You are here:

Data protection

1. Prologue

Thank you for your interest in action medeor.

An essential principle of the German Medicines Relief Agency action medeor e.V. is to respect and protect your personal rights and freedom as well as your right to informational self-determination to the highest degree. This also applies to the handling of your personal data when you visit our website.

Our website may contain links to other providers. Our privacy policy does not apply to these links or to the content of the websites of other providers.

We collect, process and use personal data only in compliance with the necessary data security and the applicable legal requirements.

The definition of the most important terms in terms of the European General Data Protection Regulation can be found in particular in Article 4 of the General Data Protection Regulation (GDPR). There, the legislator has defined the terms.

2. Abbreviations

GDPR = General Data Protection Regulation

art. = Article
para. = Paragraph
lit. = Littera (Letter)

3. name and address of the responsible person

.

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union, as well as other provisions of data protection law, is:

Deutsches Medikamenten-Hilfswerk action medeor e.V.

Address

St. Töniser Straße 21
47918 Tönisvorst

Contact

Phone: 02156 9788-100
Fax: 02156 9788-88
E-Mail: info@medeor.de

Board and Presidium

Board of Directors: Sid Johann Peruvemba, Christoph Bonsmann
President: Siegfried Thomaßen
Vice President: Dr. Thomas Menn

4. Contact details data protection officer

You can reach our internal data protection officer at the e-mail address: datenschutzbeauftragter@medeor.de or by mail via our postal address. In the latter case, please mark the envelope with "Data Protection Officer".

5. General information on data processing

5.1 Purpose of the processing of personal data

As a matter of principle, we process your personal data only insofar as this is necessary for the provision of a functional website and for the use of the contents of the website and our services. The processing of personal data only takes place if the lawfulness of the processing is given. This is either given by your consent or if the processing is permitted by legal regulations.

5.2 Legal bases for the processing of personal data

We process your data in compliance with the provisions of the Basic Data Protection Regulation, the Federal Data Protection Act and all other relevant regulations.

The legal basis of the processing is found in particular in Article 6 of the GDPR as follows:

Art. 6 para. 1 lit. a (GDPR)

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Art. 6 para. 1 lit. b (GDPR)

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Art. 6 para. 1 lit. c (GDPR)

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c of the GDPR serves as the legal basis.

Art. 6 para. 1 lit. d (GDPR)

If vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis.

Art. 6 para. 1 lit. e (GDPR)

According to Art. 6 (1) sentence 1 e) of the GDPR, the processing of personal data is also lawful if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Art. 6 para. 1 lit. f (GDPR)

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

5.3 Data deletion and storage period

The personal data of the data subject will generally be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. This regularly results from, for example, legal obligations to provide proof and to retain data, which are regulated, among other things, in the German Commercial Code and the German Fiscal Code. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data, for example, for the conclusion or fulfillment of a contract, during the period in which legal claims can be asserted against us (statutory limitation period, defense purposes), or if you give us consent beyond this. In addition, there may also be a legitimate interest in the continued storage of your personal data with strict regard to your personal rights and freedoms. In this context, the rights to which you are entitled, such as the assertion of a claim for deletion or the revocation of consent on your part, are always taken into account. The rights to the deletion of your personal data arise in particular from Article 17 of the GDPR.

5.4 Automated decision making including "profiling"

Automated decision making

A decision based exclusively on automated processing exists in particular if no evaluation of the content and decision based thereon has been made by a natural person (so-called automated individual decision, for example, by scoring).

"Profiling"

Any type of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location).

No "automated decision-making" or "profiling" takes place via our website.

5.5 Obligation to provide the data

There is no contractual or legal obligation to provide personal data when visiting our website or when using any services offered by us on our website. You provide us with your data, such as your IP address, voluntarily. If you do not provide us with your data, you may not be able to visit our website or use any services offered by us on our website. If technically necessary cookies cannot be executed, this may result in possible malfunctions on our website.

