Privacy

General Standard Terms and Conditions

Privacy policy for the use of this website

Malteser Werke gGmbH (hereinafter referred to as "Malteser", information about Malteser can be found here) would like to thank you for visiting our website. Data protection and data security are very important to us in the use of our website. We would therefore like to take this opportunity to explain which personal data we collect when you visit our website and what this data is used for.

Changes to the law or to our internal processes may make it necessary to amend this privacy policy, so we request that you read this privacy policy regularly. The privacy policy can be accessed, saved and printed out at any time under Privacy Policy.

§ 1 Data Controller and Scope of Application
The data controller within the meaning of the Kirchliche Datenschutzregelung der Ordensgemeinschaft päpstlichen Rechts (KDR-OG - Church Data Protection Regulation of the Religious Community under Papal Law) and other provisions of data protection law is:

Malteser Werke
Erna-Scheffler-Straße 2
51103 Cologne
E-Mail: malteserwerke@malteser.org
Website: www.malteser-werke.de

This privacy policy applies to the Malteser Werke website, which can be accessed at the domain www.malteser-werke.de and the various subdomains (hereinafter referred to as “our website”).

§ 2 Data Protection Officer
The Data Protection Officer of the Controller is:

Dr Karsten C. Ronnenberg
SoCura GmbH
Kaltenbornweg 3
50679 Cologne
datenschutzbeauftragter@malteser.org

§ 3 Data Processing Principles
Personal data is any information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address and user behaviour. Information that cannot be linked to your person (or can only be linked to your person with an unreasonable amount of effort), e.g. through anonymisation of the information, is not personal data. Processing of personal data (e.g. collection, retrieval, use, storage or transfer) requires a legal basis or your consent. Any personal data that is processed will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required storage obligations to be complied with.

Where we process your personal data to provide certain services, we provide information below about the specific procedures, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

§ 4 Individual Processing Operations

1. Provision and Use of the Website
a. Type and scope of data processing
When you access and use our website, we collect personal data which your browser automatically transmits to our server. This information is temporarily stored in a log file. When you use our website, we collect the following data, which is required for us from a technical point of view in order to display our website to you and to ensure its stability and security:
• IP address of the requesting computer,
• date and time of access,
• name and URL of the requested file,
• website from which access is gained (referrer URL),
• the browser used and, if applicable, the operating system of your computer as well as the name of your access provider

b. Legal basis
Section 6 (1) g) KDR-OG serves as the legal basis for the above-mentioned data processing. Processing the above data is necessary to provide a website and is therefore necessary to protect a legitimate interest of our company.
c. Storage period
As soon as the above-mentioned data is no longer required to display the website, it is deleted. Collecting the data to provide the website and storing the data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility for the user to object. In individual cases, we may store data beyond this if this is required by law.

2. Newsletter
Malteser Newsletter
a. Type and scope of data processing
On our website there is an option to subscribe to a free newsletter. In order to be able to send you the newsletter regularly, we need the following information from you:
• email address
Any additional information is provided voluntarily and will be used to contact you personally and to personalise the content of the newsletter as well as to resolve any queries about your email address. You are free to decide whether to provide us with this data.
Your data will not be passed on to third parties in connection with the newsletter service.
We use the double opt-in procedure for sending the newsletter, i.e. we will only send you the newsletter if you first confirm your registration by clicking on the link in a confirmation email sent to you for this purpose. This is to ensure that only you, as the owner of the specified email address, are able to subscribe to the newsletter. This confirmation must be given promptly after receipt of the confirmation email, otherwise your newsletter registration will be automatically deleted from our database.

Yes, by entering my data and pressing the “Send” button, I consent to my email address being used for a regular newsletter service. I can unsubscribe from the newsletter service at any time by clicking the “Unsubscribe” link at the end of the newsletter.
This consent is voluntary and can be withdrawn at any time with future effect. I can request information, rectification, restriction, deletion and portability of my data at any time. You can find further information about data processing here.

c. Storage period
Your email address will be stored for as long as you are subscribed to the newsletter. When you unsubscribe from the newsletter, your email address will be deleted. In individual cases, we may store data beyond this if this is required by law.

