We take the protection of your personal data. Therefore, with this data protection declaration we would like to inform you about the type, scope and purpose of the personal data we collect, use and process. We would also like to inform you of your rights.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not possible.
1. Responsible person
The person responsible within the meaning of Art. 4 No. 7 GDPR, other data protection laws applicable in the Federal Republic of Germany and the member states of the European Union and other provisions of a data protection nature is:
58448 Witten, Germany
Prof. Dr. Tom A. Rüsen
Prof. Dr. Frank Stangenberg-Haverkamp (chairman oft the board), Diana Weßling (vice chairwoman), Christiane Dethleffsen, Prof. Rainer Kirchdörfer, Wilfried Neuhaus-Galladé
Tel .: +49 (0) 2302 926-510
2. Data protection officer
The person responsible has named the data protection officer:
Attorney Martin Erlewein
Alte Poststrasse 28b
Any person affected by the processing of personal data by the person responsible can contact the data protection officer directly at any time and with any questions or suggestions regarding data protection.
3. Scope of processing of personal data
In principle, we only process the personal data of the users of these pages to the extent that this is necessary to provide a functional website and our content and services. Our website can usually be used without providing any personal data.
Insofar as personal data (e.g. name, address, e-mail addresses and telephone numbers) are collected, especially when you contact us, this is done on a voluntary basis as far as possible.
4. Legal basis for processing personal data
Insofar as we obtain the consent of the person concerned for the processing of personal data, Article 6 (1) sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing based on this consent.
Article 6 (1) sentence 1 lit. b GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This justification also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as personal data is to be collected and/or processed due to legal requirements or in the public interest, Art. 6 (1) sentence 1 lit. c or lit. e GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of the WIFU Foundation as the controller, WIFU or another third party and if the interests, fundamental rights and fundamental freedoms of the data subjects do not outweigh the legitimate interest, Art. 6 Para. 1 Sentence 1 lit. f GDPR as the legal basis for processing.
5. Duration of storage
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory storage requirements and no other information on individual processing methods is subsequently given.
In the case of statutory retention requirements, we restrict the processing of the relevant data.
6. Sharing of Data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
Your personal data will only be passed on to third parties if you have given your express consent to this, if there is a legal obligation to do so, this is legally permissible and is required for the processing of contractual relationships with you according to Article 6 (1) (b) GDPR.
7. Transfer to third countries
On our pages at www.wifu.de there are functions of the company Google LLC. (Google), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, and its subsidiary, YouTube, LLC (TouTube), 901 Cherry Ave., San Bruno, CA 94066, USA. For Europe, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland is responsible for all Google services.
It cannot be ruled out that Google will also transmit personal data of European Internet users to the USA and thus to a third country and process it there. In order to offer suitable guarantees for compliance with the data transmission conditions laid down in Chapter V of the GDPR and also the other provisions of the GDPR, Google uses corresponding Article 46 (2) (c) GDPR standard data protection clauses issued by the EU Commission. You can find more information about what data Google collects, what this data is used for and what rights you have at https://www.google.com/intl/de/policies/privacy/.
8. Server Log Files
When you visit our website, the browser used on your end device automatically sends information to the server used for our website. These are stored in so-called server log files. The stored data is in particular:
• IP address of the end device you are using
• Date and time of server request
• Referrer url (identification of the previously visited website)
• Browser type and browser version
• operating system used
This data cannot be assigned to specific persons. The IP address is anonymized after collection. This data is not merged with other data sources. This storage takes place on the legal basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
We reserve the right to subsequently check this data if we become aware of specific indications of illegal use. The data will be deleted if no further storage is required for evidentiary purposes. Otherwise, the data is completely or partially excluded from deletion until the final clarification of an incident.
9. SSL or TSL encryption
This site uses SSL or TSL encryption for security reasons. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
10. Contact Form
The WIFU Foundation pursues the statutory purpose of promoting education, science, research and teaching in the field of family business, in particular within the framework of the legally dependent Witten Institute for Family Business (WIFU) of the Economics Faculty of the University of Witten/Herdecke gGmbH. This funding of the WIFU by the person responsible takes place, among other things, through the responsible design and provision of the Internet pages at www.wifu.de.
If you send us inquiries via the contact form, these will be stored with us, including the personal data you have provided, for the purpose of processing the inquiry and in the event of follow-up questions.
11. Forwarding to WIFU Foundation
If your contact or inquiry is not directly addressed to the WIFU foundation, but to the Witten Institute for Family business or it’s employees, we will forward your inquiry and the contact details you have provided to the Witten Institute for Family business or the University of Witten/Herdecke gGmbH. If you give your consent in the contact form, Art. 6 Paragraph 1 lit. a GDPR applies as the legal basis for this transfer.
