In accordance with German/ EU legislation
As the operator of the online service www.united-way-germany.org, PHINEO gemeinnützige AG is the data controller responsible for the processing of personal data. Our contact data is available under our legal notice, while the individuals responsible for questions regarding how we process personal data are identified directly in this privacy statement.
We are deeply committed to protecting your privacy and personal data. We collect, store and use your personal data strictly in accordance with the provisions of this privacy statement and any applicable data protection provisions as regulated by the European General Data Protection Regulation (GDPR) and national data protection provisions.
This privacy statement is intended to inform you of the extent to which your personal data is processed and the purpose of processing this data in connection with the use of our online offering.
Personal data is any and all information about an identified or identifiable individual. This includes information about your identity, such as your name, email address or postal address. Any information that cannot be directly linked to your identity (e.g., statistical details such as the number of users of our online offering) is not considered to be personal information.
In principle, you can use our online offering without disclosing your identity and without providing any personal data. In such cases, we simply collect general information regarding your visit to the online offering. However, some of the services we provide do require the provision of personal data. As a rule, we process such data only for purposes connected with the use of this online offering, in particular with respect to providing required information. Whenever personal data is collected, you will be required to provide only that information which is absolutely necessary. You may be asked to provide additional information on a voluntary basis. We specify in each case whether the information requested is obligatory or optional. More specific details are provided in the relevant section of this privacy statement.
There are no automated decision-making processes involving your personal data in connection with using our online offering.
Processing personal information
We store the information provided by you on protected dedicated servers located within the European Union. Technical and organizational measures are taken to protect such servers against the loss, destruction, access, modification, or dissemination of your data by unauthorized persons. Only a limited number of authorized persons will have access to your data. These persons are responsible for technical, commercial or editorial support with the servers. Despite regular monitoring, full protection against all risks cannot be provided.
Your personal data is transmitted over the internet in encrypted form. We use SSL (Secure Socket Layer) encryption for the transmission of data.
Disclosure of personal data to third parties
We use your personal information exclusively for the provision of services that you have requested from us. Insofar as we use external service providers in performing the service requested, said external service providers will access the data exclusively for the purpose of performing the service. By taking the requisite technical and organizational measures, we ensure compliance with privacy policies and demand the same of our external partners.
Moreover, we will not disclose the data to any third parties without your consent. This may include without being limited to the provision of data for advertising purposes. We will disclose your personal data only if you have given your consent or insofar as we are entitled or obligated to do so under legal provisions and/or administrative or judicial orders. This may include, without being limited to, giving information for the purposes of a criminal prosecution, in order to avert danger, or in order to enforce intellectual property rights.
Legal basis of data processing
Insofar as we obtain your consent to processing your personal data, Article 6(1)(a) of the GDPR constitutes the legal basis for such data processing.
Insofar as we process your personal data because it is necessary for the performance of a contract or is required under a quasi-contractual relationship with you, the legitimate interest of data processing follows from Article 6(1)(b) of the GDPR.
Insofar as we process your personal data because it is required for compliance with a legal obligation, the legitimate interest of data processing follows from Article 6(1)(c) of the GDPR.
Furthermore, Article 6(1)(f) of the GDPR may constitute the legal basis for data processing, if processing of your personal data is necessary for the purposes of the legitimate interests pursued by our organization or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of personal data.
Throughout this privacy statement, we refer to the legal basis for processing your personal data.
Data deletion and duration of storage
We invariably delete or block any personal data provided by you as soon as the purpose of storage of such data ceases to apply. However, we may continue to store your personal data if such storage is governed by legal provisions to which we are subject, including the legal obligation to retain business records and documentation. In such a case, we will delete or block the personal data after the prescribed period of time has expired.
Information about your computer
Each time our online offerings are accessed, we collect information independent of registration, including the IP address of the accessing computer, the browser’s access request and the time stamp of the access request. As part of this request, we collect information regarding the status and volume of data transferred as well. We also collect information regarding the browser and operating system used by the computer in terms of both product and version. We also record the website from which the request for access originates. Your computer’s IP address is stored only for the duration of the use of the online offering and is subsequently deleted or anonymized by shortening it. The remaining data is stored for a limited period of time.
We use this data for the purpose of operating the online offering. This involves in particular detecting and correcting errors, determining how the online offering is being used and making adjustments or improvements. These purposes also include our legitimate interest in data processing pursuant to Art. 6(1)(f) of the GDPR, which is the legal basis for such processing.
