Zur Hauptnavigation springen Zur Suche springen Zum Seiteninhalt springen Zum Footer springen

Privacy Policy

We, Deutsche Welthungerhilfe e. V., take the protection of your personal data seriously. We treat your personal data confidentially and, naturally, in accordance with statutory data protection regulations and this Privacy Policy. 

In principle, it is possible to use our website without providing personal data. Insofar as any personal data (e.g. name, address, or email address) are collected on our website, this occurs on a purely voluntary basis. These data will not be shared with third parties without your express consent. 

Please note that online data transfer (e.g. in connection with email communication) is vulnerable to security flaws. It is not possible to fully secure data against third-party access. 

These data cannot be connected to individual persons and will not be combined with other data sources. 

Party responsible and contact information:

This Privacy Policy governs data processing by: 

Deutsche Welthungerhilfe e. V.
Friedrich-Ebert-Str. 1
53173 Bonn

1. General Information

In this Privacy Policy, we explain the kind, scope, and purpose of the processing of personal data within the online services of Deutsche Welthungerhilfe e. V. and its related websites, functions, and content (hereinafter referred to as “Website”). This Privacy Policy applies regardless of the individual domains, systems, platforms, and devices (e.g. desktop or mobile devices) on which our online services are accessed.

Party responsible

Deutsche Welthungerhilfe e.V.
Friedrich-Ebert-Str. 1
53173 Bonn
Tel.: +49 (0)228-2288 176
Fax: +49 (0)228-2288 250

Terms such as "personal data" or the "processing" of the same are defined as per § 4 of the General Data Protection Regulation (GDPR). It is possible to use the Website—with the exception of social plugins—for informational purposes without providing personal data (see §§ 9, 10, 12).

We process our users’ personal data only in accordance with the relevant data protection regulations; this includes but is not limited to cases in which data processing is required to provide our online services, the user has consented, or our legitimate interests so require (i.e. interests of analysis, optimisation, and commercial operation and security of our online services as per § 6.1(f) GDPR—especially for measuring reach, creating “personas” for publicity and marketing purposes, capturing access data, and utilising the services of third-party providers).

In this context, the term “user” comprises all categories of persons affected by the data processing; this includes our donors, cooperative partners, interested parties, and others visiting our online services. The terms used, e.g. “user”, are gender neutral.

Please note that the legal basis for consent as per §§ 6.1(a), 7 GDPR constitutes the legal basis for processing personal data both for purposes of fulfilling our legal obligations (§ 6.1(c) GDPR) and for purposes of protecting our legitimate interests (§ 6.1(f) GDPR).

If you wish to donate, we will ask for your name and for additional personal informational relevant to the donation. Your data are sent to us via an SSL-encrypted connection and are stored on specially-protected servers in Germany. They can be accessed by only a few people with special clearance who are involved in the technical or commercial support of these servers. On no account will your data be shared with third parties without your express consent.

Please note that online data transfer (e.g. in connection with email communication) is vulnerable to security flaws. It is not possible to fully secure data against third-party access. Private data should therefore be transmitted only via a secure connection (SSL).

2. Security Measures

We take state-of-the-art organisational, contractual, and technical security measures in order to ensure compliance with the regulations of data protection laws and to protect the data we process against random or targeted manipulation, loss, destruction, or access by unauthorised persons.

Said security measures include but are not limited to the encrypted transmission of data between your browser and our server.

3. Sharing Your Data with Third Parties and Third-Party Providers

If we employ any external service providers to provide our services, this is done in accordance with the stipulations of § 28 GDPR. We have concluded a limited-processing contract with each data processing company to ensure that your personal data are processed according to their purpose and not shared. We also take appropriate technical and organisational measures to protect your personal data.

This applies to service providers including but not limited to the following:

Insofar as contents, tools, or other materials are employed within the framework of this Privacy Policy by other providers (hereinafter collectively referred to as “Third-Party Providers”) registered in a third country, it must be assumed that data are being transferred to the Third-Party Provider's country of record. Third countries are countries in which the GDPR is not directly-applicable law—categorically, this includes countries outside of the European Union and the European Economic Area. Data may be transferred into third countries in the presence of the appropriate data protection level, user consent, or another form of statutory authorisation.

