de
donate
Home / Privacy Policy

Privacy Policy

In this privacy policy, we inform you about the processing of personal data (hereinafter referred to as “data”) and the access and storage of information on your device when you use our website https://vitsche.org.

Content of this privacy policy

1. responsible person and contact person
2. data processing on our website
2.1 Accessing our website/connection data
2.2 Making contact, contact and press enquiries
2.3 Registering as a volunteer
2.4 Online donations to Vitsche
2.5 Our newsletter
3. Cookies and co.
3.1 Legal basis and revocation
3.2 Necessary tools
3.3 Optional tools
4. Our online presence on social networks
5. Forwarding of data
6. Data transfer to third countries
7. Duration of data storage
8. Your data protection rights
9. Changes to the privacy policy

1. Responsible person and contact person

The contact person and so-called controller for the processing of your data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is

Vitsche e.V
Skalitzer Str. 80
10997 Berlin
E-mail: board@vitsche.org

If you have any questions about data protection, you can contact us at any time at the above e-mail address or write to us at the above postal address (keyword: “Data protection”).

2. Data processing on our website

2.1 Accessing our website/connection data

Each time you use our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data comprises the so-called HTTP header information, including the user agent, and includes in particular
– IP address of the requesting device;
– Method (e.g. GET, POST), date and time of the request;
– address of the requested website and path of the requested file
– if applicable, the previously accessed website/file (HTTP referrer);
– Information about the browser and operating system used;
– Version of the HTTP protocol, HTTP status code, size of the delivered file;
– Request information such as language, type of content, content coding, character sets;
– cookies stored on the end device of the domain accessed.

The data processing of this connection data is absolutely necessary to enable the visit to the website, to ensure the permanent functionality and security of our systems and to maintain our website in general for administrative purposes. The connection data is also stored in internal log files for the purposes described above, temporarily and limited in content to what is necessary, in order to find the cause and take action in the event of repeated or criminal access that jeopardizes the stability and security of our website.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling website access and the permanent functionality and security of our systems.

Data recipient: Our website is hosted by GoDaddy Inc, headquartered at 2155 E. GoDaddy Way Tempe, AZ 85284 USA.

2.2 Making contact, contact and press enquiries

If you have general questions about Vitsche, you can contact us in various ways – for example by email or post.

The legal basis for processing your data when you contact us in general is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to respond to inquiries addressed to us.

You can also contact us as an existing member, donor, interested party, contact person or (contractual) partner. Depending on the specific relationship with us, we generally process the following categories of data in these cases

  • First and last name, e-mail address, telephone number;
  • Membership and donor number, if applicable;
  • Company name, possibly also consisting of first and last name, address, contact details (telephone, e-mail), sector;
  • Contact person in the company with first and last name, function, contact details (telephone, e-mail).

In these cases, we process your data for the initiation or execution of contracts (e.g. a donation, a project or media cooperation or other relationship with us). In these cases, we base the processing of the data on Art. 6 para. 1 lit. b GDPR.

As a press representative, you have the option of contacting our press team. Data from press inquiries (in particular e-mail address, surname, first name and other contact details, institution, department/editorial department/function/position as well as the request and the associated correspondence) that we receive by e-mail, telephone or post will be stored and processed for the purpose of processing the press inquiry. Press representatives also have the option of registering for our press mailing list. For this purpose, we process surname, first name, e-mail address, institution, department/editorial office/function/position. Press material is sent to the press distribution list by email to the address provided. Data processed in connection with the press distribution list will be stored until objected to. An informal e-mail to the above e-mail address is sufficient for an objection.

In these cases, we base the processing of the data on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the effective processing of press inquiries addressed to us and effective PR and public relations work.

Data receiver: MailerLite Limited (38 Mount Street Upper, Dublin 2, D02 PR89, Ireland) und Google Ireland Limited/ Google Workspace (Gordon House, Barrow Street, Dublin 4, Ireland)

2.3 Registering as a volunteer

You have the opportunity to support us as a volunteer. To do so, you must register using a registration form. We collect the following mandatory data: First and last name, e-mail address, telephone number and the role you would like to take on. We will contact you if we see a need for your support.

