Data protection notice

The following notice is intended to provide you with detailed information in relation to the way personal data is processed when you use pages on the website www.nolde-stiftung.de, and your rights in relation to this data processing.

1. Controller and Data Protection Officer

The Controller for data processing associated with the use of our Internet presence is:
Stiftung Seebüll Ada und Emil Nolde
25927 Seebüll/Neukirchen
Tel: +49 (0)4664–98 39 30
E-Mail: info@nolde-stiftung.de

You can find more contact details in the legal notice.

The organisation’s Data Protection Officer is:
Mr Bülent Kremser
Tel: (+49) 04664–98 39 319
E-Mail: datenschutz@nolde-stiftung.de

2. Definitions

Personal data means any information relating to an identified or identifiable natural person (referred to in applicable law as a „data subject“). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Cookies are small text files that are saved locally on the user’s end device (e.g. their PC, smartphone, tablet PC, etc.) when they visit a webpage. Cookies can include various information about the end device used to visit the webpage. If the user reconnects to the web server that placed the cookies on the device at a later date, this information is sent back to the web server so that the web server can recognise the user concerned and their settings.

GDPR is the abbreviation for REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

We automatically collect certain data when you use our Internet presence:

IP address and log files

a) Explanation and purpose of processing:

Every time you access our website, we automatically process the following data:

The IP address of your computer or other end device (for example your tablet PC or smartphone) and the request(s) made by your browser
The amount of data transferred, the type and version of your Internet browser, your screen resolution and the operating system your device is running.

The details of your IP address and the information on the request(s) made by your browser are essential; you will not be able to retrieve or use the website unless we collect this data. The data has to be processed in order to establish a connection to the webpage(s) concerned and display them on your device. Once it is no longer necessary for us to process IP address data in order for you to retrieve/use our Internet presence, the data is either abbreviated to render it anonymous, or deleted altogether.

We also use the data mentioned above for the following purposes:

To ensure the connection to the website is established correctly,
To provide a pleasant user experience on our website,
To assess system security and stability,
For other administrative purposes.

The information regarding the amount of data transferred, the type and version of your browser, your screen resolution and the operating system on your end device is collected and processed so that we can optimise the way content is displayed, determine the load on the system, and adjust and improve our Internet presence in the future. Such adjustments may be made on the basis of statistical analysis.

The data is deleted as soon as it is no longer required for the purpose for which it was collected. Where data is collected in order to deliver a webpage to you, the data is surplus to requirements as soon as your session comes to an end. Log files are deleted and/or anonymised after no more than seven days, such that they can no longer be attributed to the client that retrieved the webpage(s).

b) Legal basis:

The legal basis for processing is Article 6 (1) (1) (f) GDPR. Our legitimate interest in processing derives from the need to ensure it is technically possible for users to retrieve our Internet presence, the need to ensure that content is optimally displayed to users, and our legitimate interest in further improving/optimising our Internet presence.

c) Your right to object:

You have a right to object to data processing on the basis of Article 6 (1) (1) (f) GDPR, without prejudice to any other rights. For further details, see Section 6: „Rights of data subjects“ below.

Use of cookies by our server

a) Explanation and purpose of processing:

Our webpages make use of cookies placed on systems by our web server (see above for further details). You will be notified of this at least once by a banner that will be displayed on screen the first time you visit our website. This banner may appear again during subsequent visits.
The cookies our server uses are known as session cookies. These cookies help us to recognise when a single user has made multiple, associated requests, and to attribute these requests to a specific session. They are deleted automatically as soon as the session comes to an end.

b) Preventing cookies from being stored on your device

You can stop cookies from being stored by changing the relevant settings in your browser. You can also delete cookies yourself from within your browser. Be aware that deleting cookies may adversely affect the functionality of certain features on the webpage you are trying to view, or stop it from working altogether.

c) Legal basis

The legal basis for this processing is Article 6 (1) (1) (f) GDPR. Our legitimate interest in processing is derived from our interest in allowing and optimising access to our Internet presence and the functionality contained within it.

d) Your right to object

4. Recipients of personal data

In the course of providing our Internet presence we may disclose personal data to third parties, including data processors pursuant to Article 28 GDPR. Such disclosures are only ever made where there is a specific purpose for doing so. Personal data may be disclosed to IT service providers (for the purpose of monitoring and maintaining our hardware and software), web developers/system administrators (for monitoring and maintaining our Internet presence) and to Google for website analysis (see above for further details).

5. Rights of data subjects.

a) You have the right to request confirmation from us as to whether we are processing your personal data. If we are, you have a right to information in respect of this personal data, as provided by law (Article 15 GDPR, in conjunction with Article 34 of the German Data Protection Act – Bundesdatenschutzgesetz – BDSG). This right does not apply if:

The data concerned is being retained because it cannot be deleted due to statutory retention requirements, or
The data is only being used for purposes of data security or data protection checks

and where providing the requested information would entail a disproportionate effort and the possibility of processing the data for other purposes is excluded by means of appropriate technical and organisational measures.

b) In addition, you also have the right to demand the rectification of any inaccurate personal data relevant to you and – taking into account the purpose of the processing – to demand the completion of incomplete data, including by means of providing a supplementary statement (Article 16 GDPR). In the circumstances set out in Article 17 (1) (a) to (f) GDPR, you also have the right to the erasure of personal data, provided that no exceptions apply as set out in Article 17 (3) GDPR. Moreover, you have a right to restrict processing in the circumstances set out in Article 18 (1) GDPR. You also have a right to data portability in the circumstances detailed in Article 20 (1) GDPR.

c) If you feel that personal data relating to you has been processed in breach of the GDPR, you have the right to lodge a complaint with the relevant supervisory authority.

d) Your right to object to processing on the basis of a legitimate interest
Where data is processed on the basis of Article 6 (1) (f) GDPR („legitimate interest“), you have the right to object to the processing of personal data relevant to you at any time on grounds related to your particular situation. Exercising your right to object may restrict your ability to use our Internet presence or individual services or features within it, or prevent you from accessing it altogether.

6. Changes to this notice

This data protection notice may be amended in future to take account of changes in circumstances, and in particular to reflect changes to legal requirements, official practice, jurisprudence or case law.
Last updated: 17 May 2018