Data Protection of Wir für Zukunft e.G.

Privacy is important to us, so you can find our data protection policy here.

§1 Information on the collection of personal data

In the following, we inform you about the collection of personal data when using our website. Personal data is any data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.

This website contains links to other websites. This privacy policy only applies to this website. We are not responsible for the privacy practices or the content of the linked websites. For more information, please read their own privacy statements.

The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is Wir für Zukunft eG (hereinafter “BNB”), Gipsstraße 3, 10119 Berlin, Germany.

When you contact us by e-mail ([email protected]) or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

You will find an explanation of the legal terms used in the GDPR at the end of this privacy policy.

§ 2 General information on data processing

Scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

Overview of the legal basis for processing 

Art. 6 I lit. a GDPR serves as our legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of requests for services.

If our BNB is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.

In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.

Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of a legitimate interest of BNB or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR). If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees.

Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

§ 3 Provision of the website and creation of log files

Description and scope of data processing


Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
Information about the type of browser and the version used.

  • The user’s operating system
  • The user’s internet service provider
  • The IP address of the user
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites that are accessed by the user’s system via our website
     

This data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that enable the data to be assigned to a user. This data is not stored together with other personal data of the user.

Legal basis for data processing 

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.

Purpose of data processing 

The purpose of creating log files is to simplify the use of websites for users and to ensure the stability of the website display.

Duration of storage 

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Possibility of objection and removal 

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

§ 4 Contact form and e-mail contact

Description and scope of data processing

Our website contains a contact form which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

  • The IP address of the user
  • Date and time of registration 

 

For the processing of the data, your consent is obtained during the submission process and reference is made to this data protection declaration. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his or her consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Duration of storage 

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process is deleted after a period of seven days at the latest.

Possibility of objection and removal 

The user has the option of revoking his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

§ 5 Newsletter

Description and scope of data processing

On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. In addition, the following data is collected during registration:

  • IP address of the calling computer
  • Date and time of registration
  • First and last name
     

For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. No data will be passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data is used exclusively for sending the newsletter.

Legal basis for data processing

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR if the user has given his or her consent.

Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests in order to prove that it was carried out in accordance with the law.

Purpose of the data processing 

The purpose of collecting the user’s email address is to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. Furthermore, the newsletter is used for direct marketing purposes.

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in paragraph 1 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. The data is only collected pseudonymously, i.e. the IDs are not linked to your other personal data, a direct personal reference is excluded.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is usually deleted after a period of seven days.

Possibility of objection and removal 

You can revoke your consent to the processing of your data at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, via this form on the website, by e-mail to [email protected] or by sending a message to the contact details given in the imprint.

Services used and service providers 

We use the Mailchimp service as an e-mail marketing platform to send the newsletter. The service provider behind this is “Mailchimp” – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Website; Privacy Policy .

The guarantee of the level of data protection when processing data in the USA results from the Privacy Shield certification of Mailchimp.

§ 6 Other plugins and embedded functions and content from Google Ireland Limited

Description, scope and purpose of data processing

To manage the use of cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner.” You can find details on the functioning of “Real Cookie Banner” at https://devowl.io/de/rcb/datenverarbeitung/. The legal basis for processing personal data in this context are Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and related consents. Providing personal data is neither contractually required nor necessary to conclude a contract. You are not obliged to provide personal data. If you do not provide personal data, we cannot manage your consents.

We use content or service offers from Google Ireland Limited within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

In addition, we use ReCaptcha, which evaluates the behavioural data of users (e.g. mouse movements or queries) for us in order to be able to distinguish humans from bots. 

Legal basis for data processing 

If we ask users to consent to the use of third-party providers, the legal basis for the processing of data is consent (Art. 6 para. 1 lit. a GDPR). Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services) (Art. 6 para. 1 lit. f GDPR). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Services used and service providers

When entering forms, we use the ReCaptcha service to detect bots. We use the YouTube service to implement videos. The service provider behind this is “Google Ireland Limited”, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Website; Privacy Policy.

The guarantee of the level of data protection when processing data in the USA results from the respective Privacy Shield certification .

Opt-out and removal options

Google offers an opt-out plugin as well as special settings for the display of advertisements as an objection option.

§ 7 Operation of a Facebook fan page

Description and scope of data processing 

Within the framework of the visit to our Facebook-Fanpage

data about you may be collected by Facebook through cookies, whether or not you have a Facebook account. Cookies are set by Facebook primarily in order to be able to display personalised advertising to visitors to Facebook websites, including a fan page. This is done by showing the user ads on Facebook from Facebook’s advertising partners whose websites the user has previously visited. Cookies also make it possible to create statistics about the use of a fan page, so that Facebook and we can track the use of a fan page.

Processed data are inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. web pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

Your data may be transferred to Facebook Inc. in the USA through Facebook’s cookies. Facebook is certified for the EU-US Privacy Shield, i.e. Facebook must adhere to a data protection standard towards users in Europe that has been found comparable to the European standard by the European Commission.

Legal basis for data processing 

The legal basis for this data processing is our legitimate interests (Art. 6 para. 1 lit. f GDPR).

Purpose of data processing

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in the data protection notices from Facebook and the Privacy Policy  of Facebook.

Joint responsibility, duration of storage 

We have entered into the binding agreement (so-called “Controller Addendum”) with Facebook pursuant to Art. 26 (1) sentence 2 of the GDPR between joint controllers, in which in particular the obligations under data protection law and the implementation of data subject rights are agreed. This agreement can be downloaded from the website of Facebook  or by post at the address provided above.