5.6 Recipients or categories of recipients of the data

Your data will be processed within action medeor e.V., i.e. internally, only by the employees involved in the respective business processes and by the management. This may also include employees and offices that perform tasks centrally within our organization.

Service providers who assist us with the described purposes, tasks and duties

If necessary, we use service providers, so-called order processors. This is done only in compliance with the applicable legal requirements. Processors are not third parties according to the GDPR. Our data processing is carried out to a large extent using so-called "hosting service providers" who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. It can happen with all functionalities of our website as well as our website itself (required web space) that personal data is transferred to "hosting service providers". These service providers either process data exclusively in the European Union or we have guaranteed an adequate level of data protection, for example, with the help of the European standard data protection clauses.

Disclosure of data to third parties outside our company

Your personal data will only be transferred to third parties outside our company if this is legally permissible.

It is legally permissible:

  • with the effective consent of the data subject,
  • for the performance of a contract to which the data subject is a party,
  • to carry out pre-contractual measures at the request of the data subject,
  • for the establishment, performance and termination of the employment relationship,
  • in order to comply with a legal obligation to which the controller is subject,
  • to safeguard the legitimate interests of the controller or a third party, unless such interests are overridden by the data subject's legitimate interests or fundamental rights and freedoms
  • for the protection of vital interests of the data subject or another natural person, or for the performance of official tasks entrusted to the controller.

The establishment of joint control in connection with the transfer of data must be secured by means of a joint control agreement pursuant to Art. 26 GDPR.

Transfer of data to third countries

If we transfer personal data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements.

5.7 Categories of data processed

As soon as you visit our website, our system automatically collects information from the computer system of the calling computer. Details can be found in particular under "Provision of the website". Should it also be necessary to process your data for the services offered by us for you on our website, you will also find the details of the services under the respective notes within this privacy policy.

5.8 Data security

For security reasons and to protect your data, we use SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption when you visit our website.

5.9 Note

Deviating or possibly additional information to the aforementioned can be found in the respective individual explanations of the privacy policy, if applicable.

6. provision of the website

6.1 Description and scope of processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected in particular:

  • the IP address,
  • the element that was addressed when the page was called,
  • via which protocol the page was accessed,
  • the browser and the version,
  • Date and time of the call of the web page,
  • Amount of data sent in bytes,
  • from which source or which reference you came to the website.

The data is stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

6.2 Legal basis of the processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f European Data Protection Regulation.

6.3 Purpose of the processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored at least for the duration of the session. We store the non-anonymized IP address in log files for 14 days to ensure the security of our website.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems.

The above-mentioned purposes are also our legitimate interest in data processing pursuant to Art. 6 (1) lit. f of GDPR. An evaluation of the data for marketing purposes by us does not take place in this context.

6.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the log files are stored in such a way that an assignment of the calling client is no longer possible. The non-anonymized IP address is deleted after 14 days. What remains after the 14 days is an anonymized IP address, which no longer has any personal reference and is deleted at the latest after the purpose has been achieved.

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation and security of the website. Consequently, there is no possibility for the user to object.

Job processing

We have concluded an order processing contract with our web hosters.

7. Cookies

7.1 Description and scope of data processing

Our Internet pages use so-called "cookies". Cookies are small text files that the website provider stores in the workspace of the visitor's computer. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device.

Session cookies are automatically deleted at the end of your visit. Permanent or persistent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted, for example by your web browser.

In addition to our own cookies (first-party cookies), some cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies).

A distinction must therefore be made between:

  • Session cookies, which are temporary cookie files that are automatically deleted when you close your browser.
  • Permanent cookies, which are stored until they are actively deleted or automatically removed after a certain time.
  • First-party cookies that are set directly by us.
  • Third-party cookies set by a third-party provider whose services we use.

Depending on their function and purpose, cookies can be divided into categories. The categories are essentially the essential (absolutely necessary), the statistical, the marketing and the external media cookies.

Of course, you can refuse the use of cookies or adjust them via your preferences.

Detailed information on the individual cookies used on our website (including the purpose of the cookie and, where applicable, the recipients of the information collected using the cookie) can be found below.

