Data protection

§ 1 Information about the collection of personal data

(1) In the following, we inform you about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular from the EU General Data Protection Regulation (GDPR). 

(2) Responsible party according to Art. 4 para. 7 DS-GVO 

Wirth Foundation
Board of Directors: 

Mr. Martin Wirth
Mrs. Martina Wirth
Street: Brunnengasse 20
Postcode/Place: 95213 Münchberg, Germany
Phone: +49 9251 30692-10


(3) If you contact us via contact form, e-mail, telephone or fax, your request including all resulting personal data (name, e-mail address, telephone number and request) will be stored and processed for the purpose of processing your request or us. We do not pass on this data without your consent. 

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) f DSGVO) or on your consent (Art. 6 (1) a DSGVO) if this was requested; the consent can be revoked at any time. The data sent will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory statutory provisions, in particular statutory retention periods, remain unaffected. 

(4) If we use contracted service providers for individual functions of our offer, we will always select these service providers carefully. The service provider is bound by our instructions and is regularly monitored. 

(5) Furthermore, we may pass on your personal data to third parties if contract conclusions or similar services are offered by us together with partners. Depending on the service, your data may also be collected by the partners on their own responsibility. You will receive more detailed information when you provide your data or in the description of the respective offers. 

(6) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.


§ 2 Your rights


You have the following rights vis-à-vis a responsible party with regard to personal data concerning you:

The right of access to your personal data processed by us, Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

the right to have inaccurate personal data stored by us corrected or to have it completed, Art. 16 DSGVO;

the right to erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims, Art. 17 DSGVO;

the right to restrict the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;

the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, Art. 20 DSGVO;

the right to revoke your consent once given to us at any time, Art. 7(3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future and



Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, Art. 77 GDPR, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.


§ 3 Processing of personal data when visiting our website. 

When using the website for information purposes, i.e. merely viewing it without registering and without you otherwise providing us with information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 para. 1, p. 1 lit. f DS-GVO:

IP address 
Date and time of the request 
Time zone difference to Greenwich Mean Time (GMT) 
Content of the request (page visited) 
Access status/HTTP status code 
amount of data transferred in each case 
previously visited page 
operating system 
Language and version of the browser software.



§ 4 Objection or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of the processing of your personal data after you have expressed it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.


(2) Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the fulfillment of a contract with you, which is presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we have carried out. In the event of your objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.


(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. The best way to exercise your advertising objection is to contact us using the contact details provided above.



§ 5 Duration of storage

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

browser type and browser version
Operating system used
referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources. The processing is based on Art. 6 (1) lit. f DSGVO to ensure the security of the system. The log files are deleted after 7 days.

The mail logs for sending emails from the web environment are anonymized after one day and then retained for 60 days. During anonymization, all data about the sender/recipient etc. is removed. Only the data on the time of sending and the information on how the e-mail was processed are retained (queue ID or not sent).

Mail logs for sending via our mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of the mail services and spam prevention. It is not possible to specify the retention period individually.



§ 6 Processing of data from your end devices ("Cookie Policy")

(1) In addition to the above-mentioned data, we use technical tools for various functions when you use our website, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether to generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Content Manager. In the following, we first describe cookies from a technical point of view (2), before going into more detail about your individual choices by describing technically necessary cookies (3) and cookies that you can voluntarily select or deselect (4).


(2) Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis we will explain below: 

- Transient cookies: such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. In this way, various requests from your browser can be assigned to the joint session and your computer can be recognized when you return to our website. 

- Persistent cookies: such cookies are deleted automatically after a specified duration, which varies depending on the cookie. You can view the cookies set and the durations at any time in your browser settings and delete the cookies manually.


(3) Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use techniques, in particular cookies. Without these techniques, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Content Manager. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f DS-GVO. 


