We take the security of your data seriously
1.1 Personal data (GDPR, Article 4(1))
Data protection refers to the protection of personal data (hereinafter also referred to as data), which in turn means any information relating to an identified or identifiable natural person. This includes, for example, data such as the person’s name, address, occupation, email address, marital status, telephone number and, if applicable, any Internet user data, such as an IP address.
1.2 Controller (GDPR, Article 4(7))
The controller – i. e. the body responsible for the processing of your personal data within the context of your use of the www.bifonds.de website (hereinafter referred to as the website) – is the Boehringer Ingelheim Fonds, (hereinafter referred to as the BIF, the website operator, or the controller). The controller’s contact details are:
Boehringer Ingelheim Fonds, Stiftung für medizinische Grundlagenforschung
Represented by the Executive Committee: Prof. Dr Dr Thomas Braun (Deputy Chairman), Dr Dr Michel Pairet, Prof. Dr Jan-Michael Peters (Chairman)
Phone: +49 (0) 6131 / 27 50 8-0
1.3 Contact address for inquiries concerning data protection
1.4 The opportunity to object
If, in accordance with this data protection declaration, you wish to deny the BIF permission to process your data entirely or for particular purposes, you can do so by sending an email to email@example.com. Please note that objecting to such data processing may limit or entirely prevent your use of the website and your ability to access the services offered on it.
2. Scope and purposes of data processing, legal basis, provision of data, and duration of storage
2.1 Access and use of the website
Each time the website and its sub-pages are accessed, usage data is transmitted to the BIF via the user’s respective Internet browser and stored in the BIF server’s log files. The stored data sets include the following information:
- Date and time of access
- Name of the accessed sub-page
- IP address
- Referrer URL (the URL from which you came to the website)
- Amount of data transferred
- The user’s browser product and version thereof
The admissibility of such data processing is governed by Article 6(1)(b) of the GDPR, which states that data processing is lawful if it is “necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.” The data processed by the website operator are required to enable the data subject to access and use the website. This concerns data whose processing is necessary to the use of a given telecommunications medium. In the present case, the data subject would otherwise be unable to access the website.
The log files are evaluated by the BIF in an anonymous state in order to further improve the website and make it more user-friendly, find and correct errors more quickly, and manage server capacities. Performing these evaluations enables the BIF, for example, to identify the time periods in which users particularly favour using the website, and thus provide adequate data transfer resources.
The admissibility of such processing is governed by Article 6(1)(f) of the GDPR, according to which such processing is lawful if it is necessary to safeguard the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Making available a website that contains information, providing services to customers, and optimising website operation are legitimate interests of the website operator.
After the data subject has ceased using the website, his/her IP address is either deleted or rendered anonymous. Anonymizing an IP address consists of altering it in such a manner that, barring a disproportionately large amount of time, expense, and manpower, it can no longer be attributed to a specific or identifiable natural person.
2.2 Email at the click of a button
At some locations on the website, you are offered the opportunity to open and send an email addressed to the BIF simply by clicking on a “mailto” link. In doing so, the email address associated with your email programme is automatically employed as the sender’s email address. If you do not wish your email address to be accessed in this way, you can change your email programme’s settings to prevent such access.
The admissibility of such data processing is governed by Article 6(1)(b) of the GDPR, which states that data processing is lawful if it is “necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.” In order, however, to contact the website operator by email, it is necessary to provide the website with this personal data.
Once statutory data storage obligations have expired, the processed personal data are deleted by the controller, unless it has a legitimate interest in continuing to store the data. In any event, only those data that are genuinely required to fulfil the purpose in question will continue to be stored. To the extent that it is possible, the personal data will be rendered anonymous.
This website does not employ cookies.
2.4 “Klatschmail” mailing list
On its website, the BIF offers the opportunity to be added to an internal mailing list to receive its “Klatschmail”. To do so, you must send an email to the BIF by clicking on the “mailto” link provided, which creates an email within your email program that is automatically addressed to the BIF email address stored in the link.
