July 25th 2018
1. Subject, Matter and Scope
We take the protection of your personal data very seriously. With this data protection information we inform you about which personal data we collect and how and for what purposes they are processed. We always treat your personal data in accordance with the statutory data protection regulations and this data protection declaration.
2. Responsible Body
Phone: +49 9131 9232 803
Fax: +49 9131 9379 422
3. Data Protection Officer
Rechtsanwalt, Fachanwalt IT-Recht
Anyone concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
4. Visit to the Website
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. Additional information about the browser of your mobile device is also provided.
Ensuring the confidentiality and integrity of personal data processed with our IT systems is of great importance to us. The data will also be used to correct errors on the website.
For these purposes, the following data is logged:
- IP address of the calling computer
- Operating system of the calling computer
- Browser version of the calling computer
- Name of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Referring URL
This data is regularly deleted after 30 days.
Our website is hosted by a service provider in the European Economic Area on the basis of order processing in accordance with Art. 28 DSGVO.
The legal basis for this data processing is Art. 6 para. 1 (f) DSGVO. Our overriding legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of data.
If you contact us to request information, the information you provide will be stored for the purpose of processing the request.
The legal basis for this data processing is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is communication with customers and interested parties.
If the aim of establishing contact is tobecome a member or to make a donation, the additional legal basis for processing is Art. 6 para. 1 (b) DSGVO.
We also occasionally use an address verification service. We transmit your data (name, postal address) to Deutsche Post Direkt GmbH for the purpose of verifying your address (check for deliverability). The legal basis for these transfers and data processing is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is to ensure the deliverability of information sent by post and fundraising and to avoid unnecessary shipping costs when sending letters to incorrect or non-existent addresses.
Information on data protection at Deutsche Post Direkt GmbH and your right of objection can be found here: https://www.deutschepost.de/en/d/deutsche-post-direkt/deutsche-post-direkt-datenschutz.html
6. Post Mailings
If you have donated to us or have become a member, we will keep you as a donor or member in our database. In this case, we will process your postal address to send you donation receipts and postal information about the association and its projects.
The legal basis for this data processing is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is to communicate with our donors and members to solicit donations and to inform them about the activities of the association.
We use external service providers for printing and dispatch on the basis of order processing in accordance with Art. 28 DSGVO.
If you donate, your entered contact and payment data will be used to carry out the donation. For the integration of the online donation form we use the service Fundraisingbox of Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg. The data collected as part of the donation will be transmitted via a secure connection. The payment data is transferred directly to the respective payment service provider using an encrypted connection. Current information on the security procedure used can be found here:? https://www.fundraisingbox.com/security.
For donations by direct debit or credit card we use the payment service provider Micropayment GmbH, Scharnweberstraße 69, 12587 Berlin for the technical processing and possible reversal of the direct debit donations.
Further information on data protection at Micropayment GmbH can be found here: https://resources.micropayment.de/billing/documents/privacy-policy/debit/debit-gmbh-de.pdf
If you donate via PayPal you will be redirected to the PayPal website where you can make your donation. We do not receive any account data, but are only informed about the donation made.
For donations by Klarna Immediate Transfer you will be forwarded directly to the website of the payment provider Sofort AG. We do not receive any account data, but are only informed about the donation made.
If you donate to us by bank transfer, we collect and store your bank details in order to be able to recognize you in case of possible further donations and to be able to send you a donation receipt/confirmation of donation for the entire amount of the donations made in the respective calendar year.
The legal basis for data processing is Art. 6 para. 1 (b) and (f) DSGVO. The data will be processed to carry out the donation and, if necessary, to send the donation receipt/confirmation of donation.
8. Membership and Supporters
If you become a member of OneDollarGlasses, we process your personal data to establish, implement and terminate the membership relationship and to exercise and fulfil the rights and obligations arising from the law. Within the scope of membership, your surname and first name, your address, other contact data provided by you, if applicable your bank details for collecting membership fees, your date of birth, professional and other relevant qualifications and interests and the duration of membership will be processed. Your data will also be used to invite you to the Annual General Meeting of OneDollarGlasses. The legal basis is Art. 6 para. 1 (b) DSGVO.
