Falling Walls Foundation gGmbH, (“we”) operates the website falling-walls.com (the “Site”), accessible at https://falling-walls.com.
I. Identity of the controller
Falling Walls Foundation gGmbH
10969 Berlin, Germany
phone: +49 30 60 988 39 70
fax: +49 30 60 988 39 79
II. Purposes of processing, its legal basis and the period for which the data will be stored
1. General use of the Site
Generally, we do not store personal data while you use our Site with the exception that our webserver registers all connections to the Site automatically and collects the following technical information about your visit:
- IP address
- Name of the files accessed
- Information about the transmission
- Date and time of the connection
- Amount of data transmitted
- Operating system and
- Web browser/user agent
We process this data to establish a connection to your device over the Internet. We store the aforementioned data in log files in order to ensure the security and integrity of our IT systems. The respective purposes of the processing also constitute our legitimate interests we pursue with it (Art. 6 par. 1 lit. f) GDPR). We retain our log files for 14 days and delete them thereafter.
You can contact us, for example, by writing an email. In such case, we will process the personal data you provide us with in order to answer your request. This may include especially your name, email address, subject of your message and the message itself. We will retain your messages until we have fulfilled your request. Afterwards, we will delete it immediately. The processing for such purposes is based on Art. 6 par. 1 lit. f) GDPR, while the purposes of the processing also constitute our legitimate interests we pursue with it.
You can subscribe to our newsletter on our Site. In this case, we will process your email address for sending our newsletters based on your consent (Art. 6 para. 1 lit. a) GDPR) until you withdraw your consent. You can withdraw your consent at any time, for example, by clicking on the unsubscribe link provided in every newsletter email or by contacting firstname.lastname@example.org.
In addition, we process the time of registration and your double opt-in confirmation. We process your data for pursuing our legitimate interest and to be able to prove our compliance with the law. The legal basis for this is Art. 6 par. 1 lit. f) GDPR and Art. 6 par. 1 lit. c) GDPR in conjunction with Art. 5 par. 2 DSGVO.
We analyze your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletters. This purpose also represents our legitimate interest that we pursue with this processing (Art. 6 par. 1 lit. f) DSGVO).
We use the tool XING Events, a service provided by XING Events GmbH, Sandstr. 33, 80335 Munich, for the registration, invoicing and payment regarding our events. The operator of the XING Events websites and controller in respect of data protection law is New Work SE, Dammtorstraße 30, 20354 Hamburg.
XING Events is an event management tool that allows you to register for an event or to buy a ticket for an event. When you purchase tickets or register yourself, XING Events collects your data and transmits it to us as the organizer. XING Events collects and processes your data as a controller in its own right. We only receive the necessary data from XING Events to carry out the event. We process your data for the performance of the contract with you (e.g. for checking admission to the event) on the basis of Art. 6 par. 1 lit. b) GDPR. For these purposes we process the data until the respective event had been held and store it for three more years if we have to make or defend against claims resulting from our contractual relationship.
After this period, we will retain your information for additional 3 years in order to be able to make claims resulting from our contractual relationship or defend ourselves against such claims.
Further information on XING’s data protection can be found at: https://privacy.xing.com/en/privacy-policy.
If you apply for a position at our organization, we will process your personal data the application procedure based on Sec. 26 par. 1 BDSG (Bundesdatenschutzgesetz, German Federal Data Protection Act). If your application is not successful, we will retain your personal data for additional 6 months, beginning at the end of the month in which we decide on your application. During this time we will use your data to defend ourselves against claims based on the anti-discrimination law (Allgemeines Gleichbehandlungsgesetz, AGG) and delete it thereafter. The legal basis for such processing is Art. 6 par. 1 lit. c) GDPR.
6. Legal obligations to retain documents
We have the statutory obligation to retain certain documents according to Sec. 257 HGB (German Commercial Code) and Sec. 147 AO (Fiscal Code of Germany) as well as social security laws and employment laws. These documents may also include personal data. Specifically, these are:
- Accounts and records, inventories, annual financial statements, single fiscal statements according to Sec. 325 par. 2a HGB, group fiscal statements, situation reports, group situation reports the opening balance sheet as well as the operating instructions and other organizational documents needed for their comprehension, accounting records, documents pursuant to Article 15(1) and Article 163 of the Union Customs Code.
These documents have to be retained for a period of 10 years.
- Trade or business letters received, reproductions of trade or business letters sent, other documents to the extent that these are of relevance for taxation.
