Privacy Policy

Privacy policy (valid from May 2023)

The purpose of this Privacy Policy is to provide you with an overview of what happens with your personal data (hereinafter also referred to as “Data“) in our law firm and to inform you of the data protection claims and rights to which you are entitled in accordance with the European General Data Protection Regulation (“GDPR“) and national data protection laws, such as the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG“) and the German Teleservices Data Protection Act (“Telekommunikation-Telemedien-Datenschutz-Gesetz, “TTDSG“). We therefore ask you to take note of this Privacy Policy and, where appropriate, to print or save it.

Personal data is any information that can be used to personally identify you. The processing of your Data may be carried out for various purposes. In general, the data processing activities of Edmund-Bradatsch-Stiftung, Postfach 14 04, 92604 Weiden, Germany (hereinafter also referred to as „Edmund-Bradatsch-Stiftung“ or „we“) can be divided into the following areas of application:

  • General information about data protection, data processing and the rights of data subjects, which applies to all data processing carried out for us, is set out in Part A below.
  • In connection with our website (hereinafter: “Website“) we process data from visitors that is exchanged between their internet-enabled devices and the server operated by us, as well as other data that is communicated to us in connection with the use of the Website. Please see Part B for details.

Please visit the individual sections for quick, contextual information on specific processing situations.


A.  General information on data protection and data subject rights

I. Who is responsible for data processing and who can you contact if you have any questions?

Controller according to the GDPR and other national data protection laws of the member states as well as other provisions of data protection law is:


Board of Directors
Postfach 14 04
92604 Weiden


If you have any questions about our privacy policy, please contact us using the details above.

II. What rights do you have regarding your Data

If your Data is processed, you are a “Data Subject” under the GDPR, which may entitle you to the rights described below. If you wish to exercise any rights against us as the „Controller”, we recommend that you contact us using our contact details above:

1. Right of access

In accordance with Art. 15 GDPR, you may request confirmation from us as to whether and to what extent we are processing your Data.

2. Right to rectification

If the Data concerning you is incorrect or incomplete, you have the right to have your Data corrected and/or completed, in accordance with Art. 16 GDPR.

3. Right to erasure

If the legal requirements of Art. 17 GDPR are met, you can demand that we erase your Data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, such as statutory retention obligations.

Irrespective of the exercise of your right of erasure, we will immediately and completely delete your Data in order to comply with our legal obligations to delete Data, after the purpose of processing has ceased to apply, unless there is a legal or statutory retention period to the contrary.

4. The right to restriction of processing

In the cases referred to in Art. 18 GDPR, you may request us to restrict the processing of your data. If you have restricted the processing of your Data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

5. Right to data portability

According to Art. 20 GDPR, you have the right to have the Data provided by you, which we process automatically on the basis of your consent or in fulfilment of a contract, transferred to you or to a third party in a common, machine-readable format. If you request your Data to be transferred directly to another responsible person, this will only be done to the extent, that it is technically feasible. The right to data transfer does not apply to the processing of Data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the Data Controller.

6. Right to object

If we process your Data on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you may object to this data processing at any time for reasons arising from your particular situation (see Art. 21 GDPR). If you object, we will no longer process the Data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests as a Data Subject or for the establishment, exercise or defence of legal claims.

7. Right to withdraw consent under data protection law

Some data processing operations may only be carried out with your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time with effect for the future. Withdrawal of your consent does not affect the lawfulness of the processing based on your consent prior to its withdrawal. Please note that even if you withdraw your consent, we may still process the Data concerned in whole or in part on the basis of other legal principles.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Article 77 GDPR in conjunction with Article 19 BDSG).

A list of data protection authorities in Germany and their contact details can be found at the following link

If you believe that we have breached German or European data protection law in the processing of your Data, please contact us to clarify the matter.

You also have the right to contact the supervisory authority responsible for our registered office:

Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, E-Mail:,


III. What personal data do we process and from what sources?

1. Source of personal data

Through our Website, we process Data that we receive during your visit or that you actively provide to us during your use. Other Data is automatically collected automatically by our IT systems when you visit the Website. This is mainly technical data (e.g. Internet browser, operating system or time of a page request). This Data is collected automatically when you visit our Website. You can find details on this at Part B.

