Privacy

Introduction

With the following privacy policy we would like to inform you about which types of personal data (hereinafter also referred to as “data”) we process for what purposes and to what extent The privacy policy applies to all processing of personal data carried out by us, both within the framework the provision of our services as well as in particular on our web pages, in mobile applications as well as within external online presence, such as our social media profiles (collectively referred to as “online offer”).

As of: September 28, 2019

Responsible

Susanne Rohland, Am Treptower Park 24, 12435 Berlin/ Germany

E-mail address: webmaster@faktencheckhellas.org

Contact Data Protection Officer

webmaster@faktencheckhellas.org

Overview of the processing

The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.

Types of processed data

  • Content data (e.g., text input, photographs, videos).
  • Contact information (e.g., e-mail, phone numbers).
  • Meta / communication data (e.g., device information, IP addresses).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Categories of affected persons
  • Users (e.g., website visitors, online service users).
  • Purposes of processing
  • Providing our online offer and user-friendliness.
  • Feedback (e.g., collecting feedback via online form).
  • Tracking (e.g., interest / behavioral profiling, use of cookies).
  • Contractual services and service.

Relevant legal bases

In the following, we share the legal basis of the General Data Protection Regulation (DSGVO), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations may apply in your home or country of residence.

  • Consent (Article 6 (1) (1) (a) GDPR) – The data subject has consented to the processing of personal data relating to him for a specific purpose or several specific purposes.
  • Legitimate interests (Article 6 (1) (1) (f) of the GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject protecting personal security Data require, outweigh.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Bundesdatenschutzgesetz – BDSG). In particular, the BDSG contains special rules on the right of access, the right of cancellation, the right to object, the processing of special categories of personal data, processing for other purposes and for transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.

Safety measures

We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different likelihoods of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through privacy-friendly presettings.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You will recognize such encrypted connections with the prefix https: // in the address bar of your browser.

Use of cookies

“Cookies” are small files that are stored on users’ devices Cookies can be used to store various information, such as the language settings on a website, the login status, a shopping cart or the location where a video is viewed was, belong.

Cookies are generally also used when the interests of a user or his behavior (for example, viewing specific content, use of functions, etc.) are stored on individual websites in a user profile. Such profiles serve to provide users with e.g. View content that matches your potential interests. This method is also referred to as “tracking,” that is, tracking the potential interests of users. The term “cookies” also includes other technologies that perform the same functions as cookies (for example, when user information is stored using pseudonymous online identifiers, also known as “user IDs”).

If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy.

Information about legal bases: On which legal basis we process your personal data with the help of cookies, depends on whether we ask you for a consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the informed consent. Otherwise, the data processed by means of cookies will be processed on the basis of our legitimate interests (for example, in the course of a business operation of our online offer and its improvement) or, if the use of cookies is required, in order to fulfill our contractual obligations.

Withdrawal and opposition (opt-out): Regardless of whether the processing is based on a consent or legal permission, you have at any time the possibility to revoke a given consent or to object to the processing of your data by cookie technologies (collectively referred to as ” Opt-out “).

You may initially declare your disagreement through the settings of your browser, for example by disabling the use of cookies (which may also limit the functionality of our online offer).

An objection to the use of cookies for online marketing purposes can be made through a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/ or generally explained on http://optout.aboutads.info.

Processing of cookie data on the basis of a consent: Before we process or process data within the scope of the use of cookies, we ask the users for an always revocable consent. Before consent has been given, cookies may be used that are necessary for the operation of our online offer. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.

  • Types of data processed: usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Legal basis: Consent (Article 6 (1) (1) (a) GDPR), Legitimate interests (Article 6 (1) (1) (f) of the GDPR).

Provision of the online offer and web hosting

To provide our online offer safely and efficiently, we use the services of one or more web hosting providers whose servers (or servers managed by them) can access the online offer. For these purposes, we may use infrastructure and platform services, computing capacity, storage and database services, as well as security and technical maintenance services.

The data processed in the provision of the hosting offer may include all information relating to the use and communication of the users of our online offer. This includes, on a regular basis, the IP address necessary to deliver the content of online content to browsers, and all submissions made within our online offer or web pages.

E-Mail-Delivery and -Hosting: The Webhosting services we rely on also include sending, receiving and storing e-mails. For these purposes the addresses of the recipients as well as sender as well as further information concerning the e-mail dispatch (for example the participating providers) as well as the contents of the respective e-mails are processed. The aforementioned data may also be processed for purposes of SPAM detection. We ask you to note that e-mails on the Internet are generally not encrypted. As a rule, e-mails are encrypted on the transport route, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore take no responsibility for the transmission of emails between the sender and the reception on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The server logfiles can contain the address and name of the retrieved web pages and files, the date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses. Addresses and the requesting provider belong.