These documents have to be retained for a period of 6 years
The respective storage period shall begin upon the end of the calendar year in which the last entry was made in the accounts, the inventory, the opening balance sheet, the annual financial statement or the situation report drawn up, the trade or business letter received or sent, the accounting record created, the record made or the other documents created. The legal basis for such processing is Art. 6 par. 1 lit. c) GDPR.
III. Recipients and transfers to third countries
If we are not able to provide services ourselves, we use external service providers. These service providers are primarily providers of IT services, such as our web host, e-mail provider or telecommunications provider.
IV. Rights of the data subject
If the respective requirements are met, the GDPR grants you certain rights as a data subject.
Art. 15 GDPR – Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information.
Art. 16 GDPR – Right to rectification: You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Art. 17 GDPR – Right to erasure: You shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
Art. 18 GDPR – Right to restriction of processing: You shall have the right to obtain from us the restriction of processing.
Art. 20 GDPR – Right to data portability: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you shall have the right to transmit those data to another controller without hindrance from us. You shall also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
Art. 77 GDPR – Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
V. Especially right to object and withdrawal of consent
Art. 21 GDPR – Right to Object: You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
In such case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you wish to object to any processing of data, you may send us an email to one of our aforementioned email addresses.
Art. 7 par. 3 GDPR – Withdrawal of Consent: If you have given us your consent, you have the right to withdraw your consent at any time. In case of withdrawal, all data processing based on your consent before your withdrawal will remain lawful.
VI. Obligation to provide us with personal data
You have no statutory or contractual obligation to provide us with any personal data. However, we may not be able to provide you with our services if you decide not to do so.
VII. Existence of automated individual decision-making, including profiling
We do not use automated individual decision-making, including profiling pursuant to Art. 22 GDPR, which produces legal effects concerning you or similarly significantly affects you.
VIII. Internet processing or use of personal data
If you wish to prevent us from storing cookies on your device, you may use our consent management tool at the top of the page. Alternatively, your web browser or device may provide you with settings to do so. you find an instruction on how to change your settings in the help section of your browser or device. The respective settings only apply to the device you are currently using. If you use another device, change your web browser or reinstall your browser you may have to change the respective settings again. Please, be aware that not accepting cookies may lead to you not being able to use our Site and all its functions.”
2. Google Analytics
We use Google Analytics, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”, to collect information about how users use our Site. This information also includes your IP address. However, as IP-anonymization is activated, your IP address will be truncated and therefore anonymized on systems within the European Union/ European Economic Area and as soon as technically feasible. Only in exceptional cases, the full IP address will be transferred to a Google server in the United States, and then shortened. Therefore, the information generated by the cookie about your use of the Site can be transmitted to and stored by Google or one of its affiliates on servers in the United States. However, Google is certified under the EU-US-Privacy Shield. Through certification according to the EU-US Privacy Shield Google guarantees that an adequate level of protection is ensured when processing data in the United States. The certificate is available at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
You can also opt-out by downloading and installing ‘Google Analytics Opt-out Browser Add-on’ for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en.
Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it. The collected data is stored for  months. Further information on how Google processes personal data is available at: www.google.com/analytics/terms/de.html; https://policies.google.com/?hl=en .
We use the function GA Audiences. With this function enabled, Google will create so called audiences, which means that it categorizes our users in separate groups such as sites you were interested in, your country or region, used devices or similar. With this data we are able to gain more insight in our visitors. However, we cannot and will not relate such data to a specific person but only process it in an aggregated form.
We embed YouTube videos on our Site. The website de.youtube.com is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “YouTube”. YouTube is a subsidiary of Google. If you are watching embedded YouTube videos on our Site, you will be connected to youtube.com. This connection is required in order to be able to display the respective video on our Site within your browser.
We embed all YouTube videos using YouTube’s privacy-enhanced mode. According to YouTube, the privacy-enhanced mode will ensure that no activity is collected to personalize the viewing experience.
Please note that YouTube will record and process at a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established.
If you are logged in to YouTube when you access our Site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our Site or make the appropriate settings in your YouTube account.
4. Facebook Pixel and “Custom Audiences from your website”
We use the “Facebook pixel” of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).
By displaying this pixel as well as by storing cookies by Facebook or third parties in your browser, Facebook can then recognize whether a Facebook Ad was successful, for exam-ple whether it led to an online purchase. We only receive statistical data from Facebook without reference to a specific person. This enables us to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes. In addition, the data collected by the pixel are used in certain situations to play out target-group-specific advertising. For further information on the collection and use of data by Facebook, in particular, if you are logged into your Facebook account, we refer you to Facebook’s pri-vacy policy: https://www.facebook.com/about/privacy/.
