PRIVACY POLICY

INTRODUCTION
With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to simply as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the course of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are not gender-specific.
Status: 27 January 2025

CONTROLLER
Aab Humanitarian Association gGmbH
c/o Rechtsanwaltskanzlei Heinrich
Spichernstraße 2
10777 Berlin
Germany

Managing Director: Vesna Donic
E-mail: office@aab-human.de

Commercial Register: HRB 262566 B, Charlottenburg District Court
Tax Number: 27/611/83895, Tax Office for Corporations I in Berlin

VAT ID: DE367305116

Contact Data Protection Officer
You can reach our Data Protection Officer at: datenschutz@aab-human.de

Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed
– Master data.
– Payment data.
– Contact data.
– Content data.
– Contract data.
– Usage data.
– Meta/communication data.

Categories of data subjects
– Customers.
– Prospective customers.
– Communication partners.
– Users.

Purposes of processing
– Provision of contractual services and customer service.
– Contact requests and communication.
– Direct marketing.
– Reach measurement.
– Feedback.
– Marketing.
– Profiles with user-related information.
– Provision of our online offering and user-friendliness.

Relevant legal bases
Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country and/or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

– Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
– Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
– Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection rules of the General Data Protection Regulation, national data protection provisions apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfers as well as automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for employment-related purposes (§ 26 BDSG), especially with regard to the establishment, implementation, or termination of employment relationships as well as employees’ consent. In addition, the data protection laws of the individual federal states may apply.

Security measures
In accordance with the legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, safeguarding of availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. In addition, we take data protection into account already when developing or selecting hardware, software, and procedures in accordance with the principle of data protection by design and by default.

Shortening of IP address: Where IP addresses are processed by us or by the service providers and technologies used and processing a full IP address is not necessary, the IP address is shortened (also referred to as “IP masking”). This involves removing the last two digits, or the last part of the IP address after a dot, or replacing them with placeholders. Shortening the IP address is intended to prevent or significantly hinder the identification of a person based on their IP address.

SSL encryption (https): To protect data transmitted via our online offering, we use SSL encryption. You can recognize encrypted connections by the prefix https:// in your browser’s address bar.

Transfer of personal data
In the course of processing personal data, it may happen that data is transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organization: We may transfer personal data to other units within our organization or grant them access to such data. If this transfer is for administrative purposes, it is based on our legitimate business and economic interests, or it takes place if necessary to fulfill our contractual obligations, or if there is the consent of the data subjects or legal permission.

Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or the disclosure/transfer of data to other persons, entities, or companies, this is only done in accordance with legal requirements.

Subject to explicit consent or transfers required by contract or law, we process or have data processed in third countries only where an adequate level of data protection is recognized, based on contractual obligations via so-called standard contractual clauses of the EU Commission, where certifications exist, or where binding internal data protection rules apply (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of data
The data processed by us is deleted in accordance with legal requirements as soon as the consents permitting processing are revoked or other permissions cease to apply (e.g., if the purpose of processing no longer applies or the data is no longer required for the purpose). If data is not deleted because it is required for other legally permissible purposes, its processing is restricted to those purposes. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax-law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may also contain further information on the retention and deletion of data that takes precedence for the respective processing activities.

Use of cookies

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at <a href=”https://devowl.io/de/rcb/datenverarbeitung/” rel=”noreferrer” target=”_blank”>https://devowl.io/de/rcb/datenverarbeitung/</a>.

The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of cookies and similar technologies used and the related consents.

Providing personal data is neither contractually required nor necessary for concluding a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents.

Cookies are small text files or other storage notes that store information on end devices and read information from end devices. For example, to store the login status in a user account, a shopping cart content in an online shop, the content accessed, or functions used in an online offering. Cookies can also be used for various purposes, such as ensuring functionality, security, and convenience of online offerings and creating analyses of visitor traffic.

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required. Consent is, in particular, not necessary if storing and reading information, including cookies, is strictly necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. The revocable consent is clearly communicated to users and contains information on the respective cookie use.

Notes on data protection legal bases: Which data protection legal basis we use to process users’ personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in the commercial operation of our online offering and improvement of its usability) or, if this occurs within the scope of fulfilling our contractual obligations, where the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which cookies are processed by us in the course of this privacy policy or as part of our consent and processing procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

– Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
– Persistent cookies: Persistent cookies remain stored even after the end device is closed. For example, the login status can be stored or preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information on the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are persistent and that the storage duration can be up to two years.