The data protection declaration of the University of Witten/Herdecke gGmbH can be found at: https://www.uni-wh.de/datenschutz/.
12. Embedded Services
We use the web analysis service Matomo on our websites, which enables us to recognise users across pages for the purpose of analysing user behavior (reach analysis). This enables us to create statistical evaluations of which pages and topics are particularly attractive for our users, when these pages are accessed and from which region the users come. To do this, we collect various usage information, such as B. the anonymized IP address, URL referrer, browser and operating systems used.
The information collected by Matomo about the use of our websites is stored locally on our server. In this respect, no data is passed on to third parties. IP addresses are automatically shortened at the beginning of processing so that they can no longer be clearly assigned, but only provide an approximate indication of the region in which a user logged into the Internet. No cookies are used for Matomo; Likewise, there is no active query of the information required for the assignment of the user from the user’s end device. The system is configured to take into account if you have set ‘Do Not Track’ in your browser settings. In this case, no analysis takes place.
We have a legitimate interest in the anonymous analysis of user behavior in order to be able to optimise our pages and our offers according to actual page usage. Matomo is then used on the basis of Article 6 (1) (f) GDPR.
You have the option to object to the processing of your data by us for analysis purposes. You can end the analysis by Matomo by clicking on the following link (https://stats.wifu.de/index.php?module=CoreAdminHome&action=optOut&language=en). The processing of your data up to the point in time at which you declared your objection remains permissible.
12.2. Google Maps
We use Google Maps from Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA (Google) to provide you with interactive maps on our website for appropriate use. Google Maps is integrated on our website in such a way that Google does not receive any data from you before you have accepted Google Maps to be reloaded and the data processed and exported to the USA by Google. The legal basis for the processing of personal data is your consent in accordance with Article 6 (1) (a) GDPR.
If you are logged in to Google, your data will be assigned directly to your account. If you are not signed into a Google account, Google stores the data it collects with unique identifiers associated with the browser, app or device you are using. Google stores your data as usage profiles. You have the right to object to the creation of these user profiles. Please address this objection directly to Google.
More information about what data Google collects, what this data is used for and what rights you have can be found at https://www.google.com/intl/de/policies/privacy/. Furthermore, in its “Google Maps Controller-Controller Data Protection Terms” Google has committed itself to the appropriate handling of personal data based on the European GDPR (https://privacy.google.com/businesses/mapscontrollerterms/).
We use YouTube plugins to embed videos on our website. The operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, which is a subsidiary of Google.
YouTube is integrated on our website in such a way that YouTube does not receive any data from you before you download a video by clicking on a button and accept the data processing, the storage of information on your end device (local storage) and the data export to the USA by YouTube . The legal basis for the processing of personal data by Google is your consent in accordance with Article 6 Paragraph 1 Letter a GDPR.
Videos are embedded on these pages using the extended data protection mode offered by YouTube. However, the extended data protection mode does not necessarily rule out the transfer of data to YouTube partners. This may result in further processing by Google over which we have no control. Google also transmits personal data to third countries outside the EU for the processing described; especially to the USA.
As soon as a YouTube video is started on this website, a connection to the YouTube servers is established. The YouTube server receives information about which of our pages you are currently visiting. Furthermore, YouTube can save various cookies on your end device after starting a video on the YouTube platform. With the help of these cookies, YouTube can receive information about visitors to our website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempts at fraud. The cookies remain on your end device until you delete them.
13. Social Media
We maintain various social media channels of the WIFU foundation. Our purpose is to provide you with a wide range of multimedia options and to inform about family businesses as well as the offers of the WIFU Foundation and Witten Institute for Family Business.
Links on www.wifu.de take you to our pages on the platforms of the social media providers (so-called fan pages). In some cases, the providers of these platforms provide us, as the operators of these fan pages, with statistical evaluations, in particular of the interactions (likes, shares, contributions, etc.) that you make on one of our fan pages. These evaluations are so-called “page insights”.
Based on the case law of the European Court of Justice (ECJ), it can be assumed that we are jointly responsible with the operators of the platforms for personal data that is collected in connection with a visit or an interaction on one of our fan pages, provided this data is used for page insights are processed. This is due to our legitimate interest in optimizing our fan page (Art. 6 Para. 1 Sentence 1 lit. f GDPR). You can find more information when you visit one of our social media sites via the supplementary data protection declaration for our social media linked there.
