PRIVACY POLICY

This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online services and associated websites, functions and content, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as “online services”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the German Datenschutz-Grundverordnung (General Data Protection Regulation – GDPR).

Data Controller

Hoffnungsträger Foundation
Marcus Witzke (CEO)
Heinrich-Längerer-Str. 27
71229 Leonberg
Tel 07152/56983-0

Data Protection Officer

Andreas Winnes
OMNI PC Systemintegration GmbH
Mollenbachstraße 14
71229 Leonberg
Telefon: +49 71 52 – 33 110 -60
E-Mail: awinnes@omnipc.de

Information

Types of data processed

• Master data (e.g. names, addresses).
• Contact details (e.g. email, telephone numbers).
• Content data (e.g. text entries, photographs, videos).
• Usage data (e.g. websites visited, interest in content, access times).
• Meta/communication data (e.g. device information, IP addresses)

Purpose of processing

• Provision of online services, their functions and content
• Responding to contact enquiries and communicating with users
• Security measures
• Media reach measurement/marketing
• Provision and arrangement of language mediation services

Purpose of processing

• Provision of online services, their functions and content
• Responding to contact enquiries and communicating with users
• Security measures
• Media reach measurement/marketing
• Provision and arrangement of language mediation services
• Provision of online services, their functions and content
• Responding to contact enquiries and communicating with users
• Security measures
• Media reach measurement/marketing
• Provision and arrangement of language mediation services

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not specified in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing to fulfil our services, carry out contractual measures and respond to enquiries is Article 6(1)(b) of the GDPR; the legal basis for processing to fulfil our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

Security measures

We ask you to review the content of our privacy policy regularly. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require action on your part (e.g. consent) or any other individual notification.

Cooperation with data processors and third parties

Where, in the course of our data processing, we disclose data to other persons or organisations (data processors or third parties), transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal authorisation (e.g. where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR), you have given your consent, a legal obligation requires it, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

Where we engage third parties to process data on the basis of a so-called ‘data processing agreement’, this is done in accordance with Article 28 of the GDPR.

Transfers to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in the context of using third-party services or the disclosure or transfer of data to third parties, this takes place only where it is necessary for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we process or have the data processed in a third country only if the specific conditions of Articles 44 et seq. of the GDPR are met. This means that processing takes place, for example, on the basis of specific safeguards, such as an officially recognised determination that a level of data protection equivalent to that of the EU is in place, or compliance with officially recognised specific contractual obligations (so-called ‘standard contractual clauses’).

Rights of data subjects

You have the right to request confirmation as to whether data concerning you is being processed, as well as access to this data, further information and a copy of the data in accordance with Article 15 of the GDPR.

You have the right, in accordance with Article 16 of the GDPR, to request that data concerning you be completed or that incorrect data concerning you be rectified.

In accordance with Article 17 of the GDPR, you have the right to request that the data in question be erased without delay, or alternatively, in accordance with Article 18 of the GDPR, to request a restriction on the processing of the data.

You have the right to request that the data concerning you which you have provided to us be returned to you in accordance with Article 20 of the GDPR and to request that it be transferred to other controllers.

You also have the right, pursuant toRights of data subjects
Article 77 of the GDPR, to lodge a complaint with the competent supervisory authority.

Right to withdraw consent
You have the right to withdraw any consent given in accordance with Article 7(3) of the GDPR with effect for the future

Right to object
You may object at any time to the future processing of data concerning you in accordance with Article 21 of the GDPR. In particular, you may object to processing for the purposes of direct marketing.

‘Cookies’ are small files that are stored on users’ computers. Various pieces of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies that are deleted once a user leaves an online service and closes their browser. Such a cookie may, for example, store the contents of a shopping basket in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status may be stored if users return to the site after several days. Similarly, such a cookie may store the user’s interests, which are used for media reach measurement or marketing purposes. ‘Third-party cookies’ are cookies provided by providers other than the controller operating the online service (otherwise, if only the controller’s own cookies are used, these are referred to as ‘first-party cookies’).

