The protection of personal data is important to us. Therefore, the processing of personal data takes place in accordance with the applicable European and national legal provisions.
You can of course revoke your declaration of consent at any time with effect for the future. For this, please contact the person responsible in accordance with § 1.
The following declaration gives an overview of what type of data is collected, how this data is used and passed on, what security measures we take to protect your data and how you can obtain information about the information given to us.
LEGAL BASIS FOR PROCESSING PERSONAL DATA
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6, Paragraph 1 s. 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is required for the performance of a contract to which the data subject is a party, Art. 6 Paragraph 1 s. lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 Paragraph 1 s. 1 lit. c) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 Paragraph 1 s.1 lit. f) GDPR serves as the legal basis for processing.
DATA DELETION AND DURATION OF DATA STORAGE
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
- 1 The person responsible and the data protection officer
(1) Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
CHARITYBEAT (formerly Event Fundraising Behm)
Tel.: +49 40 / 325 107 25
(2) Name and address of the data protection officer:
akwiso Datenschutz & audit
Tel.: +49 831 5124-7030
- 2 Definitions
The data protection declaration is based on the terms used by the European regulator when the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) was adopted. The data protection declaration should be easy to read and understand. To ensure this, the most important terms are explained below:
- a) Personal data is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person can be identified.
- b) Affected person is any identified or identifiable natural person whose personal data are processed by the person responsible for processing.
- c) Processingis any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
- d) Profilingis any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, to assess aspects relating to work performance, economic situation, health, to analyze or predict personal preferences, interests, reliability, behavior, whereabouts or change of location of this natural person.
- e) Pseudonymisationis the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
- f)The person responsible or the person responsible for the processing is the natural or legal person, authority, institution, or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.
- g) Processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the person responsible.
- h) Recipientis a natural or legal person, authority, institution, or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients.
- i) A third party is a natural or legal person, public authority, agency, or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.
- j) Consentis any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they are processing their personal data agrees.
- 3 Provision of the website and creation of log files
(1) If you only use the website for informational purposes, i.e., if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the calling computer every time the website is accessed:
- a)The user’s IP address
- b)Information about the browser type and the version used
- c)The user’s operating system
- d)The user’s internet service provider
- e)Date and time of access
- f)Websites from which the user’s system accessed the website
- g)Websites that are accessed by the user’s system via our website
- h)Content of the calls (specific pages)
- i)Amount of data transferred in each case
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
(2) The legal basis for the temporary storage of the log files is Art. 6 Paragraph 1 s. lit. f) GDPR.
(3) The temporary storage of the IP address by the system is necessary to
- a)enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
- b)to optimize the content and advertising of our website
- c)to ensure the functionality of our information technology systems and the technology of our website
- d)to provide law enforcement authorities with the information necessary in the event of a cyber attack
The storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, it is also our legitimate interest in data processing according to Art. 6 Paragraph 1 s. 1 lit. f) GDPR.
(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it is collected – in this case at the end of the usage process
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses are deleted or anonymized so that they can no longer be assigned to the using client.
(5) The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website, which is why there is no possibility of objection.
(1) This website uses so-called cookies.
Below you will find a list of cookies with a description which are used.
Cookies are small text files that, as soon as you visit a website, are sent from a web server to your browser and stored locally on your device (PC, notebook, tablet, smartphone, etc.) and are stored on your computer to send the user (i.e., us) certain information. Cookies are used to make the website more customer-friendly and more secure, to collect user-related information, such as the frequency and number of users on the pages and the behavior of the page user. Cookies do not cause any damage to the computer and do not contain viruses. These cookies contain a characteristic string of characters (so-called cookie ID), which enables the browser to be clearly identified when the website is used again.
- 5 Transfer of personal data to third parties
(1) Links to external websites
- 6 Contact sheet and E-Mail contact
(1) There is a contact sheet on our website that can be used to contact us electronically. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved. These data are:
At the time the message is sent, the following data is also processed:
- IP address of the user
- Date and time of registration
For the processing of data, your consent is obtained as part of the sending process and reference is made to this data protection declaration.
Alternatively, you can contact us using the email address provided. In this case, the personal data transmitted with the email will be saved.
Insofar as this concerns information on communication channels (e.g., email address, telephone number), you also approve that we may contact you via this communication channel, if necessary, to answer your request.
In this context, the data is not passed on to third parties. The data will only be used to process the conversation.
