and stored for the period necessary to fulfil the specified purposes and legal obligations. Below we will inform you about what data this involves, how it is processed and what rights you are entitled to in this regard.
According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is all information that relates to an identified or identifiable natural person (hereinafter “data subject or user”).
1. Name and contact details of the person responsible for processing and the company data protection officer
This data protection declaration applies to data processing by:
Bundesstiftung Magnus Hirschfeld (“BMH”)
Mohrenstraße 34
10117 Berlin
E-mail: datenschutz@mh-stiftung.de
Telephone: 030 – 208 987 65 – 0
Fax: 030 – 208 987 65 – 2
Responsibility for data protection:
You can reach our data protection officer at:
Felix Maximilian Recke
Bundesstiftung Magnus Hirschfeld
Data protection officer
Mohrenstr. 34
10117 Berlin
datenschutz@mh-stiftung.de
2. Collection and storage of personal data as well as type and purpose and their use
a) When visiting the website
When you visit our website mh-stiftung.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and automatically deleted after 4 weeks:
- IP-address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- The website from which access is made (referrer URL)
- Browser type and version as well as other information transmitted by the browser (such as the operating system of your computer, the name of your access provider, geographical origin, language setting, etc.).
We process the data mentioned for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring comfortable use of our website,
- Evaluating system security and stability and
- for other administrative purposes.
The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations in sections 4 and 5 of this data protection declaration.
b) When you register for our newsletter
If you want to subscribe to our newsletter and you have expressly consented in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR, we require your email address and confirmation that you are the owner of the email address provided. This is done via a link in an automated confirmation email that you receive from us after you have registered for the newsletter.
We use your email address to regularly send you our personalized newsletter and to document your authorization to do so. The data will not be passed on to third parties. Providing an email address is sufficient to receive the newsletter. The data will not be passed on to third parties. We send the newsletter via a WordPress plug-in, which also documents when you registered and which newsletters were sent to you and when. If you wish, you can view this personal data summarized in a file.
You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you can send your unsubscribe request by email to datenschutz@mh-stiftung.de at any time.
The processing of the information you provide voluntarily is based on our legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest arises from the purposes for data collection stated above.
c) When participating in events organized by the Bundesstiftung Magnus Hirschfeld
Photos and videos are taken to document the event visually. It cannot be ruled out that you can be identified directly or indirectly in the recordings, so this is personal data.
The Bundesstiftung Magnus Hirschfeld uses this data as part of its reporting, for its general press and public relations work, in particular in social media such as Facebook, Twitter and Instagram, on the Bundesstiftung’s websites and in activity reports. Furthermore, the material for the public relations work of the Bundesstiftung Magnus Hirschfeld can be passed on to other media as press information. The data processing is carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. The purposes mentioned are legitimate interests within the meaning of the aforementioned provision. This processing is particularly necessary to document and promote our event.
You have the right to object to the taking of photos and videos concerning you and their use. The data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion.
d) When registering for an event
We regularly offer a wide variety of events via our website, for which you can register online. When registering for an event, some mandatory information must be provided. This includes
- First and last name
- Email address
Any other mandatory information is marked as such. In addition, additional information can often be provided voluntarily.
The mandatory information is processed in order to be able to identify you as a participant in the event, to reserve your place and to establish and implement the contract for participation with you and to provide you with information about the event before, during and after the event, which should enable you to participate optimally and enables us to plan and ensure that everything runs smoothly. The voluntary data enables us to plan and carry out the event in a way that is appropriate to your interests and age.
Data processing takes place at the request of interested participants and is necessary according to Art. 6 Paragraph 1 Clause 1 Letter b of GDPR for the stated purposes for the fulfillment of the participant contract and the pre-contractual measures.
The personal data we collect for the event will be stored by us for a period of 6 months, unless you have consented to further storage in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR.
If we commission external service providers to process the event registration in individual cases or involve them in the processing process, you will be informed of this before entering your data.
e) For donations to the Bundesstiftung Magnus Hirschfeld
There is currently no option to donate via a website tool.
3. Transfer of data to third parties
In cases of data processing on behalf of others (registration for and implementation of events, registration for a newsletter, web analysis), we pass on data. The processors are specifically named in this data protection information under the respective data processing process.
In addition, we only pass on your personal data if
- you have given your express consent to do so in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR;
- there is a legal obligation to pass on data in accordance with Art. 6 Paragraph 1 Clause 1 Letter c of GDPR.
The data passed on may only be used by the recipients for the purposes stated.
A transfer of personal data to a third country (outside the EU) or an international organization is excluded.
4. Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware.
Information is stored in the cookie that is related to the specific device used. However, this does not mean that we thereby receive immediate knowledge of your identity.
