Data Protection Policy
Preamble
The following paragraphs establish what data will be processed, when, for what purpose, and on what legal basis. We explain how our offered services work and how we ensure the protection of your personal data.
All definitions refer to the General Data Protection Regulation (GDPR).
In accordance with Art. 4(1) of the GDPR, personal data mean any information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified, either directly or indirectly.
This data privacy statement can be accessed at https://www.rosalux.de/datenschutz, as well as saved and printed anytime.
You have the right to object pursuant to Art. 21 of the GDPR, insofar as we state our legitimate right or a legitimate right of a third party (Art. 6(1) point (f) of the GDPR) to be the legal basis for the processing of personal data:
Pursuant to Art. 21 of the GDPR you are entitled to object to the processing of personal data at any time. We will then no longer use your personal data for purposes of direct marketing or the associated profiling.
Upon your objection we will no longer use your personal data for other purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests or for the establishment, exercise or defence of legal claims (see Art. 21(1) of the GDPR on your “restricted right to object”). In this case you must provide grounds for the objection that result from your special situation.
You can also object to the processing of your personal data on grounds relating to your special situation where those personal data are processed for scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest (see Art. 21(6) of the GDPR).
This data privacy statement aims to provide a complete overview of the data processing and therefore contains several links to information and privacy policies on external websites (see also section “Social Networks and External Links” of this data privacy statement). We attempt to keep the links in this data privacy statement up to date. However, we cannot guarantee that all links work properly due to continuous updates of those websites. If you notice an invalid link, please let us know so that we can insert the correct link.
Controller
The controller for the processing of personal data within the meaning of Art. 4(7) of the GDPR is:
Rosa-Luxemburg-Stiftung
Gesellschaftsanalyse und politische Bildung e. V.
Straße der Pariser Kommune 8A
10243 Berlin
Germany
Telephone: +49-(0)30-44310-0
Fax: +49-(0)30-44310230
E-mail: info@rosalux.org
Internet: www.rosalux.de
Authorized representative of the board of directors:
Daniela Trochowski (Executive Member of the Board of Directors of the Rosa-Luxemburg-Stiftung)
Contact Person for Data Privacy Issues
Contact our data protection officer for questions regarding the processing of your personal data and your data protection rights:
kpp-group GmbH
Berliner Str. 112a
13189 Berlin, Germany
Phone: +49-(0)30-20673720
E-mail: datenschutz@rosalux.de
Data Subject Rights
You have the following rights:
- Right of access (Art. 15 of the GDPR)
- Right to rectification (Art. 16 of the GDPR)
- Right to erasure (Art. 17 of the GDPR)
- Right to restriction of processing (Art. 18 et seq. of the GDPR)
- Right to data portability (Art. 20 of the GDPR)
- Right to object (Art. 21 of the GDPR)
For related queries send an e-mail to datenschutz@rosalux.de . Please note that we have to ensure that you are indeed the data subject making the request.
Without prejudice to any other administrative or judicial redress, you are also entitled to appeal to the data protection supervisory authority.
There is no automated decision-making on our website.
Data Security
We use technical and organisational measures in order to protect our website and other systems against loss, destruction, access, modification, or distribution of your data by unauthorised persons. However, despite regular checking, we cannot guarantee complete protection against all risks.
General Information: Provision of our Statutory and Contractual Services
We process the data of our members, supporters, interested parties, customers and other persons in accordance with Art. 6(1) point (b) of the GDPR, if we offer contractual services or act through our business relationships, such as with members, or if we receive services or benefits. In addition, we process data of data subjects in accordance with Art. 6(1) point (f) of the GDPR on the basis of our legitimate interests, e.g. for administrative tasks or public relations.
The data concerned, the nature, scope and purpose, and the requirement of the processing depend on the contractual relationship (e.g. event registration). This includes the person’s inventory and master data (e.g. name, address etc.) and contact data (e.g. e-mail address, phone etc.), contractual data (e.g. services used, content and information provided, names of contacts) and—if we provide payable services or products—payment data (e.g. bank details, payment history etc.).
We delete data that are no longer required for the provision of statutory and contractual purposes. This is determined by the respective tasks and contractual relationships. In the case of business-related processing, we retain any relevant data for as long as it is necessary to process our business transactions or with regard to any warranty or liability obligations. The requirement to retain data will be reviewed every three years. In addition, the statutory data retention obligations apply.
Server log files
Every time you access our website your device’s system will automatically collect data and information that are stored in server log files. These data are information that refers to an identified or identifiable natural person (the website user in this case). Every time you access our website, your browser automatically transfers the data to our website. These data include the following information:
- The time you accessed our website (request to the host provider’s server),
- URL of the website from which you accessed our website,
- Your operating system,
- Type and version of the browser you use,
- Your computer’s IP address.
The purpose of this processing is to enable you to access our website with your device and to correctly display our website on your device or your browser. The data also serve to optimize our website and ensure system security. We will not evaluate those data for marketing purposes.
