Issue from April 17, 2019
1. Subject Matter and Scope
We take the protection of your personal data very seriously. With this data protection information we inform you about which personal data we collect and how and for what purposes they are processed. We always treat your personal data in accordance with the statutory data protection regulations and this data protection declaration.
2. Responsible Body
Obere Karlstraße 29
Phone: +49 9131 913 9431
Fax: +49 9131 9379 422
3. Data Protection Officer
Rechtsanwalt, Fachanwalt IT-Recht
Anyone concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
4. Visit to the Website
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. Additional information about the browser of your mobile device is also provided.
Ensuring the confidentiality and integrity of personal data processed with our IT systems is of great importance to us. The data will also be used to correct errors on the website.
For these purposes, the following data is logged:
- IP address of the calling computer
- Operating system of the calling computer
- Browser version of the calling computer
- Name of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Referring URL
This data is regularly deleted after 30 days.
Our website is hosted by a service provider in the European Economic Area on the basis of order processing in accordance with Art. 28 DSGVO.
The legal basis for this data processing is Art. 6 para. 1 (f) DSGVO. Our overriding legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of data.
5. Contacting Us
If you contact us to request information, the information you provide will be stored for the purpose of processing the request.
The legal basis for this data processing is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is communication with customers and interested parties.
If the aim of establishing contact is to become a member or to make a donation, the additional legal basis for processing is Art. 6 para. 1 (b) DSGVO.
We also occasionally use an address verification service. We transmit your data (name, postal address) to Deutsche Post Direkt GmbH for the purpose of verifying your address (check for deliverability). The legal basis for these transfers and data processing is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is to ensure the deliverability of information sent by post and fundraising and to avoid unnecessary shipping costs when sending letters to incorrect or non-existent addresses.
Information on data protection at Deutsche Post Direkt GmbH and your right of objection can be found here: https://www.deutschepost.de/en/d/deutsche-post-direkt/deutsche-post-direkt-datenschutz.html
6. Post Mailings
If you have shown interest in our projects or in supporting the association, or if you have become a donor, member or voluntary supporter, we will list you in our database. In this case we process your postal address in order to send you postal information about the association and its projects and, if applicable, donation receipts.
The legal basis for this data processing is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is to communicate with our donors and members to solicit donations and to inform them about the activities of the association.
We use external service providers for printing and dispatch on the basis of order processing in accordance with Art. 28 DSGVO.
If you donate, your entered contact and payment data will be used to carry out the donation. For the integration of the donation form we use the service Fundraisingbox of Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg. The data collected as part of the donation will be transmitted via a secure connection. The payment data is transferred directly to the respective payment service provider using an encrypted connection. Current information on the security procedure used can be found here:https://www.fundraisingbox.com/security.
For donations by direct debit or credit card we use the payment service provider Micropayment GmbH, Scharnweberstraße 69, 12587 Berlin for the technical processing and possible reversal of the direct debit donations.
Further information on data protection at Micropayment GmbH can be found here:https://resources.micropayment.de/billing/documents/privacy-policy/debit/debit-gmbh-de.pdf
If you donate via PayPal you will be redirected to the PayPal website where you can make your donation. We do not receive any account data, but are only informed about the donation made.
For donations by Klarna Immediate Transfer you will be forwarded directly to the website of the payment provider Sofort AG. We do not receive any account data, but are only informed about the donation made.
If you donate to us by bank transfer, we will collect and store your bank details so that we can recognize you in the event of any further donations and, if necessary, send you a donation receipt for the entire amount of the donations made in the respective calendar year.
If a donation is made using a certain keyword—on the occasion of a birthday, for example—then we give the names of the donor(s) and the total amount of the donation(s) to the person represented by the keyword that prompted the donation, such as a birthday child, but we do not give the individual amounts donated.
The legal basis for data processing is Art. 6 Para. 1 (b) and (f) DSGVO. The data is processed for the purpose of handling the donation and, if necessary, sending a donation receipt.
