Privacy Policy
This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions and content, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as the “online offering”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Data controller
Sea-Eye e. V.
PO Box 120226
93024 Regensburg
Executive Board
Gorden Isler (Chair)
Dr Annika Fischer-Uebler (Chair)
Data Protection Officer
Stephan Hendel (Association for the Protection of Business Interests)
Contact: datenschutz@sea-eye.de
Types of data processed:
- Master data (e.g. names, addresses)
- Contact details (e.g. email address, telephone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. websites visited, content interests, access times)
- Meta/communication data (e.g. device information, IP addresses)
- Account details (e.g. IBAN/BIC for the supporting membership form or donation form)
- Categories of data subjects
- Visitors and users of the website (hereinafter, we refer to these individuals collectively as ‘users’).
Purpose of processing
- Provision of the online service, its functions and content
- Responding to enquiries and communicating with users
- Safety measures
- Audience measurement/marketing
Terminology used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
The term ‘controller’ refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant legal basis
In accordance with Article 13 of the GDPR, we hereby inform you of the legal bases for our data processing activities. Where the legal basis is not specified in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing to fulfil our services, carry out contractual measures and respond to enquiries is Article 6(1)(b) of the GDPR; the legal basis for processing to fulfil our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
Cooperation with data processors and third parties
Where, in the course of our data processing activities, we disclose data to other individuals or organisations (data processors or third parties), transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal authorisation (e.g. where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract in accordance with Article 6(1)(b) of the GDPR), you have given your consent, a legal obligation requires it, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Where we engage third parties to process data on the basis of a so-called ‘data processing agreement’, this is done in accordance with Article 28 of the GDPR.
Transfers to third countries
Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we process or have the data processed in a third country only if the specific conditions of Articles 44 et seq. of the GDPR are met. This means that processing takes place, for example, on the basis of specific safeguards, such as the officially recognised determination of a level of data protection equivalent to that of the EU (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised specific contractual obligations (so-called ‘standard contractual clauses’).
Rights of data subjects
- You have the right to request confirmation as to whether the relevant data is being processed, and to obtain access to that data, as well as further information and a copy of the data, in accordance with Article 15 of the GDPR.
- In accordance with Article 16 of the GDPR, you have the right to request that data concerning you be completed or that any inaccurate data concerning you be rectified.
- In accordance with Article 17 of the GDPR, you have the right to request that the relevant data be erased without delay; alternatively, in accordance with Article 18 of the GDPR, you have the right to request that the processing of the data be restricted.
- You have the right to request that the personal data you have provided to us be made available to you in accordance with Article 20 of the GDPR, and to request that it be transferred to other data controllers.
- You also have the right, under Article 77 of the GDPR, to lodge a complaint with the relevant supervisory authority.
Right of withdrawal
You have the right to withdraw any consent you have given, with future effect, in accordance with Article 7(3) of the GDPR.
Right to object
You may object at any time to the future processing of your personal data in accordance with Article 21 of the GDPR. In particular, you may object to the processing of your data for direct marketing purposes.
Cookies and the right to object to direct marketing
‘Cookies’ are small files that are stored on users’ computers. Various types of information can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to a website. Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies that are deleted once a user leaves an online service and closes their browser. Such a cookie may, for example, store the contents of a shopping basket in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored so that users can access it again after several days. Similarly, such a cookie may store the user’s interests, which are used for audience measurement or marketing purposes. ‘Third-party cookies’ are cookies provided by providers other than the controller operating the online service (otherwise, if they are only the controller’s own cookies, they are referred to as ‘first-party cookies’).
We may use both temporary and permanent cookies, and we provide further information on this in our privacy policy.
If users do not wish to have cookies stored on their computer, they are asked to disable the relevant option in their browser’s settings. Stored cookies can be deleted via the browser’s settings. Disabling cookies may result in certain features of this website not working properly.
A general objection to the use of cookies for online marketing purposes can be lodged with a wide range of services, particularly in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in your browser settings. Please note that, in such cases, you may not be able to use all the features of this website.