The legal basis for processing the data required for registration (mandatory fields) is Art. 6 para. 1 lit. f GDPR. Our legitimate interest here is the establishment and maintenance of a volunteer network for our association.

We will delete your data if you revoke your consent to data processing (see section 8 “Your data protection rights”) or if you or we are no longer interested in working together.

Data recipients: Your data will be stored on servers of Formagrid Inc (hereinafter: “Airtable”) based in San Francisco, 799 Market Street, 8th Floor, CA 94103, USA, i.e. in a third country outside the EU. We have concluded an order processing agreement with Airtable. The transfer of data to the USA is based on EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR, which we have concluded with Airtable. 

General information on data protection at Airtable can be found here: https://support.airtable.com/docs/de/gdpr-at-airtable. Airtable’s privacy policy is available here: https://www.airtable.com/company/privacy. Information on data security is available here: https://www.airtable.com/company/trust-and-security.

2.4 Online donations to Vitsche

You have the option of making online donations to Vitsche on our website: https://vitsche.org/donate/. The processing of your data (first and last name, e-mail address, payment data) is based on Art. 6 para. 1 lit. b GDPR.

Our online donation form is provided to us by GiveWP (443 G Street, Suite #201 San Diego, CA 92101, USA) as a WοrdPress plug-in. GiveWP itself does not process any donor data, but merely establishes an encrypted connection between our website and the payment gateway (e.g. for PayPal).

When using the GiveWP online donation form, various technologies are used to store information in the end device or to access it. These include cookies and JavaScript (you can find more detailed information on these technologies in section 3 “Cookies and Co.”). The following cookies are set by GiveWP:

  • “wp-give_session_[ID]” (7 days): Saves a unique user ID.
  • “wp-give_session_reset_nonce_[ID]” (7 days): Stores the data to identify a donor.

GiveWP is required to complete and fulfill the donation. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

Other donation options and services:

2.5 Our newsletter

You have the option of subscribing to our newsletter, in which we inform you regularly about upcoming events and campaigns, for example.

2.5.1 Subscribing to the newsletter

We use the so-called double opt-in procedure to subscribe to our newsletter, i.e. we will only send you newsletters by email if you confirm in our notification email by clicking on a link that you are the owner of the email address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of this storage is to send you the newsletter and to be able to prove your registration.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by unsubscribing from the newsletter. A corresponding unsubscribe link can be found in every newsletter.

2.5.2 Newsletter tracking

We measure whether a newsletter email has been opened. For this purpose, a “web beacon” (small graphic that is automatically loaded when an email is opened) is integrated into the email, which contains an individual recipient ID. If the email is opened, the sender’s server receives an automatic message. We use this data in pseudonymous form for general statistical evaluations and further development of our content.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to the information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. You can revoke your consent to the analysis of user behavior at any time with effect for the future by unsubscribing from the newsletter. You can also prevent the measurement of the opening of an email by deactivating graphics or the output of HTML content in your email program by default.

2.5.3 Newsletter provider

To send the newsletter, we use the provider MailerLite, which is provided for persons from the European Economic Area and Switzerland by MailerLite Limited in Ireland (38 Mount Street Upper, Dublin 2, D02 PR89). MailerLite stores your data in a data center in the EU. Your data may also be transferred by MailerLite Limited to MailerLite, Inc. (548 Market St, PMB 98174, San Francisco, CA 94104-5401) in the USA. In this case, EU standard contractual clauses are concluded in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we have concluded an order processing agreement with MailerLite Limited. You can find the provider’s privacy policy here: https://www.mailerlite.com/legal/privacy-policy.

3. Cookies and co.

Our website uses various tools that are offered either by us or by third parties. These include, in particular, tools that use technologies to store information in the end device or to access it (cookies, web storage, JavaScript, pixels). In the following, we will inform you about the tools we use, in particular about how the tools work, the providers, the transfer of data to third parties and any data transfers to third countries (see section 6 “Data transfer to third countries”).