Donation Newsletter

a. Type and scope of data processing
On our website there is an option to subscribe to a free newsletter. In order to be able to send you the newsletter regularly, we need the following information from you:
• email address

Any additional information is provided voluntarily and will be used to contact you personally and to personalise the content of the newsletter as well as to resolve any queries about your email address. You are free to decide whether to provide us with this data.
Your data will not be passed on to third parties in connection with the newsletter service.
We use the double opt-in procedure for sending the newsletter, i.e. we will only send you the newsletter if you first confirm your registration by clicking on the link in a confirmation email sent to you for this purpose. This is to ensure that only you, as the owner of the specified email address, are able to subscribe to the newsletter. This confirmation must be given promptly after receipt of the confirmation email, otherwise your newsletter registration will be automatically deleted from our database.

b. Legal basis
Under Section 6 (1) b) KDR-OG, the processing of your email address for the purpose of sending newsletters is based on the voluntary declaration of consent provided by you as below:
Declaration of consent:
By entering my data and pressing the “Send” button, I consent to my email address being used for a regular newsletter service. I can unsubscribe from the newsletter service at any time by clicking the relevant link at the end of the newsletter.
I can withdraw my consent to the collection of personal data collected during the registration process at any time.

3. Facebook Lead Ads

a. Type and scope of data processing
We use the Lead Ads function provided by Facebook Inc. (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA) to collect and process your data as an interested party - so-called lead - through a contact form displayed on Facebook Inc. websites, where you have given your express consent. For this purpose, we collect your first and last names as well as your email address. We use this data exclusively for our own marketing purposes (specifically for sending newsletters) and do not pass it on to third parties. For more information, see Facebook's privacy policy: facebook.com/privacy/explanation

b. Legal basis
Under Section 6 (1) b) KDR-OG, the processing of your personal data is based on the voluntary declaration of consent provided by you as below:
Yes, I consent to Malteser Hilfsdienst e.V. using the “Lead Ads” function provided by Facebook Inc. to collect my first and last names as well as my email address. My data will be transmitted to Malteser through Facebook Inc. for this purpose. By pressing the “Send” button, I consent to my above-mentioned email address being used by Malteser Hilfsdienst e.V. to send me a regular newsletter. I can unsubscribe from the Malteser Hilfsdienst e.V. newsletter service at any time by clicking the “Unsubscribe” link at the end of the newsletter.
This consent is voluntary and can be withdrawn at any time with future effect. I can request information, rectification, restriction, deletion and portability of my data at any time. You can find further information about data processing here.
c. Storage period
Your email address will be stored for as long as you are subscribed to the newsletter. You have the option to unsubscribe from the newsletter at any time. You can do this by clicking the unsubscribe button in the newsletter itself, via www.malteser.de/newsletter/newsletter-abmelden or by sending an email to newsletter(at)malteser(dot)org. When you unsubscribe from the newsletter, your personal data will be deleted. In individual cases, we may store data beyond this if this is required by law.

4. Contact Form
a. Type and scope of data processing
On our website, we provide a form for you to contact us. If you use the contact form, the following personal data will be processed:
• email address
• forename and surname
• postcode
• subject
• contents of your enquiry
We collect this data in order to process your request and respond to you. Your postcode is used to ensure that your enquiry can be identified unambiguously. Your personal data will not be passed on to third parties when using the contact form.

b. Legal basis
The data processing described above (cf. Section 4 (5) a) for the purpose of contacting you is carried out in accordance with Section 6 (1) c) KDR-OG for the purpose of processing and answering your enquiry.

c. Storage period
As soon as your request has been processed and the matter in question has been resolved, your personal data processed through the contact form will be deleted. In individual cases, we may store data beyond this if this is required by law.

