The subject of data protection is particularly important for our association. Of course, we comply with the legal provisions on data protection and protect your personal data properly. This data protection declaration clarifies the type, scope and purpose of processing personal data in the context of the provision of our services and within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profile. In terms of the vocabulary used, such as "processing", "personal data" or "reponsible person" we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Address:
Internationaler Förderverein der Fondation Helga Heidrich SOS Tier- und Artenschutz e.V.
Hohles Moor 23
30938 Burgwedel
Postal Address:
Internationaler Förderverein der Fondation Helga Heidrich SOS Tier- und Artenschutz e.V.
Hohles Moor 23
30938 Burgwedel
Email: info@fhh-sos-animaux.com
If you like to support us with donations in kind, please use our contact form. We have various acceptance points; we will provide you with the necessary address.
Below we inform you of the type, scope and purpose of the data collection as well as processing and use
of personal data.
1. Types of data we process
Usage data (access times, visited websites, etc.), inventory data (name, address, etc.), contact data (telephone number, email, fax, etc.), payment data (bank data, account data, payment history, etc.), contract data (subject of the contract, duration, etc.), content data (text entries, videos, photos, etc.), communication data (IP address, etc.).
2. Purpose of processing according to GDPR
Processing of contracts, evidence purposes / evidence preservation, technical and economical optimization of the website, facilitate easy access to the website, fulfillment of contractual obligations, contact upon legal complaint by third parties, fulfillment of statutory retention obligations, improvement and statistical evaluation of our services, improve user experience, design the website user-friendly, creation of statistics, prevention of SPAM and misuse, customer service and customer maintenance, handle contact requests, provide website with functions and content, measures of security, uninterrupted, safe operation of our website.
3. Categories of data subjects pursuant to GDPR
Visitors/users of the website, suppliers, interested parties, the persons concerned are collectively referred to as "users".
Legal bases for the processing of personal data
Below we inform you of the legal bases for the processing of personal data:
1. If we have obtained your consent for the processing of personal data, the legal basis is GDPR.
2. If processing is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, which are performed at your request, then GDPR is the legal basis.
3. If the processing is necessary for the fulfillment of a legal obligation to which we are subject to (e.g. statutory storage obligations), then GDPR is the legal basis.
4. If the processing is necessary to protect the vital interests of the data subject or another natural person, then the legal basis is GDPR.
5. If the processing is necessary for the protection of our or the legitimate interests of a third party and your interests or fundamental rights and freedom do not outweigh these, then GDPR is the legal basis.
Transfer of personal data to third parties and processors
We generally do not pass on any data to third parties without your consent. If this is the case, then the transfer takes place on the basis of the aforementioned legal bases, for example when data is passed on to online payment providers for contract fulfillment or due to a legal order or due to a legal obligation to hand over the data for the purpose of prosecution, security or enforcement of intellectual property rights. We also use contract processors (external service providers, e.g. to host our websites and databases) to process your data. If data is passed on to the processors in the context of an agreement for contract processing, this always takes place in accordance with GDPR. We carefully select our processors, monitor them regularly and have allowed us to issue instructions concerning the data. In addition, processors must have adopted appropriate technical and organizational measures and data protection regulations in accordance with BDSG n.f. and GDPR.
Data transfer to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data will therefore mainly be processed by companies for which the GDPR applies. If, however, processing takes place by third-party services outside the European Union or the European Economic Area, they must comply with the specific conditions set out in GDPR. This means that processing takes place under special safeguards, such as the EU Commission's officially recognized finding that data protection levels are equivalent to those in the EU, or compliance with officially recognized special contractual obligations, the so-called "standard contractual clauses". As far as we are concerned due to the ineffectiveness of the "Privacy Shields", according to GDPR, obtain your explicit consent to the transfer of data to the USA, will point to the risk of secret access by US authorities and the use of the data for monitoring purposes, if necessary without legal remedies for EU citizens.
Deletion of data and storage duration
Unless expressly specified in this data protection declaration, your personal data will be deleted or blocked as soon as the consent given for processing is revoked by you or the purpose for storage no longer applies or the data are no longer necessary for the purpose, unless their further storage is necessary for evidential purposes or precludes statutory storage obligations. This includes, for example, commercial retention obligations for business letters under Section 257 (1) of the HGB (6 years) and tax retention obligations under Section 147 (1) of the AO for receipts (10 years). If the prescribed retention period expires, your data will be blocked or deleted unless storage is still necessary for the conclusion of a contract or for fulfillment of a contract.
Existence of automated decision making
We don't use automatic decision making or profiling.
