Privacy Policy
Our handling of your data and your rights
– Information under articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) –
Dear user,
Hereinafter we are providing you with information on how we process your personal data, as well as the claims and the rights you are entitled to, in accordance with the data protection regulations.
Which data are processed in detail and how they are used depends on which services have been requested or agreed.
1. Who is responsible for data processing and whom can I contact?
The responsible body is:
ProVeg e.V.
Genthiner Strasse 48
10785 Berlin
Tel: +49 30 29 02 82 53-0
Fax: +49 30 29 02 82 53-26
Email: [email protected]
You can contact our company data protection officer at:
datenschutz nord GmbH
Jan-Christoph Thode
KurfĂĽrstendamm 212
10719 Berlin
[email protected]
2. Which sources and data do we use?
We process personal data that we receive from you within the framework of our business relations (e.g. from application procedures, newsletters, petitions, surveys, member registrations). In addition, to the extent necessary for the provision of our services, we process personal data that we have received from other companies (such as SCHUFA) in a permissible manner (for example to execute orders, to fulfil contracts or on the basis of your consent). On the other hand, we process personal data that we have legitimately obtained and are able to process from publicly available sources (for example, trade and association registers, press, media).
Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality). In addition, this may also include transaction data (e.g. order details), data from the fulfilment of our contractual obligations (e.g. execution of a licence agreement, deliveries), data from your membership relationship, documentation data (e.g. call logs), survey data, data about your use of our offered telemedia (e.g. time of calling our websites, apps or newsletters, our clicked pages or entries) as well as other data comparable with the categories mentioned.
3. For what reason do we process your data (purpose of the processing) and on what legal
basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
3.1 For the fulfilment of contractual obligations (Article 6 (1b) GDPR)
The processing of personal data (Article 4 No. 2 GDPR) is for the provision and delivery of our service (e.g. as part of membership, subscriptions or competitions), in particular for the execution of our contracts or pre-contractual actions with you and the execution of your orders, as well as all the activities necessary for the operation and administration of an organization.
The purposes of data processing are based primarily on the specific product or order (e.g. to handle the membership relationships in our organisation, to fulfil our statutory, charitable purposes) and can include analysis, advice and conducting transactions, among other needs.
Further details on the purpose of data processing can be found in either the contract documents or the terms and conditions of business.
3.2 In the context of the balance of interests (Article 6 para. 1f GDPR)
If necessary, we process your data by actually fulfilling our charitable statutory purposes, in order to process membership relationships in our organisation and to fulfil contracts for the protection of our legitimate interests or those of third parties, such as in the following cases:
- ensuring IT security and IT operations;
- examining and optimising procedures for needs analysis and direct contact with prospects and customers;
- advertising or market and opinion research, as long as you have not objected to the use of your data;
- asserting legal claims and defence in legal disputes;
- measures for building and plant safety (e.g. control of access);
- measures to ensure house rules;
- business management and service development measures.
3.3 On the basis of your consent (Article 6 para. 1a GDPR)
If you have given us your consent to the processing of personal data for specific purposes (such as disclosure of data, evaluation of user data for marketing purposes), the lawfulness of this processing is based on your consent. Given consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent – such as the SCHUFA-clause – from before the entry into force of the GDPR, i.e. before 25 May 2018, that have been issued to us. Please note that the withdrawal only works for the future. Processing that occurred before the revocation is not affected.
4. Who obtains my data?
Within our organisation, the entities that gain access to your data are the ones that need to do so in order to fulfil our contractual and legal obligations. Our processors (Article 28 GDPR) may also obtain data for these purposes. These are companies in the categories of IT services, printing services, telecommunications, debt collection, advice and consulting, as well as sales and marketing including companies for carrying out audits.
With regard to the transfer of data to recipients outside of our company, it should be noted that we only pass on information about you if statutory provisions require it, if you have given your consent, or if we are authorised to provide information.
Under these conditions, recipients of personal data, can be, for example:
- Public bodies and institutions (such as public authorities) in the presence of a legal or regulatory obligation.
- Other entities to which we provide personal information to conduct the business relationship or membership relationship with you, such as: collection agencies or credit bureaus.
- Other data recipients may be those to whom you have given us your consent to submit your data (for further details, please always refer to the conditions of participation in the respective competitions).
Other data recipients may be those to whom you have given us your consent to submit your data.
5. For how long will my data be stored?
If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations that result, inter alia, from the German Commercial Code (HGB) and the Tax Code (AO). The periods for storage and documentation are two to ten years.
Finally, the storage period is also judged by the statutory limitation periods, which can be, for example, in accordance with §§ 195 ff. of the Civil Code (BGB), usually three years in some cases, but can also be up to thirty years.
6. Are data transmitted to a third country or to an international organisation?
A transfer of data to third countries (states outside the European Economic Area – EEA) only takes place if this is necessary for the execution of your contract, if required by law, or if you have given us your consent. Details will be provided to you separately, if required by law.
7. What privacy rights do I have?
Each data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, and the right to data portability under Article 20 GDPR. With regard to the right to information and the right to erasure, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act [BDSG]).
