Privacy policy

1. Information about the collection of personal data

(1) In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses and user behaviour. With regard to the terms used in this statement, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

(2) The controller pursuant to Art. 4 (7) GDPR is HateAid gGmbH, Greifswalder Straße 4, 10405 Berlin, phone: 040 65917719, email: kontakt@hateaid.org (see our legal notice). You can contact our data protection officer at Rechtsanwältin Karina Filusch, LL.M., Friedrichstraße 95, 10117 Berlin, phone: 030 219 11 555, email: info@datenschutzbeauftragte-berlin.eu.

(3) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.

2. Your rights

(1) You have the following rights in relation to the personal data concerning you:

• Right to information and to confirmation as to whether data in question is being processed as well as further information and a copy of the data, Art. 15 GDPR,
• Right to rectification, completion or erasure, Art. 16-17 GDPR,
• Right to restriction of processing, Art. 18 GDPR,
• Right to data portability, Art. 20 GDPR,
• Right to object to processing, Art. 21 GDPR and
• Right to lodge a complaint with the competent supervisory authority, Art. 77 GDPR.

The supervisory authority responsible for us is the
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Telephone: 030 13889 0
Fax: 030 2155050
Email: mailbox@datenschutz-berlin.de

(2) The data processed by us will be deleted or its processing will be restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is required for other and legally permissible purposes (e.g. for commercial and tax law reasons), its processing is restricted, i.e. we block the data and do not process it for other purposes. As far as the deletion of data that is not stored by us is concerned, you can check the relevant service.

3. Collection of personal data when visiting our website

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server or the server on which this service is located (so-called server log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address,
• Date and time of the enquiry,
• Time zone difference to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status/HTTP status code,
• Amount of data transferred in each case,
• Notification of successful retrieval,
• Referrer URL of the previously visited website,
• The sub-websites which are accessed via an accessing system on our website
• Requesting provider,
• Browser type and version,
• Operating system and its interface,
• Language and version of the browser software and
• Other similar data and information used for security purposes in the event of attacks on our information technology systems.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

(2) For security reasons, log file information is stored for a maximum of seven days and then deleted. Backups are stored in encrypted form for 14 days. If the data is required for evidence purposes, it will not be deleted until the respective incident has been finally clarified.

5.Use of tracking pixels

(1) We use so-called tracking pixels on our website. These enable us to collect usage data and thereby optimise our advertising and information displays. The use of tracking pixels may result in data being processed in the USA or other third countries outside the EU. The service providers only transfer user data to countries for which there is an adequacy decision by the European Commission in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

This data storage and use is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time for the future.

(a) Meta Pixel

We use the Meta Pixel from Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA on our website. For users in the EU, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”) is the responsible provider.

The Meta Pixel enables us to track interactions on our website that are based on adverts placed by us on Facebook and Instagram (Meta Apps). This data enables us to display interest-based adverts. This allows users of our website to be shown interest-based adverts on Facebook, Instagram or other websites. If you visit our website and have consented to its use, the Meta Pixel is triggered and analyses individually selected actions using cookies. Meta stores this data for up to 180 days if you do not visit this website again and thus do not trigger the Meta pixel/cookie again. This enables Meta to match individual data with data from the respective user account on Facebook or Instagram. This data is anonymised and cannot be viewed by us. You can deactivate the use of this data by Meta via the settings in your Facebook or Instagram account (https://www.facebook.com/adpreferences/?entry_product=ad_preferences_delegation).

Further information on the processing of personal data by Meta can be found at https://www.facebook.com/privacy/explanation. Meta Platforms Inc. is certified under the EU-US Data Privacy Framework to protect your data. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

(b) Google Ads Conversion Pixel

We use the Google Ads Conversion Pixel from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. The controller for users in the European Economic Area and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

The Google Ads Conversion Pixel enables us to optimise our ads and information campaigns on external websites. We can use it to determine the success of individual adverts, display them in a targeted manner and thus place interest-based adverts. Google has the ability to collect data to measure success, such as the display of ads or clicks by users, as well as to recognise end devices and display targeted content to users based on the pages they visit on our website. If you are logged in to Google with your data, this data can be assigned to your account. Even if you are not logged into a Google account, it is possible that Google will store your IP address. Google stores the conversion tracking data for 30 days.

