Privacy policy
1. Information about the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses and user behavior. With regard to the terms used in this statement, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
(2) The data controller pursuant to Art. 4 (7) GDPR is HateAid gGmbH, c/o Stiftung Haus der Demokratie und Menschenrechte, Greifswalder Straße 4, 10405 Berlin, Tel.: 040 65917719, e-mail: kontakt@hateaid.org (see our legal notice). You can contact our data protection officer at: Attorney Karina Filusch, LL.M., Friedrichstraße 95, 10117 Berlin, Tel.: 030 219 11 555, e-mail: info@datenschutzbeauftragte-berlin.eu.
(3) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
2. Your rights
(1) You have the following rights with respect to us regarding your personal data:
- Right to information and to confirmation as to whether data in question is being processed, as well as further information and copy of the data, Art. 15 GDPR,
- Right to rectification, completion or deletion, Art. 16-17 GDPR,
- Right to restriction of processing, Art. 18 GDPR,
- Right to data portability, Art. 20 GDPR,
- Right to object to processing, Art. 21 GDPR,
- and Right to lodge a complaint with the competent supervisory authority, Art. 77 GDPR.
The supervisory authority responsible for us is the
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Phone: 030 13889 0
Fax: 030 2155050
E-mail: mailbox@datenschutz-berlin.de
(2) The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated within the scope of this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is required for other and legally permissible purposes (such as for commercial law and tax law reasons), its processing will be restricted, i.e., we will block the data and not process it for other purposes. As for the deletion of data that is not stored by us, you can check the relevant offer.
3. Collection of personal data when visiting our website
(1) In case of a merely informative use of the website, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server or the server on which this service is located (server log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address,
- Date and time of the request,
- Time zone difference from Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Access status/HTTP status code,
- Volume of data transferred in each case,
- Report on successful retrieval,
- Referrer URL of the previously visited website,
- The sub-websites that are accessed via an accessing system on our website,
- Requesting provider,
- Browser type and version,
- Operating system and its interface,
- Language and version of the browser software and
- Other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
The legal basis is Art. 6 (1) sentence 1 letter f) GDPR. The storage of the anonymous data of the server log files is separate from any personal data provided by a data subject.
(2) Log file information is stored for security reasons for a maximum of seven days and then deleted. Backups are stored in encrypted form for 14 days. If the data is required for evidentiary purposes, it will not be deleted until final clarification of the respective incident.
(3) In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which the body that sets the cookie (in this case by us) receives certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet more user-friendly and effective.
(4) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- transient cookies (see letter b)
- as well as persistent cookies (see letter c).
b) Transient cookies are automatically deleted when you close the browser. These include session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are deleted automatically after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
e) You can find our cookie statement here.
4. Further functions and offers of our website
(1) In addition to the purely informative use of our website, we offer various services that you can use if you are interested. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service and for which the data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
5. Objection or revocation of consent to the processing of your data
(1) If you have given your consent to the processing of your data, you may revoke this consent at any time for the future, Art. 7 (3) GDPR. Such revocation affects the permissibility of the processing of your personal data after you have expressed it to us.
(2) Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing, Art. 21 GDPR. This also applies to profiling based on these provisions. This is the case if the processing is not necessary for the performance of a contract with you, which is presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection based on which we will continue the processing.
(3) You may, of course, object to the processing of your personal data for advertising purposes and data analysis at any time. You also have the right to object, on grounds relating to your situation, to the processing of your personal data carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest. You can inform us about your objection at the following contact details: HateAid gGmbH, Greifswalder Straße 4, 10405 Berlin, Tel.: 040 65917719, e-mail: kontakt@hateaid.org.
6. Contact via contact form and e-mail
(1) You can contact us via our contact form and by e-mail. For the processing of the contact request and its handling, the data is processed based on Art. 6 para. 1 p. 1 lit. b DSGVO.
(2) For the contact form, we use the WordPress plugin Contact Form 7 (hereinafter “WordPress”). The provider is Rock Lobster LLC, 1-Chome-1-29 Daimyo, Chuo Ward, Fukuoka, 810-0041, Japan. More information can be found under the following link: https://contactform7.com/privacy-policy/. The data collected through the contact form is not stored by WordPress. The contact form uses the plugin “Friendly Captcha”. Provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is intended to check whether the data entry is made by a human or by an automated program. For this purpose, the user’s behavior is analyzed based on various characteristics. For more information about Friendly Captcha’s privacy policy, please visit the following link: https://friendlycaptcha.com/de/privacy/.