8. Is there a duty to provide data?
As part of our business relationship, you only need to provide the personal information that is required to establish, conduct and terminate a business relationship or that we are required to collect by law. Without such data, we will generally have to refuse to conclude the contract or to execute the order or to be unable to complete an existing contract and possibly terminate it.
9. To what extent is there automated decision-making in individual cases?
In principle, we do not use fully automated decision-making, in accordance with Article 22 of the GDPR, to justify and implement a business relationship. If we do use such procedures in individual cases, we will inform you about this separately, if this is required by law.
10. To what extent are my data used for profiling (scoring)?
In principle, we do not use profiling, in accordance with Article 22 GDPR. If we do use this procedure in individual cases, we will inform you about this separately, if this is prescribed by law.
Privacy Policy for Donors
Our handling of your data and your rights
– Information under articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) –
Dear donor,
In the following we inform you about our processing of your personal data and the claims and rights to which you are entitled according to the data protection regulations.
1. Who is responsible for data processing and whom can I contact?
The responsible body is:
ProVeg e.V.
Genthiner Strasse 48
10785 Berlin
Tel: +49 30 29 02 82 53-0
Fax: +49 30 29 02 82 53-26
Email: [email protected]
You can contact our company data protection officer at:
datenschutz nord GmbH
Jan-Christoph Thode
KurfĂĽrstendamm 212
10719 Berlin
[email protected]
2. Which sources and data do we use?
We process personal data, which we receive from you as part of your donation. Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality). In addition, this can also be order data (e.g. bank details), documentation data (e.g. minutes of meetings, documents and e-mails), data from surveys and other data comparable to the categories mentioned.
3. For what reason do we process your data (purpose of the processing) and on what legal
basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
3.1 For the fulfilment of contractual obligations (Article 6 (1b) GDPR)
The processing of personal data (Article 4 No. 2 DSGVO) is carried out for the provision and mediation of our services, in particular for the execution of our contracts or pre-contractual measures with you and the execution of your orders, as well as all activities necessary for the operation and administration of our association.
In particular, ProVeg uses your personal data for handling donations and for information about projects financed by donations as well as for its own information and advertising purposes and for sending the ProVeg newsletter (if subscribed by you). For this purpose ProVeg can contact you by mail, phone or e-mail.
3.2 In the context of the balance of interests (Article 6 para. 1f GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract in order to protect legitimate interests of us or third parties such as in the following cases:
- ensuring IT security and IT operations;
- examining and optimising procedures for needs analysis and direct contact with prospects and customers;
- advertising or market and opinion research, as long as you have not objected to the use of your data;
3.3 On the basis of your consent (Article 6 para. 1a GDPR)
If you have given us your consent to the processing of personal data for specific purposes (such as disclosure of data, evaluation of user data for marketing purposes), the lawfulness of this processing is based on your consent. Given consent can be withdrawn at any time.
4. Who obtains my data?
Within our association, access to your data is granted to those entities that need it to fulfil our contractual and legal obligations. Processors employed by us (Article 28 DSGVO) may also receive data for these purposes. These are companies offering IT services (Systopia for the maintenance of the member and donor database) and from the telecommunications sector.
With regard to the transfer of data to recipients outside our company, it should be noted that we only pass on information about you if required by law, if you have given your consent or if we are authorised to provide information.
5. For how long will my data be stored?
If necessary, we process and store your personal data for the duration of our business relationship. Transactions and contact data for business purposes (e.g. creating and sending donation receipts) must be retained by us for up to 10 years after the last transaction.
6. Are data transmitted to a third country or to an international organisation?
A transfer of data to third countries (states outside the European Economic Area – EEA) only takes place if this is necessary for the execution of your contract, if required by law, or if you have given us your consent. Details will be provided to you separately, if required by law.
7. What privacy rights do I have?
Each data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, and the right to data portability under Article 20 GDPR. With regard to the right to information and the right to erasure, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act [BDSG]).
8. Is there a duty to provide data?
Within the scope of your donation, you only have to provide personal data that is necessary for the execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to carry out the donation.
9. To what extent is there automated decision-making in individual cases?
As a matter of principle, we do not use a fully automated decision-making process in accordance with Article 22 of the GDPR to establish and conduct the business relationship.
10. To what extent are my data used for profiling (scoring)?
We do not use profiling according to Article 22 GDPR.
Information about your right to object
in accordance with Article 21 General Data Protection Regulation (GDPR)
1. You have the right to object at any time, for reasons arising from your particular situation, to prevent the processing of personal data relating to you in accordance with Article 6 para. 1e of the GDPR (data processing in for a public interest), and Article 6 para. 1f GDPR (data processing based on a balance of interests).
If you object, we will no longer process your personal information, unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is conducted for the purposes of asserting, exercising or defending legal claims.
2. In individual cases, we process your personal data in order to carry out direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing, including profiling, insofar as it is related to such direct marketing.
If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes.
The objection can be drafted in any form and should be addressed preferably to:
Genthiner Strasse 48
10785 Berlin
Email: [email protected]