§ 7 Social -Media


Plug-ins from social media may be used on this website (e.g. Xing, LinkedIn). 
You can usually recognize the plug-ins by the respective social media logos. Data protection on this website is to be ensured by only using these plug-ins in conjunction with the so-called "Shariff" solution. This "Shariff" solution prevents plug-in data integrated on this website from being transmitted to the respective provider when you first enter the page. 
Only when you activate the respective plug-in by clicking the associated button, a direct connection to the provider's server is established (consent). Activating the plug-in constitutes consent within the meaning of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TDDDG. You can revoke this consent at any time with effect for the future. 
If the plug-in is activated, the provider receives the information that you have visited this website with your IP address. If you have also logged into your social media account (Xing, LinkedIn), the respective provider can only assign the visit to this website to their user account. 


§ 8 Participants in projects/events of the Wirth Foundation

(1) We process your data for the purpose of carrying out the project and the event as well as for documenting the project and the event by means of image and sound recordings and the use of the resulting recordings for the purpose of press and public relations work. A further purpose lies in the passing on of the participant data to the cooperation partners named in each case within the framework of the individual project and the event for the purposes stated in each case. There are no plans to change these purposes.

(ii) The data processed is participant data, which may vary from project to project/event to event. As a rule, however, it is the names and contact details of the participants and, in some cases, photographs of the participants or individual project results. Further details will always be provided in the context of the specific project or event.

(iii) The legal basis for processing data of participants in projects and events is Article 6 (1) (b) DS-GVO (contract for the implementation of the event) and Article 6 (1) (c) DS-GVO (legal obligations, in particular tax and commercial law regulations). The legal basis for the production of image and sound recordings is your consent in accordance with Article 6 (1) a) DS-GVO and Article 6 (1) f) DS-GVO (legitimate interest in the documentation of the events we have held or the project and our legitimate interest in the presentation of the Wirth Foundation through press and public relations work). Consent is voluntary; participation in the event is also possible without granting consent for photographs. As far as participants in projects and events are concerned who are under 16 years of age, the consent is given by the bearer of parental responsibility or the child's consent is given with the consent of the bearer of parental responsibility (Art. 8 para. 1 sentence 2 DS-GVO). The legal basis for the transfer of participant data to the cooperation partners named in each case in the context of the individual project and event is Article 6 (1) lit. f) DS-GVO (legitimate interest in the implementation of the project or event).

(iv) Recipients of the image and sound recordings made may be anyone for the purpose of press and public relations work, in particular journalists, media companies, press and photo agencies, members, employees, visitors to the website, users of social media, furthermore service providers within the scope of order processing, in particular commissioned web hosting companies, IT and media service providers. Recipients of participant data are the cooperation partners named in each case as part of the individual project and event. Unless otherwise stated in the context of the respective project or event, the respective cooperation partners are independent data processors in their own right. Further details on the data processing of the cooperation partners can be found in each case in the data protection declarations of the cooperation partners, which are stated in the context of the respective project and event.

(v) The publication of image and sound recordings on the Internet involves posting on the website of the Wirth Foundation. When posting on social media platforms of the Wirth Foundation (Xing, LinkedIn), data is regularly transmitted to so-called third countries outside the European Union, which are to be considered unsafe third countries under data protection law. The Wirth Foundation has no influence on how the operators of the social media handle the data. Whether and for what purposes the data is processed in the third country is beyond the knowledge of the Wirth Foundation. (Please note § 7 of the data protection declaration)

(vi) Archived image and sound recordings of the projects and event as well as publications are generally not deleted. All data relevant to contracts and bookings will be stored in accordance with tax and commercial law retention periods for a period of ten calendar years after the end of the contract. Other data collected in the course of the event will be deleted six months after the event has taken place.

(vii) The provision of data is contractually obligatory for participation in events and projects. Participation in events and projects is not possible without providing data. The making of image and sound recordings is not obligatory for participation in the event and projects. If you do not wish to have images and sound recordings made, please inform our staff at the event location.



