1. Data controller (Art. 4 para. 7 GDPR)
erlassjahr.de – Entwicklung braucht Entschuldung e. V.
Phone: 0211 / 4693-196
2. Terms used
“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online ID (e.g., cookies) or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Responsible party” refers to the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Order processor” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
3. Types of data processed
Every time a user visits our website, we collect various general data and information. To this extent, the type of browser used and its version, the operating system used by the accessing system, the website from which an accessing system accesses our website, the sub-websites which are accessed via an accessing system to our website, the date and time of access to our website, an internet protocol address (IP address), the internet service provider of the accessing system and certain cookies (see section 4 of our data protection notice) are recorded. We need the general data and information we collect in order to optimise the content of our website, to ensure the permanent functionality of our systems and the technology of our website and to provide any information in the event of a criminal law-relevant use of our website. The general data and information collected are therefore evaluated statistically and with the aim of increasing data protection and data security in our association.
In addition, our website provides passages where you are asked to provide personal information. This is includes our contact form, for example. The personal data you provide will be collected and stored exclusively for internal use by us and for our own purposes, namely the fulfilment of our possible performance obligations towards you. We may arrange for the transfer to one or more contractors, such as an IT service provider, who also uses the personal data exclusively for internal use attributable to us. When you provide your personal data on our website, the IP address assigned by your Internet Service Provider (ISP), the date and time of registration will also be stored in addition to the personal data you provided. This data is stored for our protection. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution. You are free to change the personal data provided at any time or to have it completely deleted from our database.
Furthermore, there is no obligation to actually provide any data that we ask you to provide on our website. However, if you do not wish to do so, you may not be able to use all the functions of the website.
Basically we distinguish between
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email address, phone numbers).
- Content data (e.g. text input, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Most cookies on our site are session cookies, i.e. they are automatically deleted when you leave our website. Persistent cookies remain on your computer until they are manually deleted in your browser. We use such persistent cookies to recognise you the next time you visit our website.
If you want to control cookies on your computer, you can select your browser settings so that you receive a message when a website wants to store cookies. You can also prevent the setting of cookies by our website at any time by means of an appropriate setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common internet browsers.
5. Purpose of processing
We process your personal data
- to make our online offer, its functions and contents available to you in order to improve and further develop them,
- to answer your questions and to enter into a dialogue with you,
- for the provision of our statutory services,
- to fulfil contractual obligations, in particular our obligations to you,
- to substantiate or defend against claims irrespective of the legal grounds (in particular claims for performance, claims for damages),
- for the fulfilment of legal storage obligations,
- to implement and maintain security measures (to prevent abusive access to our website).
6. Applicable legal bases
If we process your personal data, this can be done on the basis of various legal bases.
Art. 6 I (a) GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. This applies in particular within the framework of the statutory processing of data pursuant to Art. 9 para. 1 GDPR, in particular information on religious beliefs. In these processing cases we obtain your explicit consent, if necessary, in accordance with Art. 6 para. 1 (a), Art. 7, Art. 9 para. 2 (a) GDPR in connection with Art. 22, para. 1 No. 1 (b) BDSG.
If the processing of personal data is necessary for the performance of a contract to which you are a contracting party, as is the case for example with processing operations which are necessary for the provision of a service or consideration, the processing is based on Art. 6 I (b) GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. Accordingly, we process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 (b) GDPR, if we offer them contractual services (for example in our online shop) or in the context of an existing business relationship, e.g., with members, or if we ourselves are recipients of services and benefits.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations or commercially substantiated retention requirements, the processing is based on Art. 6 I (c) GDPR.
Ultimately, processing operations could be based on Art. 6 I (f) GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We analyse the data available to us on business transactions, contracts and enquiries in order to identify and respond to user requests. If we otherwise base ourselves on this legal basis, we will explain our legitimate interest in more detail.
7. Collaboration with third parties
As part of the use of your personal data, we transmit it to a limited group of recipients who are involved in the fulfilment of our performance obligations and/or the processing of any contractual relationships with you. This applies in particular to the IT service provider commissioned by us, our web host and/or the payment service provider commissioned by us.
If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transmit the data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 (b) GDPR is required for the fulfilment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests pursuant to Art. 6 para. 1 (f) of the GDPR (e.g., when using agents, web hosters, etc.).
If we commission third parties with the processing of data on the basis of an “order processing contract”, this is done on the basis of Art. 28 GDPR.
8. Transfer of personal data to third countries
If we process data in a third-party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process the data in a third country or have the data processed in a third country if the particular requirements of Art. 44 ff. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g., for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (called “standard contractual clauses”).