External media

Statistics

Marketing

Essential

7.2 Legal basis of data processing

The legal basis for the processing of personal data of the necessary or technically necessary cookies is Article 6 (1) lit. f GDPR from legitimate interest.

The website operator has a legitimate interest in the storage of cookies, among other things, for the technically error-free and optimized provision of its website and its services, taking into account your personal rights and freedoms.

The use of cookies beyond this is based on your lawfully granted consent, Article 6 para. 1 lit a. GDPR.

7.3 Purpose of the data processing

Cookies can be used for different purposes.

Essential or necessary cookies help to administer a website or make it usable by enabling basic functions such as page navigation, forms, and access to secure areas of the website. The website cannot function properly without these cookies. Essential cookies do not require consent.

  • Functional cookies (essentials) are used to provide you with standard services on our pages. Without the use of functional cookies, the website functions only in a very limited way and may be faulty.
  • Optimization cookies (statistics) allow us to analyze the use of our website. The analysis helps us to improve or optimize our services and the products and services we offer. Optimization cookies also help us to measure the web audience so that we can ensure our profitability, among other things.
  • Personalization cookies allow us to recognize your personal preferences, such as your preferred language. We use these cookies to improve the user experience and provide you with a personalized experience, such as personalized advertising.
  • Security-related cookies are cookies (essentials) that are necessary to protect the website against attacks and prevent fraud attempts.
  • Third-party cookies (statistics, marketing, external media, essentials) enable us and you to use certain services provided by a third-party company (for example, cookies for processing payment services).

7.4 Duration of storage, objection and elimination options

The session cookies used are necessary for the functionality of our website and are deleted when you end your visit to our website. If cookies are used that require your consent, this can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. Cookies that have already been stored can be deleted at any time. When deactivating cookies, the functionality of this website may be limited.

8. YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube may store various cookies on your terminal device. These cookies allow YouTube to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. The cookies remain on your terminal device until you delete them.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

For more information on the handling of user data, please see YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

9. google analytics (web analytics)

If you have activated the Google Analytics service in our cookie policy, this website uses functions of the Google Analytics web analytics service, including the Analytics advertising functions.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as for example

  • Pages called
  • Your behavior on the page (clicks, scrolling behavior and dwell time)
  • Your approximate location (country and city)
  • Operating systems used
  • Technical information, such as browser, internet service provider, browser used, screen resolution
  • Origin of the user (via which website or advertising medium he came)

This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior, for example cookies or device fingerprinting (information that is collected via the software and hardware of a remote computer device for the purpose of identification). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (for example, consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Job processing

We have concluded an order processing contract with Google.

Storage duration

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. Details on this can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de.

10. Google Maps

This site uses the map service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

11. Google Tag Manager

For the delivery of online advertising and the integration of external partners, we use the Google Tag Manager. This allows us to control the delivery of online advertising. This tool works without cookies, but nevertheless requires a transmission of IP addresses to Google. Here, a measurement of the use and the use of the tag manager takes place. The anonymization of the IP address before forwarding to Google has been activated by us. The legal basis for the data processing is Art. 6 para. 1 p. 1 f) GDPR. The deletion of the accrued data takes place after two years.

12. donation forms (Fundraisingbox)

12.1 Description and scope of processing

On our website you have the possibility to donate to us by providing your personal data.

In order for you to be able to send us your contact and payment data in particular to carry out your desired donation, we use the "Fundraisingbox" service of Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany.

Personal data required for online donations via the online form are the personal title you request, your first and last name, your address if applicable, your e-mail address as well as your credit card data or bank account data if you opt for direct debit as well as the donation amount, the donation frequency as well as a keyword to allocate the donation.

Optionally, you can provide your phone number, add a message as well as ask for a donation receipt and/or indicate your company if you wish to donate on its behalf.

This data is stored and processed for us on servers of Wikando GmbH, so that we can view the donation data you entered in the online form and provide you with a donation receipt upon request.