3.1.1 Legal basis

We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to provide the basic functions of our websites. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We only use all other non-essential (optional) tools that provide additional functions (our tracking tool, YouTube) with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

3.1 Legal basis and revocation

3.1.1 Legal basis

We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to provide the basic functions of our websites. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We only use all other non-essential (optional) tools that provide additional functions (our tracking tool, YouTube) with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

3.1.2 Obtaining your consent with Complianz (necessary tool)

We use the Complianz tool (Complianz B.V., Kalmarweg 14-5, 9723JG Groningen, Netherlands) to obtain and manage your consent. Complianz generates a banner that informs you about the data processing on our website and gives you the opportunity to consent to all, individual or no data processing through optional tools. This banner appears the first time you visit our website and when you revisit your preferences to change them or withdraw your consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or the cookies or information in the local storage have been deleted or have expired.

As part of your website visit, your consent or revocation, your IP address, information about your browser, your device and the time of your visit will be transmitted to Complianz. In addition, necessary information is stored on your device to document your consent status and, if applicable, your revocations:

  • “cmplz_banner-status” (1 year): Saves whether the cookie banner was rejected;
  • “cmplz_consented_services” (1 year): Saves the cookie consent preferences;
  • “cmplz_functional” (1 year): Store cookie consent preferences;
  • “cmplz_marketing” (1 year): Stores cookie preferences;
  • “cmplz_policy_id” (1 year): Stores the cookie ID;
  • “cmplz_preferences” (1 year): Saves the cookie consent preferences;
  • “cmplz_statistics” (1 year): Saves the cookie preferences.

The data processing is necessary to provide you with the legally required consent management and to fulfill our documentation obligations. The legal basis is Art. 6 para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

3.1.3 Revoking your consent or changing your selection

You can withdraw your consent for certain tools, i.e. for the storage and access to information in the end device and the processing of your data, at any time with effect for the future. To do so, please click on the white button at the bottom right of your screen. There you can also change the selection of tools you wish to consent to and obtain additional information on the tools used.

3.2 Necessary tools

We use necessary cookies that access information in the end device or store information on the end device, including

  • “__paypal_storage__” (local storage): Used in connection with the PayPal payment function on the website. The cookie is necessary to enable a secure transaction via PayPal;
  • “SS_deltaBuffer” (local storage): Used to simplify scrolling on the website;
  • “wpEmojiSettingsSupports” (session storage): Used to provide and present content.
  • “pll_language”: to define the language mode when you change it

Used in connection with the PayPal payment function on the website. The cookie is necessary to enable a secure transaction via PayPal.

3.3 Optional tools

3.3.1 YouTube videos

We have included videos on our website that are stored on YouTube and can be played from our websites. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”), which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other persons by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”). YouTube may store information such as local storage and session storage on your device and execute JavaScript, which accesses information on your device.

We have activated YouTube’s extended data protection mode. According to YouTube’s own documentation, this means that Google receives less usage information and does not personalize video recommendations and advertisements. Cookies are no longer stored. However, information is still stored in the local storage and session storage of your end device, in particular your device ID and other information regarding the playback of the video, which can be retrieved by Google.

The following information is stored in the local storage:
– “yt-remote-device-id”: Storage of the device ID;
– “yt-player-headers-readable”: Storage of the possibility of reading out the player header information;
– “yt.innertube::requests”: Storage of the user’s requests;
– “yt.innertube::nextId”: Storage of the ID of the next video;
– “yt-remote-connected-devices”: Storage of the connected end devices;
– “yt-player-bandwidth”: Storage of the bandwidth of the connection;
– “yt-player-volume”: Storage of the volume of the video;
– “yt-player-quality”: Storage of the resolution/quality of the video;
– “yt-player-performance-cap”: Storage of a possible cap on the resolution due to the bandwidth of the connection;
– “yt-html5-player-modules::subtitlesModuleData::module-enabled”: Storage of whether subtitles are enabled.

The following information is stored in the session storage:
– “yt-remote-session-app”: Storage of the type of end device;
– “yt-remote-cast-installed”: Storage of whether YouTube streaming is installed;
– “yt-remote-session-name”: Storage of the type of end device;
– “yt-remote-cast-available”: Storage of whether YouTube streaming is available;
– “yt-remote-fast-check-period”: Storage of the connection bandwidth check;
– “yt-player-volume”: Saves the volume of the video;
– “yt-player-caption-language-preferences”: Stores the language of the subtitles.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.
Your data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-U.S. Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

When you visit our website, YouTube and Google receive the information that you have accessed the corresponding subpage of our website. This happens regardless of whether you are logged in to YouTube or Google or not. YouTube and Google also use this data for the purposes of advertising, market research and customizing their services. If you access YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not wish to be associated, you must log out of Google before accessing our website. In addition to revoking your consent, you have the option of deactivating personalized advertising in the Google settings for advertising. In this case, Google will only display non-personalized advertising: https://adssettings.google.com/notarget.