9. Your rights as a data subject
9.1 You have the right to request confirmation from us whether personal data concerning you is processed and stored by us (Art. 15 GDPR).
Furthermore, you have the right to receive free information about your personal data stored and a copy of this information at any time. The information includes the information specified in Art. 15 para. 1 GDPR:
Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject has, in addition, the right to obtain information about the appropriate guarantees in connection with the transfer.
9.2 You also have the right to request the prompt rectification of incorrect personal data concerning you personally (Art. 16 GDPR).
9.3 You also have the right to request the immediate deletion of personal data concerning you, provided that one of the reasons stated in Art. 17 GDPR applies and as soon as processing is not or no longer necessary.
9.4 You also have the right to request restriction of processing from us if one of the conditions specified in Art. 18 GDPR is met.
9.5 You also have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format (Art. 20 GDPR). You also have the right to transfer this data to another person in charge without any hindrance by us, provided that the processing is based on a given consent according to Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or in a contract in accordance with Art. 6 para. 1 (b) GDPR and processing is carried out by means of automated procedures, except where processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
Furthermore, you are entitled to exercise your right to data transferability pursuant to Art. 20 para. 1 GDPR, and the right to require that the personal data is transmitted directly from one responsible person to another responsible person, as far as technically feasible and provided that this does not affect the rights and freedoms of others.
9.6 Lastly, you are entitled, for reasons arising from their particular situation, to object at any time to the processing of personal data relating to them on the basis of Art. 6 para. 1 (e) or (f) GDPR, and, revocation (Art. 21 GDPR).
We no longer processes personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
Furthermore, for reasons arising from your particular situation, you have the right to object to the processing of personal data concerning you which we use for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless such processing is necessary to fulfil a task in the public interest.
9.7 We also point out that you have the right to revoke consent to the processing of personal data at any time for the future (revocation).
10. Storage duration
The criterion for the storage period of personal data by us is primarily the duration of the contractual relationship and the protection of our legitimate interests in the context of related subsequent legal relationships, in particular the demand for agreed services in return and/or the defence of any claims on your part and on the part of other third parties.
Furthermore, personal data is stored insofar as this is legally prescribed (e.g., tax regulations) or also results from contractual regulations (e.g., information on the contractual partner). In particular, pursuant to legal requirements in Germany, storage lasts for 10 years pursuant to § 147 para. 1 AO, 257 Abs. 1 No. 1 and 4, Abs. 4 HGB (commercial law) (books, records, management reports, accounting records, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 Para. 1 No. 2 and 3 para. 4 HGB (commercial letters).
The data stored by us will be deleted as soon as it is no longer required for their intended use and there are no legal storage obligations to prevent deletion. If the data is not erased because it is necessary for other and legally permissible purposes, the processing of the data will be restricted. This means that the data is blocked and not processed for other purposes.
By subscribing to our newsletter, you agree to receive the newsletter and the related procedures for its distribution. Once a month, we send out our newsletter containing information on our activities, publications and the latest debate on sovereign debt. We send newsletters with advertising information only with the consent of the recipient or a legal permission. Registering for our newsletter takes place via a double opt-in procedure. This means that you will receive an email requesting confirmation of your subscription. The confirmation is required to ensure that no one else can subscribe using your email address. A record of subscriptions to the newsletter is kept to fulfil the legal requirements for recording the subscription process. The record contains the time of subscription and confirmation as well as the relevant IP address. Any changes to the data registered with the service provider sending the newsletter will also be recorded.
The dispatch of the newsletter takes place on the basis of your consent in accordance with Art. 6 para. 1 (a), Art. 7 GDPR in conjunction with Art. 7 para. 2 No. 3 UWG (German Law against Unfair Competition) or on the basis of legal permission in accordance with Art. 7 para. 3 UWG. The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. Our interest is based on the use of a user-friendly and secure newsletter system that serves our business interests as well as users’ expectations and also allows us to prove consent.
You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. You will find an unsubscribe link at the end of each newsletter. We may store the email addresses that have been unsubscribed for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of a possible defence against claims. An individual application for deletion is possible at any time, provided that at the same time the former existence of consent is confirmed.
The service provider may use the data of the recipients in pseudonymous form, i.e without assignment to a user, to optimise or improve their own services, e.g., for the technical optimisation of sending and the presentation of newsletters or for statistical purposes. However, the service does not use the recipient data of our newsletter to approach recipients directly nor do they pass the information on to third parties.