(3) When you contact us, the data you provide (your e-mail address, name and message) will be stored by us in order to answer your questions. The data is stored via Microsoft 365. The provider is Microsoft Corporation (hereinafter “Microsoft”), One Microsoft Way, Redmond, WA 98052-6399, USA. For more details on Microsoft’s privacy policy, please see the following link: https://privacy.microsoft.com/de-de/privacystatement. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are legal retention obligations.
7. Reporting content via the reporting form
(1) You can report incidents of hate on the Internet via our reporting form. For the processing of the report and its handling, the data is processed based on Art. 6 para. 1 p. 1 lit. b DSGVO.
(2) We store the usage details in our project management software. For this purpose, we use the Podio platform of Citrix Systems UK Limited, Building 3, Chalfont Park House, Gerrards Cross, SL9 0DZ, United Kingdom (hereinafter “Podio”). The data entered via the reporting form will be stored by Podio. You can find out more about Podio’s data protection here: https://www.citrix.com/about/legal/privacy/. Podio uses “Google reCAPTCHA” (hereinafter “reCAPTCHA”). The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to verify whether the data entry is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the user’s behavior based on various characteristics. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, keyboard strokes or mouse movements). The data collected during the analysis is forwarded to Google. For more information on Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
(3) When using the reporting form, the data you provide (your e-mail address, your name, any uploaded screenshots and your message) will be stored by us in order to process your report. We delete the data collected in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
8. Donations
(1) If you decide to donate via our website, your data may be processed to create a donor structure analysis. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. The processing of your personal data is necessary to protect our legitimate interests. As a non-profit organization, we are concerned with the targeted use of resources. An analysis of our target donation group helps us to optimally align our marketing measures.
(2) The following personal data may be processed: First and last name, address, date of the first donation, date of the last donation, identification whether permanent donor.
(3) For this purpose, we use the order processor AZ fundraising services GmbH & Co. KG, Carl-Bertelsmann-Str. 161s, 3331 Gütersloh (“AZ fundraising services”). Existing donor data from the FundraisingBox are evaluated for this purpose using the “AZ DIAS” system (AZ Data, Information and Address System) from AZ fundraising services. Data mining and scoring methods are combined with qualified personal characteristics from the AZ DIAS market database and the above-mentioned donor data. The following data is processed: Age at five-year intervals, location size class and federal states, income classes, online/offline affinity, as well as the subdivision of donors by donation behavior into the following groups: Identification of whether single, multiple, or continuous donor.
(4) To protect your data, we have concluded an order processing agreement with AZ fundraising services in accordance with Art. 28 DSGVO. Donor addresses are anonymized using data encryption software. Our order processor itself and its subcontractors are contractually obligated to handle your data in a data protection-compliant manner, in particular with regard to confidentiality, data protection and data security.
(5) Your personal data may be passed on to subcontractors by AZ fundraising services. These may also be located outside of the European Economic Area. If there is no adequacy decision, AZ fundraising services is obliged to conclude standard contractual clauses pursuant to Art. 46 DSGVO. Your data will only be stored for as long as is necessary for the donor structure analysis and will then be deleted. You have the right to object to data processing at any time. There is no automated decision-making or profiling within the meaning of Art. 22 DSGVO.
(5) More information about AZ fundraising services’ donor structure analysis can be found here: https://www.az-fundraising.de/fundraising-instrumente/spender-analyse/.You can find out more about data protection at AZ fundraising services here: https://www.az-fundraising.de/datenschutz/.
9. Newsletter dispatch via CleverReach
(1) With your signature of our petition #makeitsafe and your subsequent consent, you can subscribe to our newsletter, with which we inform you about our engagement on the subject of hate speech and about our services. You are equally free to subscribe to the newsletter regardless of the petition.
We send out our newsletters on topics related to the organization’s activities, including public appearances, such as expert activities in politics. We also inform you about the progress of our projects and actions. We also inform you about the progress of our projects and actions. We also regularly send out information about donation opportunities and how you can support our work. You can find our past newsletters here: https://hateaid.org/newsletter-archiv/
(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within one week, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation.
The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) We strive to provide our community with the content that interests you the most. Therefore, we assign our subscribers to certain categories, regardless of the channel through which they subscribed to our newsletter and/or have already donated to us. If we have opened the possibility for this, you can also independently select topics in which you are particularly interested, for example, our policy processes, petitions, etc. These profiles do not contain any further personal data.
(4) You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to the contact data provided in the legal notice. We base this processing on Art. 6 (1) letter f) GDPR for the former, and on Art. 6 (1) letter a) GDPR for the topics selected by you.
