Overview of the processing operations

The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.

Types of processed data

• inventory data.
• payment details.
• Contact details.
• content data.
• contract data.
• usage data.
• Meta, communication and procedural data.
• Log data.
• member data

Categories of affected persons

• Service recipient and client.
• Interested persons.
• Communication partner.
• user.
• Mitglieder
• Business and contractor.
• Donor.
• Third parties.

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations.
• Communication.
• Safety measures.
• direct marketing.
• range measurement.
• tracking.
• Office and organizational procedures.
• Target group formation.
• Organisational and administrative procedures.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Providing our online offer and user-friendliness.
• information technology infrastructure.
• Fundraising.
• public relations and information purposes.
• Public relation.
• Business processes and business procedures.
   

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.

• Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
• Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Die Verarbeitung ist für die Erfüllung eines Vertrags, dess Vertragspartei die betroffene Person ist, oder zur Durchführung vorvertraglicher Maßnahmen erforderlich, die auf Anfrage der betroffenen Person erfolgen.
• Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject which require protection of personal data do not prevail.
• Membership contract (articles of association) (Article 6, paragraph 1, sentence 1, letter b) GDPR).

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the validity of the GDPR and Swiss GDPR: This data protection notice serves to provide information in accordance with both the Swiss DSG and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to the broader spatial application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "personal data requiring particular protection" used in the Swiss DSG, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within the scope of the validity of the Swiss DSG.
 

Security Measures:

We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different probabilities of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection, through technology design and privacy-friendly default settings.

IP address truncation: If IP addresses are processed by us or by the service providers and technologies we use, and processing a full IP address is not necessary, the IP address is truncated (also known as "IP masking"). This involves removing the last two digits, or the last part of the IP address after a period, or replacing them with placeholders. The purpose of truncating the IP address is to prevent or significantly hinder the identification of a person based on their IP address.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.
 

Transmission of personal data

As part of our processing of personal data, it may happen that these are transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organization: We may transfer personal data to other departments or units within our organization or grant them access to it. If the data transfer is for administrative purposes, it is based on our legitimate business interests or is necessary for the fulfillment of our contractual obligations, or if the data subject has given consent or if there is a legal basis for doing so.
 

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies (which can be identified by the postal address of the respective provider or if the privacy policy expressly refers to the data transfer to third countries), this is always done in accordance with the legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers, which comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This dual safeguard ensures comprehensive protection of your data: The Data Protection Framework (DPF) forms the primary layer of protection, while the Standard Contractual Clauses serve as an additional safeguard. Should changes occur within the framework of the DPF, the Standard Contractual Clauses act as a reliable fallback option. This ensures that your data remains adequately protected even in the event of any political or legal changes.

For each service provider, we will inform you whether they are DPF-certified and whether standard contractual clauses are in place. Further information about the DPF and a list of certified companies can be found on the U.S. Department of Commerce website at [website address]. https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, appropriate safeguards apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the EU Commission's information resources: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
 

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or there are no further legal bases for the processing. This applies to cases in which the original processing purpose no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require the data to be stored or archived for a longer period.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal proceedings or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

In cases where multiple retention periods or deletion deadlines for a given date are specified, the longest period always applies. Data that is no longer retained for its originally intended purpose, but is retained due to legal requirements or other reasons, is processed by us exclusively for the reasons that justify its retention.

Data retention and deletion: The following general retention periods apply to data storage and archiving under German law:

• 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets and the work instructions and other organizational documents required for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
• 8 years - accounting documents, such as invoices and cost receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO as well as § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
• 6 years - Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g. timesheets, operating statements, costing documents, price labels, but also payroll documents, insofar as they are not already accounting documents and cash register tapes (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
• 3 years - Data required to consider potential warranty and compensation claims or similar contractual claims and rights as well as to process related inquiries based on previous business experience and standard industry practices will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
   

Rights of data subjects

Rights of the person concerned from the GDPR: As a person concerned, you have various rights under the GDPR, which result in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
• Withdrawal with consent: You have the right to revoke your consent at any time.
• Right: You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information on such data, as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: You have the right, in accordance with the legal requirements, to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
• Right to cancellation and limitation of processing: In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately, or alternatively to demand a restriction of the processing of data in accordance with the statutory provisions.
• Right to data portability: You have the right to receive data relating to you provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request their transmission to another person in charge.
• Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is contrary to the Violates the requirements of the GDPR.
   

Performing tasks according to the statutes or rules of procedure

We process the data of our members, supporters, interested parties, business partners, or other individuals (collectively referred to as "data subjects") when we have a membership or other business relationship with them and are fulfilling our tasks, as well as when we are recipients of services and contributions. Furthermore, we process the data of data subjects based on our legitimate interests, for example, for administrative tasks or public relations purposes.

