(1) The following information tells you how we collect personal data when you use our website. Personal data are all data that relates to you personally, e.g. name, address, email addresses, and how you use the website.
(2) The controller within the meaning of Art. 4 (7) General Data Protection Regulation (GDPR) is:
Possehl Foundation
Max Schön, Chair
Beckergrube 38 - 52
23552 Lübeck
Tel.: +49 (0)451 148 200
Fax: +49 (0)451 148 302
Email: possehl-stiftung(at)possehl.de
(3) When you get in touch with us by email or via the contact form, we store your data, including the contact data you provide there, for the purpose of dealing with your enquiry.
These data are processed on the basis of Art. 6 (1) b) GDPR if your enquiry relates to the performance of a contract or is necessary to carry out pre-contractual activities. In all other cases the processing is based on our legitimate interest in dealing effectively with enquiries sent to us, in accordance with Art. 6 (1) f) GDPR, or on your consent pursuant to Art. 6 (1) a) GDPR to the extent that it has been requested.
The data you input into a contact form stays with us until you ask us to delete it or you withdraw your consent to the storage or the reason for the data storage no longer applies (e.g. once your enquiry has been answered or if you become party to a sales agreement). This does not affect binding statutory provisions, particularly those defining storage periods.
(4) If we wish to use third-party service providers for specific functions of our offering or if we wish to use your data for advertising purposes, we will notify you in detail of the procedures this involves in each case.
(1) You have the following rights with regard to us concerning your personal data:
- Right of access
- Right to rectification or deletion
- Right to restriction of processing
- Right to object to processing
- Right to withdraw consent to processing
- Right to data portability
(2) You also have the right to lodge a complaint with a supervisory authority (see below) about the processing of your personal data.
(1) When you use our website for information purposes only, i.e. if you do not register or otherwise send us information, we only collect the personal data that your browser transmits to our server. If you wish to view our website we collect the following data, which are technically necessary to display our website and ensure its stability and security:
- IP address
- Date and time of request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transferred
- Referrer website
– Browser
- Operating system and GUI
- Language and version of browser software
The storage period is 14 days. The legal basis is Art. 6 (1) f) GDPR and our legitimate interest is in ensuring the stability and security of our systems.
(2) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your computer’s hard disk and allocated to the browser you use. They send information to the service that sets the cookie.
(3) Use of cookies:
- Transient cookies (see b)
- Persistent cookies (see c).
We use a consent manager (cookie notice) to notify you as required by law and to ask you for your preferences.
This enables us to comply with our statutory obligation to keep evidence, e.g. to store your consent or if you do not consent, your rejection.
The controller collects and processes the personal data of job applicants for the purpose of conducting the application procedure. These data are processed on the basis of Section 26 (1) sentence 1 German Federal Data Protection Act (BDSG), which covers decisions about establishing an employment relationship.
If the controller does not enter into an employment contract with the candidate, the application documents are erased automatically five months after the decision to reject the candidate has been announced, unless this conflicts with any other legitimate interests of the controller. Another legitimate interest within the meaning of Art 6 (1) f) GDPR could be for example an obligation to provide evidence in legal proceedings under the General Act on Equal Treatment (AGG).
The contents of our pages have been compiled with great care. However, we are not liable for ensuring that the contents are correct, complete and up-to-date. Section 7 (1) German Telemedia Act (TMG) stipulates that as service providers we are responsible for our own contents on these pages in accordance with general legislation. In accordance with Sections 8 to 10 TMG, however, we are as service providers not obliged to monitor third party information that has been sent to us or stored by us or to investigate it for any indications of illegal activity. This does not affect any obligation under general legislation to remove or prevent the use of information. However, we are only liable in this regard from the time we become aware of a concrete breach of the law. We will remove contents without delay when we become aware of any such breaches of the law.
Our pages may include links to external third-party websites over which we have no control. We therefore assume no liability for these third-party contents. The contents of linked pages are always the responsibility of their respective operator. The linked pages were examined for unlawful content at the time the link was set. At this time there was no indication of unlawful content. However, it is not reasonable for us to monitor the linked pages on a permanent basis without any concrete indication of unlawful content. If we become aware of unlawful content we will remove any such links without delay.
We take technical and organisational measures to secure our website and other systems against the loss, destruction, access, modification or dissemination of your data by unauthorised parties. Despite regular monitoring it is not possible to eliminate all risks completely, however.
Our website uses the industry standard SSL/TLS (Secure Sockets Layer) for encryption purposes. This ensures that your personal data are kept confidential when you send them via the internet. You can see that the connection is encrypted by the key or padlock symbol in URL line of your browser. You are advised that sending data via the internet (e.g. in email communication) may have security vulnerabilities. It is not technically possible to protect data comprehensively from third-party access.
Your personal data are only forwarded to third parties
- if you have given your explicit consent pursuant to Art. 6 (1) a) GDPR;
- if necessary to meet contractual obligations pursuant to Art. 6 (1) b) GDPR;
- if we are obliged by law to forward the data pursuant to Art. 6 (1) c) GDPR;
- if forwarding the data is in the public interest pursuant to Art. 6 (1) e) GDPR or;
- if forwarding the data is to protect our legitimate interests pursuant to Art. 6 (1) f) GDPR or those of a third party, unless you have an overriding interest in the protection of your data.
Processor
We use IT service providers, which work exclusively on our behalf and on our instructions (processors), to provide our services, e.g. by hosting this website or operating our IT. They have been carefully selected and appointed, follow our instructions and are regularly monitored.
Third-party recipients
In order to process your request satisfactorily we may have to forward your personal data to a third-party recipient. This third-party recipient is L. Possehl & Co. mbH, Beckergrube 38-52. Other third-party recipients can be found in our funding application form.
We store your data for as long as they are needed for the respective purpose of the processing. Otherwise we only store your data to the extent that we are obliged by law to do so, e.g. by statutory storage obligations.
In accordance with Art. 21 GDPR you may object at any time to the processing of your personal data on the basis of Art. 6 (1) e) (data processing in the public interest) or f) GDPR (data processing on the basis of an overriding legitimate interest). If you object, your personal data will no longer be processed, unless we demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or the processing is for the establishment, exercise or defence of legal claims. Please address your objection to the authority mentioned under
If you have consented to the processing of your personal data, you can withdraw this consent at any time. Of course this also applies to any consent given before 25 May 2018 (the effective date of the GDPR). Withdrawal of consent is only effective for the future. Withdrawing your consent does not retroactively affect the lawfulness of processing. Please address your withdrawal of consent to the authority mentioned under
This data protection policy is dated 01/01/2022. It is the current and valid version of our data protection policy. However, you are advised that this data protection policy may have to be revised from time to time due to statutory or other changes.
The address of our supervisory authority is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel
Email: mail@datenschutzzentrum.de
Telephone: +49 (0)431 988 1200
Fax: +49 (0)431 988 1223
Website: www.datenschutzzentrum.de
If you have any questions about data protection you may contact our data protection officer at:
Vater Solution GmbH
Boschstraße 5
24118 Kiel
or by email at stiftung.datenschutz(at)possehl.de.
Possehl Foundation Lübeck
Beckergrube 38 – 52
D-23552 Lübeck
E-Mail: possehl-stiftung(at)possehl.de
Tel.: +49 (0)451 148-200
More about the Foundation
Here you can find our annual reports, Emil Possehl’s will, our art catalogues and publications to mark the 100th jubilee of the foundation.
Our articles of association
The Foundation only supports non-profit and charitable causes and “promotes all that is good and beautiful in Lübeck”.