We ourselves do not collect, process or receive any personal data in this context. The data provided by Google are merely statistics on the individual measures that do not enable us to identify you personally.

Further information on Google’s data protection provisions can be found here: https://policies.google.com/privacy?hl=de-IT&fg=1. Google LLC is certified to protect your data in accordance with the EU-US Data Privacy Framework. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

(c) LinkedIn Insight Tag

We use the Insight Tag from LinkedIn Corp. 1000 W Maude Ave, Sunnyvale, CA 94085, USA on our website. The controller for users in the EU is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn).

The LinkedIn Insight tag allows us to track your actions on our website and show you interest-based advertising. Users can thus be shown targeted adverts on LinkedIn or on other websites. Your activities are stored in various cookies. The following information is usually collected: URL, referrer URL, metadata (browser and device) and the shortened IP address. The data is pseudonymised after seven days and deleted after 180 days. You can set in your LinkedIn profile which data may be collected by LinkedIn (https://www.linkedin.com/mypreferences/d/categories/ads).

The necessary data is collected by LinkedIn in direct communication with your browser or end device. The embedded code enables LinkedIn to record your interaction with our website, which of our web pages you have visited and which of our adverts you have clicked on other web pages. If you are logged in to LinkedIn, this data can be assigned to your account. If you log in to LinkedIn with your own user data, the respective recognition features of different browsers and end devices can be linked with each other. In this way, LinkedIn can also display our adverts to you across different devices.

We ourselves do not receive any personal data from LinkedIn. The information provided to us contains data such as line of business, job titles and general information about the reach and success of adverts.

You can find more information about data protection on LinkedIn here: https://de.linkedin.com/legal/privacy-policy.

(d) TikTok Pixel

We use the TikTok Pixel on our website, a conversion tracking service for advertisers provided by TikTok Pte. Ltd, 1 Raffles Quay, 26-10, Singapore, 048583. The controller for the EU is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (TikTok).

By using the TikTok pixel, TikTok can process data about the use of the website and the logging of clicks on individual elements. The purpose of the processing is to investigate user behaviour, analyse the effect of online marketing measures and select online advertising on other platforms, which is automatically selected by means of real-time bidding based on user behaviour. You can set in your TikTok profile whether TikTok may access this data (https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/personalization-and-data).

We ourselves do not collect, process or receive any personal data in this context. The data provided by TikTok are merely statistics on the individual measures that do not enable us to identify you personally. We use this data to place targeted adverts on TikTok or on other websites. TikTok stores this data for 18 months.

Further information on data protection on TikTok can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de.

(e) Twitter Pixel

We use the Twitter pixel on our website, a service provided by X Corp, Suite 900, 1355 Market Street, San Francisco, California, 94103, USA. Twitter International Company, 1 Cumberland Place, Fenian Street, Dublin 2, Ireland (Twitter/X) is responsible for users in the EU.

With the help of the Twitter pixel, we can in particular track the actions of users after they have seen or clicked on a Twitter advert. This process is used to evaluate the effectiveness of Twitter ads for statistical purposes and can help to optimise future advertising measures. In particular, we can display targeted adverts to users on Twitter/X or on other websites. Statistical, pseudonymous data is transmitted to Twitter/X in order to provide us with corresponding statistics and to be able to display customised advertisements and information. This data is stored in a cookie. You can set in your Twitter profile whether Twitter/X may access this data (https://help.twitter.com/de/resources/how-you-can-control-your-privacy).

The data collected is anonymous to us, so we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Twitter/X so that a connection to the respective user profile is possible and Twitter/X can use the data for its own advertising purposes. Twitter stores this data for 180 days.

Further information on data protection on Twitter/X can be found here: https://privacy.twitter.com/de.

6. Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you must generally provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

7. Objection to or revocation of the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke it at any time for the future, Art. 7 para. 3 GDPR. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.

(2) Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing, Art. 21 GDPR. This also applies to profiling based on these provisions. This is the case if the processing is not necessary in particular for the fulfilment of a contract with you, which is described by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You also have the right to object, on grounds relating to your particular situation, to the processing of your personal data for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. You can inform us of your objection using the following contact details: HateAid gGmbH, c/o Stiftung Haus der Demokratie und Menschenrechte, Greifswalder Straße 4, 10405 Berlin, phone: 040 65917719, email: kontakt@hateaid.org.

