Data protection

Data protection information:

Name and contact details of the controller in accordance with Article 4 (7) GDPR
Organisation: Bundeskanzler-Helmut-Schmidt-Stiftung
Address: Kattrepel 10, 20095 Hamburg
Telephone: +49 40 / 18 23 12 18
E-mail: info(at)helmut-schmidt.de

Data Protection Officer
Name: Axel Schuster
Address: Kattrepel 10, 20095 Hamburg
E-mail: a.schuster(at)helmut-schmidt.de

Security and protection of your personal data
We regard it as our primary responsibility to maintain the confidentiality of the personal data you provide and to protect it from unauthorised access. We therefore exercise the utmost care and apply state-of-the-art security standards in order to ensure maximum protection of your personal data.

As a federal foundation under public law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). We have implemented technical and organisational measures to ensure that the data protection regulations are observed both by us and by our external service providers.

Children
Our services are generally aimed at adults. Persons under the age of 18 should not transmit personal data to us without the consent of their parents or legal guardians.

Definitions
The legislator requires that personal data be processed in a lawful manner, in good faith and in a way that is transparent to the data subject (“lawfulness, fairness and transparency”). To ensure this, we inform you below about the individual legal definitions that are also used in this data protection notice:

  1. Personal data
    “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
     
  2. Processing
    “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
     
  3. Restriction of processing
    “Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
     
  4. Profiling
    “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
     
  5. Pseudonymisation
    “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
     
  6. Filing system
    “Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
     
  7. Controller
    “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
     
  8. Processor
    “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
     
  9. Recipient
    “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
     
  10. Third party
    “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
     
  11. Consent
    “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject‘s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
     

Lawfulness of processing
The processing of personal data is lawful only if and to the extent that there is a legal basis for the processing. Pursuant to Article 6 (1) lit. a–f GDPR, the legal basis for the processing may in particular be:

  1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
     
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
     
  3. processing is necessary for compliance with a legal obligation to which the controller is subject;
     
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
     
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
     
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


Data sources
We obtain the data from you (including via the devices you use). If we do not collect the personal data directly from you, we will also inform you from which source the personal data originate and, if applicable, whether they originate from publicly accessible sources.


Data processing in third countries

  1. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if processing takes place in the context of using services of third parties or of disclosing or transmitting data to other persons, bodies or companies, this is done only in accordance with the legal requirements.
     
  2. Subject to express consent or transmission required by contract or law, we process or have data processed in third countries only if an adequate level of data protection is recognised, on the basis of contractual obligations using the so-called standard data protection clauses of the EU Commission, where certifications exist or on the basis of binding internal data protection rules (Art. 44 to 49 GDPR). You can obtain information on this from us on request. Information page of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en


Storage period
We store your personal data only for as long as is necessary to achieve the purpose of processing or as long as there is a statutory retention period.

We store your data

  • if you have consented to the processing, at most until you withdraw your consent,
  • if we need the data for the performance of a contract, at most for as long as the contractual relationship with you exists or statutory retention periods are running,
  • if we process the data for compliance with a legal obligation, at most for as long as the legal obligation exists,
  • if we use the data on the basis of a legitimate interest, at most until your interest in erasure or anonymisation prevails.


Requirement or obligation to provide data
Unless expressly stated otherwise at the time of collection, the provision of data is neither required by law nor by contract and you are not obliged to provide it. Such an obligation may arise from legal provisions or contractual arrangements.


Automated decision-making (including profiling)
Automated decision-making – including profiling – does not take place.


Rights of the data subject
You have – partly subject to certain conditions – the following rights under the GDPR:

  • Right to withdraw your consentto data processing at any time with effect for the future, Art. 7 (3) GDPR;
  • right of access to your personal data, Art. 15 GDPR;
  • right to rectification of your personal data, Art. 16 GDPR;
  • right to erasure of your personal data, Art. 17 GDPR;
  • right to restriction of processing, Art. 18 GDPR;
  • right to object to the processing of your data, Art. 21 GDPR;
  • right to data portability, Art. 20 GDPR;
  • right to lodge a complaint with a supervisory authority, Art. 77 GDPR.


Further information on the collection of personal data
Below we inform you about the collection of personal data when you use our website. Personal data include, for example, name, address, e-mail addresses and user behaviour.


Collection of personal data when visiting our website
If you use the website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security; this also constitutes our legitimate interest in data processing pursuant to Art. 6 (1) sentence 1 lit. f GDPR:

  • IP address
  • date and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • content of the request (specific page)
  • access status/HTTP status code
  • the amount of data transferred in each case
  • website from which the request originates
  • browser
  • operating system and its interface
  • language and version of the browser software.