2. Categories of personal data

We process the following Data about you:

  • Access data: Date and time of the visit to our Website; the webpage from which the accessing system accessed our Website; the subpages accessed during the visit; session identification data (session ID); in addition, the following information about the accessing computer system: Internet Protocol (IP) address used, browser type and version, device type, operating system and similar technical information.


IV. For what purposes and on what legal basis are your data processed?

We process your Data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Teleservices Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, “TTDSG”) as amended, in particular on the following basis:

1. Fulfilment of (pre-) contractual obligations (Art. 6 para. 1 lit. b GDPR)

The personal data collected when visiting our Website is processed according to Art. 6 para. 1 lit. b GDPR for the fulfilment of our contractual obligations, in particular in connection with the operation of our Website.

2. Protection of legitimate interests (Art. 6 para. 1 lit.f GDPR)

Based on a balancing of interests, data processing may be carried out to protect our legitimate interests or those of third parties. This is permitted unless your interests or fundamental rights and freedoms require the protection of personal data to be overridden. Data processing for the protection of legitimate interests may occur, for example, in the following cases

  • Providing our Website, its functions and content
  • Use of technically necessary cookies or comparable technologies in the sense of § 25 Abs. 2 TTDSG
  • Responding to contact requests and communicating with users
  • Execution of payment transactions via external service providers

3. Fulfillment of legal obligations (Art. 6 para. 1 lit.c GDPR)

The processing of your data may be necessary, in part, for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. under the Bavarian Foundation Act (Bayerisches Stiftungsgesetz, “BayStiftG”) or tax legislation (e.g. the German Fiscal Code (Abgabenordnung, “AO”)).

4. Consent (Art. 6 para. 1 lit.a GDPR):

If a service used by us in any way stores information in the user’s end devices or accesses such information, consent is required in accordance with Section 25 para 1 sentence 1 of the TDDSG. If the service functions without access to the terminal equipment, the GDPR applies. If we ask for your consent within the scope of the GDPR, this is done on the basis of Art. 6 para 1 lit. a in conjunction with Art. 7 GDPR.

If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, for example to receive a newsletter, can be revoked at any time with effect for the future. To do so, please use the contact details given in Part A. No. I or No. II.

Please note that any processing that has taken place prior to the revocation will not be affected by the revocation and that the processing may continue, at least in part, on the basis of another legal basis.


V. Who will receive my Data?

We will share your Data with those members of the Board of Directors and Advisory Council and their assistants who need it to fulfil our contractual and legal obligations or to process or pursue our legitimate interests.

Your Data will be shared with companies and partners that we regularly use in connection with contract processing or who are otherwise involved in our Foundation’s activities. This applies to the following recipients or categories of recipients:

  • IT service providers (e.g. email service providers, web hosting service providers)
  • Legal advisers

If we use a service provider for the purpose of processing on behalf in accordance with Art. 28 GDPR, we remain responsible for the protection of your Data. To the extent required by law, such data processors are contractually bound by an data processing agreement to treat your Data confidentially and to process it only within the scope of providing the service. Our data processors will receive your Data only to the extent, that they need it to perform their respective services.

Your Data will only be disclosed to or collected for the purposes of government institutions and authorities in accordance with mandatory national laws, or if you instruct us to do so.


VI. How long will my Data be stored?

Your Data will only be used for the purpose for which you have provided it to us or for which you have given us your consent and will be stored until that specific purpose has been fulfilled. Once the purpose has been fulfilled, or if you request us to delete your Data, your Data will only be kept for as long as is necessary to comply with statutory limitation periods or retention periods (in particular for tax and foundation law purposes). However, the Data will be deleted at the latest upon expiry of all time limits, unless you have expressly consented to further or other use. You may also exercise your rights during the retention periods, such as the blocking of your data. See Part A. No. II.