5. Online Donations
a. Type and scope of data processing
If you donate through the form on our website, we collect your first and last names, your IP address and your email address. Your email address is required to send you the pre-notification for the SEPA Direct Debit. We also collect donation data including account details, payment method, amount and purpose of use. This data will only be used to process your donation. Any additional information is provided voluntarily and will be used to contact you personally and to resolve any queries. You are free to decide whether to provide us with this data.
We work with an external service provider, micropayment GmbH, to process your donation. Your personal data will be transmitted to micropayment GmbH for the processing of your donation and be processed by them strictly in accordance with our instructions.
Prior to the collection of your financial data, you have provided the following declaration of consent:

Declaration of consent:
I consent to my bank details being used to process the donation I have requested. I can withdraw this consent at any time by contacting spenderbetreuung@malteser.org.

b. Legal basis
With the exception of financial data, Section 6 (1) g) KDR-OG serves as the legal basis for the above-mentioned data processing. Processing the above data is necessary to process online donations and is therefore necessary to protect a legitimate interest of our company. Under Section 6 (1) b) KDR-OG, the processing of your bank data is based on the voluntary declaration of consent provided by you.
c. Storage period
As soon as your data is no longer required to achieve the purposes described above, this information will be deleted. In individual cases, we may store data beyond this if this is required by law.

6. Application
a. Type and scope of data processing
You can apply online for various Malteser job opportunities via our website. In the context of your application, we will collect your title, first name, surname, address, telephone number, email address, religious affiliation, curriculum vitae and details of your education and qualifications. Additional information is voluntary. We store this data for 6 months in the event of a rejection.
If you have provided separate consent to us, we will also store your contact details for 24 months for further consideration of your application. You can withdraw your consent at any time with effect for the future without the need for an official form.
We work with an external service provider, rexx systems GmbH, to process your application. Your personal data will be transmitted to rexx systems GmbH for the processing of your application and be processed by them strictly in accordance with our instructions.
As part of your application, you have provided the following declaration of consent:
Declaration of consent:

I consent to the personal data I have provided above being stored for a further 24 months if I am unsuccessful, so that I can be considered for any future vacancies. I can withdraw this consent at any time by contacting malteser@malteser.org.

b. Legal basis
Section 6 (1) g) KDR-OG serves as the legal basis for the above-mentioned data processing. Processing the above data is necessary to recruit new employees and is therefore necessary to protect a legitimate interest of our company. If you have provided consent, data processing according to Section 6 (1) b) KDR-OG is based on the voluntary declaration of consent provided by you.

c. Storage period
We only store your data within the scope stated above. In individual cases, we may store data beyond this if this is required by law.

7. Job Alert
a. Type and scope of data processing
If you register for the “Job Alert” newsletter, we will collect your email address. We need this to provide you with the newsletter. Otherwise, data processing shall take place for the purposes already described in Section 4 (3).

b. Legal basis
Under Section 6 (1) b) KDR-OG, the processing of your email address for the purpose of sending newsletters is based on the voluntary declaration of consent provided by you as below:
Declaration of consent:
By entering my data and pressing the “Send” button, I consent to my email address being used for a regular Job Alert newsletter service. I can unsubscribe from the newsletter service at any time by clicking the relevant link at the end of the newsletter. I can withdraw my consent to the collection of personal data collected during the registration process at any time.

8. Booking Courses
a. Type and scope of data processing
We offer training and further education courses on various topics. When you register for a course via our website, we require your title, first name, surname, date of birth, address and telephone number in order to organise, run and confirm your participation in the respective course. We work with our internal IT service provider, SoCura GmbH, to process your booking. Your personal data will be transmitted to SoCura GmbH and the respective service providing the course for the processing of your application and be processed by them strictly in accordance with our instructions.

b. Legal basis
In accordance with Section 6 (1) c) KDR-OG, personal data is processed for the purpose of fulfilling a training or further education contract between you and Malteser or for carrying out pre-contractual measures.

c. Storage period
As soon as the processed data is no longer required for the purposes of implementing the contract, it will be deleted. It may also be necessary to store personal data about you after the contract has been concluded in order to comply with contractual or legal obligations. In individual cases, we may store data beyond this if this is required by law.