Hierbei verarbeiteten Die Daten, die Art und der Umfang der Zweck und ihrer die Verarbeitung Erforderlichkeit, bestimmen sich nach dem oder zugrundeliegenden Mitgliedschafts- Vertragsverhältnis, sich auch aus dem die Erforderlichkeit etwaiger Datenangaben ergeben (im Übrigen Weisen erforderliche Daten auf wir hin).

Wir löschen Daten, die zur Erbringung unserer satzungs- und geschäftsmäßigen Zwecke nicht mehr erforderlich sind. Dies bestimmt sich entsprechend der jeweiligen Aufgaben und vertraglichen Beziehungen. Wir bewahren die daten so lange auf, wie sie zur Geschäftsabwicklung, als auch im Hinblick auf etwaige Gewährleistungs- oder Haftungspflichten auf Grundlage unserer berechtigten Interesse an deren Regelung relevant sein können. Die Erforderlichkeit der Aufbewahrung der Daten wird regelmäßig überprüft; im Übrigen gelten die gesetzlichen Aufbewahrungspflichten.

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject matter of the contract, term, customer category); member data (e.g., personal data such as name, age, gender, contact details (email address, telephone number), membership number, information about membership fees, participation in events, etc.); payment data (e.g., bank details, invoices, payment history). Content data (e.g., textual or image-based messages and posts, as well as information relating to them, such as details of authorship or time of creation).
• Affected people: Members; interested parties; communication partners; donors. Third parties.
• Purposes of processing: Communication; organizational and administrative procedures; public relations and information purposes; business processes and management procedures. Fundraising.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); membership agreement (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

Further information on processing processes, procedures and services:

• Member administration: Procedures required for membership administration include the acquisition and onboarding of new members, the development and implementation of member retention strategies, and ensuring effective communication with members. These processes involve the careful recording and maintenance of member data, the regular updating of member information, and the management of membership fees, including invoicing and billing. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), contract on membership (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Contribution administration: The processing activities required for managing membership fees include recording membership fee data after a member joins, tracking membership fee payments and systematically updating payment status, carrying out payment transactions, processing reminders for overdue payments, reconciling accounts in the context of receivables and payables, and maintaining appropriate books and records; Legal basis: Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), Contract on membership (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Events and organizational operations: Planning, execution, and follow-up of events, as well as the general operation of statutory activities. Planning includes collecting and processing participant data, coordinating logistical requirements, and defining the event agenda. Execution encompasses managing participant registration, updating participant information during the event, and recording attendance and participant activity. Follow-up includes analyzing participant data to evaluate event success, generating reports, and archiving relevant event information. General organizational operations include managing member data, communicating with members and prospective members, and organizing internal meetings and sessions. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), contract on membership (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Public relation: Procedures include the creation and distribution of informational materials, maintaining contact information for press and media relations, and organizing and conducting press conferences and public events. Creating informational materials involves gathering and preparing information for press releases, newsletters, reports, and other publications. Distribution takes place via digital and traditional channels, including email lists, websites, and social media. Maintaining contact information includes recording and updating data on media contacts and other relevant stakeholders. Organizing press conferences and events includes planning and conducting these events, managing invitations, and coordinating event logistics. Interaction with media and stakeholders occurs through direct communication with journalists, bloggers, and other opinion leaders, responding to inquiries, and providing information. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), contract on membership (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Donation collection and fundraising: Processes encompass the planning and execution of fundraising campaigns, donor data management, and communication with donors and potential supporters. Campaign planning involves developing strategies, setting goals, and selecting fundraising channels. Campaign execution involves initiating and implementing specific fundraising activities, collecting donations through online platforms, events, and direct outreach. Donor data management includes collecting, updating, and analyzing data to optimize future campaigns. Communication with donors and potential supporters takes place through personalized messages, thank-you letters, and regular updates on project progress and the use of funds. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), contract on membership (statutes) (Art. 6 para. 1 sentence 1 lit. b) GDPR).
   

Business Services

We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners"), within the framework of contractual and similar legal relationships as well as related measures and with regard to communication with the contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligation to provide the agreed services, any update obligations, and remedy in the event of warranty and other service disruptions. Furthermore, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations, as well as for corporate organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse and the endangerment of their data, secrets, information, and rights (e.g., the involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only pass on contractual partners' data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed of other forms of processing, such as for marketing purposes, in this privacy policy.

