Hertie School is pleased that you are visiting our website and that you are interested in our organisation. We take the protection of your personal data very seriously and adhere strictly to the provisions of current data privacy laws.
1. Name and contact details of the Controller:
Hertie School, Friedrichstraße 180, 10117 Berlin, Germany
Telefon: +49 (0)30 259219-0
Fax: +49 (0)30 259219-111
2. Name and address of Hertie School's data protection officer:
3. Acquisition and storage of personal data and nature and purpose of their use
a) When you visit the website
When you open our website at hertie-school.org, the browser used on your terminal will automatically send information to our website server. This information is stored temporarily in a so-called log file. The following information is stored without your assistance and kept until automatic deletion:
- IP address of the inquiring computer
- Date and time of access
- Name and URL of the retrieved file
- Browser used and, if applicable, your computer's operating system and the name of your access provider
The purposes for which we process the data mentioned are the following:
- Ensure trouble-free website connection build-up
- Ensure comfortable use of our website
- Evaluate the safety and stability of the system
- Other administrative purposes
The legal basis for the data processing is Art. 6 (1) Sentence 1 f) EU General Data Protection Regulation (GDPR). Our legitimate interest results from the purposes of data collection itemised above. Under no circumstances will we use the data collected for the purpose of drawing conclusions about your person.
b) When you register for our newsletter and for receiving further information
If you have given your express consent in accordance with Art. 6 (1) Sentence 1 a) GDPR, we will use your e-mail address to send you our newsletter and further Hertie School information on a regular basis. The specification of an e-mail address is sufficient to receive the newsletter. You can unsubscribe at any time, e.g. by using a link provided at the end of each newsletter. Alternatively, you may at any time e-mail to us your deregistration request using dataprotection[at]hertie-school[dot]org.
c) When you register for events
We will use your e-mail address to invite you to Hertie-School events, if, in accordance with Art. 6 (1) Sentence 1 a) GDPR, you have given your explicit consent hereto.
4. Transmission of data
Your personal data will not be transmitted to any third party, unless:
- you have given your explicit consent to this in accordance with Art. 6 (1) Sentence 1 a) GDPR;
- transmission is necessary, pursuant to Art. 6 (1) Sentence 1 f) GDPR, to establish, exercise or defend legal claims, and provided there is no reason to assume that you have an overriding legitimate interest in not having your data transmitted;
- there is a legal obligation, as specified in Art. 6 (1) Sentence 1 c) GDPR, to transmit data; and
- this is legally permissible and, pursuant to Art. 6 (1) Sentence 1 b) GDPR, necessary for the performance of a contract concluded with you.
A cookie stores information regarding the specific device used when visiting our website. However, this does not mean that your identity will be disclosed to us directly.
Cookies are used to make the use of our offering more comfortable. For instance, we use so-called session cookies to detect that you have already visited individual pages of our website before. They will be deleted automatically when you exit our website.
In addition to this, for the purpose of optimising user-friendliness, we use temporary cookies. They are stored on your device for a defined period of time. When you visit our website again during that time, your devise will be detected as having visited our website before. Same goes for any former entries and settings, so you do not have to make them again.
The data processed by means of cookies are necessary for the purposes mentioned to protect our legitimate interests and those of third parties pursuant to Art. 6 (1) Sentence 1 f) GDPR.
Most browsers will accept cookies automatically. You can, however, make settings in your browser to prevent the storage of cookies on your computer or to display a message each time when a new cookie is to be created. A complete deactivation of cookies may lead to the fact, that you will not be able to use all the functions of our website.
6. Analysis tools
Tracking tools: The tracking measures used by us and listed below are taken on the basis of Art. 6 (1) Sentence 1 f) GDPR. The purpose of the tracking measures used is to ensure a need-based design and the continuous optimisation of our website. We use those tracking measures to statistically register the use of our website and to analyse that use for the purpose of optimising our offering for you. These interests are to be considered legitimate within the meaning of the abovementioned regulation.
The respective purposes of data processing and categories of data are provided in the respective tracking tools.
a) Google Analytics
For the purposes of need-based design and continuous optimisation of our pages, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter: "Google")). In this context, pseudonymised user profiles are created and cookies (see Section 4) are used. The information generated by the cookie about your use of this website, such as
- browser type/version;
- operating system used;
- referrer URL (page previously visited);
- host name of the accessing computer (IP address);
- time of server request
will be transmitted to a Google server located in the USA and stored there. The information is used to evaluate the use of the website, compile reports on the website activities and provide further services associated with website use and internet use for the purposes of market research and need-based design of these web pages. Such information may also be transmitted to third parties if this is required by law or a third party processes these data under a contract. In no case will your IP address be combined with other Google data. The IP addresses are made anonymous, so that they cannot be assigned (IP masking).
You can prevent the installation of cookies by making appropriate settings in your browser. However, please note that if you do this you may not be able to use the full functionality of this website.
In addition, you can prevent acquisition of the data generated by the cookie that relate to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing a browser add-on (https://tools.google.com./dlpage/gaoptout?hl=de).
More information about data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).
b) Google AdWords Conversion Tracking
We use Google Conversion Tracking to statistically register the use of our website and to optimise our website for you. In this process, Google AdWords will place a cookie (see Section 4) on your computer if you have accessed our website via a Google advertisement.