9. Emergency Home Calls
a. Type and scope of data processing
If you are interested in our emergency call services, you can enquire using our order form. We collect your title, first and last name, address and telephone number through this order form. We need your address to verify in advance whether the service you require can be provided in your area.

b. Legal basis
In accordance with Section 6 (1) c) KDR-OG, personal data is processed for the purpose of implementing pre-contractual measures in the lead-up to a possible emergency home call contract.

c. Storage period
If a contract is not concluded, the data will be deleted after a period of 6 months. If a contract is concluded, we delete the data as soon as it is no longer required for the implementation of the contract. It may also be necessary to store personal data about you after the contract has been concluded in order to comply with contractual or legal obligations. In individual cases, we may store data beyond this if this is required by law.

10. Menu Service
a. Type and scope of data processing
If you are interested in our menu service, you can enquire using our order form. We collect your title, first and last name, address and telephone number through this order form. We need your address to verify in advance whether the service you require can be provided in your area.

b. Legal basis
In accordance with Section 6 (1) c) KDR-OG, personal data is processed for the purpose of implementing pre-contractual measures in the lead-up to a possible menu service contract.

11. Surveys with SurveyMonkey
a. Type and scope of data processing
We process the information you provide in order to improve our services. The data is collected by our processor SurveyMonkey Inc. and made available to Malteser for analysis.

b. Legal basis
We process your personal data on the basis of a legitimate interest according to Section 6 (1) g) KDR-OG in order to improve our offers and services. You can object to the processing without any form at any time in accordance with Section 23 (1); please send your objection to Datenschutz@malteser.org.

c. Storage period
Once the purpose of the processing has been fulfilled, we will delete your data unless there are legal retention periods.

§ 5 Transfer of Data

We will only transfer your personal data to third parties if:
you have given your express consent to this in accordance with Section 6 (1) b) KDR-OG,
if there is a legal obligation for transfer according to Section 6 (1) d) KDR-OG, if this is legally permissible and if it is necessary for the fulfilment of a contractual relationship with you according to Section 6 (1) c) KDR-OG,
the transfer is necessary in accordance with Section 6 (1) g) KDR-OG to protect the legitimate interests of the controller and there is no reason to believe that you have an overriding legitimate interest in not having your data transferred.

§ 6 Use of Cookies

We use cookies to provide you with an optimised website experience. Cookies are small files that are transmitted by us to your end device's browser when you visit our website and are stored there. This includes cookies that are necessary for the technical operation of our website, as well as those that help us to improve our platform and to provide additional functions.
Detailed information on the type, scope and function of the individual cookies can be found in our Cookie Privacy Policy at the following link.

§ 7 Tracking and Analysis Tools

We use tracking and analysis tools to continuously optimise our website and to ensure that it is appropriate to your needs. Tracking measures also allow us to statistically capture the use of our website by visitors and to further develop our online presence for you using the insights we gain. The use of the tracking and analysis tools described here is justified on the basis of these interests in accordance with Section 6 (1) b) and g) KDR-OG and Section 15 3) of the TMG (German Telemedia Act). The following description of the tracking and analysis tools shows the respective processing purposes and the data processed.
1. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer, to help the website analyse how users use the site.
The information generated by these cookies, for example about the time, place and frequency of your website use, is normally transferred to a Google server in the USA and stored there. When using Google Analytics, there is a possibility that the cookies placed by Google Analytics may also collect other personal data in addition to the IP address. We would like to point out that Google may transfer this information to third parties where required to do so by law, or if such third parties process the information on Google’s behalf.
Google uses the information generated by cookies on behalf of the website operator to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is, according to Google, not merged with other Google data.
We only store your data collected via Google Analytics as long as this is necessary to achieve the purpose described above, up to a maximum of 26 months.

You can generally prevent cookies from being stored by configuring your browser software accordingly; however, we would like to point out that this may prevent you from using all the functions of this website to their full extent.

There is a possibility that the cookies placed by Google Analytics may collect other personal data in addition to the IP address. To prevent information about your website usage from being collected by Google Analytics and transmitted to Google Analytics, you can download and install a plugin for your browser from the following link: tools.google.com/dlpage/gaoptout.

