Privacy Policy
Whenever you visit our website, make a request to receive news, register for an event or apply for a job advertisement, we collect and process your personal data. This privacy policy provides you with information about the type, scope and purpose of the collection and use of your personal data by us. You will also receive information about the rights to which you are entitled. It is important to us to be transparent about what information is collected, why it is collected and what happens to it afterwards. Creating this transparency is one of the aims of our data protection policy.
Technical and organisational measures have been taken to ensure that both we and our service providers comply with data protection regulations.
1. Data Controller for Data Processing, Data Protection Officer
The data controller within the meaning of the General Data Protection Regulation (GDPR) is:
ROCKWOOL Fonden
Ny Kongensgade 6
1472 København K
Denmark
tel: +45 33 34 47 00
e-mail: [email protected]
Data Protection Officer is:
Henrik Bonné
Tel. +45 50 75 80 71
Mail: [email protected]
Berlin Office:
ROCKWOOL Foundation Berlin
Kronenstr. 63
10117 Berlin
Germany
tel: +49 0 171 7486051
e-mail: [email protected]
2. Hosting
This website is hosted externally by the following provider:
DigitalOcean, LLC
101 6th Ave,
New York, NY 10013
USA
Your personal data collected on this website is stored on the host’s servers, which are located in Germany. The external hosting serves the secure, fast and efficient provision of our online presence by a professional provider (Art. 6 para. 1 lit. f GDPR). Data processing by our hoster is only carried out to the extent necessary to fulfil its performance obligations.
We have concluded an order processing contract (AVV) with the hoster (see section 13 below).
3. Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). This includes, for example, your name and contact details.
4. What Data is Collected?
On one hand, your data is collected when you provide it to us, for example, by entering it into a contact form. Additionally, when you simply access our website for the Berlin office at https://www.rfberlin.com, we collect information that your browser automatically transmits to our server. This information is temporarily stored by us in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which the access occurs (so-called referrer URL), the browser used, and, if applicable, the operating system of your computer, as well as the name of your access provider.
The mentioned data is processed by us for the following purposes:
- Ensuring a smooth connection and convenient use of our website,
- Evaluation of system security and stability, and
- For other administrative purposes.
5. Legal Basis for Data Processing
The legal basis for data processing is Article 6(1)(1)(f) of the GDPR. Our legitimate interest arises from the aforementioned purposes of data collection. The processing is expressly not carried out with the intent of gaining insights into the identity of the website visitor.
6. Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device when you visit our site. Cookies do not harm your device, do not contain viruses, trojans, or other malicious software.
The cookie stores information that is generated in connection with the specific device being used. However, this does not mean that we can immediately identify you.
Necessary cookies are required to enable the basic functions of this website. These cookies do not store any personal data.
We use so-called session cookies on our website.
The processing is based on Article 6(1)(1)(f) of the GDPR and is in the interest of optimizing or enabling user guidance and adjusting the presentation of our website. These session cookies are automatically deleted after you leave our site.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or so that a notification always appears before a new cookie is created. However, fully disabling cookies may result in you not being able to use all the functions of our website.
7. Data Collection When Contacting Us via Email
If you contact us via email, we store your email address and any additional information you provide. The information you share with us as part of the contact process is used based on Article 6(1)(1)(b) of the GDPR or Article 6(1)(1)(f) of the GDPR in the interest of responding to your inquiry as easily, quickly, and appropriately as possible. Your data will only be processed to respond to your inquiry and will be promptly deleted afterward, provided there are no legal retention obligations on our part. No data will be shared with third parties.
8. Contact Form
When you submit inquiries via the contact form, we store the information you provide and your contact details to process the inquiry. We do not share this data without your consent. The data remains with us until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies, and we are not legally required to retain it.
9. Newsletter
If you register for the newsletter offered on the website, we will send you relevant information about the work and events of RF Berlin. For this purpose, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected.
This website uses MailChimp to send newsletters. The provider is:
Intuit Mailchimp 405 N Angier Ave. NE. Atlanta, GA 30308 USA
MailChimp is a service to organise the sending of newsletters. The data you enter is stored on MailChimp’s servers for this purpose.
When we send newsletters with the help of MailChimp, we can determine whether a newsletter message has been opened and which links, if any, have been clicked on. MailChimp also enables us to categorise newsletter recipients according to various categories (so-called tagging). Newsletter recipients can be categorised, for example, by gender, personal preferences (e.g. vegetarian or non-vegetarian) or customer relationship (e.g. customer or potential customer). In this way, the newsletters can be better customised to the respective target groups. You can find more information at https://mailchimp.com/de
Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR), which you can revoke at any time. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
The service provider of Mailchimp, Rocket Science Group LLC, is based in the USA. There is an adequacy decision for the transfer of data to the USA. In addition, the service provider is certified in accordance with the EU-US data protection agreement (Data Privacy Framework). This agreement between the European Union and the USA is intended to ensure compliance with European data protection standards for data processing in the USA. Companies certified under this agreement undertake to comply with the data protection standards.
We have concluded a data processing agreement (DPA) with MailChimp (see section 13 below).
The data you enter will be stored until you unsubscribe from the newsletter and deleted from the distribution list after you unsubscribe from the newsletter.
10. Plugins
Site Kit by Google
We use the Site Kit by Google plugin to analyse and optimise our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use Site Kit by Google to integrate various Google services such as Google Analytics, Google Search Console and Google AdSense directly into our website and thereby gain insights into the use of our website and improve its performance. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
The data collected by Site Kit by Google will remain with us until you request us to delete it or the purpose for data storage no longer applies (e.g. after the analysis has been completed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Google Ireland Limited has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding internal company regulations that legitimise the internal transfer of data to third countries outside the EU and the EEA. Details can be found here: https://privacy.google.com/businesses/compliance/.
