Annual programme 2025
learn more
Data protection

Data protection

Sec. 1 General information

Data protection is an important topic. Below, we provide information about the collection of personal data when using our website. Personal data are any and all data that can be related to you personally.

If you only use the website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser technically transmits to our server in order to access the website (Sec. 5).

Controller pursuant to Art. 4 para. 7 GDPR

Alfried Krupp von Bohlen und Halbach Foundation
Hügel 15
D-45133 Essen

info@krupp-stiftung.de

Data Protection Officer

You can reach our company’s personally appointed data protection officer at the following address:

Mr. Patrick Grihn
grihn@dsb.ruhr
DSB Ruhr
℅ nextindex GmbH & Co. KG
Grabenstr. 12
D-44787 Bochum

If you have any questions regarding the processing, the security, or a request for information, you may contact him directly in complete confidence.

Sec. 2 Brief overview of data and processing operations

We would like to provide you with the required clarity (in accordance with Article 12 GDPR). For this reason, we provide the following overview of processing:

  • Types of data processed:
  • Usage data and/or communication data (when accessing a web page, IP address, device information, access duration and access time, etc.)
  • Contact details upon registering or entering the data
  • Master data (name, company, address, etc.)
  • Communication data (metadata about calls, e-mails, if applicable)
  • Content data (especially when sending e-mails)

Furthermore (internally) the following additional data is collected from our customers, interested parties, suppliers and business partners for the provision of services in the areas of quotation and contract management, service and marketing, direct advertising, and customer care:

  • Contract data
  • Master data of customers (CRM)
  • Payment data
  • Order data and invoice data

Data subjects (categories)

  • Users of this website (also referred to as visitors)
  • Customers (in the event of e-mails, etc.)
  • Suppliers
  • Job applicants
  • Members

Purpose
Operation of the website and provision of information
Ensuring the operation of the website and of our systems (e.g. firewall)
Communication with our customers
Responding to enquiries
Optimisation and analysis of the website
Providing information to our (potential) customers and suppliers

Sec. 3 Legal bases in general

In case of the processing of personal data that is required for the fulfilment of a contract to which the data subject is a contractual party, Art. 6 Par. 1 Lit. b GDPR serves as legal basis. This shall also apply to processing operations that are necessary for the carrying out of pre-contractual measures.

If the processing is necessary for maintaining a legitimate interest of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 Par. 1 Lit. f GDPR serves as the legal basis for the processing. This is also in particular the case when we perform tracking to optimise the website or to measure the reach of the newsletter, as well as in the case of direct advertising.

To the extent that the processing of personal data is required for the fulfilment of a legal obligation that our company is subject to, Art. 6 Par. 1 Lit. c GDPR serves as legal basis.

In case vital interests of the data subject or of another natural person make a processing of personal data necessary, Art. 6 Par. 1 Lit. d GDPR serves as legal basis.

To the extent that we obtain a declaration of consent from the data subject for the processing of personal data, Art. 6 Par. 1 Lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

Sec. 4 General rights of data subjects

In short:

  • Access
  • Erasure / restriction
  • Rectification
  • Data portability
  • Withdrawal
  • Complaint with a supervisory authority

Rights in detail:

in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information about its details;

in accordance with Art. 16 GDPR, you have the right to demand the immediate rectification of incorrect or incomplete personal data stored by us;

in accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

in accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it erased and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

in accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;

in accordance with Art. 7 Par. 3 GDPR, you have the right to withdraw your previously granted consent at any time. As a result, we may no longer continue the data processing that was based on this consent in the future, and

in accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority responsible for your usual place of residence or for your place of work or for the registered office of our law firm.

The right to erasure does not apply to the extent that processing is necessary;

for exercising the right to freedom of expression and information;

for complying with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

for reasons of public interest in the area of public health in accordance with Art. 9 Par. 2 Lit. h and i as well as Art. 9 Par. 3 GDPR;

for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 GDPR, in so far as the right referred to in subsection a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

for the establishment, exercise or defence of legal claims.

Sec. 5 Use of the website

General data when calling up the page

(1) In the event the website is used for merely informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 Par. 1 S. 1 Lit. f GDPR):

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Volume of data transmitted in each case
  • Website from which the request originates
  • Browser
  • Operating system and its user interface
  • Language and version of the browser software.

Log files
The storage in log files is performed to ensure the functioning of the website. Additionally, the data serves for optimisation of the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 Par. 1 Lit. f GDPR.

The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected.

This is the case after seven days at the latest in the case of the storage of data in log files. A storage beyond this is possible. In this case, the IP addresses of the users are erased or distorted so that an attribution to the calling-up client is no longer possible.

Cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programmes nor transmit viruses to your computer. They serve to make the web presence overall more user-friendly and more effective.

a) This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies (regarding this, see b)
Persistent cookies (regarding this, see c).

b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various enquiries from your browser can be attributed to the joint session. This allows your computer to be recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings according to your preferences and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out to you that you may not be able to use all functions of this website if you do.

Sec. 6 Integration of third-party services

We use the open source web analysis tool Matomo. The use is necessary for the keeping up of our systems and the scaling of resources and takes place on the basis of Art. 6 Par. 1 Lit. f GDPR (legitimate interest).