8. Members and Supporters
If you become a member of OneDollarGlasses, we process your personal data to establish, implement and terminate the membership relationship and to exercise and fulfil the rights and obligations arising from the law. Within the scope of membership, your surname and first name, your address, other contact data provided by you, if applicable your bank details for collecting membership fees, your date of birth, professional and other relevant qualifications and interests and the duration of membership will be processed. Your data will also be used to invite you to the Annual General Meeting of OneDollarGlasses. The legal basis is Art. 6 para. 1 (b) DSGVO.
Your data may also be processed for other purposes on the basis of your explicit consent, for example when your name and photo are published on the website. The legal basis is then Art. 6 para. 1 (a) DSGVO.
We process the personal data of supporters of One Dollar Glasses in order to facilitate the cooperation of supporters in the association and in the projects carried out by the association. If you become a supporter of the association, your surname and first name, your address, any other contact information you provide, your date of birth, and professional and other qualifications and interests relevant to the association's work will be processed.
The legal basis is Art. 6 para. 1 (f) DSGVO. Our predominant legitimate interest is to also involve non-members in the implementation of the association's project.
The data of both members and supporters will also be used for sending the internal newsletter and invitations by e-mail. The internal newsletter informs both members and supporters about events, activities, and projects of the association and serves for internal communication and coordination. It does not constitute advertising or fundraising.
The legal basis is Art. 6 para. 1 (b) DSGVO for members and Art. 6 para. 1 (f) DSGVO for supporters. Our predominant legitimate interest is to also involve non-members in the implementation of the association's project.
We collect and process the personal data of applicants for the purpose of conducting an application process. If an applicant submits his or her application documents to us electronically, they are processed electronically.
If we enter into an employment contract with an applicant, the transferred data will be processed in order to carry out the employment agreement in compliance with the statutory provisions. If no employment contract is made with the applicant, the application documents will be deleted immediately after completion of the application process, provided that no overriding legitimate interest, such as the defence of claims or a preservation of evidence function under the General Equal Treatment Act (Deutsches Allgemeines Gleichbehandlungsgesetz), is opposed to deletion.
This storage or processing is necessary for a decision regarding the establishment of an employment relationship or, after the establishment of an employment relationship, for its execution or termination. The legal basis is according to § 26 BDSG.
Implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) DSGVO.
If you register to participate in an event, we process the data you provide when you register in order to enable you to participate in the event; in particular: to send you a confirmation of registration, to identify you when you enter the event if necessary, and to carry out the payment process for paid events if necessary.
The legal basis for this is Art. 6 Para. 1 (b) DSGVO. The processing of your data is necessary for the fulfillment of the contract concerning your participation in the event.
If we collect additional data that is not absolutely necessary to fulfil the contract with you, this data collection serves to optimise the event or your event experience, for example to adapt and optimise the event according to the interests of the participants and the target group, and to prepare, evaluate, and analyse the event.
The legal basis for this processing is Art. 6 para. 1 (f) DSGVO. Our predominant legitimate interest is the optimisation, evaluation, and analysis of our events.
If you also give your express consent to the processing of certain data for specific purposes as part of the registration process (e.g., in the case of minors under the age of 16 by their parents or guardians), the legal basis for this processing is the consent which can be revoked at any time in accordance with Art. 6 Para. 1 (a) DSGVO.
11. Photos at Events
At some events photos can be taken during the event. These photos can show event participants and make them identifiable. These photos are used for public relations and documentation of the event. The photos can be published offline (print) or online, especially on our website and in the context of our social media presence.
The legal basis for this processing is Art. 6 Para. 1 (f) DSGVO. Our predominant legitimate interest is the documentation of the event and the use of photos of the event for public relations purposes.
If you have expressly consented to the production and publication of photographs or film recordings, the legal basis for this processing is your consent, which can be revoked at any time in accordance with Art. 6 Para. 1 (a) DSGVO.
12.1 Registration for the newsletter
You can register on our website to receive newsletters by e-mail. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. During the registration process, your consent is obtained for the processing of the data and reference is made to this data protection information.
In order to verify that the actual owner of an e-mail address has registered to receive a newsletter, we use the so-called "double opt-in" procedure. A confirmation e-mail is sent to the registered e-mail address after registration. The registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link will also be transmitted to us.
Registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us using the contact details provided above for the responsible office.
The legal basis for processing the data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 (a) DSGVO.
