Privacy Policy
A. Basic information
1. Who we are
The data controller for the processing on this website is the Falling Walls Foundation gGmbH.
Information on our address, contact details and legal representatives can be found in our legal notice.
2. Our Data Protection Officer
You can contact our Data Protection Officer via email to dpo@falling-walls.com.
3. Supervisory Authority
If you believe that the processing of your personal data by us is unlawful, you can file a complaint with any data protection authority.
The Data Protection Authority that has jurisdiction over us is
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
tel.: +49 30 13889-0
fax: +49 30 215 50 50
email: mailbox@datenschutz-berlin.de
B. Your Rights
In accordance with the statutory provisions, you have the right to receive information about your data stored by us free of charge at any time.
In addition, you can exercise your rights to rectification, erasure or restriction of processing or the right to object towards us.
You can request your data in a structured, machine-readable format. This includes the right that the data be sent directly to another organization where technically feasible. This right only applies to data
- we collected with your consent or as part of a contract and
- process by automated means.
If you have provided us with your personal data on the basis of consent, you can revoke this consent at any time for the future.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and should preferably be addressed to privacy@falling-walls.com.
Alternatively, you can contact us via the data listed in our legal notice: Impressum.
C. Purposes and Scope of Data Processing
1. This Website
a) Processing of Traffic Data
Traffic data is processed every time you access our websites and every time you retrieve a file.
Such traffic data record consists of:
- the page from which the file was requested (so-called referrer URL)
- the date and time of the request (so-called "time stamp")
- IP address and port of the originating and end point
- filename
- the amount of data transferred
- the access status (file transferred, file not found, etc.)
- a description of the type of Internet browser used (e.g. Mozilla Firefox, Google Chrome or Microsoft Edge, Apple Safari, Opera etc.) including the relevant version.
- operating system
This data is processed for the purpose of establishing and maintaining the Internet connection and providing services within the meaning of section 9 (1) TDDDG (German Telecommunications Digital Services Data Protection Act).
b) Server log files
We store the above captioned traffic data in ‘server log files’. The data is not merged with data from other sources.
The basis for data processing is to ensure the identification of technical errors and the security of our website, as well as communication with you in accordance with section 12 (1) TDDDG.
Furthermore, it is based on our legitimate interest in providing you with a functional website in accordance with Art. 6 para. 1 lit. f GDPR.
Personal data (in particular your IP address) is stored in our server logs for a period of 7 days. After anonymization, we may store data for a longer period of time.
c) Processing of content data
Where there is the possibility of entering personal or business data (e-mail addresses, names, addresses) on our website, for example via our contact form, the disclosure of this data by the user is expressly voluntary in accordance with Art. 6 para. 1 lit. a GDPR or on the basis of the contractual relationship in accordance with Art. 6 para. 1 lit. b GDPR. Here too, your data will be treated confidentially and will not be passed on to third parties without your consent. There is also no linking with the above-mentioned communication data.
As a matter of principle, we do not pass on your data to third parties unless you have consented to this or there is a legal basis, e.g. in the event of an access request by a competent authority.
However, for the hosting and maintenance of our website and the dispatch of our newsletter, we rely on the use of service providers who we oblige to comply with the legal requirements by means of order processing.
d) What are Cookies and how do we use them?
Cookies are small text files that are transmitted to your computer together with the data actually requested from the Internet. This data is stored there and kept ready for later retrieval.
So-called session cookies are required in particular in the context of logging in, as we use a so-called single sign-on concept for reasons of user-friendliness during authentication and for access control to the various areas of our portal.
This involves setting up a "session" between the client and server, which allows you to move around the entire portal without having to log in again for each area. This session is represented by a cookie in which a randomly generated number is stored.
In addition, the login information assigned to you (user name, user rights and the validity of the session) is stored in another cookie for access control. You can think of this as replacement login information. Instead of asking you to re-enter your login information, the cookie is sent to the server and accepted as proof of identity.
We differentiate between cookies necessary to provide the basic functionality of our website (necessary cookies) and other cookies which add additional features to our website (additional cookies).
Essential cookies are used to provide the service according to section 25 (2) no. 2 TDDDG.
The validity of essential cookies is regularly limited to the duration of your visit to our portal or our online survey tool (so-called session cookies). This means that they are automatically deleted when you close your browser. They are not linked to personal data and no conclusions can be drawn about a user's activities.
At your express request, you can optionally choose to have your username permanently stored in a third cookie when you log in to our website. This makes it easier for you to log in if you use our website frequently, as your username is already pre-filled in the registration form and you only need to enter your password. We expressly draw your attention to the risks of this procedure, as there is a risk of your login data being misused by third parties.
Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are set.
If we use non-essential cookies, we ask for your consent according to section 25 para. 1 TDDDG.
e) Monitoring, analysis and audience measurement
We are using a tool on our website for monitoring, analysis and audience measurement. It’s purposes are
- performance measurement;
- detection of navigation issues;
- optimising technical performance or usability;
- estimating the power of the servers required;
- analysing the content viewed.
