Data protection
Privacy policy
1. introduction
The protection of your personal data has the highest priority. This privacy policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") in connection with the online offering. This includes the associated website, functions and content as well as the external online presences, such as the social media profiles (hereinafter referred to collectively as the "online offering"). Your personal data is treated confidentially and strictly complies with the statutory data protection regulations and the provisions of this privacy policy.
General information
This privacy policy gives you a comprehensive overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. For detailed information on data protection, please refer to this complete privacy policy.
Responsible body
Data processing on this website is carried out by the website operator. The contact details of the controller can be found in the "Controller" section of this privacy policy.
Collection of your data
On the one hand, personal data is collected when you actively provide it, e.g. by filling out a contact form. Other data is collected automatically or with your consent by the controller's IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter the website.
Use of your data
Some of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior in order to optimize the offer and adapt it to your needs.
Data transmission to external bodies
As part of the controller's business activities, it may be necessary to transfer personal data to external bodies. This transfer takes place exclusively under certain conditions: if the transfer is necessary to fulfill a contract, if there is a legal obligation, for example to tax authorities, if there is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, or if another legal basis permits the transfer of data. When using external service providers for data processing, the transfer of personal data takes place exclusively on the basis of a valid contract for order processing in accordance with Art. 28 GDPR. If data is processed jointly with other bodies, a joint processing agreement is concluded in accordance with Art. 26 GDPR.
Revocation of consent to data processing
Certain data processing can only take place with your express consent. This consent can be revoked at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Right to object to specific data processing and advertising measures (Art. 21 GDPR)
If your personal data is processed on the basis of Art. 6 para. 1 lit. E or F GDPR, you have the right to object to this processing at any time, provided that you have reasons arising from your particular situation. This also applies to profiling based on these provisions. The specific legal basis for data processing can be found in this privacy policy. If you object, the controller will no longer process your personal data unless compelling legitimate grounds can be demonstrated which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data is used for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling insofar as it is associated with direct advertising. After your objection, the controller will no longer use your personal data for these advertising purposes (objection pursuant to Art. 21 (2) GDPR).
Rights under the General Data Protection Regulation
You have the right to lodge a complaint with a competent supervisory authority in the event of violations of the GDPR. This right can be exercised in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Other administrative or judicial remedies remain unaffected by this.
Personal data that is processed automatically on the basis of consent or to fulfill a contract can be requested in a structured, commonly used and machine-readable format. Upon request, this data can also be transmitted directly to another controller, provided this is technically feasible.
Every data subject has the right to receive information free of charge about their stored personal data, its origin, recipients and the purpose of the data processing. In addition, there is a right to rectification or erasure of this data, insofar as this is permitted by law. If you have any further questions or concerns about personal data, you can contact the controller at any time.
You have the right to request the restriction of the processing of personal data if the accuracy of the data is disputed and verification is pending. Restriction of data processing can also be requested instead of erasure in the event of unlawful processing. Furthermore, restriction may be requested if the data is no longer required but is necessary for the establishment, exercise or defense of legal claims. In the event of an objection to the processing pursuant to Art. 21 para. 1 GDPR, until it has been clarified whose interests prevail, the right to restriction also exists.
If the processing of personal data is restricted, such data may, apart from being stored, only be processed with the consent of the data subject or for the establishment, exercise or defense of legal claims, for the protection of the rights of other natural or legal persons or for reasons of important public interest of the EU or of a Member State.
2. responsible person
The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is the German Ocean Foundation.
Represented by: Mr. Frank Schweikert
Address: Grimm 12, 20457 Hamburg
Website: https://www.meeresstiftung.de
E-mail: office@meerestiftung.de
Phone: 040 2285 89010
3. processors
We work with various processors who process data on our behalf. These service providers are contractually obliged to treat the data confidentially and to use it exclusively within the scope of the respective service. There are also cases in which responsibility for data processing is shared with other bodies. In such cases, responsibilities are transparently regulated and documented in order to ensure compliance with data protection requirements.