We will inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete data after the expiration of statutory warranty and similar obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., for as long as it must be retained for legal archiving reasons (e.g., for tax purposes, usually ten years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

• Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., contract subject matter, term, customer category); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved).
• Affected people: Service recipients and clients; interested parties. Business and contractual partners.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and operational procedures.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Online shop, order forms, e-commerce and performance fulfillment: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and related services, as well as to facilitate payment, provision, delivery, or fulfillment. If necessary for order fulfillment, we use service providers, particularly postal, freight forwarding, and shipping companies, to carry out delivery or fulfillment for our customers. We utilize the services of banks and payment service providers for processing payments. The required information is marked as such during the ordering or similar purchase process and includes the data necessary for delivery, provision, and invoicing, as well as contact information to allow for any necessary follow-up. Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).
   

Provision of the online offer and web hosting

We process user data in order to be able to provide our online services to them. For this purpose we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or the end device of the user.

• Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved); protocol data (e.g. log files relating to logins or the retrieval of data or access times). Content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation).
• Affected people: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Provision of online offer on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called "web host") or obtain from other sources; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files can include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or made anonymous. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
• Email delivery and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• ALL INCLUSIVE: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: ALL-INKL.COM - Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:https://all-inkl.com/; Data protection statement:https://all-inkl.com/datenschutzinformationen/. Order processing contract: Provided by the service provider.
   

Use of cookies

The term "cookies" refers to functions that store information on and read it from users' devices. Cookies can also be used for various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal regulations. Where necessary, we obtain users' consent beforehand. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to providing explicitly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We clearly inform users about the scope of this consent and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage time: With regard to the storage period, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed his or her device (e.g. browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. If we do not provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to processing in accordance with legal requirements, including through the privacy settings of their browser.

• Processed data types: Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, persons involved).
• Affected people: Users (e.g. website visitors, users of online services).
• Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

• Processing of cookie data based on consent: We use a consent management solution in which users' consent to the use of cookies or to the procedures and providers mentioned as part of the consent management solution is obtained. This procedure is used to obtain, record, manage and revoke consent, particularly with regard to the use of cookies and similar technologies that are used to store, read and process information on users' end devices. As part of this procedure, users' consents are obtained for the use of cookies and the related processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option to manage and revoke their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If there is no specific information about the providers of consent management services, the following general information applies: The duration of the storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used becomes; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
   

Contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the person making the inquiry will be processed to the extent that this is necessary to answer the contact inquiries and any requested measures.

• Processed data types: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
• Affected people: Communication partner.
• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

• Contact form: When you contact us via our contact form, by email or other means of communication, we process the personal data sent to us in order to answer and process the respective request. This usually includes details such as name, contact information and, if necessary, other information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
   

Newsletters and Electronic Communications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the recipient's consent or on the basis of a legal obligation. If the newsletter's content is specified during the registration process, this content is decisive for the user's consent. Normally, providing your email address is sufficient to register for our newsletter. However, to offer you a personalized service, we may ask for your name for a personal greeting in the newsletter or for further information if necessary for the newsletter's purpose.

Erasure and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed. In cases where we are obligated to permanently respect objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

Contents:

Information about us, our services, promotions and offers.

• Processed data types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
• Affected people: Communication partner.
• Purposes of processing: Direct marketing (e.g., via email or postal mail).
• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
• Opposition possibility (opt-out): You can unsubscribe from our newsletter at any time, i.e. .H. Revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.
   

Web analysis, monitoring and optimization

Web analysis (also known as "reach measurement") is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can, for example, identify at what time our online offering or its functions or content are used most frequently, or encourage reuse. It is also possible for us to understand which areas require optimization.

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a device and then read out. The information collected includes in particular websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to us or the providers of the services we use collecting their location data, the processing of location data is also possible.

In addition, the IP addresses of the users are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

• Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
• Affected people: Users (e.g. website visitors, users of online services).
• Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors). Profiles with user-related information (creation of user profiles).
• Storage and deletion: Deletion as described in the "General information on data storage and deletion" section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
• Safety measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Matomo (without cookies): Matomo is a privacy-friendly web analytics software that uses no cookies and recognizes returning users with the help of a so-called "digital fingerprint," which is stored anonymously and changed every 24 hours. The "digital fingerprint" captures user activity within our online services using pseudonymized IP addresses in combination with user-side browser settings, ensuring that it is impossible to identify individual users. The user data collected through the use of Matomo is processed only by us and is not shared with third parties. Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:https://matomo.org/. Safety measures: IP masking (pseudonymization of the IP address).
   

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because it could, for example, make it more difficult to enforce user rights.

