BOROS FOUNDATION

Information concerning data protection

With this Data Protection Policy, we would like to inform you about how we process personal data and about your rights. We are aware of the significance to you of the processing of personal data, and we accordingly comply with all relevant statutory requirements. In this regard, the protection of your privacy has the highest priority for us. We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), as well as with data protection provisions in German law.

Name and contact details of the controller and its representative

BOROS Foundation gemeinnützige GmbH
Reinhardtstrasse 20
10117 Berlin
Tel: +49 30 27594065
Email: info@boros-foundation.de

General managers with power of representation: Karen and Christian Boros

Definitions

This Data Protection Policy uses the definitions contained in the EU General Data Protection Regulation (GDPR):

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data.

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Processing operations

We collect and process the following personal data about you:

• contact and address information, in the event that you have provided us with your contact information or have registered on our site,
• online identifiers (e.g. your IP address, browser type and version, operating system used, referrer URL, IP address, file names, access status, amount of data transferred, date and time of day of server request),
• social media identifiers.

Purposes of processing

We process your data for the following purposes:

• for contacting you at your request,
• for advertising purposes
• for sending appointment reminders in connection with guided tours,
• for quality assurance, and
• for our statistics.

Legal basis of data processing

The processing of your data takes place on the following legal bases:

• your consent in accordance with Article 6(1)(a) GDPR,
• for performing a contract with you in accordance with Article 6(1)(b) GDPR,
• for complying with statutory duties in accordance with Article 6(1)(c) GDPR, or
• because of a legitimate interest in accordance with Article 6(1)(f) GDPR.
Legitimate interests
To the extent that we base the processing of your personal data on legitimate interests within the meaning of Article 6(1)(f) GDPR, those interests are:
• improving our website,
• protecting against misuse, and
• managing our statistics.

Data sources

We receive the data from you (including by way of the devices you use). If we do not collect personal data directly from you, then we also inform you about the source from which the personal data originate and, if applicable, whether they originate from publicly accessible sources.

Recipients and categories of recipients of personal data

When processing your data, we collaborate with the following service providers that have access to your data:

• providers of web analysis tools,
• tour guides

Data are transferred to third countries outside of the European Union. This takes place on the basis of contractual arrangements prescribed by law, which are intended to ensure the appropriate protection of your data and which you may view upon request.

Duration of storage

We store your personal data only for as long as they are needed for achieving the purpose of processing or for the duration of the statutory retention period, where applicable. We store your data

• if you consented to processing, until you revoke your consent, if not sooner,
• if we need the data to perform a contract, for a long as the contractual relationship with you is in effect or statutory retention periods are running, if not sooner,
• if we use the data on the basis of a legitimate interest, for as long as that interest is not outweighed by your interest in erasure or anonymisation, if not sooner.

Your rights

You have the right, in some cases under certain conditions,

• to obtain information at no charge about the processing of your data, as well as a copy of your personal data. You may obtain information about, inter alia, the purposes of processing, the categories of personal data that are processed, the recipients of the data (where disclosure takes place), and the period for which the data will be stored or the criteria used to determine that period;
• to rectify your data. If your personal data are incomplete, you have the right to have them completed, taking into consideration the purposes of processing;
• to have your data erased or blocked. Reasons for the existence of an entitlement to erasure or blocking may be, inter alia, withdrawal of the consent on which the processing is based, the data subject objects to the processing, or the personal data were unlawfully processed;
• to have the processing restricted;
• to object to the processing of your data;
• to withdraw your consent to the processing of your data with prospective effect; and
• to lodge a complaint with the competent supervisory authority about unauthorised data processing.

Requirement or obligation to provide data

Unless expressly indicated otherwise at the time of collection, you are not required or obligated to provide data. Such an obligation may arise as a result of statutory requirements or contractual arrangements.

Further information about data protection

If you schedule a guided tour, we will send you a reminder email one week before the tour takes place. For this purpose, we use the necessary data or those provided separately by you. After the tour is completed, you will not receive any further emails from us.

Data security

We have taken extensive technical and organisational steps to protect your data against possible threats, such as unauthorised access, inspection, change, or dissemination, as well as against loss, destruction, and misuse.

To protect your personal data against unauthorised access by third parties during transfer, we employ SSL encryption. This is a standardised encryption process for online services, especially for the web.

Log files

Each time our website is accessed, usage data are transmitted by the browser and stored in server log files. The stored datasets contain the following data: domain from which the user accessed the website, date and time of day of access, IP address of the accessing computer, website(s) that the user visits, amount of data transferred, browser type and version, operating system used, name of the internet service provider, and report on whether access was successful. The log file datasets are analysed in anonymised form in order to improve the website and make it more user-friendly, to identify and correct errors, and to manage server utilisation.

