Press and publications

Privacy Statement

As the controller within the meaning of the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act [“BDSG”, Bundesdatenschutzgesetz], DFL Stiftung, Eschersheimer Landstraße 14, 60322 Frankfurt am Main, Germany, (“the DFL Foundation“) collects, processes and uses personal data that is collected and stored during visits to and use of the website www.dfl-stiftung.de (the “Website“), in compliance with the data privacy regulations applicable in the Federal Republic of Germany, particularly the GDPR and the BDSG. This Privacy Statement sets out which personal data regarding visitors to the website (hereinafter: “Users“) is collected and how this data is processed.

 

1. Data collection and processing during visits to the Website

Every time a User accesses the Website, the User’s web browser automatically transfers the following data to the DFL Foundation’s web server for technical reasons:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the page accessed
  • Quantity of data transferred
  • Access status (file transferred, file not found etc.)
  • Identification data of the browser and operating system used on the User’s device
  • Name of the User’s internet service provider
  • Website from which the access takes place

The collection and processing of this data occur for the purposes of enabling the use of the Website (establishing a connection), system security and the technical administration of the network infrastructure. The data will not be compared with other sets of data or passed on to third parties either in whole or in part.

The legal basis for processing is Art. 6 para. 1 sentence 1 f) GDPR. The DFL Foundation’s legitimate interest is based on the aim of providing the Users a secure and functioning Website.

Additional reference is made to Clause 3 with regard to the collection and processing of data for analysing the use of the Website and its content as well as the optimisation of the Website through web analytical services.

 

2. Data collection and processing with regard to the DFL Foundation newsletter

2.1 Registration

In order to receive the newsletter of the DFL Foundation, the User must subscribe to it including entering his or her personal data (first and last name, email address).

The collection and processing of this personal data takes place exclusively for the purpose of being able to offer the User the desired information and services and is carried out only in the manner and to the extent which the User has expressly consented to in advance.

The legal basis for processing is Art. 6 para. 1 sentence 1 a) GDPR.

The User may withdraw his or her consent prospectively at any time (e.g. by clicking the unsubscribe link in every newsletter to the contact information listed in the imprint), without this affecting the legitimacy of the processing done prior to the withdrawal of the consent.

 

2.2 Analytics of the use of the newsletter of the DFL Foundation

The DFL Foundation will assign a user ID to the User of the newsletter to determine the time at which the respective edition of the newsletter was opened and which links or functions were activated from that newsletter edition. This tracking takes place for the purpose of internal optimisation of the newsletter of the DFL Foundation. This data will not be passed on.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 a) GDPR. If the User does not want this tracking to take place, he/she can unsubscribe from the newsletter (e.g. via the unsubscribe link in each newsletter edition).

 

3. Data collection and processing in the context of web analysis

The DFL Foundation uses Matomo, an open-source analytics application developed by InnoCraft Ltd., New Zealand (“Matomo”) to analyse use of the Website and its content. This application is installed locally on the DFL Foundation’s servers. The DFL Foundation uses the application without cookies.

Matomo collects and stores the following data:

  • Two bytes of the IP address of the User’s system used to access the Website
  • Website accessed
  • Website from where the User arrived at the accessed web page (referrer)
  • Sub-pages which are accessed from the accessed Website
  • Time spent on the Website
  • Frequency at which Website is accessed

Repeat users are identified by way of a config_id. This is a random character sequence that is calculated using the first two bytes of the IP address, the browser plugin, the operating system and the User’s selected browser language, and then hashed. The ID is deleted and a new one created after 24 hours so that the Website cannot reidentify the User when visiting again.

Using the IP2Location™ IP-Country-Region-City-ISP Database [DB4] features from Hexasoft Development Sdn Bhd, Malaysia, (“ip2location”) likewise installed locally on the DFL Foundation’s servers, additional geolocation information (country, region, town or city) is also collected and stored cumulatively on the basis of IP addresses.

Collection and processing take place only on the DFL Foundation’s servers. The data will not be passed on to Matomo or any other third parties.

Matomo and ip2location are set up to ensure that IP addresses are not stored in their entirety; instead, two bytes of each IP address are masked (e.g. 192.168.xxx.xxx). This renders it impossible to attribute the abbreviated IP address to the specific device used.

A User can prevent such an analysis by using the following opt-out. An iFrame for the opt-out will be loaded when opening the Privacy Statement and a session cookie with the name “matomo_sessid” will be generated within this iFrame. This cookie checks whether the opt-out has already been activated.

However, the DFL Foundation hereby informs the User that in this case, it is possible that the User may not be able to use all functions of the Website to their fullest extent. If the User chooses to opt-out, a cookie with the name “matomo_ignore” and a lifetime of 30 years will be set on the User’s device, which prevents Matomo from storing incoming scripts from the Website. Furthermore, another cookie with the name “mtm_consent_removed” and a lifetime of 30 years will be set. This cookie signals to DFL Foundation’s system not to process or analyse the User’s data. If the User later clears the cookies on their device, these opt-out cookies will also be cleared and will need to be reinstalled.

Further information on privacy can be found in Matomo’s privacy policy.