Your data may also be processed for other purposes on the basis of your explicit consent, for example when your name and photo are published on the website. The legal basis is then Art. 6 para. 1 (a) DSGVO.
We process the personal data of active supporters of OneDollarGlasses in order to facilitate the cooperation of supporters at the association and in the projects carried out by the association. If you become a supporter of the association, your surname and first name, your address, other contact data provided by you, your date of birth and professional and other relevant qualifications and interests will be processed. The legal basis is Art. 6 para. 1 (f) DSGVO. Our overriding legitimate interest is to also involve non-members in the implementation of projects and activities of the association at home and abroad.
The data of both members and supporters are also used to send the internal newsletter by e-mail. The internal newsletter informs both members and supporters about activities and projects of the association and serves for internal communication and coordination. It does not represent advertising or fundraising. Accordingly, the legal basis for members is Art. 6 para. 1 (b) and for supporters Art. 6 para. 1 (f) DSGVO. Our overriding legitimate interest is to also involve non-members in the implementation of the association's project.
You can register on our website to receive newsletters by e-mail. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. During the registration process, your consent is obtained for the processing of the data and reference is made to this data protection information.
In order to verify that the actual owner of an e-mail address has registered to receive a newsletter, we use the so-called "double opt-in" procedure. A confirmation e-mail is sent to the registered e-mail address after registration. The registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link will also be transmitted to us.
Registration for the newsletter can be terminated at any time by contacting us at the contact details given above for the responsible body.
The legal basis for processing the data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 (a) DSGVO.
On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. Session cookies are automatically deleted after leaving our website.
In addition, we use temporary cookies that we store on your terminal device for a certain period of time (so-called first party cookies). If you visit our site again, it will automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the operation, analysis and optimization of our website and our customer interactions.
11. Web Analysis
We use web analytics services on our website or parts of the website to measure how our website is used by its visitors and to optimize the website as a whole and its presentation.
We use the web analysis service Google Analytics with IP anonymisation. Google Analytics is a web analysis service provided by Google, LLC, USA ("Google"). Within the framework of Google Analytics, cookies are set. In the context of IP anonymisation, the IP addresses of users within the European Economic Area are shortened by Google before being transmitted to the USA. Only in exceptional cases - that is in the event of technical faults in Europe - the unabridged IP address is transmitted to Google in the USA and shortened there. The transmitted IP addresses will not be merged with other Google data.
For further information on data processing by Google, please refer to Google's data protection information: https://www.google.com/policies/privacy.
When using Google Analytics, personal data is transferred to a third country outside the EU. The service provider has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active. Accordingly, there are appropriate guarantees for data transmission in accordance with Art. 46 DSGVO.
The legal basis for this data processing when using web analytics is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
We use the monitoring service Pingdom of the service provider SolarWinds Worldwide, LLC, in the USA. This monitoring service enables an analysis of the loading behaviour and the availability of our website. Cookies are set for this purpose.
When using Pingdom, personal data may be transferred to a third country outside the EU. The service provider has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt0000000008R6bAAE&status=Active
Furthermore the agreement on contract processing contains the EU standard contract clauses. Accordingly, there are appropriate guarantees for data transmission in accordance with Art. 46 DSGVO.
The legal basis for this data processing in the context of the use of Pingdom is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the optimization and economic operation of our website.
YouTube videos are embedded on our website. These are made available by YouTube, LLC, in the USA ("YouTube") via a plugin.
We use the "advanced privacy settings" for embedded YouTube videos, i.e., YouTube does not set cookies. However, when you visit a website using the YouTube plugin, a connection to YouTube is inevitable and your IP address is transmitted to YouTube. When you are logged in to YouTube, the information you submit can be linked to your account.