Cookies enable us to recognize your computer and make any default settings immediately available. Cookies help us improve our online offering and provide you with an even better service that is customized to your particular requirements. This also constitutes a legitimate interest in the processing of data in accordance with Article 6(1)(f) of the GDPR.
Most web browsers are set to accept cookies by default. However, you can disable the storage of cookies or configure your web browser settings so that you are notified when you receive a cookie. It is also possible to manually delete stored cookies in the browser settings. Please note that your use of our online offering may be limited or restricted if you refuse to save cookies or delete required cookies.
Web analytics cookies
Our online offering uses so-called web analytics cookies that allow us to track user interaction with the site. These cookies allow us to collect and store information regarding, for example, how often a page is accessed, search terms and the use of specific website functions.
Your data collected with the help of cookies are pseudonymized, which means that it is no longer possible to assign data to a specific user.
We use web analytics cookies in order to improve the quality of our online offering and its contents and in order to examine and optimize the reach and searchability of our website. These purposes also constitute a legitimate interest in terms of the legal basis for data processing in accordance with Article 6(1)(f) of the GDPR.
We use Google Analytics for statistical purposes. Google Analytics is a web tracking service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94034, USA (“Google”). Google Analytics uses so-called cookies (i.e., text files) that are stored on your hard drive and allow us to analyze how you interact with the website. As a general rule, the information about your visit to the website that is generated by cookies is transmitted to a Google server in the United States, where it is stored. However, if IP anonymization is activated on this website, within member states of the EU or in any other signatory state to the Agreement on the European Economic Area, your IP address will be shortened by Google in advance of being transmitted. The full IP address is transmitted to a server at Google and then shortened in specific exceptions only. On behalf of the operator of this website, Google uses this information to evaluate your interaction with the website, compile reports on website activity and provide other website activity and internet usage-related services to the site operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. You may prevent cookies from being stored on your computer by selecting the appropriate settings on your browser. However, please note that this may result in disabling certain functions of this website. You can also prevent Google from collecting cookie-generated data related to your use of the website (including your IP address) and also prevent Google from processing this data by downloading and installing the browser plug-in available here http://tools.google.com/dlpage/gaoptout?hl=en.
For more information, see https://tools.google.com/dlpage/gaoptout?hl=en and https://policies.google.com/privacy?hl=en (general information about Google Analytics and data protection). Please note that on our website, Google Analytics has been extended by the code “ anonymizelp();” in order to anonymize IP adresses, though the last octet has been deleted.
We believe that given the protective measures taken (anonymization and objection opportunities), the processing of data for the purposes of optimizing our online offering represents a legitimate interest in line with Art. 6(1)(f) of the GDPR.
Communication with us
There are various ways of contacting us, including the contact form provided on our website. In addition, we are happy to keep you updated by e-mailing you our newsletters that address various topics.
If you wish to use the contact form provided on our website, we will collect the personal data that you provide here, including your name and e-mail address. In addition, we record the IP address and the date and time of your enquiry. We process any data transmitted through the contact form exclusively for the purpose of answering your enquiry or reacting to your concern.
It is up to you to decide what information you provide in the contact form. In accordance with Article 6(1)(a) of the GDPR, your consent constitutes the legal basis for processing your data.
After the matter has been dealt with, the data is stored for some time in case you have any further questions. Without prejudice to the relevant legal retention periods, you may request deletion of the data at any time; otherwise the data will be deleted once the matter has been conclusively dealt with.
If you subscribe to our newsletter, we will use the e-mail address you provided until you unsubscribe from the newsletter. You will be regularly updated by e-mail on current topics related to our projects and receive e-mails informing you of specific items such as new studies and events. Such e-mails may draw on information we have about you to personalize and individualize their content.
Unless you have given us your consent in writing, we use the so-called double opt-in procedure for subscription to our newsletter, that is, we will send you our newsletter by e-mail only once you have expressly confirmed that you want us to activate transmission of the newsletter. We will then send you a notification e-mail and ask you to confirm, by clicking on one of the links contained in that e-mail, that you wish to receive our newsletter.