The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website or that you have already logged into your user account. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already visited us when you visit our site again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 Clause 1 Letter f of GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all of the functions of our website.
Necessary cookies and DOM storage
Necessary cookies and DOM storage help to make a website usable by enabling basic functions such as page navigation, shopping cart and access to protected areas of the website. The website cannot function properly without these functions. The use of these cookies and DOM storage is based on a legitimate interest in accordance with Art. 6 Para. 1 Letter f of GDPR.
Name | Provider | Purpose | Expiry | Type |
---|---|---|---|---|
wordpress_* | mh-stiftung.de | The content management system WordPress, on which our website is based, uses these cookies to store authentication details. | Session | HTTP-Cookie |
wordpress_logged_in_* | mh-stiftung.de | The content management system WordPress, on which our website is based, uses this cookie to identify logged-in users. | Session | HTTP-Cookie |
wordpress_test_cookie | mh-stiftung.de | The content management system WordPress, on which our website is based, sets this cookie when you visit the login page for the editorial area. The cookie indicates whether the browser is set to accept cookies. | Session | HTTP-Cookie |
Preference cookies and DOM storage
Preference cookies and DOM storage allow a website to store information that changes the behavior or appearance of the website, such as your preferred language or the region you are in. The use of these cookies and DOM storage is based on a legitimate interest within the meaning of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.
Name | Provider | Purpose | Expiry | Type |
---|---|---|---|---|
borlabs-cookie | mh-stiftung.de | Used to store user consent or refusal to store non-essential cookies and DOM storage. 6 months HTTP cookie | 6 month | HTTP-Cookie |
wp-settings-*, wp-settings-time-* | mh-stiftung.de | The WordPress content management system on which our website is based uses these cookies to personalize the interface. Permanent HTTP cookie | Permanent | HTTP-Cookie |
5. Web analysis
The tracking and targeting measures listed below and used by us are carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.
With the tracking measures used, we want to ensure that our website is designed to meet your needs and is continuously optimized. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.
The respective data processing purposes and data categories can be found in the corresponding tracking and targeting tools.
6. YouTube
We use components (videos) from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”), on our website on the basis of consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.
We use the “extended data protection mode” option provided by YouTube. When you visit a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by sending a message to your browser.
According to YouTube, in “extended data protection mode” your data – in particular which of our websites you have visited and device-specific information including the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video you consent to this transmission.
If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
Google complies with the data protection provisions of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.
For more information on data protection in connection with YouTube, please see Google’s privacy policy.
7. Vimeo
We integrate videos from the Internet video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, on this website via Vimeo plugins.
Every time you visit a page on this website that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. The information that you have visited this page using your IP address is transmitted directly from your browser to the Vimeo server and stored there. By interacting with the Vimeo plug-ins (e.g. clicking, starting), the information generated by the interaction is transmitted to Vimeo and stored there.
If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your member data stored by Vimeo, you must log out of Vimeo before visiting this website.
The privacy policy for Vimeo with more information on the collection and use of your data by Vimeo, your rights in this regard and the setting options for protecting your privacy can be found at http://vimeo.com/privacy.
8. Brute force protection
Our website is based on the WordPress content management system. WordPress provides an administrative area through which the content of the website can be edited. Access to this area is only possible for editors and administrators of this website. This access is monitored and logged by the WordPress plugin “iThemes Security”, for example in the case of incorrect logins or attempts to find out access data by frequently testing passwords (“brute force attack”). Attempts to access the administrative area are stored in our database including the IP address for 7 days and then deleted. If there are several unlawful access attempts, the IP will be stored and blocked beyond this period. There is a legitimate interest in the collection and processing of the IP address by “iThemes Security” according to Art. 6 Para. 1 lit. f GDPR, as this protects this site from technical attacks and unauthorized access attempts. The security of the entire website and the stability of our server are thereby guaranteed, and any personal data processed elsewhere remains protected. The IP addresses used for checking are used by “iThemes Security” only for this purpose. Brute force protection only applies to the administrative area of our website and therefore does not affect the use of our website outside the protected area.
9. Rights of those affected
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
- to request the immediate correction of incorrect or completion of your personal data stored by us in accordance with Art. 16 GDPR;
- pursuant to Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another responsible party;
- pursuant to Art. 7 Para. 3 GDPR, to revoke your consent to us at any time, once given. This means that we may no longer continue the data processing based on this consent in the future and
- to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our headquarters.
10. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to exercise your right of objection, simply send an email to datenschutz@mh-stiftung.de.
11. Data security
All personal data you transmit is transmitted using the generally accepted and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognize a secure TLS connection by the s appended to http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
12. Up-to-dateness and changes to this data protection declaration
This data protection declaration is currently valid and is dated September 2020.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at http://mh-stiftung.de/datenschutzerklaerung/.