 8. Contact via contact form, registration form and email

(1) You can contact us via our contact form and by email or register for events using the registration form. For the processing of the respective enquiry and its handling, the data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR.

(2) We use the WordPress plugin Contact Form 7 (hereinafter referred to as “WordPress”) for the contact form and the registration form. The provider is Rock Lobster LLC, 1-Chome-1-29 Daimyo, Chuo Ward, Fukuoka, 810-0041, Japan. Further information can be found at the following link: https://contactform7.com/privacy-policy/. The data collected via the contact form or registration form will not be stored by WordPress.

(3) When you contact us, the data you provide (your email address, your name and your message) will be stored by us in order to answer your questions. When you register for an event, the data you provide (your email address, your name, your pronouns, your institution/role) will be stored by us in order to inform you about the event and to be able to invite you to it. The data is stored via Microsoft 365. The provider is Microsoft Corporation (hereinafter “Microsoft”), One Microsoft Way, Redmond, WA 98052-6399, USA. Further details on data protection at Microsoft can be found at the following link https://privacy.microsoft.com/de-de/privacystatement. We delete the data collected in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations. Microsoft Corporation is certified to protect your data in accordance with the EU-US Data Privacy Framework. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active

9. Reporting content via the reporting form

(1) With your signature of our petition #makeitsafe and your subsequent consent, you can subscribe to our newsletter, with which we inform you about our engagement on the subject of hate speech and about our services. You are equally free to subscribe to the newsletter regardless of the petition.
We send out our newsletters on topics related to the organization’s activities, including public appearances, such as expert activities in politics. We also inform you about the progress of our projects and actions. We also inform you about the progress of our projects and actions. We also regularly send out information about donation opportunities and how you can support our work. You can find our past newsletters here: https://hateaid.org/newsletter-archiv/

(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within one week, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation.

The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

(3) We strive to provide our community with the content that interests you the most. Therefore, we assign our subscribers to certain categories, regardless of the channel through which they subscribed to our newsletter and/or have already donated to us. If we have opened the possibility for this, you can also independently select topics in which you are particularly interested, for example, our policy processes, petitions, etc. These profiles do not contain any further personal data.

(4) You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to the contact data provided in the legal notice. We base this processing on Art. 6 (1) letter f) GDPR for the former, and on Art. 6 (1) letter a) GDPR for the topics selected by you.

(5) The newsletter is sent via the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede (“CleverReach”). Using CleverReach, we can analyze whether the newsletter has been opened and which links have been clicked on multiple times, if applicable, without linking this to your e-mail address. CleverReach also lists which devices were used (such as PCs, cell phones or tablets) and shows how the openings are distributed worldwide (geo-tracking). We do not link any of this data to your mail address. The dispatch service provider does not use the data of our newsletter recipients to contact them themselves or to pass them on to third parties. You can view CleverReach’s privacy policy here: https://www.CleverReach.com/de/datenschutz/. The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) sentence 1 letter a) GDPR.

(6) We would like to point out that the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files. The data is collected exclusively pseudonymously, i.e., the IDs are not linked to your other personal data such as your e-mail address, and a direct personal reference is excluded.

(7) You can object to this tracking at any time by unsubscribing from the newsletter. The information will be stored if you have subscribed to the newsletter. After unsubscribing, we store the data purely for statistical purposes. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place. The tracking takes place based on our legitimate interest according to Art. 6 (1) letter f) GDPR, in order to be able to improve our offer and make it more interesting for you as a user.

(1) You have the opportunity to support us with donations. To do so, you can either transfer an amount to us via your bank or use the donation form implemented on our website. We use the donation form FundraisingBox of Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg (“Wikando”). Your data will be forwarded to Wikando to fulfil the contract. We have chosen this provider in order to always guarantee the highest level of data security for your data. You can find information about data security at Wikando GmbH here: http://www.fundraisingbox.com/security/. You can find out more about data protection at Wikando here: https://www.fundraisingbox.com/datenschutz/.

For selected marketing measures, e.g. sending newsletters or media campaigns, a link ID is used to record the measure via which your donation was made in the form.