We expressly point out that the social media we use store the data of their users (e.g. personal information, IP addresses) in accordance with their own data usage guidelines and use them for business purposes. The rights and setting options you have to protect your privacy can be found in the respective data protection notices of these providers.
Our fan page on Facebook is used for exchange and public relations work on all WIFU Foundation/ WIFU topics related to family business.
Facebook is an offer from Meta Platforms Inc. (Meta). Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for data processing in Europe.
As the operator of a fan page, Facebook provides us with evaluations that can be used to gain insights into the interactions (likes, shares, posts, etc.) that you make on our Facebook fan page (insights). Facebook has agreed with us, as the operator of a fan page, in an agreement on joint responsibility that Facebook is primarily responsible for providing you with information about joint processing and for enabling you to exercise your rights under the GDPR with regard to the processing of your data in connection with exercise our Facebook fan page. You can find more information about Facebook Insights here.
We use the insights provided in the form of anonymous statistics for the purpose of designing and continuously optimizing our pages to meet needs. Among other things, we receive information about the activity of the site visitors, the visits to our site, the reach of contributions, their views and the average duration of video playback as well as information about the countries and cities our visitors come from. We cannot draw any conclusions about individual users from this information.
Meta / Facebook also processes your data in the USA. Due to the existing legal situation in the USA, US authorities can request insight into personal data from providers in the USA. According to this, a level of data protection in the USA below the corresponding EU standard is to be assumed. This can result in risks for the legality and security of data processing.
In order to nevertheless offer suitable guarantees for an appropriate level of data protection, Meta uses standard data protection clauses issued by the EU Commission in accordance with Art. 46 (2) (c) GDPR, the binding validity of which has been agreed with us. The Facebook data processing terms, which correspond to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing. Meta has also taken other appropriate measures to ensure a level of protection comparable to that of the GDPR.
In addition, we only carry out further data processing to a very limited extent. Facebook offers the operators of fan pages on Instagram the statistical evaluation of the use of the fan page through so-called insights. According to the case law of the European Court of Justice, we are jointly responsible with Facebook for the processing of personal data on Instagram. Facebook has concluded an agreement with the operators of the fan page on the division of the resulting rights and obligations. You can find these at https://www.facebook.com/legal/terms/page_controller_addendum.
We use the statistics function under Instagram Insights to find out more about the visitors to our page. Using this feature allows us to better tailor our content to the interests of our visitors. Although we can display purely statistical information, such as the origin of the users; however, we cannot draw any conclusions about individual users from this information.
We use our YouTube channel “WIFU – Stiftung” to promote the exchange and public relations work on all topics related to family businesses with film contributions.
Youtube offers the operators of a channel on Youtube the statistical evaluation of the use of the channel through so-called Insights (here Youtube Insights). We use the statistics function under YouTube Insights to find out more about the use of our video channel. The use of this function enables us, among other things, to analyze the frequency with which our posts are viewed or the average playback time of the videos. We cannot establish any personal reference. In addition, we only carry out further data processing to a very limited extent.
Information on the type, scope, purposes, legal basis and objection and revocation options when using cookies by YouTube can be found at https://policies.google.com/technologies/cookies (including YouTube).
Xing offers us the statistical evaluation of the use of our site through so-called insights. This insight data is particularly suitable for evaluating the interaction of visitors to a page on Xing and the frequency of views (reach). We do not use the insight data provided by Xing.
Information on the type, scope, purposes, legal basis and objection and revocation options when using cookies by Xing can be found here: Xing’s data protection declaration
LinkedIn offers us the statistical evaluation of the use of our site through so-called insights. We use insight data provided by LinkedIn to evaluate the interaction of visitors with our site on LinkedIn (in particular reach). In order to contractually regulate the resulting joint responsibility, the LinkedIn Ireland Unlimited Company bases the processing on a data processing agreement; these can be found at https://legal.linkedin.com/pages-joint-controller-addendum.
14. WIFU Events APP
The WIFU Events App is available for download in the Apple App Store for iOS devices and in the Google Play Store for Android devices.
14.1. Porpose of data processing
The WIFU Events app gives you access to general information and individual events of the WIFU Foundation/ the WIFU. The App is a mobile application designed to promote the exchange of information and communication between users. Depending on which functions of the app you use, further processing of personal data may become necessary.
In order to be able to optimise the design of the app and the events, the person responsible carries out a statistical evaluation of the user’s interaction with the app.