Deletion of data
The data we process will be erased or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be erased as soon as it is no longer required for the purposes for which it was collected and there are no legal obligations to retain it. Where data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In accordance with German law, records must be retained for a period of 6 years in particular, pursuant to Section 257(1) of the German Commercial Code (HGB) (commercial ledgers, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting documents, etc.) and for 10 years in accordance with Section 147(1) of the German Fiscal Code (AO) (ledgers, records, management reports, accounting documents, commercial and business correspondence, documents relevant for taxation, etc.).
In accordance with Austrian legislation, records must be retained for 7 years in particular, pursuant to Section 132(1) of the Austrian Federal Tax Code (BAO) (accounting records, receipts/invoices, accounts, supporting documents, business papers, statements of income and expenditure, etc.), for 22 years in relation to real estate, and for 10 years for documents relating to electronically supplied services, telecommunications, radio and television services provided to non-business customers in EU Member States for which the Mini One-Stop Shop (MOSS) is used.
Business-related processing
In addition, we process:
- Contract details (e.g. supporting membership).
- Payment details (e.g. bank details, payment history)
- from our customers, prospective customers and business partners for the purpose of providing contractual services (e.g. supporting memberships), customer service and relationship management, marketing, advertising and market research.
Hosting
The hosting services we use are intended to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we utilise for the purpose of operating this online service.
In this context, we, or our hosting provider, process master data, contact details, content data, contractual data, usage data, metadata and communication data relating to customers, prospective customers and visitors to this website on the basis of our legitimate interests in providing this website efficiently and securely, in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a data processing agreement).
Collection of access data and log files
We, or rather our hosting provider, collect data on every access to the server on which this service is hosted (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6(1)(f) of the GDPR. The access data includes the name of the webpage accessed, the file, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
For security reasons (e.g. to investigate cases of misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data that needs to be retained for evidential purposes is exempt from deletion until the incident in question has been fully resolved.
Administration, financial accounting, office organisation, contact management
We process data in connection with administrative tasks, the organisation of our business operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in connection with the provision of our contractual services. The legal bases for processing are Article 6(1)(c) of the GDPR and Article 6(1)(f) of the GDPR. This processing affects customers, prospective customers, business partners and website visitors. The purpose and our interest in the processing lie in administration, financial accounting, office organisation and data archiving – in other words, tasks that serve to maintain our business activities, fulfil our duties and provide our services. The erasure of data relating to contractual services and contractual communication is in accordance with the information provided for these processing activities. In doing so, we disclose or transfer data to the tax authorities, advisers such as tax consultants or auditors, as well as other fee-charging bodies and payment service providers. Furthermore, in accordance with our business interests, we store information on suppliers, event organisers and other business partners, for example for the purpose of contacting them at a later date. We generally store this data, the majority of which is business-related, on a permanent basis.
Data collection via our donation forms
Our donation forms are provided by the service provider Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg. Wikando guarantees full data protection and legally compliant data storage. Wikando handles payment processing on our behalf via a secure and certified environment. Data relating to donation transactions is encrypted using SSL at all times and stored in European-certified data centres. The processing of personal data is carried out exclusively for the specified purpose. Wikando’s employees are bound by data confidentiality obligations under the GDPR and the BDSG-neu. Your data will not be passed on to third parties.
If you use the PayPal and Sofortüberweisung payment services provided by Wikando, please note the respective terms and conditions of PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full) and Sofortüberweisung (https://www.klarna.com/sofort/datenschutz/).
betterplace.org
For project-related campaigns, we integrate widgets from betterplace gGmbH, Schlesische Str. 26, 10997 Berlin. In doing so, betterplace.org processes metadata (IP address, device and browser information) as well as form details (name, email address, payment details) for the purpose of processing donations. The legal basis is Article 6(1)(b) of the GDPR (processing of the donation) or Article 6(1)(f) of the GDPR (efficient campaign management). Data is stored on servers within the EU. For further details, please refer to betterplace’s privacy policy.