You can select in the form whether you wish to donate via a SEPA direct debit mandate or PayPal from PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). Mandatory information includes title, first name, surname, name of the account holder and IBAN if you wish to donate by direct debit mandate. If you choose PayPal, you will be redirected to the PayPal page. If you select third-party payment services, the terms and conditions and privacy policy of the respective provider apply. You can find out more about data protection at PayPal here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

If you make an independent transfer to our donation account without involving a third-party provider, your data will be recorded by Wikando Bank Sync (see above) and transferred to the FundraisingBox. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR in order to be able to issue you with the donation receipts for your donation. Of course, no further data will be passed on.

(2) If an amount of EUR 20,000 or the total value of EUR 20,000 – in relation to a donor – is exceeded in a calendar year, we are obliged under Section 3 (1) No. 7 LobbyRG to transmit the following information on individual donations from third parties (donations) to the Lobby Register in increments of EUR 10,000 each:

Name, company or designation of the donor,

place of residence or registered office of the donor,

a brief description of the benefit.

If the donors are natural persons, the following data will not be published in the Lobby Register in accordance with Section 4 (2) sentence 2 LobbyRG:

Place of residence or registered office of the donor,

surname at birth and other first names of the donor.

The entries in the lobby register are published in machine-readable form and with a search function. The legal basis for the transfer of data to the Lobby Register is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with Art. 3 para. 1 no. 7 GDPR. § Section 3 para. 1 no. 7 LobbyRG.

(3) If you decide to donate via our website, your data may be processed to create a donor structure analysis. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing of your personal data is necessary to protect our legitimate interests. As a non-profit organisation, we are concerned with the targeted use of resources. Analysing our target group for donations helps us to optimise our marketing measures.

(4) The following personal data may be processed: First name and surname, address, date of first donation, date of last donation, identification whether permanent donor.

(5) For this purpose, we use the processor AZ fundraising services GmbH & Co. KG, Carl-Bertelsmann-Str. 161s, 3331 Gütersloh (“AZ fundraising services”) for this purpose. Existing donor data from the FundraisingBox is analysed using the “AZ DIAS” system (AZ data, information and address system) from AZ fundraising services. Data mining and scoring methods are combined with qualified personal characteristics from the AZ DIAS market database and the above-mentioned donor data. The following data is processed: age at five-year intervals, location size class and federal states, income classes, online/offline affinity as well as the subdivision of donors into the following groups according to donation behaviour: identification whether single, multiple or permanent donors.

(6) To protect your data, we have concluded an order processing contract with AZ fundraising services in accordance with Art. 28 GDPR. Donor addresses are anonymised using data encryption software. Our processor itself and its subcontractors are contractually obliged to handle your data in compliance with data protection regulations, in particular with regard to confidentiality, data protection and data security.

(7) Your personal data may be passed on to subcontractors by AZ fundraising services. These may also be located outside the European Economic Area. If there is no adequacy decision, AZ fundraising services is obliged to conclude standard contractual clauses in accordance with Art. 46 GDPR. Your data will only be stored for as long as is necessary for the donor structure analysis and will then be deleted. You have the right to object to data processing at any time. There is no automated decision-making and no profiling within the meaning of Art. 22 GDPR.

(8) You can find more information about AZ fundraising services’ donor structure analysis here: https://www.az-fundraising.de/fundraising-instrumente/spender-analyse/. You can find out more about data protection at AZ fundraising services here: https://www.az-fundraising.de/datenschutz/.

11. Newsletter dispatch with CleverReach

(1) With your signature on the petition and your subsequent consent, you can subscribe to our newsletter, which we use to inform you about our commitment in the area of hate speech and also about our services. You are also free to subscribe to the newsletter independently of the petition.

We send out our newsletters on topics related to the organisation’s activities, including public appearances, e.g. expert activities in politics. We also keep you informed about the progress of our projects and campaigns. We also regularly send out information on donation opportunities and how you can support our work. You can find our past newsletters here: https://hateaid.org/newsletter-archiv/.

(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an email to the email address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within one week, your information will be blocked and automatically deleted after one month. We also store the IP addresses you use and the times of registration and confirmation.

The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) We strive to provide our community with the content that interests you the most. We therefore assign our subscribers to certain categories, regardless of the channel through which they subscribed to our newsletter and/or whether they have already donated to us. If we have provided the option to do so, you can also independently select topics that you are particularly interested in, for example our landmark cases, petitions, etc. These profiles do not contain any further personal data.

(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email, by email to the contact details given in the imprint.