We also use the feature “Custom Audiences from your website” on our website.
The legal basis for the processing is Art. 6 par. 1 lit. f) GDPR. Our purpose to evaluate the effectiveness of Facebook advertisements constitutes our legitimate interest.
Using the Facebook Pixel, data may be transferred to a Facebook server in the United States, since Facebook Ireland uses the Facebook Inc. as a sub processor. However, Face-book Inc. is certified under the EU-US-Privacy Shield. Through certification according to the EU-US Privacy Shield Facebook guarantees that an adequate level of protection is en-sured when processing data in the United States. The certificate is available at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
5. Twitter Ads
We use the “Twitter Ads” of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”).
Twitter Ads stores and processes information about your user behavior on our website. For this purpose, Twitter Ads sets cookies that enable Twitter to analyze your use of our website. In addition, a so-called “Twitter pixel” can be used to track your actions after you have seen or clicked on a Twitter advertisement.
We use Twitter Ads for marketing and optimization purposes, in particular to analyze the use of our ads and tailor the audiences of our ads on twitter as well as to analyze the conversion on our website. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. The aforementioned purposes also constitute our legitimate interest in the processing of the above data by Twitter. The le-gal basis is Art. 6 par. 1 lit. f) GDPR.
Using Twitter Ads data are being processed in the USA. However, Twitter Inc. is certified under the EU-US-Privacy Shield. Through certification according to the EU-US Privacy Shield Twitter guarantees that an adequate level of protection is ensured when pro-cessing data in the United States. The certificate is available at: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
Further information on data protection for Twitter Ads can be found on the following website: https://twitter.com/de/privacy.
6. Social Networks
We have profiles on social networks. Our social media accounts complement this Site and provide you with the opportunity to interact with us. As soon as you access our social media profiles in the social networks, the terms and conditions and the data processing policies of the respective operators apply.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Opt-Out Options: www.facebook.com/settings?tab=ads and www.youronlinechoices.com
About Insights: www.facebook.com/legal/terms/information_about_page_insights_data
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA as subsidiary of Facebook.
Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
Opt-Out Options: www.twitter.com/personalization
YouTube LLC as subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Opt-Out Options: adssettings.google.com/authenticated
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Opt-Out Options: www.linkedin.com/psettings/?trk=nav_account_sub_nav_settings
We process personal data as a controller, when you send us requests via the social media accounts. We process this data to answer your requests which also constitutes our legitimate interest (Art. 6 par. 1 lit. f) GDPR).
In addition, we are jointly responsible as joint controllers with the following networks and for the following processing operations (Art. 26 GDPR):
When you use our profiles in the networks Facebook, Instagram and LinkedIn, the respective network collects aggregated statistics (“Insights data”) that are created from certain events logged by their servers when you interact with our profiles and the content associated with them. We receive these aggregated and anonymous statistics from the networks about the use of our respective profile. We are not able to associate the data with specific users. To a certain extent, we can control the criteria by which the respective network creates these statistics for us. We use these statistics to make our service more interesting and informative for you. This also constitutes our legitimate interest (Art. 6 par. 1 lit. f) GDPR) for the collection of data carried out by the respective social network to provide us with statistics.
Further information on this data processing is available in the respective Joint Controller Addendum at:
There are some cookies that we have to include in order for certain web pages to function. For this reason, they do not require your consent.
First-Party persistent cookie, expires after 24 hours. Remembers if the falling wall animation was shown.
First-Party persistent cookie, does not expire. Remembers your privacy settings.
Remember your video autoplay preferences. Does not expire.
Restores your scroll position on page reload. Expires after 1 second.
First-Party session storage, expires after you quit your browser. Remembers popups that should be shown each session.
First-Party local storage, does not expire. Remembers popups that should be shown only once.
We use these purely for internal research on how we can improve the service we provide for all our users.
Identifies the user. Expires after 2 years.
User journey. Expires after 24 hours.
Throttle request rate. Expires after 10 minutes.
There cookies enable third parties to show you relevant content about Falling Walls Foundation.
Used by Twitter pixel. Expires after 2 years.
Used by Facebook pixel. Contains a unique browser and user ID, used for targeted advertising. Expires after 90 days.
This cookie is used for re-targeting, optimisation, reporting and attribution of online adverts. Expires after 390 days.
Berlin, May 2020