This Privacy Policy clarifies the use, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online performance likewise on our websites, online features and content associated with them, as well as social media profiles (collectively referred to as "social media"). With regard to the terminology used, e.g. "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
AIDS Action Europe
c/o Deutsche AIDS-Hilfe e.V.
Wilhelmstr. 138
10963 Berlin, Germany
E-Mail: info@aidsactioneurope.org
Chief Executive Officer: Silke Klumb und Peter Stuhlmüller
Responsible concerning the Privacy Policy: Ljuba Böttger Ljuba.Boettger@aidsactioneurope.org
Types of processed data
Processing purpose
Used terms
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means associated with personal data. The term goes far and includes practically every handling of data.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant legal bases
According to Art. 13 GDPR we inform you about the legal basis of our data processing. Unless the legal basis is not stated in the privacy policy, following applies: The legal basis for collecting consents is Art. 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing and fulfilment our services and processing contractual measures, as same as reply on requests is Art. 6 (1) lit. b. GDPR, the legal basis for fulfilling our legal obligations is Art. 6 (1) lit. c. GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6 (1) lit. f. GDPR. In case essential interests of affected person or other natural person requires the processing of personal data, we refer to Art. 6 (1) lit. d. GDPR as legal basis.
Collaboration with processors and third parties
If we disclose, transmit or otherwise grant access to data to other persons and companies (contract processors or third parties) while processing, it happens only on the basis of a legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) lit. b. GDPR to fulfill the contract). Therefore you have consented to a legal obligation or based on our legitimate interests (e.g. the use of webhosts, etc.).
Transfers to third countries
Rights of data subject
You have the right to obtain from the controller confirmation as to whether data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
You have accordingly to Art. 16 GDPR the right to have the incomplete personal data completed or to obtain the rectification of inaccurate personal data.
In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted undue delay or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
You have the right to receive data referring to you, which you have provided to us, in accordance with Art. 20 GDPR and to request their transmission to other responsible persons.
You have according to Art. 77 GDPR the right to lodge a complaint with the competent supervisory authority.
Withdrawal
You have the right to withdraw your consent in accordance with. Art. 7 (3) GDPR with effect for the future.
Right to object
You have the right to object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.
Cookies and right to object in direct mail
We can use temporary and permanent cookies and clarify this in the context of our privacy policy.
If users do not want cookies stored on their computer, they can disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this website.
. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that not all features of this website may be used in such a case.
Right to erasure
The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us is deleted as soon as you it is no longer required for their purpose and the erasure does not conflict with any statutory storage requirements.
If the data is not deleted because it is required for other and legitimate purposes, its processing will be restricted. In this case, the data is blocked and will not be processed for other purposes. This applies, for example for data that must be kept for financial, commercial or tax reasons.
According to legal information in Germany, the retention ensue in particular for 6 years pursuant to § 257 paragraph 1 HGB (“Handelsgesetzbuch”: trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and § 10 paragraph 1 AO (books, records, management reports, and other), and 10 years pursuant to § 147 Abs. 1 AO (“Abgabenordnung”: books, records, management reports, accounting records, trade and business letters, tax documents, and others).
Hosting
We host our website to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services, which we use to operate on the website.
We, respectively our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our online service on the basis of our legitimate interests in an efficient and secure provision of our website according to Art. 6 (1) lit. f GDPR in connection to Art. 28 GDPR (in conclusion of a job-processing contract).
Collection of access data and log files
We, respectively our hosting provider, collects based on our legitimate interests, according to Art. 6 (1) lit. f GDPR, data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be excluded from the erasing until the final clarification of the incident.
Google analytics
As part of the Google analytics range analysis the following data is processed, based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online performance as defined in Art. 6 (1) lit. f GDPR): the type of browser you use and the browser version, the operating system you are using, your country of origin, the date and time of the server request, the number of visits, how long you have spent on the site, and the external links you have activated. The IP address of the users is anonymized before being saved.
https://policies.google.com/privacy
Google analytics uses cookies that are stored on users' computers and that allow an analysis of how users use our website offer. In this case, pseudonymous usage profiles can be created from the processed data. The cookies have a retention period of one week. The information generated by the cookie about your use of this website will only be stored on our server and will not be passed on to third parties.
Google ReCaptcha
We use Google “ReCaptcha” to detect bots, e.g. when entering into online forms. "ReCaptcha" us provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Berlin, March 2020