(5) The newsletter is sent via the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede (“CleverReach”). CleverReach enables us to analyse whether the newsletter has been opened and which links have been clicked on more than once, without linking this to your email address. CleverReach also lists which devices were used (such as PCs, mobile phones or tablets) and shows how the openings are distributed worldwide (geo-tracking). We do not link any of this data to your email address. The mailing service provider does not use the data of our newsletter recipients to contact them itself or pass it on to third parties. You can view CleverReach’s privacy policy here: https://www.cleverreach.com/de/datenschutz/. The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

(6) We would like to point out that the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files. The data is only collected in pseudonymised form, i.e. the IDs are not linked to your other personal data such as your email address, and direct personal identification is excluded.

(7) You can object to this tracking at any time by unsubscribing from the newsletter. The information will be stored for as long as you have subscribed to the newsletter. After unsubscribing, we store the data purely for statistical purposes. Such tracking is also not possible if you have deactivated the display of images in your email program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place. The legal basis for consent is Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with. § 25 para. 1 sentence 1 TTDSG. Tracking is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to improve our offer and make it more interesting for you as a user.

12. Signing petitions

(1) You can support various petitions (campaigns) on our website by signing with your email address. We need the email address so that we can make sure that a person is behind the signature. We also need your first name and surname for participation in petitions in order to verify the origin of the signatures.

(2) We see the signing of petitions as an act of public expression of opinion. However, a pseudonym can also be used instead of your real name.

(3) First and last name (or pseudonym) as well as zip code, city and date of signature are shared with the initiator of the petition and can be passed on by this person to decision-makers – e.g. as part of a petition handover. Only if the list can be viewed can the legitimacy of the signatures be proven and decision-makers be influenced.

(4) We use the Proca platform provided by the company “Fix The Status Quo”, A. H. Tammsaare tee 47, Kristiine linnaosa, Tallinn 11316, Estonia, for our petitions. The data entered when signing the petition is transmitted and processed in encrypted form. No cookies are set through the use of Proca. Data processing only takes place with the express consent of the person participating in the petition. The data will be deleted after the petition has been completed. Further information on data protection at “Fix the Status Quo” can be found here: Privacy Policy – Fix The Status Quo. The legal basis for data processing is your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

1) We would also like to communicate with you on Facebook, Instagram and Twitter. We do not link our site directly to the social media providers, but integrate them via the open source plug-in Shariff Wrapper from WordPress. Shariff Wrapper integrates social media via static graphics that function like normal links. Therefore, unlike the original social media buttons, the Shariff Wrapper social media buttons do not automatically send information about visitors to the social networks. In addition, Shariff Wrapper prevents information from being sent even before you have logged in to the social media providers. This means that by clicking on the social media button, you can choose whether or not you want to send information to Facebook and Twitter. Only when you click on the button will your data be transmitted to the respective button. Among other things, the data mentioned under § 3 will be transmitted. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymised immediately after collection. Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.

(2) When you click on the button, we have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

(3) The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, though you must contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.

(4) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers listed below. There you will also find further information on your rights in this regard and setting options to protect your privacy:

a) Facebook and Instagram of Meta Platforms Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084 and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Meta Platforms Inc. is certified to protect your data in accordance with the EU-US Data Privacy Framework. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

b) X Corp, 1355 Market Street, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

14. Integration of YouTube videos

(1) We have integrated YouTube videos from YouTube LLC, 901 Cherry Ave, San Bruno, California 94066, USA, a subsidiary of Google LLC (“YouTube”) into our online offering, which are stored on https://www.YouTube.com and can be played directly from our website. [These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in § 2 be transmitted. We have no influence on this data transfer].

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, though you must contact YouTube to exercise this right.

(3) Further information on the purpose and scope of data collection and its processing by YouTube can be found in their privacy policy. There you will also find further information on your rights and setting options to protect your privacy https://policies.google.com/privacy?hl=de&gl=de. Google LLC is certified to protect your data in accordance with the EU-US Data Privacy Framework. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

(1) We use the cookie consent tool Borlabs Cookies from the company Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (“Borlabs Cookies”). The tool is used to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations.

(2) When using Borlabs Cookies, a cookie is stored in your browser when you enter the website, in which the consents you have given or the revocation of these consents are stored. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again. This data will not be passed on to the provider of Borlabs Cookies. The following data is stored:

Cookie duration

Cookie version

Domain and path of the WordPress website

Consents

UID

The UID is a randomly generated ID and not personal information.

