Privacy Policy
Introduction
With the following data protection declaration we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”) ).
The terms used are not gender specific.
As of: July 18, 2022
Table of contents
- Introduction
- Responsible person
- Overview of processing
- Relevant legal bases
- Security measures
- Carrying out tasks according to the statutes or rules of procedure
- Payment procedure
- Provision of online offerings and web hosting
- Contact and inquiry management
- Changes and updates to the data protection declaration
- Definitions of terms
Responsible person
Kilimanjaro Animal CREW e.V.
Claudia Lux
Balinger Straße 9
72415 Grosselfingen
Persons authorized to represent:
1. Vorsitzende Claudia Lux, 2. Vorsitzende Maike Classen
E-Mail-Adress:
verein@kilimanjaro-crew.de
Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
- Inventory data.
- Payment details.
- Contact details.
- Content data.
- Contract data.
- Usage data.
- Meta/communication data.
Categories of affected persons
- Customers.
- Interested parties.
- Communication partner.
- Users.
- Members.
- Business and contractual partners.
Purposes of processing
- Provision of contractual services and customer service.
- Contact inquiries and communication.
- Manage and respond to inquiries.
- Feedback.
- Provision of our online offering and user-friendliness.
- Information technology infrastructure.
Relevant legal bases
Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you of these in the data protection declaration.
- Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – The processing is for the fulfillment of a Contract to which the data subject is a party, or necessary to carry out pre-contractual measures at the request of the data subject.
- Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – The processing is to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh them.
In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
Security measures
We take action in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the Threat to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, distribution, ensuring availability and their separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
Performing tasks according to the statutes or rules of procedure
We process the data of our members, supporters, interested parties, business partners or other persons (collectively “affected”) if we have a membership or other business relationship with them and our tasks and are recipients of services and benefits. Furthermore, we process the data of those affected on the basis of our legitimate interests, e.g. when it concerns administrative tasks or public relations.
The data processed here, the type, scope and purpose and necessity of their processing are determined by the underlying membership or contractual relationship, which also determines the necessity of any data information (Incidentally, we point out the necessary data).
We delete data that is no longer necessary to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. We retain the data for as long as it may be relevant to the transaction, as well as with regard to any warranty or liability obligations based on our legitimate interest in regulating them. The necessity of storing the data is checked regularly; Otherwise, the statutory retention requirements apply.
- Types of data processed: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category).
- Affected persons: Users (e.g. website visitors, users of online services); members; Business and contractual partners.
- Purposes of processing: Provision of contractual services and customer service; Contact inquiries and communication; Managing and responding to inquiries.
- Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Payment method
As part of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer those affected efficient and secure payment options and use other service providers in addition to banks and credit institutions a (collectively “payment service provider”).
Zu den durch die Zahlungsdienstleister verarbeiteten Daten gehören Bestandsdaten, wie z.B. der Name und die Adresse, Bankdaten, wie z.B. Kontonummern oder Kreditkartennummern, Passwörter, TANs und Prüfsummen sowie die Vertrags-, Summen- und empfängerbezogenen Angaben. Die Angaben sind erforderlich, um die Transaktionen durchzuführen. Die eingegebenen Daten werden jedoch nur durch die Zahlungsdienstleister verarbeitet und bei diesen gespeichert. D.h., wir erhalten keine konto- oder kreditkartenbezogenen Informationen, sondern lediglich Informationen mit Bestätigung oder Negativbeauskunftung der Zahlung. Unter Umständen werden die Daten seitens der Zahlungsdienstleister an Wirtschaftsauskunfteien übermittelt. Diese Übermittlung bezweckt die Identitäts- und Bonitätsprüfung. Hierzu verweisen wir auf die AGB und die Datenschutzhinweise der Zahlungsdienstleister.
The terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, apply to payment transactions. We also refer to these for further information and to assert cancellation, information and other rights of those affected.
- Types of data processed: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
- Affected Persons: Customers; Interested parties.
- Purposes of processing: Provision of contractual services and customer service.
- Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).< /li>
Further information on processing processes, procedures and services:
- Mastercard: Payment services (technical connection of online payment methods); Service Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Website: https://www.mastercard.de/de-de.html; Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
- PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Website: https:// www.paypal.com/de; Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
- Visa: Payment services (technical connection of online payment methods); Service Provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Website: https://www .visa.de; Privacy policy: https://www.visa.de/USE_TERMS/visa-privacy-center.html.
Provision of the online offering and web hosting
In order to be able to provide our online offering securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering is accessed can be. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.
The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that arises in the context of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites.
- Types of data processed: Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
- Affected persons: Users (e.g. website visitors, users of online services).
- Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- E-mail sending and hosting:The web hosting services we use also include sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
- Collection of access data and log files: We ourselves (or our web hosting provider) collect data about every access to the server (so-called server log files). The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP address. Addresses and the requesting provider belong. The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and on the other hand to monitor the utilization of the servers and ensure their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
- Content Delivery Network: We use a “Content Delivery Network” (CDN). A CDN is a service that can be used to deliver the content of an online offering, particularly large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
- WordPress.com: Hosting and software for creating, providing and operating websites, blogs and other online offerings; Service Provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com ; Privacy policy: https:/ /automattic.com/de/privacy/; Order processing agreement: https://wordpress.com/support/data-processing-agreements/.
- HostEurope: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www .hosteurope.de; Data protection declaration: https: //www.hosteurope.de/AGB/Datenschutzerklaerung; Order processing contract: https:/ /www.hosteurope.de/Documents/.
Contact and inquiry management
When you contact us (e.g. via contact form, email, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent this is necessary Answering the contact requests and any requested measures is necessary.
Answering contact inquiries as well as managing contact and inquiry data within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre-)contractual inquiries and otherwise Basis of legitimate interests in answering inquiries and maintaining user or business relationships.
- Types of data processed: Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
- Affected people: Communication partners.
- Purposes of processing: Provision of contractual services and customer service; Contact inquiries and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness.
- Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Contact form: If users contact us via our contact form, email or other communication channels, we process what is communicated to us in this context Data for processing the communicated request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, to the extent that this is necessary for their fulfillment and otherwise on the basis of our legitimate interests and the interests of the communication partners in answering the concerns and our legal retention obligations; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).< /span>
Changes and updates to the data protection declaration
We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.< /span>
Term definitions
In this section you will receive an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and are defined primarily in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily to provide understanding. The terms are sorted alphabetically.
- Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”) relate; A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
- Responsible person: The “responsible person” is the natural or legal person, authority, institution or other body that alone or jointly with others has control over the The purposes and means of processing personal data are determined.
- Processing: “Processing” means any operation or series of operations carried out on personal data, with or without the aid of automated procedures. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.