Data protection

We take the protection of your personal data. Therefore, with this data protection declaration we would like to inform you about the type, scope and purpose of the personal data we collect, use and process. We would also like to inform you of your rights.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not possible.

1. Responsible person

The person responsible within the meaning of Art. 4 No. 7 GDPR, other data protection laws applicable in the Federal Republic of Germany and the member states of the European Union and other provisions of a data protection nature is:

WIFU Foundation

Alfred-Herrhausen-Strasse 48

58448 Witten, Germany

 

Represented by:

CEO:

Prof. Dr. Tom A. Rüsen

 

Advisory Board:

Prof. Dr. Frank Stangenberg-Haverkamp (chairman oft the board), Diana Weßling (vice chairwoman), Christiane Dethleffsen, Prof. Rainer Kirchdörfer, Wilfried Neuhaus-Galladé

 

Tel .: +49 (0) 2302 926-510

Email: info@wifu-stiftung.de

 

2. Data protection officer

 

The person responsible has named the data protection officer:

Attorney Martin Erlewein

Alte Poststrasse 28b

42555 Velbert

Tel .: +49 (0) 2052 8352343

Email: info@kanzlei-erlewein.de

Any person affected by the processing of personal data by the person responsible can contact the data protection officer directly at any time and with any questions or suggestions regarding data protection.

 

3. Scope of processing of personal data

In principle, we only process the personal data of the users of these pages to the extent that this is necessary to provide a functional website and our content and services. Our website can usually be used without providing any personal data.
Insofar as personal data (e.g. name, address, e-mail addresses and telephone numbers) are collected, especially when you contact us, this is done on a voluntary basis as far as possible.

4. Legal basis for processing personal data

Insofar as we obtain the consent of the person concerned for the processing of personal data, Article 6 (1) sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing based on this consent.
Article 6 (1) sentence 1 lit. b GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This justification also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as personal data is to be collected and/or processed due to legal requirements or in the public interest, Art. 6 (1) sentence 1 lit. c or lit. e GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of the WIFU Foundation as the controller, WIFU or another third party and if the interests, fundamental rights and fundamental freedoms of the data subjects do not outweigh the legitimate interest, Art. 6 Para. 1 Sentence 1 lit. f GDPR as the legal basis for processing.

5. Duration of storage

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory storage requirements and no other information on individual processing methods is subsequently given.
In the case of statutory retention requirements, we restrict the processing of the relevant data.

6. Sharing of Data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
Your personal data will only be passed on to third parties if you have given your express consent to this, if there is a legal obligation to do so, this is legally permissible and is required for the processing of contractual relationships with you according to Article 6 (1) (b) GDPR.

7. Transfer to third countries

On our pages at www.wifu.de there are functions of the company Google LLC. (Google), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, and its subsidiary, YouTube, LLC (TouTube), 901 Cherry Ave., San Bruno, CA 94066, USA. For Europe, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland is responsible for all Google services.
It cannot be ruled out that Google will also transmit personal data of European Internet users to the USA and thus to a third country and process it there. In order to offer suitable guarantees for compliance with the data transmission conditions laid down in Chapter V of the GDPR and also the other provisions of the GDPR, Google uses corresponding Article 46 (2) (c) GDPR standard data protection clauses issued by the EU Commission. You can find more information about what data Google collects, what this data is used for and what rights you have at https://www.google.com/intl/de/policies/privacy/

8. Server Log Files

When you visit our website, the browser used on your end device automatically sends information to the server used for our website. These are stored in so-called server log files. The stored data is in particular:
• IP address of the end device you are using
• Date and time of server request
• Referrer url (identification of the previously visited website)
• Browser type and browser version
• operating system used
This data cannot be assigned to specific persons. The IP address is anonymized after collection. This data is not merged with other data sources. This storage takes place on the legal basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
We reserve the right to subsequently check this data if we become aware of specific indications of illegal use. The data will be deleted if no further storage is required for evidentiary purposes. Otherwise, the data is completely or partially excluded from deletion until the final clarification of an incident.

9. SSL or TSL encryption

This site uses SSL or TSL encryption for security reasons. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

10. Contact Form

The WIFU Foundation pursues the statutory purpose of promoting education, science, research and teaching in the field of family business, in particular within the framework of the legally dependent Witten Institute for Family Business (WIFU) of the Economics Faculty of the University of Witten/Herdecke gGmbH. This funding of the WIFU by the person responsible takes place, among other things, through the responsible design and provision of the Internet pages at www.wifu.de.
If you send us inquiries via the contact form, these will be stored with us, including the personal data you have provided, for the purpose of processing the inquiry and in the event of follow-up questions.

