13. Collection of Access Data and Log Files

We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.

For security reasons (e.g. to investigate cases of abuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data that must be retained for evidentiary purposes is exempt from deletion until the respective incident has been definitively resolved.

14. Administration, Financial Accounting, Office Organisation, Contact Management

We process data as part of administrative tasks and the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The processing is based on Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. The processing affects customers, interested parties, business partners and website visitors. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided for these processing activities.

In doing so, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, we store information on suppliers, organisers and other business partners, e.g. for the purpose of contacting them at a later date, on the basis of our business interests. We generally store this data, which is mostly company-related, permanently.

15. Contact

When you contact us (e.g. via contact form, e-mail or social media), the user’s information is processed in accordance with Art. 6 para. 1 lit. b) GDPR in order to process the contact request and its handling. The user’s information may be stored in a customer relationship management system (‘CRM system’) or comparable enquiry organisation.

We delete the requests if they are no longer required. We review the necessity every two years; Furthermore, the legal archiving obligations apply.

16. Newsletter

The following information is provided to inform you about the content of our newsletter, the registration, dispatch and statistical evaluation procedures, and your rights of objection in this regard. By subscribing to our newsletter, you agree to receive it and to the procedures described.

(1) Content of the newsletter

We only send newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as ‘newsletters’) with the consent of the recipients or a legal authorisation. If the contents of a newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us.

(2) Double opt-in and logging

You can subscribe to our newsletter using a so-called double opt-in procedure. This means that after you have registered, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else’s e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation times, as well as the IP address. The changes to your data stored by the delivery service provider are also logged.

(3) Registration data

To register for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide a name so that we can address you personally in the newsletter.

(4) Legal basis

The newsletter is sent and the associated success measurement is carried out on the basis of the recipient’s consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission in accordance with § 7 para. 3 UWG.

(5) Recording of the registration process

The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest is in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users, and also allows us to prove that we have consent.

(6) Statistical evaluation of usage behaviour

Based on your consent, we can also statistically analyse how our newsletter is used.

The newsletters contain a so-called ‘web beacon’, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. As part of this retrieval, technical information such as information about the browser, your system, your IP address and the time of retrieval is collected.

This information is used for the technical improvement of our services and to analyse the target groups and their reading behaviour. In doing so, we can determine the retrieval locations (determinable via the IP address) and the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients.

The analyses help us to recognise the reading habits of our users and to adapt our content accordingly or to send different content according to the interests of our users.

You can withdraw your consent at any time. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. We only store the data collected for as long as is necessary for the above- mentioned purposes. When transferring data to third parties, such as our shipping service provider, we ensure that they process the data in accordance with the applicable data protection regulations.
 We take appropriate security measures to protect your data. You have the right to request information about the data stored by us, to correct incorrect data or to have your data deleted. You can also object to the processing of your personal data.

(7) Cancellation/revocation

You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may store the e-mail addresses of those who have unsubscribed for up to three years on the basis of our legitimate interests before deleting them for the purpose of sending the newsletter in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for cancellation is possible at any time, provided that the former existence of consent is confirmed at the same time.

17. Newsletter – Mailing Service Provider

We use MailerLite as our email marketing and newsletter distribution platform. Below are the key aspects of data storage and processing associated with MailerLite:

• Types of Data Collected: MailerLite collects and stores personal data, such as email addresses, names (if provided), IP addresses, and user interaction metrics like email open and click rates. Additionally, technical data, including access times, browser types, and operating systems, is collected anonymously for statistical purposes. Email addresses may also be stored on a blacklist after unsubscription to prevent further mailings, solely for this purpose.
• Data Storage and Location: All data is stored on MailerLite’s servers within the European Union, in compliance with GDPR requirements.
• GDPR Compliance: MailerLite adheres to the General Data Protection Regulation (GDPR). This includes a Data Processing Agreement (DPA) between MailerLite and its users, ensuring data is only processed as instructed by the user and not shared with third parties.
• Security Measures: MailerLite’s servers are ISO 27001-certified, providing a high level of data security. Continuous monitoring helps prevent fraudulent activity and ensures the integrity of their systems.

For more details, please review MailerLite’s privacy policy directly on their website. https://www.mailerlite.com/legal/privacy-policy

18. Sending the E-mail Newsletter to Donors

If you have provided us with your e-mail address as part of a donation via one of our forms on the website and have not objected, we will use your e-mail address to send you advertising for similar services. In accordance with Section 7 (3) UWG, we do not require your separate consent for this. Data processing is carried out on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 para. 1 lit. f GDPR.

The e-mail address is used exclusively for sending this advertising. You can object to this use of your email address at any time, either by sending a message to website@unitedhandsforrefugees.org or by clicking on the unsubscribe link in our advertising emails. Once we have received your objection, we will not send you any further emails.

We will store your e-mail address for as long as is necessary for the above-mentioned purposes. Of course, we take appropriate security measures to protect your data.