(5) The newsletter is sent via the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede (“CleverReach”). Using CleverReach, we can analyze whether the newsletter has been opened and which links have been clicked on multiple times, if applicable, without linking this to your e-mail address. CleverReach also lists which devices were used (such as PCs, cell phones or tablets) and shows how the openings are distributed worldwide (geo-tracking). We do not link any of this data to your mail address. The dispatch service provider does not use the data of our newsletter recipients to contact them themselves or to pass them on to third parties. You can view CleverReach’s privacy policy here: https://www.CleverReach.com/de/datenschutz/. The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) sentence 1 letter a) GDPR.
(6) We would like to point out that the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files. The data is collected exclusively pseudonymously, i.e., the IDs are not linked to your other personal data such as your e-mail address, and a direct personal reference is excluded.
(7) You can object to this tracking at any time by unsubscribing from the newsletter. The information will be stored if you have subscribed to the newsletter. After unsubscribing, we store the data purely for statistical purposes. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place. The tracking takes place based on our legitimate interest according to Art. 6 (1) letter f) GDPR, in order to be able to improve our offer and make it more interesting for you as a user.
10. Signing petitions
On our site you can support various petitions (campaigns) by signing with your email address. We need the e-mail address because with it we can make sure that there is a human being behind the signature. For verification purposes, you will receive an e-mail from us with a confirmation link that you must click on in order for your signature to be counted.
We view the signing of petitions as an act of public expression. Those who are particularly sensitive can use a pseudonym instead of their real name.
First and last name (or pseudonym) as well as zip code, city and date of signature are shared with the initiator of the petition and can be passed on by this person to decision-makers – e.g., in the context of a petition handover. Only if the list can be viewed can the legitimacy of the signatures be proven, and decision-makers influenced.
The legal basis for data processing is Art. 6 (1) letter b) (processing and implementation of petition support measures, proof of support/participation) or Art. 6 (1) letter f) GDPR, based on the legitimate interest in enabling petition support and implementing the corresponding procedural steps outlined above.
11. Use of social media with the help of the Shariff Wrapper plugin
(1) We would also like to communicate with you on Facebook, Instagram and Twitter. In doing so, we do not link our site directly to the social media providers but integrate them via the open-source plug-in Shariff Wrapper from WordPress. Shariff-Wrapper embeds social media via static graphics that work like normal links. Therefore, unlike the original social media buttons, Shariff-Wrapper’s social media buttons do not automatically send information about visitors to social networks. In addition, Shariff-Wrapper prevents information from being sent even before you have signed up with the social media providers. Thus, by clicking on the social media button, you have the choice whether to send information to Facebook and Twitter or not. Only when you click on the button will your data be transmitted to the respective button. Among other things, the data mentioned under section 3 will be transmitted. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. Since the plug-in provider collects data via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
(2) If you click on the button, we have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 (1) sentence 1 letter f) GDPR.
(4) For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the privacy policies of these providers provided below. There you will also receive further information on your rights in this regard and settings options for protecting your privacy:
a) Facebook and Instagram of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084 as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.
b) Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
12. Integration of YouTube videos
(1) We have integrated YouTube videos of YouTube LLC, 901 Cherry Ave, San Bruno, California 94066, USA, a subsidiary of Google LLC (“YouTube”), into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. [These are all integrated in “extended data protection mode”, which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission].
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under section 3 of this policy are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
(3) For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
13. Use of Borlabs cookies
(1) We use the cookie consent tool Borlabs Cookies of the company Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (“Borlabs Cookies”). The tool is used to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection requirements.
(2) When using Borlabs Cookies, a cookie is stored in your browser when you access the website, in which the consent you have given, or the revocation of this consent is stored. This data is not shared with the provider of Borlabs Cookies. The following data is stored:
- Cookie duration
- Cookie version
- Domain and path of the WordPress website
- Consents
- UID
The UID is a randomly generated ID and is not personal information.
(3) The collected data will be stored for 1 year or until you request us to delete it or delete the cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. You can prevent the installation of cookies in various ways, e.g:
a) by an appropriate setting of your browser software, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers, or
b) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies.
We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
(4) The legal basis for the use of Borlabs cookies is Art. 6 (1) sentence 1 letter a) GDPR. More information on data protection at Borlabs Cookies can be found here: https://de.borlabs.io/datenschutz/.
14. Reach analysis with Matomo (formerly PIWIK)
(1) This website uses the web analytics service “Matomo”. Matomo is an open-source software. We use Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 (1) sentence 1 letter f) GDPR.
(2) Within the scope of Matomo, the following data is collected and stored: the browser type and version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click. The IP address of the user is anonymized before it is stored.