11. Forwarding to WIFU

If your contact or inquiry is not directly addressed to the WIFU foundation, but to the Witten Institute for Family business or it’s employees, we will forward your inquiry and the contact details you have provided to the Witten Institute for Family business or the University of Witten/Herdecke gGmbH. If you give your consent in the contact form, Art. 6 Paragraph 1 lit. a GDPR applies as the legal basis for this transfer.
The data protection declaration of the University of Witten/Herdecke gGmbH can be found at: https://www.uni-wh.de/datenschutz/

12. Embedded Services

12.1. Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA (Google). The prerequisite for this is your express consent to the use of the cookies required for this and the processing of personal data intended for this purpose. The legal basis for this processing is Article 6 Paragraph 1 Clause 1 Letter a GDPR.
Google Analytics is used because of our interest in the needs-based design and continuous optimization of our websites. Google processes the website usage data on our behalf and contractually undertakes to take measures to ensure the confidentiality of the processed data.
After you have given your consent, Google will store cookies on your end device and read them out again later. These cookies contain a randomly generated user ID that can be assigned to your use of our website (e.g. calling up individual sub-pages) and with which your end device can be recognized when you visit the website in the future. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles in order to compile reports on the activities on our websites. The information generated by the cookies about your use of our websites includes the data mentioned above in the “Server log files” section. Your IP address will be anonymized so that it cannot be assigned (IP masking). Under no circumstances will your IP address be merged with other Google data. Google also transmits personal data to third countries (e.g. USA) outside the EU for the processing described.
At the same time, Google is pursuing its own purposes in processing your data. Information about which data is collected by Google, what this data is used for and what rights you have can be found at https://www.google.com/intl/de/policies/privacy/.

12.1.1. Shared Responsibility
Taking into account the case law of the ECJ, Google and the person responsible, as Google Analytics users, are to be regarded as jointly responsible for data processing within the framework of Google Analytics. Google also pursues its own purposes in processing the data collected and can link this to other user data such as search history, personal accounts, usage data from other devices and all other data that Google has about this user.
In terms of data protection, the cooperation with Google LLC is based on a concluded agreement on joint responsibility in accordance with Art. 26 GDPR, available at https://privacy.google.com/businesses/gdprcontrollerterms/

12.1.2. Opt Out
If you do not agree to the collection, you can prevent it by installing the browser add-on to deactivate Google Analytics once (opt-out). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent Google Analytics from collecting data by clicking on this link: Disable Google Analytics. An opt-out cookie will be set that can prevent future collection of your data when you visit this website.
As a further alternative, you can prevent the installation of cookies by setting your browser software accordingly, as described below in the Cookies section.

13.2. Instagram
Our WIFU Foundation channel is used for exchange and public relations work by the WIFU Foundation on the subject of family businesses. When you visit our fan page on Instagram, Facebook Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (Facebook), as the provider of Instagram, collects, stores and processes your personal data. Instagram’s privacy policy can be found here.
In addition, we only carry out further data processing to a very limited extent. Facebook offers the operators of fan pages on Instagram the statistical evaluation of the use of the fan page through so-called insights. According to the case law of the European Court of Justice, we are jointly responsible with Facebook for the processing of personal data on Instagram. Facebook has concluded an agreement with the operators of the fan page on the division of the resulting rights and obligations. You can find them here.
We use the statistics function under Instagram Insights to find out more about the visitors to our page. Using this feature allows us to better tailor our content to the interests of our visitors. Although we can display purely statistical information, such as the origin of the users; however, we cannot draw any conclusions about individual users from this information.
Information on the type, scope, purposes, legal basis and objection and revocation options when Instagram uses cookies can be found here: Instagram Cookie Policy

13.3. Twitter
The WIFU Foundation channel on Twitter is used for exchange and public relations work by the WIFU Foundation on the subject of family businesses. When you visit our channel on Twitter, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, as the operator of Twitter, stores and processes personal data to the extent described in the privacy policy. The privacy policy can be found here.
In principle, we do not store or process any of your personal data. Your user name will only be saved if you send us a direct message.
Information on the type, scope, purposes, legal basis and objection and revocation options when using cookies by Twitter can be found here: Twitter Cookie Policy