As the operator of this fan page, we are also the responsible party in the sense of data protection law. This means that we must also ensure that your data is processed lawfully via this Fanpage and that you can also exercise your rights regarding your data against us. By way of joint responsibility (pursuant to Article 26 (1) sentence 1 of the GDPR), we are jointly responsible for data processing with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can contact Facebook via their Contact form.  

Possibility of objection and removal 

You can assert your data subject rights both against Facebook and against us. We are obliged by the Controller Addendum to forward these requests to Facebook without delay, but at the latest within 7 calendar days. Therefore, we would like to point out that in the case of information requests and the assertion of data subject rights, these can most effectively be asserted directly with Facebook. Only Facebook has direct access to your data and can take appropriate measures and provide information directly. To contact Facebook, it is best to use the Facebook contact form already mentioned.

The data subject has the option of restricting the linking of the collected data with relevant advertising content by Facebook. To do this, you can use the Opt-Out-options. 

You can also download your own Facebook data directly from Facebook (download the so-called “extended archive” in your account settings).

The guarantee of the level of data protection when processing data in the USA results from the Privacy Shield certification of Facebook.

§ 8 Data processing by third parties

We work with Datadat GmbH as a data controller of payment related information about the donors in order to be able to reconnect with the donors during their process of donation and have their user experience enhanced, and assist them to have their donations completed. The data controller role of Datadat GmbH is purely limited to payment related information, and this information cannot be and will not be sold to third parties. As part of this role, Datadat GmbH stores cookie information, contact information (name, email) and tokenized, de-identified bank card and / or bank account information separated from our own database. The related Privacy Policy of Datadat GmbH is available here: datad.at/lunda/privacy-policy/

§ 9 Ordering and shipping a board game

Description and scope of data processing 

As part of a campaign, the board game “Mensch ärgere die AfD” can be ordered on our website. For this purpose, we process data of our contractual and business partners, customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships and related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries.

We process this data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information and rights (e.g. to involve telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this privacy policy.

We process the data of our customers in particular in order to enable them to select, purchase or order the selected products, goods and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution to our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the order or comparable purchase process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultations;

The types of data processed include inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, telephone numbers); contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).

Legal basis for data processing 

The legal basis for this data processing is the fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); and Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Purpose of data processing

The purpose of data processing is the provision of contractual services and fulfilment of contractual obligations; security measures; contact requests and communication; office and organizational procedures; administration and answering inquiries.

Joint responsibility, duration of storage 

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law as well as for trading books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting records, and six years for commercial and business letters received and reproductions of commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting document was created, the record was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Services used and service providers 

To fulfill our contractual obligations, we work together with a fulfillment center and a service provider for the coordination of game production and shipping (website; privacy policy).

Possibility of objection and removal 

You can withdraw your consent to the processing of your data at any time. You can declare your revocation by sending an e-mail to [email protected] or by sending a message to the contact details given in the imprint.

§ 10 Your rights

Under the General Data Protection Regulation, you have the rights listed below. Please understand that individual rights may be restricted in certain cases. Should this be the case, we will inform you of the reason.

Right of revocation (Art. 7 para. 3 GDPR)

In accordance with Art. 7 (3) of the GDPR, you have the right to revoke your consent at any time.

Right to information (Art. 15 GDPR) 

You may request information in accordance with Art. 15 GDPR about your personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information may be restricted in certain circumstances in accordance with the law.

Right to rectification (Art. 16 GDPR)

If the information concerning you is not (or is no longer) accurate, you may request a correction in accordance with Art. 16 of the GDPR. If your data is incomplete, you can request that it be completed.

Right to erasure (Art. 17 GDPR)

You can request the deletion of your personal data under the conditions of Art. 17 GDPR. Your right to erasure depends, among other things, on whether the data relating to you is still needed by us to comply with a legal obligation.

Right to restriction of data processing (Art. 18 GDPR) 

Within the framework of the provisions of Art. 18 GDPR, you have the right to request restriction of the processing of data relating to you.

Right to data portability (Art. 20 GDPR) 

In accordance with Art. 20 of the GDPR, you have the right to receive your data that you have provided to us in a structured, common and machine-readable format.

Right to object (Art. 21 GDPR) 

In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of data relating to you if we process your data on the basis of Art. 6(1)(e) or (f) GDPR or if we process your data in order to carry out direct marketing.

To exercise your rights referred to in para. 1, please contact us at the contact address stated under § 1 para. 4.

If you are of the opinion that we have not complied with data protection regulations when processing your data, you can lodge a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR. The competent data protection authority is The Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Straße 22, 20459 Hamburg. 

§ 11 Definitions

A) Personal data 

This privacy statement uses terms from the (GDPR), which are listed below to ensure readability and comprehensibility.

B) Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

C) Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

D) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

E) Profiling

Profiling shall mean any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

F) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

G) Controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

H) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

I) Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

J) Third party

Third party means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

K) Consent

Consent is any freely given specific and informed indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

§ 12 Data Protection

We have taken appropriate technical and organisational measures to ensure adequate security of your personal data. This applies in particular to protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

§ 13 Amendment of the privacy policy and concluding remarks

This privacy policy may be amended from time to time, e.g. to adapt it to legal framework conditions or actual circumstances. Any changes to the privacy policy will be published by us on this page.

This data protection declaration is up to date as of 25.02.2020.

Interested?

Support us directly

Keep in touch...