Use of cookies

  1. In addition to the aforementioned data, cookies are stored on your device when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and that provide certain information to the party that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offering as a whole more user-friendly and effective.
     
  2. This website uses the following types of cookies, the scope and functionality of which are explained below:
  • transient cookies (see a.)
  • persistent cookies (see b.)
  • third-party cookies (see c.)
  • strictly necessary cookies (see d.)

a. Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your device to be recognised when you return to our website. Session cookies are deleted when you close the browser.

b. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete cookies at any time in your browser’s security settings.

c. So-called “third-party cookies” are cookies that are set by a third party, i.e. not by the actual website you are currently visiting.

d. Strictly necessary cookies serve the proper operation and ensure the functionality and user-friendly design of the website. For example, your consent preferences are stored on your device by means of a cookie.

  1. You can configure your browser settings according to your preferences and refuse to accept cookies. We would like to point out that by deactivating cookies you may not be able to use all functions of this website.
     
  2. The flash cookies used are not captured by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not wish flash cookies to be processed, you can – in addition to not giving your consent to the use of such cookies – install an appropriate add-on. You can prevent the use of HTML5 storage objects by using your browser’s private mode. In addition, we recommend that you regularly delete your cookies and browser history manually.
     
  3. The setting of cookies and/or the processing of personal data with the aid of cookies is based on the user’s consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR, Section 25 (1) TDDDG. For cookies that are strictly necessary to provide the website properly, we base the setting of cookies on Section 25 (2) No. 2 TTDSG and the processing of personal data on our legitimate interest under Art. 6 (1) sentence 1 lit. f GDPR in making our website available and ensuring its functionality and user-friendly design.


Further functions and offerings of our website

In addition to purely informational use of our website, we offer various services that you can use if you are interested. As a rule, you will need to provide additional personal data, which we use to provide the respective service and to which the aforementioned principles of data processing apply.

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contract conclusions or similar services together with partners. You will receive more detailed information at the time you provide your personal data or below in the description of the respective offer.


Contact by e-mail or contact form

If you contact us by e-mail or via our contact form, the data you provide (e.g. content of your inquiry, e-mail address) will be stored and processed by us in order to answer your inquiry. In order to be able to use the contact form, some fields are marked as mandatory (subject, your message, name, e-mail address).

The legal basis is our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR in being able to process and answer the contact you have requested.


Newsletter

  1. With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers.
     
  2. For registration to our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send an e-mail to the e-mail address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of the procedure, and our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR, is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
     
  3. The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally.
     
  4. The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the server of the mailing service provider (see (5)) when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical analyses also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients, although neither we nor the mailing service provider aim to observe individual users. The analyses are much more aimed at helping us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
     
  5. For sending newsletters we use an external service provider. A data processing agreement has been concluded with the service provider to ensure the protection of your personal data. The newsletters are sent using the mailing service provider Brevo, a service of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany (“Brevo”).
     
  6. The mailing service provider may use the data of recipients in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for the technical optimisation of the mailing and the presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
     
  7. You can view Brevo’s privacy policy at https://www.brevo.com/de/legal/privacypolicy/
     
  8. Data processing is carried out on the basis of your consent (Art. 6 (1) sentence 1 lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing operations that have already taken place remains unaffected by the withdrawal. If you do not wish to be analysed, you must unsubscribe from the newsletter. A link is provided for this purpose in every newsletter.


Use of Google Analytics

  1. We use the Google Analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). This service enables an analysis of the use of our website and uses cookies for this purpose. For this, the information generated by the cookie, such as your anonymised IP address, is transmitted to a Google server on our behalf, stored and evaluated there. The anonymisation function of Google Analytics is activated on this website. This ensures that IP addresses are recorded anonymously. As a rule, your IP address is truncated by Google within the European Union or in other states party to the Agreement on the European Economic Area (EEA). In exceptional cases, your IP address may be transmitted to a Google LLC server in the USA and truncated there only afterwards. The IP address transmitted by your browser as part of Google Analytics is not merged with other data held by Google LLC.
     
  2. As part of the Google Analytics advertising function, remarketing and reports on performance by demographic characteristics and interests are used. The purpose of these procedures is to use information about user behaviour to tailor advertising measures more closely to the interests of the respective users. As part of remarketing, personalised advertising measures can be placed on other websites on the basis of the user’s surfing behaviour on this website. The advertising media may then contain products that the user has previously viewed on the website. If you have consented to your web and app browsing history being linked by Google with your Google account and information from your Google account being used to personalise ads, Google will use these data for cross-device remarketing.
     

