Licht ins Dunkel e.V.
Data protection officer
Kristina Wydra, Local International
This section details the types of data processed, the purpose of data collection, and data subjects.
Types of data processed
– Personal data (e.g. names, addresses)
– Content (e.g. entries in online forms)
– Contact data (e.g. email addresses, telephone numbers)
– Meta data/communication data (e.g. device information, IP addresses)
– Usage data (e.g. websites visited, interest in content, access duration)
– Contract data (e.g. object of the contract, duration, customer category)
– Payment data (e.g. account details, invoices, payment history)
Data subject categories
– Business and contractual partners
– Persons we communicate with
– Users (e.g. website users, users of online services)
Purpose of processing
– Providing our online services and ensuring usability
– Direct marketing (by email or by post)
– Responding to contact requests and for communication purposes
– Meeting contractual obligations and providing customer service
– Managing and responding to customer requests
Legislation governing the processing of personal data
The following paragraphs contain an overview of the GDPR legislation which is the basis for the processing of personal data. Please note that other than the GDPR there may be national data protection regulations in your country of residence which apply here. Should other legislation apply in individual cases, we will inform you in this privacy notice.
– Consent (Article 6 (1) (a) GDPR) – The data subject has consented to the processing of relevant personal data for one or more specific purposes.
– Performance of contracts and pre-contractual requests (Article 6 (1) (b) GDPR) – Processing of the data is necessary for the performance of a contract the data subject is party to, or to take steps, at the request of the data subject, prior to entering into a contract.
– Legitimate interests (Article 6 (1) (f) GDPR) – Processing of the data is necessary to safeguard the legitimate interests of the controller or a third party, unless these are outweighed by the interests or rights and freedoms of the data subject which require personal data to be protected.
German data protection regulations
In addition to the data protection rules set down in the General Data Protection Regulation, national regulations for data protection also apply in Germany. This includes the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act, BDSG). The BDSG includes special provisions on the right of access, the right to erase, the right to object, the processing of special categories of data, processing for other purposes, data transfer, as well as automated individual decision-making, including profiling. It also governs the data processing for the purpose of employment relationships (§ 26 BDSG), in particular regarding the establishment, implementation, and termination thereof as well as for employee consent. Further, data protection laws in the individual German states may also be applicable.
Cookies are small text files containing information about websites or domains visited and saved on the browser of the user’s computer. Cookies are used primarily to collect and store information about a user during or after their visit to a website. This may include, for example, the language settings of the site, the login status, the shopping basket, or the location where a video was viewed. The term cookie also includes other technologies which fulfil similar functions to cookies (e.g. where user data is stored based on pseudonyms, also known as user IDs).
There are several types of cookies:
Temporary cookies (session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their browser.
Permanent cookies: Permanent cookies remain on the PC even after the browser is closed. That way, a user’s login status can be retained, or preferred content can be shown when the user revisits the site. These cookies may also store users’ preferences, which can be used to measure the performance of the site or for marketing purposes.
First-party cookies: First-party cookies are set by us.
Third-party cookies: Third-party cookies are usually set by marketing companies, i.e. third parties, to process user information.
Essential cookies: Cookies may be essential to run a website (e.g. to store login data or user entries or for security purposes).
Cookie storage: Permanent cookies are stored for up to two years unless otherwise specified (e.g. during a cookie opt-in),
Revoking consent and objecting to cookies (opt-out):
– Types of data processed: Usage data (e.g. websites visited, interest in content, access times),
– Meta/communication data (e.g. device information, IP addresses)
– Data subjects: User (e.g. website visitors, users of online services)
– Legal basis: Consent interests (Article 6 (1) (a) GDPR), legitimate interests (Article 6 (1) (f) GDPR)
Fulfilment of duties according to our statutes or rules of procedure
We process the data of our members, supporters, prospective customers, business partners or other persons (data subjects) if we have a membership or other contractual relationship with them and are fulfilling our obligations in relation thereto as well as if we are the recipients of services or financial contributions. We also process the data of our data subjects based on our legitimate interests, e.g. in relation to administrative tasks or marketing activities. The data processed, type and extent of processing, purpose and need for processing is based on the underlying membership or contractual relationship, which also determines what data is needed (We will specify what data is required). We will delete data that is no longer required for business purposes or to fulfil legal obligations. This is based on the applicable duties and contractual relationships. We will store this data for as long as it is required for our business processes but also to fulfil any warranty or liability requirements on the basis of our legitimate interests in the settlement of warranty or liability claims. The necessity for data storage will be reviewed on a regular basis. All legal data retention requirements apply.
– Data processed: Personal data (e.g. names, addresses), payment data (e.g. account data, invoices, payment history), contact data (e.g. email, phone numbers), contract data (e.g. object of the contract, duration, customer category).
– Data subjects: Users (e.g. website visitors, users of online services), members, business or contractual partners.
– Purpose of processing: Fulfilling contractual obligations and providing customer service, contact requests and communication, management and responses to requests.
– Legal basis: Fulfilling contracts and pre-contractual requests (Article 6 (1) (b) GDPR), legitimate interests (Article 6 (1) (f) GDPR).
Online services and web hosting
In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers. Our online services can be accessed from the servers of these providers (or servers they manage). To this end, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security and maintenance services. In the context of providing these hosting services, we process data belonging to users of our online services insofar as this data is needed in connection to the use of said services as well as for relevant communication. This regularly includes the IP address required to deliver the contents of online services to any browsers as well as any and all data entries made during the use of our online services and web pages.
Access data and log files
We (or our web hosting provider) collect data on all accesses to our servers (so called server log files). These files may contain the address and the name of the web pages and files accessed, date and time of the request, data volumes transferred, confirmation of successful requests, browser type and version, operating system of the user’s device, referrer URL and usually also the IP address as well as the provider making the request. The server log files can be used for security reasons, e.g. to prevent the servers from become overloaded (especially in the case of criminal DDoS attacks), but also to enable server workload protection and stability.
– Data processed: Content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access duration), meta/communication data, e.g. device information, IP addresses).
– Data subjects: Users (e.g. website visitors, users of online services).
– Purpose of processing: Providing our online services and ensuring usability, fulfilling contractual obligations and providing customer support.
– Legal basis: Legitimate interests (Article 6 (1) (f) GDPR).
Services and service providers used:
– hosteurope: services associated with the provision of information technology infrastructure and related services (e.g. storage and/or computing capacity); provided by: Host Europe GmbH, Hansestrasse 111, 51149 Köln, Germany; website: https://www.hosteurope.de; privacy notice: https://www.hosteurope.de/en/terms-and-conditions/privacy/ https://www.hosteurope.de/AGB/Datenschutzerklaerung/
Produced based on the free privacy police generator provided by Dr. Thomas Schwenke