Please note that should discrepancies arise between the English and German versions of this notice, the German text should be considered the authoritative version.

Data Protection Notice

The Ettersberg Foundation (hereafter referred to as “we”) is responsible for the processing of personal data of users (hereinafter referred to as “you”) on the website within the meaning of the General Data Protection Regulation (GDPR).

We protect your privacy and personal data. We collect, process and use your personal data in accordance with the content of this data protection notice and the applicable data protection regulations, in particular the GDPR.
In the following data protection notice, we inform you about what personal data we collect about you, how we process it and what rights you have in this regard. Please read the following information carefully.
Personal data within the meaning of this data protection notice is all information relating to an identified or identifiable natural person (hereinafter ‘data subject’). This includes, in particular, your name, address, e-mail address and telephone number, as well as information about your use of our website, such as your IP address.

1. Contact information of the data controller

We are responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR:

Ettersberg Foundation
Jenaer Strasse 4
99425 Weimar
Germany
T +49 (0)3643 4975 – 0
weimar@stiftung-ettersberg.de

2. Contact information of the data protection officer

We have appointed an external data protection officer whom you can contact by post or email if you have any questions about data protection or the assertion of your rights as a data subject:

Hannes Großstück
b.it.s Beratung | IT | Service
Linderbacher Weg 30
99099 Erfurt
Germany
datenschutz@bits-erfurt.de

3. Processing of your Personal Data

3.1 When visiting the website
As soon as you visit our website, the browser used by your device automatically sends information — server log files (hereinafter referred to as “log files”) – to our website’s server. The following information is stored in these log files:

Our website’s server is operated and maintained by an external website host (hereinafter referred to as “host”). We use the following hosts to manage our website:
ALL-INKL.COM – Neue Medien Münnich
Owner: René Münnich
Hauptstraße 68
02742 Friedersdorf
Germany

Your access to our website is administratively logged with your full IP address by our host to detect and defend against cyber-attacks. We cannot access this data ourselves.
We have concluded an order processing agreement (AVV) with our host. This contract guarantees that our host only processes your personal data in accordance with our instructions and in accordance with the GDPR.
The processing of the log files is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest or that of our host is the secure and trouble-free provision of our website.

You have the right to object to this data processing in accordance with Art. 21 GDPR. Further information can be found under point 6 of this data protection notice.

The log files are automatically deleted by our host after maximum seven (7) days.
You are not required by law to provide us with your personal data. If you do not provide us with this data, you will not be able to use our website (in full).

3.2 Contact by e-mail, post and telephone
You can contact us via the e-mail addresses, postal addresses and telephone numbers published on our website. In these cases, we process the personal data provided by you, in particular

We process this data for the purpose of processing your inquiry and to be able to contact you in order to answer your inquiry.
This data processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the smooth communication with you.

Pursuant to Art. 21 GDPR, you have the right to object to this data processing. Further information can be found under point 6 of this data protection notice.

If your inquiry is intended to register for an event or carry out other pre-contractual measures, this data processing is based on Art. 6 para. 1 lit. b GDPR.
Within our foundation, only those individuals who are entitled to receive your personal data will receive them.
We only store your personal data for as long as necessary to complete your request and its deletion does not conflict with any statutory retention periods to which we are legally bound.
You are not required by law to provide us with your personal data. If you do not provide us with this data, we cannot (fully) communicate with you.

3.3 Donations and gifts
You can support our work with a donation or gift via the bank details published on our website. In the case of a donation, we process the personal data you provide, in particular

We process this data for the purpose of processing your donation and, if necessary, issuing and sending you a tax receipt.
The processing of your donation is based on Art. 6 para. 1 lit. b GDPR.
The issuance and mailing of a tax receipt, if necessary, is based on Art. 6 para. 1 lit. c GDPR. The legal obligation arises from § 10b EStG in conjunction with § 50 para. 1 EStDV.
Within our foundation, only those individuals who are entitled to receive your personal data will receive them.

Outside our foundation, the following bodies in particular may receive your personal data:

We only store your personal data until the processing of your donation has been completed and any desired confirmation of donation has been issued and sent to you. In addition, we store your personal data only for as long as necessary to remain in compliance with legal retention periods to which we are legally bound (usually up to 10 years).
You are not required by law to provide us with your personal data. If you do not provide us with this data, we cannot (fully) process your donation and may not be able to issue and send you a tax receipt.

3.4 Online registration form for group bookings
You can register for guided tours for groups via a contact form on our website.
After the submission of your booking request, we process the personal data entered by you in the relevant fields.
We process this data for the purpose of processing your booking inquiry and to be able to contact you for the purpose of this inquiry and, if necessary, subsequent organization of the appointment.
This data processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the smooth communication with you.

Pursuant to Art. 21 GDPR, you have the right to object to this data processing. Further information can be found under point 6 of this data protection notice.

If your booking request is aimed at concluding a written agreement, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you book a training course, a guided tour or a project day as a teacher of a Thuringian school and participate in it, we will also use your data for the purpose of inviting you to other similar events. This data processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in targeted the appropriate audience for these events.

Pursuant to Art. 21 GDPR, you have the right to object to this data processing. Further information can be found under point 6 of this data protection notice.

