This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the use of our online offer.

We always treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration. We also take current technical and organizational measures to ensure data protection and data security.

This data protection declaration is available on our website at any time.

Contact details of the responsible person

The person responsible for processing your personal data on this website in accordance with data protection laws, in particular the EU General Data Protection Regulation (GDPR), is the

Climate Neutrality Foundation gGmbH
Friedrichstrasse 140
10117 Berlin
info [at] stiftung [minus] klima [dot] de

Authorized representative: Rainer Baake

Imprint: https://www.stiftung-klima.de/impressum/?lang=en

Used terms

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all data processing.

“Pseudonymization” shall mean the processing of personal data in such a way that the personal data cannot be related to a specific data subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data is not attributed to an identified or identifiable natural person

“Controller” shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor” means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Types and purposes of the processing operations

Collection of personal data when visiting our website

For the purpose of technical provision of the website, we process certain information automatically transmitted by your browser. For this purpose, the user’s IP address in particular must be stored for the duration of the session. This information is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. This data is not evaluated for marketing purposes. The following information is automatically recorded each time our website is accessed and automatically stored in server log files:

• Name of the accessed website
• Date and time of retrieval
• Transferred data volume
• Message about successful retrieval
• Browser type and version
• Operating system
• Referrer URL (the previously visited page)
• IP address
• Requesting Provider

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f GDPR.

For security reasons (e.g. to clarify acts of abuse or fraud), the server log files are stored for a maximum of 7 days and then deleted or made anonymous. Personal data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified and are blocked for the respective duration.

Processing of personal data when making contact

If you contact us by e-mail, telephone or fax, we will store the data you provide (your e-mail address, your name, address and your telephone or fax number, if applicable) in order to answer your request. We delete the data collected in this context as soon as it is no longer required for the purpose for which it was collected. This is usually the case when the respective conversation ends, i.e. when it can be concluded from the circumstances that the matter in question has been finally clarified.

We process the data used for contacting on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DSVGO.

Provision of our business services

We process the data of persons according to Art. 6 par. 1 lit. b GDPR, if we offer contractual services to them or act within the framework of an existing business relationship, or if we ourselves are recipients of services and benefits. Otherwise, we process the data of persons concerned in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interests, e.g. if it concerns administrative tasks (e.g. to carry out studies or expert opinions) or public relations work (e.g. information on the work of the foundation to interested parties).

The data processed, the nature, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. This basically includes master data of the persons (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone number, etc.), contract data (e.g., services used, contents and information provided, names of contact persons) and, if we offer services or products that require payment, payment data (e.g., bank details, payment history, etc.).

We delete the personal data if they are no longer necessary for the achievement of the specific purpose. This is determined in detail according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as they may be relevant to the business transaction, as well as with regard to any warranty or liability obligations. The necessity of storing the data is reviewed regularly.

Analysis Tool Matomo

This website uses the open source web analysis service Matomo. The provider is Matomo / InnoCraft, 150 Willis St, 6011 Wellington, New Zealand. Matomo does not store any cookies on the computer. Instead, we use fingerprinting to analyze the behavior of our visitors for the purpose of website optimization and optimization of our offer. This is done based on Art. 6 para. 1 lit. f. GDPR, the legitimate interest as a website operator. The fingerprint records the operating system, browser, device type (computer, laptop, telephone), screen resolution, preferred language, etc. to understand the use & navigation on our pages. The IP address is directly anonymized during the collection. Due to the above mentioned measures we cannot draw any conclusions about the identity of individual visitors. The collected information will not be passed on to third parties as we host Matomo ourselves.

Objection

If you do not agree with the storage and use of your data, you can deactivate the storage and use here.

In this case an opt-out cookie is deposited in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo Opt-Out-Cookie will be deleted as well. The Opt-Out must be reactivated when you visit our site again.

Matomo adheres to the “Do-Not-Track” function of your browser.

Third party integration (YouTube)

YouTube videos are embedded on our website. YouTube belongs to Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland. Subject to your consent, your browser will establish a direct connection to the server of the respective third party provider. In doing so, the third party will always process your IP address, which is required to connect to the third party server and play the content. The legal basis for this processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future in your privacy settings. Information on data processing by Google Ireland Limited can be found in the privacy policy at https://www.google.com/policies/privacy.

Security measures

In accordance with Art. 32 GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the access, input, disclosure, security of availability and separation of the data relating to them. Furthermore, we have established procedures to ensure that the rights of data subjects are exercised, data is deleted, and we respond to any threats to the data. Furthermore, we take the protection of personal data into account already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by designing technology and by using data protection-friendly default settings (Art. 25 GDPR).

Passing on of personal data

We work together with hosting providers to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services and for the purpose of operating this online service. We commission these within the framework of a contract processing relationship.

Otherwise, we will not pass on the data collected from you to third parties without your knowledge or for any legal reason.

Transfers to third countries

Data will not be transferred to third countries (countries outside the European Economic Area – EEA) and will only be transferred if this is permitted by law or with your consent, if it is required by law or if a comparable level of data protection is ensured for the recipient.

Rights of data subjects

You have the right to obtain confirmation as to whether or not data in question is being processed and the right to obtain information on this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR.

You have the right to request the completion of data concerning you or the correction of incorrect data concerning you in accordance with Art. 16 GDPR.

In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted immediately or, alternatively, in accordance with Art. 18 GDPR, to demand that the processing of the data be restricted.

You have the right to data transferability in accordance with Art. 20 GDPR.

In order to exercise your rights, please contact the person responsible at the above-mentioned contact details.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

Right of withdrawal

You have the right to revoke consents granted in accordance with Art. 7 para. 3 GDPR with effect for the future.

Right of objection

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR.

Data deletion and storage period

We generally retain your personal information for the time necessary to fulfill the purposes set forth in this Privacy Policy and to comply with our legal obligations, resolve disputes and enforce our agreements. We delete data that is no longer necessary for the purpose for which it was collected. Further storage may occur in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is required by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted.

Amendment of the privacy policy

In the context of the further development of data protection law as well as technological or organizational changes, our data protection information is regularly checked for the need for adaptation or supplementation. You will be informed of any changes on this website.