Privacy policy

Privacy policy

  1. responsible body
    The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is the Fritz und Trude Fortmann-Stiftung für Baukultur und Materialien. The Foundation is legally represented by its Executive Board (Dipl.-Ing. Nicola Fortmann-Drühe and Dr. Thomas Durchlaub). You can reach us at the address Universitätsstraße 60, 44789 Bochum, Germany. If you have any questions or concerns about data protection, you can contact us by e-mail at info@fortmann-stiftung.de or by telephone on +49 (0)234 33889320.
  2. general information on data processing
    We take the protection of your personal data very seriously. Personal data is any information relating to an identified or identifiable natural person (e.. name, address, e-mail address, user behavior). We only process your personal data if this is necessary to provide a functional website and our content and services, or if you provide us with such data voluntarily (e.g. by contacting us). All processed data will be treated confidentially and in accordance with the statutory data protection regulations (GDPR, Federal Data Protection Act (BDSG) and relevant national regulations as the TTDSG) and this privacy policy.

When using our website, the following main categories of personal data may be collected: Usage data (e.. IP address, access times and technical log data when visiting the website), communication data (e.g. information that you enter in a contact form or send us by email) and, where applicable, cookie and tracking data (more on this in section 5). The specific purposes of processing and the respective data categories are explained in detail in the following sections of this privacy policy. We only process data for the stated purposes and reserve the right to specify further details of data processing - such as the storage period - in the respective sections.

  1. legal bases of the processing
    We only process your personal data on a permissible legal basis in accordance with Art. 6 GDPR. Depending on the type of interaction with our website or communication with us, we base data processing on the following legal bases in particular:
  • Consent (Art. 6 para. 1 lit. a GDPR): If you give us voluntary consent to process certain data, the processing will be carried out exclusively for the purpose stated in the consent. For example, we obtain consent before we use non-essential cookies or tracking technologies (see section 5) or if you proactively provide us with information whose processing is not based on another legal basis. You can withdraw your consent at any time with effect for the future (see also your rights as a data subject in section 9).
  • Fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR): If the processing of your data is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, we will rely on this. This may be the case,  example, if you apply for funding, enter into a scholarship agreement or are otherwise in a contractual relationship with the Foundation. Inquiries aimed at concluding a contract may also fall under this legal basis.
  • Legal obligation (Art. 6 para. 1 lit. c GDPR): In certain cases, we are legally obliged to process certain personal data. These include, for , retention obligations under commercial or tax law (such as the archiving of contractual documents or business correspondence) or obligations to provide information to authorities. In such cases, the processing takes place exclusively to fulfill the respective legal requirements.
  • Legitimate interest (Art. 6 para. 1 lit. f GDPR): Insofar as processing is necessary to safeguard our legitimate interests or those of a third party and there are no overriding interests or fundamental rights on your part to the contrary, we may process your data on this basis. For example, we have a legitimate interest in ensuring the secure operation of our website (including the creation of server log files, see section 4), improving our website, communicating with you in relation to your inquiries or protecting against misuse and legal violations. In cases of processing on the basis of our legitimate interest, we have carefully weighed up whether your legitimate interests are overridden. You also have the right to object to processing based on legitimate interests at any time for reasons arising from your particular situation (see section 9 on your right to object).

4 Hosting and server log files
Our website is operated by an external service provider (hosting provider) who processes personal data on our behalf in connection with the provision of the website. We have concluded an order processing contract with this hosting provider in accordance with Art. 28 GDPR to ensure the protection of your data.

When you visit our website, our web server automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This usage data is technically necessary in order to display the website to you and to ensure the stability and security of the web service. In detail, the following data may be collected:

  • IP address of the requesting device,
  • Date and time of the server request,
  • Name and URL of the retrieved file/page (content of the request),
  • Access status/HTTP status code (feedback from the server),
  • amount of data transferred,
  • Website from which the request originates (so-called referrer URL),
  • Browser type and browser version,
  • Operating system of the accessing computer and its interface,
  • Language and version of the browser software and any other technical information.

This data is stored temporarily to ensure the functionality and security of the website. This log file data is not merged with other data sources. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure and error-free operation of our website). Our legitimate interest lies in particular in the prevention of dangers, error diagnosis and the prevention of misuse (e.. detection of hacker attacks).

Storage duration of the log files: The server log data is only stored for a limited period of time and is regularly deleted unless there is a security-related need for longer storage. Specifically, the log files are automatically anonymized or deleted after 7 days at the latest. Longer storage only takes place in exceptional cases where this is necessary for evidence purposes (e.g. to clarify acts of abuse or fraud); in such a case, the log files in question are retained until the incident has been finally clarified.

  1. cookies and tracking technologies
    Our website uses cookies. These are small text files that are stored on your end device (computer, smartphone, etc.) and saved by your browser. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware. They serve to make our website more user-friendly, effective and secure.