Furthermore, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user's usage behavior and the resulting interests. The latter can in turn be used to place advertisements within and outside the networks that presumably correspond to the user's interests. Cookies are therefore usually stored on users' computers in which the user's usage behavior and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective processing methods and the options for objection (opt-out), please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

• Processed data types: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
• Affected people: Users (e.g. website visitors, users of online services).
• Purposes of processing: Communication; Feedback (e.g. collecting feedback via online form); Public relations. Public relations and information purposes.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Bluesky: Decentralized social media network - enables the creation, sharing and commenting on content as well as following user profiles; Service provider: Bluesky, PBLLC., Seattle, USA, support@bsky.app; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:https://bsky.social/. Data protection statement:https://bsky.social/about/support/privacy-policy.
• Instagram: Social network, allows sharing photos and videos, commenting and favorite posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:https://www.instagram.com; Data protection statement:https://privacycenter.instagram.com/policy/. Basis for third country transfers: Data Privacy Framework (DPF).
• LinkedIn: Social Network - We are jointly responsible with LinkedIn Ireland Unlimited Company for collecting (but not further processing) visitor data used to generate "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as their actions. Details about the devices used are also collected, such as IP addresses, operating system, browser type, language settings, and cookie data, along with information from user profiles, such as job title, country, industry, hierarchical level, company size, and employment status. Information regarding LinkedIn's processing of user data can be found in LinkedIn's privacy policy. https://www.linkedin.com/legal/privacy-policy.
  We have entered into a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”). https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint controllership is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to its parent company, LinkedIn Corporation, in the USA. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:https://www.linkedin.com; Data protection statement:https://www.linkedin.com/legal/privacy-policy; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opposition possibility (opt-out):https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
   

Plug-ins and embedded functions and content

We integrate functional and content elements into our online service that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").

The integration of third-party content always requires that these providers process users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content from providers who use the IP address solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow information such as visitor traffic on the pages of this website to be analyzed. The pseudonymized information can also be stored in cookies on users' devices and may include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and other information about the use of our online services, as well as be combined with such information from other sources.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

• Processed data types: Usage data (e.g., page views and time spent on page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved); contact data (e.g., postal and email addresses or telephone numbers). Content data (e.g., textual or image messages and posts, as well as information relating to them, such as authorship or time of creation).
• Affected people: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); target group formation; marketing. Feedback (e.g., collecting feedback via online form).
• Storage and deletion: Deletion as described in the "General information on data storage and deletion" section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online services that we retrieve from third-party servers (e.g., function libraries that we use for the presentation or user-friendliness of our online services). In doing so, the respective providers collect users' IP addresses and may process them for the purpose of delivering the software to users' browsers, for security purposes, and for evaluating and optimizing their services. Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Google Fonts (provided on our own server): Provision of font files for the purpose of a user-friendly presentation of our online offer; Service provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Font Awesome (provided on own server): display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• OpenStreetMap: We integrate maps from the "OpenStreetMap" service, which are offered by the OpenStreetMap Foundation (OSMF) under the Open Data Commons Open Database License (ODbL). OpenStreetMap uses user data solely for displaying map features and for temporarily storing selected settings. This data may include, in particular, users' IP addresses and location data, which, however, are not collected without their consent (usually granted through their device or browser settings). Service provider: OpenStreetMap Foundation (OSMF); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:https://www.openstreetmap.de. Data protection statement:https://osmfoundation.org/wiki/Privacy_Policy.
• YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website:https://www.youtube.com; Data protection statement:https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Opposition possibility (opt-out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of commercials: https://myadcenter.google.com/personalizationoff.
   

Management, organization and support tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and delivering our services. We comply with legal requirements when selecting third-party providers and their services.

In this context, personal data can be processed and stored on the servers of third-party providers. This can affect various data that we process in accordance with this data protection declaration. This data can include, in particular, master data and contact details of the users, data on transactions, contracts, other processes and their content.

If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, for service optimization or for marketing purposes. We therefore ask you to observe the data protection information of the respective third party provider.

• Processed data types: Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation date); usage data (e.g., page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).
• Affected people: Communication partners. Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.
• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke

Our website uses the Language Selector widget from "gTranslate", which is based on Google Translate technology. This provides a simple machine translation of the web pages. 

To enable translation, the browser you are using must connect to the servers of gTranslate.io and Google. This will provide gTranslate.io and Google are aware that our website was accessed via your IP address. Since we consider these cookies to be absolutely necessary, data processing is based on Section 25 (2) No. 2 of the Telemedia Act (TDDDG). 

The use of Google Translate is in line with our non-profit statutory purposes, which also include communicating our content to people with migration experience. Easily accessible automatic translation makes it easier or even possible for people with a foreign language background to learn about our offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

For more information on the handling of user data, please review Google’s Data Privacy Declaration under:  https://www.google.de/intl/de/policies/privacy/, as well as in the privacy policy of gtranslate.io https://de.gtranslate.io/Bedingungen