The server log files can be used for security purposes, for example, to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and second, to ensure the utilization of the servers and their stability.

Processed data types: content data (e.g., text input, photographs, videos), usage data (e.g., visited web pages, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
Affected Persons: Users (e.g., website visitors, online service users).
Legal basis: legitimate interests (Article 6 (1) sentence 1 (f) of the DSGVO).

Plugins and embedded functions

We incorporate functionality and content into our online offering sourced from their respective vendors’ servers (hereafter referred to as “third party vendors”), such as graphics, videos, social media buttons, and posts (hereafter referred to as “third party”) uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We endeavor to use only those content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and the operating system, websites to be referenced, time of visit, and other information regarding the use of our online offer.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the consent. Otherwise, users’ data will be processed based on our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: usage data (eg visited websites, interest in content, access times), meta / communication data (eg device information, IP addresses), contact data (eg e-mail, telephone numbers), content data (eg text input, photographs, videos) ,
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Purposes of Processing: Providing our online offering and usability, contractual services and services, tracking (e.g., interest / behavioral profiling, use of cookies), feedback (e.g., collecting feedback via online form).
  • Legal basis: legitimate interests (Article 6 (1) sentence 1 lit. DSGVO), consent (Article 6 (1) sentence 1 (a) GDPR).

Deployed services and service providers:

  • Google Fonts: We incorporate the fonts (\ “Google Fonts \”) of the provider Google, with the users’ data solely for purposes of displaying the fonts in the Browser the user will be used. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their consistent presentation and taking into account possible licensing restrictions for their integration. Service Providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active.
  • Shariff: We use the privacy-protected “Shariff” buttons. “Shariff” is designed to allow more privacy on the network and replace the usual “share” buttons on social networks. In this case, not the user’s browser but the server on which this online offer is located establishes a connection to the server of the respective social media platforms and asks, for example, the number of likes. The user remains anonymous. More information about the Shariff project can be found at the developers of the magazine c’t: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html; Service Provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany; Website: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html; Privacy Policy: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html.

Deletion of data

The data processed by us will be deleted in accordance with legal requirements as soon as their consent for processing is revoked or other authorizations cease to exist (for example, if the purpose of the processing of this data has ceased to apply or if they are not necessary for the purpose).

Unless the data is deleted because it is necessary for other and legitimate purposes, its processing is limited to these purposes. That is, the data is locked and not processed for other purposes. This applies, for example for data that must be retained for commercial or tax law reasons or that is required to be stored in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data may also be provided in the context of the individual data protection notices of this privacy policy.

Modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the Privacy Policy as soon as the changes to the data processing we make require it. We will notify you as soon as the changes require your participation (eg consent) or other individual notification.

Rights of data subjects

As GDPR affected party, you are entitled to various rights, in particular from Articles 15 to 18 and 21 GDPR:

  • Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you which, on the basis of Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
  • Withdrawal with consent: You have the right to revoke granted consent at any time.
  • Right to information: You have the right to request a confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copying of the data in accordance with legal requirements.
  • Right to correction: You have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you in accordance with the legal requirements.
  • Right to deletion and limitation of processing: You have the right, in accordance with the statutory provisions, to demand that data relating to you be deleted immediately, or, alternatively, to demand a restriction of the processing of the data in accordance with the statutory provisions.
  • Right to data portability: You have the right to access data relating to you which you have provided to us in accordance with the legal requirements of the law to obtain in a structured, common and machine-readable format or to request their transmission to another person in charge.
  • Complaint to the supervisory authority: You also have the right, in accordance with the legal requirements, to a supervisory authority, in particular in the Member State of your usual place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

Definitions

This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended above all to aid understanding. The terms are sorted alphabetically.

  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
  • Tracking: “Tracking” is when the behavior of users across multiple online offers can be traced.As a rule, with regard to the online offers used behavior and interest information stored in cookies or servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
  • Responsible person: “Responsible person” means the natural or legal person, public authority, institution or other body which, alone or together with others, decides on the purposes and means of processing personal data.
  • Processing: “Processing” means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term covers a wide range and covers practically every handling of data, be it collection, evaluation, storage, transfer or deletion.

Created with Datenschutz-Generator.de by Dr. med. jur. Thomas Schwenke, translated with Google translate and human brain (Found some mistake? Head over to webmaster@faktencheckhellas.org)

Kurzlink: https://faktencheckhellas.org/?p=951