With the online donation on the website, we will also store your IP address and the date and time of submission of the donation form.

The payment data is transferred directly to the respective payment service provider using an encrypted connection.

Current information about the security procedure used can be found here: https://www.fundraisingbox.com/security.

Donate by direct debit

If you donate by direct debit, the data will be stored on the servers of Wikando GmbH so that action medeor can execute the direct debit.

Donate by credit card

If you donate by credit card, your credit card data is sent exclusively via 256-bit SSL encryption to the web payment frontend of the company Micropayment, where the correctness of the card data is checked with the respective credit card company and creditworthiness and validity are verified. We do not receive your credit card data and are only informed about the successful payment.

Donate via PayPal

If you save via PayPal, you will be redirected to PayPal's website after submitting the donation form, where you can complete the donation in the usual way. We do not receive your account details and are only informed about the successful payment.

12.2 Legal basis of the processing

The legal basis of the processing of your personal data is based on Art. 6 para. 1 sentence 1 lit b GDPR (contract or contract initiation) and on Article 6 para.1 sentence 1 lit f GDPR.

12.3 Purpose of the processing

The processing of your personal data is necessary for the initiation, execution and fulfillment of the donation contract that you conclude with us via the online form provided on our website, Art. 6 para. 1 sentence 1 lit b of the GDPR (contract or contract initiation). The processing of your data for the execution of the donation beyond the necessary data such as a message sent by you to us as well as your IP address is carried out for legitimate interest Art. 6 para. 1 sentence 1 lit. f of GDPR.

For example, our legitimate interest is to respond to your message.

.

We process your IP address for our security in the event that a third party registers on our website without your knowledge or misuses your personal data.

12.4 Duration of storage

.

As soon as we no longer need your personal data for the aforementioned purpose, it will be deleted immediately. This is usually the case after the expiration of the three-year statute of limitations, beginning with the end of the year in which you donated to us.

Because we are also subject to statutory retention obligations, your personal data will be blocked after the statute of limitations has expired and deleted after a total of ten years, beginning with the end of the calendar year in which the donation was made.

Your IP address will be deleted within seven days of making the online donation.

12.5 Possibility of objection and removal

.

There is no possibility to object to this data processing, as the processing of the data is mandatory for abuse prevention and after prosecution.

12.6 Order processing

We have entered into an order processing agreement with our service provider

12.7 Consequences of not providing your personal data

You are not obliged to provide your data for the purposes described above. However, in the event that you refrain from providing it, we cannot guarantee that we will be able to offer you the benefits associated with a gift agreement in the desired form.

12.8 Additional information about use of your donor information

As a non-profit organization, after you have made a donation, we use the data you have provided to us for the purpose of soliciting donations. This is your address data as well as your e-mail contact. If you have not objected to the use of your data in this context, we will send you information about our charitable and benevolent work and our donation projects. We expressly assure you that your data will only be processed by action medeor for the purpose stated under 12.8. We neither sell nor rent addresses of donors to other companies or other organizations. The lawful processing of your data in this context is based on Art. 6 para. 1 lit. f (legitimate interest). Our legitimate interest is to be able to fulfill our tasks as a non-profit organization and, in this context, to inform you about our work and point you to donation projects. You can object to the use or processing of your data described under 12.8 at any time. To do so, simply send us an e-mail at online@medeor.de. An objection is also possible simply by using the link provided in each e-mail or by post. For this purpose, please use the contact details of the responsible office. You can find this under point 3 of the data protection declaration. As far as the storage period for this purpose is concerned, your data will generally be deleted as soon as the purpose of the processing has been achieved. Your data will also be deleted or blocked if you have objected to the processing.