We use technically necessary cookies to enable or facilitate the operation of the website (e.g. to save your language selection or cookie settings). The use of such necessary cookies is based on § 25 para. 2 TTDSG and Art. 6 para. 1 lit. f GDPR (legitimate interest in the provision of a functional and optimized website). Without these cookies, the use of the website would only be possible to a limited extent. These necessary cookies are generally only stored for the duration of your session ("session cookies") and are automatically deleted when you close the browser.

If we use optional cookies or tracking technologies (e.. for statistical, analytical or marketing purposes), we will obtain your express consent in advance in accordance with Section 25 (1) TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. This is typically done via a notice or a cookie banner in which you can consent to their use. These will not be set without your consent. If we use such tools, we will inform you separately in detail about their type, functionality and data processing in this privacy policy. Our website does not currently use any analysis or marketing cookies from third-party providers. Should this change in the future, we will update the privacy policy accordingly and obtain your consent.

You have full control over the use of cookies. In your browser settings, you can specify whether cookies may be set or not. You can delete cookies that have already been saved at any time. In addition, you can configure your browser so that it refuses to accept cookies in general or in certain cases (in particular, you can block third-party cookies from third-party providers, for example). Please note, however, that if you deactivate all cookies, you may no longer be able to use all the functions of this website.

  1. contact form and communication
    When you contact us (e.. by e-mail or telephone), we process the personal data you provide in order to process your request. This typically concerns data such as your name, e-mail address, telephone number, the content of your request and any other information you provide. If our website provides a contact form and you use it, the data you enter will be transmitted to us and processed. In any case, we use your data exclusively to answer your contact request and the associated administrative processes.

The legal basis for processing your contact data depends on the content of your request: If you contact us voluntarily for general purposes, we generally treat this as consent given by you in accordance with Art. 6 para. 1 lit. a GDPR - by actively contacting us, you consent to the processing of the data you have transmitted. If your request is aimed at the conclusion of a contract or the implementation of pre-contractual measures (e.. application for funding, applications for scholarships), Art. 6 para. 1 lit. b GDPR (fulfillment of contract/pre-contractual measure) can be used as the legal basis. In some cases, Art. 6 para. 1 lit. f GDPR (legitimate interest) may also be considered, for example if we process your request in order to provide customer service or respond to inquiries about the Foundation's activities - in this case, our legitimate interest covers the proper processing of communication. We will not use the data you provide for any other purposes (e.. advertising) unless you have expressly consented to this.

We delete the data collected in the course of communication as soon as it is no longer required to achieve the purpose of processing. This means that we only store your data for as long as is necessary to fully answer and process your request. Under certain circumstances, your data may be stored for longer if this is required by statutory retention obligations. For example, business correspondence must be stored for up to six or ten years in accordance with the provisions of the German Commercial Code (§ 257 HGB) and the German Fiscal Code (§ 147 AO). If such obligations are relevant in individual cases (e.g. in the case of processes that lead to a contractual relationship or a financially relevant transaction), we will archive the data for the duration of the statutory period. In the meantime, the processing of your data will be limited to the minimum necessary.

Special case "Program distribution list": Our foundation offers interested persons the opportunity to subscribe to an e-mail distribution list in order to be informed about future activities of the foundation. If you would like to be included in this mailing list, please send us an e-mail with the subject "Program mailing list" to our contact address above. In this case, we will store and use your e-mail address and any other contact details you provide in order to send you regular information. The legal basis for this is your consent (Art. 6 para. 1 lit. a GDPR), which you give by intentionally sending us the aforementioned e-mail. You can revoke this consent at any time by sending us an informal message (by e-mail to info@fortmann-stiftung.de). In the event of a revocation, we will delete your contact details from the distribution list and no longer send you any further information.

7 Disclosure of data
We treat your personal data confidentially and only transfer it to third parties if one of the following conditions is met:

  • Consent: You have given us your express consent to pass on the data (Art. 6 para. 1 lit. a GDPR). In this case, we will inform you in advance to whom the data will be passed on and for what purpose.
  • Order processing: We commission external service providers to process data on our behalf (in accordance with Art. 28 GDPR). This applies,  example, to our hosting service provider, IT maintenance companies or other service providers. These processors have been carefully selected by us, are contractually obliged to comply with data protection regulations, are bound by our instructions and are regularly monitored. A transfer in this sense is not a "transfer to third parties" in the sense of data protection law, as our service providers act on our behalf; nevertheless, we also ensure through contracts that your data remains protected.
  • Contract fulfillment: The transfer is legally permissible and necessary for the fulfillment of a contract with you (Art. 6 para. 1 lit. b GDPR). In this case, the data will only be passed on to the parties or service providers involved to the extent necessary to fulfill the contract (e.. forwarding your address data to a shipping service if we send you documents).
  • Legal obligation: There is a legal obligation for the disclosure (Art. 6 para. 1 lit. c GDPR). This may be the case, for example, if we are obliged by legal provisions or official/judicial orders to provide information or to pass on data to authorities such as tax offices, law enforcement agencies or supervisory authorities.
  • Legitimate interests / legal claims: The disclosure is necessary to safeguard the legitimate interests of the Foundation or third parties (Art. 6 para. 1 lit. f GDPR) and there is no reason to assume that you have an overriding interest worthy of protection in the exclusion of disclosure. This includes, in particular, cases in which we have to pass on data in order to assert, exercise or defend legal claims. For example, in the event of a legal dispute or if there are concrete indications of an unlawful act, we may transfer data to our legal advisors or to law enforcement authorities if this is permissible and necessary.

In all cases mentioned, we limit the scope of the data transmitted to the minimum necessary. Your personal data will not be transmitted for purposes other than those mentioned. In particular, we do not sell data or pass it on to uninvolved third parties for advertising purposes without informing you of this and - if necessary - obtaining your consent.

Recipients outside the EU: If we transfer personal data to recipients outside the European Economic Area (EEA) (e.. because we use a service provider in the USA), we will indicate this separately in this privacy policy. In such a case, we will ensure that the recipient either has an adequate level of data protection (e.. through an adequacy decision by the EU Commission or by concluding EU standard contractual clauses) or that you have expressly consented to this.

  1. storage period
    We only store your personal data for as long as is necessary to achieve the respective processing purposes. The data will then be deleted or blocked in accordance with the statutory provisions. The specific deletion periods may vary depending on the data category and processing purpose:
  • Technical usage data (log files): As described in section 4, we only retain server log data for a short period of time. As a rule, the log entries are deleted or anonymized after 7 days at the latest, unless exceptional circumstances (e.. to clarify security incidents) require longer storage.
  • Cookies: The storage period of cookies depends on their type. Session cookies (transient cookies) are automatically deleted as soon as you close your browser. Persistent cookies have a predefined period of validity (e.. a few days, weeks or months), after which they delete themselves. You can find detailed information on this in section 5 or in your browser settings. You can also manually remove cookies from your end device at any time (see also section 5).
  • Contact details and communication content: We only store data that you provide to us in the context of inquiries (by e-mail or contact form) for as long as is necessary to process the communication. Once your inquiry has been fully processed and there is no further purpose-related requirement, this data is generally deleted. If follow-up questions arise or a follow-up dialog takes place, the storage period may be extended accordingly until these have also been dealt with.
  • Contract and funding data: We store personal data in connection with a contractual relationship (e.. funding agreements, scholarship contracts) for the duration of the contract and beyond in accordance with the statutory retention periods. Under German commercial and tax law, we are obliged to retain certain business documents for 6 to 10 years. We will therefore archive such data until the expiry of the respective periods. During the retention period, the data will be blocked for other purposes and only retained for the fulfillment of obligations (e.. to tax authorities) or for archiving purposes.
  • E-mail distribution list/newsletter: Your e-mail address, which you have provided to us for sending information about foundation activities (see Section 6, "Distribution list program"), will be stored for as long as you wish to receive information. If you withdraw your consent or inform us that you no longer wish to receive information, we will delete your data from the mailing list immediately.

Irrespective of the specific periods mentioned above, we may store data beyond this if you have consented to longer storage or if statutory limitation periods (in accordance with Sections 195 et seq. of the German Civil Code) have not yet expired in order to secure evidence if necessary. The personal data will be deleted as soon as there are no longer any reasons for storage.