In order to compile statistics on visitor traffic, Matomo places cookies on your end device to recognise you again. The data we store includes IP address, operating system, time of access, etc.

In our configuration, IP addresses are anonymised by six digits and do not allow any inferences to be made about the actual connection.

We operate Matomo independently on our web servers, so accordingly, no data is passed on to third parties. You may object to this processing using the opt-out window below or activate the “Do-Not-Track” setting in your browser.

The data will be erased when they are no longer needed for achieving the processing purposes. This is typically the case after 6 months at the latest. https://matomo.nextindex.space/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=&fontColor=121212&fontSize=20px&fontFamily=%22Rotis%20Semi%20Sans%20W04%22%2C%20sans

Sec. 7 E-mail contact

Our website contains e-mail addresses that can be used to contact us electronically. If a user exercises this option, the data that exists or is entered into the e-mail will be transmitted to us and stored by us. These data are:

  • Name of the user
  • E-mail address
  • Message
  • Information about having received a copy of the contact e-mail
  • Meta data of the e-mail (so-called header files)

No passing-on of the data to third parties takes place in connection with this. The data is being utilised exclusively for the processing of the conversation. If necessary to respond to the enquiry, the contact details or data for responding to the enquiry will be passed on to internal departments in the interest of the enquirer, while taking data minimisation into account. In this context, please also note that these parties may, in particular, also be members of the Board of Trustees.

Sec. 9 Applicants

In accordance with the legal requirements, we process your applicant data for the purpose of and as part of the application process and to find a suitable position for you in the company. The processing of your data is carried out to fulfil our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6 Par. 1 Lit. b. GDPR Art. 6 Par. 1 Lit. f. GDPR if the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Sec. 26 BDSG (German Federal Data Protection Act) also applies).

Here, we only process the data provided by you. The necessary applicant data can be found in the respective job advertisements. This includes, for example, information regarding personal master data, contact details, work history, qualifications and the documents relating to the application, such as cover letter, CV and certificates. In addition, you can sometimes voluntarily provide us with additional information. By submitting the application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy. To the extent that special categories of personal data within the meaning of Art. 9 Par. 1 GDPR are voluntarily communicated to us as part of the application process, their processing is additionally carried out in accordance with Art. 9 Par. 2 Lit. b GDPR (e.g. health data, such as disability status or ethnic origin). To the extent that special categories of personal data within the meaning of Art. 9 Par. 1 GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 Par. 2 Lit. a GDPR (e.g. health data, if this is required for exercising the profession).

In the event of a successful application, the data provided by applicants may be processed further by us for the purposes of the employment relationship. Otherwise, if the application for a job opening is not successful, the applicant’s data will be deleted.

The data of applicants will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified cancellation by the applicant, the deletion will take place after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the German General Act on Equal Treatment (AGG). Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Sec. 10 Use of the app

Information regarding the collection of personal data

In addition to our online presence, we make a mobile app available that you can download to your mobile end device (Android & iOS). Below, we provide information about the collection of personal data when using our mobile app.

Information that is collected upon download

When the app is downloaded, certain required information is transmitted to the app store you selected (e.g. Google Play Store or Apple App Store), in particular the username, email address, the customer number of your account, the time of the download, payment information as well as the individual device identification number may be processed in this context. The processing of these data is carried out exclusively by the respective app store and is therefore beyond our control.

Information that is being collected when using the app

Log files

When calling up the app, the following data is stored in a log file for a maximum of 30 days:

IP address of the enquiring device, date and time of the retrieval, amount of data transmitted, identification data of the operating system used, input values transmitted by the enquiring device (e.g. the target file), message as to whether the retrieval was successful. These data cannot be attributed to a person, as the data are assigned a pseudonymised ID.

The processing is carried out to enable the use of the app and to ensure system security. The processing is carried out on the basis of the legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR.

Analysis of the log files

The date and time of retrieval and the pages accessed are analysed for statistical purposes. The data are not attributed to individual users.

The processing is carried out for the purpose of optimising the app on the basis of the legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR.

Use of cookies

When operating and using our app, no cookies are used.

Permissions

In order to use the augmented reality function of our app, access to the camera, the gyroscope sensor and, if necessary, the location of your end device is required. In this case, access to the location is only necessary to be able to use the gyroscope sensor.

When using the app, you will be asked to grant your consent to this access.

The data processed in this manner will not be stored or transmitted to us

Processing for the purpose of sending a recipe

During a guided tour, users have the option of having a recipe sent to their e-mail address. Your e-mail address will only be used to send the e-mail and will not be used for any other purpose. However, you have the option of subscribing to our newsletter. The processing is carried out for the purpose of sending on the basis of the legitimate interest (Art. 6 Par. 1 Lit. f GDPR).

Links to third party websites

Our app contains links to external websites.

Calling them up is indicated by the opening of a new browser window. It is possible that the linked websites may store cookies. The operator of the respective website is responsible for the processing. For more information, please refer to the privacy policy of the respective website operator.

Version of the privacy policy

The privacy policy is amended from time to time to reflect changes in the business process and in the legal situation. You will always find the latest version on the website.

Version: February 2023