We will delete or block your data as soon as the purpose for which it was stored no longer applies or you request us to delete it.


VII. Will personal data be transferred to a third country?

We do not generally intend to transfer personal data to the USA on a regular basis. However, as part of our processing operations, personal data may be transferred in the course of certain business transactions or activities to entities in so-called third countries outside the EU or the EEA that have not yet been certified by the EU Commission as having an adequate level of data protection, such as the USA. Should such a transfer become necessary in individual cases, it will only take place on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate data protection safeguards or your express consent.


B. Use of our Website

In general, you can visit our Website and use it for informational purposes without providing any personal information (e.g., registering, placing orders, or otherwise providing information about yourself).  In this case, we process personal information about our users only to the extent necessary to provide a functional Website and our content and services.

In addition, the processing of personal data of our users is regularly only carried out with the consent of the user. The exception to this is where prior consent cannot be obtained for practical reasons and where the processing of the data is permitted by law.


I. Hosting, provision of the Website and creation of log files

Description of data processing

Each time you visit our Website, our system automatically collects data and information from the computer system of the computer accessing the Website, that your Internet browser automatically transmits to us or our web host (so-called log files). These server log files may include IP addresses or other information that allows us to identify a specific user. This could be the case, for example, if the link to the website from which the user accesses the Website, or the link to the website to which the user switches, contains personal data. The following information is collected and stored by our hosting provider in this context:

  • the type and version of the web browser used
  • the operating system used by the accessing system
  • the website from which an accessing system accesses our Website (so-called referrer)
  • the sub-websites to which an accessing system is directed from our Website
  • the date and time of access to our Website
  • the Internet Protocol address (IP address)
  • the internet service provider of the accessing system
  • other similar data and information used for the purpose of averting danger in the event of attacks on our information technology systems

The Data is stored in the log files of our web host. This Data is not stored together with other personal data of the user.

Legal basis and purposes of data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. This information is also required for the provision of the service in accordance with Section 25 para. 2 no. 2 TTDSG.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the site. The data is also used to optimise the site and to ensure the security of our IT systems.

Retention period / Right of objection and deletion

The Data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of Data collected for the purpose of providing the website, this will be the case when the relevant session has ended.

When Data is stored in log files, this is the case after 7 days at the latest.

The collection of Data for the provision of the Website and the storage of Data in log files are essential for the operation of the Website. Consequently, there is no possibility for the user to object.

II. More information about the processes, plug-ins and tools used to design the Website

SSL or TLS encryption

Our Website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

III. Links to other websites

Our Website may contain links to other websites. We have no influence whatsoever on the content or design of other providers’ websites. The statements in this privacy policy therefore do not apply to external providers to whose offers or content we merely link with.

If you are forwarded via links from our Website to other websites, please inform yourself there about the respective handling of your Data.


IV. Active use of our Website

E-mail contact

Description of data processing

Visitors to our Website can contact us using the e-mail address provided. In this case, the user’s Data transmitted in the e-mail will be stored.

Legal basis and purposes of data processing

The legal basis for the processing of the Data transmitted when sending an e-mail is Art. 6 para 1 lit. f GDPR. If the purpose of the contact form request or the e-mail contact is the conclusion of a contract, the additional legal basis for the processing is Art. 6 par. 1 lit. b GDPR.

The processing of Data is solely for the purpose of processing the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the Data.

Retention period / Right of objection and deletion

The Data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the Data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified and that no legal requirements call for longer storage.

If the user contacts us by e-mail, he can object to the storage of his Data at any time. In this event, all Data stored in the course of contacting us will be deleted unless legal requirements require longer storage. In such a case, the conversation cannot be continued.


C.     Miscellaneous

Due to the ongoing improvement of our websites, of our work as Edmund-Bradatsch-Stiftung from day to day and due to changes in legislation or due to administrative requirements of data protection authorities in the future it will be necessary to adopt this data protection declaration of us from time to time. The valid version in charge is accessable on our websites for you and may be printed out.


This post is also available in Deutsch.

Comments are closed