Why do we process personal data?
The purposes of the data processing are:
- Professional hosting of the website and safeguarding of the operation
- To maintain operational and IT security
- Anonymous evaluation of access behaviour to improve our offer and, if necessary, for criminal prosecution or the pursuit of claims
What data is processed?
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as
- The complete internet address (URL) of the accessed website Browser and browser version (e.g., Chrome 87)
- The operating system used (e.g., Windows 10)
- The address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
- The host name and IP address of the device being accessed (e.g., COMPUTERNAME and 194.23.43.121).
- Date and time
- In files, the so-called web server log files
How long is data stored?
As a rule, the above data is stored for a fortnight and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.
In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without consent!
Legal basis
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 Abs. 1 lit. f DSGVO (Wahrung der berechtigten Interessen) (Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests)), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.
As a rule, there is a contract on commissioned processing between us and the hosting provider in accordance with Art. 28 f. DSGVO (Art. 28 f. DSGVO), which ensures compliance with data protection and guarantees data security.
Payment provider introduction
Data subject: Visitors to the website
Purpose: To enable and optimise the payment process on our website
Data processed: Data such as name, address, bank data (account number, credit card number, passwords, TANs, etc.), IP address and contract data.
More details can be found with the respective payment provider tool used.
Storage period: depending on the payment provider used
Legal basis: Art. 6 Abs. 1 lit. b DSGVO (Erfüllung eines Vertrags) (Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract))
What is a payment provider?
We use online payment systems on our website that allow us and you a secure and smooth payment process. In the process, personal data may also be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that enable you to place an order via online banking. In this case, the payment processing is carried out by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.
Why do we use payment providers on our website?
Of course, we want to offer you the best possible service with our website and our integrated online shop/possibilities to donate so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment processes/transfer of your donated money in particular must function quickly and smoothly. For these reasons, we offer you payment providers for your donations. You can choose your preferred payment provider and pay/donate in the usual way. We especially offer PayPal, which will get an own paragraph later on.
What data is processed?
Exactly what data is processed depends, of course, on the respective payment provider. But basically, data such as name, address, bank data (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to be able to carry out a transaction at all. In addition, any contractual data and user data, such as when you visit our website, what content you are interested in or which sub-pages you click on, may also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.
The data is usually stored and processed on the servers of the payment providers. We as the website operator do not receive this data. We are only informed whether the payment has worked or not. For identity and creditworthiness checks, it may happen that payment providers forward data to the corresponding office. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always check the General Terms and Conditions and the data protection information of the payment provider. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (Widerrufsrecht, Auskunftsrecht und Betroffenheitsrecht (right of revocation, right to information and right to be affected)).
Duration of data processing
We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded. For example, we keep accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are created.
Right of objection
You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the responsible person of the payment provider used at any time. You can find contact details either in our specific data protection policy or on the website of the relevant payment provider.
You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.
Legal basis
We therefore offer other payment service providers for making a donation in addition to traditional banking/credit institutions for the processing of contractual or legal relationships (Art. 6 Abs. 1 lit. b DSGVO) ((Art. 6 para. 1 lit. b DSGVO)). The data protection information of the individual payment providers (such as e.g., Amazon Payments, Apple Pay, PayPal, Discover, etc.) provides you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible persons if you have questions about data protection-relevant topics.
Information on the specific payment providers – if available – can be found in the following sections.
PayPal Privacy Information
We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.
PayPal also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
PayPal uses so-called ‘’Standardvertragsklauseln’’ (= Art. 46. Abs. 2 und 3 DSGVO) (Standard Contractual Clauses (= Art. 46 para. 2 and 3 DSGVO)) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular in the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=eng
For more information on the standard contractual clauses and on the data processed through the use of PayPal, please see the privacy information at https://www.paypal.com/webapps/mpp/ua/privacy-full.
Web design introduction
Data subjects: Visitors to the website
Purpose: To improve the user experience
Data processed: The data processed depends largely on the services used. Mostly it is about IP address, technical data, language settings, browser version, screen resolution and browser name. More details can be found in the respective web design tools used.
Storage period: depends on the tools used
Legal basis: Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests)).
What is web design?
We use various tools on our website that serve our web design. Web design is not, as often assumed, only about our website looking pretty, but also about functionality and performance. But of course, making a website look right is also one of the big goals of professional web design. Web design is a branch of media design and deals with the visual as well as the structural and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all impressions and experiences that the website visitor experiences on a website. A sub-item of user experience is usability. This is about the user-friendliness of a website. The main focus here is on ensuring that content, subpages or products are clearly structured and that you can easily and quickly find what you are looking for. In order to offer you the best possible experience on our website, we also use so-called third-party web design tools. Under the category
In this data protection information, “web design” includes all services that improve the design of our website. These can be, for example, fonts, various plug-ins or other integrated web design functions.
Why do we use web design tools?