4. Making Contact via Contact Form

Our Website offers you multiple options to send your enquiries to us through a contact form via an encrypted SSL connection. In accordance with § 6.1(a) GDPR, exclusively the data and information required to process your enquiry will be processed.


If you leave comments at the applicable places on our Website, your IP address will be stored for seven days on the basis of our legitimate interests within the meaning of § 6.1(f) GDPR. This storage policy is for our security. Should someone leave illegal content in the comments (insults, prohibited political propaganda etc.), we can be prosecuted for the post ourselves and are therefore interested in the identity of the author.

6. Access Data and Logfiles

On the basis of our legitimate interests within the meaning of § 6.1(f) GDPR, we collect data every time the server hosting this service (Serverlogfiles) is accessed. Access data include but are not limited to:

For security reasons (e.g. to resolve cases of abuse or fraud), logfile information will be stored for a maximum of seven days and thereafter deleted. Data that must be retained for purposes of proof are exempt from deletion until the respective incident is fully resolved.

7. Cookies and Reach Measurement

Cookies are data which are transmitted from our web server or from third-party web servers to the user's web browser and stored there for future retrieval. Cookies may take the form of small files or other forms of information storage. In accordance with this Privacy Policy, you will be informed of any cookies employed for pseudonymous reach measurement.

If you do not want any cookies to be stored on your computer, you are requested to deactivate the corresponding option in your browser’s system settings. Stored cookies can be cleared in the browser’s system settings. Deactivating cookies may limit the Website’s functionality.

Internet Explorer: support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB


Opera: help.opera.com/Linux/12.10/en/cookies.html

You can also opt out of the use of cookies for reach measurement and marketing purposes via the Network Advertising Initiative’s deactivation page (http://optout.networkadvertising.org/) and via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

We also use the Usercentrics Consent Management Platform service from Usercentrics GmbH. This is a consent management service that lists the purposes of data collection and processing. The collected data cannot be used or stored for any other purpose than these purposes: Compliance with legal obligations, storage of consent. Consent data (granted consent and revocation of consent) is stored for three years. After this period, the data will be deleted immediately or handed over to the responsible person upon request in the form of a data export. You can manage your consents by clicking on the button at the top of the page.

You can prevent Google Analytics from capturing data by clicking the following link. This will put an opt-out cookie in place to prevent your data from being captured during future visits to this website: Deactivate Google Analytics

Remember to renew this opt-out cookie if you delete this or all cookies via your browser settings.

You can find additional information regarding data use by Google as well as setting and opt-out options on the following Google web pages: https://policies.google.com/technologies/partner-sites?hl=en-GB (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads?hl=en-GB (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).

8. Econda Analytics 

To ensure that our website can meet our needs and be optimised, solutions by econda GmbH (www.econda.de) are used to collect and store anonymised data and to create pseudonymous user profiles. This may involve the use of cookies that make it possible to recognise an Internet browser on a return visit. However, without the express permission of the website visitor, user profiles are not combined with data pertaining to the pseudonymous user. For instance, IP addresses are made unrecognisable immediately upon collection, making it impossible to connect user profiles to IP addresses. 

You can reject these data collection and storage processes at any time in the future by adjusting your data protection settings accordingly. 

You can prevent Google Analytics from capturing data by clicking the following link. This will put an opt-out cookie in place to prevent your data from being captured during future visits to this website: Deactivate Google Analytics

Remember to renew this opt-out cookie if you delete this or all cookies via your browser settings.

You can find additional information regarding data use by Google as well as setting and opt-out options on the following Google web pages: https://policies.google.com/technologies/partner-sites?hl=en-GB (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads?hl=en-GB (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).

9. Matomo (Analytics and MTM) 

The Matomo web analytics tools we use process the following data on the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and efficient operation of our online services within the meaning of § 6.1(f) GDPR): the browser type and browser version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, how long you stay on the website, and the external links you click. User IP addresses are anonymised before being stored. 

Matomo uses cookies that are saved on the user's computer and that make it possible to analyse how users make use of our online services. Pseudonymous user profiles can then be generated from the processed data. Cookies are stored for one week. The information generated by a cookie about your usage of this website is stored only on our server and not shared with third parties.  

You can prevent or reject the future collection of cookie-generated data regarding your website use (including your IP address) and the processing of these data by Matomo by adjusting your settings using the Cookie Consent Tool.  

Please note that deleting all of your cookies also deletes the opt-out cookie. 