  3. Most browsers accept cookies automatically. However, you can prevent the use of cookies by changing your browser settings; in this case, however, you may not be able to use all functions of the website to their full extent. You must configure the settings separately for each browser you use. You can also prevent the collection and processing of these data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

    As an alternative to this or within browsers on mobile devices, please click the following link: Deactivate Google Analytics.

    An opt-out cookie will then be placed on your device for our website with effect for the browser you are currently using. If you delete your cookies in this browser, you must click this link again. Data processing, in particular the setting of cookies, is carried out with your consent on the basis of Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

  4. You can find more information on terms of use and data protection at http://www.google.com/analytics/terms/de.html and at https://policies.google.com/?hl=de
     

Social media presences

1. We operate social media presences on various platforms. These services enable us to engage in public relations and, for example, to inform you about our work or upcoming events.

We operate the following presences:

a. Bundeskanzler-Helmut-Schmidt-Stiftung on LinkedIn, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy of LinkedIn is available at https://de.linkedin.com/legal/privacy-policy
 

b. @BKHS_Stiftung@social.bund.de on Mastodon, a service of Mastodon gGmbH, Mühlenstraße 8a, 14167 Berlin, Germany. The privacy policy of the Mastodon instance “social.bund.de” is available at https://social.bund.de/privacy-policy
 

c. Bundeskanzler-Helmut-Schmidt-Stiftung on YouTube, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The privacy policy of Google is available at https://policies.google.com/privacy?hl=de
 

d. Bundeskanzler-Helmut-Schmidt-Stiftung on Facebook, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025 USA. The privacy policy of Meta is available at https://de-de.facebook.com/privacy/policy/
 

e. bkhs.stiftung on Instagram, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025 USA. The privacy policy of Meta is available at https://de-de.facebook.com/privacy/policy/
 

f. Bundeskanzler-Helmut-Schmidt-Stiftung on X, a service of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland; parent company: X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. The privacy policy of X is available at https://x.com/de/privacy

2. Please also note the following additional information about our presence on Facebook:

When you visit our fan page, personal data are processed not only by us but also by Meta, even if you do not have a profile on Facebook or are not logged in. When you use our fan page, user data (such as contact data), content data (such as entries in forms), usage data (such as websites visited, interest in content, access times) and communication data (such as device information, IP addresses) are processed, among other things. This is done for the purpose of providing information and communication, e.g. via contact requests and feedback forms, as well as for marketing.

If you are logged in when you open our fan page, we can see the information contained in your public Facebook profile. Meta also provides us with anonymous usage statistics (“Page Insights”). We use these to improve the user experience. However, we do not have access to the usage data that Meta uses to create the statistics.

We are jointly responsible with Meta for the collection of data of visitors to our fan page and their transmission to Meta (this includes, for example, information on the types of content viewed, interactions with content, actions taken, technical information such as IP address, operating system, browser type, language settings, cookie data). Interests can be derived from this and user profiles can be created, but we cannot draw any conclusions about individual users. Meta also uses the data to provide “Page Insights”, which can be used to gain insights into interaction with pages and associated content. We have therefore concluded a joint controller agreement with Meta regarding the processing of your data pursuant to Art. 26 GDPR. The agreement with Meta also sets out which security measures Meta must observe. The data subject rights, such as the right of access or other requests, are also to be fulfilled by Meta. You can view the terms of this agreement with Meta here: https://www.facebook.com/legal/controller_addendum

Further processing by Meta is not carried out under our joint responsibility.

When you visit our fan page, Meta also stores so-called cookies on your device, even if you do not have a Facebook profile or are not logged in there. Meta can use these to create user profiles based on your preferences and interests and display tailored advertising both within and outside Facebook. Cookies remain on your device until you delete them. Details can be found in Meta’s privacy policy (see below).

Data processing is carried out with your consent on the basis of Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future without affecting the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

If you are a registered Facebook user, you can object and make further settings in your account settings.

Further information on Page Insights and on exercising your data subject rights can be found here: https://de-de.facebook.com/legal/terms/information_about_page_insights_data

More detailed information on how Meta processes personal data, including the options for exercising your data subject rights vis-à-vis Meta, can be found in Meta’s Data Policy at https://de-de.facebook.com/privacy/policy/
 

3. Please also note the following additional information about our presence on LinkedIn:

When you visit our social media presence on LinkedIn, LinkedIn processes, among other things, information about how you interact with our LinkedIn page (e.g. whether you follow our page) and, if you have a corresponding account, your profile data (e.g. field of activity, country, industry) and aggregates this data in order to create statistics on the use of our presence on LinkedIn (so-called “Page Insights”). This enables us to better understand the use of our LinkedIn page and to adapt it to demand. The Page Insights are anonymous and do not allow any conclusions to be drawn about individuals. We also do not have access to the data that LinkedIn uses to create the statistics.

