Privacy Policy

(As of October 2020)

The protection of personal data and the responsible handling of information you entrust to us are of particular importance to us. The AMF-Bruns Foundation (AMF-Bruns) processes personal data only in accordance with legal regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

This privacy policy informs you about how, on what legal basis, to what extent, and for what purposes we process personal data when

• the use of our website (see section 2),
• the conclusion and execution of contracts with us (see section 3),
• visits to our foundation premises (video surveillance) (see section 4),
• visits to the foundation's premises (visitor process) (see section 5),
• normal contact in the course of business operations (see section 7),

We also inform you about the recipients of your personal data within the EEA (see section 8), within third countries (see section 9), the deletion of your personal data and corresponding retention periods (see section 10), your rights as a data subject (see section 11) and whether or not automated decision-making is carried out (see section 12).

AMF-Bruns Foundation, Hauptstraße 101, D-26689 Apen

Phone: +49 (0) 44 89 - 72 71 20, Fax: +49 (0) 44 89 - 71 55

Email: [email protected]

The use of this website https://www.amf-bruns-foundation.com/ requires the processing of personal data to the extent described below.

a) Data processing to enable website use

When you visit our website, we collect personal data to enable you to use it (usage data). This includes your IP address and data about the start, end, and subject of your use of the website, as well as any identification data (e.g., your login data if you log into a secure area). It also includes technical data transmitted by your browser, such as browser type/browser version, the website you visited previously (referrer URL), monitor resolution, operating system, device information (e.g., device type), etc. We process this data for the provision and needs-based design of this website in our legitimate interest (Art. 6 (1) (f) GDPR). If you would like detailed information on the balancing of interests, please contact one of the persons named in section 1.

b) Cookie banner: Consent to cookies and pseudonymous profiling

When you visit our website, information may be stored on your device in the form of cookies. A cookie is a small text file that is sent from a web server to your browser and stored on your device. When you visit our website again, cookie data is transmitted back to our web server. This allows us to recognize you and take your individual settings into account when displaying the website. Cookies can be divided into first-party cookies (used by AMF-Bruns) and third-party cookies (used by third parties). We also categorize cookies as follows:

Cookies in categories 2 to 4 can be used in web analytics and help analyze web traffic. They can be combined with other information about your activities on our website and are processed in pseudonymized usage profiles. This helps us analyze web traffic and improve our website to tailor it to the needs of users. We use this information for statistical analysis only. In addition to cookie-based web analytics, there is also non-cookie-based web analytics using other means, such as your individual device settings, to recognize you when you visit our website again.

The legal basis for the use of category 1 cookies is our legitimate interest in providing our website in accordance with Art. 6 (1) lit. f GDPR.

The legal basis for the use of cookies in categories 2 to 4 and web analytics is your consent pursuant to Art. 6 (1) (a) GDPR. When you visit our website and, if applicable, on subsequent visits, we will inform you about the use of cookies and ask for your consent. To give your consent, we display a corresponding cookie banner. You can give your consent to the use of all cookies by clicking on “Accept all” in the cookie banner that appears. However, you can also consent to the use of individual cookies by selecting them in the cookie banner and then clicking on “Accept selection only.” You are not obliged to give your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until revocation. You can manage and change your cookie settings and your consent settings under the footer link “Cookie Policy”. There you can also revoke your consent.

c) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Analytics uses cookies (see section 2.3) to enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored or processed there. The level of data protection in the USA does not correspond to the European data protection standard. Google does not provide any suitable guarantees in accordance with Art. 46 GDPR for data transfers to the USA. There are also no effective legal remedies available. For example, it is conceivable that US authorities may access your personal data. However, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and thus anonymized. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Before we process your data for the purposes mentioned in this section, we will obtain your consent to the use of Google Analytics and the transfer of data to the USA. You can give and revoke this consent to the use of Google Analytics and the transfer of data to the USA in the cookie banner under the footer link “Cookie Policy” as described in section 2.2.

d) Contact form

We process your personal data when you use our contact form. If you contact us using the contact form provided, your details will be stored so that they can be used to process and respond to your enquiry. We would like to point out that data transmission over the Internet can have security gaps. Complete protection of data against access by third parties is not possible.

The legal basis for this data processing is—depending on the subject of your inquiry—the permissibility of processing within the framework of contract initiation, a contract, or our legitimate interest in providing a contact form for general inquiries (Art. 6 (1) (b) or (f) GDPR). You are not obliged to contact us via the contact form or to provide personal data. If you do not provide your personal data, we may not be able to process your request. Otherwise, there will be no consequences for you. If you would like detailed information on the balancing of interests, please contact one of the persons listed in section 1.

We process personal data relating to you for the purpose of concluding or executing contracts with you.

a) Legal basis

Art. 6 para. 1 lit. b GDPR

b) Purpose and necessity of providing your personal data

We process your personal data for the purpose of establishing and executing the contractual relationship with you. The provision of your personal data is necessary for this purpose. You are not obliged to provide your personal data, but if you do not provide it, it will not be possible to establish and execute the contractual relationship. Otherwise, there will be no consequences for you.