13.4. Youtube
We use our YouTube channel “WIFU Foundation” to promote the dissemination of knowledge on the subject of family businesses with film contributions.
When you visit YouTube, Google LLC (“Google”), Amphitheater Parkway, Mountain View, CA 94043, USA, as the operator of YouTube, stores and processes personal data in accordance with Google’s privacy policy. YouTube’s privacy policy can be found here.
Youtube offers the operators of a channel on Youtube the statistical evaluation of the use of the channel through so-called Insights (here Youtube Insights). We use the statistics function under YouTube Insights to find out more about the use of our video channel. The use of this function enables us, among other things, to analyze the frequency with which our posts are viewed or the average playback time of the videos. We cannot establish any personal reference. In addition, we only carry out further data processing to a very limited extent.
Information on the type, scope, purposes, legal basis and objection and revocation options when using cookies by YouTube can be found here: Cookie information from Google (including YouTube)

13.5. XING
Our Xing page of the Witten Institute for Family Businesses (WIFU) is used for exchange and public relations work on all WIFU topics related to research on the subject of family businesses. When you visit our site on LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland collects, stores and processes. Xing’s privacy policy can be found here.
Xing offers us the statistical evaluation of the use of our site through so-called insights. This insight data is particularly suitable for evaluating the interaction of visitors to a page on Xing and the frequency of views (reach). We do not use the insight data provided by Xing.
Information on the type, scope, purposes, legal basis and objection and revocation options when using cookies by Xing can be found here: Xing’s data protection declaration

13.6. LinkedIn
Our WIFU Foundation page on LinkedIn is used for exchange and public relations work on the topic of family businesses. When you visit our site on LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland collects, stores and processes. LinkedIn’s privacy policy can be found here.
LinkedIn offers us the statistical evaluation of the use of our site through so-called insights. We use insight data provided by LinkedIn to evaluate the interaction of visitors with our site on LinkedIn (in particular reach). In order to contractually regulate the resulting joint responsibility, the LinkedIn Ireland Unlimited Company bases the processing on a data processing agreement; you can find them here.
Information on the type, scope, purposes, legal basis and objection and revocation options when LinkedIn uses cookies can be found here: LinkedIn Cookie Policy.

14. WIFU Events App
The WIFU Events App is available for download in the Apple App Store for iOS devices and in the Google Play Store for Android devices.

14.1. Porpose of data processing
The WIFU Events app gives you access to general information and individual events of the WIFU Foundation. The App is a mobile application designed to promote the exchange of information and communication between users. Depending on which functions of the app you use, further processing of personal data may become necessary.
In order to be able to optimize the design of the app and the events, the person responsible carries out a statistical evaluation of the user’s interaction with the app.

14.2. Type of data
The prerequisite for using the app is that the user registers after being assigned a personal access code. All that is required for registration is the user’s surname and first name. The input of further personal data when creating the user profile is on a voluntary basis. The legal basis for processing the data of your user profile is Article 6 Paragraph 1 Letter a GDPR.
For technical reasons, the collection and processing of so-called log file data is necessary in order to offer you the functions of the app and to ensure its stability and security. This includes the IP address, date and time of the request, access status/HTTP status code, type of internet browser. The legal basis for this processing is Article 6 (1) (f) GDPR.
When downloading a mobile app, the information required for this is transmitted to the App Store, i.e. in particular user name, e-mail address and ID of your account, time of download and the individual device code. We have no influence on this data collection and are not responsible for it. We only process this data to the extent necessary to download the mobile app to your mobile device.

14.3. Legal basis of data processing

In the case of the execution of contracts with you as well as the execution of measures and activities in the context of pre-contractual relationships, the legal basis results from Article 6 (1) sentence 1 lit. b GDPR. This includes the execution of the user contract that comes about with you through use and registration in the app.
If the processing of personal data is necessary and there is no other legal basis for such processing, we ask for your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR before processing. You can withdraw such consent from us at any time.
The statistical evaluation of user interaction with the app for the purpose of optimizing the app and the events is legitimized by the legitimate interest of the person responsible (Article 6 (1) sentence 1 lit. f GDPR).

14.4. Recipients of your data

Depending on whether you use an end device with an Android or IOS operating system for the app, Google or Apple also receive access to your usage data.
When an Android operating system was put into operation on your end device, you were also asked for declarations on data processing by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (Google). You can find more information about what data Google collects, what this data is used for and what rights you have at https://policies.google.com/privacy?hl=de. At https://www.google.com/intl/de_de/policies/technologies/product-privacy/ you will find further options for making data protection settings to the desired extent on a device with the Android operating system. It cannot be ruled out that Google will also transmit personal data from European Internet users to the USA and process it there.
If you use the app on the iOS operating system from Apple Inc. (1 Infinite Loop, Cupertino, CA 95014, USA), personal data will also be processed by Apple depending on use and your device settings. The data protection settings for this can be adjusted in the device settings of your end device. Your information will be treated in accordance with Apple’s privacy policy, available at: https://www.apple.com/privacy/.