General notes on withdrawal and objection (opt-out): Users can withdraw their given consents at any time and also object to processing in accordance with the legal requirements of Art. 21 GDPR. Users can also declare their objection via their browser settings, e.g., by disabling the use of cookies (which may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Payment methods
Within the scope of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer data subjects efficient and secure payment options and, for this purpose, use other service providers in addition to banks and credit institutions (collectively “payment service providers”).

The data processed by payment service providers includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs, and checksums as well as contract, amount-related, and recipient-related information. This information is necessary to carry out the transactions. However, the entered data is processed and stored only by the payment service providers. This means we do not receive any account- or credit card-related information, but only information confirming or rejecting the payment. In some circumstances, the data may be transmitted by payment service providers to credit agencies. This transmission serves identity and creditworthiness checks. For this, we refer to the terms and privacy notices of the payment service providers.

The terms and conditions and privacy notices of the respective payment service providers apply to payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and for asserting rights of withdrawal, access, and other data subject rights.

– Types of data processed: master data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
– Data subjects: customers; prospective customers.
– Purposes of processing: provision of contractual services and customer service.
– Legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Further notes on processing operations, procedures, and services:

– Klarna / Sofortüberweisung: payment services (technical integration of online payment methods); provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); website: https://www.klarna.com/de; privacy policy: https://www.klarna.com/de/datenschutz.
– Mastercard: payment services (technical integration of online payment methods); provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); website: https://www.mastercard.de/de-de.html; privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
– PayPal: payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; legal bases: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); website: https://www.paypal.com/de; privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Blogs and publication media
We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within the scope of these privacy notices.

– Types of data processed: master data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
– Data subjects: users (e.g., website visitors, users of online services).
– Purposes of processing: provision of contractual services and customer service; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness.
Legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Newsletter and electronic notifications
We send newsletters, emails, and other electronic notifications (hereinafter “newsletter”) only with the consent of recipients or a legal permission. If the newsletter content is specifically described during registration, it is decisive for users’ consent. Otherwise, our newsletters contain information about our services and about us.

To subscribe to our newsletter, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter or further details if they are required for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter generally takes place using a so-called double opt-in procedure. This means that after registering you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s email address. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Likewise, changes to your data stored with the mailing service provider are logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. Processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called “block list”).

Logging of the registration procedure is carried out on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Content:

Information about us, our services, campaigns, and offers.

– Types of data processed: master data (e.g., names, addresses); contact data (e.g., email, phone numbers); meta/communication data (e.g., device information, IP addresses); usage data (e.g., websites visited, interest in content, access times).
– Data subjects: communication partners.
– Purposes of processing: direct marketing (e.g., by email or post).
– Legal bases: consent (Art. 6(1) sentence 1 lit. a GDPR).
– Right to object (opt-out): You can cancel receiving our newsletter at any time, i.e., withdraw your consent or object to further receipt. You will find a link to unsubscribe either at the end of each newsletter, or you can use one of the contact options listed above, preferably email.

Further notes on processing operations, procedures, and services:

– Measurement of open and click rates: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from their server. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior, based on their retrieval locations (which can be determined using the IP address) or access times.
Legal bases: consent (Art. 6(1) sentence 1 lit. a GDPR).

Web analysis, monitoring, and optimization
Web analysis (also referred to as “reach measurement”) is used to evaluate visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offering or its functions or content are most frequently used or invite reuse. We can also identify which areas require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize, for example, different versions of our online offering or its components.

Unless otherwise stated below, profiles may be created for these purposes, i.e., data summarized for a usage process, and information may be stored in a browser or end device and read from it. The data collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have agreed to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

Users’ IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored within the scope of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

– Types of data processed: usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
– Data subjects: users (e.g., website visitors, users of online services).
– Purposes of processing: reach measurement (e.g., access statistics, recognizing returning visitors); profiles with user-related information (creating user profiles).
Security measures: IP masking (pseudonymization of the IP address).
Legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing operations, procedures, and services:

– Matomo (without cookies): Matomo is a privacy-friendly web analytics software that is used without cookies and where the recognition of returning users is carried out using a so-called “digital fingerprint”, which is stored anonymously and changed every 24 hours. With the “digital fingerprint”, user movements within our online offering are recorded using pseudonymized IP addresses in combination with browser settings on the user side in such a way that conclusions about the identity of individual users are not possible. The user data collected within the use of Matomo is processed only by us and is not shared with third parties; legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); website: https://matomo.org/.

