Privacy Notice
Responsible Entity (Controller)
Responsible in the sense of the GDPR, other data protection laws applicable to the Member States of the European Union and other provisions of legal character relating to data protection:
Trägerverein Gemeinsam Retten e.V.
Herrenhäuser Straße 12
30419 Hannover
hello(at)wesendaship.org
Any data subject can contact our Data Protection Officer directly and at any time with all questions and suggestions concerning data protection.
We are very pleased that you are interested in our group of agencies. Data protection is of particularly high importance to the management of Trägerverein Gemeinsam Retten e.V.. It is generally possible to use the Trägerverein Gemeinsam Retten e.V. website without providing any personal data. However, if a data subject wishes to access special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject in question.
The processing of personal data, for example, the name, address, e-mail address or telephone number of a data subject, is always carried out following the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to fischerAppelt AG. Through this Privacy Notice, our company wishes to inform the public about the type, scope and purpose of the personal data we collect, use and process. Besides, this data protection declaration informs data subjects of their rights.
As the controller, Trägerverein Gemeinsam Retten e.V. has implemented numerous technical and organisational measures to ensure the personal data processed through this website is protected as completely as possible. Nevertheless, web-based data transmissions can present security gaps in principle, so absolute protection cannot be guaranteed. For this reason, every data subject is free to submit personal data to us by alternative means, such as by telephone.
Cookie consent with Borlabs Cookie
Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent for storing certain cookies in your browser and to document these in a data protection compliant manner. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser to record the consents you have given or the revocation of such consents. This data is not passed on to the Borlabs Cookie provider. The data collected will be stored until you request us to delete it or until you delete the Borlabs cookie itself or until the purpose for which the data is stored no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
Borlabs Cookie consent technology is used to obtain the consent required by law to use cookies. The legal basis for this is Article 6 (1)(1)(c) of the GDPR.
Google Analytics
This site uses Google Analytics, a web analytics service of Google, Inc. („Google“). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website is usually transmitted to and stored by Google servers in the United States.
Subscription to our newsletter
The website www.rememberhumanrights.org allows users to subscribe to the initiative’s newsletter. The input mask used for this purpose determines which personal data are transmitted to the controller when the newsletter is ordered.
Through its newsletter, the sponsoring association Gemeinsam Retten e.V. informs its partners, customers, interested parties and subscribers about news and information on the wesendaship initiative at regular intervals. In principle, data subjects can only receive the newsletter of our initiative if (1) the data subject has a valid e-mail address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address registered for the first time by a data subject in the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address, as the data subject, has authorised receipt of the newsletter.
When registering for the newsletter, we also save the IP address, assigned by the Internet Service Provider (ISP), of the computer system used by the data subject at the time of registration as well as the date and time of registration. The collection of this data is necessary to be able to trace the (possible) misuse of a data subject’s e-mail address at a later date and therefore, it serves to provide legal protection for the data controller.
The personal data collected during registration for the newsletter is used exclusively for sending our newsletter. Additionally, newsletter subscribers could be informed via e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case if there are changes to the newsletter offer or if technical conditions change. The personal data collected within the scope of the newsletter service will not be passed on to third parties. The data subject can cancel the subscription to our newsletter at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter service, can be revoked at any time. To withdraw this consent, a corresponding link is included in every newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the website of the data controller or by informing the data controller in another way.
Routine deletion and blocking of personal data The data controller only processes and stores the data subject’s personal data for the time necessary to achieve the purpose of storage, or if provided for by the European Directives and Regulations or any other law or regulation to which the data controller is subject.
If the purpose of storage ceases to apply or if a storage period prescribed by the European Directives and Regulations or any other competent legislature expires, the personal data will be blocked or deleted as a routinary matter and following the statutory provisions.
The newsletter is sent via „MailChimp“, a newsletter-mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored in the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, MailChimp may use this data, according to its own information, to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to contact them itself or to pass them on to third parties.
The privacy notice of MailChimp can be found here: https://mailchimp.com/legal/privacy
Statistical survey and analyses
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the Browser and your System, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined through the IP address) or the access times.
Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The evaluations serve us in particular to recognise the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
Rights of the data subject
a. Right to confirmation
Every data subject has the right, granted by the European Directives and Regulations, to obtain confirmation from the controller as to whether personal data relating to him or herself is being processed. If a data subject wishes to exercise this right to confirmation, he or she may contact our Data Protection Officer or any other member of staff of the controller at any time.
b. Right to information
Each data subject has the right, granted by the European Directives and Regulations, to obtain information about his / her personal data and a copy of this information from the controller at any time and free of charge. Furthermore, the European Directives and Regulations grant the data subject access to the following information:
– the purposes for which the personal data are processed
– the categories of personal data being processed
– the recipients or recipient categories to whom personal data has been or will be disclosed, in particular to recipients in third countries or to international organisations
– if possible, the planned duration of the storage of your personal data or, where that is not possible, the criteria for determining this period
– the existence of a right of rectification or deletion of the personal data concerning you, or a right to limitation of processing by the controller or a right to object to such processing
– the existence of a right of appeal to a supervisory authority
– if the personal data are not collected from the data subject: all available information on the origin of the data
– the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing on the data subject
The data subject also has the right to know whether personal data have been transmitted to a third country or an international organisation. If this is the case, the data subject also has the right to be informed of the appropriate guarantees relating to the transmission.
If a data subject wishes to exercise this right to request information, he or she may contact our Data Protection Officer or any other member of staff of the controller at any time.
c. Right to rectification
Any data subject concerned by the processing of personal data has the right, granted by the European Directives and Regulations, to request the rectification of inaccurate personal data concerning him/herself without delay. The data subject also has the right to request the completion of incomplete personal data – using a supplemental statement as well – in the light of the purposes of the processing.
If a data subject wishes to exercise this right to rectification, he or she may contact our Data Protection Officer or any other member of staff of the controller at any time.
d. Right to deletion (Right to be forgotten)
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to request the controller to delete without delay the personal data concerning him/herself if one of the following reasons applies; provided the processing is no longer necessary:
– The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
– The data subject withdraws the consent on which the processing was based under Article 6(1)(a) of the GDPR or Article 9 (2)(a) of the GDPR, and there is no other legal basis for the processing.
– The data subject lodges an objection to the processing per Article 21(1) of the GDPR and there are no legitimate overriding reasons for the processing, or the data subject lodges an objection to the processing per Article 21(2) of the GDPR.
– The personal data were processed unlawfully.
– The deletion of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
– The personal data were collected in relation to information society services offered, per Article 8(1) of the GDPR.
If one of the above reasons applies and a data subject wishes the deletion of personal data stored by Trägerverein Gemeinsam Retten e.V., he / she may contact our Data Protection Officer or another staff member of the data controller at any time. The Data Protection Officer of Trägerverein Gemeinsam Retten e.V. or another staff member will ensure that the deletion request is complied with immediately.
If the personal data has been publicized by Trägerverein Gemeinsam Retten e.V. and our company, as the responsible entity, is obliged to delete the personal data as per Article 17(1) of the GDPR, Trägerverein Gemeinsam Retten e.V., taking into account the available technology and the implementation costs, will undertake appropriate measures, including technical measures, to inform other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to this personal data or copies or replications of this personal data, insofar as the processing is not necessary. The Data Protection Officer of Trägerverein Gemeinsam Retten e.V. or another staff member will carry out the required action in individual cases.
e. Right to limitation of processing
Any data subject affected by the processing of personal data has the right, granted by the European Directives and Regulations, to request the controller to restrict the processing if one of the following conditions is met:
– The accuracy of the personal data is contested by the data subject for a period that enables the controller to verify the accuracy of the personal data.
– The processing is unlawful, the data subject refuses to have the personal data deleted, and instead, requests that the use of the personal data be restricted.
– The controller no longer needs the personal data for the purposes of the processing, but the data subject requires them to assert, exercise or defend legal claims.
– The data subject has lodged an objection to the processing per Article 21(1) of the GDPR, and it is not yet clear whether the legitimate reasons given by the controller outweigh those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Trägerverein Gemeinsam Retten e.V., they can contact our Data Protection Officer or another staff member of the controller for processing at any time. The Data Protection Officer of Trägerverein Gemeinsam Retten e.V. or another staff member will ensure the processing is restricted.
f. Right to data transferability
Each data subject affected by the processing of personal data has the right, granted by the European Directives and Regulations, to receive the personal data concerning them, which was provided to a controller by the data subject, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data on to another controller without obstruction by the controller to whom the personal data was provided, as long as the processing is based on consent under Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or a contract per Article 6(1)(b) of the GDPR, and provided that the processing is carried out employing automated procedures unless the processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller.
In addition, when exercising their right to data transfer per Article 20(1) of the GDPR, the data subject has the right to request that personal data be transmitted directly from one controller to another controller, insofar as this is technically feasible and provided that it does not adversely affect the rights and freedoms of other persons.