FundraisingBox (Wikando GmbH) & Mailchimp-Export
We use the FundraisingBox CRM system, provided by Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, to manage donor and campaign data. Data is transferred to FundraisingBox on the basis of a data processing agreement in accordance with Article 28 of the GDPR; the data is stored exclusively in ISO 27001-certified data centres within the EU. For newsletter automation, relevant fields (name, email, campaign assignment) are automatically transferred to Mailchimp (USA). This transfer is based on your consent (Article 6(1)(a) of the GDPR) or our legitimate interest in efficient communication (Article 6(1)(f) of the GDPR). Mailchimp is certified under the EU-US Data Privacy Framework; standard contractual clauses apply in addition.
Getting in touch
When you contact us (e.g. via the contact form, email, telephone or social media), your details will be processed in accordance with Article 6(1)(b) of the GDPR for the purpose of handling your enquiry and processing it. Your details may be stored in a customer relationship management system (‘CRM system’) or a similar enquiry management system.
We delete the enquiries once they are no longer required
Comment subscriptions
Users may subscribe to follow-up comments with their consent in accordance with Article 6(1)(a) of the GDPR. Users will receive a confirmation email to verify that they are the owners of the email address provided. Users may unsubscribe from comment subscriptions at any time. The confirmation email will contain information on how to withdraw consent.
Newsletter
The following information explains the content of our newsletter, as well as the procedures for subscription, distribution and statistical analysis, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Contents of the newsletter: We send out newsletters, emails and other electronic communications containing promotional information (hereinafter referred to as ‘newsletters’) only with the recipients’ consent or where permitted by law. Where the content of the newsletter is specifically described during the subscription process, this description forms the basis for the user’s consent. In addition, our newsletters contain information about our services and our company.
Double opt-in and logging: Subscription to our newsletter is carried out via a so-called double opt-in procedure. This means that, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else’s email address. Subscriptions to the newsletter are logged so that we can provide evidence of the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Any changes to your data stored with the mailing service provider are also logged.
Subscription details: To subscribe to the newsletter, simply enter your email address. You may also provide your name so that we can address you personally in the newsletter.
Germany: The sending of the newsletter and the associated performance measurement are carried out on the basis of the recipients’ consent in accordance with Article 6(1)(a) and Article 7 of the GDPR in conjunction with Section 7(2)(3) of the German Unfair Competition Act (UWG), or on the basis of the statutory authorisation under Section 7(3) of the UWG.
The registration process is logged on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves both our business interests and meets users’ expectations, whilst also enabling us to provide evidence of consent.
Cancellation/Withdrawal: You may cancel your subscription to our newsletter at any time, i.e. withdraw your consent. You will find a link to unsubscribe from the newsletter at the bottom of every newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for the purposes of sending the newsletter, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.
Newsletter – Email marketing service provider MailChimp
Newsletters are sent via the mailing service provider “MailChimp”, a newsletter distribution platform operated by the US-based provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the mailing service provider’s privacy policy here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
The delivery service provider is engaged on the basis of our legitimate interests pursuant to Article 6(1)(f) of the GDPR and a data processing agreement pursuant to Article 28(3), first sentence, of the GDPR.
The mailing service provider may use recipients’ data in pseudonymous form – i.e. without linking it to a specific user – to optimise or improve its own services, for example to improve the technical aspects of sending and displaying newsletters, or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.
Newsletters – Performance Measurement
The newsletters contain a so-called ‘web beacon’, i.e. a pixel-sized file that is retrieved from our server, or from the server of the mailing service provider if we use one, when the newsletter is opened. As part of this retrieval, technical information – such as details about your browser and system – as well as your IP address and the time of retrieval are initially collected.
This information is used to improve our services technically, based on technical data, or to analyse target groups and their reading behaviour based on their location (which can be determined using their IP address) or access times. Statistical analyses also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be traced back to individual newsletter recipients. However, it is neither our intention nor, where applicable, that of the mailing service provider, to monitor individual users. Rather, the analyses serve to help us identify our users’ reading habits and adapt our content accordingly, or to send different content based on our users’ interests.
