Data protection

We look forward to your visit to our website. In the following we would like to inform you about the handling of your data in accordance with. Art. 13 of the General Data Protection Regulation (GDPR).

Person responsible
Responsible for the data processing described below is the office named in the imprint. office.

Usage data
When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our websites. This data set consists of

• the name and address of the requested content,
• the date and time of the query,
• the amount of data transferred,
• the access status (content transferred, content not found),
• the description of the web browser and operating system used,
• the referral link, which indicates from which page you came to ours,
• the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.

The aforementioned log data is only analyzed anonymously.

The legal basis for the processing of usage data is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimized display.

Data security
We take technical and organizational measures to protect your data from unwanted access as comprehensively as possible. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address bar begins with https://.

Consent banner
We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, in our legitimate interest to display our content according to your preferences and to be able to prove the consent(s) you have given.The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consent can still be tracked.You can find further information on this under the heading “Required cookies”.

The provider of the consent management platform, Usercentrics A/S, works for us as a strictly instruction-bound service provider (processor). An order processing contract in accordance with Art. 28 GDPR has been agreed.

Required cookies
We use cookies on our websites that are necessary for the use of our websites.

Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

Some of these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies on the basis of our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.

You can set your browser so that it informs you about the placement of cookies. You can also delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our web pages may then not be displayed in full and some functions may no longer be technically available.

Provider	Purpose	Storage duration	Adequate level of data protection
Aut O’Mattic A8C Ireland Ltd. (WordPress)	Provision and presentation of content	Session	Processing takes place within the EU/EEA.

Donations
We collect and process the following data to carry out the collection of donations commissioned by you within the meaning of Art. 6 para. 1 lit. b) GDPR:

• Donor data: Personal data of donors (data fields include: first and last name, e-mail)
• Transaction data: Data required for payment processing (depending on the payment method selected, e.g. IBAN and BIC for payment by direct debit)

Participating credit institutions will only receive your data to the extent necessary for the collection of donations. The data will be transferred to the bank you have specified in the direct debit procedure.

We use the services of twingle GmbH for the technical implementation of data processing. This is an external service provider, strictly bound by our instructions and contractually obligated accordingly.

We delete your data if it is no longer required and there are no statutory retention obligations to the contrary.As a rule, this is the case 10 years after processing the donation collection order.

Promotion
You also have the opportunity to apply for funding for your charitable organization or a specific project. For this purpose, we will provide you with a funding application in which we collect the necessary data on the basis of Art. 6 para. 1 lit. b) Query the GDPR. Furthermore, according to Art. 6 para. 1 lit. c) GDPR to request a notice of exemption to review the application, as the foundation exclusively and directly serves tax-privileged and charitable purposes within the meaning of Sections 51 et seq. AO.

Your data will only be processed to process your application. We will delete your data if it is no longer required and there are no legal obligations to retain it.As a rule, this is the case 10 years after the processing of the commission to collect donations. The statutory retention period is set out in Section 47 (3) of the German Fiscal Code.

Visitor measurement
We use web analysis tools to design our websites in line with requirements. These create user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In addition, it is possible that we may retrieve recognition features for your browser or your end device (e.g. a so-called browser fingerprint or your unabridged IP address). In this way, we are able to recognize returning visitors and count them as such.

In addition, we use the following functions as part of visitor measurement:

• We enrich the pseudonymous data with additional data provided to us by third-party providers. In this way, we are able to record the demographic characteristics of our visitors, e.g. information on age, gender and place of residence.
• We use a recognition method that allows us to record and subsequently evaluate the mouse pointer movements of our visitors.
• We create exploratory click paths and browsing behavior analyses using contextual data, including the usage history on other pages with cookies also activated.

Data processing is based on your consent, provided that you have given your consent via our banner. You can withdraw your consent at any time.To do so, please follow this link and make the appropriate settings via our banner.

Below we list the third-party providers with whom we work in connection with visitor measurement. If the data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information on the level of data protection in the following table.

Provider	Maximum storage duration	Appropriate Level of data protection
InnoCraft Ltd (Matomo)	Session	Processing takes place outside the EU/EEA. An adequate level of data protection is guaranteed on the basis of an adequacy decision.
Aut O’Mattic A8C Ireland Ltd (WordPress)	Session	Processing takes place within the EU/EEA.

Storage duration
Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.

Further processors
We pass on your data within the framework of order processing in accordance with. Art. 28 GDPR to service providers who support us in the operation of our websites and the associated processes. These are hosting service providers, for example. Our service providers are strictly bound by our instructions and are contractually obligated accordingly.

Below we list the processors with whom we work, if we have not already done so in the above text of the data protection declaration. If data can be processed outside the EU or the EEA in this context, we will inform you about this in the following table.

Processor	Purpose	Adequate level of data protection
IONOS SE (Germany)	Web hosting and support	Processing only within the EU/EEA

Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:

Right to information (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

Right to erasure (Art. 17 GDPR)

You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right of withdrawal (Art. 7 GDPR)

If the processing of data takes place on the basis of your consent, you are entitled under Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the use of your personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 para. 1 p. 1 lit. f GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6 para. 1 p. 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You have acc. In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Assertion of your rights

Unless otherwise described above, please contact the office named in the legal noticeto assert your rights as a data subject.

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection using the following contact details:

datenschutz nord GmbH
Web:
https://www.dsn-group.de/

E-Mail:
office@datenschutz-nord.de

If you contact our data protection officer, please also indicate the responsible body named in thelegal notice.