With regard to the processing of data in the context of Page Insights, we and LinkedIn are jointly responsible and have therefore concluded a joint controller agreement pursuant to Art. 26 GDPR, the details of which you can view here: https://www.linkedin.com/legal/l/page-joint-controller-addendum

According to this, LinkedIn is responsible, among other things, for data protection information, for data subject rights and for technical and organisational security measures. Further information on Page Insights is also available here: https://www.linkedin.com/help/linkedin/answer/a1338708

You can find LinkedIn’s privacy policy here: https://de.linkedin.com/legal/privacy-policy

 

Integration of Google Maps

  1. We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
     
  2. When you visit the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, cookies are used which store, among other things, your IP address and information about your device and browser and transmit these to Google. If you interact with Google Maps (e.g. enter addresses, use the route planner), these data are also processed by Google. This applies regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data are directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or the demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google.
     
  3. Data processing, in particular the setting of cookies, is carried out with your consent on the basis of Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
     
  4. You can find further information on the purpose and scope of data collection and processing by Google in the provider’s privacy policies. There you will also find further information on your rights in this regard and settings options to protect your privacy: www.google.de/intl/de/policies/privacy

 

Integration of YouTube videos

  1. On some of our pages we have embedded videos from YouTube, a video portal of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which also provides the embedding function. For the European area, YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
     
  2. The extended data protection mode is used, which according to the provider ensures that user information is only stored when the video(s) is/are played; however, even without clicking the video(s), a connection is established to the Google advertising network “DoubleClick”. When the playback of embedded YouTube videos is started, cookies or comparable recognition technologies are used to collect information about user behaviour. This information includes, among other things, your IP address, information about your device and browser and which of our pages you have visited, and is transmitted to Google. If a “DoubleClick” cookie is already stored in your browser, the specific cookie ID is transmitted to the network.
     
  3. If you are logged in to Google, your data are assigned to your Google account. If you do not want your data to be assigned to your Google account, you must log out before accessing the pages. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Google states, among other things, that the purposes for deploying the cookies include analysing the use of Google services and personalising advertising.
     
  4. Data processing and the setting of cookies are based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
     
  5. You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=de

 

Integration of X posts (formerly Twitter)

  1. On some of our pages we have embedded X posts that we have published on our social media presence on X. X is a service of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; parent company: X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103, USA.
     
  2. When you visit one of our pages on which one or more X posts are embedded, your browser establishes a direct connection to X’s servers, whereby the content is transmitted to your browser and embedded by it in the displayed website. In this process, your IP address and device and browser information are processed and cookies may be used. In addition, the information that you have visited our website is transmitted to X. If you are logged in to X via your personal user account while visiting our website, X can associate the website visit with this account. By interacting with embedded content, e.g. by “liking” a post, this information is transmitted directly to X and stored there. If you wish to prevent such data transmission, you must log out of your account before visiting our website.
     
  3. Data processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
     
  4. You can view X’s privacy policy here: https://x.com/de/privacy
     

Integration of Facebook posts

  1. On some of our pages we have embedded Facebook posts that we have published on our social media presence on Facebook. Facebook is a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025 USA.
     
  2. When you visit one of our pages on which one or more Facebook posts are embedded, your browser establishes a direct connection to Meta’s servers, whereby the content is transmitted to your browser and embedded by it in the displayed website. In this process, your IP address and device and browser information are processed and cookies may be used. In addition, the information that you have visited our website is transmitted to Meta. If you are logged in to Facebook via your personal user account while visiting our website, Meta can associate the website visit with this account. By interacting with embedded content, e.g. by “liking” a post, this information is transmitted directly to Meta and stored there. If you wish to prevent such data transmission, you must log out of your account before visiting our website.
     
  3. Data processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
     
  4. You can view Meta’s privacy policy here: https://de-de.facebook.com/privacy/policy/


Integration of Spotify content

  1. On some of our pages we have embedded content from Spotify (e.g. our podcast “Der Krisenlotse”). Spotify is a service of Spotify AB, Regeringsgatan 19, 11152 Stockholm, Sweden.
     