Provision of our website and creation of log files
1. If you only use our website for information purposes (i.e. no registration or other transfer of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
• IP-Address;
• Internet-Service-Provider of the user;
• Date and time of the visit;
• Browser Type;
• Language and Browser Version;
• Content of the view;
• Time Zone;
• HTTP-Statuscode;
• Daten Set;
• Websites from which the request originates;
• Operating System.
This data will not be stored together with other personal data about you.
2. This data serves the purpose of user-friendly, functional and secure delivery of our website with functionalities and content, as well as its improvement and statistical evaluation.
3. The legal basis for this is our legitimate interest in data processing pursuant to GDPR, which also lies in the above purposes.
4. For security reasons, we store this data in server log files for the storage period of seven days. Once this period has expired, they will be automatically deleted unless we require their storage for evidence purposes in the event of attacks on the server infrastructure or other violations.
Handling of contracts
1. We process stock data (e.g. Company, Title/Academic Level, Name and Address as well as User Contact Data, E-mail), Contract Data (e.g. Benefits Used, Contact Name) and Payment Data (e.g. Bank details, payment history) in order to fulfill our contractual obligations (knowledge of who is a contracting partner; justification, content and processing of the contract; check for plausibility of the data) and services (e.g. Contact Customer Service) in accordance with GDPR. The entries, marked as mandatory in online forms, are required for the contract to be concluded.
2. This data is generally not passed on to third parties unless it is necessary to pursue our claims (e.g. handover to lawyer for collection) or to fulfill the contract (e.g. transfer of data to payment providers) (if necessary) or there is a legal obligation to do so in accordance with GDPR.
3. We may also process the data you provide in order to inform you of other interesting products in our portfolio or to send you e-mails with technical information.
4. The data will be deleted as soon as it is no longer necessary for the achievement of the purpose of its collection. This is the case for inventory and contract data if the data is no longer necessary for the implementation of the contract and no more claims from the contract can be asserted because these are expired (warranty: two years / normal limitation: three years). We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, if the contract is terminated after three years, we will restrict processing, i.e. your data will only be used to comply with legal obligations. Information will remain in the user account until it is deleted.
1. Payments are made via Paypal (Europe) S.àr.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Web: paypal.de, https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Hereinafter referred to as the "online accountant". The online accountant collects, stores and processes your usage and payroll data in order to identify and account for the service you have used. The data entered with the online payrolls will only be processed by them and stored by them. If the online accountants cannot collect the usage fees or can only collect some of them, or if the online accountant fails to do so due to a complaint by you, the online accountant will pass on the usage data to the responsible person and the responsible person may block it. The same also applies if, for example, a credit card company processes a transaction from you at the expense of the person responsible.
2. The legal basis is GDPR, as the processing is necessary for the fulfillment of a contract by the responsible person. In addition, on the basis of GDPR, external online accountants are used for legitimate interests of the responsible person in order to be able to offer you as secure, simple and diverse payment options as possible.
3. With regard to the storage period, withdrawal, information and data subject rights, we refer to the above data protection declarations of the online accountants.
Contact via Contact Form / E-Mail / Fax / Postal
1. When you contact us via the contact form, fax, mail or e-mail, your information will be processed for the purpose of processing the contact request.
2. The legal basis for the processing of data is, in the event of your consent, GDPR. The legal basis for the processing of data that is transmitted in the course of a contact request or email, letter or fax is GDPR. The responsible person has a legitimate interest in the processing and storage of the data in order to be able to respond to user inquiries for the purpose of securing evidence. Reasons for liability and, if necessary, to be able to fulfill its statutory storage obligations with business letters. If the contact is aimed at concluding a contract, then the additional legal basis for the processing is as well GDPR.
3. We may store your information and contact request in our Customer Relationship Management System (CRM System) or equivalent.
4. The data will be deleted as soon as it is no longer necessary for the achievement of the purpose of its collection. For the personal data from the input mask of the contact form and those that have been sent by e-mail, this is the case when the respective conversation with you is finished. The conversation is terminated when it can be inferred from the circumstances that the questions are definitively settled. Inquiries from users who are having a contract with us, the data will be saved until two years after termination of the contract. In the case of statutory archiving obligations, deletion takes place after their expiry: End of commercial (6 years) and tax (10 years) retention obligation.
5. You have the possibility at any time to withdraw your consent according to GDPR for the processing of personal data. If you contact us by e-mail, you may object to the storage of personal data at any time.
Contact via Phone
1. When you contact us by phone, your phone number is processed to process the contact request and its processing and is temporarily stored or displayed in the RAM/cache of the phone device/display. The storage takes place for reasons of liability and security in order to be able to prove the call and for economic reasons in order to enable a recall. In the event of unauthorized advertising calls, we block the phone numbers.