This use is necessary to provide our services according to Section 25 (2) 2 TDDDG.
f) External services
Facebook, LinkedIn, Google
Subject to your prior consent in our cookie banner, we share and receive online data collected through cookies with our advertising partners. As a consequence, your browsing patterns on our site can be transmitted to another website and vice-versa. We use this information to validate the success of online campaigns by us and to calculate payment for such advertising. We require that all of our contractual partners respect the applicable requirements under data protection law. We currently use the following cookies:
- Facebook/ Instagram (Meta Pixel) https://www.facebook.com/privacy/explanation and https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
- LinkedIn Insight Tag https://www.linkedin.com/legal/l/cookie-table
- Google Tag Manager https://developers.google.com/tag-platform/security/concepts/cookies?hl=en
Personio
We integrated Personio into our website to allow you to enter your job application in an easy way. When accessing the jobs section, content from Personio will be displayed to allow interaction with you in the job application process. Personio is our processor and we have a data processing agreement in place.
Youtube
With YouTube-Player we integrate videos from our YouTube-Channels or videos of other accounts into our website. Please note that if you have a YouTube account and are logged in while activating the respective service on one of our websites, your visit may be associated with your user account and your usage behaviour may generally be analysed by YouTube.
To review the data protection notice of YouTube please go to: https://support.google.com/youtube/answer/2801895?hl=en
Typeform
We are using Typeform for our contact forms. Typeform is our data processor and receives personal data to ensure the display and functionality of the contact form. This processing is based on Section 25 (2) 2 TDDG. Further information can be found at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data
Pretix, Eventbrite
We are using Pretix and Eventbrite to sell tickets to our events. Both are independent controllers and receive your data for the performance of ticket purchase.
Eventbrite and Pretix collect the data you enter in the purchase form. Moreover, they collect data. This may include device and browser data (e.g. your IP address), characteristics of your access device and/or browser, statistical data about your activities on the services, and information about how you access the services.
For information on the data processing activities please see
https://www.eventbrite.de/help/en/
https://pretix.eu/about/en/privacy
As organizer of events, we receive the personal data you provide during the booking process from Eventbrite in order to administer and authenticate you as a participant at the event and to provide you with necessary information before and after the event.
The legal basis for our processing activities is the performance of an agreement according to Article 6 (1) 1 lit. b GDPR.
2. Newsletter
You have the option of subscribing to a newsletter on our website or as part of special offers. The newsletter contains current information about our work as well as information about products and events offered by us or in co-operation with us. We process your email address and additional data provided by you to send the newsletter. The legal basis for this processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR)
After ordering the newsletter, you will first receive an e-mail in which you must confirm the order again via a link (double opt-in). This procedure is used to check that the owner of the e-mail address has actually ordered the newsletter. We store the date and time of the confirmation. The legal basis for storage is our legal obligation to document consent (Art. 7 para. 1 GDPR). If you do not confirm your registration, we will delete the data. Otherwise, we will delete the data collected in connection with the registration for the newsletter as soon as it is no longer required to fulfil the purpose for which it was collected or for the purpose of documenting your consent.
You can cancel your newsletter subscription at any time with effect for the future. To do so, please use the unsubscribe function provided in the email or send a message to privacy@falling-walls.com.de.
We use a service provider as a processor to send our newsletter.
3. Provision of Services
We provide you with contractual services such as the opportunity to purchase tickets for events or to obtain digital content.
For this purpose, we require and process personal data such as the service or product purchased, your name, contact details or payment information. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The standard retention period for this is three years from the end of the calendar year in which the service was provided.
We store your data beyond this standard storage period in accordance with statutory retention obligations (e.g. pursuant to section 257 of the German Commercial Code (HGB) and section 147 of the German Fiscal Code (AO)) for up to 10 years after the end of the relevant financial year. The legal basis for this is Article 6 para 1 lit. c) GDPR.
We only forward your data to third parties if this is legally allowed by German or European law. We work with service providers, for example with technical service providers (e.g. running computer centres), with payment or ogistics companies (e.g. postal companies such as DHL). Such service providers may generally only process your data on our behalf or under their own independent control.
4. Job Applications
How do we process the data of applicants?
Data relating to you will generally be collected directly from you, for example during the application process, on the basis of Art. 6 para. 1 lit. b) GDPR.
In addition, we may also receive data from third parties (e.g. job boards such as Indeed, recruitment agencies).
We may also process personal data that we have obtained from publicly accessible sources (e.g. professional social networks) in a permissible manner. If we collect data from such sources, we will inform you immediately in accordance with Art. 14 GDPR about the fact of the data collection and the purposes for which we intend to use it and how we intend to process your data.
The categories of personal data processed from employees include, in particular, your master data (such as first name, surname, name affixes, nationality, personnel number), contact details (such as private address, (mobile) telephone number, email address) and data relating to the entire application process (cover letter, CV, (employment) references, qualifications).
If you have voluntarily provided special categories of personal data (such as health data, religious affiliation, degree of disability) in your application letter or during the application process, this data will only be processed if you have given your consent.
Within our organisation, your personal data will only be disclosed to those people and departments who need it to make a decision about your employment and to fulfil our legal and contractual obligations.
Please also note the information on the use of video conferencing software, e.g. if job interviews are conducted online.
The personal applicant data you provide will be deleted as soon as it is no longer required for the above-mentioned purposes, at the latest 6 months after the end of the application process. This does not apply if you have consented to a longer storage period, if storage is necessary for evidence purposes, or if legal regulations prevent deletion. For example, we retain your applicant data for as long as there is a possibility that you may assert legal claims against us, e.g. due to a violation of provisions of the AGG (Anti-Discrimination-Act).
If, on the other hand, your application leads to the establishment of an employment relationship with you, your data will be stored and used for the purposes of the usual administrative and organisational processes and for the performance of the employment relationship in compliance with the applicable legal provisions.
D. Automated Decision Making
We do not use automated decision-making within the meaning of Art. 22 GDPR.