4. definitions
In order to ensure the transparency of this privacy policy and to make it understandable for everyone, this policy primarily uses terms that are also defined in the General Data Protection Regulation (GDPR). The complete legal definitions can be found in Art. 4 GDPR. The most important terms in connection with this privacy policy are explained below:
Personal data: This includes all information relating to an identified or identifiable natural person (hereinafter "data subject"). A person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Processing: This term includes any operation or set of operations which is performed on personal data, whether or not by automated means. This may include the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
Controller: This is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Website: The website refers to the entire Internet offering provided by the controller under a specific URL. This includes all content, information, functions and services published by the controller that are made available to the user via this URL. The website serves as a digital platform for the provision of information, services and interaction between the controller and users.
End device: An end device is an electronic device that is able to access the internet and load websites. This includes computers, laptops, tablets and smartphones. These definitions help to better understand the privacy policy and the meaning of the terms used.
5. legal basis of data processing
Your personal data is processed on the basis of the General Data Protection Regulation (GDPR) and other relevant statutory provisions. Different legal bases apply depending on the purpose of the data processing.
If you have consented to the processing of your personal data, this is done on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This applies in particular to the processing of special categories of personal data pursuant to Art. 9 para. 2 lit. a GDPR and to the transfer of personal data to third countries pursuant to Art. 49 para. 1 lit. a GDPR.
Your consent can be revoked at any time.
The processing of your data may be necessary to fulfill a contract or to carry out pre-contractual measures and in this case takes place on the basis of Art. 6 para. 1 lit. b GDPR.
In addition, processing may be necessary to comply with legal obligations, which is then done in accordance with Art. 6 para. 1 lit. c GDPR.
In certain cases, processing is carried out to safeguard the legitimate interests of the controller or a third party, unless your interests or fundamental rights and freedoms prevail. This processing is based on Art. 6 para. 1 lit. f GDPR.
For certain processing operations, national regulations may also apply, such as Section 25 TTDSG when storing cookies or accessing information on your end device. The applicable legal bases are explained in detail in the specific sections of this privacy policy.
If your data is required to fulfill a contract or to carry out pre-contractual measures, your data will be processed on the basis of Art. 6 para. 1 lit. b GDPR.
For the fulfillment of a legal obligation, data processing is based on Art. 6 para. 1 lit. c GDPR. In addition, data processing may be carried out on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. The specific legal bases in individual cases are explained in the following sections of this privacy policy.
6. data transfer to unsafe third countries and non-DPF-certified US companies
If tools are used on this website from companies based in third countries that are unsafe under data protection law, or if US tools are used whose providers are not certified under the EU-US Data Privacy Framework (DPF), your personal data may be transferred to these countries and processed there. Please note that a level of data protection equivalent to that in the EU cannot be guaranteed in third countries that are unsafe under data protection law. For the USA as an insecure third country, no level of data protection comparable to that of the EU is guaranteed. Data transfer to the USA is therefore only permitted if the recipient is either certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees.
Detailed information on possible transfers to third countries, including the data recipients, can be found in this privacy policy.
7. storage period
Unless a more specific storage period has been specified in this privacy policy, personal data will remain with the controller until the purpose for processing the data no longer applies. If a justified request for deletion is asserted or consent to data processing is revoked, the data concerned will be deleted, provided that there are no other legally permissible reasons for storing the personal data (e.g. retention periods under tax or commercial law). In these cases, the data will be deleted once these reasons no longer apply.
The controller only stores personal data for as long as is necessary to fulfill the respective purposes for which the data was collected. This includes, in particular, the fulfillment of contractual obligations, compliance with statutory retention periods and the protection of legitimate interests of the controller, such as IT security and protection against misuse. If the processing of personal data is based on consent, the data will be stored until the data subject withdraws this consent. Such revocation is possible at any time with effect for the future. The data will then be deleted immediately, unless there are statutory retention obligations or other overriding legal reasons that make further storage necessary.