Within our foundation, only those individuals who are entitled to receive your personal data will receive them. We do not transfer any data to external bodies.
We only store your personal data for as long as necessary to process your booking request and, if required, for the coordination of any subsequent appointments, and the deletion does not conflict with any statutory retention periods to which we are legally bound.
You are not required by law to provide us with your personal data. If you do not provide us with this data, we will not be able to (fully) process your booking request and will not be able to (fully) communicate with you.

Technical provision of the online registration form by our host
As soon as you submit your booking question, your IP address and the date and time of submission are administratively logged by our host in order to detect and prevent the misuse of the online registration form. We cannot access this data ourselves.
Our host processes these log files to detect and prevent the misuse of the online registration form and is bound by our instructions and compliance with the GDPR within the framework of the concluded contract.
The processing of the log files is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest of our host is the secure and trouble-free provision of the online registration form.

Pursuant to Art. 21 GDPR, you have the right to object to this data processing. Further information can be found under point 6 of this data protection notice.

The log files are automatically deleted by our host after maximum seven (7) days.
You are not obliged to provide your personal data to our host. If you do not provide this data, you will not be able to use our online registration form (in full).

4. Disclosure of personal data

We will only disclose your personal data to third parties if:

This shared data may only be processed by third parties for purposes consented to, or arising from the fulfilment of a contract or the implementation of pre-contractual measures or legal obligations.
We do not intend to transfer your personal data to a third country or an international organisation.

5. Cookies

Cookies are small text files that are automatically stored on your device by your browser. As soon as you access a website again with the same device, your browser sends the information stored in the cookies to this or another website to which the cookie belongs. As a result, the respective website recognises you and can be displayed optimally according to your settings.
We only use technically necessary cookies to ensure the proper functioning of our website. The information stored in the cookies (language, time) is sent exclusively to our website. The processing of this data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the technically error-free and optimised provision of our website.

You have the right to object to this data processing in accordance with Art. 21 GDPR. Further information can be found under point 6 of this data protection notice.

These technically necessary cookies are stored temporarily for the duration of a session (so-called session cookies) and are automatically deleted after the end of your website visit.
You are not obliged to allow the use of cookies. If you do not want cookies to be placed on your device, you can deactivate them in your browser settings. In addition, you can delete stored cookies in your browser settings at any time. If you deactivate the use of cookies in your browser settings, this may lead to functional restrictions on our website.

6. Your rights as a data subject

The following rights exist only according to the respective legal requirements and may be limited or excluded by special regulations.
You have the right to obtain from us a confirmation as to whether or not personal data that concerns you are being processed. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
You have the right to immediately request the correction of incorrect personal data and, if necessary, the completion of incomplete personal data (Art. 16 GDPR).
You have the right to request that the responsible party delete personal data concerning them without delay if one of the reasons specified in Article 17 GDPR applies, e.g. if the data are no longer required for the aforementioned purposes (the so-called right to be forgotten).
You have the right to request that we restrict the processing of your data if one of the measures referred to in Art.18 GDPR applies, e.g. if you have objected to the processing, for the duration of any review by the data controller.
You have the right to receive the personal data concerning you in a structured, common and machine-readable format and to transmit this data to another controller (Art. 20 GDPR – Right to data portability).
You have the right to revoke your consent to the processing of your personal data at any time (Art. 7, para. 3 GDPR). The lawfulness of the processing of your personal data, which took place on the basis of your consent until its revocation, remains unaffected.

Information about your right to object, as per Art. 21 GDPR (General Date Protection Regulation)

Pursuant to ART. 21 para. 1 GDPR, YOU HAVE THE RIGHT to OBJECT AT ANY TIME to THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INSOFAR AS WE HAVE PROVIDED OUR LEGITIMATE INTEREST OR THE LEGITIMATE INTEREST OF A THIRD PARTY (ART. 6 PARA. 1 LIT. F GDPR) AS THE LEGAL BASIS. WE WILL THEN NO LONGER PROCESS YOUR PERSONAL INFORMATION UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS INTENDED TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA for DIRECT MARKETING PURPOSES, you HAVE the RIGHT, pursuant TO ART. 21 2 GDPR, TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. WE WILL THEN NO LONGER PROCESS YOUR PERSONAL DATA FOR THESE PURPOSES.
It is sufficient to send an email to datenschutz@bits-erfurt.de if you wish to assert a right as a data subject.

7. Your right to lodge a complaint with a supervisory authority

As part of the processing of your personal data, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 para. 1 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace, or our headquarters.

The competent supervisory authority in Thuringia can be reached at:
Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI)
Häßlerstraße 8
99096 Erfurt
Germany
(www.tlfdi.de)

8. Data Security

All information that you transmit to us is stored on servers in Germany. Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted to our website via the Internet.
We secure our website and other systems using technical and organisational measures against loss, destruction, access, modification or processing of your data by unauthorised persons. In particular, we store your personal data in encrypted form. We use TLS encryption, which supports version TLS 1.3. You can recognize the secure connection by the small lock symbol or the “s” attached to the “http” (i.e. “https”) in the address bar of your browser.

9. External Links

Our website contains links to third-party websites. If you follow a link, please note that we cannot assume any responsibility or guarantee for third-party content or data protection regulations. Please check the applicable data protection regulations before voluntarily submitting your personal data to any third-party website.

10. Changes to this Data Protection Notice

We reserve the right to change this date protection policy at any time with future effect. An up-to-date version is available on our website. Please inform yourself regularly about our data protection notice.