Dropbox cloud service
For internal document management, we use Dropbox International Unlimited Company, One Park Place, Hatch Street Upper, Dublin 2, Ireland. Metadata (file name, access time, device) and the uploaded content are processed. The legal basis is Article 6(1)(f) of the GDPR (efficient teamwork). Dropbox may transfer data to the USA; the data transfer is carried out on the basis of the EU Commission’s Standard Contractual Clauses.
Social media presence
We maintain a presence on social media networks and platforms in order to communicate with customers, prospective customers and users who are active there, and to provide them with information about our services. When accessing these networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. by posting on our online presence or sending us messages.
Integration of third-party services and content
Within our online offering, we use third-party content and service providers on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online offering within the meaning of Article 6(1)(f) of the GDPR) to integrate content or services from third-party providers, such as videos or fonts (hereinafter collectively referred to as “content”).
This always requires that the third-party providers of this content receive the user’s IP address, as they would be unable to send the content to the user’s browser without it. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” enable information, such as visitor traffic on the pages of this website, to be analysed. The pseudonymous information may also be stored in cookies on the user’s device and may include, amongst other things, technical information about the browser and operating system, referring websites, time of visit and further details regarding the use of our online service, as well as being linked to such information from other sources.
Bluesky
Operator: Bluesky PBC, 548 Market St PMB 97916, San Francisco, CA 94104, USA. When you interact with our profile (e.g. likes, replies), Bluesky receives, among other things, your IP address and any profile data that has been made publicly available. The legal basis for this is Article 6(1)(f) of the GDPR.
Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn processes usage and profile data for market research and advertising purposes. The legal basis is Article 6(1)(f) of the GDPR.
LinkedIn Insight Tag
The LinkedIn Insight Tag is integrated into our pages. It collects IP addresses, timestamps, browser properties and page views to enable conversion tracking and targeted advertising. The data is pseudonymised within 90 days. An objection to
Vimeo
We embed videos from the “Vimeo” platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy.
Youtube
We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
Google Fonts
We use fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
Use of Google Analytics
We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and our advertising activities.
Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the data processed.
During your visit to our website, the following data, amongst other things, is recorded:
- Pages viewed
- The achievement of ‘website goals’ (e.g. contact enquiries and newsletter subscriptions)
- Your behaviour on the pages (e.g. time spent on the site, clicks, scrolling behaviour)
- Your approximate location (country and city)
- Your IP address (in truncated form, so that no unique identification is possible)
- Technical information such as browser, internet service provider, device and screen resolution
- The source of your visit (i.e. the website or advertising material via which you found us)
Personal data such as your name, address or contact details is never transmitted to Google Analytics.
Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID, which can be used to recognise you during future visits to the website.This data is transferred to Google’s servers in the USA. Please note that data protection laws in the USA cannot guarantee the same level of protection as those within the EU.
The recorded data is stored together with a randomly generated user ID, which enables the analysis of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data is stored in aggregated form indefinitely. If you do not consent to this data collection, you can prevent it by installing the browser add-on to deactivate Google Analytics or by rejecting cookies via our cookie settings dialogue.
Source: traffic3.net
Use of Google Tag Manager
We use Google Tag Manager, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), on our website. This Tag Manager is one of many useful marketing products offered by Google. It allows us to centrally integrate and manage code snippets from the various tracking tools we use on our website.
In this privacy policy, we aim to explain in more detail what Google Tag Manager does, why we use it, and how data is processed.
What is Google Tag Manager?
Google Tag Manager (GTM) makes it easier to implement code snippets into websites or apps. GTM allows tracking and marketing tools – known as tags – to be managed easily via a web-based user interface, eliminating the need to modify the source code. In addition to the web analytics tools supported by default, custom HTML code or JavaScript can also be used. The functions of tags are diverse; they are often used, for example, to analyse users’ online behaviour (in general or on the page), to optimise marketing campaigns, or to display relevant advertising.