In summary, personal data will be deleted after the purpose has been fulfilled or the legal basis for storage no longer applies, unless there are still legal obligations or legitimate interests that justify further storage.
8. security measures and data minimization
Comprehensive technical and organizational measures are taken to effectively protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access. Care is taken to ensure that only the data absolutely necessary for the respective purpose is collected and processed. This strategy of data minimization helps to significantly reduce the risk of misuse and unauthorized access. The security measures are continuously adapted to the state of the art in order to guarantee a high level of protection for your data at all times.
9. SSL/TLS encryption
To protect the security of your data during transmission, state-of-the-art encryption methods (e.g. SSL or TLS) are used via HTTPS. SSL (Secure Socket Layer) and TLS (Transport Layer Security) are protocols for encrypting data transmissions on the internet. This ensures that the data exchanged between your browser and the server is protected against unauthorized access. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
10. cookies
This website uses cookies. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit the site. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.
Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that the data controller gains direct knowledge of your identity.
On the one hand, the use of cookies serves to make the use of the website more pleasant for you. For example, the controller uses so-called session cookies to recognize that you have already visited individual pages of the website. These are automatically deleted after you leave the site.
In addition, the controller also uses temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit the site again to use the services, it is automatically recognized that you have already been there and which entries and settings you have made so that you do not have to enter them again.
On the other hand, the controller uses cookies to statistically record the use of the website and to evaluate it for the purpose of optimizing the offer for you. These cookies enable the controller to automatically recognize that you have already visited the site when you return. These cookies are automatically deleted after a defined period of time.
The data processed by cookies is required for the purposes mentioned to safeguard the legitimate interests of the controller and third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of the website.
11. cookie consent banner
This website uses a cookie consent banner to manage your consent to the use of cookies. The provider of this service is: Squarespace
Functionality and purpose
The cookie consent banner sets a technically necessary cookie to store your cookie consent. This cookie does not process any personal data. It only stores the settings you selected when you entered the website, including:
a) Consent or refusal of certain cookies
b) Time of consent
c) Duration of storage of the settings
d) Legal basis for data processing
Data processing by the cookie consent banner is carried out in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest of the controller is to ensure lawful consent to the use of cookies. If consent has been requested, the processing is based on Art. 6 para. 1 lit. a GDPR.
Storage period and deletion
The stored data will remain stored until you delete the cookies in your browser yourself or revoke your consent. You can change your settings at any time in the cookie settings of this website.
12. use of the contact form
If you have any questions, you can contact the person responsible using the form provided on this website.
Data processing for the purpose of contacting the controller is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of voluntarily given consent.
The personal data collected for the use of the contact form is regularly deleted after the request has been dealt with.
13. inquiries by e-mail or telephone
It is possible to send inquiries to the controller by email or telephone. The personal data transmitted (e.g. name, e-mail address, telephone number and the inquiry itself) will be processed and stored by the controller solely for the purpose of processing the inquiry and any follow-up questions.
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures. If the processing is not related to a contract, it is carried out on the basis of Art. 6 para. 1 lit. f GDPR, as the controller has a legitimate interest in processing and responding to the inquiries.
14. newsletter
If you would like to receive the newsletter offered on the website, the person responsible requires a valid e-mail address from you as well as information that allows verification that you are the owner of the e-mail address provided and that you agree to receive the newsletter (double opt-in procedure). No further data is collected.
This data is used exclusively for sending the requested information and is not passed on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter or by sending a corresponding message to the person responsible. The legality of the data processing that has already taken place remains unaffected by the revocation.
The data provided by you for the purpose of subscribing to the newsletter will be stored until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by the controller for other purposes (e.g. email addresses for the member area) remain unaffected by this, and the newsletter is sent via the provider:
Cobra CRM Software
In addition, technical and organizational security measures are used to protect your personal data against manipulation, loss, destruction or access by unauthorized persons. These security measures are continuously improved in line with technological developments.