This plugin prevents information about your website visit being transmitted to Google Analytics. This plugin will not prevent any other analysis.
Please note that you cannot use the browser plug-in described above when visiting our website through a mobile device browser (smartphone or tablet). When using a mobile device, you can prevent Google Analytics from collecting your usage data by clicking on the following link: deactivate Google Analytics.

Clicking on this link will set an opt-out cookie in your browser. This prevents information about your website visit being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and this domain. When you delete cookies in this browser, the opt-out cookie will also be deleted. You will need to click the link again to continue to prevent Google Analytics from collecting data. It is also possible to use the opt-out cookie instead of the above plug-in when using the browser on your computer.

The code “anonymizeIp” has been added to Google Analytics on this website to ensure the best possible protection of your personal data. This code deletes the last 8 bits of the IP addresses so that your IP address is recorded anonymously (IP masking). Your IP address will be shortened by Google before transfer within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and will therefore be anonymised. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

2. Google AdWords
We use Google AdWords technology and, specifically, conversion tracking. Google Conversion Tracking is an analysis service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. If you click on an ad displayed by Google, a cookie for conversion tracking will be stored on your computer. These cookies are valid for 30 days and are not used for personal identification. If you visit certain pages on our website when the cookie has not yet expired, both Google and ourselves will be able to recognise that you have clicked on a particular ad and have been redirected to that page. Each Google AdWords customer receives a different cookie. This means that it is not possible to track cookies through AdWords customer websites.

The data collected using the conversion cookie is used to create conversion statistics for AdWords customers who use conversion tracking. This tells customers the number of users who clicked on their ad and were then redirected to a page containing a conversion tracking tag. However, they do not receive any personally identifiable information.

If you do not agree to participate in conversion tracking, you can prevent this by configuring your browser accordingly, e.g. by preventing the installation of cookies in general. You can also deactivate cookies for conversion tracking by configuring your browser so that only cookies from the web address “googleadservices.com” are blocked.

3. Google Remarketing
We use “Google Remarketing” technology provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Remarketing is used to display ads to users who have already visited our websites and online services and were interested in a particular offer. This allows targeted and interest-based advertisements to be displayed on our site within the Google advertising network. Google Remarketing uses cookies for this analysis. This allows our visitors to be recognised when they visit websites within the Google advertising network. This allows targeted and interest-based advertisements to be displayed within the Google advertising network, which are based on the websites previously visited by the visitor within the Google advertising network (which also use the Google Remarketing function).
If you do not wish to be shown targeted, interest-based advertising, you can deactivate the use of cookies by Google for these purposes via the link: https://www.google.de/settings/ads.

4. Hotjar
This website uses Hotjar, an analytics software from the European company Hotjar Ltd. (“Hotjar”) (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar allows us to measure and analyse user behaviour on our website in order to improve the user experience. The information that is generated by the “Tracking Code” and “Cookie” about your visit to our website is transmitted to the Hotjar servers in Ireland and stored there. The tracking code records the IP address in an anonymised and therefore non-personalised format (as described under Technical Information). The following information is also collected: the screen resolution of your device, the device type and browser information, the geographical location (country only), the preferred language for displaying our website, user interactions, mouse actions (movement, position and clicks) and keystrokes.

If you continue to use this website, you consent to the processing of data mentioned above by Hotjar (see Hotjar Privacy Policy). The cookies that Hotjar uses have different “lifespans”; some remain valid for up to 365 days, some remain valid only for the current visit. You can prevent Hotjar from collecting data by clicking on the following link and following the instructions there: www.hotjar.com/opt-out

5. AdForm
We use the Adform tool from Adform A/S Wildersgade 10B, sal. 1 DK-1408 Copenhagen, Denmark, on this website, which collects data for analysis, marketing and optimisation purposes and therefore helps us to improve our marketing measures and our website. The data collected is used by Adform to associate advertising contacts and clicks on advertisements with any resulting use of our website. This allows us to determine whether internet users who have seen our ads are visiting our website and which products they are interested in. This helps us to allocate our advertising budget more efficiently. We may also use the data collected to provide advertisements based on your interests (e.g. products viewed). For data collection, pseudonymous online identification numbers (online ID) such as cookie IDs, IP address, device IDs, advertising ID/IDFA (e.g. on Android or Apple smartphones) are used. No unique user-related data such as name or address is stored. The IDs we use only allow us to recognise your end device, your internet browser or the app you are using. The data collected will not be used to personally identify you as a website user without your specific consent. The legal basis for data processing is Section 6 (1b) and (g) KDR-OG and Section 15 (3) TMG (German Telemedia Act).

