Privacy Policy

The protection of your personal data is important to us. We process your data exclusively on the basis of the statutory provisions (in particular the General Data Protection Regulation – GDPR – and the German Federal Data Protection Act – BDSG). In this Privacy Policy we inform you about the processing of personal data when you use our website.

1. Controller

The controller responsible for data processing on this website within the meaning of Art. 4 (7) GDPR is:

Georg Ludwig Rexroth-Stiftung GmbH
Zum Eisengießer 1
97816 Lohr am Main
Germany

Tel.: +49 9352 182205
Email: info@rexroth-stiftung.de

Authorised Managing Directors: Kathrin Rooney, Hartmut Weißpfennig

There is no statutory obligation to appoint a data protection officer. For any questions concerning data protection or the exercise of your rights, please contact the controller named above.

2. General information

„Personal data" means any information relating to an identified or identifiable natural person (e.g. name, email address or IP address). Where we refer to legal bases below, the following applies: Art. 6 (1)(a) GDPR = consent; (b) = contract or pre-contractual measures; (f) = legitimate interest.

3. Hosting

Our website is hosted by an external service provider:

IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Germany

On our behalf, the provider processes in particular access data and other data generated via our website. The servers are located in Germany. No transfer to a third country outside the EU/EEA takes place.

We use the hosting provider in the interest of a secure, fast and reliable provision of our website (Art. 6 (1)(f) GDPR). We have concluded a data processing agreement with the provider pursuant to Art. 28 GDPR, which ensures that the data processed is handled in compliance with data protection law.

4. Server log files

Each time our website is accessed, our hosting provider automatically records information transmitted by your browser and stores it in what are known as server log files. These are, in detail: the name of the file retrieved, the date and time of retrieval, the volume of data transferred, notification of a successful retrieval, the web browser used, the requesting domain, and the IP address of the requesting computer.

This processing serves to ensure secure and stable operation of the website and to prevent misuse. The legal basis is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. The log files are stored for a short period of a few days and are then deleted or anonymised. This data is not merged with other data sources, nor is it evaluated for marketing or analysis purposes.

5. No cookies, no tracking, self-hosted fonts and map

Our website does not set any cookies, does not start a session and uses neither analytics nor tracking services, no CAPTCHA and no social media plugins or embeds. For this reason, no cookie consent banner is required on our website.

The fonts used (web fonts) are delivered from our own server (self-hosted). No connection is made to external providers such as Google Fonts or to an external content delivery network (CDN).

The location map shown on our website is embedded as a locally stored image file based on OpenStreetMap. As a result, no connection to an external server is established when the page is loaded. On individual pages you will also find hyperlinks that you can actively click (e.g. a Google Maps link for directions, the attribution link to OpenStreetMap, or links to LinkedIn profiles). Content from the respective provider is loaded only once you actively click the relevant link; the data protection provisions of the respective provider then apply.

6. Contact and enquiry forms

We provide various forms on our website. In each case, the submission is sent exclusively by email to our own mailbox at IONOS; no cookies are set and no session is started for this purpose. Your email address is included in the message as a reply address (Reply-To) so that we can respond to you. Every form contains a mandatory consent checkbox; the form cannot be submitted without confirming it.

a) Contact form

Data processed: name, email address, message. Purpose: handling your enquiry and getting in touch with you. Legal basis: your consent (Art. 6 (1)(a) GDPR) and our legitimate interest in handling the contact request (Art. 6 (1)(f) GDPR). Recipient of the email: info@rexroth-stiftung.de.

b) Donation enquiry form

Data processed: name, email address, message. Purpose: handling your enquiry relating to a donation. Legal basis: your consent (Art. 6 (1)(a) GDPR) and our legitimate interest in handling the enquiry (Art. 6 (1)(f) GDPR). Recipient of the email: info@rexroth-stiftung.de and an internal staff email address of the foundation.

c) „Worldwide Child Sponsorships" form (sponsorship registration)

Data processed: first name, surname, email address, telephone number, street/house number, postcode/town, sponsorship amount, payment method, IBAN, BIC and bank. Purpose: establishing and administering the sponsorship, including payment processing by SEPA direct debit. Legal basis: initiation and performance of the sponsorship relationship (Art. 6 (1)(b) GDPR) and your consent (Art. 6 (1)(a) GDPR).

Please note: the form data – including your bank details – is transmitted by email. The transmission is encrypted in transit (TLS). For particularly confidential matters we recommend that you contact us by post or by telephone.

7. Protection against spam and misuse

To protect our forms against automated misuse (spam), we use an invisible honeypot field, an optional time-based check using JavaScript, and a file-based limit on submission frequency per IP address. For the latter purpose, your IP address is stored for a short time. The legal basis is our legitimate interest in preventing misuse and in the security of our systems (Art. 6 (1)(f) GDPR).

8. Recipients and disclosure of data

As a matter of principle, your data is not disclosed to third parties. The recipient in the technical sense is our hosting provider IONOS SE acting as a processor (see section 3). The data submitted via the forms goes to the internal mailboxes of the foundation referred to in section 6. Any disclosure beyond this takes place only where we are legally obliged to do so. No transfer to third countries takes place.

9. Retention period

Server log files are deleted or anonymised after a few days (see section 4). We store data submitted via forms until your request has been fully dealt with and then delete it, unless statutory retention periods prevent this. In particular, in connection with donations and donation receipts as well as the administration of sponsorships, retention periods under commercial and tax law (regularly up to ten years) may apply; for this period the processing is restricted.

10. Your rights as a data subject

In respect of the personal data concerning you, you have the following rights against the controller: the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object to processing (Art. 21 GDPR).

Where the processing is based on your consent, you have the right to withdraw it at any time with effect for the future (Art. 7 (3) GDPR). This does not affect the lawfulness of the processing carried out up to the point of withdrawal. To exercise your rights, an informal message to the contact details given in section 1 is sufficient.

11. Right to object (Art. 21 GDPR)

Where we process your data on the basis of legitimate interests (Art. 6 (1)(f) GDPR), you have the right to object at any time, on grounds relating to your particular situation, to such processing. We will then no longer process the data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to assert, exercise or defend legal claims.

12. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your data infringes the GDPR. The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) – Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach

13. Data security

We take appropriate technical and organisational measures to protect your data against unauthorised access. Our website is delivered over an encrypted connection (SSL/TLS); you can recognise an active encryption by the padlock symbol in your browser's address bar and by the address „https://". With unencrypted communication by email, complete data security cannot be guaranteed; for confidential information we therefore recommend the postal route.

14. Currency and amendment of this Privacy Policy

This Privacy Policy is dated May 2026. As our website develops further, or as a result of changed statutory or regulatory requirements, it may become necessary to amend this Privacy Policy. You can access the current version at any time on this page.