  2. When you visit one of our pages on which one or more Spotify contents are embedded, your browser establishes a direct connection to Spotify’s servers, whereby the content is transmitted to your browser and embedded by it in the displayed website. In this process, your IP address and device and browser information are processed and cookies may be used. In addition, the information that you have visited our website is transmitted to Spotify. If you are logged in to Spotify via your personal user account while visiting our website, Spotify can associate the website visit with this account. By interacting with embedded content, e.g. by “liking” content, this information is transmitted directly to Spotify and stored there. If you wish to prevent such data transmission, you must log out of your account before visiting our website.
     
  3. Data processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
     
  4. You can find Spotify’s privacy policy here: https://www.spotify.com/de/legal/privacy-policy/
     

Management of our social media presences with Agorapulse

  1. We use the social media management tool Agorapulse, a service of Agorapulse SAS, 35 Bd de Sébastopol, 75001 Paris, France. Agorapulse supports us in planning and publishing posts and campaigns, measuring our social media performance and staying in touch with you.
     
  2. When using Agorapulse, communication data (e.g. user posts, direct messages from users to us) and public profile data (e.g. name, profile picture) may be processed.
     
  3. Data processing is based on our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR in being able to manage our social media presences efficiently and clearly.
     
  4. You can find Agorapulse’s privacy policy here: https://www.agorapulse.com/de/datenschutzerklarung/

Guest management with “Guestoo”

  1. For guest management for our events, we use Guestoo, a service of Code Piraten GmbH, Brunshofstraße 3, 45470 Mülheim an der Ruhr, Germany. The service supports us in organising, managing and implementing our events. We also use your e-mail address to send you relevant information about the event for which you have registered (e.g. confirmations or cancellations, changes to event details).
     
  2. Guest and participant data (e.g. name) and contact data (e.g. address, e-mail address) are processed.
     
  3. Data processing is based on our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR in being able to manage and implement our guest management and thus our events digitally and efficiently. Otherwise, where requested, we base processing on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.
     
  4. You can view Guestoo’s privacy policy here: https://www.guestoo.de/datenschutzerklaerung

Online events with “Zoom”

  1. For our online events we use the video transmission tool Zoom, a service of Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA (hereinafter “Zoom”). Zoom is used to conduct online events via video transmission.
     
  2. The following data are processed, among others: user details (e.g. first name, last name, e-mail address), image and audio data, meeting metadata (e.g. subject, participant IP addresses, device/hardware information) and recordings (MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings). The recordings serve to publish our online events on our YouTube channel and thus make them available to interested parties at a later date.
     
  3. If you have a Zoom user account and participate in the video conference via this user account, Zoom can assign the metadata to your user account. However, it is not necessary for you to use or create a Zoom user account in order to use the video conference system. Instead of your actual name, you can also use a pseudonym when creating your user account.
     
  4. Data processing is carried out for the performance of a contract on the basis of Art. 6 (1) sentence 1 lit. b GDPR. Recording of online events is carried out solely on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. For the processing of “operational data” in the USA and for the processing of personal data in support cases, the level of protection is guaranteed through the use of the EU standard contractual clauses. Further information can be found at: https://explore.zoom.us/de/privacy/ and https://explore.zoom.us/de/terms/
     

Map application Schmidt-Map with “OpenStreetMap”

  1. The application “In the footsteps of Helmut Schmidt in Hamburg” (hereinafter “Schmidt-Map”) is based on OpenStreetMap. We use the service of OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, to embed and visually display the required map material for the Schmidt-Map.
     
  2. When you use Schmidt-Map, a direct connection is established to OpenStreetMap’s servers. In addition to the use of cookies, your IP address, metadata and communication data (e.g. device and browser information, operating system) and, if you interact with Schmidt-Map (e.g. by allowing access to your location), location data are processed.
     
  3. Data processing is based on our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR in being able to offer Schmidt-Map in a functional way and to provide a user-friendly presentation of places of interest from Helmut Schmidt’s life to interested users of the application. The processing of location data is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
     
  4. The privacy policy of OpenStreetMaps can be viewed here: https://wiki.osmfoundation.org/wiki/Privacy_Policy
     

Processors

We use external service providers (processors), e.g. for shipping goods, sending newsletters or processing payments. We have concluded separate data processing agreements with these service providers in order to ensure the protection of your personal data.

In addition to the service providers already mentioned above, we also work with the following service providers:

  1. neues handeln AG
    Lindenstraße 20
    50674 Cologne
     
  2. Mittwald CM Service GmbH & Co. KG
    Königsberger Straße 4-6
    32339 Espelkamp