The foundation “Deutsche Stiftung Denkmalschutz” (“German Foundation for Monument Protection”) takes the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes set out in the following. Personal data within the meaning of this data protection information denotes any and all information that contains a reference to your person.
In the following, you will learn how we handle these data. For ease of reading, we have divided our data protection information into chapters.
The data controller and data protection officer bearing responsibility for data processing is
Deutsche Stiftung Denkmalschutz
53113 Bonn, Germany
Tel. +49 (0) 228 9091 0
Fax. +49 (0) 228 9091 109
Should you have any questions or comments about data protection (for example, with regard to accessing and updating your personal data), you can also contact our data protection officer.
88094 Oberteuringen, Germany
Tel. + 49 (0) 7542 94921 00
We process personal data that we have collected directly from you.
To the extent that this is necessary for the provision of further services, we process personal data lawfully received from other companies or third parties (e.g. credit agencies, address registers). In addition, we process personal data that we have lawfully taken, received or acquired from publicly accessible sources (the press, the Internet and other media sources) and which we are allowed to process. Relevant categories of personal data may include, in particular:
We process personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act as amended (“BDSG-neu”) and other applicable data protection regulations (for details, please see below). Precisely which data are processed in detail and how they are used depends largely on the services applied for or agreed in each instance. Further details of, or supplements to, the purposes of data processing can be found in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of use of our website or our Terms and Conditions).
Purposes for the fulfilment of a contract or pre-contractual measures (Art. 6  [b] GDPR)
Personal data are processed for the purpose of processing your donations and the execution of your orders and to carry out measures and activities in the context of a pre-contractual relationship, e.g. with interested parties. These essentially include: donation-related communication with you, the corresponding billing and associated payment transactions, the verifiability of orders and other agreements, as well as quality control measures in the form of corresponding documentation, goodwill procedures, measures for the control and optimisation of business processes and for the fulfilment of general due diligence obligations, management and control by affiliated companies; statistical evaluations for corporate management purposes, cost recording and controlling, reporting, internal and external communication, crisis management, billing and the tax-related evaluation of operational services, risk management, the assertion of legal claims and defence in the event of legal disputes; measures to safeguard IT security (including system or plausibility tests) and general security, ensuring and exercising building access rights (e.g. through access controls); guaranteeing the integrity, authenticity and availability of data, the prevention and investigation of criminal offences, and control by supervisory or control bodies (e.g. audits).
Purposes within the scope of our legitimate interest or that of third parties (Art. 6  [f] GDPR)
Beyond the actual performance of the contract or preliminary contractual measures, we may process your data if to do is necessary to protect our legitimate interests or those of third parties, in particular, for the purposes of
Purposes in the context of your consent (Art. 6 [1a] GDPR)
Subject to your consent, your personal data may also be processed for specific purposes (e.g. use of your email address for marketing purposes). As a rule, you may revoke this consent at any time. This applies also to the revocation of declarations of consent given to us prior to the entry into force of the General Data Protection Regulation (GDPR), i.e. prior to 25 May 2018. You will be informed separately in the relevant text explaining consent of the purposes and consequences of revoking or not granting your consent. As a general rule, revocation of consent is only effective for the future. Any processing that takes place before revocation will not affected by it and will remain lawful.
Purposes for the fulfilment of statutory requirements (Art. 6  [c] GDPR) or in the public interest (Art. 6  [e] GDPR)
Just like any entity involved in business, we are subject to a wide range of statutory obligations. These primarily concern statutory requirements (e.g. commercial and tax laws) but may also relate to regulatory or other official requirements. The purposes of processing may include the fulfilment of control and reporting obligations under tax law, the archiving of data for data protection and data security purposes and for the purposes of audits by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/court proceedings for the purpose of collecting evidence, criminal prosecution or the enforcement of civil claims.
The scope of your obligations to furnish us with data
You are obliged to provide only those data that are necessary for the establishment and execution of a business relationship, for a pre-contractual relationship with us, or which we are otherwise legally obliged to collect. Without these data, we will generally not be able to conclude or execute the contract. The same may also be true of data required later in the course of the business relationship. If we should request additional data from you, you will be notified separately that the provision of that information is voluntary.
In the context of a business relationship, you must provide the personal data which are deemed necessary for the establishment, execution and termination of the legal transaction and for the fulfilment of the associated contractual obligations or which we are otherwise legally obliged to collect. Without these data, we will not be able to carry out the legal transaction with you.
Within our foundation, the internal departments or organisational units which receive your data are those which require them to fulfil our contractual and legal obligations or in the context of the processing and upholding of our legitimate interests.
Your data will only be passed on to external entities
We will not pass on your data to third parties for any other reasons. If we commission service providers to process your data, they will be obliged to apply the same security standards to your data as we do ourselves. In other instances, the recipients may use the data only for the purposes for which they were transferred to them.
We will process and store your data for the duration of our relationship with you as a donor. This also includes the initiation (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to a range of storage and documentation obligations which stem from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods specified therein for storage and documentation respectively run to the end of the calendar year up to ten years after the end of the business relationship or the pre-contractual legal relationship respectively.
Furthermore, special statutory regulations, such as those governing the preservation of evidence within the scope of statutory limitation provisions, may require a longer retention period. According to Section 195 et seq. of the German Civil Code (BGB), the typical limitation period is three years; however, limitation periods of up to 30 years may also be applicable.
Should the data no longer be required for the fulfilment of contractual or legal obligations and rights, they will be regularly deleted, unless their temporary further processing is required for the fulfilment of those purposes underpinning an overriding legitimate interest. Such an overriding legitimate interest will also exist, for example, if deletion is not possible or is possible only with disproportionate effort due to the special nature of the data storage and if the possibility of processing for other purposes is excluded by appropriate technical and organisational measures.
Under certain circumstances, you may assert your data protection rights against us.
Your applications to exercise your rights should, where possible, be addressed in writing or by email to the address stated above or directly in writing or by email to our data protection officer.
Special reference to your right of objection pursuant to Art. 21 GDPR:
You have the right to object at any time to the processing of your data on the basis of Art. 6 (1) (f) GDPR (data processing on the basis of a balancing of interests) or Art. 6 (1) (e) GDPR (data processing in the public interest) if there are grounds arising from your particular situation that support such action.
This applies also to profiling based on this provision within the meaning of Art. 4 (4) GDPR. Should you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons to do so which override your interests, rights and freedoms or if the processing serves the purposes of asserting, exercising or defending legal claims.
We may also process your personal data for direct marketing purposes. Should you not wish to receive advertising, you have the right to object to this at any time; this applies also to profiling to the extent that it is associated with such direct advertising. We will comply with this objection with effect for the future. We will no longer process your data for direct marketing purposes if you object to their processing for such purposes.
An objection can be submitted in any form of your choice and should if possible be addressed to
Deutsche Stiftung Denkmalschutz, Schlegelstrasse 1, 53113 Bonn, Germany, tel. +49 (0) 228 9091-0, firstname.lastname@example.org
You also have the option of contacting the abovementioned data protection officer or a data protection supervisory authority to lodge a complaint.
The competent data protection supervisory authority in our case is:
The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
Telefon: +49 (0)211 38424-0
Fax: +49 (0)211 38424-10