(3) For this evaluation, cookies (see section 3 for more details) are stored on your computer. The information collected in this way is stored by the responsible party exclusively on its server in Germany. You can set the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we point out that you may not be able to use this website in full. Preventing the storage of cookies is possible through the setting in your browser. Preventing the use of Matomois possible by unchecking the following box to enable the opt-out plugin:
(4) This website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.
(5) More information on data protection with Matomo is available at https://matomo.org/privacy-policy/.
15. Presence on our Facebook page
(1) We have a Facebook page at Facebook Inc (“Facebook”), 1601 S California Ave, Palo Alto, California 94304, USA. For the protection of your personal data, we operate as joint data controllers with Facebook pursuant to Art. 26 GDPR: https://www.facebook.com/legal/terms/page_controller_addendum. Through the Facebook page, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use is therefore our legitimate interests in the area of effective communication as well as economic interests pursuant to Art. 6 (1) sentence 1 letter f) GDPR.
(2) Facebook stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our Facebook page. You have a right to object to the creation of these user profiles, whereby you must contact Facebook to exercise this: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You can more effectively assert a possible request for information as well as other rights directly with Facebook.
(3) We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the collected data by Facebook. We would like to point out that your personal data may also be transmitted by Facebook to servers outside the European Economic Area.
(4) For more information on the purpose and scope of data collection and its processing by Facebook, please refer to Facebook’s privacy policy. There you will also find further information on your rights in this regard and settings options for protecting your privacy: http://www.facebook.com/policy.php. Facebook has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
16. Presence on our Instagram page
(1) We have an Instagram page at Facebook Ireland Limited (“Instagram”), 4 Grand Canal Square, Dublin 2, Ireland. Through the Instagram page, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use is therefore our legitimate interests in the area of effective communication as well as economic interests pursuant to Art. 6 (1) sentence 1 letter f) GDPR.
(2) When using Facebook, your metadata such as, among others, location data, device data, language and browser settings, activities, contacts, payment data, etc. are collected. Instagram stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our Instagram page. You have a right to object to the creation of these user profiles, whereby you must contact Instagram to exercise this: https://help.instagram.com/contact/1845713985721890. You can more effectively assert a possible request for information and other rights directly with Instagram.
(3) We have neither influence on the collected data and data processing operations nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the collected data by Instagram. We would like to point out that your personal data may also be transmitted by Instagram to servers outside the European Economic Area and Instagram may pass on your data to other companies in the group of companies as well as third parties.
(4) For more information on the purpose and scope of data collection and its processing by Instagram, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875?helpref=page_content. There you will also receive further information about your rights in this regard and settings options for protecting your privacy. Facebook has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
17. Presence on our YouTube channel
(1) We have a YouTube channel at Google LLC (“Google”), 1600 Amphitheater Parkway, Mountainview, California 94043, USA (“YouTube”). Through the YouTube channel, we offer you the opportunity to look at our work, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use is therefore our legitimate interests in the area of effective communication as well as economic interests pursuant to Art. 6 (1) sentence 1 letter f) GDPR.
(2) When using YouTube, your metadata such as, among others, location data, device data, language and browser settings, activities, contacts, payment data, etc. are collected. In addition, the data mentioned under section 3 of this policy are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out first. YouTube stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. You can more effectively assert any request for information and other rights directly with YouTube.
(3) We have neither influence on the collected data and data processing operations nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the collected data by YouTube. We would like to point out that your personal data may also be transmitted by YouTube to servers outside the European Economic Area and that YouTube may pass on your data to other companies in the group of companies as well as to third parties.
(4) For more information on the purpose and scope of data collection and processing by YouTube, please refer to YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy. There you will also find further information on your rights in this regard and settings options for protecting your privacy.
18. Presence on our Twitter page
(1) We have a Twitter page at Twitter International Company (“Twitter”), One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. Through the Twitter page, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use is therefore our legitimate interests in the area of effective communication as well as economic interests pursuant to Art. 6 (1) sentence 1 letter f) GDPR.
(2) Twitter stores, among other things, the data mentioned in section 3 as well as other personal data such as your age, gender, language, etc. as usage profiles and uses these for the purposes of advertising, market research and/or the design of its website in line with requirements. Such an evaluation is carried out (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our Twitter page. Twitter may also use analysis programs such as Google Analytics. You have the right to object to the creation of these user profiles, and you must contact Twitter to exercise this right. You can also opt out of interest-based advertising via http://optout.aboutads.info/. You can more effectively assert any request for information and other rights directly with Twitter. You can prevent the tracking by Google Analytics, the collection of data generated by Google Analytics and related to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
(3) For further information on data collection, purpose of processing, data transfer and deletion periods, please refer directly to Twitter’s privacy policy: https://twitter.com/de/privacy. We would like to point out that your personal data may also be transmitted by Twitter to servers outside the European Economic Area
19. Quizzes and surveys
(1) In order to conduct playful quizzes and surveys, we use Lamapoll, Lamano GmbH & Co. KG
Prenzlauer Allee 36 G, 10405 Berlin, info@lamapoll.de. LamaPoll is a web service for creating and conducting surveys. The legal basis for the processing is Art. 6 (1) sentence 1 letter a) GDPR.