If you do not agree to the use of Site Kit by Google, you can alternatively communicate with us by e-mail or telephone. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy. The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be found at the following link: https://www.dataprivacyframework.gov/list
ACF: Better Search
We use the ACF: Better Search plugin to improve the search function on our website. The provider is Mateusz Gbiorczyk.
We use ACF: Better Search to extend the search function of the WordPress standard search engine and to enable a search for content from selected fields of the Advanced Custom Fields (ACF) plugin. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information can be found on the Plugins ACF Better Search website: https://wordpress.org/plugins/acf-better-search/ or on the developer’s personal page: https://gbiorczyk.pl/
Cloudflare
We use Cloudflare to speed up and protect our website. The provider is Cloudflare, Inc, 101 Townsend Street, San Francisco, CA 94107 USA.
We use Cloudflare to shorten the loading times of our website and to protect it from attacks. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
The data collected by Cloudflare remains with us until you ask us to delete it or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
If you do not agree to the use of Cloudflare, you can alternatively contact us by email or telephone.
Further information can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/
Cloudflare has Binding Corporate Rules (BCR) approved by the Irish Data Protection Authority. These are binding internal company regulations that legitimise the internal transfer of data to third countries outside the EU and EEA. Details can be found here: https://www.dataprivacyframework.gov/list
Akismet Anti-Spam: Spam Protection
We use the Akismet Anti-Spam: Spam Protection plugin to combat spam on our website. The provider is Automattic Inc. 60 29th Street #343 San Francisco, CA 94110, United States of America
We use Akismet Anti-Spam to protect our website from spam and to ensure a safe and clean user experience. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
The data collected by Akismet Anti-Spam will remain with us until you request us to delete it or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
If you do not agree to the use of Akismet Anti-Spam, you can alternatively contact us by e-mail, telephone or fax. Further information can be found in the data protection declaration of Akismet Anti-Spam: https://automattic.com/privacy/
The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agree-ment between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF is com-mitted to complying with these data protection standards. More information can be found at: https://www.dataprivacyframework.gov/list
11. Applicant Data
On our website, we offer you the opportunity to apply for a job with us.
In the event of an application, we process your personal data (such as contact and communication data or application documents) insofar as this is necessary for our decision on the establishment of an employment relationship. This is done on the basis of § 26 BDSG in conjunction with Art. 6 para. 1 lit. b GDPR and in the case of consent in accordance with Art. 6 para. 1 lit. a GDPR. Your consent can be revoked at any time. We will only disclose your data to persons who are involved in processing your application.
If we do not establish an employment relationship with you, we reserve the right to retain your data for up to six months from the end of the application process (Art. 6 para. 1 lit. f GDPR). The data will then be deleted and we will destroy physical application documents. If it is necessary to retain the data for longer (e.g. in the context of a legal dispute), we will only delete your data when the purpose no longer applies.
Longer storage may also be based on your consent (Art. 6 para. 1 lit. a GDPR) or statutory retention obligations.
12. Social media
This privacy policy applies accordingly to our presence on:
- https://x.com/RF_Berlin
- https://de.linkedin.com/company/rfberlin
- https://www.youtube.com/@RFBerlin
- https://bsky.app/profile/rfberlin.bsky.social
Our profiles on social networks are publicly accessible. If you visit one of our pages, we are jointly responsible with the operator of the platform for the data processing operations triggered during this visit. You can therefore assert your rights against both us and the platform operator. Nevertheless, we do not have full control over the data processing operations of the platform and cannot track all processing operations that take place there. You should therefore refer to the terms of use and data protection provisions of the respective platform for details.
13. Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
- this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
When using processors, we only pass on your personal data on the basis of a valid contract for order processing. This is a contract required by data protection law to ensure that the processor processes the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.
14. Your rights
- Right to information in accordance with Art. 15 GDPR:
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. - Right to rectification of inaccurate personal data or to completion in accordance with Art. 16 GDPR:
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed. - Right to erasure (‘right to be forgotten’) in accordance with Art. 17 GDPR:
You also have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. - Right to restriction of processing in accordance with Art. 18 GDPR:
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to processing in accordance with Art. 21 GDPR, for the duration of any review as to whether our legitimate interests outweigh yours. - Right to object to processing in accordance with Art. 21 GDPR:
If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. - Right to data portability pursuant to Art. 20 GDPR:
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party. - Right to withdraw your consent in accordance with Art. 7 para. 3 sentence 1 GDPR:
You have the right to withdraw your consent at any time with effect for the future without affecting the lawfulness of processing based on consent before its withdrawal. - Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR:
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection regulations. The right to lodge a complaint may be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
If you wish to exercise one or more of the above rights, you can contact us at [email protected] or via our contact details provided above.
15. Storage and deletion
Unless otherwise stated in this statement, we store and process your data for as long as and to the extent necessary for our interaction with you. We observe the principle of storage limitation, i.e. we delete your data as soon as we no longer need it and are not legally obliged to store it.
16. Transfer of data to a third country
A transfer to a third country does not take place in principle, unless it is expressly mentioned in this data protection information.
17. Data security
We take technical and organisational measures to protect your data from unauthorised access as comprehensively as possible. We use an encryption process on our website. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
18. Adjustments of the privacy policy
This privacy policy is currently valid and was last updated in September 2024.
Due to the further development of our website or due to changes in legal or official requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed at any time on our website.