10. Matomo Tag Manager 

We use Matomo Tag Manager to manage website tags via an interface and collect your acceptance or rejection of cookies. The tag manager, which implements the tags, does not process any personal user data itself.

11. Google Remarketing

On the basis of our legitimate interests (i.e. interests of analysis and optimisation within the meaning of § 6.1(f) GDPR), we employ the marketing and remarketing services (“Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the European Economic Area and compliance with European data protection laws (Update to Standard Contractual Clauses (SCCs) (August 2020)).

Google Marketing Services allows us to better target our online advertisements for our website in order to show users only advertisements that potentially correspond to their interests. When a user is, for example, shown advertisements for products that he viewed on other websites, this is known as remarketing. For these purposes, a Google code is immediately executed by Google when a website on which Google Marketing Services is active is accessed, and (re)marketing tags—invisible graphics or code also known as “web beacons”—are affixed to the website. Using said remarketing tags, an individual cookie, i.e. a small file, is saved on the user's device (comparable technologies can also be used instead of cookies). This file makes note of which websites the user visited, which content he viewed, and where he clicked; it also records technical information regarding the browser and operating system, referring websites, the time of the visit, and other data related to the usage of the online services. 

The user’s IP address is also captured; within the context of Google Analytics, the IP address is shortened within member states of the European Union or in other contracting member states of the European Economic Area and only in exceptional cases transmitted to a Google server in the USA and shortened there. The IP address is not connected to user data from other Google services. The above information can also be combined by Google with similar information from other sources. If the user subsequently visits other websites, he may be shown advertisements targeted to his interests.

Google Marketing Services processes user data pseudonymously. This means that Google does not save and process data such as the names or email addresses of the users but rather processes relevant data based on cookies within pseudonymous user profiles. From Google’s perspective, the advertisements are therefore not administered and shown with reference to a concretely-identified person but rather with reference to the holder of the cookie regardless of said holder’s identity. This does not apply if a user has expressly permitted Google to process his data with this pseudonymisation. The data captured by Google Marketing Services about the user are transmitted to Google and saved on Google servers in the USA.

We also employ the Google Optimize service on our Website. Google Optimize allows us to use so-called A/B tests to reconstruct how various changes can affect a website (e.g. changes to input fields, design changes etc.). Cookies are stored on your device for these purposes. All data processed in this context are pseudonymous. Furthermore, we use Google Tag Manager to incorporate Google’s analysis and marketing services into our Website and to administer the same.

Additional information regarding data use for marketing purposes by Google can be found at the following overview page: https://www.google.com/policies/technologies/ads; you can find Google’s privacy policy at https://www.google.com/policies/privacy.

If you would like to opt out of Google Marketing Services’ targeted advertisements, you can make use of Google's settings and opt-out options: http://www.google.com/ads/preferences.

12. Facebook, Custom Audiences, and Facebook Marketing Services

On the basis of and for the purposes of our legitimate interests of analysis, optimisation, and commercial operation regarding our online services, said services employ Facebook Pixel, a tool of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Facebook relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the European Economic Area and compliance with European data protection laws (Facebook: standard contract clause).

Using Facebook Pixel, Facebook can categorise the visitors of our online services as a target group for advertisements (“Facebook Ads”). As a result, we use Facebook Pixel to show our Facebook Ads to only such Facebook users as have demonstrated an interest in our online services or as possess certain characteristics (e.g. an interest in particular topics or products, determined using websites visited) which we communicate to Facebook (“Custom Audiences”). 

We also use Facebook Pixel to ensure that our Facebook Ads correspond to the user’s potential interests and are not annoying. Using Facebook Pixel, we can also track the effectiveness of Facebook Ads for purposes of statistics and market research by seeing if users are redirected to our Website by clicking on a Facebook Ad (“Conversion”).

Facebook Pixel is immediately integrated by Facebook when our Website is accessed; it can store a cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online services is noted in your profile. The data collected about you are anonymous for us and therefore do not allow us to infer user identities. However, the data are saved and processed by Facebook, so a connection to the respective user profile may be made and used by Facebook for purposes of its own market research and advertisement. 

Should we share any data with Facebook for purposes of reconciliation, they will be encrypted locally in the browser before being sent to Facebook via an encrypted https connection. This is only done to reconcile with Facebook's similarly-encrypted data.