We store data collected via Adform relating to individual events for a period of 60 days.
If you do not want Adform to collect your data, please proceed as follows: The following links explain how you can deactivate data collection on your computer or mobile device:

German language version: https://site.adform.com/de/privacy-center/platform/widerrufsrecht/
English language version: https://site.adform.com/privacy-center/platform-privacy/opt-out/

§ 8 Use of YouTube Videos
We use embedded YouTube videos in privacy-enhanced mode. YouTube is a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This privacy-enhanced mode is provided by YouTube and ensures that YouTube does not store any cookies with personal data on your computer. The IP address is transmitted when the website is accessed and the videos are embedded. This cannot be linked unless you have logged in to YouTube or another Google service before accessing the page or are permanently logged in.
When you begin playback of an embedded video by clicking on it, YouTube only stores cookies on your computer through the privacy-enhanced mode, which do not contain any personally identifiable data. These cookies can be prevented by configuring the appropriate browser settings and extensions (source: YouTube “Enabling privacy-enhanced mode for embedded videos”).

You can find further information about the integration of YouTube videos on the YouTube information page: https://support.google.com/youtube/answer/171780?hl=en

§ 9 Plugins
Facebook, Instagram, WhatsApp, YouTube and Twitter

1. Data Controller
As the operator of the website, we (Malteser Hilfsdienst e.V.) are jointly responsible with the operator of the plugin (Facebook Ireland Ltd, Instagram, WhatsApp, YouTube, Twitter Inc.). The data controller within the meaning of Art. 4 (7) of the General Data Protection Regulation (GDPR) or Section 4 (9) of the Kirchlichen Datenschutzregelung der Ordensgemeinschaft päpstlichen Rechts (KDR-OG).

2. Type and Scope of Data Processing
Our websites contain social plugins from the social networks “Facebook” (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA), “Instagram” (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), “WhatsApp” (WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), “YouTube” (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) and “Twitter” (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA). These services are offered by the respective companies (“providers”). The social plugins are identified on our website by the respective service buttons. The service may be able to associate you with your account on the basis of the data transmitted to the respective service via the social plugins. Social plugins are integrated into our website using the “2-click solution” to increase the protection of your data on our website. This ensures that when a page of our website containing such social plugins is accessed, no automatic connection is established with the servers of the respective providers.

There are two stages involved in activating the function of the respective social plugin. To activate a social plugin, you must first click on the link on our website. This activates the social plugin and your browser establishes a connection to the servers of the respective provider. Clicking a second time allows you to interact with the social plugin and, for example, submit recommendations. If you are already logged in to one of the providers' social networks, the providers can immediately assign your visit to this website to your profile. If you interact with the social plugins by clicking on them, the relevant information is also transmitted directly to the providers’ server and stored there. Information may also be published on the social network and displayed there to your contacts. If you would like to prevent this direct attribution of data collected through our website to your profile, you must log out of your account with the respective provider before visiting our websites.
As the operator of the website, we collect the following data for transfer to Facebook, Instagram, WhatsApp, YouTube, Twitter Inc:
• IP address

3. Purpose
Users’ personal data is processed for the purpose of managing our marketing activity.

4. Legal basis
Users' personal data is processed on the basis of our legitimate interests in optimising our company image (Art. 6 (1) f) GDPR /§ 6 (1) g) KDR-OG).

5. Transfer of Data
It is possible that some of the information collected may also be processed outside the European Union by Facebook Inc. based in the USA. Facebook Inc. is certified under the US-EU data protection agreement “Privacy Shield” and therefore is committed to complying with the European Data Protection Regulations.
We, as co-controllers, do not pass on any personal data except to Facebook, Instagram, WhatsApp, YouTube, Twitter Inc.