Why do we use Google Tag Manager for our website?
n addition to the obvious time and effort savings that come with using a tag management system, such a system can also be used for consent-based tag delivery. Using the loading rules (also known as ‘triggers’) available in GTM, tags can be deployed specifically only when a consent management platform (such as Usercentrics) provides the relevant consent. Compared to other tag management systems, GTM stands out with a simple user interface, a very comprehensive free version with no limitations, and better performance than the competition.
What data is stored by Google Tag Manager?
Google Tag Manager itself is a domain that does not set cookies and does not store data. It acts merely as an ‘administrator’ of the implemented tags. The data is collected by the individual tags of the various web analytics tools. The data is essentially routed through Google Tag Manager to the individual tracking tools and is not stored.
However, the situation is quite different when it comes to the tags embedded by various web analytics tools, such as Google Analytics. Depending on the analytics tool, various data relating to your online behaviour is usually collected, stored and processed using cookies. Please refer to our privacy policies for the individual analytics and tracking tools that we use on our website.
In the Tag Manager account settings, we have allowed Google to receive anonymised data from us. However, this relates solely to the use of our Tag Manager and does not concern your data, which is stored via the code snippets. We allow Google and others to receive selected data in anonymised form. We consent to the anonymous sharing of our website data. Despite extensive research, we have been unable to ascertain exactly which aggregated and anonymous data is shared. In any case, Google deletes all information that could identify our website. Google aggregates the data with hundreds of other anonymous website data sets and creates user trends as part of benchmarking measures. Benchmarking involves comparing our own results with those of our competitors. Processes can be optimised on the basis of the information collected.
How long and where is the data stored?
When Google stores data, this data is stored on Google’s own servers. The servers are located all over the world. Most are in America. You can find out exactly where the Google servers are located at https://www.google.com/about/datacenters/inside/locations/?hl=de.
You can find out how long each tracking tool stores your data in our individual privacy policies for each tool.
How can I delete my data or prevent it from being stored?
Google Tag Manager itself does not set any cookies, but manages tags from various tracking websites. You can find detailed information on how to delete or manage your data in our privacy policies for the individual tracking tools.
Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311141511. If you would like to find out more about Google Tag Manager, we recommend the FAQs at. https://www.google.com/intl/de/tagmanager/faq.html.
Use of Facebook Social Plugins
On the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online offering within the meaning of Article 6(1)(f) of the GDPR), we use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may display interactive elements or content (e.g. videos, graphics or text posts) and can be recognised by one of the Facebook logos (a white ‘f’ on a blue tile, the terms ‘Like’, ‘Gefällt mir’ or a ‘thumbs up’ symbol) or are marked with the addition ‘Facebook Social Plugin’. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user accesses a feature of this website that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the website. In the process, user profiles may be created from the data processed. We therefore have no influence over the scope of the data that Facebook collects using this plugin and are therefore informing users in accordance with our current knowledge.
When the plugins are integrated, Facebook receives information that a user has accessed the relevant page of the website. If the user is logged into Facebook, Facebook can link the visit to their Facebook account. When users interact with the plugins, for example by clicking the ‘Like’ button or posting a comment, the relevant information is transmitted directly from your device to Facebook and stored there. Even if a user is not a member of Facebook, there is still a possibility that Facebook may obtain and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.
Users can find details of the purpose and scope of data collection, as well as the further processing and use of data by Facebook, and the relevant rights and settings options for protecting users’ privacy, in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about them via this website and link it to their Facebook account details, they must log out of Facebook and delete their cookies before using our website. Further settings and the option to object to the use of data for advertising purposes are available within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.
Facebook Pixel
Within our online platform, we use the so-called “Facebook Pixel” from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.
Facebook is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
The Facebook Pixel enables Facebook to identify visitors to our website as a target audience for the display of advertisements (so-called ‘Facebook Ads’). Accordingly, we use the Facebook Pixel to ensure that the Facebook Ads we place are shown only to those Facebook users who have demonstrated an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products, determined on the basis of the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). We also use the Facebook Pixel to ensure that our Facebook Ads match users’ potential interests and do not come across as intrusive. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advert (so-called “conversion”).
