An initiative of finlit foundation

Privacy policy

I. Name & address of the controller

The controller within the meaning of the General Data Protection Regulation is:

finlit foundation gGmbH
Steindamm 71
20099 Hamburg
Germany
Website: www.finlit.foundation
Mail: info@finlit.foundation

Management: Jana Titov, Sebastian Richter
AG Hamburg HRB 158452
USt-ID: DE 1744023056

II. Name & address of the data protection officer:

The internal data protection officer of finlit foundation gGmbH can be contacted at the above address, attention: Data Protection Officer, or by email at:
E-Mail: datenschutz@finlit.foundation

III. General information on data processing

1. Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first mentioned interest, Art. 6 (1) p. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing
Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

(1) Information about the browser type and version used.
(2) The user's operating system
(3) The user's Internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system accesses our website
(7) Websites that are accessed by the user's system via our website

The log files contain IP addresses or other data that could enable an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user goes contains personal data.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR.

3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f GDPR.

4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are alienated, so that an assignment of the calling client is no longer possible.

5. Possibility of objection and elimination
Insofar as personal data are processed on the basis of legitimate interests in accordance with Article 6 (1) sentence 1 lit. f GDPR, the data subject has the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation. Since the storage of the data is technically mandatory, this can only be prevented by refraining from using the site.

V. Use of cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

(1) Session key
(2) Privacy policy accepted

We also use cookies on our website that enable an analysis of the user's surfing behavior.
(1) search terms entered
(2) frequency of page views
(3) use of downloads

The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

When calling up our website, users are informed by an infomation banner about the use of cookies and referred to this data protection declaration. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) lit. a GDPR if the user has given his consent in this regard.

3. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications:

(1) Session key
(2) Privacy policy accepted

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. (Please also read section XII Web analysis by Matomo / PIWIK).

In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 (1) p. 1 lit. f GDPR.

4. Duration of storage, possibility of objection and elimination
Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Provider: manomoneta.de
Runtime: will be deleted when closing the browser.
Purpose: This cookie stores the setting of your session.
Provider: Helliwood
Duration: 1 day to a maximum of 1 year
Purpose: Cookies for analytical purposes - can be deselected via "Customize cookies".
Provider: Helliwood
Runtime: 30 days
Purpose: This cookie stores your choice of cookie setting.
Provider: Helliwood
Runtime: 30 days
Purpose: This cookie stores your choice of cookie setting.

VI. Contact form and e-mail contact

1. Description and scope of data processing
Contact forms are available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be processed by us and our respective country partner who presents the ManoMoneta initiative and supports the project on site. These data are:

(1) Name, first name
(2) E-mail address
(3) Institution / organisation
(4) Message field

At the time the message is sent, the following data is also stored:

(1) Date and time of contact.

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.

2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) p. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

Insofar as we are legally obliged to do so, we process the data in accordance with Art. 6 para. 1 p. 1 lit. c GDPR.

3. Purpose of data processing
The processing of personal data from the input masks serves us and our partners to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended and a follow-up of the respective request is no longer necessary. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. Follow-up is no longer necessary if the conversation took place so long ago that it can be assumed that it is no longer necessary to refer to its content. Conversations are usually deleted after 24 months if there is no legal obligation to keep records.

5. Right of revocation and objection
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

The revocation of consent and the objection to storage must be made in writing or by e-mail to the above contact details.

All personal data stored in the course of contacting us will be deleted in this case.

VII. Use of social media services

1. Scope of the processing of personal data
We use social media plug-ins from the social networks Facebook and YouTube on our website on the basis of Art. 6 (1) p. 1 lit. f GDPR, in order to make our offers better known.The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

The responsibility for data protection-compliant operation is to be ensured by their respective providers.

The integration of these plug-ins by us usually takes place by way of the so-called two-click method in order to protect visitors to our website as best as possible.

2. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 (1) p. 1 lit. f GDPR.

3. Purpose of data processing

a) Facebook
Social media plug-ins from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") are used on our website to make their use more personal. For this purpose, we use the "LIKE" or "SHARE" button. This is an offer from Facebook.

When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection with the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser, which then integrates it into the website.

By integrating the plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website directly to your Facebook account. If you interact with the plug-ins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research and demand-oriented design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy policy (https://www.facebook.com/about/privacy/).

b) YouTube
We have integrated components of YouTube (subsidiary of Google Ireland Limited with registered office in Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and TV shows, as well as music videos, trailers or videos made by users themselves, can be accessed via the Internet portal.

Each time one of the individual pages of this website operated by the data controller is called up and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive knowledge of which specific sub-page of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognizes which specific sub-page of our website the data subject is visiting when a sub-page containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube at the time of calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not.

If you do not want YouTube to assign the data collected via our website directly to your Google account, you must log out of YouTube before visiting our website.

The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

VIII. Web analysis through Matomo / PIWIK

1. Scope of the processing of personal data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:

(1) Two bytes of the IP address of the user's calling system.
(2) The web page called up
(3) The website from which the user accessed the accessed website (referrer)
(4) The subpages that are accessed from the accessed website
(5) The length of time spent on the website
(6) The frequency with which the website is accessed
(7) System information of the user

The software runs exclusively on a server operated by us in a German data center. A storage of the personal data of the users only takes place there. The data is not passed on to third parties.

The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

2. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of users is Art. 6 (1) p. 1 lit. f GDPR.

3. Purpose of the data processing
The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in the processing of data according with Art. 6 (1) p. 1 lit. f GDPR. By anonymizing the IP address, the interest of users in their personal data protection is sufficiently taken into account.

4 Duration of storage
The data is deleted as soon as it is no longer required for our recording purposes.

In our case, this is the case after termination of the service offered via the website.

5. Possibility of objection and removal
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extend.

We offer our users the option of opting out of the analysis process on our website. To do this, you must follow the link below. In this way, another cookie is set on their system, which signals to our system not to store the user's data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.

More information about the privacy settings of the Matomo software, can be found at the following link: https://matomo.org/docs/privacy/.

IX. Rights of the data subject

You have that right:
  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR to demand the immediate correction of incorrect or completion of your personal data stored by us;
  • in accordance with Art. 17 GDPR to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future;
  • If personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) p. 1 lit. f GDPR, the data subject has the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds for doing so which arise from your particular situation. Since the storage of the data is technically mandatory, this can only be prevented by refraining from using the site and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

X. Data security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual website on our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

XI. Actuality of this privacy policy

This privacy policy is currently valid and has the status 11.05.2020.