This Privacy Policy clarifies the use, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online performance likewise on our websites, online features and content associated with them, as well as social media profiles (collectively referred to as "social media"). With regard to the terminology used, e.g. "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
AIDS Action Europe
c/o Deutsche AIDS-Hilfe e.V.
Wilhelmstr. 138
10963 Berlin, Germany
E-Mail: info@aidsactioneurope.org
Chief Executive Officer: Silke Klumb und Peter Stuhlmüller
Responsible concerning the Privacy Policy: Shabnam Abdullayeva shabnam.abdullayeva@aidsactioneurope.org
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means associated with personal data. The term goes far and includes practically every handling of data.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
According to Art. 13 GDPR we inform you about the legal basis of our data processing. Unless the legal basis is not stated in the privacy policy, following applies: The legal basis for collecting consents is Art. 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing and fulfilment our services and processing contractual measures, as same as reply on requests is Art. 6 (1) lit. b. GDPR, the legal basis for fulfilling our legal obligations is Art. 6 (1) lit. c. GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6 (1) lit. f. GDPR. In case essential interests of affected person or other natural person requires the processing of personal data, we refer to Art. 6 (1) lit. d. GDPR as legal basis.
If we disclose, transmit or otherwise grant access to data to other persons and companies (contract processors or third parties) while processing, it happens only on the basis of a legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) lit. b. GDPR to fulfill the contract). Therefore you have consented to a legal obligation or based on our legitimate interests (e.g. the use of webhosts, etc.).
Third parties can only process data on the basis of a so-called "job-processing contract" on the basis of Art. 28 GDPR.
If we process data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, it will happen only for the reason to fulfill our (pre) contractual obligations, which is on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country, happen only in the presence of the special conditions of Art. 44 et seq. GDPR. The processing of data occur based on specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized contractual obligations (so-called "standard contractual clauses").
You have the right to obtain from the controller confirmation as to whether data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
You have accordingly to Art. 16 GDPR the right to have the incomplete personal data completed or to obtain the rectification of inaccurate personal data.
In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted undue delay or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
You have the right to receive data referring to you, which you have provided to us, in accordance with Art. 20 GDPR and to request their transmission to other responsible persons.
You have according to Art. 77 GDPR the right to lodge a complaint with the competent supervisory authority.
You have the right to withdraw your consent in accordance with. Art. 7 (3) GDPR with effect for the future.
You have the right to object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.
“Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after their visit to a website. Temporary cookies, like "session cookies" or "transient cookies", are cookies that are deleted after a user leaves the website and closes his browser. Such cookies store contents of a shopping cart in an online store or a log-in session. The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the log-in status will be still saved if users visit it after several days. Likewise, such a cookie can store the interests of a user, which are used for range measurement or marketing purposes. The "third-party cookie" is offered by providers other than the person responsible for the online offer (otherwise, if there are just the cookies of the person responsible they are called "first-party cookies").
We can use temporary and permanent cookies and clarify this in the context of our privacy policy.
If users do not want cookies stored on their computer, they can disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this website.
A general objection to the use of cookies used for online marketing purposes are explained in a variety of services, especially in the case of tracking, via US-based website http://www.aboutads.info/choices/ or the EU-based website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that not all features of this website may be used in such a case.
The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us is deleted as soon as you it is no longer required for their purpose and the erasure does not conflict with any statutory storage requirements.
If the data is not deleted because it is required for other and legitimate purposes, its processing will be restricted. In this case, the data is blocked and will not be processed for other purposes. This applies, for example for data that must be kept for financial, commercial or tax reasons.
According to legal information in Germany, the retention ensue in particular for 6 years pursuant to § 257 paragraph 1 HGB (“Handelsgesetzbuch”: trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and § 10 paragraph 1 AO (books, records, management reports, and other), and 10 years pursuant to § 147 Abs. 1 AO (“Abgabenordnung”: books, records, management reports, accounting records, trade and business letters, tax documents, and others).
We host our website to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services, which we use to operate on the website.
We, respectively our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our online service on the basis of our legitimate interests in an efficient and secure provision of our website according to Art. 6 (1) lit. f GDPR in connection to Art. 28 GDPR (in conclusion of a job-processing contract).
We, respectively our hosting provider, collects based on our legitimate interests, according to Art. 6 (1) lit. f GDPR, data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be excluded from the erasing until the final clarification of the incident.