14.5. Access Permissions
Certain access permissions are required for the app to function. Permissions specify what features or data this app is allowed to access. Permissions can be changed at any time after installing the app in your device settings.

14.5.1. Camera
Access to the camera of your end device is only possible after you have given your consent. The camera can be used, for example, to scan QR codes to activate events. You can deactivate access to the camera in the device settings and thus revoke your consent at any time.

14.5.2. Storage
Access to the memory of your end device that you have shared is required for reading, saving and deleting content for the function of the app. You can deactivate access to the memory of your end device and thus revoke your consent at any time. This may affect the functionality of the app.

14.5.3. Location
Access to your exact or network-based approximate location only takes place after you have given your consent and when the app is running in the foreground. The data collected in this way is used exclusively to provide the app functions you have requested. The legal basis for this data processing is Article 6 (1) (a) GDPR.
We expressly do not create any movement profiles or the like. You can deactivate access to the location data in the device settings and thus revoke your consent at any time.

14.5.4. Others
For the functionality of the app, certain access authorizations are technically required. The legal basis for this data processing is Article 6 Paragraph 1 Letter b GDPR with the purpose of fulfilling the user contract.
Technical access authorizations for Android up to and including version 5
User Account Access: Read Google service configuration, find accounts on device to enable push notifications
Device-specific access: disable sleep mode, control vibrating alert to signal the arrival of push messages.
Network access: get internet data, get network connections, full network access, get wifi connections to allow the app to get the information.
Technical access authorizations for Android from version 6:
Access all networks, disable sleep, read Google service configuration, get internet data, get network connections
Technical access permissions for iOS
Cellular data: Internet data obtained outside of a Wi-Fi range to enable the app to retrieve the information on the go.

15. Cookies
Our Internet pages use so-called cookies. These serve to make websites more user-friendly, more effective and more secure. Cookies are small text files that are stored on your computer and saved by your browser. The processing of personal data that takes place here is justified by the interest of the operator of the site in its stable presentation and optimization (Art. 6 Para. 1 lit. f DSGVO).
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your end device until you delete them.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when you close your browser. If cookies are deactivated, the functionality of this website may be restricted.

15.1. Types of Cookies
15.1.1. Required cookies
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. These cookies can also be used without your consent.

15.1.2. Statistics – Cookies
Cookies are also used on our website, which enable an analysis of the surfing behavior of the users. In this way, the frequency of page views and the use of website functions can be tracked.
The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.
A prerequisite for these cookies – and the data processing intended with them – is the informed consent of the user. We ask for your consent when you visit our website and inform you about the use of cookies for analysis purposes. If your consent is obtained, a reference will also be made to our data protection declaration.

15.2. Cookies used
Specifically, the following cookies are used on our website at www.wifu.de.
First Party Cookies
Domain name retention feature
www.wifu.de _gid 1 day statistics (anonymous); Count and track page views
www.wifu.de _ga 2 years statistics (anonymous); Count and track page views
www.wifu.de _gat 1 minute statistics (anonymous); Recognizing Automated Requests
www.wifu.de pll_language session required; Storage of the user’s language selection
www.wifu.de bcookie_consent session required; Storage of consent to data processing
Third party cookies
Domain name retention feature
youtube-nocookie.com CONSENT Persistent required; prevents YouTube from setting further cookies

16. Your Rights

You have a right to information from the person responsible about your personal data processed by him and further information about the processing carried out in relation to your personal data.
You also have the right to correction, deletion or restriction of processing and to object to the processing and data portability of your personal data. In addition, you have a right and a right of appeal to a supervisory authority.
If you have given your consent to the processing of your personal data in accordance with Article 6 Paragraph 1 Clause 1 Letter a in conjunction with Article 4 No. 11 GDPR, you have the right to revoke this consent at any time.
If you would like to assert one of the rights mentioned, please contact the person responsible directly using the contact details given above (info@wifu-stiftung.de) or our data protection officer (info@kanzlei-erlewein.de).
The person responsible is obliged to comply with your asserted right, unless there are justifiable reasons to the contrary. In addition, he may only comply with your request if he was able to clearly identify you as the person affected by his processing of personal data.
You can assert your right of appeal to the supervisory authority responsible for the person responsible. Their contact details are:
The state representative
for Data Protection and Freedom of Information NRW (LDI)
Cavalry Street 24
40213 Dusseldorf,
Phone: +49 (0) 211 – 384240
Email: poststelle@ldi.nrw.de
https://www.ldi.nrw.de/