Cookies

This website uses cookies. A cookie is a text file with an identification number which, together with other data that were actually requested, is transferred to the user’s computer and stored there. The file is held there for later access and is used to authenticate the user. Since cookies are simple files and not executable programs, they pose no risk to the computer. Depending on how the user has adjusted his or her browser settings, cookies are accepted automatically. However, these settings may be changed to deactivate the storage of cookies or to notify the user if a cookie is being placed. If the use of cookies is deactivated, some features of the website may be unavailable or limited. You can at any time permanently block our website from placing cookies by adjusting the settings in your browser accordingly. Cookies that are currently active can be deleted at any time using the browser or other software programs. In some cases, we work with advertising partners that help us to design our website in a way that is more interesting for you. In such a case, cookies of partner companies are also stored on your hard drive for this purpose when visiting our website (third-party cookies). The following paragraphs are intended to provide you with information about the use of such cookies and the scope of the information collected in each case.

We use the following types of cookies:

First-party cookies: First-party cookies are transferred from the platform being visited at that moment.

Third-party cookies: Third-party cookies are cookies that are transferred by a provider other than the platform being visited by the user. If the user visits a platform and another unit transfers a cookie through this platform, this has to do with a third-party cookie.

Absolutely necessary cookies: These cookies are necessary so that you can navigate the platform and use its features, such as accessing secure areas of the platform. Without them, certain services are not provided, such as the displaying of content customised for your computer or device.

Performance cookies: These cookies collect information about how visitors use the platform, such as which pages are visited most frequently and whether they receive error messages from websites. However, these cookies do not collect any information about the visitor’s identity. All information collected by these cookies is pooled and therefore anonymous. The information is used only to optimise the platform.

Functionality cookies: These cookies enable the platform to store decisions made by you (e.g. language settings and your region) and to offer you improved, more personalised features. They may also be used to store your settings with respect to size of text, type of font, and other customisable parts of the website. They may likewise be used to provide you with requested services, such as displaying a video or using the comment feature on a blog. The information collected by these cookies may be anonymised. Your surfing activities cannot be monitored on other platforms.

Social media cookies: These cookies are used if you click on a button to share information on social media. The social network records the action and may use it for marketing or advertising purposes.

Marketing/advertising cookies: These cookies are used to display advertising that might be relevant to you based on your interests. They are also used to limit the frequency with which certain advertising is shown to you. We likewise use cookies to measure the effectiveness of advertising campaigns. They are normally placed by advertising networks with our permission and register your visit to a platform. This information is disclosed to other organisations, such as advertising providers. In many cases, marketing and advertising cookies are coupled with platform features. Our advertising cookies also make it possible for you to take part in customer surveys and in that way to provide us with your feedback so that we can improve your user experience with us.

Google Maps

On our website, we use Google Maps (API) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. (“Google”). Google Maps is a web service that displays interactive maps in order to depict geographic information visually. This service is used to show you our location and directions for getting there. When accessing the subpages in which the map of Google Maps is embedded, information about your use of our website (such as your IP address) is transferred to Google servers in the U.S. and stored there. This takes place irrespective of whether Google provides a user account to which you are logged in or whether there is no user account. If you are logged in to Google, your data are directly attributed to your account. If you do not desire attribution to your Google profile, you must first log out before activating the button. Google stores your data (even for users who are not logged in) as a use profile and analyses it. This analysis takes place, in particular, pursuant to Article 6(1)(f) GDPR on the basis of Google’s legitimate interests in displaying personalised advertising, performing market research, and/or customising the design of its website. You have a right to object to the creation of this user profile, but you must contact Google in order to exercise it. For more extensive information about data protection in connection with the use of Google Maps, please visit Google’s website (“Google Privacy Policy”): http://www.google.de/intl/de/policies/privacy/.

Matomo (formerly, Piwik)

Our website uses the web analysis service Matomo. Matomo is open-source software that analyses accesses by website visitors. Cookies are used to collect information with respect to your use of our website. The information is stored on a Matomo server in Germany. Your IP address if first anonymised. However, you have the ability to prevent the storage of cookies by Matomo on your computer. To do so, you must adjust your browser settings accordingly. This may have the result that you will be unable to use our website to its full extent.

This Data Protection Policy was last updated in May 2018.

We reserve the ability to amend this Data Protection Policy at any time with prospective effect.

Tracking is currently not active because your browser notified us that you do not wish to be tracked. This involves a browser setting. In order to reactivate tracking, you must deactivate the “do not track” setting in your browser.