2. The legal basis for processing the phone number is GDPR. If the contact is aimed at concluding a contract, then the additional legal basis for the processing is as well GDPR.
3. The device cache stores the calls for days and successively overwrites or deletes old data; when the device is disposed of, all data is deleted and the memory is destroyed if necessary. Blocked phone numbers are checked annually for the necessity of the blocking.
4. You can prevent the display of the phone number by calling with suppressed phone number.
Social Media
1. We maintain profiles and contacts on social media. When you use and access our profile in the respective network, the respective data protection information and terms of use of the respective network apply.
2. Data categories and description of data processing: usage data, contact data, content data, inventory data. In addition, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user behavior and the resulting interests of the users. The usage profiles can in turn be used, e.g. to run ads inside and outside the networks that are perceived to be in the interests of users. For these purposes, cookies are usually stored on the users' computers where the user behavior and the interests of the users are stored. In addition, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). We refer to the data protection declarations and information provided by the operators of the respective networks for a detailed presentation of the respective forms of processing and the options for appeal (opt-out). We also point out that in the case of requests for information and the assertion of data subjects' rights, these can be enforced most effectively with the providers. Only the providers have access to the data of the users, and can directly take appropriate measures and provide information. If you need any help please do not hesitate to contact us.
3. Purpose of processing: to communicate with users connected and registered on social networks; to inform and promote our products, offers and services; to display and maintain our image; to evaluate and analyze the users and content of our presence on social media.
4. Legal bases: The legal basis for the processing of personal data is our legitimate interest in the above purposes in accordance with GDPR. Insofar as you have given us or the provider of the social network consent to the processing of your personal data, the legal basis is as well GDPR.
5. Data transfer/recipient category: social network.
6. The data protection notices, information options and opt-out options of the respective networks/service providers can be found here:
• Instagram – Service Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – Datenschutzerklärung/ Opt-Out: https://help.instagram.com/519522125107875, Widerspruch: https://help.instagram.com/contact/186020218683230; Vereinbarung über gemeinsame Verarbeitung personenbezogener Daten auf Instagram-Seiten (Art. 26 DS-GVO): https://www.facebook.com/legal/terms/page_controller_addendum.
Rights of the data subject
1. Objection or withdrawal against the processing of your data
Insofar as the processing is based on your consent in accordance with GDPR, you have the right to withdraw your consent at any time. The lawfulness of the processing based on the consent until the withdrawal is not affected by this.
As we base the processing of your personal data on the balancing of interests in accordance with GDPR, you can object to the processing at any time. This is the case if the processing is in particular not necessary for the fulfillment of a contract with you, which is shown by us in each case in the following description of the functions. In the event of such an objection, we request a statement of the reasons why we should not process your personal data as carried out by us. In the case of your justified objection, we will check the facts and will either stop or adapt the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing. You may object to the processing of your personal data at any time for the purposes of advertising and data analysis. You can exercise the right to object free of charge. You can inform us of your advertising objection by using the following contact data:
Internationaler Förderverein der Fondation Helga Heidrich SOS Tier- und Artenschutz e.V.
Hohles Moor 23
30938 Burgwedel
Managing Director: Helga Heidrich
Registration Court: Hanover
E-Mail-Address: info@fhh-sos-animaux.com
2. Right of Access
You have the right to get access to your personal data stored by us in accordance with GDPR. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of their data, provided that these were not collected directly from you.
3. Right to rectification
You have the right to correct incorrect or to complete correct data in accordance with GDPR.
4. Right to deletion
You have a right to delete your data stored by us in accordance with GDPR, unless statutory or contractual retention periods or other statutory obligations or rights to further storage preclude this.
5. Right to restriction
You have the right to demand a restriction in the processing of your personal data if one of the requirements in accordance to GDPR is met:
• If you contest the accuracy of the personal data concerning you for a period of time that allows the responsible person to verify the accuracy of the personal data;
• If the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;
• If the responsible person no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
• If you have objected to the processing in accordance with GDPR and it is not yet certain whether the legitimate reasons of the responsible person outweighs your reasons.
6. Right to data portability
You have a right to data portability based on GDPR, which means that you can obtain the personal data we have stored about you in a structured, common and machine-readable format or request that it be transferred to another responsible person.
7. Right of appeal
You have the right to lodge a complaint with a regulatory authority. As a rule, you can contact the regulatory authority for this purpose, in particular in the Member State of your residence, your workplace or the place of the alleged infringement.
Data Protection
In order to protect all personal data transmitted to us and to ensure that the data protection regulations of both us and our external service providers are observed, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted via a secure SSL connection encrypted.
Status: 14.01.2024
Quelle: https://www.juraforum.de/