Privacy statement for the website of the Ferry Porsche Foundation
We, the Ferry Porsche Foundation (referred to in the following as “we” or the “Foundation”), are glad to welcome you to our website and are pleased that you are interested in our activities. Your privacy is important to us. We take protecting your personal data and the confidential treatment of it very seriously. Your personal data will be processed exclusively within the limits of the statutory provisions of the European Union’s data protection law, specifically the General Data Protection Regulation (hereinafter “GDPR”) and the German Telemedia Act (hereinafter “TMG”). This privacy statement informs you of how your personal data are processed and of your data protection rights within the context of using the website of the Ferry Porsche Foundation.
- Responsibility for data processing and data protection officer; contact
Responsibility for data processing as specified in data protection law lies with:
Tel: (+49) 0711 911-29937
If you have any questions or suggestions regarding data privacy, feel free to contact us.
- Object of data protection
The object of data protection is personal data. This refers to all information referring to an identified or identifiable individual person (known as the data subject). This includes, for example, information such as names, postal addresses, email addresses or telephone numbers, as well as information that necessarily arises while using the Foundation’s website, such as information about the start, end and scope of use, and communicating your IP address.
- Nature, extent, purpose and legal basis of automated data processing
In general, it is possible to use the Foundation website without registering. Even if you use the Foundation website without registering, personal data may be processed.
Below is an overview of the nature, extent, purpose and legal basis of data processing on the Ferry Porsche Foundation website.
3.1 Providing the website of the Ferry Porsche Foundation
When your end device accesses the Foundation’s website, we automatically process the following data:
Date and time of access
Duration of visit
Type of end device
Operating system used
Volume of data sent
Nature of the event
We process these data on the basis of Article 6(1)(f) of the GDPR in order to provide the service, to safeguard technical operation, and in order to identify and rectify faults. In doing so, we pursue the aim of enabling use of the Foundation’s website and ensuring it functions technically in the long term. When the Foundation’s website is accessed, these data are processed automatically. It is not possible to use our services without providing these data. We do not use these data for the purposes of drawing conclusions about your person or your identity.
As a rule, we delete these data after 90 days, unless, under exceptional circumstances, we require them longer for the purposes specified above. In these cases, we delete the data immediately once the purpose no longer applies.
- Recipients of personal data
Internal recipients: Within the Ferry Porsche Foundation, only persons who require access to these data for the purposes specified above in section 3 receive these data.
External recipients: We shall only pass on your personal data to external recipients outside the Ferry Porsche Foundation where this is necessary in order to process or handle your request, where another legal permission exists, or where we have your consent.
External recipients may include:
- a) Public authorities
Authorities and government institutions, such as public prosecutors, courts or financial authorities to whom we must transfer personal data for imperative statutory reasons. The data shall then be passed on in accordance with Article 6(1)(c) of the GDPR.
- b) Private entities
Cooperation partners or auxiliary persons to whom the data are transferred on the basis of your consent, in order to execute a contract with you, or in order to safeguard legitimate interests. The data shall then be passed on in accordance with Article 6(1)(a), (b) and/or (f) of the GDPR.
- Data processing in third countries
If data are transferred to bodies whose headquarters or whose data-processing facilities are not located in a Member State of the European Union or a country which is a signatory to the Agreement on the European Economic Area, before transferring the data we shall ensure that, other than in exceptional cases permitted by law, the recipient either has a suitable level of data protection (e.g. due to an adequacy decision by the European Commission, due to suitable guarantees such as a self-certification by the recipient for the EU-US Privacy Shield or the agreement of what are known as EU standard contractual clauses between the European Union and the recipient) or you grant sufficient approval for the data to be transferred.
You can request an overview of recipients in third countries from us and a copy of the specifically agreed provisions for ensuring an appropriate level of data protection. To do so, please use the contact data specified in section 1.
- Period of retention
For the retention period for personal data, see the corresponding section on data processing relating to specific services and functions above in section 3. In addition, the following general rules applies: we only store your personal data for as long as necessary to fulfil the relevant purposes or – where consent is given – until such a time as you revoke your consent. If you should revoke your consent, we will delete your personal data, unless further processing of said data is permitted in accordance with the relevant legal provisions. We shall also delete your personal data when obliged to do so for statutory reasons.
- Rights of the data subject
As the subject of data processing, you have numerous rights. Specifically, these include:
Right to information: You have the right to receive information about data stored by us concerning your person.
Right to rectification and deletion: You have the right to demand that we rectify incorrect data and – provided that the statutory prerequisites are fulfilled – delete your data.
Restriction of processing: You have the right to demand that – provided that the statutory prerequisites are fulfilled – we restrict the processing of your data.
Data portability: If you have provided us with data on the basis of a contract or a declaration of consent, you can demand, if the statutory prerequisites are fulfilled, to view the data that you have provided; this information shall be provided to you in a structured, conventional and machine-readable format, or you can demand that this information be transferred to another responsible party.
Objection to data processing on the legal basis of “legitimate interest”: You have the right, for reasons that arise from your specific circumstances, to object at any time to data processing by us, provided this is based on the legal basis of “legitimate interest”. If you exercise your right of objection, we shall suspend processing of your data, unless we can prove compelling legitimate reasons that outweigh your rights – in accordance with the statutory provisions – for continuing the processing.
Revoking of consent: If you have granted us your consent to process your data, you can revoke this declaration of consent at any time with future effect. The legality of the processing of your data up until the revocation shall remain unaffected by this.
Right of appeal to the regulatory authority: You can also lodge an appeal to the responsible regulatory authority if you believe that the processing of your data is in breach of applicable law. On these matters, you may also contact the data protection authority responsible for your place or country of residence or you may contact the data protection authority responsible for us.
Contacting us: Furthermore, should you have any questions about the processing of your personal data, about your data subject rights or about any declaration of consent you may have submitted, you can contact us free of charge. To exercise any of the rights specified above, please contact firstname.lastname@example.org or the postal address listed in section 1. When doing so, please make sure that we are able to clearly identify your person.
- Links to services from third parties
Websites and services from other providers that are linked to on the Foundation’s website have been and will be designed and provided by third parties. We have no influence on the design, content and function of these third-party services. We expressly dissociate ourselves from all the content of all linked services from third parties. Please note that third-party services linked to on the Foundation’s website may possibly install their own cookies on your end device and they may collect personal data. We have no influence over this. If necessary, please contact the providers of linked third-party services directly for information.
The most recent version of this privacy statement shall apply. Last updated: 18 July 2018.