The legal basis for the processing is Art. 6(1) point (f) of the GDPR. We have a legitimate interest in optimizing our website for your server and enabling communications between our server and your device. To ensure the latter, the processing of your IP address is required in particular.
The processed information will be stored only as long as it is necessary for the intended purpose or as legally required.
The data recipient is our server host, who carries out the data processing on our behalf.
The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. However, if you do not provide your personal data you will not be able to use our website, or at least not in its entirety, as a result.
Cookies
Our website uses cookies. A cookie is a text file that is stored on your device in order to make the use of a website more user-friendly. Cookies may store information and settings on a website so that you do not need to re-enter them every time you use the website. Cookies contain a cookie ID, which allows for the assignment of the device on which the cookie is stored. We use the following cookies:
- Cookies that contain a randomly generated, specific identification number that enables your identification or identification of your device whilst you visit our website. These cookies will be automatically deleted at the end of your visit.
- Cookies that contain a randomly generated, specific identification number that enables your identification or identification of your device on our website. These cookies will be automatically deleted after one year.
The purpose of the processing is to make your use of our website more user-friendly and allow you to store your settings.
The legal basis for the processing is Art. 6(1) point (f) of the GDPR. We have a legitimate interest in providing a website that saves your personal settings and facilitates your visit to our website.
Right to Object
You have the right to object. You can restrict the placement of cookies or completely disable them in your browser settings. You can also configure automatic deletion of cookies when you close the browser window.
Here you find more information on how to delete cookies in the most commonly used browsers and how to change cookie settings:
Google Chrome: Website
Mozilla Firefox: Website
Apple Safari: Website
Microsoft Internet Explorer: Website
Microsoft Edge: Website
The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. However, if you do not provide your personal data you may not be able to use our website, or at least not in its entirety, as a result.
Other services we use also use cookies. We expressly refer to the use of cookies in the individual services.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done when we use third-party services or for the disclosure or transfer of data to third parties, this is done only if required for the fulfilment of our (pre)contractual duties, on the basis of your approval, a legal duty or our legitimate interests. Subject to legal or contractual permissions, we process data or have data processed in a third country only if the special requirements of Art. 44 et seqq. of the GDPR are met. Accordingly the data are only processed on the basis of special guarantees, such as the officially recognized establishment of a data protection level that corresponds to EU requirements (e.g. the Privacy Shield for the US) or the observance of officially recognized contractual obligations (“standard contractual clauses”).
Use of YouTube
We use YouTube videos and YouTube plug-ins on our website. YouTube is a service of YouTube, LLC (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, US, and is provided by YouTube. YouTube, LLC is a subsidiary of Google, Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, US.
We have integrated YouTube by embedding the service on our website using iframe tags. If an iframe tag is loaded, YouTube or Google may collect and process information (including personal data). We cannot exclude that YouTube or Google will transfer the information to a server in a third country.
We do not collect any data when you view a YouTube video on our website.
We have integrated YouTube to present you several videos that you can view directly on our website.
The legal basis for this type of processing of personal data is Art. 6 (1) point (f) of the GDPR. The legitimate interest required for this lies in the great benefit that YouTube offers. By including external videos we decrease the load on our servers and can use those resources for other purposes. Among other things, this can increase the stability of our servers. YouTube or Google also has a legitimate interest in the (personal) data collected in order to improve their own services.
The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. However, if you do not provide your personal data you may not be able to use our website, or at least not in its entirety, as a result.
For more information, refer to YouTube’s or Google’s privacy policies at www.google.com/policies/privacy/.
To learn more about Google’s privacy settings, visit https://privacy.google.com/take-control.html?categories_activeEl=sign-in.
Social Share Function
The social media buttons of Twitter, Facebook, Google+ and Diaspora do not automatically transmit data to the service provider when you visit the website. No use-specific data are transmitted to the provider if you click the share button.
In addition to this website, we are also present in various social media networks, which you can access via corresponding buttons on our website. If you visit such a social media site, personal data may be transferred to the provider of the social network. In addition to storing the data you have entered in this social media network, the social media network provider may also process other information.
In addition, the social media network provider may process the most important data of the computer system from which you visit it such as your IP address, processor type and browser version used, including plug-ins.
This network can assign the visit to this account if you are logged in with your personal user account of the respective network while visiting such a website.
The purpose and scope of the data collection by the respective social media network as well as the further processing of your data there and your rights in this regard can be found in the respective regulations of the responsible party.
Facebook: https://www.facebook.com/about/privacy/
Twitter: https://twitter.com/en/privacy
Instagram: https://help.instagram.com/155833707900388
Google: https://policies.google.com/privacy?hl=en-GB
Flickr: https://policies.oath.com/ie/en/oath/privacy/index.html
Soundcloud: https://soundcloud.com/pages/privacy
Please note that our website contains further links to external third-party websites. We have no influence on the processing of data on these third-party websites.
Changes to the Data Privacy Statement
We may need to adapt this data privacy statement due to legal changes or changes to our internal processes.
Status: 15.01.2021