11.3 Newsletters contain a “web-beacon”, i.e. a pixel-sized file that is retrieved from our server or from the server of our sending service when the newsletter is opened. During the download, technical information such as your browser and operating system, as well as your IP address and the time of the download, are collected.
This information is used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses) or download times. Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked upon. Data analysis is used to recognise patterns in the reading behaviour of users, and to adapt contents accordingly or send different content according to the interests of our users.
12. Use of third-party services
We use the service Gravatar of Automattic Inc, 60 29th Street 343, San Francisco, CA 94110, USA, within our online offer and especially in the blog. Gravatar is a service where you can log in as a user and store profile pictures and your email addresses. If you post contributions or comments with the respective email address on other online presences (especially in blogs), your profile pictures can be displayed next to the contributions or comments. To this end, the email address you have provided is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile has been saved for it. This is the sole purpose of the transmission of the email address and it will not be used for other purposes, but will be deleted thereafter. The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 (f) DSGVO, because we offer the possibility to the contribution and comment authors to personalise their contributions with a profile picture with the help of Gravatar.
If you do not want an image linked to your email address to appear in the comments, you should use an email address that is not stored in Gravatar to comment. We also point out that it is also possible to use an anonymous or no email address if you do not wish your own email address to be sent to Gravatar. You can completely prevent the transfer of data by not using our comment system.
12.4 Google Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. When you call up a page of our website which contains a social plugin, your browser makes a direct connection with Google servers. Google is therefore aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and appealing presentation of our website. This constitutes a justified interest pursuant to Art. 6 para. 1 (f) GDPR. If your browser does not support web fonts, a standard font is applied by your computer.
If you do not wish to use the service, you have the option of opting out. Explanations can be found here: https://adssettings.google.com/authenticated.
12.5 Google ReCaptcha
12.6 Google Maps
13. Social Media
Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our online offer within the meaning of Art. 6 para. 1 (f) GDPR), we use social plug-ins (“plug-ins”) offered by the social networks Facebook and Twitter. We do not collect any personal data using the social plug-ins or about how they are used. To prevent data from being transferred to service providers in the USA without your knowledge, we use the Shariff solution. This solution ensures that no personal data is initially passed on to the providers of the individual social plug-ins when you visit our website. Only when you click on one of the social plug-ins can data be transferred to the service provider and stored there.
14. Online meetings
We use the tool “Zoom” to conduct online meetings and/or online seminars (hereinafter: “Online Meetings”). “Zoom” is a service of Zoom Video Communications, Inc. which is based in the USA.
Responsible person: erlassjahr.de – Entwicklung braucht Entschuldung e.V. is responsible for data processing directly related to the holding of “online meetings”.
Note: If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, calling up the internet page is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”. (Zoom Privacy Statement)
You can also use “Zoom” if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
Various types of data are processed when using “Zoom”. The scope of the data also depends on the information you provide before or during participation in an “online meeting”.
The following personal data are processed:
User details: first name, last name, telephone (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), Department (optional)
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may be able to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the “Zoom” applications.
In order to participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed in the “Zoom” app.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of online seminars, we may also process questions asked by seminar participants for the purposes of recording and follow-up nline seminars.
If you are registered as a user at “Zoom”, reports on “online meetings” (meeting metadata, telephone dial-in data, questions and answers in online seminars, survey function in online seminars) can be stored for up to one month at “Zoom”.
Automated decision-making within the meaning of Art. 22 DSGVO is not used.
If personal data of erlassjahr.de employees are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component in the use of “Zoom”, Art. 6 para. 1 lit. f) DPA is the legal basis for data processing. In these cases, we are interested in the effective conduct of “online meetings”.
Furthermore, the legal basis for data processing when “online meetings” are held is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of “online meetings”.
Personal data processed in connection with participation in “online meetings” are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content from “online meetings”, as well as in personal meetings, often serves precisely to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.
Other recipients: The provider of “Zoom” necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our contract processing agreement with “Zoom”.
“Zoom” is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing contract with the provider of “Zoom” which meets the requirements of Art. 28 DSGVO.
An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contract clauses.
15. Competent supervisory authority (data protection)
The contact details of the data protection supervisory authority responsible for us are as follows:
Landesbeauftragte für Datenschutz und Informationsfreiheit
(State Commissioner for Data Protection and Freedom of Information)
40213 Düsseldorf, Germany
Phone: +49 (0)211/38424-0
Fax: +49 (0)211/38424-10
Düsseldorf, last update: November 2020