If you have explicitly subscribed to our newsletter, your consent constitutes the legal basis for processing of your data in accordance with Article 6(1)(a) of the GDPR. Under the applicable legal provisions, we may send you our newsletter without having obtained your express consent; this is based on the fact that you have ordered certain publications from us and we have therefore received your e-mail address and you have not objected to receiving information from us by e-mail. In this case, our legitimate interest in direct mailing constitutes a legal basis in accordance with Article 6(1)(f) of the GDPR.
If you no longer wish to receive our newsletters, you can revoke your consent at any time with effect for the future and/or object to receiving the newsletter without incurring any costs other than the transmission costs in accordance with the basic tariffs. Simply click on the unsubscribe link included in every newsletter or send a message to us or our data protection officer.
Use of YouTube
Our online offering contains videos for which we use plugins from the site run by Google, YouTube (“YouTube”). The operator of the service is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access an internet page of our online offering that contains a video, a connection with the YouTube servers is created. The YouTube server is then told which internet pages of our online offering you have visited.
If you are logged in to your YouTube account at that time, you allow YouTube to assign your browsing behavior directly to your personal profile. You can prevent this from taking place by first logging out of your YouTube account. For further information on the handling of user data please refer to the Google privacy statement at https://policies.google.com/privacy?hl=en, which also applies to YouTube.
We use YouTube so that we can show you videos and thus deliver more information about ourselves and our projects; this at the same time constitutes our legitimate interest pursuant to Article 6(1)(f) of the GDPR.
Your rights; contact
We are committed to explaining as transparently as possible how we process personal data and to inform you of your rights. If you want more detailed information or wish to exercise your rights, you can contact us at any time so that we can address your concerns.
Rights of persons concerned
You have extensive rights with respect to the processing of your personal data. First, in accordance with Art. 15 GDPR, you have an extensive right of access and can, if necessary, demand in accordance with Art. 16 GDPR that corrections be made to your data and/or that data be deleted or, in accordance with Art. 17 GDPR, that access to your personal data be blocked. You can also demand in accordance with Art. 18 GDPR that the processing of your data be restricted and, in accordance with Art 21 GDPR, you have a right of objection. You also have a right to data portability regarding the personal data that you have provided to us.
If you wish to assert any of your rights and/or want more detailed information concerning your rights, please contact our data protection officer.
Withdrawal of consent and objection
You may at any time withdraw your consent with future effect. Withdrawing consent does not affect the legality of any processing performed on the basis of such consent given until the withdrawal thereof. Our front office personnel or data protection officer are the appropriate persons to contact in such cases.
Insofar as the processing of your personal data is not based on consent given by you but on another legal basis, you can object to your personal data being processed. Your objection will lead to a review and, if necessary, to a termination of the data processing. You will be informed of the outcome of the review and – if the data processing is nonetheless continued – you will receive further information from us on why the data processing is admissible.
Security through technical and organizational measures
PHINEO gAG takes technical and organizational measures pursuant to Art. 32 (1) EU-GDPR to ensure the security of data processing in order to protect personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures taken are subject to ongoing improvements apace with technological developments.
The user agrees to electronic communication as soon as he or she establishes electronic contact with PHINEO gAG. The user is informed that eMails can be read or altered without authorization and without being noticed during transmission. PHINEO gAG uses software to filter unwanted eMails (spam filter). The spam filter can be used to reject eMails that have been falsely identified according to certain characteristics as spam.
Data protection officer; contact
We have appointed a data protection officer whom you can contact directly. If you have questions regarding our handling of personal data or if you require other information on data protection issues, please do not hesitate to contact our data protection officer and his team:
If you believe that the processing of your personal data does not comply with this privacy statement or the applicable data protection provisions, you can file a complaint with our data protection officer. Our data protection officer will review the matter and inform you of the outcome. In addition, you are entitled to lodge a complaint with a supervisory authority.
Links to other websites
Our online offering may contain links to other websites. These links are generally identified as such. However, we have no control over the extent to which linked websites comply with the applicable data protection provisions. We therefore recommend that for other providers’ data privacy statements, you refer to the information provided on their respective websites.
Amendments to this privacy statement
Any revision of this privacy statement is identified by the date specified (see below). We reserve the right to amend this privacy statement at any time with effect for the future. Amendments will be made, among other things, in case of technical adjustments of the online offering or when changes are made to data protection laws. The amended privacy statement is always made available directly through our online offering. We recommend obtaining information on any changes of this privacy statement on a regular basis.
Most recent update of this privacy statement: September 26, 2018