These cookies will become invalid after 30 days and are not used to personally identify you. When the user visits certain pages of the AdWord customer's website and the cookie has not yet expired, Google and the customer can see that the user has clicked on the advertisement and has been redirected to that page.
Each AdWords customer receives a different cookie. Hence, cookies cannot be tracked via the websites of AdWords customers. The information gathered with the help of the conversion cookie is used to prepare conversion statistics for AdWords customers that have opted for conversion tracking. The AdWords customers are informed of the total number of users that have clicked their advertisement and have been redirected to a page provided with a conversion tracking tag. However, they will not receive information that can be used to personally identify users.
If you do not wish to participate in the tracking, you can also reject the placing of a cookie that is required for this, e.g. by making a browser setting that deactivates the automatic placing of cookies altogether. You can also deactivate cookies for conversion tracking by configuring your browser to block cookies from the domain "www.googleadservices.com". You can read Google's data privacy statement regarding conversion tracking here (https://services.google.com/sitestats/de.html).
c) Google reCAPTCHA
On this website we also use the reCAPTCHA feature of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is mainly used to distinguish whether an entry is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) Sentence 1f GDPR on the basis of our legitimate interest in establishing individual responsibility on the Internet and avoiding abuse and spam. In the course of using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA.
7. Pardot Service Marketing Automation Platform
We use Pardot and Pardot Forms from Salesforce.org EMEA Limited, 110 Bishopsgate, London, EC2N 4AY, United Kingdom, on our websites. The legal basis for the data processing is Art. 6 (1) Sentence 1 f) EU General Data Protection Regulation (GDPR). Pardot is a software that collects and evaluates the use of a website, by website visitors. Insofar as Salesforce.org EMEA Limited processes personal data, the processing takes place exclusively on our behalf and in accordance with our instructions. A data processing contract according to Art. 28 GDPR has been established.
8. Social media plug-ins
We rely on our website on the basis of Art. 6 (1) sentence 1 f) GDPR social plug-ins from Youtube and Soundcloud.
On our pages plugins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, United Kingdom.) may be integrated. The SoundCloud plugins can be recognized by the SoundCloud logo on the affected pages.
When you visit our pages, a direct connection is established between your browser and the SoundCloud server after activation of the plugin. SoundCloud receives the information that you have visited our site with your IP address. If you click the "Like" or "Share" button while logged into your SoundCloud account, you may link and / or share the contents of our pages with your SoundCloud profile. This allows SoundCloud to associate your account with our pages. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by SoundCloud. For more information, see the Privacy Statement of SoundCloud at: soundcloud.com/pages/privacy.
If you do not want SoundCloud to associate your visit to our pages with your SoundCloud account, please log out of your SoundCloud account before enabling content from the SoundCloud plug-in.
9. Rights of data subjects
You have the following rights:
- pursuant to Art. 15 GDPR, to request information about your personal data that we process. In particular, you can request information about the purposes of the processing, the categories of the personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period of storage, the existence of the right to request rectification, erasure, restriction of processing or to object, the existence of the right to lodge a complaint, the sources of your data if they were not collected by us and the existence of automated decision-making, including profiling, and meaningful details about such decision-making.
- pursuant to Art. 16 GDPR, to request that your personal data we have stored be rectified if they are inaccurate or be completed.
- pursuant to Art. 17 GDPR, to request that your personal data we have stored be erased, unless their processing is necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims.
- pursuant to Art. 18 GDPR, to request restriction of the processing of your personal data if you contest the accuracy of the data, if their processing is unlawful but you oppose their erasure, if we no longer need the data but you require them for the establishment, exercise or defence of legal claims or if you have objected to processing in accordance with Art. 21 GDPR.
- pursuant to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller.
- pursuant to Art. 7 (3) GDPR, to withdraw at any time any consent you have given us. The consequence of such withdrawal is that, in the future, we may not continue with the data processing for which the consent was given.
- pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. You may usually address your complaint to the supervisory authority competent for your usual place of residence, your place of employment or our registered office.
10. Right to object
Where your personal data are processed on the basis of a legitimate interest in accordance with Art. 6 (1) Sentence 1 f) GDPR, you have the right according to Art. 21 GDPR to object to the processing of your personal data if your objection is based on reasons relating to your particular situation or is raised against direct marketing. In the latter case, you have a general right to object which we will respect without you having to specify a particular situation.
To exercise your right of withdrawal or objection, it is sufficient to send an e-mail to dataprotection[at]hertie-school[dot]org.
11. Data security
For your visit to our website, we use the widely-used SSL method (Secure Socket Layer) in combination with the highest encryption level that is supported by your browser. Usually, that encryption level is 256-bit encryption. Should your browser not support 256-bit encryption, we use 128-bit v3 technology instead. Whether or not the transmission of an individual page of our website is encrypted is indicated by the locked or not locked status of the key or lock icon in the bottom status bar of your browser.
Apart from this, we employ suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are continuously improved based on the progress of technology.
12. Current state of and changes to this Data Privacy Statement
This Data Privacy Statement in its current version of August 2020 is presently valid.