13 Newsletter

13.1 Description and scope of data processing

On our website there is the possibility to subscribe to newsletters. Here, your consent is obtained for the processing of your data as part of the registration process. The registration for a newsletter takes place via the double opt-in procedure. Your subscription to a newsletter is only completed when you click on the corresponding confirmation link in the e-mail you receive to confirm your subscription. The data stored when you register for the newsletter, such as first and last name, e-mail address, telephone number, address data, your message as well as IP address, date and time of your registration are transferred to a service provider and processed in compliance with the legal provisions. The service provider is prohibited from processing your data for purposes other than those permitted by law. Further information on the content of the newsletters, such as the content of the newsletters, dispatch frequency, the dispatch procedure and statistics can be found directly on our website at the respective registration functions for the newsletters.

If you have transmitted your e-mail address to action medeor in connection with a donation via the online donation form, the explanations under 12.8 (Further information on the use of your donor data) apply.

13.2 Legal basis of data processing

The legal basis for the processing of data after your registration for the newsletter is, if the user has given his consent, Art. 6 para. 1 lit. a DSGVO.

13.3 Purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter. The collection of other data during the registration process serves, among other things, to prevent misuse of the services or the e-mail address used, as well as to constantly improve the quality of the newsletter service.

13.4 Duration of storage

In principle, the data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. When processing personal data based on the consent of the data subject pursuant to Article 6 para.1 lit a DSGVO, the data will be stored until the data subject revokes his consent and thus his newsletter subscription is no longer active. The legality of the data processing curtains carried out until the revocation remains unaffected by the revocation.

13.5 Objection and removal options

You can revoke your given consent to receive the newsletter at any time and without giving reasons and thus unsubscribe from the newsletters for the future. For this purpose, you will find a corresponding link in each newsletter.

13.6 Further notes

We have concluded the necessary contract for order processing with the service provider in accordance with the legal requirements.

14. Cookie Consent with Usercentrics

14.1 Description and scope of data processing

We use the Usercentrics Consent Management Platform as a consent management tool on our website.

The Usercentrics Consent Management Platform collects consent data using JavaScript. This JavaScript enables us to inform users about their consent to certain tags or cookies on our website and to obtain, manage and document this consent. We process the following data in this process:

  1. Consent data or data of consent (anonymized log data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp)
  2. Device data respectively data of the used devices (among others shortened IP addresses (IP v4, IP v6), device information, timestamp)
  3. User data (including email, ID, browser information, settings ID, changelog)

The Consent ID (contains the above data), the Consent status including timestamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing will only take place if you submit a request for information or revoke your consent. In this case, the relevant information is provided to the responsible party (FIELD M) in a compact data format in an easy-to-read text form for the purpose of data exchange (JSON file).

No user information is stored for the statistics of the use of the granted or not granted consent. Only the frequency and locations of clicks are stored.

The personal data is stored on a Google Cloud server located in the EU (Brussels, Frankfurt am Main).

14.2 Legal basis of data processing

The legal basis for the management of your consents to the processing of your personal data is Art. 6 para. 1 lit. f GDPR.

14.3 Purpose of data processing

The purpose of the data processing is the analysis and management of the consents granted in order to comply with our obligation of a GDPR-compliant consent management. The use of Usercentrics serves the purpose of proving granted and non-granted consents as well as their management.

The specific processing purposes of the personal data designated under 14.1 are:

  1. Collecting and providing the consents
  2. Providing evidence of which device you used to provide consent and when
  3. Legitimization of access to the settings and documentation of changes Our legitimate interest lies in the legally secure documentation and verifiability of consents, the control of marketing measures based on the consent granted and the optimization of consent rates.

14.4 Duration of storage

The data is deleted as soon as it is no longer needed. The associated cookie has a duration of 60 days. The revocation document of a previously granted consent is stored for a period of three years. The retention is based on the one hand on our accountability pursuant to Art. 5 (2) GDPR. This obligates us to comply with the processing of personal data in accordance with the General Data Protection Regulation. On the other hand, retention is based on the regular statute of limitations pursuant to Section 195 of the German Civil Code (BGB) of three years. This limitation period begins at the end of the year in which the claim arose (§ 199 BGB). Consequently, the three-year limitation period begins at the end of 31.12. and ends three years later on 31.12., 24.00.