To assert their right to data transfer, the data subject can contact the Data Protection Officer appointed by Trägerverein Gemeinsam Retten e.V. or another staff member at any time.
g. Right to objection
Every data subject has the right, granted by the European Directives and Regulations, to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or herself under Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
In the event of an objection, Trägerverein Gemeinsam Retten e.V. will no longer process the personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If Trägerverein Gemeinsam Retten e.V. processes personal data to carry out direct marketing, the data subject has the right to object to the processing of their personal data for marketing purposes at any time. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to Trägerverein Gemeinsam Retten e.V. processing personal data for direct marketing, Trägerverein Gemeinsam Retten e.V. will no longer process the said personal data for these purposes.
In addition, the data subject has the right to object, for reasons arising from his or her particular situation, to the processing of personal data concerning him or herself that is carried out by Trägerverein Gemeinsam Retten e.V. for scientific or historical research purposes or statistical purposes under Article (89)(1) of the GDPR, unless such processing is necessary for the fulfilment of a task in the public interest.
To assert their right to objection, the data subject can contact directly the Data Protection Officer appointed by Trägerverein Gemeinsam Retten e.V. or another staff member. To exercise the right to objection, the data subject may contact the Data Protection Officer of Trägerverein Gemeinsam Retten e.V. or another staff member directly. The data subject is also free to exercise his or her right to objection in connection with the use of information society services through automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
h. Automated decisions in individual cases including profiling
Every data subject concerned by the processing of personal data has the right, granted by the European Directives and Regulations, not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on him or herself or significantly impairs him or herself in a similar way, provided that the decision (1) is not necessary for the conclusion or fulfilment of a contract between the data subject and the controller, or (2) is authorised by the legislation of the Union or of the Member States to which the controller is subject and such legislation provides for adequate safeguards of the rights and freedoms and legitimate interests of the data subject, or (3) is taken with the explicit consent of the data subject.
If the decision is (1) necessary for the conclusion or fulfilment of a contract between the data subject and the controller, or (2) is made with the express consent of the data subject, Trägerverein Gemeinsam Retten e.V. shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, which shall at least include the right to obtain the intervention of a representative of the controller, to express one’s point of view and to challenge the decision.
If the data subject wishes to exercise rights relating to automated decisions, he or she may contact our Data Protection Officer or any other staff member of the controller at any time.
i. Right to revoke the data protection declaration of consent
Any data subject concerned by the processing of personal data has the right, granted by the European Directives and Regulations, to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact our Data Protection Officer or any other staff member of the controller at any time.
Legal basis for the processing of personal data
Article 6(1) (a) of the GDPR serves our organisation as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of another service or consideration, the processing is based on Article 6(1) (b) of the GDPR. The same applies to such processing operations, which are necessary for the implementation of pre-contractual measures, for example, in cases of enquiries about our products or services. If our company is subject to a legal obligation, which makes it necessary to process personal data, for example, to fulfil tax obligations, the processing is based on Article 6(1) (c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company was injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third parties. In this case, the processing would be based on Article 6(1) (d) of the GDPR. Ultimately, processing operations are based on Article 6(1) (f) of the GDPR. Processing operations which are not covered by any of the above legal provisions are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are allowed such processing operations in particular because the European legislature has specifically mentioned them. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47(2) of the GDPR).
The legitimate interests pursued by the controller or by a third party
If the processing of personal data is based on Article (6) (1)(f) of the GDPR, our legitimate interest is to carry out our business activities for the benefit of the well being of all our staff and our shareholders.a
Duration of storage of personal data The criterion for the duration of storage of personal data is the respective legal retention period. After this period has expired, the corresponding data are routinely deleted if it is no longer required for the fulfilment of the contract or the initiation of a contract.
Legal or contractual regulations on the supply of personal data; the necessity for the conclusion of the contract; obligation of the data subject to supply his or her personal data; possible consequences of non-supply
We want to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). From time to time, the fulfilment of a contract may require a data subject to provide us with personal data, which must be subsequently processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or herself. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Before the data subject makes personal data available, the data subject must contact our Data Protection Officer. Our Data Protection Officer will inform the data subject on a case-by-case basis whether law or contract requires the supply of personal data or if it is necessary for the conclusion of the contract, whether there is an obligation to supply the personal data and what the consequences would be if the personal data were not supplied.
Existence of automated decision making
As a responsible organisation, we avoid automated decision making or profiling.