If you visit our foundation premises, we monitor the outdoor area and the parking lot in part by means of video surveillance systems. These areas are marked with the following pictogram:

a) Legal basis

Art. 6 (1) lit. f GDPR.

b) Purpose and necessity of processing your personal data

The purpose we pursue is the prevention, detection, and investigation of criminal offenses, the protection of our property rights, and the fulfillment of traffic safety obligations. Our legitimate interest within the meaning of Art. 6 (1) (f) GDPR is the protection of our property and the property and physical integrity of all visitors and employees. If you would like detailed information on the balancing of interests, please contact one of the persons named in section 1.

If you visit our foundation's premises as a guest, we process the following data: [surname, first name, employer if applicable, start and end date of the visit].

a) Legal basis

Art. 6 (1) lit. f GDPR

b) Purpose and necessity of processing your personal data

The purpose we pursue is the prevention, detection, and investigation of criminal offenses, the protection of our property rights, and the fulfillment of our traffic safety obligations. Our legitimate interest within the meaning of Art. 6 (1) (f) GDPR is the protection of our property and the property and physical integrity of all visitors and employees. If you would like detailed information on the balancing of interests, please contact one of the persons named in section 1.

This paragraph describes circumstances that result in the processing of personal data that is customary in the normal course of business.

These are primarily cases such as the spontaneous exchange of contact details at events, business meals, or other business activities, e.g., through the exchange of business cards, or initial contact by AMF-Bruns or by you with business content, e.g., by entering information in a contact form. We also process your personal data when you contact us via other communication channels (e-mail, etc.).

a) Legal basis

Art. 6 (1) (b) or (f) GDPR – depending on the purpose of providing your personal data or establishing contact.

b) Purpose and necessity of processing your personal data

We collect the following categories of personal data when you or we contact you: contact details such as your name, address, email address, or telephone number; data about your company such as address, email address, business area, job description, title; data about your input/request such as content, time of request, means of communication. This data is processed for storage in our contact databases as part of our business activities, such as email programs, telephone directories, card indexes, etc., for the purpose of resuming contact and/or processing your request and further processing.

Our legitimate interest is to establish contact for the purpose of initiating business, resuming contact, and/or processing your request and further processing, as well as general communication with you.

If you would like detailed information on the balancing of interests, please contact one of the addresses listed in section 1.

We only pass on the personal data described here to the extent that this is necessary for the provision of our services or is required by law in this context. Within the scope of the purposes mentioned here, personal data is forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual requirements regarding data protection. This includes, in particular, an obligation as a processor in accordance with Art. 28 GDPR. In particular, we pass on personal data to the following categories of service providers:

• Accounting, financial institutions, tax and legal advice
• IT services and infrastructure
• IT support and maintenance
• Data destruction and facility services

In addition to the categories already mentioned, other categories of service providers may exist or be added at any time.

Otherwise, we only transfer personal data to other recipients if this is permitted by law or if you have given your prior consent. You can revoke any consent you may have given at any time with effect for the future. We only pass on your data to government agencies within the scope of our legal obligations or on the basis of an official order or court decision, and only to the extent permitted by data protection law.

We delete your personal data as soon as it is no longer required for the aforementioned purposes of processing, in the event of an objection, there are no compelling legitimate grounds on the part of AMF-Bruns, or in the event of a revocation, there is no other legal basis for processing. In certain cases, e.g., if there is a legal obligation to retain data, your personal data will first be blocked and deleted at the end of the retention period.

Video surveillance recordings are generally deleted after a period of 72 hours at the latest. In justified individual cases, in particular for criminal investigations or the preservation of evidence, recordings will be stored for longer and deleted once this purpose has been fulfilled.

Job-related data will be stored until a decision has been made and then deleted after six months at the latest or, in the case of a successful application, transferred to your personnel file.

As a data subject, you have the following rights:

• the right to confirmation as to whether data relating to you is being processed by AMF-Bruns and, if so, the right to access this personal data (Art. 15 GDPR)
• the right to rectification of your inaccurate data (Art. 16 GDPR)
• the right to erasure (Art. 17 GDPR)
• the right to restriction (blocking) of your data (Art. 18 GDPR)

In addition, in the case of processing based on Art. 6 (1) (e) or (f) GDPR, you may object to the processing (Art. 21 GDPR), whereby you must provide a specific reason, except in the case of direct marketing. If you have provided this data, you may request the transfer of the data (Art. 20 GDPR). Whether and to what extent these rights exist in individual cases and under what conditions they apply is laid down by law in the aforementioned standards. If the processing is based on consent within the meaning of Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, you can revoke this at any time for the future (Art. 7 (3) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

If you have any questions or complaints about data protection at AMF-Bruns, we recommend that you first contact our data protection officer (see contact details in section 1).

We do not use your personal data for automated individual decision-making within the meaning of Art. 22 (1) GDPR.

New legal requirements, business decisions, or technical developments may require changes to our privacy policy. The privacy policy will then be amended accordingly. The latest version is always available on our website.