Data processing through Facebook is subject to Facebook’s privacy policy. General information regarding the display of Facebook Ads can be found in Facebook's privacy policy: https://www.facebook.com/policy.php. Specific information and details regarding Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.

You can opt out of data capture by Facebook Pixel and the use of your data to display Facebook Ads. In order to determine which kinds of advertisements can be shown to you on Facebook, you can open Facebook’s corresponding page and follow the instructions to adjust the settings for user-based advertisements: https://www.facebook.com/settings?tab=ads. These settings are platform-independent, i.e. they are synchronised for all devices such as desktop computers or mobile devices.

You can also opt out of the use of cookies for reach measurement and marketing purposes via the Network Advertising Initiative’s deactivation page (http://optout.networkadvertising.org/) and via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

13. Newsletter

The following information explains the content of our newsletter; subscription, dispatch, and statistical assessment procedures; and your withdrawal rights. By subscribing to our newsletter, you consent to receiving the same and to said procedures.

Content of Newsletter: We send newsletters, emails, and other electronic messages with promotional material (hereinafter “Newsletter”) on the following legal basis: consent (Art. 6 sect. 1 lit. (a), GDPR) for active subscription, and legitimate interests (Art 6 sect.1 lit. (f), GDPR) when for example a donation took place. Our Newsletter contains information regarding our projects, campaigns, emergency aid efforts, actions, and our organisation.

Double Opt In and Logging: Subscribing to our Newsletter is done via a double opt in procedure. This means that, upon subscribing, you receive an email requesting confirmation of your subscription. This confirmation is necessary in order to prevent people from registering with an email address other than their own. Newsletter subscriptions are logged in order to document the subscription process in accordance with statutory requirements. This includes storing the times of subscription and confirmation as well as the IP address. Any changes to your data as stored by our dispatch service provider are also logged.

Subscription Data: In order to subscribe to our Newsletter, you only need to provide your email address. You may optionally also provide a name so that we can address you personally in our Newsletter.

Dispatch Service Provider: To dispatch the Newsletter, we employ the service provider Episerver GmbH, Wallstrasse 16, 10179 Berlin, which is under obligation to us to observe data protection laws and which ensures that your data are used exclusively to dispatch the WHH Newsletter. Your data are stored exclusively in European data centres.

You can view our dispatch service provider’s privacy policy here: https://www.episerver.com/legal/privacy-statement/.

Statistical Surveys and Analyses: The Newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved when opening the Newsletter on the dispatch service provider's server. For purposes of this retrieval, technical information—such as browser and system information, your IP address, and the time of retrieval—will be collected. This information will be used for the technical improvement of the services on the basis of the technical data, of the target groups and their reading habits based on their access locations (determined by means of the IP address), or of the access times. Our statistical data collection methods also include determining whether the Newsletter is opened, when it is opened, and which links are clicked. These evaluations help us to recognise the reading habits of our users in order to adjust our content to them or to distribute different content to different users depending on individual interests.

Unsubscription/Withdrawal: You can unsubscribe from our Newsletter at any time. This will terminate both the dispatch service and the statistical analyses. It is unfortunately not possible to separately terminate either dispatch through the dispatch service provider or statistical evaluation. You can find a link to unsubscribe from the Newsletter at the end of each Newsletter. Should you have subscribed to or received the Newsletter and subsequently unsubscribed from receiving the Newsletter, your personal data associated to the Newsletter activity will be deleted.

14. Photographs, Video (Clips), ...

Pictures and video (clips),..., used on this Website were provided for publication by contracted photographers, photography agencies, or the depicted persons with their consent. Ownership of and credit for the photographs is provided in the copyright notice below the photograph or in the photograph’s metadata. The legal basis for this is § 6.1(f) GDPR.

15. Incorporating Third-Party Services and Content

We employ the contents and services of Third-Party Providers within our online services on the basis of our legitimate interests (i.e. interests of analysis, optimisation, and commercial operation of our online services within the meaning of § 6.1(f) GDPR) in order to incorporate their contents and services such as videos (hereinafter collectively referred to as “Contents”). This always requires the Third-Party Providers of these Contents to detect user IP addresses, since they cannot send the Contents to the users’ browsers without the IP address. The IP address is therefore required in order to display these Contents. We endeavour to use only the Contents of such Providers as use the IP address solely to deliver the Contents. Third-Party Providers may also use pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. Using the pixel tags, information such as visitor traffic on the respective pages can be evaluated. Furthermore, the pseudonymous information can be stored in cookies on the users’ devices and may contain data including technical information about the browser and operating system, referring websites, access times, and additional data regarding the use of our online services; said information can also be connected with other such information from other sources.