(2) The legal basis for the processing of the data is Art. 6 Paragraph 1 s. lit. a) GDPR with the consent of the user. The legal basis for the processing of data that is transmitted in the course of sending an email is Article 6 Paragraph 1 s.1 lit. f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1S. 1 lit. b) GDPR.
(3) We only process the personal data from the contact sheet to process the contact. We will of course only use the data from your e-mail inquiries for the purpose for which you made them available to us when contacting us. If you contact us by email, you also have a legitimate interest in processing the data in answering it. The other personal data processed during the sending process serve to prevent misuse of the contact sheet and to ensure the security of our information technology systems.
(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data collected from the contact sheet and those that were sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a period of 30 days at the latest.
- 7 analysis and tracking tools – web analysis by Matomo (formerly PIWIK)
We use the open-source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (see above for cookies). If individual pages of our website are called up, the following data is stored:
- Two bytes of the IP address of the calling system of the user
- The accessed website
- The website from which the user came to the accessed website (referrer)
- The sub-pages that are accessed from the accessed website
- The length of stay on the website
- The frequency with which the website is accessed
- Date and time of the call
The software runs exclusively on the servers of our website. The user’s personal data is only stored there. The data will not be passed on to third parties.
The legal basis for processing users’ personal data is Article 6 Paragraph 1 lit. f GDPR.
The processing of the personal data of the users enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we can compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Our legitimate interest in the processing of data in accordance with Art. 6 Paragraph 1 lit. f GDPR lies in these purposes. By anonymizing the IP address, the interests of users in protecting their personal data are adequately considered.
The data will be deleted as soon as it is no longer required for our recording purposes. In our case this is after 7 days.
can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
You can find more information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.
- 8 Social Media plugins
(1) Social plugins from the social network Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA) are used on these pages. This plugin enables you to set bookmarks on these pages and share them with other participants in the social network. You can recognize this plug-in by the Facebook logo or the typical “Like” button. You can find an overview of the Facebook plugins at http://developers.facebook.com/docs/plugins/.
(2) We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to Facebook. We give you the opportunity to communicate directly with Facebook using the button. Facebook will only receive the information that you have accessed the corresponding website of our online offer only if you click on the marked field and activate it.
The data is passed on regardless of whether you have a Facebook account and are logged in.
- a)If you click the Facebook “Like” button while you are logged into your Facebook account, the content of these pages can also be linked to the Facebook profile. In this case, Facebook can also assign your visit to these pages to your user account. If you press the activated button and z. B. If, for example, you link the page, Facebook also stores this information in your user account and shares itpubliclywith your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this allows to avoid being assigned to your profile.
- b)If you are not a member of Facebook or have logged out of Facebook before visiting this page, there is still the possibility that Facebook will find out your IP address and save it. If you do not want Facebook to be able to assign your visit to our website to your Facebook user account, you must log out of Facebook before visiting our website or you must not activate the plugin.
In principle, the following data is transmitted to Facebook:
- Browser-related data such as IP address, browser type, operating system, time and date of the request, website visited.
- User ID (with logged in Facebook account)
(3) We have no influence on the data collected and the data processing operations, nor are we aware of the full scope of the data collection, the purposes of processing or the storage periods. We also have no information about the deletion of the data collected by Facebook.
(4) Facebook saves the data collected about you as a user profile and uses this for advertising, market research and / or needs-based design of its website. Such an evaluation takes place (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. Via the plugins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.
(6) You have the right to object to the creation of these user profiles. You must contact Facebook to exercise this right.
(7) Settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings at https://www.facebook.com/settings?tap=ads. Further information on the purpose and scope of the data collection and its processing as well as your respective rights by and vis-à-vis Facebook can be found at http://www.facebook.com/policy.php and http://www.facebook.com/help/186325668085084 ,
- 9 Rights of the affected person
If your personal data are processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
- Right to information,
- Right to rectification
- Right to restriction of processing,
- Right to cancellation
- Right to be informed
- Right to data portability.
- Right to object to processing
- Right to withdraw consent under data protection law
- Right not to apply an automated decision
- Right to complain to a supervisory authority
- RIGHT OF PROVIDING INFORMATION
(1) You can request confirmation from the person responsible as to whether we are processing personal data which is related to you. If such processing has taken place, you can request information from the person responsible at any time free of charge about the personal data stored and about the following information:
- a)the purposes for which the personal data is processed;
- b)the categories of personal data that is processed;
- c)the recipients or the categories of recipients to whom the personal data related to you have been disclosed or are still being disclosed;
- d)the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;
- e)the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
- f)the right to lodge a complaint with a legal authority;
- g)all available information about the origin of the data if the personal data is not collected from the data subject;
- h)the existence of automated decision-making including profiling in accordance with Art. 22 Paragraph 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
(2) You have the right to request information as to whether the personal data relating to you are being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
- RIGHT TO CORRECTION
You have the right to immediate correction and / or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete.