Users can create a user account. As part of the registration, the required mandatory information is accessible on their online profile. The data entered during registration will be used for the purpose of using the website service. Users may be informed by e-mail about their registration-related information, such as changes in the scope of the offer or technical circumstances. When users terminate their user account, their data will be deleted with regard to the user profile data, subject to their necessary storage is for commercial or tax law reasons according to Art. 6 (1) lit. c GDPR. It is the responsibility of the users to store their data upon termination before the end of the registration. We are entitled to irretrievably delete all user data stored during the term of the registration.
As part of the online website offer of our website registration and login as same as the use of user accounts, the IP address and the time of the respective user action will be saved. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. Transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 (1) lit. c GDPR. The IP addresses will be anonymized or deleted after 7 days at the latest.
When contacting us (for example, by contact form, e-mail, telephone or via social media) the information of the user is processed on the contact request and its processing in accordance with Art. 6 (1) lit. b GDPR. User information can be stored in a Customer Relationship Management System ("CRM System") or comparable request system.
We delete the requests, if they are no longer required. We check the necessity every two years; furthermore, there apply the legal archiving obligations.
The following paragraph gives you information about the content of our newsletter as well as its registration, mailing and statistical evaluation procedures such as the right of objection. By subscribing to our newsletter, you agree to receive it and to its related procedures which are described here.
Content of the newsletter: Newsletters, e-mails and other electronic notifications with work-related information (hereinafter just "newsletter") are distributed only with the consent of the recipient or a legal permission. By subscribing to AAEs’ newsletter you receive concretely description on its receipt; they are authoritative for the consent of the users. Incidentally, our newsletter contains information about our work and us.
Double opt-in and logging: The registration process to our newsletter is done by a so-called double-opt-in procedure. After registration, you receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with your personal e-mail addresses. The registration for the newsletter will be logged in order to prove the registration process according to its legal requirements. This includes the storage of the registration and the confirmation time, as well as the IP address. Likewise, all changes to your data stored at the shipping service provider are logged, too.
Registration data: In order to register for the newsletter, it is sufficient to enter your e-mail address.
The distribution of the newsletter and the associated performance statistics is based on the consent of the recipient according to Art. 6 (1) lit. a and Art. (7) GDPR.
The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 (1) lit. f GDPR. We are interested in a user-friendly and secure newsletter system, which serves both our business interests and the expectations of the users. Furthermore, it also allows us to prove our consent.
Withdrawal/unsubscribe - You may cancel the receipt of our newsletter at any time, respectively you can withdraw your consent at any time. The link to unsubscribe from the newsletter can be found at the end of each newsletter. We may save the submitted email addresses for up to three years based on our legitimate interests before deleting them for the purpose of sending out newsletters in order to provide evidence of prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of consent is confirmed.
If you would like to receive the newsletter we offer, we need your e-mail address and further information that allows us to verify your address to receive the newsletter.
The newsletter provider is MailChimp®. The system transmit your data to MailChimp. MailChimp is prohibited from selling and using your data for purposes other than sending newsletters. It is a certified provider, which was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
MailChimp’s privacy policy: https://mailchimp.com/legal/privacy/
MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. They are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view their certification, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.
MailChimp is responsible for the processing of data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. They comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
As part of the Google analytics range analysis the following data is processed, based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online performance as defined in Art. 6 (1) lit. f GDPR): the type of browser you use and the browser version, the operating system you are using, your country of origin, the date and time of the server request, the number of visits, how long you have spent on the site, and the external links you have activated. The IP address of the users is anonymized before being saved.
Google analytics privacy policy: https://policies.google.com/privacy
Google analytics uses cookies that are stored on users' computers and that allow an analysis of how users use our website offer. In this case, pseudonymous usage profiles can be created from the processed data. The cookies have a retention period of one week. The information generated by the cookie about your use of this website will only be stored on our server and will not be passed on to third parties.
We maintain online performance within social media in order to communicate with members, partners and other active users active and to inform them about our work. When opening our profile at the social media platforms, the terms and conditions and data processing guidelines apply of the social media operators.
The users' data is processed as long as they communicate with us within social networks and platforms, e.g. writing posts on our social media profile or send us messages, unless otherwise stated in our privacy policy.
We use Google “ReCaptcha” to detect bots, e.g. when entering into online forms. "ReCaptcha" us provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Within our website, feature content of Twitter services may be incorporated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These are content such as images, videos, or text and buttons that users use to promote their content, subscribe to content creators, or subscribe to our posts. If users are registered members of Twitter, Twitter may collect the performance content and features to this users’ profile. Privacy Policy of Twitter: https://twitter.com/en/privacy. Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Opt-Out: https://twitter.com/personalization.
Berlin, May 2018