§ 9 Important information on consenting to the publication of personal data on the Internet

The consent of individuals to the publication of images, sound and video is one of the requirements that must be met (§ 22 Art Copyright Act, right to one's own image) in order to have the possibility at all to put images, sound, video on the Internet. However, this consent is linked to a procedure in which the persons are comprehensively informed about the dangers of publication on the Internet and in which the following Internet risks must be explicitly mentioned: 
The possibility of national and international, thus worldwide, retrieval of the data posted on the Internet from the public and non-public spheres; the data stock becomes a generally accessible source.

Threats to the right of individuals to self-determination with regard to information when their data is published worldwide, i.e., also in countries where there is no or insufficient data protection standard, so that an appropriate level of data protection is not ensured. The data posted can be read unnoticed and stored, changed, falsified, combined or manipulated in a variety of ways.

There is the possibility of a worldwide automated evaluation of the publication according to various search criteria, which can be linked with each other in any way (e.g., creation of a meaningful personality profile by combining information about the employee's official position, area of responsibility with data from a private context, selection from among job applications, observation of persons); possible commercial use, thereby e.g., danger of unsolicited letters and harassment.

By providing the data, there is naturally a waiver of the examination of the legitimate interest of the recipient in knowing the data. 
Once the data has been stored, the recipient may continue to use the data even if the party providing it has already changed or deleted its Internet offering. 


§ 10 Donations

In the case of donations, we collect the personal data that we require for the fulfillment of tax law retention obligations and other tax and commercial law obligations (Art. 6 (1) lit c) and any additional agreements with the donor (Art. 6 (1) sentence 1 lit b) DS-GVO). In addition, we store the master data of donors in our donor database in order to inform them about our work at a later date, if necessary, as part of our donation communication. The legal basis for this is our legitimate interest in promoting our statutory purposes (Art. 6 para. 1, p. 1 lit. f GD-GVO). You can object to the inclusion of your data in our donor database for further contact at any time without giving reasons. 
The information is stored for the duration of the respective purpose. Deletion takes place when the statute of limitations for possible claims expires, unless longer retention is required for reasons of commercial or tax law, in which case deletion takes place after the retention period has expired. Longer storage will only take place if you have given us your consent to this at a separate point or if transactions or procedures that are still in progress prevent deletion.



§ 11 Data security, data integrity

To protect your personal data, we take appropriate technical and/or organizational measures to prevent accidental or unlawful destruction/loss, alteration or disclosure of your personal data. The personal data we process is relevant to its intended uses and we take reasonable steps to ensure that the personal data is complete and current for its intended use. Nevertheless, we ask for your assistance in ensuring the accuracy and completeness of your data at all times. 
We point out that data transmission on the Internet, security gaps may exist. We therefore support the state of the art, i.e. TLS encryption for e-mail traffic. However, if your e-mail system does not support TLS, there can be no end-to-end encryption, so that a complete protection of data from access by third parties is not possible. 


§ 12 Recipients of personal data

Unless otherwise stated in this privacy policy, personal data will be forwarded to recipients for the above-mentioned purposes, to 
- Service recipients for the operation of this website or the operation of our foundation (payment processing and authorization belongs or sending promotional materials (Art.6 Abs.1 lit f) DSGVO) 
- Authorities, state regulators or other law enforcement agencies and courts, if it is required and permitted by law or if it is enforced by a binding order (Art. 6 para.1 lit. f) DSGVO or according to other legal provisions. 
The onward transfer of your personal data will not take place unless it is related to the listed purposes, without having informed you in advance and, if necessary, having offered you the opportunity to decide whether or not we may use your personal data in this different way.



§ 13 SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as contact forms (inquiries), that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol.



§ 14 Hosting

(1) This site is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's server. This may be names, website accesses and other data generated via the website. 
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure and faster provision of the online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device as defined by the TTDSG. The consent can be revoked at any time. 
Our hoster will process their data only to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.  We use the following hoster:


Öchsleweg 14 
5526 Nieder-Olm


(2) Order processing 
We have concluded an order processing contract with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

In order to comply with technical and legal adjustments, changes may be made to this privacy policy.

Status 2024