12.2 Newsletter analytics
With our newsletters, a statistical evaluation of usage data can be carried out. For this purpose, we may record both the opening of the e-mail and the internal clicks as well as additional information about the time of opening and the IP address. This information serves the purpose of measuring and optimising the success of our newsletter campaigns by making the content of the newsletter more relevant to our target group and technically optimising the presentation of the newsletter.
The legal basis for this analysis is Art. 6 (1) (f) DSGVO. Our predominant legitimate interest is the evaluation and optimisation of communication with customers and interested parties.
On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website (e.g., to enable the storage of your shopping basket contents). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. Session cookies are automatically deleted after leaving our website.
In addition, we use temporary cookies that we store on your terminal device for a certain period of time (so-called first party cookies). If you visit our site again, it will automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the operation, analysis and optimization of our website and our customer interactions.
14. Web Analytics
We use web analytics services on our website or parts of the website to measure how our website is used by its visitors and to optimize the website as a whole and its presentation.
We use the web analysis service Google Analytics with IP anonymisation. Google Analytics is a web analysis service provided by Google, LLC, USA ("Google"). Within the framework of Google Analytics, cookies are set. In the context of IP anonymisation, the IP addresses of users within the European Economic Area are shortened by Google before being transmitted to the USA. Only in exceptional cases - that is in the event of technical faults in Europe - the unabridged IP address is transmitted to Google in the USA and shortened there. The transmitted IP addresses will not be merged with other Google data.
For further information on data processing by Google, please refer to Google's data protection information: https://www.google.com/policies/privacy.
When using Google Analytics, personal data is transferred to a third country outside the EU. The service provider has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active. Accordingly, there are appropriate guarantees for data transmission in accordance with Art. 46 DSGVO.
The legal basis for this data processing when using web analytics is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
We use the monitoring service Pingdom of the service provider SolarWinds Worldwide, LLC, in the USA. This monitoring service enables an analysis of the loading behaviour and the availability of our website. Cookies are set for this purpose.
When using Pingdom, personal data may be transferred to a third country outside the EU. The service provider has a Privacy Shield certification, available here:https://www.privacyshield.gov/participant?id=a2zt0000000008R6bAAE&status=Active
Furthermore the agreement on contract processing contains the EU standard contract clauses. Accordingly, there are appropriate guarantees for data transmission in accordance with Art. 46 DSGVO.
The legal basis for this data processing in the context of the use of Pingdom is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the optimization and economic operation of our website.
YouTube videos are embedded on our website. These are made available by YouTube, LLC, in the USA ("YouTube") via a plugin.
We use the "advanced privacy settings" for embedded YouTube videos, i.e., YouTube does not set cookies. However, when you visit a website using the YouTube plugin, a connection to YouTube is inevitable and your IP address is transmitted to YouTube. When you are logged in to YouTube, the information you submit can be linked to your account.
For more information on privacy at YouTube, please visit YouTube's Privacy and Security Center at:https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248
YouTube, as a subsidiary of Google, is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law:https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The legal basis for this data processing in the context of the use of YouTube is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the optimization and economic operation of our website.
We use the service reCAPTCHA of Google LLC in the USA. This service is used to differentiate whether the entry in a form is made by a natural person or abusively by automatic and automated processing. In the context of reCAPTCHA, your IP address and other data required by Google for the reCAPTCHA service are transmitted to Google.
For further information on data processing by Google, please refer to Google's data protection information:https://www.google.com/policies/privacy.
When reCAPTCHA is used, personal data is transferred to a third country outside the EU. The service provider has a Privacy Shield certification, available here:https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active. Accordingly, there are appropriate guarantees for data transmission in accordance with Art. 46 DSGVO.
The legal basis for this data processing when using reCAPTCHA is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the security of our website and protection against spam.
18. Social Media Buttons
Various social media buttons of the social media networks Facebook and YouTube are integrated on our website, recognizable by their respective logos.
If you click one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network will be informed that your browser has called up the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account on the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective data protection information of the providers of the social media networks. You can find these here:
The legal basis for the integration and use of social media buttons is Art. 6 para. 1 (f) DSGVO. Our predominant legitimate interest is the presentation of our projects and the activities of the association.