We may use temporary and permanent cookies, and provide further information on this in our privacy policy.

If users do not wish cookies to be stored on their computer, they are asked to deactivate the relevant option in their browser’s settings. Stored cookies can be deleted via the browser’s settings. Disabling cookies may result in functional limitations of this website.

A general objection to the use of cookies for online marketing purposes can be made for a wide range of services, particularly in the case of tracking, via the US website https://www.aboutads.info/choices/ or and the EU website https://www.youronlinechoices.com. Furthermore, the storage of cookies can be prevented by disabling them in your browser settings. Please note that, in such cases, you may not be able to use all the features of this website.

Deletion of data

The data we process is deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us at will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing its deletion. If the data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with legal requirements in Germany, data is retained in particular for 6 years pursuant to Section 257(1) of the German Commercial Code (HGB) (commercial ledgers, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting documents, etc.) and for 10 years in accordance with Section 147(1) of the German Fiscal Code (AO) (ledgers, records, management reports, accounting documents, commercial and business correspondence, documents relevant for taxation, etc.).

In accordance with statutory requirements in Austria, records are retained for 7 years in particular pursuant to Section 132(1) of the Federal Tax Code (BAO) (accounting records, vouchers/invoices, accounts, supporting documents, business papers, statements of income and expenditure, etc.), for 22 years in connection with real estate, and for 10 years for documents relating to electronically supplied services, telecommunications, radio and television services provided to non-business customers in EU Member States for which the Mini One-Stop Shop (MOSS) is used.

Collection of access data and log files

We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6(1)(f) of the GDPR. Access data includes the name of the webpage accessed, the file, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and is then deleted. Data that must be retained for further evidence purposes is exempt from deletion until the respective incident has been fully clarified.

Provision of our statutory and contractual services

We process the data of our members, supporters, prospective clients, customers or other individuals in accordance with Article 6(1)(b) of the GDPR, provided that we offer them contractual services or act within the framework of an existing business relationship, e.g. with members, or are ourselves recipients of services and contributions. Furthermore, we process the data of data subjects in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interests, e.g. in the case of administrative tasks or public relations work.

The data processed in this context, as well as the nature, scope, purpose and necessity of its processing, are determined by the underlying contractual relationship. This generally includes personal records and master data (e.g. name, address, etc.), as well as contact details (e.g. email address, telephone number, etc.), contractual data (e.g. services used, content and information provided, names of contact persons) and, where we offer services or products subject to payment, payment details (e.g. bank details, payment history, etc.).

We delete data that is no longer required for the fulfilment of our statutory and business purposes. This is determined in accordance with the respective tasks and contractual relationships. In the case of business-related processing, we retain the data for as long as it may be relevant for the conduct of business, as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

Contact form and contacting us by email

If you contact us via the contact form or by email, your details, including

first name, surname and title, will be stored for the purpose of processing your enquiry and for any follow-up questions. You must provide an email address, your name and the name of your company. This data will not be passed on without your consent.

The legal basis for data processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR and, where applicable, Article 6(1)(b) of the GDPR, if your enquiry is aimed at concluding a contract. Your data will be deleted once processing is complete, provided there are no statutory retention obligations. You may object to the processing of your personal data at any time.

Newsletter

If you would like to receive our newsletter with regular updates on our offers and products, we require your email address.

Additional data helps us to address you personally and/or identify you should you wish to exercise your rights as a data subject.

We use the double opt-in procedure to send the newsletter. This means that you will only receive our newsletter once you have confirmed your consent. To do this, you will receive an email containing a confirmation link. By confirming, you give us your consent in accordance with Article 6(1)(a) of the GDPR to use your personal data for the purpose of sending the newsletter.

When you subscribe, we store your email address, IP address, and the date and time of your subscription and confirmation to enable us to trace any potential misuse. You can unsubscribe from the newsletter at any time via the link included in every newsletter or by email. Once you have unsubscribed, your email address will be deleted from our mailing list, provided that continued use of the data is not permitted by law.