Presences in social networks (social media)
We maintain online presences within social networks and process users’ data in this context in order to communicate with users active there or to provide information about us.

We would like to point out that user data may be processed outside the European Union. This may pose risks for users, as enforcement of users’ rights could be more difficult, for example.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on users’ behavior and resulting interests. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to users’ interests. For these purposes, cookies are generally stored on users’ computers, in which users’ behavior and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective processing methods and objection options (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also in the case of access requests and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to users’ data and can take appropriate measures directly and provide information. Should you nevertheless need help, you can contact us.

– Types of data processed: contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
– Data subjects: users (e.g., website visitors, users of online services).
– Purposes of processing: contact requests and communication; feedback (e.g., collecting feedback via online form); marketing.
– Legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing operations, procedures, and services:

– Instagram: social network; service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy.
– Facebook Pages: profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data of visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or actions they take (see “Things you and others do and provide” in Facebook’s Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in Facebook’s Data Policy: https://www.facebook.com/policy). As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, so-called “Page Insights”, to page operators so that they can gain insights into how people interact with their pages and associated content. We have concluded a special agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates, in particular, which security measures Facebook must observe and in which Facebook agrees to fulfill data subject rights (i.e., users can, for example, direct access or deletion requests directly to Facebook). Users’ rights (especially to access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; standard contractual clauses (ensuring an adequate level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; further information: joint controllership agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data.
– Twitter: social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); privacy policy: https://twitter.com/privacy (settings: https://twitter.com/personalization).
– YouTube: social network and video platform; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); privacy policy: https://policies.google.com/privacy; opt-out option: https://adssettings.google.com/authenticated.

Plugins and embedded functions and content
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos, or city maps (hereinafter uniformly referred to as “content”).

Integration always requires that the third-party providers of this content process users’ IP addresses, because without the IP address they could not send the content to the users’ browsers. The IP address is therefore required for the display of this content or functions. We strive to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, time of visit, and other information on the use of our online offering, and may also be combined with such information from other sources.

– Types of data processed: usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
– Data subjects: users (e.g., website visitors, users of online services).
– Purposes of processing: provision of our online offering and user-friendliness.
– Legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing operations, procedures, and services:

– Google Fonts (provided from our own server): fonts (“Google Fonts”) for a user-friendly presentation of our online offering; provider: the Google Fonts are hosted on our server; no data is transmitted to Google; legal bases: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Changes and updates to the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or another individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and we ask you to verify the information before contacting them.

Rights of data subjects
As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

– Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
– Right to withdraw consent: You have the right to withdraw consent you have given at any time.
– Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to such data as well as further information and a copy of the data in accordance with legal requirements.
– Right to rectification: In accordance with legal requirements, you have the right to request completion of data concerning you or rectification of inaccurate data concerning you.
– Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted without undue delay or, alternatively, to request restriction of processing of the data.
– Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to request that it be transmitted to another controller.
– Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Definitions
In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are primarily defined in Art. 4 GDPR. The legal definitions are binding. The following explanations are intended primarily to aid understanding. The terms are listed alphabetically.

– Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
– Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information relating to demographics, behavior, and interests, such as interaction with websites and their content, etc.) in order to analyze, evaluate, or predict them (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.
– Reach measurement: Reach measurement (also known as web analytics) is used to evaluate visitor flows of an online offering and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website operators can, for example, recognize at what time visitors visit their website and which content they are interested in. This allows them, for example, to better adapt the website content to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis to recognize returning visitors and thus obtain more accurate analyses of the use of an online offering.
– Controller: The “controller” is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
– Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, whether collection, evaluation, storage, transmission, or deletion.

Created with Datenschutz-Generator.de by Attorney Dr. Thomas Schwenke: https://datenschutz-generator.de/

WordPress Cookie Plugin by Real Cookie Banner