How you absorb information on a website depends very much on the structure, functionality and visual perception of the website. Therefore, a good and professional web design became more and more important for us as well. We are constantly working on improving our website and also see this as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us.
After all, you will only visit us and make use of our offers if you feel completely at ease.
What data is stored by web design tools?
When you visit our website, web design elements may be embedded in our pages that can also process data. Exactly what data is involved depends, of course, heavily on the tools used. Below you can see exactly which tools we use for our website. We recommend that you also read the respective data protection information of the tools used for more detailed information on data processing. In most cases, you will find out which data is processed, whether cookies are used and how long the data is stored. Fonts such as Google Fonts also automatically transmit information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers.
Duration of data processing
How long data is processed is very individual and depends on the web design elements used. For example, if cookies are used, the retention period can be as short as a minute or as long as a few years. Make yourself please find out more about this. For this purpose, we recommend on the one hand our general text section on cookies and on the other hand the data protection information of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is to improve the loading time of a website. In principle, data is only stored for as long as is necessary for the provision of the service. In the case of legal requirements, data can also be stored for longer.
Right of objection
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. Under web design elements (mostly fonts), however, there is also data that cannot be deleted quite so easily. This is the case if data is automatically collected directly when a page is called up and transmitted to a third-party provider (such as Google). In this case, please contact the support of the relevant provider. In the case of Google, you can reach the support at https://support.google.com/?hl=eng.
Legal basis
If you have consented to web design tools being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) (Art. 6 para. 1 lit. a DSGVO (consent)), this consent constitutes the legal basis for the processing of personal data as may occur when web design tools are used. From our side, there is also a legitimate interest in improving the web design on our website. After all, only then can we provide you with a beautiful and professional web offer. The corresponding legal basis for this is Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit. f DSGVO (Legitimate Interests)). Nevertheless, we only use web design tools if you have given your consent. We would like to emphasise this again here in any case.
Information on special web design tools – if available – can be found in the following sections.
Explanation of terms used
We always try to make our data protection information as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will now find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous data protection information. If these terms have been taken from the DSGVO and are definitions, we will also quote the DSGVO texts here and add our own explanations if necessary.
Biometric data
Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)
For the purposes of this Regulation, the term:
“biometric data” means personal data, obtained by means of specific technical procedures, relating to the physical, physiological or behavioural characteristics of a natural person, which enable or confirm the unique identification of that natural person, such as facial images or dactyloscopy data;
Explanation: These are biological characteristics that are described by biometric data and from which personal data can be obtained with the help of technical procedures. These include DNA, fingerprints, the geometry of various body parts, body size, but also handwriting or the sound of a voice.
Consent
Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)
For the purposes of this Regulation, the term:
“consent’ means any freely given specific, informed and unambiguous indication of the data subject’s wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed;
Explanation: As a rule, such consent is given on websites via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data of yours may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.
We also would like to highlight that our website’s cookie banner is very intuitive and allows you to decline by only one click!
Personal data
Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)
For the purposes of this Regulation, the term:
“personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Explanation: Personal data is therefore all data that can identify you as a person. This is usually data such as:
- Name
- Address
- E-mail address
- Postal address
- Telephone number
- Date of birth
- Identification numbers such as national insurance number, tax identification number, identity card number or matriculation number
- Bank data such as account number, credit information, account balances, etc.
According to the European Court of Justice (ECJ), your IP address is also personal data. IT experts can use your IP address to at least determine the approximate location of your
device and subsequently identify you as the connection owner. Therefore, the storage of an IP address also requires a legal basis within the meaning of the DSGVO. There are also so-called “special categories” of personal data that also require special protection. These include:
- Racial and ethnic origin
- Political opinions
- Religious or ideological convictions
- Trade union membership
- Genetic data such as data taken from blood or saliva samples
- Biometric data (this is information on mental, physical or behavioural characteristics that can identify a person).
- Health data
- Data on sexual orientation or sexual life
Profiling
Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)
For the purposes of this Regulation, the term:
“profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location;
Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about that person. In the web sector, profiling is often used for advertising purposes or for credit checks. Web or Advertising analysis programmes, for example, collect data about your behaviour and interests on a website. This results in a special user profile, with the help of which advertising can be played to a specific target group
Closing words
Congratulations! If you are reading these lines, you have really “fought your way” through our entire data protection information, or at least scrolled this far. As you can see from the scope of our data protection information, we take the protection of your personal data anything but lightly.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we do not only want to tell you what data is processed, but also explain the reasons for using various software programmes. As a rule, data protection information sounds very technical and legalistic. However, since most of you are not web developers or lawyers, we wanted to take a different linguistic approach and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the data protection information.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible office. We wish you all the best and hope to see you on our website again soon.
All texts are protected by copyright.
Source: Created with the Impressum Generator from AdSimple
Translation to English: supported by DeepL Translator from AdSimple