Our newsletters are sent via the service provider salesforce.com, to whom we pass on your data. This transfer is carried out in accordance with Article 6(1)(f) of the GDPR and serves our legitimate interest in a secure and user-friendly newsletter system. Your data is stored on salesforce.com’s servers in the USA and used for statistical analysis.

Web beacons and tracking pixels are used to determine whether the newsletter has been opened and which links have been clicked. The data is collected in pseudonymised form and is used exclusively for statistical analysis to better tailor future newsletters to the interests of the recipients.

If you wish to object to this data analysis, you must unsubscribe from the newsletter. We have entered into a data processing agreement with salesforce.com to protect our customers’ data. Further information can be found in salesforce.com’s privacy policy.

We use Mailchimp, a service provided by Intuit Inc., to send newsletters relating to sponsorship programmes. In doing so, personal data such as your name and email address is processed and stored in the USA. Processing is carried out on the basis of your consent. Further information can be found in Mailchimp’s privacy policy: https://mailchimp.com/legal/privacy/

Salesforce

We use Salesforce as our CRM system and Account Engagement (formerly Pardot) from Salesforce.com, Inc. as our marketing platform.

The purpose of data processing includes advertising and marketing activities, as well as optimising the user experience. Various technologies are used to collect and process data. Typical technologies include cookies and pixels placed in the browser. These include cookies, web beacons and log files. These technologies enable us to optimise the user experience and improve our marketing activities.

This list contains all (personal) data collected by or through the use of this service:

Browser type
Device ID
Device operating system
IP address
Log file data
Number of page views
Information on third-party providers
Usage data
Legal basis: Article 6(1)(a) of the GDPR
The data collected is primarily processed in Germany and the United States of America. Should the data also be processed in other countries, you will be informed separately.

Data will be deleted as soon as it is no longer required for the purposes for which it was processed.

When using our service, the data collected may be transferred to countries such as the United Kingdom and the United States of America. Please note that these countries may not have the necessary data protection standards in place. Further information on the security measures can be found in the privacy policy of our data recipient: Salesforce.com, Inc.

The maximum retention period for cookies is 10 years. Stored information will be handled in accordance with this policy.

Stored information:

Name: visitor_id; This is used to track the website visitor.; Type: cookie; Duration: 10
years; Domain: pardot;
Name: pi_opt_in; This is used to check if the user has allowed tracking.; Type: cookie;
Duration: 10 years;
Name: lpv; This is set to prevent the service from tracking multiple page views on a single asset during a 30-minute session. ; Type: cookie; Duration: 10 years;
Name: pardot; Used in the context of Account-Based Marketing (ABM). The cookie records data such as IP addresses, time spent on the website and page requests for the visit. This is used for retargeting multiple users originating from the same IP addresses. ABM is typically used for B2B marketing purposes.; Type: cookie; Duration: Session;
Name: campaign_id#; Used in the context of Account-Based Marketing (ABM). The cookie records data such as IP addresses, time spent on the website and page requests for the visit. This is used for retargeting multiple users originating from the same IP addresses. ABM is typically used for B2B marketing purposes.; Type: cookie; Duration: Session;
Name: account_id#; Used in connection with Account-Based Marketing (ABM). The cookie records data such as IP addresses, time spent on the website and page views for the visit. This is used for retargeting multiple users originating from the same IP addresses. ABM usually facilitates B2B marketing purposes.; Type: cookie; Duration: Session;

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (‘Google’), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Article 6(1)(f) of the GDPR). Google uses cookies. The information generated by the cookie regarding users’ use of the online service is usually transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate how users use our online service, to compile reports on the activities within of this online service, and to provide us with further services related to the use of this online service and internet usage. In doing so, pseudonymous user profiles may be created from the processed data.