Further information can be found in Google’s privacy policy, which also applies to YouTube: https://policies.google.com/privacy.

4. Our online presence on social networks

We maintain online presences in social networks (e.g. Facebook, Instagram, YouTube, TikTok, X etc.) to get in touch with you there and to inform you about our association and our activities. Details can be found in the list of our online presences below.
User data is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on users’ interests. Cookies and other identifiers are stored on your computer for this purpose. These user profiles are then used, for example, to place advertisements within social networks and on third-party websites.

As part of the operation of our online presence, it is sometimes possible for us to access information such as statistics on the use of our online presence provided by the social networks.

These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) and data on interaction with our online presence (e.g. likes, subscriptions, shares, viewing of images and videos) and the posts and content distributed via it. This may also provide information about the interests of users and which content and topics are particularly relevant to them.Details on the social network data that we can access as the operator of the online presence can be found in the privacy policies of the respective online presence.You can find the links to these in the list of our online presences below.The collection and use of these statistics are generally subject to joint responsibility (Art. 26 GDPR). Where this applies, we have listed the relevant contract below.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in informing users about our activities and communicating with them.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This can be done, for example, via direct messages or posts. The content of communication via the social network and the processing of content data is the responsibility of the social network as a messenger and platform service. As soon as we transfer data from you to our own systems or process it further, we are responsible for this.

The most efficient way to submit data protection requests is to contact the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Of course, you can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.
Below you will find a list with information on the social networks on which we operate online presences. If you have any questions, please send us a message to the above e-mail address.

5. Forwarding of data

In principle, the data collected by us is only passed on if a data protection legal basis exists for this in the specific case. Part of the data processing can be carried out by our service providers. In addition to the service providers already mentioned in this data protection declaration, this includes in particular software providers and IT service providers who maintain our systems.

6. Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in or process data in so-called third countries (outside the European Union or the European Economic Area), that is, countries whose data protection level does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not adopted an adequacy decision (Article 45 GDPR) for these countries, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. This includes, but is not limited to, the European Union’s standard contractual clauses or binding internal data protection regulations.

7. Duration of data storage

In principle, we only store data for as long as necessary to fulfill the purposes for which we have collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for proof purposes for civil claims, due to legal retention obligations or in the specific individual case there is another data protection legal basis for the continued processing of your data.

8. Your data protection rights

If the respective legal requirements are met, you are entitled to the data protection rights set out in Art. 7 Para. 3, Art. 15 to 21:
– Right to information about your data processed by us (Art. 15 GDPR);
– Right to rectification of your incorrectly stored data (Art. 16 GDPR);
– Right to erasure of your data (Art. 17 GDPR);
– Right to restriction of the processing of your data (Art. 18 GDPR);
– Right to data portability of your data (Art. 20 GDPR).

In order to assert your rights described here, you can contact the above contact details at any time. Your requests for the assertion of data protection rights and our responses to them will be retained for documentation purposes for a period of up to three years and, in individual cases, for a given reason for the assertion, exercise or defence of legal claims. The legal basis is Art. 6(1)(f) GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfilment of our accountability from Art. 5 (2) GDPR.
You have the right to revoke your consent to us at any time. As a result, we will no longer continue the data processing based on this consent for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

If we process your data on the basis of legitimate interests, you have the right to object at any time to the processing of your data for reasons arising from your particular situation.
If you wish to exercise your right of revocation or objection, an informal notification to the above contact details is sufficient.

Finally, you have the right to complain to a data protection supervisory authority in accordance with Article 77 GDPR. For example, you can assert this right with a supervisory authority in the Member State of your place of residence or the place of the alleged infringement. In Berlin, our headquarters, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

9. Changes to the privacy policy

We occasionally update this privacy policy, for example, if we adapt our website or if the legal or regulatory requirements change.

Version: April 2024