6. Storage Period
Once data has been transferred to Facebook, Instagram, WhatsApp, YouTube, Twitter Inc. and is no longer required for the purpose described above, this information is deleted. In individual cases, we may store data beyond this if this is required by law.
Please refer to the data protection information provided on the service’s website for the further scope and purpose of the data collection by the respective service as co-controller as well as the further processing and use of your data there. There you will also find further information about your corresponding data protection rights and configuration options to protect your privacy.

7. Type and Scope of Data Processing by Co-Controllers
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
https://www.facebook.com/policy.php
https://www.facebook.com/help/186325668085084

b) Instagram, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
https://help.instagram.com/519522125107875

c) WhatsApp, Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
https://www.whatsapp.com/legal?eea=1&lang=de#privacy-policy

d) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
https://twitter.com/privacy

e) YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
https://policies.google.com/privacy

§ 10 Hyperlinks
Our website contains hyperlinks to websites from other providers. If you activate these hyperlinks, you will be redirected from our website directly to the website of the other providers. This can be recognised, among other things, by the change of URL. We cannot assume any responsibility for the confidential handling of your data by these third-party websites, as we have no control over whether these companies comply with data protection regulations. Please refer directly to these websites for information on how your personal data is handled by these companies.

§ 11 Personal Data in Photos and Videos
Your separate declaration of consent in accordance with Section 6 (1) b) KDR-OG constitutes the legal basis for the processing of personal data for the production, use and publication of photos or videos. Your data will be stored for the duration of your consent until the purpose has been achieved, up to a maximum of 30 years.

§ 12 Data Subject Rights
As a data subject of personal data processing, you have the following rights under the KDR-OG:
In accordance with Section 17 KDR-OG, you may request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to which your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if it was not collected by us, about a transfer to third countries or to international organisations as well as about the existence of automated decision-making including profiling and, if applicable, significant information about the details.
In accordance with Section 18 KDR-OG, you can immediately request the rectification of incorrect personal data or the completion of your personal data stored by us.

In accordance with Section 19 KDR-OG, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

In accordance with Section 20 KDR-OG, you may request the restriction of the processing of your personal data if you disagree with the accuracy of the data, the processing is illegitimate, we no longer need the data and you object to its erasure because you need it for the assertion, exercise or defence of legal claims. You also have the right under Section 18 KDR-OG if you object to the processing in accordance with Section 23 KDR-OG.

In accordance with Section 22 KDR-OG, you may request to receive your personal data that you have provided to us in a structured, standard and machine-readable format, or you may request that it be transferred to another controller.
In accordance with Section 8 (6) KDR-OG, you can withdraw your consent at any time. This will mean that we may no longer continue with data processing based on this consent in the future.

In accordance with Section 48 KDR-OG, you have the right to complain to a regulatory authority. You can generally contact the regulator of your usual place of residence, your place of work or our company headquarters to do this. If you believe that your data has been illegally processed by the controller or that your “data subject rights” have been infringed, please contact the data protection regulator:

Mr RA Dieter Fuchs
Wittelsbacherring 9
53115 Bonn
Email: fuchs@orden.de

§ 13 Right to Objection
In the processing of your personal data on the basis of legitimate interests pursuant to Section 6 (1) g) KDR-OG, you have the right to object to the processing of your personal data in accordance with Section 23 KDR-OG, if there are grounds for doing so that arise from your specific situation or if the objection is against direct advertising. For direct marketing, you have a general right of objection, which can be implemented by us without specifying a specific situation.

§ 14 Data Security and Safeguarding Measures
We are committed to protecting your privacy and treating your personal data confidentially. We take comprehensive technical and organisational security measures, which are regularly reviewed and adapted to technological progress, in order to prevent the manipulation, loss or misuse of your data stored by us. Among other things, this includes the use of recognised encryption methods (SSL or TLS). We would like to inform you, however, that due to the structure of the internet it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions that fall outside our sphere of responsibility. For instance, data provided in unencrypted form - e.g. by email - can be read by third parties. We have no technical control over this. It is the user’s responsibility to protect the data they provide against misuse by encrypting it or protecting it by other means.

Status April 2020