Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section "Notice on the Responsible Party" in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include, for example, data that you enter into a contact form.

Other data is automatically collected or obtained through your consent when you visit the website. This data primarily includes technical information (e.g., internet browser, operating system, or time of the page visit). This data is collected automatically as soon as you access this website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipients, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to file a complaint with the relevant supervisory authority.

For this purpose and for any further questions regarding data protection, you can contact us at any time.

Analytics and Third-Party Tools

When you visit this website, your browsing behavior may be statistically evaluated. This is primarily done using so-called analytics programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

Strato

The provider is Strato AG, Pascalstraße 10, 10587 Berlin (hereinafter referred to as Strato).

For details, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/.

The use of Strato is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If corresponding consent has been requested, processing is carried out exclusively based on Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, provided that the consent includes the storage of cookies or access to information in the user's device (e.g., device fingerprinting) as defined in the TTDSG. Consent can be revoked at any time.

Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of the above-mentioned service. This is a legally required contract that ensures that Strato processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.

When you use this website, various personal data will be collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data from third-party access is not possible.

Notice Regarding the Responsible Entity

The responsible entity for data processing on this website is:

Stiftung Thomas Kirchner Bildungsförderungs gGmbH
c/o Thomas Kirchner
Zennerstr. 1
81379 Munich

Phone: 0351 463–35638
Email: info@yeti-dresden.org

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a specific storage duration is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to exist. If you submit a legitimate deletion request or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will take place after these reasons no longer apply.

General Information on the Legal Bases for Data Processing on This Website

If you have given consent for data processing, we process your personal data based on Article 6(1)(a) GDPR or Article 9(2)(a) GDPR in the case of special categories of data according to Article 9(1) GDPR. In the case of explicit consent for the transfer of personal data to third countries, processing is also based on Article 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is also based on § 25(1) TTDSG. Consent can be revoked at any time.

If your data is required for contract fulfillment or pre-contractual measures, we process your data based on Article 6(1)(b) GDPR. Additionally, we process your data if it is necessary for legal compliance based on Article 6(1)(c) GDPR. Data processing may also occur based on our legitimate interest under Article 6(1)(f) GDPR. The specific legal bases applicable in individual cases are detailed in the following sections of this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external entities. In some cases, the transfer of personal data to these external entities is necessary. We only share personal data if it is required for contract fulfillment, if we are legally obliged to do so (e.g., data transfer to tax authorities), if we have a legitimate interest under Article 6(1)(f) GDPR in sharing the data, or if another legal basis allows for the data transfer.

When using data processors, we only share personal data based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke consent that has already been given at any time. The legality of data processing carried out before revocation remains unaffected.

Right to Object to Data Collection in Special Cases and Direct Advertising (Article 21 GDPR)

IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, their place of work, or the place of the alleged infringement. The right to complain exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process based on your consent or in fulfillment of a contract automatically delivered to yourself or a third party in a common, machine-readable format. If you request the direct transfer of data to another responsible party, this will only be done if it is technically feasible.

Right to Access, Rectification, and Deletion

Under the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, and recipients, as well as the purpose of the data processing, and, if necessary, a right to rectification or deletion of this data. For further questions on personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restriction of processing applies in the following cases:

• If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you require it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection under Article 21(1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may only be processed – apart from being stored – with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. An encrypted connection can be recognized by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our website uses so-called "cookies." Cookies are small data packets that do not cause any harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or your web browser performs an automatic deletion.

Cookies can be first-party cookies (set by us) or third-party cookies (set by other companies). Third-party cookies allow the integration of certain services from third-party providers within websites (e.g., cookies for processing payment services).

Cookies serve different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies can be used for analyzing user behavior or advertising purposes.

Cookies required for electronic communication, the provision of specific functions requested by you (e.g., shopping cart functionality), or optimizing the website (e.g., cookies for measuring web audience) are stored based on Article 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically flawless and optimized provision of its services. If consent for storing cookies and similar recognition technologies has been requested, processing will be based exclusively on this consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

Which cookies and services are used on this website can be found in this privacy policy.

Consent with Usercentrics

This website uses Usercentrics' consent technology to obtain your consent to store certain cookies on your device or to use specific technologies and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (hereinafter referred to as "Usercentrics").

When you enter our website, the following personal data is transmitted to Usercentrics:

• Your consent(s) or the withdrawal of your consent(s)
• Your IP address
• Information about your browser
• Information about your device
• Time of your visit to the website
• Geolocation

Furthermore, Usercentrics stores a cookie in your browser to assign the granted consents or their revocation. The collected data is stored until you request deletion, delete the Usercentrics cookie yourself, or the purpose for data storage ceases. Mandatory statutory retention periods remain unaffected.

The Usercentrics banner on this website was configured with the help of eRecht24. You can recognize this by the fact that the eRecht24 logo appears in the banner. To display the eRecht24 logo in the banner, a connection to the eRecht24 image server is established. This also transfers the IP address, which is only stored in an anonymized form in the server logs. The eRecht24 image server is located in Germany with a German provider. The banner itself is exclusively provided by Usercentrics.

The use of Usercentrics serves to obtain legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the above-mentioned service provider. This is a contract required under data protection law, ensuring that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Inquiry via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all personal data arising from it (e.g., name, request), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on:

• Article 6(1)(b) GDPR, if your request is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures.
• Article 6(1)(f) GDPR, if the processing is based on our legitimate interest in effectively processing inquiries directed at us.
• Article 6(1)(a) GDPR, if consent has been requested; consent can be revoked at any time.

Your inquiry data remains with us until:

• You request deletion,
• You revoke your consent to storage, or
• The purpose for storing the data no longer applies (e.g., after completing your request).

Mandatory legal provisions – especially legal retention periods – remain unaffected.

5. Newsletter

Newsletter Data

If you wish to subscribe to the newsletter offered on this website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. This data is used exclusively for sending the requested information and is not shared with third parties.

The processing of the data entered into the newsletter subscription form is based exclusively on your consent (Article 6(1)(a) GDPR). You can revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time, for example, via the "unsubscribe" link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose of data storage ceases. After unsubscribing from the newsletter, your email address will be deleted from our mailing list or that of the newsletter service provider. We reserve the right to delete or block email addresses from our mailing list at our own discretion as part of our legitimate interest (Article 6(1)(f) GDPR).

Data stored for other purposes remains unaffected.

After unsubscribing from the newsletter mailing list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest under Article 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

6. Plugins and Tools

YouTube with Enhanced Privacy

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our web pages that contains a YouTube video, a connection to YouTube’s servers is established. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalize browsing on YouTube. Ads displayed in enhanced privacy mode are also not personalized. In enhanced privacy mode, no cookies are set. However, local storage elements in the user’s browser may still store personal data and be used for recognition purposes. Details about enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.

Further data processing operations may be triggered after activating a YouTube video, which we have no control over.

The use of YouTube is in the interest of an appealing presentation of our online content. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If a corresponding consent was requested, the processing takes place exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards. More information is available at: Data Privacy Framework.

Google Maps

This website uses the Google Maps mapping service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer. When Google Maps is activated, Google may use Google Fonts for the uniform representation of fonts. When calling up Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offerings and an easy location of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If a corresponding consent was requested, the processing takes place exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: Google GDPR Controller Terms and Google Standard Contractual Clauses.

More information on how Google handles user data can be found in Google's privacy policy: Google Privacy Policy.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards. More information is available at: EU-US Data Privacy Framework.