14.5 Possibility of objection and removal

The features can be turned on and off in our privacy settings by checking the checkbox.

15. SoundCloud

Our pages may integrate plugins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, United Kingdom.). You can recognize the SoundCloud plugins by the SoundCloud logo on the pages concerned.

When you visit our pages, a direct connection is established between your browser and the SoundCloud server after activation of the plugin. SoundCloud thereby receives the information that you have visited our site with your IP address. If you click the "Like button" or "Share button" while logged into your SoundCloud user account, you can link and/or share the content of our pages with your SoundCloud profile. This allows SoundCloud to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by SoundCloud. For more information, please refer to the privacy policy of SoundCloud at: href="https://soundcloud.com/pages/privacy

If you do not want SoundCloud to associate your visit to our pages with your SoundCloud user account, please log out of your SoundCloud user account before activating any SoundCloud plugin content.

16. Facebook Pixel

Within our online offer, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used.

With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (for example, interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

  • Privacy Policy of Facebook
    The processing of data by Facebook takes place within the framework of the data use policy of Facebook. Accordingly, general guidance on the display of Facebook ads, in the data use policy of Facebook. Specific information and details about the Facebook pixel and how it works, you can get in the help section of Facebook.
  • Basis
    The use of the Facebook Pixel as well as the storage of "conversion cookies" is based on Art. 6 para. 1 lit. a GDPR.
  • Contract Data Processing Agreement
    For the processing of data where Facebook acts as a data processor, we have concluded a contract data processing agreement with Facebook, in which we oblige Facebook to protect the data of our customers and not to disclose them to third parties.
  • Objection
    You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices. You can further object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative and additionally the US website aboutads.info or the European website youronlinechoices.com. You can find another opt-out option in our privacy settings.

17. Twitter (Social Plugin)

Our website uses social network plugins (Twitter) to share content.

Whenever you call up a website of our Internet presence that is provided with such a plugin, the plugin causes the browser you are using to load and display the visual representation of the plugin from the social network server. In the process, the social network server is informed which particular web page of our Internet presence you are currently visiting as well as other data such as your IP address.

To ensure an appropriate data protection standard of our Internet presence, we have therefore initially deactivated the plugins through associated buttons.

In addition, we have activated privacy-friendly default settings in the settings available to us in our Twitter account.

We have no influence on the scope of the data that the social network collects using this plugin. Please inform yourself using the privacy notices of the respective social network (Twitter): https://twitter.com/de/privacy

18. Supplementary privacy information when using Twitter

action medeor e.V. uses the technical platform and services of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service.

Responsibility

The data controller for individuals living outside the U.S. is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

We would like to point out that you use the Twitter short message service offered here and its functions under your own responsibility. This applies in particular to the use of the interactive functions (for example sharing, rating).

action medeor e.V. has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. Nor does action medeor e.V. have any effective means of control in this respect.

Data processed by Twitter

Information about what data is processed by Twitter and for what purposes can be found in Twitter's privacy policy: https://twitter.com/de/privacy

With your use of Twitter, your personal information is collected, transferred, stored, disclosed and used by Twitter Inc. and, in doing so, is transferred to and stored and used in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your country of residence.

Twitter processes, on the one hand, your voluntarily entered data such as name and username, e-mail address, telephone number or the contacts of your address book when you upload or synchronize it.

On the other hand, Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages you send directly to other users, and can determine your location using GPS data, wireless network information, or your IP address to send you advertisements or other content.

For analysis, Twitter Inc. may use analytics tools such as Twitter Analytics or Google Analytics.

action medeor e.V. has no influence on the use of such tools by Twitter Inc. and has not been informed about such potential use. Should tools of this kind be used by Twitter Inc. for the account of the business development agency for action medeor e.V., action medeor e.V. has neither commissioned nor approved this nor otherwise supported it in any way. Nor will the data obtained during the analysis be made available to it. Only certain non-personal information about tweet activity, such as the number of profile or link clicks through a particular tweet, can be viewed by action medeor e.V. via the account. Moreover, action medeor e.V. has no way to prevent or turn off the use of such tools on its Twitter account.