15. social media plugins
This section informs you about the integration and use of social media on this website. This includes details on data processing and your rights in connection with the use of social media plugins and their functions.
Functions of the Instagram service, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are integrated on this website. The Instagram plugins allow you to share and distribute content from this website on your Instagram profile. You can recognize these plugins by the Instagram logo that is integrated on this website.
When you visit a page on this website that contains an Instagram plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the website. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of this website, even if you do not have an Instagram account or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can directly associate your visit to this website with your Instagram account. If you interact with the plugins, for example by clicking the "Like" button or leaving a comment, the corresponding information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram profile and displayed to your Instagram followers.
The use of Instagram plugins is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, as consent is required for the use of cookies and other tracking technologies. Consent can be revoked at any time with effect for the future. To prevent Instagram from assigning the data collected via this website to your Instagram account, you must log out of Instagram before visiting this website.
The transfer of personal data to the USA takes place on the basis of the standard contractual clauses of the EU Commission. Further information on this can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum.
Meta Platforms Ireland Limited is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the US. Any company certified under the DPF is committed to complying with these strict data protection standards. Further information on the EU-US DPF can be found at: https://www.dataprivacyframework.gov/.
Further information on data processing and data use by Instagram as well as your rights in this regard and setting options to protect your privacy can be found in Instagram's privacy policy at: https://help.instagram.com/155833707900388.
16. google fonts
Google Fonts are used on this website. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service enables the use of fonts provided by Google to improve the visual design of this website.
To ensure the protection of your data, Google Fonts are hosted locally on our own server. This means that no connection to Google's servers is established and your IP address is not transmitted to Google. Your data remains entirely on the server of the controller and is not passed on to third parties.
17. external videos
This website integrates external videos in order to offer you multimedia content and an interactive user experience. These integrations are carried out by third-party providers who may process personal data if you use their services.
Your data is processed on the basis of Art. 6 para. 1 lit. b GDPR for the fulfillment of the contract, in particular for the provision of the videos and the associated services, as well as in the legitimate interest in a smooth, convenient and secure user experience in accordance with Art. 6 para. 1 lit. f GDPR. Insofar as your consent is required for certain actions, data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future.
YouTube
YouTube is used to embed videos on this website. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page with YouTube videos, a connection to the YouTube servers is established. Information about your use of this website, including your IP address, is transmitted to YouTube and stored there.
Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the USA. Further information on the EU-US DPF can be found at: https://www.dataprivacyframework.gov.
Further information on the processing of your personal data by YouTube can be found in the YouTube privacy policy: https://policies.google.com/privacy.
18. application data collection
This website uses an application form to facilitate applications for vacancies. The form is used to collect relevant information from applicants and to make the application process efficient.
The following personal data is collected and processed as part of the application form: Personal contact data such as name, address, e-mail address and telephone number, application documents such as CV and cover letter, supporting documents and qualifications such as references and certificates as well as other voluntary information.
The data collected will be used exclusively for the purpose of processing the application and for contacting you as part of the application process. The data will only be passed on to third parties if this is necessary to carry out the application process or if the applicant has expressly consented to this.
Application documents are stored until the application process has been completed and for a maximum period of six months thereafter, unless a longer storage period has been expressly agreed. The data will then be deleted, unless statutory retention periods prevent this.
Applicants have the right to obtain information about the personal data processed by the controller at any time, as well as the right to rectification, erasure or restriction of processing of the data. They also have the right to data portability and the right to lodge a complaint with a data protection supervisory authority.
The data is processed on the basis of Art. 6 para. 1 lit. b GDPR to carry out pre-contractual measures, in particular to process the application and to carry out the application procedure, as well as in the legitimate interest in a smooth and efficient application process in accordance with Art. 6 para. 1 lit. f GDPR. Insofar as the consent of the applicant is required for certain actions, data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future.