(3) The data collected will be stored for 1 year or until you ask us to delete it or delete the cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. You can prevent the installation of cookies in various ways, e.g:

a) by setting your browser software accordingly, in particular by suppressing third-party cookies so that you do not receive ads from third-party providers, or

b) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link https://optout.aboutads.info/?c=2&lang=EN, where this setting is deleted when you delete your cookies.

We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

(4) The legal basis for the use of Borlabs cookies is Art. 6 para. 1 sentence 1 lit. a GDPR i.V.m. § Section 25 para. 1 sentence 1 TTDSG. You can find more information on data protection at Borlabs Cookies here: https://de.borlabs.io/datenschutz/.

16. Reach analysis with Matomo (formerly PIWIK)

(1) This website uses the web analysis service “Matomo”. Matomo is an open source software. We use Matomo to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) Matomo collects and stores the following data: the browser type and version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click on. The user’s IP address is anonymised before it is saved.

(3) Cookies (see § 3 for more details) are stored on your computer for this analysis. The information collected in this way is stored by the controller exclusively on its server in Germany. You can stop the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. You can prevent the storage of cookies by changing the settings in your browser. You can prevent the use of Matomo by unchecking the following box to activate the opt-out plugin:

OFF/Matomo

(4) This website uses Matomo with the “AnonymizeIP” extension. This means that IP addresses are further processed in abbreviated form, so that they cannot be directly linked to individuals. The IP address transmitted by your browser using Matomo is not merged with other data collected by us.

(5) You can find more information on data protection at Matomo at https://matomo.org/privacy-policy/.

(1) We have a Facebook page hosted by Meta Platforms Inc (“Facebook”), 1601 S California Ave, Palo Alto, California 94304, USA. We are joint controllers with Facebook for the protection of your personal data in accordance with Art. 26 GDPR: https://www.facebook.com/legal/terms/page_controller_addendum. Via the Facebook page, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use are therefore our legitimate interests in the area of effective communication as well as economic interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) Facebook stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our Facebook page. You have the right to object to the creation of these user profiles, though you must contact Facebook to exercise this right: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You can assert any request for information and other rights more effectively directly with Facebook.

(3) We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by Facebook. We would like to point out that your personal data may also be transmitted by Facebook to servers outside the European Economic Area.

(4) Further information on the purpose and scope of data collection and its processing by Facebook can be found in Facebook’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://www.facebook.com/policy.php. Meta Platforms Inc. is certified to protect your data in accordance with the EU-US Data Privacy Framework. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active.

18. Presence on our Instagram page

(1) We have an Instagram page hosted by Meta Platforms Inc (“Instagram”), 1601 S California Ave, Palo Alto, California 94304. Via the Instagram page, we offer you the opportunity to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use are therefore our legitimate interests in the area of effective communication as well as economic interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) When you use Facebook, your metadata such as location data, device data, language and browser settings, activities, contacts, payment data, etc. are collected. Instagram stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our Instagram page. You have the right to object to the creation of these user profiles, though you must contact Instagram to exercise this right: https://help.instagram.com/contact/1845713985721890. You can assert any request for information and other rights more effectively directly with Instagram.

(3) We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by Instagram. Please note that your personal data may also be transmitted by Instagram to servers outside the European Economic Area and that Instagram may pass on your data to other companies in the group and third parties.

(4) Further information on the purpose and scope of data collection and processing by Instagram can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875?helpref=page_content. There you will also find further information on your rights in this regard and setting options to protect your privacy. Meta Platforms Inc. is certified to protect your data in accordance with the EU-US Data Privacy Framework. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active.

(1) We have a YouTube channel hosted by Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountainview, California 94043, USA (“YouTube”). Via our YouTube channel, we offer you the opportunity to gain an insight into our work so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use are therefore our legitimate interests in the area of effective communication as well as economic interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) When you use YouTube, your metadata such as location data, device data, language and browser settings, activities, contacts, payment data, etc. will be collected. In addition, the data mentioned under § 3 of this declaration will be transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out beforehand. YouTube stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities. You have the right to object to the creation of these user profiles, though you must contact YouTube to exercise this right. You can assert any request for information and other rights more effectively directly with YouTube.