The legal basis for this processing is Art. 6 para. 1 sentence 1 f) GDPR, whereby the DFL Foundation’s legitimate interest in the processing is the evaluation of Website data for the purpose of optimising it.

4. Special provisions for the DFL Foundation’s official social media accounts

4.1 Special provisions for the DFL Foundation’s official Facebook account

The DFL Foundation processes personal data via the official Facebook account of the DFL Foundation in joint responsibility together with Facebook. In this context, the DFL Foundation processes personal data on the basis of its legitimate interest in promptly providing information to and interacting with the Users in accordance with Art. 6 para. 1 sentence 1 f) GDPR. The DFL Foundation has selected the most privacy-friendly filter settings possible for the use of its official Facebook account.

The DFL Foundation and Facebook have concluded an agreement on joint responsibility in accordance with Art. 26 para. 1 GDPR. A description of how Facebook processes personal data in connection with the official Facebook account of the DFL Foundation and how the agreement on joint responsibility between the DFL Foundation and Facebook is structured can be found via the following link. The privacy policy of Facebook can be found at the following link.

 

4.2 Special provisions for the DFL Foundation’s official Instagram account

The DFL Foundation processes personal data via the official Instagram account of the DFL Foundation in joint responsibility together with Instagram. In this context, the DFL Foundation processes personal data on the basis of its legitimate interest in promptly providing information to and interacting with the Users in accordance with Art. 6 para. 1 sentence 1 f) GDPR. The DFL Foundation has selected the most privacy-friendly settings possible for the use of its official Instagram account.

The DFL Foundation and Instagram have concluded an agreement on joint responsibility in accordance with Art. 26 para. 1 GDPR. A description of how Instagram processes personal data in connection with the official Instagram account of the DFL Foundation and how the joint responsibility between the DFL Foundation and Instagram is structured can be found via the following link. The privacy policy of Instagram can be found at the following link.

 

4.3 Special provisions for the DFL Foundation’s official LinkedIn account

The DFL Foundation processes personal data via its official LinkedIn account in joint responsibility together with LinkedIn. In this context, the DFL Foundation processes personal data on the basis of its legitimate interest in promptly providing information to and interacting with the Users in accordance with Art. 6 para. 1 sentence 1 f) GDPR. The DFL Foundation has selected the most privacy-friendly settings possible for the use of the official LinkedIn account.

The DFL Foundation and LinkedIn have concluded an agreement on joint responsibility in accordance with Art. 26 para. 1 GDPR. A description of how LinkedIn processes personal data in connection with the DFL Foundation’s official LinkedIn account and how the agreement on joint responsibility between the DFL Foundation and LinkedIn is structured can be found via the following link. The privacy policy of LinkedIn can be found at the following link.

 

4.4 Special provisions for the official TikTok channel of the DFL Foundation

The DFL Foundation processes data via its official TikTok channel in joint responsibility together with TikTok. In this context, the DFL Foundation processes personal data on the basis of its legitimate interest in promptly providing information to and interacting with the Users in accordance with Art. 6 para. 1 sentence 1 f) GDPR. The DFL Foundation has selected the most privacy-friendly settings possible for the use of the official TikTok channel of the DFL Foundation.

The DFL Foundation and TikTok have concluded an agreement on joint responsibility in accordance with Art. 26 para. 1 GDPR. A description of how TikTok processes personal data in connection with the official TikTok channel of the DFL Foundation and how the joint responsibility between the DFL Foundation  TikTok is structured can be found via the following link. The privacy policy of TikTok can be found at the following link.

 

4.5 Management of the DFL Foundation’s official social media channels with Fanpage Karma

To manage its official social media channels (Facebook, Instagram, LinkedIn and TikTok), the DFL Foundation uses Fanpage Karma from uphill GmbH, Oranienstraße 188, D-10999 Berlin (“Fanpage Karma“) and uses the functions “Analytics” (for analyses and reports), “Engage” (for community management) and “Publish” (for editorial planning).

The legal basis for the use of Fanpage Karma are the legitimate interests of the DFL Foundation pursuant to Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interests of the DFL Foundation consist in effective and efficient social media management and the optimisation of its own social media contributions, in particular to strengthen the reach of the charitable projects and organisations presented in the individual social media contributions. The general data privacy information of Fanpage Karma can be found here, a list of the processing of personal user data for the services of Fanpage Karma listed above can be found here.

 

5. Social media content

Some content that has been published on YouTube will be loaded on the Website (e.g. in articles). Such YouTube videos are embedded in privacy-enhanced mode more can be found out here. Further information on data processing can be found in YouTube’s applicable privacy statement.

In regard to the sharing of Website content via social media services, see Clause 6.1.

 

6. Sharing content

The DFL Foundation provides Users of the Website with the opportunity to share the Website’s content as described in the following section.

 

6.1 Using the Facebook, X (formerly: Twitter) and LinkedIn social media services

Users can share content from the Website on the social media services provided by Facebook, X (formerly: Twitter) and LinkedIn.