Finally, Twitter also receives information when you view content, for example, even if you have not created an account. This so-called "log data" may be the IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile carrier, the terminal device you use (including device ID and application ID), the search terms you used, and cookie information.

Through Twitter buttons or widgets embedded in websites and the use of cookies, it is possible for Twitter to record your visits to these websites and associate them with your Twitter profile. Based on this data, content or advertising can be offered tailored to you.

Because Twitter Inc. is a non-European provider with a European branch only in Ireland, it is not bound by German data protection regulations according to its own reading. However, due to the principle of establishment in Art. 3 (1) GDPR, Twitter Inc. is bound by the regulations of the GDPR.

Possibilities to restrict the processing of your data are available in the general settings of your Twitter account and under the item "Privacy and security". In addition, you can restrict Twitter's access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers) in the settings options there. However, this depends on the operating system used. More information on these points is available on the following Twitter support pages:

Data processed by action medeor e.V.

Also action medeor e.V. processes your data. Although action medeor e.V. itself does not collect any data about your Twitter account. We do not integrate Twitter as a plugin, but only as an image-text link. About the integration of tweets from action medeor e.V. on their homepage, the IP addresses of site visitors are not transmitted to Twitter Inc.

The data you enter on Twitter, in particular your username and the content published under your account, will be processed by us, however, insofar as we may re-tweet your tweets or reply to them or also write tweets from us that refer to your account. The data freely published and disseminated by you on Twitter are thus included by action medeor e.V. in its offer and made available to its followers.

19. Facebook (Social Plugin)

On our pages, plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated. You can recognize the Facebook plugins by the Facebook logo or the "Like button" ("Like") on our page. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to the privacy policy of facebook at https://de-de.facebook.com/policy.php

If you do not want Facebook to be able to associate the visit to our pages with your Facebook user account, please log out of your Facebook user account.

20. rights of data subjects

If personal data of yours is processed, you are a data subject within the meaning of the General Data Protection Regulation and you are entitled in particular to the following rights vis-à-vis the controller:

20.1 The right of access under Article 15 of the GDPR

Your right to information:

You may request confirmation from the controller as to whether personal data concerning you are being processed by us.

If there is such processing, you can request information from the controller about the following:

  • the purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data, if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
  • You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

20.2 The right of rectification, Article 16 GDPR

Your right to rectification:

You have a right of rectification and/or completion against the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall make the rectification without undue delay.

Your right to rectification may be limited to the extent that it is likely to make impossible or seriously prejudice the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

20.3 The right to erasure, Article 17 GDPR

Your right to erasure:

a) Obligation to erase

You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data concerning you have been processed unlawfully.
  • The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c) Exceptions

The right to erasure does not exist to the extent that the processing is necessary

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or
  • for the assertion, exercise or defense of legal claims.

20.4 The right to restriction of processing, Article 18 GDPR

Your right to restriction of processing:

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims; or you object to the processing.
  • if you have objected to the processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your reasons.

If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

20.5 The right to information, Article 19 GDPR

Your right to information:

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

20.6 The right to data portability, Article 20 GDPR

Your right to data portability:

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format.

You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

20.7 Your right to object, Article 21 GDPR

Your right to object:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

Please address your objection, if any, to the responsible body mentioned in the privacy policy.

20.8 Automated decision-making in individual cases, including profiling, Article 22 GDPR

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you

This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the responsible person,
  2. is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject, and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
  3. is carried out with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

In respect of the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.

20.9 Your right to revoke the declaration of consent under data protection law, Article 7(3) GDPR

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Please direct any revocation of your declaration of consent to the responsible office named in the data protection declaration.

20.10 Your right to complain to a supervisory authority, Article 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The competent supervisory authority for the website controller is the State Commissioner for Data Protection (LDI) in North Rhine-Westphalia.

21. status of the privacy policy

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to amend this data protection declaration. This privacy policy is currently valid and has the status May 2022.