(3) We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information about the deletion of the data collected by YouTube. Please note that your personal data may also be transmitted by YouTube to servers outside the European Economic Area and that YouTube may pass on your data to other companies in the group and third parties.

(4) Further information on the purpose and scope of data collection and processing by YouTube can be found in YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy. There you will also find further information on your rights in this regard and setting options to protect your privacy. Google LLC is certified to protect your data in accordance with the EU-US Data Privacy Framework. Link to the certification: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

20. Presence on X (formerly Twitter)

(1) We have an account on X hosted by X Corp (“X”), 1355 Market Street, Suite 900, where we offer you the opportunity to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use are therefore our legitimate interests in the area of effective communication as well as economic interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) X stores, among other things, the data mentioned in § 3 as well as other personal data such as your age, gender, language, etc. as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our page on X. X may also use analysis programs such as Google Analytics. You have the right to object to the creation of these user profiles, though you must contact X to exercise this right. You can also unsubscribe from interest-based advertising via https://optout.aboutads.info/?c=2&lang=EN. You can assert any request for information and other rights more effectively directly with X. You can prevent tracking by Google Analytics, the collection of data generated by Google Analytics and related to your use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

(3) Further information on data collection, purpose of processing, data transfer and deletion periods can be obtained directly from X’s privacy policy: https://twitter.com/de/privacy. We would like to point out that your personal data may also be transmitted by Twitter to servers outside the European Economic Area.

21. Presence on our Mastodon page

(1) We have an account on the Mastodon instance “troet.cafe”, a decentralised social network. The operator of the “troet.cafe” instance is Martin Müller, c/o Postflex #3517, Emsdettener Str. 10, 48268 Greven. The privacy policy of the “troet-cafe” instance can be found here: https://troet.cafe/privacy-policy.

(2) The network is powered by Mastodon gGmbH, Mühlenstraße 8a, 14167 Berlin, Germany. Further information on data protection at Mastodon can be found here: https://joinmastodon.org/de/privacy-policy.

(3) Via our Mastodon page, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use are therefore our legitimate interests in the area of effective communication as well as economic interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

(4) When accessing, registering and using Mastodon, an encrypted connection is established to the web server on which the instance is operated. In order to display the content correctly on your device, the following data, among other things, is processed:

the IP address of your internet connection,

the operating system and the operating system version of your end device, the display resolution of your device

the internet browser and browser version you are using and

the time of your access to the website.

The processing of this data is necessary for access, processing, display and control. After a visit to the website, some of the data is stored in logs for server maintenance and security purposes and deleted after 14 days at the latest.

(5) The Mastodon instance “troet.cafe” collects the IP address from which you access the instance. All registered sessions are available for review and revocation in the settings.

(6) The Mastodon instance “troet.cafe” uses cookies for its functionality. These are text files that allow users to be recognised. This makes it possible, for example, for registered users to navigate to different subpages of the instance without having to log in again each time. User behaviour is neither analysed nor tracked. All cookies used are exclusively so-called session cookies that are deleted at the latest when the browser is closed.

22. Presence on our TikTok account 

(1) We have an account on the platform TikTok hosted by the TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Via our TikTok page, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use are therefore our legitimate interests in the area of effective communication as well as economic interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) TikTok stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our TikTok page.

(3) We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by TikTok. We would like to point out that your personal data may also be transmitted by TikTok to servers outside the European Economic Area.

Further information on the purpose and scope of data collection and its processing by TikTok can be found in TikTok’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

23. Presence on our LinkedIn page 

(1) We have a page on LinkedIn hosted by the LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. Via our LinkedIn page, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use are therefore our legitimate interests in the area of effective communication as well as economic interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) By using LinkedIn, your personal data will be collected, transmitted, stored, disclosed and used by LinkedIn. LinkedIn transfers your data from the countries designated in the GDPR to the USA and back. Currently, the LinkedIn data centres for storing the information of its members are located in the USA and Singapore. To protect your data when it is transferred to LinkedIn in the USA, we have concluded standard contractual clauses of the EU Commission with LinkedIn.

(3) We have no influence on the data collected and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by LinkedIn.

(4) Further information on the purpose and scope of data collection and its processing by LinkedIn can be found in LinkedIn’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://www.linkedin.com/legal/privacy-policy.