In order to prevent User data from being shared with these services without the User’s consent, the DFL Foundation uses the “Shariff” plugin from the computer magazine c’t to prevent such data from being transmitted without the User’s consent. Only when the User activates the social media services by clicking the relevant icon, thereby consenting to connect with Facebook, X (formerly: Twitter) and LinkedIn, will a connection to the applicable service be established and the social sharing links created, and the User can then publish these links through the service. Further information on data processing by the providers can be found in the applicable privacy statements: Facebook, X (formerly: Twitter) and LinkedIn.

 

6.2 E-mail forwarding

The User can also share and recommend content from the Website via e-mail by clicking the relevant button. The DFL Foundation will not use, process or store in any way the recipient e-mail addresses that the User enters in the e-mail application that opens when he/she clicks the relevant icon.

 

6.3 Temporary storage

The User can also temporarily store links to content from the Website on his/her device and process them via services chosen by the User (e.g. sending them to his/her contacts).

 

7. Data collection and processing in the context of the submission, review, processing, implementation and evaluation as well as control of funding applications and funding projects

The submission, review, processing, implementation and evaluation as well as control of funding applications and funding projects require the provision of personal data (name, contact details etc.) by the User.

The legal basis for processing of the data entered by the User are

  • Art. 6 para. 1 sentence 1 a) GDPR for data for which the User has issued his or her consent to the DFL Foundation. I
  • Art. 6 para. 1 sentence 1 b) GDPR for data which are necessary for the examination, processing, implementation and evaluation as well as control of funding applications and – upon positive decision – the implementation of funding projects.
  • Art. 6 para. 1 sentence 1 c) GDPR for data which are required to comply with official or judicial orders.

 

8. Cookies

The DFL Foundation does not use cookies on the Website, with the exception of the opt-out cookies mentioned in Clause 3.

 

9. Data forwarding to third parties

Aside from the cases outlined, the DFL Foundation will forward personal data to third parties only if it is authorised or obliged to do so. This is the case particularly if the DFL Foundation transfers personal data to government agencies and authorities in accordance with mandatory national legislation or if forwarding is necessary for the purpose of legal action or criminal prosecution in the event of attacks on network infrastructure. The legal basis for this processing is Art. 6 para. 1 sentence 1 c) GDPR in conjunction with Section 24 para. no. 1 BDSG.

 

10. Storage and deletion of personal data

All stored personal data and pseudonymised usage data will be deleted immediately and permanently as soon as they are no longer needed for the purposes for which they were collected or if the User demands this, unless the DFL Foundation is required or entitled by law to preserve the data. If the DFL Foundation is required or entitled by law to preserve the data, the stored personal data and pseudonymised usage data will be permanently deleted upon expiry of the statutory retention periods.

 

11. Security

The DFL Foundation uses technical and organisational security measures to protect personal User data against accidental or intentional tampering, loss, destruction or access by unauthorised persons. These security measures are regularly adapted in accordance with technological developments. Nonetheless, the DFL Foundation advises the User that absolute security can never be guaranteed in online data transmission.

 

12. Links to other websites

The Website may contain links to other websites. This Privacy Statement applies solely to this Website. The DFL Foundation has no influence over content from other providers and does not control whether other providers comply with the applicable data protection regulations or other legal requirements. If a user alerts the DFL Foundation to the presence of unlawful content on linked websites, the DFL Foundation will remove the links from the Website immediately.

 

13. Rights of the User

The GDPR grants a number of rights to the User. In particular, the User has

  • a right of access to personal data concerning themselves (Art. 15 GDPR)
  • a right to rectification of inaccurate data (Art. 16 GDPR)
  • a right to erasure of data under the conditions stipulated in Art. 17 GDPR
  • a right to restriction of processing (Art. 18 GDPR)
  • a right to data portability in accordance with Art. 20 GDPR
  • a right to object to processing, unless this takes place to protect the legitimate interests of the DFL Foundation (Art. 21 GDPR).

If data processing is based on the User’s consent, the User may revoke this at any time with future effect.

The User can assert their rights by submitting an e-mail to info@dfl-stiftung.de  or by post using the address specified at the beginning of this Privacy Statement. The DFL Foundation’s privacy officer can be contacted at dataprivacy@dfl.de. This e-mail address is used to respond solely to enquiries pertaining to privacy.

Furthermore, the User can submit a complaint about the data processing to an appropriate supervisory authority. The authority responsible for the DFL Foundation is the Hessian Commissioner for Data Protection and Freedom of Information [Hessischer Beauftragter für Datenschutz und Informationsfreiheit], and the User can submit a complaint via the following link.

 

14. Where can the User find the relevant legal texts?

The User can access the GDPR via this link and the BDSG and other relevant German legal texts via this link.

 

15. Applicability, validity and up-to-date status of the Privacy Statement

The provisions in this Privacy Statement on the collection, processing and use of the User’s data apply to the User when using the Website. This Privacy Statement is up to date as at 28 June 2024. The DFL Foundation reserves the right to amend this Privacy Statement as needed at any time and with future effect, especially for the purposes of adapting to later versions of the Website or implementing new technologies. The User can view the current Privacy Statement on the Website at any time under the “Privacy Statement” menu item in the footer.