14.2. Type of data
The prerequisite for using the app is that the user registers after being assigned a personal access code. All that is required for registration is the user’s surname and first name. The input of further personal data when creating the user profile is on a voluntary basis. The legal basis for processing the data of your user profile is Article 6 Paragraph 1 Letter a GDPR.
For technical reasons, the collection and processing of so-called log file data is necessary in order to offer you the functions of the app and to ensure its stability and security. This includes the IP address, date and time of the request, access status/HTTP status code, type of internet browser. The legal basis for this processing is Article 6 (1) (f) GDPR.
When downloading a mobile app, the information required for this is transmitted to the App Store, i.e. in particular user name, e-mail address and ID of your account, time of download and the individual device code. We have no influence on this data collection and are not responsible for it. We only process this data to the extent necessary to download the mobile app to your mobile device.
14.3. Legal basis of data processing
In the case of the execution of contracts with you as well as the execution of measures and activities in the context of pre-contractual relationships, the legal basis results from Article 6 (1) sentence 1 lit. b GDPR. This includes the execution of the user contract that comes about with you through use and registration in the app.
If the processing of personal data is necessary and there is no other legal basis for such processing, we ask for your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR before processing. You can withdraw such consent from us at any time.
The statistical evaluation of user interaction with the app for the purpose of optimizing the app and the events is legitimized by the legitimate interest of the person responsible (Article 6 (1) sentence 1 lit. f GDPR).
14.4. Recipients of your data
Depending on whether you use an end device with an Android or IOS operating system for the app, Google or Apple also receive access to your usage data.
When an Android operating system was put into operation on your end device, you were also asked for declarations on data processing by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (Google). You can find more information about what data Google collects, what this data is used for and what rights you have at https://policies.google.com/privacy?hl=de. At https://www.google.com/intl/de_de/policies/technologies/product-privacy/ you will find further options for making data protection settings to the desired extent on a device with the Android operating system. It cannot be ruled out that Google will also transmit personal data from European Internet users to the USA and process it there.
14.5. Access Permissions
Certain access permissions are required for the app to function. Permissions specify what features or data this app is allowed to access. Permissions can be changed at any time after installing the app in your device settings.
Access to the camera of your end device is only possible after you have given your consent. The camera can be used, for example, to scan QR codes to activate events. You can deactivate access to the camera in the device settings and thus revoke your consent at any time.
Access to the memory of your end device that you have shared is required for reading, saving and deleting content for the function of the app. You can deactivate access to the memory of your end device and thus revoke your consent at any time. This may affect the functionality of the app.
Access to your exact or network-based approximate location only takes place after you have given your consent and when the app is running in the foreground. The data collected in this way is used exclusively to provide the app functions you have requested. The legal basis for this data processing is Article 6 (1) (a) GDPR.
We expressly do not create any movement profiles or the like. You can deactivate access to the location data in the device settings and thus revoke your consent at any time.
For the functionality of the app, certain access authorizations are technically required. The legal basis for this data processing is Article 6 Paragraph 1 Letter b GDPR with the purpose of fulfilling the user contract.
Technical access authorizations for Android up to and including version 5
User Account Access: Read Google service configuration, find accounts on device to enable push notifications
Device-specific access: disable sleep mode, control vibrating alert to signal the arrival of push messages.
Network access: get internet data, get network connections, full network access, get wifi connections to allow the app to get the information.
Technical access authorizations for Android from version 6:
Access all networks, disable sleep, read Google service configuration, get internet data, get network connections
Technical access permissions for iOS
Cellular data: Internet data obtained outside of a Wi-Fi range to enable the app to retrieve the information on the go.
15. Your Rights
You have a right to information from the person responsible about your personal data processed by him and further information about the processing carried out in relation to your personal data. You also have the right to correction, deletion or restriction of processing and to object to the processing and data portability of your personal data. In addition, you have a right and a right of appeal to a supervisory authority. If you have given your consent to the processing of your personal data in accordance with Article 6 Paragraph 1 Clause 1 Letter a in conjunction with Article 4 No. 11 GDPR, you have the right to revoke this consent at any time.
If you would like to assert one of the rights mentioned, please contact the person responsible directly using the contact details given above (firstname.lastname@example.org) or our data protection officer (email@example.com). The person responsible is obliged to comply with your asserted right, unless there are justifiable reasons to the contrary. In addition, he may only comply with your request if he was able to clearly identify you as the person affected by his processing of personal data.
You can assert your right of appeal to the supervisory authority responsible for the person responsible. Their contact details are:
The state representative
for Data Protection and Freedom of Information NRW (LDI)
Cavalry Street 24
Phone: +49 (0) 211 – 384240
Status: July 26, 2022