19. Online Presence in Social Media

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there and to be able to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our data protection declaration, we process the data of users who communicate with us within social networks and platforms, e.g. by posting comments on our online presences or sending us messages.

20. Integration of Third-Party Services and Content

We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR). This is done in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as ‘content’).

20.1 Data processing by third-party providers

The integration of this content always requires that the third-party providers recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose providers only use the IP address to deliver the content.

In addition, third-party providers may use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. These pixel tags can be used to analyse information such as the number of visitors to the pages of this website. The pseudonymised information may be stored in cookies on the user’s device and contain technical information about the browser and operating system, referring websites, visiting times and other details about the use of our online offering.

20.2 Integration of specific services

20.3 Your rights

You have the right to request information about the personal data stored about you, as well as the right to rectification, erasure and restriction of processing of your personal data. You also have the right to object to the processing of your personal data and to request data portability. If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with a supervisory authority.

You can contact us at any time with questions about the processing of your data or to exercise your rights.

21. Use of Social Plugins

Social plug-ins (‘plug-ins’) from social networks are used on our website. These include those from the providers Instagram and Facebook. We use these plug-ins on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR to improve the visibility of and interaction with our content on social networks.

21.1 General information on data processing

These social plugins are integrated via a direct connection between your browser and the servers of the respective providers. This means that the providers are informed directly that you have visited our website and your IP address is recorded. The exact type and scope of data processing is beyond our control, as the providers process the data on their own responsibility. Information on how the providers handle your data can be found in the respective data protection declarations.

21.2 Individual social plugins

21.2.1 Instagram plugin

We also use plugins from Instagram, also offered by Meta Platforms Ireland Limited.

Privacy policy: Instagram Privacy
Data transfer: Data may be transferred to the USA and other third countries.

Joint responsibility: We are jointly responsible with Meta for the collection of data. Details on joint processing can be found in the Agreement: Controller Addendum.

21.3 Your rights and options to object

You have the right to request information about the personal data stored about you. You can also request the rectification, erasure or restriction of the processing of your personal data. To object to data processing, you can use the respective data protection settings of the social networks.

If you wish to prevent the collection of your data by the aforementioned social networks, please log out of your user accounts and delete any cookies that may have been saved. You can find detailed instructions on how to do this in the privacy policies of the respective providers.

21.4 Further information

For detailed information on the exact data processing procedures and the rights you have vis-à-vis the providers, please read the respective privacy policies of the social networks. We recommend that you regularly inform yourself about the data protection practices of the services you use.

22. Online Donation Forms

We use Donorbox to manage and process online donations. When making a donation through Donorbox, personal data such as your name, email address, payment details, and any additional information you provide (e.g., donation messages) are collected. Donorbox securely processes this data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. The data is stored on secure servers, and payment transactions are handled through encrypted connections via trusted payment providers. Donorbox does not use your data for its own marketing purposes and does not share it with third parties without your consent, except as required to process your donation. For further details, please refer to Donorbox’s privacy policy: https://donorbox.org/privacy

23. Payment Service Provider

We use various payment service providers to process payments. These are therefore recipients of your personal data collected in connection with the payment process. You yourself decide which payment service provider to use.

We would like to point out that with providers outside the EU and the EEA, it cannot be ruled out that your personal data will flow to a third country that does not offer a level of data protection comparable to the EU and the EEA. Where data is processed outside the EEA, we have concluded EU standard contractual clauses with the service providers to establish a secure level of data protection.

Depending on the payment method you choose, your data will be forwarded to the relevant financial service provider:

• SEPA direct debit payments to our house bank (GLS- Gemeinschaftsbank eG, 44774 Bochum)
• Payments via PayPal to PayPal (Europe) S.à r.l. et Cie, 22-24 Boulevard Royal, L-2449 Luxembourg
• Payments via Stripe to Stripe, Inc, 3180 18th Street, San Francisco, CA 94110, USA

The collection and processing of your personal data by the payment service providers is carried out to process the payment, to prevent fraud and to fulfil legal obligations.

You have the right to request information about the data stored by us, to correct incorrect data, to have your data deleted and to object to the processing of your data.

24. Website and Website Analysis

24.1 Content Management System (CMS)

25. External Hosting

Privacy Policy for Hostinger Services

Our website is hosted by Hostinger. When you visit our site, certain data is collected and stored to ensure functionality, security, and service improvement:

• Access Data: Hostinger logs server access details, including browser type and version, operating system, referrer URL, IP address, and the time of the server request.
• IP Addresses: IP addresses are processed to maintain operations and protect against security threats.
• Cookies: Hostinger uses cookies, including session cookies (deleted after browser closure) and persistent cookies (stored longer), to enhance website usability.
• Web Analytics: Anonymous data collected via web analytics helps improve the website. This information may be stored for up to two years.
• Contractual Data: Any personal data provided in relation to services is stored to fulfill contractual obligations.

All data processing complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws. For more information, refer to Hostinger’s privacy policy: https://www.hostinger.com/legal/privacy-policy

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.