  1. rights of data subjects
    As a person affected by data processing, you have extensive rights under the GDPR and the BDSG, which we would like to inform you about. You have the right to
  • to request information (Art. 15 GDPR) - You can request information about which personal data we have stored about you. In your request for information, you can in particular provide information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period (or the criteria for determining this period), the existence of a right to rectification or erasure or a right to restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the existence of a right to data portability, the existence of a right to data portability and the existence of a right to data portability. the existence of a right to rectification or erasure or a right to restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data (if it was not collected directly from you) and, if applicable, the existence of automated decision-making including profiling and meaningful information on its details.
  • Request rectification (Art. 16 GDPR) - If your personal data stored by us is incorrect or incomplete, you can immediately request the correction of incorrect information or the completion of your data.
  • Request erasure (Art. 17 GDPR) - You have the right to request the erasure of your personal data stored by us, unless further processing is necessary in exceptional cases. This is the case, for example, if processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest (in particular in the area of public health) or for the establishment, exercise or defense of legal claims. If such exceptions do not apply, we will delete your data at your request.
  • Request restriction of processing (Art. 18 GDPR) - Under certain circumstances, you can request that we restrict the processing of your personal data. This is the case in particular if you contest the accuracy of the data (for the period of time we need to verify the accuracy), if the processing is unlawful but you oppose erasure and request restriction instead, if we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or if you have objected to processing (pending the verification whether our legitimate grounds override your interests). In the event of restriction, we will mark the data concerned so that it is only processed for the stated purposes (e.. for the defense of legal claims or with your consent).
  • Data portability (Art. 20 GDPR) - You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. In addition, you may - where technically feasible - request that we transfer this data to another controller. However, this right only applies to data that we process automatically on the basis of your consent or to fulfill a contract, but not for manually managed files or for data that is processed on the basis of a legal permission.
  • Withdrawal of consent (Art. 7 (3) GDPR) - You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. Such a withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent, we will cease the data processing affected by this for the future and delete the data from our systems, unless another legal basis applies.
  • Objection to data processing (Art. 21 GDPR) - (1) Insofar as we base the processing of your personal data on a balancing of interests (legitimate interest), you have the right to object to this processing on grounds relating to your particular situation. This applies in particular to the processing of data for the purpose of direct advertising (should we carry out such advertising) - in this case you even have an unconditional right to object without giving reasons. In the event of an objection, please let us know which specific processing you are objecting to. We will examine your objection and either discontinue or adapt the data processing or inform you of our compelling legitimate grounds on the basis of which we may continue the processing. (2) Of course, you can object to the processing of your personal data for direct marketing purposes at any time without giving reasons. If you object, we will no longer use your data for these purposes in the future.
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR) - Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR or other data protection laws. You can exercise this right to lodge a complaint with the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. The competent authority for our foundation includes the State Commissioner for Data Protection in North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf. Alternatively, you can also contact your local competent authority.

To exercise your rights, you can contact us at any time using the contact details provided in section 12. Please note that we may request proof of your identity in order to process your requests (e.g. by presenting a suitable document) to ensure that no unauthorized person is asserting rights on your behalf. We will then process your request immediately - in accordance with the legal requirements, at the latest within one month - and inform you of the measures we have taken.

  1. security of data processing
    We protect your personal data against loss, misuse, unauthorized access, unauthorized modification or unauthorized disclosure by means of appropriate technical and organizational security measures (TOMs). We regularly adapt our security measures to technological developments in order to ensure a level of protection appropriate to the risk (Art. 32 GDPR).

The technical measures include, in particular, the use of SSL or TLS encryption on our website. This means that all data that you transmit to us (e.g. via the contact form or when using the website) is transmitted in encrypted form and cannot be read by third parties without further ado. You can usually recognize an encrypted connection by the lock symbol in the address bar of your browser and by the fact that the address line begins with "https://".

Our organizational measures include, for , restricting employee access to personal data in accordance with the need-to-know principle. This means that only authorized persons who need to know your data for the above-mentioned purposes are granted access to it. In addition, we regularly train our employees in the handling of personal data and have implemented internal data protection guidelines. If we use external service providers (see section 7), we ensure through contractual agreements that they also comply with appropriate security standards.

Please note that the transmission of information via the Internet is never completely secure. Despite all precautions, we cannot guarantee the absolute security of data transmission. However, we secure our website and IT systems to the best of our ability by using up-to-date firewalls, anti-virus software and, if necessary, additional encryption or pseudonymization procedures in order to minimize risks.

  1. changes to the privacy policy
    We reserve the right to amend this privacy policy if changes in the legal situation, the processing we carry out or other reasons make this necessary. The current version of the data protection declaration is available on our website under the heading "Data protection". Please therefore check the content of this statement from time to time, especially if you transmit personal data again. If significant changes are made that require your consent or could otherwise unreasonably disadvantage you, we will actively inform you of such changes (e.. by e-mail, if you have notified us of such, or clearly visible on our website).

This privacy policy is currently valid and is dated March 09, 2025.

  1. contact options and data protection officer
    If you have any questions about data protection in relation to our foundation or this website, would like further information or would like to exercise your data subject rights (see section 9), you can contact us at any time. Please use the following contact options:

Fritz and Trude Fortmann Foundation for Building Culture and Materials
Universitätsstraße 60, 44789 Bochum, Germany
E-mail: info@fortmann-stiftung.de
Phone: +49 (0)234 33889320

Alternatively, you can send your request in writing to the Foundation's postal address (see above). We treat all inquiries confidentially and answer them as quickly as possible.

Data protection officer: Due to the size and nature of our foundation, we are not legally obliged to appoint a data protection officer (see Art. 37 GDPR in conjunction with Section 38 BDSG). Should we appoint a data protection officer in the future, we will publish the contact details here. Until then, you can contact the Foundation directly for all data protection matters using the contact details above.