The following outline offers an overview of Third-Party Providers and their Contents. It also provides links to their privacy policies which contain other information regarding data processing and opt-out options, some of which have already been described:

16. Our Users’ Rights

Upon request and authentication, we are happy to inform you in writing and in accordance with the applicable law if personal data concerning yourself have been processed. If this is the case, you are entitled to the disclosure of these personal data and of the information listed in detail in § 15 GDPR.

Should the personal data concerning yourself be incorrect, you have the right to immediately demand the rectification of inaccurate personal data or the completion of incomplete personal data (§ 16 GDPR).

You have the right to demand that personal data concerning yourself be immediately deleted insofar as one of the particular reasons listed in § 17 GDPR applies, for example if the data are no longer required for their intended purpose (right to erasure).

You also have the right to demand the restriction of processing if one of the prerequisites listed in § 18 GDPR applies; for example, if you have objected to processing, this will apply for the duration of examination by the controller.

You have the right to object at any time to the processing of personal data concerning yourself for reasons arising from your particular situation. Our company will then cease to process said personal data unless we can prove compelling grounds for the processing or the processing serves to establish, exercise, or defend legal claims (§ 21 GDPR).

Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with the supervisory authority if you believe that the processing of personal data concerning yourself infringes the GDPR (§ 77 GDPR). You may exercise this right through a supervisory authority in the member state of your place of residence, of your place of employment, or of the place in which the alleged infraction occurred. In North Rhine–Westphalia, the following person has jurisdiction:

The data protection officer for North Rhine–Westphalia (LDI)
Kavalleriestrasse 2 - 4
40213 Düsseldorf

17. Deleting Data

The data that we store are deleted as soon as they are no longer required for their intended purpose and erasure does not violate any statutory retention periods. Insofar as user data are not deleted because they are required for other legal purposes, the processing of the same is restricted. This means that the data are segregated and not processed for other purposes. This applies, for example, to user data that need to be stored for commercial or tax purposes.

In accordance with statutory regulations, data pursuant to § 257.1 HGB (German Commercial Code) must be retained for six years (annual financial statements, vouchers etc.), and data pursuant to § 147.1 AO (German Revenue Code) must be retained for ten years (books, records, management reports, vouchers, documentation relevant to taxation etc.).

18. Right to Object

Users can object to the future processing of their personal data, including processing for purposes of direct advertising. We respect your right to object provided that we are not legally obligated to process the data in question.

19. Liability for Links

We hereby expressly declare that no illegal Contents were identifiable on the linked pages at the time of the respective link’s creation. Deutsche Welthungerhilfe e.V. has no influence on the current and future design, Contents, or ownership of linked pages. Such being the case, we hereby expressly distance ourselves from all Contents on the linked pages that were changed after the link was created; this applies to all links and referrals contained in our own online services. Only the provider of the page receiving the referral and not the entity issuing the referral by way of link to the respective publication is liable for illegal, inaccurate, or incomplete Contents and particularly for damages arising from the use or disuse of information so provided.

20. Notice to Parents and Legal Guardians

Parents and legal guardians are responsible for protecting their children’s privacy. We ask that you talk with your children about how to handle personal data online in a safe and responsible manner.

21. Amendments to the Privacy Policy

We reserve the right to amend the Privacy Policy in order to accommodate changes to the law, to services, and to data processing. However, this applies only with regard to provisions regarding data processing. Insofar as user consent is required or components of the Privacy Policy contain regulations regarding the contractual relationship with the users, the amendments in question will only be made with the users’ consent.

We always upload amendments to our Privacy Policy here and recommend that you read this Policy on occasion.

22. Your Questions or Comments

You are welcome to contact our data protection officer with any questions, suggestions or complaints regarding our Privacy Policy. You can reach our data protection officer by email at datenschutz@welthungerhilfe.de or by post at our postal address with the addition of “To the data protection officer”. If you wish to receive information on your data, change or delete it, please contact the private donor service.