We only use Google Analytics with IP anonymisation enabled. This means that the user’s IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user’s browser is not merged with other data held by Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online service by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on Google’s use of data, as well as options for settings and objections, can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

Users’ personal data is deleted or anonymised after 14 months.Google Re/Marketing Services

Google Re/Marketing-Services

n the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Article 6(1)(f) of the GDPR), we use the marketing and remarketing services (hereinafter “Google Marketing Services”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner, so as to present users only with adverts that potentially match their interests. If, for example, a user is shown adverts for products in which they have expressed an interest on other websites, this is referred to as “remarketing”. For these purposes, when our website or other websites where Google Marketing Services are active are accessed, a Google code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as ‘web beacons’) are embedded in the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, what content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and further details regarding the use of the online service. The user’s IP address is also recorded; however, we would like to point out that, within the scope of Google Analytics, the IP address is truncated within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, and is only transmitted in full to a Google server in the USA and truncated there in exceptional cases. The IP address is not merged with the user’s data within other Google services. The information mentioned above may also be combined by Google with such information from other sources. If the user subsequently visits other websites, they may be shown advertisements tailored to their interests.

User data is processed pseudonymously within the framework of Google Marketing Services. This means that Google does not, for example, store or process the user’s name or email address, but instead processes the relevant data on a cookie-by-cookie basis within pseudonymous user profiles. This means that, from Google’s perspective, the adverts are not managed and displayed for a specifically identified individual, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google’s servers in the USA.

The Google marketing services we use include, amongst others, the online advertising programme ‘Google AdWords’. In the case of Google AdWords, each AdWords customer receives a different ‘conversion cookie’. Cookies cannot therefore be tracked across the websites of AdWords customers. The information collected via the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are informed of the total number of users who clicked on their advert and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

We may integrate third-party advertisements based on the Google marketing service ‘AdSense’. AdSense uses cookies that enable Google and its partner websites to display adverts based on users’ visits to this website or other websites on the internet.

Furthermore, we may use “Google Tag Manager” to integrate and manage Google’s analytics and marketing services on our website.

Further information on Google’s use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads; Google’s privacy policy is available at https://www.google.com/policies/privacy.

If you wish to object to interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google: https://www.google.com/ads/preferences.

Online Presence on Social Media

We maintain online presences on social networks and platforms in order to communicate with customers, prospective customers and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. by posting on our online presences or sending us messages.

Integration of third-party services and content

Within our online services, we incorporate content and services from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Article 6(1)(f) of the GDPR) to integrate content or services from third-party providers, such as videos or fonts (hereinafter collectively referred to as “content”).

This always requires that the third-party providers of this content collect the user’s IP address, as they would be unable to send the content to the user’s browser without it. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags enable information such as visitor traffic on the pages of this website to be analysed. The pseudonymous information may also be stored in cookies on the user’s device and may include, amongst other things, technical information about the browser and operating system, referring websites, time of visit and further details regarding the use of our online service, as well as being linked to such information from other sources.

Youtube

We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/.

Use of Facebook Social Plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Article 6( 1)(f) of the GDPR), we use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may display interactive elements or content (e.g. videos, graphics or text posts) and can be recognised by one of the Facebook logos (a white ‘f’ on a blue tile, the terms ‘Like’, ‘Gefällt mir’ or a ‘thumbs up’ symbol) or are marked with the addition ‘Facebook Social Plugin’. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

When a user accesses a feature of this website that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the website. In the process, user profiles may be created from the processed data. We therefore have no influence over the scope of the data that Facebook collects using this plugin and are therefore informing users in accordance with our current knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the relevant page of the online service. If the user is logged into Facebook, Facebook can associate the visit with their Facebook account. When users interact with the plugins, for example by clicking the ‘Like’ button or posting a comment, the relevant information is transmitted directly from your device to Facebook and stored there. Even if a user is not a member of Facebook, there is still a possibility that Facebook may obtain and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and scope of data collection, as well as the further processing and use of the data by Facebook, and the relevant rights and settings options for protecting users’ privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not wish Facebook to collect data about them via this online service and link it to their member data stored on Facebook, they must log out of Facebook and delete their cookies before using our online service. Further settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/. These settings apply across all platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.