(2) When using the tool, i.e., when participating in the surveys and quizzes, information of a general nature is automatically collected. This data (server log files) includes:
- Time of access (date & time)
- Your web browser
- Your operating system
- The URL called up or action in the survey tool
- The website from which you are visiting us (referrer URL)
- Your IP address (anonymized)
This is exclusively data that does not allow any conclusions to be drawn about your specific person.
This data is technically necessary in order to correctly deliver the content requested by you and is mandatory when using the Internet. They are necessary for the operation, maintenance, protection and monitoring of the proper functioning of the system. In the event of misuse, these logs are used to create reproduction scenarios and, if necessary, evidence to be provided by us. In the event of an error, these logs are used to enable the fastest possible system update. This data is used by Lamapoll only when necessary and only for protection, maintenance and to ensure the proper operation of the system. They are never passed on to third parties or used in any other way.
(3) Cookies are used in our survey tool for the following functions:
- Authorization of requests (“session cookie”)
- Storage of your language settings
- Storage of your settings for views (survey overview, file manager, etc.)
You can deactivate the use of cookies at any time via the settings of your
browser. Please note that you will no longer be able to use the survey tool if you have disabled cookies in
your browser.
(4) Session cookies and those of the language settings are deleted after closing the browser. Other information is stored for one quarter and then stored purely for statistical purposes.
20. Live chat with Userlike
1. We use the live chat software “Userlike”. The service provider is the German company Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany. The tool is used to contact us personally via our website.
2. Userlike offers a messenger function for web and mobile support for this purpose. The software-based solution for chat communication offers real-time and asynchronous customer support, and helps us to expand communication with interested parties.
To make it easy to contact us through our website, Userlike uses cookies to ensure that you are connected to the same contact person when you make a new chat request, if possible. When you access our website, a cookie is stored in your browser, in which the consent you have given or the revocation of this consent is saved. This data will not be shared with the Userlike provider.
(4) The following data is stored:
- Chat transcript
- Email address
- Browser
- Operating system
- End device
- Number of page views
- Number of page visits
- Referrer
- URL (where the chat started)
- Survey before and after the chat
- Chat topic
- Chat status (new, waiting, finished)
- Chat rating after the chat
- Duration of the chat
- Date of the chat
- Geo-location (optional, optional)
- Media files that the contact shares with the operator during the chat
- Optional data fields that HateAid passes to Userlike
- IP address
(5) The headquarters of Userlike UG is located in Germany. Userlike stores data encrypted on German servers. Nevertheless, Userlike uses the services of the following subcontractors whose headquarters are not within the EEA:
- Amazon Web Services (AWS) 38 Avenue John F. Kennedy L-1855 Luxembourg
- Mailgun Technologies, Inc. 112 E Pecan St #1135 San Antonio, Texas 78205 USA
- Twilio Inc. 375 Beale Street, Suite 300, San Francisco, California 94105 USA
- FullContact 1624 Market St Ste 226, PMB 45057, Denver, Colorado 80202 USA
(6) The data you have provided in the chat will be deleted within one month, provided that there are no legal retention periods to the contrary.
(7) Data transfers to third countries outside the EEA are therefore possible. We have concluded an order processing contract with Userlike for the protection of your data. Userlike has signed standard contractual clauses to ensure the European level of data protection. For more information on data protection at Userlike, please visit https://www.userlike.com/de/data-privacy.
The legal basis for data processing is Art. 6 (1) sentence 1 letter a) GDPR (consent).
21. Applications
(1) Applicants can send us unsolicited applications by e-mail, or the contact form integrated on our website. The applicants’ data will be evaluated for the purpose of processing the application procedure. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be deleted seven months after notification of the rejection decision, if this does not conflict with any legitimate interests, such as a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). The legal basis for the processing is Art. 6 (1) sentence 1 letter b) GDPR.
(2) Your application can be submitted via a form from Podio. You can find more information about this in section 6.
22. Automated decision-making
We ourselves refrain from automated decision-making and do not use profiling outside of newsletter dispatch (see section 8).