Facebook processes the data in accordance with its Data Use Policy. General information on the display of Facebook ads can be found in Facebook’s Data Use Policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s Help Centre: https://www.facebook.com/business/help/651294705016616.
You can object to the collection of data via the Facebook Pixel and the use of your data for the display of Facebook ads. To control the types of adverts shown to you on Facebook, you can visit the page set up by Facebook and follow the instructions on how to manage your usage-based advertising settings: https://www.facebook.com/settings?tab=ads. These settings apply across all platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.
You can also opt out of the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative’s opt-out page (http://optout.networkadvertising.org/), as well as via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/ your-ad-choices/).
You can prevent Facebook Pixel from collecting and processing data relating to your use of the website by customising the cookie banner. Please note that this will result in a cookie being set, meaning that your objection to data processing will only remain in effect until you delete the cookies stored in your browser.
Altruja
Our website uses the fundraising tool provided by the third-party provider Altruja GmbH, Augustenstraße 62, 80333 Munich. The protection of donor data is a fundamental priority for Altruja GmbH. When you visit the donation page, your IP address is processed by Altruja’s servers in order to load the donation form. The legal basis for this is Article 6(1)(f) of the GDPR.
If you would like to make a donation online, whether a one-off donation or a regular contribution, you can do so using our donation form. To ensure the payment transaction is legitimate, we require at least the following details from you:
- Anrede und vollständiger Name
- Email address
We process the following data for the purpose of processing donations:
- Personal master data
- Communication data (e.g. telephone number, email address)
- Contract master data (contractual relationship, interest in products or contracts) Customer history
- Contract settlement and payment data
- Bank details (account number, sort code or IBAN)
As part of a data processing agreement, we commission Altruja to process donations made via the donation form. The personal data entered in the donation form is transmitted via an encrypted connection to Altruja and its technical service providers. Other recipients of your data include the appointed credit institution and, where applicable, logistics companies responsible for delivering receipts or our auditing firm, to whom we may be obliged to report.
Personal data collected via the form is used for the purpose of processing donations with the donor and payment service providers, for organising and promoting fundraising campaigns, for communicating with donors, and for generating and sending donation receipts. This includes payment processing, sending an email to confirm the donation, and, where applicable, generating and sending a donation receipt. The use of Altruja is in the interests of transparent communication with donors and efficient donor support and donation processing. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. You may object to the processing of data for these purposes without giving reasons.
We also process personal data for the purpose of selecting donors on the basis of their interests, for example for postal or electronic donation mailings or telephone calls. This serves to promote our activities and constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR in relation to data subjects who have already supported us with a donation. You may object to the processing of data for these purposes without giving reasons.
Deletion of donor data: An agreement is in place with Altruja GmbH for the automatic deletion of all personal data on 30 June and 31 December of each year. The deletion process is monitored by help alliance. The deletion log is sent to help alliance. Donor data that is more than 10 years old is deleted.
Further information on the handling of user data, as well as options for settings and objections, can be found in Altruja’s privacy policy at: https://www.altruja.de/datenschutz.html
Our website may incorporate features and content from the Instagram service, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or text, and buttons that users can click to express their liking or to follow the authors of the respective content as well as our own posts. Provided that users are members of the Instagram platform, Instagram may associate the access to the aforementioned content and features with the users’ profiles on that platform.
Instagram’s Privacy Policy: http://instagram.com/about/legal/privacy/
Applications (via Personio)
We use the Personio service provided by Personio SE & Co. KG, Rundfunkplatz 4, 80335 Munich, Germany, to manage our recruitment process.
If you apply via our recruitment portal, your personal data will be processed directly via the Personio platform. This processing is carried out solely for the purpose of conducting the recruitment process. Further information on the processing of personal data as part of the recruitment process can be found in the privacy policy of our recruitment portal: Career Site
A data processing agreement in accordance with Article 28 of the GDPR has been concluded with Personio.