- RIGHT TO RESTRICTION OF PROCESSING
(1) Under the following conditions, you can demand that the person responsible immediately restrict the processing of your personal data:
- a)if you dispute the accuracy of the personal data relating you for a period of time that enables the person responsible to check the accuracy of the personal data;
- b)the processing is unlawful, and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- c)the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- d)if you have objected to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
(2) If the processing of your personal data has been restricted, this data – apart from its storage – may only be permitted with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a member state. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
- RIGHT TO DELETION
(1) You can request the person responsible to delete your personal data immediately if one of the following reasons applies:
- a)The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
- b)You revoke your consent on which the processing was based in accordance with Art. Article 6 Paragraph 1 lit. a or Art. 9 Paragraph 2 lit. a GDPR, and there is no other legal basis for the processing.
- c)You object to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Paragraph 2 GDPR.
- d)The personal data concerning you have been processed unlawfully.
- e)The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
- f)The personal data relating to you was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 GDPR.
(2) If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 Paragraph 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs to inform the data processing officers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
(3) The right to deletion does not exist if processing is necessary
- a)to exercise the right to freedom of expression and information;
- b)to fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible;
- c)for reasons of public interest in the area of public health in accordance with Art. 9 Paragraph 2 lit. h and i and Art. 9 Paragraph 3 GDPR;
- d)for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Paragraph 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
- e)for the establishment, exercise or defense of legal claims.
- RIGHT TO INFORMATION
If you have asserted the right to correction, deletion, or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data relating to you has been disclosed of this correction / deletion / restriction of processing, unless this proves is impossible or involves a disproportionate effort. You have the right vis-à-vis the person responsible to be informed about these recipients.
- RIGHT TO DATA PORTABILITY
(1) You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common, and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
- a)the processing is based on consent in accordance with Art. Article 6 Paragraph 1 lit. a GDPR or Article 9 2 lit. a GDPR or on a contract in accordance with Art. Article 6 Paragraph 1 lit. b GDPR
- b)the processing is carried out using automated procedures.
(2) In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.
(3) The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.
(4) To assert the right to data portability, the data subject can contact the person responsible for processing at any time.
- RIGHT TO OBJECT
(1) You have the right, for reasons that arise from your particular situation to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
(2) The person responsible will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
(3) If the personal data relating to you are processed to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
(4) In connection with the use of information society services – regardless of Directive 2002/58 / EC – you have the option of exercising your right of objection by means of automated procedures in which technical specifications are used.
(5) To exercise the right to object, the data subject can contact the person responsible for processing directly.
- Right to withdraw your approval under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out based on your consent up to the point of withdrawal. You can contact the person responsible for this.
- AUTOMATED DECISION IN INDIVIDUAL CASES INCLUDING PROFILIN
(1) You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effects on you, or which significantly affects you in a similar manner. This does not apply when making the decision
- a) is necessary for the conclusion or performance of a contract between you and the person responsible,
- b) is permissible based on legal provisions of the Union or of the member states to which the person responsible is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- c) is made with your express consent.
(2) However, these decisions may not be based on special categories of personal data according to Art. 9 Paragraph 1 GDPR, unless Art. 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures to protect the rights and freedoms as well as your legitimate ones Interests were met.
(3) With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to explain the own point of view and to contest the decision heard.
(4) If the data subject wishes to assert rights about automated decisions, they can contact the person responsible for processing at any time.
- RIGHT TO COMPLAIN WITH A REGULATORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR. The supervisory authority to which the complaint was lodged informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
We reserve the right to change our data protection practices and this policy to adapt them to changes in relevant laws or regulations or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please note the current version date of the data protection declaration.
We use the reCAPTCHA service from Google LLC (Google) to protect your inquiries via the Internet form. The query is used to distinguish whether the input is made by a person or improperly by automated, machine processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of this service The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. The different data protection regulations of Google apply to this data. Further information on Google’s data protection guidelines can be found at: https://policies.google.com/privacy?hl=de