DER Touristik Foundation

Data protection

Dear visitors, 

thank you for visiting our website. To ensure that you feel safe and comfortable when visiting our website, we would like to inform you about how we handle your data.  


The registered association DERTOUR Foundation collects personal data of its members and donors for the association’s work. The collection and processing is conducted exclusively in compliance with the legal requirements, in particular the General Data Protection Regulation (GDPR). 
For more information, please see our privacy policy below. 

Duty to provide information when collecting personal data pursuant to Art. 13 GDPR

1.Name and contact details of the controller and, if applicable, their representative

controller within the meaning of Article 13 (1) lit. a) GDPR is:

DERTOUR Foundation e.V. 
Emil-von-Behring-Straße 6 
60439 Frankfurt am Main 

Authorised representative of the Management Board: 

Sören Hartmann (Chairman), Leif Vase Larsen (Deputy Chairman),  Klaus Franke (Treasurer) 

 2. Purposes and legal basis of processing 

DERTOUR Foundation e.V. processes the following personal data: 

  • For the purpose of managing the associate members, the surname, first name, address, date of birth, telephone, mail address and entry/exit date are processed. The legal basis for this is Art. 6 (1) lit b) etc. GDPR.
  • The surname, first name, email address and address are processed for the purpose of managing donations and contributions. The legal basis for this is Art. 6 (1) lit b) etc. GDPR.
  • The surname, first name and address/email address are processed for the purpose of communication with donors and members. The legal basis for this is Art. 6 (1) lit b) etc. GDPR. 
  • For the purpose of external presentation, photos of the association’s work are published, on which individual persons may be depicted. The legal basis for this is Art. 6 (1) lit b) etc. GDPR.

3. Recipients of the personal data

In the context of donor and member administration, personal data is hosted by DER Touristik Deutschland GmbH. 

4. Third country transfer

In order to realize your donation, your IP address must be transmitted to the subcontractor MaxMind, Inc., 51 Pleasant Street # 1020, Malden MA 02148 in the USA. For the country in which the aforementioned subcontractor is based and processes the personal data, there is currently no adequacy decision by the EU Commission as defined in Art. 45 (1), (3) GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection in the USA corresponds to that of the European Union on the basis of the GDPR. The GDPR requires so-called “appropriate safeguards” for a data transfer to a third country or to international organizations, Art. 46 (2), (3) GDPR. These can be, for example, internal company data protection regulations or standard data protection contracts, that have been approved by a supervisory authority. However, such are not currently used by the subcontractor. Therefore, there is a risk that the state (U.S.) authorities may direct requests for information against this company as a data recipient and thus the state (U.S.) authorities may see your personal data. In principle, this also corresponds to the European legal regulations, e.g. for the purpose of danger prevention. However, the permissibility threshold for such data processing is higher in the EU than in the country of the data recipient. In this context, we would like to point out that there are practically no effective legal remedies available against this. The transmission of your IP address to the subcontractor MaxMind, Inc. is therefore only legitimized by your consent pursuant to Art. 49 (1) lit. a GDPR. 

5. Storage period

  • The data required for membership administration (see under point 2) will be deleted four years following termination of the association membership. 
  • The data necessary for donor management (see under point 2) will be deleted after ten years. 
  • In the event of revocation of consent, the data will be immediately deleted, provided that there are no other legal obligations to the contrary.

6. Data subjects’ rights

  • Members of the association or donors have a right to information (Art. 15 GDPR) as well as a right to correction (Art. 16 GDPR) or deletion (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR) or a right to object to processing (Art. 21 GDPR) as well as a right to data portability (Art. 20 GDPR). 
  • Members of the Association and donors have the right to revoke any declaration of consent granted under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation. 
  • The association member is also entitled to lodge a complaint with a data protection supervisory authority.

7. Obligation to provide the data

The association exclusively collects data required for administrative purposes. If these are not provided, membership and the proper issuance of donation receipts are not possible. 

8. Use of Cookies

Cookies are text files that are stored on a user’s hard drive when visiting a website. They are not harmful to your computer and cannot be seen by third parties. They enable information to be stored for a specified period of time and allow the user’s computer to be identified.
By accepting our cookies, they remain on your computer for a period of 30 days, unless you delete them. During an online booking, cookies are temporarily stored for the duration of the booking and are automatically deleted after 30 minutes of inactivity or after closing the website.
You may object to obtaining and storing your data via this service at any time. To prevent the activation of cookies, disable them in your browser. Please be aware, however, that disabling cookies may restrict the use of the website and the services offered.

9. Data security

To protect your data from unauthorised access, we use an encryption procedure. You can recognise this process through the closed lock which appears in the status bar of your browser, and the address line which begins with “https://”.