The admissibility of such processing is governed by Article 6 (1)(a) of the GDPR, according to which such processing is lawful if “the data subject has given consent to the processing of his or her personal data for one or more specific purposes.” Providing the BIF with your email address is voluntary yet necessary if you wish to subscribe to its mailing list and receive emails sent to those persons on it.
If you should revoke your consent to the storage of your data, it will be deleted by the controller, unless it has a legitimate interest in continuing to store it. This may be the case if the website operator must continue to store your data due to a contractual agreement that it has with you. In any event, only those data that are genuinely required to fulfil the purpose in question will continue to be stored.
The BIF uses this information to evaluate the use of its website and to continuously improve the user experience based on these evaluations.
Such data processing activity is pursuant to Art. 6(1)(f) of the GDPR, whereby processing of such data is lawful if it is necessary for the purposes of legitimate interests pursued by the website controller. The legitimate interests of the BIF here lie in further developing and optimising its website by evaluating the information collected by Matomo, and in improving the user experience based on this information.
It is necessary to provide your personal data to access and use the website.
The personal data collected by Matomo while you use the website is immediately made anonymous and stored for an unlimited period of time. In any event, only those data that are absolutely necessary for fulfilling the aforementioned purposes will remain stored.
3. Data subject’s rights to access, to rectification, to erasure, to restriction of processing, to object, and to data portability
3.1 Right to access (GDPR, Article 15)
Upon request, the BIF will inform you whether it is processing any data concerning you. The BIF endeavours to process requests for information promptly.
3.2 Right to rectification (GDPR, Article 16)
You have the right to demand the BIF to correct any inaccurate personal data concerning you without undue delay.
3.3 Right to erasure (GDPR, Article 17)
You have the right to demand the website operator to delete personal data concerning you without undue delay. Further, the operator is obliged to delete personal data without undue delay, provided that one of the reasons stated in Article 17(1)(a-f) of the GDPR applies.
3.4 Right to restriction of processing (GDPR, Article 18)
You have the right to demand the website operator to restrict its processing of your data, when one of the conditions stated in Article 18(1)(a-d) of the GDPR exists.
3.5 Right to object (GDPR, Article 21)
You have the right to object at any time, on grounds relating to your particular circumstances, to any processing of personal data concerning you for any of the purposes stated in points (e) or (f) of Article 6(1) of the GDPR. The website operator will then cease to process the data in question, unless it can demonstrate compelling and defensible grounds for continuing to process the data that override your interests, rights, and freedoms, or unless continuing to process the data serves the purpose of asserting or exercising legal claims, or defending against them.
You also have the right to object, on grounds relating to your particular circumstances, to any processing of personal data concerning you for historical, scientific, or statistical purposes, performed pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
To notify us of your objection, please use the email address firstname.lastname@example.org.
3.6 Right to data portability (GDPR, Article 20)
You have the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to the BIF. You also have the right to “transmit those data to another controller without hindrance from the controller to which the personal data have been provided” (i. e. the BIF), provided that the processing is based on consent pursuant to Article 6(1)(a) or Article 9 (2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means.
4. Withdrawal of consent
If you have given the BIF your consent to process your personal data and subsequently withdraw this consent, the lawfulness of any processing of data that has already been performed prior to your withdrawal of consent shall not be affected.
5. Right to lodge a complaint
You have the right to lodge a complaint with the respective supervisory authority.
6. Recipients of personal data
Any data that is gathered in the course of your accessing and using the website, as well as any information you provide when contacting the BIF, is transmitted to the BIF server and stored there. In addition, your data may be supplied to the following categories of recipients:
- Persons at the controller who are involved in the processing of data (e. g. administrative staff, members of the Executive Committee)
- E.g. external peer reviewers, members of the Board of Trustees
- Contractors (e. g. IT service providers, software support staff)
- Contractual partners of the website operator (e. g. hosting service provider)
7. Links to third-party websites
When visiting the BIF website, content may be displayed that is linked to the websites of third parties. The BIF has no access to the cookies or other functions employed by third parties on their websites, nor can the BIF control these. Such third parties are not subject to the data protection provisions of the website operator.
1 January 2022
go to top