THE NEW INSTITUTE Foundation gGmbH
Represented by the Executive Board: Dr. Anna Katsman, Anke Hennings
Tel: 040 3008 2711
Fax: 040 3008 2701
Email: (email: firstname.lastname@example.org)
Data Protection Officer
In fulfilling our obligations under data protection law, we are supported by our Data Protection Officer. The contact details of our Data Protection Officer are as follows:
datenschutz nord GmbH
Hamburg Branch Office
Thank you for visiting our website
In the following, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
When you visit our website, our web server temporarily evaluates so-called usage data for statistical purposes as a protocol used to improve the quality of our website. This data record consists of
- name and address of the requested content,
- date and time of the query,
- of the transferred data volume,
- the access status (content transferred, content not found),
- the description of the web browser and operating system used,
- the referral link, which indicates from which page you reached ours,
- the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
- This data will only be evaluated anonymously.
Storage of the IP Address for Security Purposes
In addition, we store the complete IP address transmitted by your web browser for a period of seven days in the interest of detecting, limiting and eliminating attacks on our web pages. After this, we delete or anonymize the IP address. The legal basis is Art. 6 para. 1 let. f) GDPR.
We take technical and organizational measures to protect your data as comprehensively as possible from unwanted access. We use an encryption procedure on our web pages. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
We use the web analysis tool “Matomo” to design our websites according to your needs. Matomo creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. Through this, we are able to recognize returning visitors and count them as such. The data processing is based on your consent, if you have given your consent via our banner.
You can revoke your consent at any time. Please follow this link and make the appropriate settings via our banner.
- Maximum Storage Duration
- Adequate Level of Data Protection: Processing within EU/EEA
Contact initiated by you (support requests)
We process the data you provide to us in connection with your inquiry to our support e-mail address (email@example.com) exclusively for processing your request. We respond to inquiries relating to the application process of the Urban Data Challenge with a note to resubmit them via Dataport's e-tendering platform. Depending on the content of your enquiry, the legal basis for this includes Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest is based on the aforementioned purpose of processing your enquiry. You can object to this processing at any time. To do so, please send an e-mail to the address mentioned above.
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legal storage obligations prevent deletion.
Other Contract Processors
In accordance with Art. 28 GDPR, we pass on your data to service providers who support us in the operation of our websites and related processes. These are e.g. hosting service providers. Our service providers are strictly instruction-bound via respective contacts.
In what follows, we list the contract processors with whom we collaborate, if we have not already done so in the above text of the data protection declaration. Should data be transferred outside the EU or EEA in this context, we will provide information on the appropriate level of data protection.
Order Processor: CDLX GmbH
Adequate Level of Data Protection: Processing only within EU/EEA
EU/EEA Subprocessor: Hetzner Online GmbH
Adequate Level of Data Protection: Processing only within EU/EEA
Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether your personal data is being processed; if this is the case, you have the right to being informed about this data and to receive the information specified in Art. 15 GDPR.
Right to Rectification (Art. 16 GDPR)
You have the right to request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data without delay.
Right to Erasure (Art. 17 GDPR)
You have the right to request that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.
Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, for example if you have lodged an objection to processing, for the duration of any examination.
Right to Data Portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive your personal data in a structured, common and machine-readable format or to request the transfer of such data to a third party.
Conditions for Consent (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 para. 3 GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
Right to Object (Art. 21 GDPR)
If your data are processed on the basis of Art. 6 para. 1 let f) GDPR to preserve legitimate interests, you have the right to object to the processing. We will then no longer process your personal data unless there are compelling reasons for processing which outweigh your interests, rights and freedoms or unless the processing serves to assert, exercise or defend legal claims.
Right of appeal to a regulatory authority (Art. 77 GDPR)
According to Art. 77 GDPR, you have the right to complain to an authority if you believe that the processing of your personal data is not in accordance with current data protection legislation. The right to appeal may be claimed towards any authority in the Member State of your residence or in which the suspected breach has occurred.
Assertion of your rights
Unless otherwise described, please get in touch with the contact indicated in the imprint to assert your rights.
Information in accordance with Art. 14 of the EU General Data Protection Regulation on Data Processing in the context of contacts
Purpose of processing and legal basis
Contact initiated by us
As part of our general project work, we contact you to inform you about The New Hanse project and the possibility of participating in the competition of ideas. We obtain the necessary contact data from publicly available sources (e.g. institutional websites). In addition, we obtain contact data via a service provider bound by instructions (order processor) who assists us in collecting the contact data. The processing of data required for establishing contact is based on Art. 6 para. 1 let. f) GDPR in the legitimate interest to attract a suitable group of participants for our project work and to conduct our business operations.
You can object to this processing at any time with effect for the future. To do so, please send an e-mail to the address mentioned above.
The data collected will be deleted after completion of processing, unless legal storage obligations or legitimate interests contradict.
Transfer of Data
We will only pass on your data externally if this is permitted under data protection law. Your data may be passed on to external service providers (e.g. IT service providers, cloud-based virus and spam filters) or collected by them.
The necessary order processing contracts in accordance with Art. 28 DSGVO have been agreed. This may involve the transfer of personal data to third countries (in particular the USA). To ensure an appropriate level of data protection, we have therefore agreed to the EU standard contractual clauses and implemented additional technical and organizational measures. which support us in data processing within the framework of commissioned processing strictly bound by instructions. Data transfer also takes place to countries outside the EU\/EEA; corresponding standard contractual clauses have been concluded. Information about your rights as a data subject and about the right to object can be found in the relevant sections above.
On our websites, we embed videos that are not stored on our servers. For reasons of data protection, however - when you call up our web pages - no content from the third-party provider is reloaded and the third-party provider does not receive any information.
Only when you give your consent via our banner will content from the third-party provider be reloaded. This provides the third-party provider with the information that you have accessed our site and the usage data that is technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. Your consent includes that content of the third-party provider is reloaded.
The embedding is based on your consent, provided that you have given your consent via our banner. Please note that the embedding of many videos leads to your data being processed outside the EU or EEA (in particular the USA). There is a risk here that authorities may access the data for security and monitoring purposes without you being informed or having any legal recourse. If we use providers in insecure third countries and you consent, the transfer to an insecure third country is based on Art. 49 (1) lit. a DSGVO.
Adequate level of data protection
Processing also possible outside the EU/EEA. No adequate level of data protection. The transfer takes place on the basis of Art. 49 (1) lit. a DSGVO.
Revocation of consent
If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.