24. Quizzes and surveys

(1) In order to carry out playful quizzes and surveys, we use Lamapoll, Lamano GmbH & Co. KG, Prenzlauer Allee 36 G, 10405 Berlin, Germany, info@lamapoll.de. LamaPoll is a web service for creating and conducting surveys. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

(2) When using the tool, i.e. when participating in the surveys and quizzes, information of a general nature is automatically collected. This data (server log files) includes

Time of access (date & time)

Your web browser

Your operating system

The URL or action called up in the survey tool

The website from which you visit us (referrer URL)

Your IP address (anonymised)

This is exclusively data that does not allow any conclusions to be drawn about your specific person.

This data is technically necessary in order to correctly deliver the content you have requested and is mandatory when using the Internet. They are required for the operation, maintenance, protection and monitoring of the proper functioning of the system. In the event of misuse, these logs are used to create reproduction scenarios and, if necessary, evidence to be provided by us. In the event of an error, these logs are used to enable the system to be updated as quickly as possible. This data is only used by Lamapoll if necessary and only for protection, maintenance and to ensure the proper operation of the system. It will never be passed on to third parties or used in any other way.

(3) Cookies are used in our survey tool in particular for the following functions:

Authorisation of requests (so-called “session cookie”)

Storage of your language settings

Storage of your settings for views (survey overview, file manager, etc.)

You can deactivate the use of cookies at any time via your browser settings. Please note that you will no longer be able to use the survey tool if you have deactivated cookies in your browser.

(4) Session cookies and language settings are deleted after the browser is closed. Other information is stored for one quarter and then saved purely for statistical purposes.

25. Live chat with Userlike

(1) We use the live chat software “Userlike”. The service provider is the German company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne. The tool is used to contact us personally via our website.

(2) Userlike offers a messenger function for web and mobile support. This software-based solution for chat communication offers customer support in real time and asynchronous communication, and helps us to expand communication with interested parties.

(3) Userlike uses cookies to make it easy for you to contact us via our website so that you are connected to the same contact person when you make another chat request. When you enter our website, a cookie is stored in your browser in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Userlike.

(4) The following data is stored:

Chat transcript

Email address

Browser

Operating system

End device

Number of page views

Number of page visits

Referrer

URL (where the chat was started)

Survey before and after the chat

Chat topic

Chat status (new, waiting, finished)

Chat rating after the chat

Duration of the chat

Date of the chat

Geo-location (voluntary, optional)

Media files that the contact shares with the operator during the chat

Optional data fields that HateAid transfers to Userlike

IP address

(5) The registered office of Userlike UG is located in Germany. Userlike stores data encrypted on German servers. Nevertheless, Userlike uses the services of the following subcontractors whose registered offices are not within the EEA:

Amazon Web Services (AWS) 38 Avenue John F. Kennedy L-1855 Luxembourg

Mailgun Technologies, Inc. 112 E Pecan St #1135 San Antonio, Texas 78205 USA

Twilio Inc. 375 Beale Street, Suite 300, San Francisco, California 94105 USA

FullContact 1624 Market St Ste 226, PMB 45057, Denver, Colorado 80202 USA

(6) The data you have provided in the chat will be deleted within one month, provided that there are no legal retention periods to the contrary.

(7) Data transfers to third countries outside the EEA are therefore possible. We have concluded an order processing contract with Userlike to protect your data. Userlike has signed standard contractual clauses to ensure the European level of data protection. The subcontractors AWS, Twilio and FullContact are certified according to the EU-US Data Privacy Framework to protect your data.

Links to the certification:

Amazon Web Service: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TOWQAA4&status=Active

Twilio: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNLbAAO&status=Active

FullContact: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001GeAAI&status=Active

Data transmission by the subcontractor MailGun is protected by standard contractual clauses within the meaning of Art. 46 para. 2 lit. c GDPR. You can find more information on data protection at Userlike at https://www.userlike.com/de/data-privacy. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR (consent).

26. Applications

(1) Applicants can send us unsolicited applications by email or via the contact form integrated on our website. The applicants’ data will be evaluated for the purpose of processing the application procedure. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be deleted seven months after notification of the rejection decision if this does not conflict with any legitimate interests, such as a burden of proof in proceedings under the General Equal Treatment Act (AGG). The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

(2) Your application can be submitted using a Podio form. You can find more information on this in § 6.