For more information on privacy at YouTube, please visit YouTube's Privacy and Security Center at: https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248
YouTube, as a subsidiary of Google, is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The legal basis for this data processing in the context of the use of YouTube is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the optimization and economic operation of our website.
We use the service reCAPTCHA of Google LLC in the USA. This service is used to differentiate whether the entry in a form is made by a natural person or abusively by automatic and automated processing. In the context of reCAPTCHA, your IP address and other data required by Google for the reCAPTCHA service are transmitted to Google.
For further information on data processing by Google, please refer to Google's data protection information: https://www.google.com/policies/privacy.
When reCAPTCHA is used, personal data is transferred to a third country outside the EU. The service provider has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active. Accordingly, there are appropriate guarantees for data transmission in accordance with Art. 46 DSGVO.
The legal basis for this data processing when using reCAPTCHA is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the security of our website and protection against spam.
15. Social Media Buttons
Various social media buttons of the social media networks Facebook and YouTube are integrated on our website, recognizable by their respective logos.
If you click one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network will be informed that your browser has called up the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account on the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective data protection information of the providers of the social media networks.
The legal basis for the integration and use of the social media buttons is Art. 6 para. 1 (f) DSGVO. Our primary legitimate interest is the marketing of our offers and our website.
16. Age Restriction
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about anyone under the age of 16.
17. Recipient of data
Within our company, internal departments or organisational units receive your data which they need to fulfil their tasks, if necessary to fulfil contracts with you, to process data with your consent or to safeguard our overriding legitimate interests.
Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if this is necessary for contractual purposes, e.g., on the basis of Art. 6 para. 1 (b) DSGVO or to safeguard our overriding legitimate interest pursuant to Art. 6 para. 1 (f) DSGVO in an effective execution of our business operations.
If we use service providers or third parties to provide the website and/or our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of your personal data.
If we use content or tools from service providers or third party providers within the scope of providing the website and/or our services, and if the named location is in a third country, data is regularly transferred to a third country. Third countries are countries in which the DSGVO is not directly applicable law, i.e., countries outside the EU or the European Economic Area. Data will only be transferred to third countries if either an appropriate level of data protection, consent or other legal permission, in particular an appropriate guarantee in accordance with Art. 46 DSGVO, is available.
18. Information to ensure fair and transparent processing
18.1 Your rights
You have the right to free information about your stored personal data, their origin and recipients and the purpose of data processing and a right to correction, blocking or deletion of these data. You also have the right to limitation of the processing and to object to the processing.
You also have the right to have your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.
To assert your rights, please contact us using the contact details provided for the responsible party above.
You also have a right of appeal to the competent data protection supervisory authority. The responsible supervisory authority for data protection issues is the Bavarian State Office for Data Protection Supervision (https://www.lda.bayern.de/en/index.html).
Many data processing processes are only possible with your express consent. You can revoke your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing up to the revocation remains unaffected by the revocation.
If we process your data, as explained in this data protection information, to protect our overriding legitimate interests, you can object to this processing with effect for the future. Please contact us under the contact details given for the responsible body.
You are only entitled to this right of objection if there are reasons arising from your particular situation (Art. 21 para. 1 DSGVO). After exercising your right of objection, we will not process your personal data further for these purposes, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If the data is processed for direct advertising purposes, you may exercise your right to object at any time (Art. 21 para. 2 DSGVO) and we will then no longer process your personal data, irrespective of the reasons for the objection, for the purpose of direct advertising.
18.2 Mandatory Information
The provision of personal data is neither required by law nor by contract, nor are you obliged to provide personal data, however, personal information is required for the conclusion of a contract in so far as certain details are absolutely necessary in order to be able to conclude a contract.
18.3 Automated Decision Making
We do not carry out automated decision making, including profiling.
19. Storage and Deletion
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for in the storage periods provided for by law.
If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
20. Technical and organizational measures of data security
We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, requests or payment data that you send to us.
21. Changes to this data protection information
We reserve the right to occasionally adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g., when introducing new services. The new data protection declaration will then apply for your next visit.