19. Social Media Pages (“Fanpages”)
We maintain publicly accessible profiles on the social media networks Facebook and YouTube ("Social Media Pages" or "Fan Pages").
If you visit one of our social media pages and are logged into the respective social media network, your usage behavior can be analyzed and the information collected can be assigned to your account at the social media network and enriched there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network sites and on other sites.
If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the social media networks. Further information is not available to us. The data protection information of the social media networks can be found here:
We will be happy to provide you with information on suitable guarantees for data transfer to third countries in accordance with Art. 46 DSGVO at any time on request.
You can assert your rights concerning the matter of data collection and use in accordance with Chapter III of the DSGVO (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages according to the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 Para. 1 (f) DSGVO. Our predominant legitimate interest is the presentation of our projects and the activities of the association.
20. Age Restriction
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about anyone under the age of 16.
21. Recipients of Data
Within our company, internal departments or organisational units receive your data which they need to fulfil their tasks, if necessary to fulfil contracts with you, to process data with your consent, or to safeguard our overriding legitimate interests.
Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if this is necessary for contractual purposes, e.g., on the basis of Art. 6 para. 1 (b) DSGVO or to safeguard our overriding legitimate interest pursuant to Art. 6 para. 1 (f) DSGVO in an effective execution of our business operations.
If we use service providers or third parties to provide the website and/or our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of your personal data.
If we use content or tools from service providers or third party providers within the scope of providing the website and/or our services, and if the named location is in a third country, data is regularly transferred to a third country. Third countries are countries in which the DSGVO is not directly applicable law, i.e., countries outside the EU or the European Economic Area. Data will only be transferred to third countries if either an appropriate level of data protection, consent or other legal permission, in particular an appropriate guarantee in accordance with Art. 46 DSGVO, is available.
22. Your Rights
You have the right to free information about your stored personal data, their origin and recipients and the purpose of data processing, and a right to correction, blocking or deletion of these data. You also have the right to limitation of the processing and to object to the processing.
You also have the right to have your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.
To assert your rights, please contact us using the contact details provided for the responsible party above.
You also have a right of appeal to the competent data protection supervisory authority. The responsible supervisory authority for data protection issues is the Bavarian State Office for Data Protection Supervision (https://www.lda.bayern.de/en/index.html).
Many data processing processes are only possible with your express consent. You can revoke your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing up to the revocation remains unaffected by the revocation.
If we process your data, as explained in this data protection information, to protect our overriding legitimate interests, you can object to this processing with effect for the future. Please contact us under the contact details given for the responsible body.
You are only entitled to this right of objection if there are reasons arising from your particular situation (Art. 21 para. 1 DSGVO). After exercising your right of objection, we will not process your personal data further for these purposes, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If the data is processed for direct advertising purposes, you may exercise your right to object at any time (Art. 21 para. 2 DSGVO) and we will then no longer process your personal data, irrespective of the reasons for the objection, for the purpose of direct advertising.
23. Revocation of Consent
Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal notification by e-mail to [email protected] is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
24. Right of Objection
As far as we process your data, as explained in this data protection information, to protect our overriding legitimate interests, you can object to this processing with effect for the future. To do so, please contact us at the contact details given for the responsible office.
As a matter of principle, you are only entitled to this right of objection if there are reasons arising from your particular situation (Art. 21 para. 1 DSGVO). After exercising your right of objection, we will not process your personal data further for these purposes unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
If the processing is carried out for purposes of direct advertising, you can exercise your right of objection in this regard at any time (Art. 21 para. 2 DSGVO) and we will then no longer process your personal data for the purpose of direct advertising, irrespective of the reasons for the objection.
25. Mandatory Information
The provision of personal data is neither required by law nor by contract, nor are you obliged to provide personal data, however, personal information is required for the conclusion of a contract in so far as certain details are absolutely necessary in order to be able to conclude a contract.
26. Automated Decision Making
We do not carry out automated decision making, including profiling.
27. Storage and Deletion
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for in the storage periods provided for by law.
If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
28. Technical and organizational measures of data security
We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, requests or payment data that you send to us.
29. Changes to this data protection information
We reserve the right to occasionally adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g., when introducing new services. The new data protection declaration will then apply for your next visit.