In principle, it is possible to use our website without providing personal data. Insofar as any personal data (e.g. name, address, or email address) are collected on our website, this occurs on a purely voluntary basis. These data will not be shared with third parties without your express consent.
Please note that online data transfer (e.g. in connection with email communication) is vulnerable to security flaws. It is not possible to fully secure data against third-party access.
These data cannot be connected to individual persons and will not be combined with other data sources.
Party responsible and contact information:
Deutsche Welthungerhilfe e. V.
1. General Information
Deutsche Welthungerhilfe e.V.
Tel.: +49 (0)228-2288 176
Fax: +49 (0)228-2288 250
Terms such as "personal data" or the "processing" of the same are defined as per § 4 of the General Data Protection Regulation (GDPR). It is possible to use the Website—with the exception of social plugins—for informational purposes without providing personal data (see §§ 9, 10, 12).
We process our users’ personal data only in accordance with the relevant data protection regulations; this includes but is not limited to cases in which data processing is required to provide our online services, the user has consented, or our legitimate interests so require (i.e. interests of analysis, optimisation, and commercial operation and security of our online services as per § 6.1(f) GDPR—especially for measuring reach, creating “personas” for publicity and marketing purposes, capturing access data, and utilising the services of third-party providers).
In this context, the term “user” comprises all categories of persons affected by the data processing; this includes our donors, cooperative partners, interested parties, and others visiting our online services. The terms used, e.g. “user”, are gender neutral.
Please note that the legal basis for consent as per §§ 6.1(a), 7 GDPR constitutes the legal basis for processing personal data both for purposes of fulfilling our legal obligations (§ 6.1(c) GDPR) and for purposes of protecting our legitimate interests (§ 6.1(f) GDPR).
If you wish to donate, we will ask for your name and for additional personal informational relevant to the donation. Your data are sent to us via an SSL-encrypted connection and are stored on specially-protected servers in Germany. They can be accessed by only a few people with special clearance who are involved in the technical or commercial support of these servers. On no account will your data be shared with third parties without your express consent.
Please note that online data transfer (e.g. in connection with email communication) is vulnerable to security flaws. It is not possible to fully secure data against third-party access. Private data should therefore be transmitted only via a secure connection (SSL).
2. Security Measures
We take state-of-the-art organisational, contractual, and technical security measures in order to ensure compliance with the regulations of data protection laws and to protect the data we process against random or targeted manipulation, loss, destruction, or access by unauthorised persons.
Said security measures include but are not limited to the encrypted transmission of data between your browser and our server.
3. Sharing Your Data with Third Parties and Third-Party Providers
If we employ any external service providers to provide our services, this is done in accordance with the stipulations of § 28 GDPR. We have concluded a limited-processing contract with each data processing company to ensure that your personal data are processed according to their purpose and not shared. We also take appropriate technical and organisational measures to protect your personal data.
This applies to service providers including but not limited to the following:
4. Making Contact via Contact Form
Our Website offers you multiple options to send your enquiries to us through a contact form via an encrypted SSL connection. In accordance with § 6.1(a) GDPR, exclusively the data and information required to process your enquiry will be processed.
If you leave comments at the applicable places on our Website, your IP address will be stored for seven days on the basis of our legitimate interests within the meaning of § 6.1(f) GDPR. This storage policy is for our security. Should someone leave illegal content in the comments (insults, prohibited political propaganda etc.), we can be prosecuted for the post ourselves and are therefore interested in the identity of the author.
6. Access Data and Logfiles
On the basis of our legitimate interests within the meaning of § 6.1(f) GDPR, we collect data every time the server hosting this service (Serverlogfiles) is accessed. Access data include but are not limited to:
For security reasons (e.g. to resolve cases of abuse or fraud), logfile information will be stored for a maximum of seven days and thereafter deleted. Data that must be retained for purposes of proof are exempt from deletion until the respective incident is fully resolved.
7. Cookies and Reach Measurement
If you do not want any cookies to be stored on your computer, you are requested to deactivate the corresponding option in your browser’s system settings. Stored cookies can be cleared in the browser’s system settings. Deactivating cookies may limit the Website’s functionality.
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
We also use the Usercentrics Consent Management Platform service from Usercentrics GmbH. This is a consent management service that lists the purposes of data collection and processing. The collected data cannot be used or stored for any other purpose than these purposes: Compliance with legal obligations, storage of consent. Consent data (granted consent and revocation of consent) is stored for three years. After this period, the data will be deleted immediately or handed over to the responsible person upon request in the form of a data export. You can manage your consents by clicking on the button at the top of the page.
8. Using Google Analytics
On the basis of our legitimate interests (i.e. interests of analysis and optimisation within the meaning of § 6.1(f) GDPR), we employ Google Analytics, a web analysis service provided by Google Inc. (“Google”).
1600 Amphitheatre Parkway
Mountain View, CA 94043
Google Analytics utilises cookies (see § 7) to facilitate analysis of your website use. Your user data for the Website is generated by the cookie and thereafter generally transmitted to a Google server in the USA and stored there. Google relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the European Economic Area and compliance with European data protection laws (Update to Standard Contractual Clauses (SCCs) (August 2020))
Google will use these data in accordance with our instructions to evaluate how our online services are being used, to compile reports about activities within the online services, and to perform additional services connected to the use of these online services and the internet. Pseudonymous user profiles can then be generated from the processed data.
We employ Google Analytics to show advertisements via the advertisement services of Google and its partners to only such users as have demonstrated an interest in our online services or as possess particular characteristics (e.g. an interest in certain topics or products, which is determined using websites visited) which we share with Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). We would also like to use Remarketing Audiences to ensure that our advertisements correspond to the users’ potential interests and are not annoying.
Please note that the “anonymizeIp” code was added to Google Analytics on the Website in order to ensure the anonymised collection of IP data (IP masking). This means that Google shortens users’ IP addresses within European Union member states or in other contracting member states of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be shortened there. The IP address transmitted by the user’s browser will not be combined with other data in the possession of Google. You can prevent cookies from being stored through a corresponding setting of your browser software; however, please note that this may potentially prevent you from using each of the Website's functions to its full extent.
In addition, you can prevent Google from collecting and processing the data that the cookie generated regarding your usage of our online services by downloading and installing the browser plugin accessible via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
You can prevent Google Analytics from capturing data by clicking the following link. This will put an opt-out cookie in place to prevent your data from being captured during future visits to this website: Deactivate Google Analytics
Remember to renew this opt-out cookie if you delete this or all cookies via your browser settings.
You can find additional information regarding data use by Google as well as setting and opt-out options on the following Google web pages: https://policies.google.com/technologies/partner-sites?hl=en-GB (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads?hl=en-GB (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).
9. Google Remarketing
On the basis of our legitimate interests (i.e. interests of analysis and optimisation within the meaning of § 6.1(f) GDPR), we employ the marketing and remarketing services (“Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the European Economic Area and compliance with European data protection laws (Update to Standard Contractual Clauses (SCCs) (August 2020)).
Google Marketing Services allows us to better target our online advertisements for our website in order to show users only advertisements that potentially correspond to their interests. When a user is, for example, shown advertisements for products that he viewed on other websites, this is known as remarketing. For these purposes, a Google code is immediately executed by Google when a website on which Google Marketing Services is active is accessed, and (re)marketing tags—invisible graphics or code also known as “web beacons”—are affixed to the website. Using said remarketing tags, an individual cookie, i.e. a small file, is saved on the user's device (comparable technologies can also be used instead of cookies). This file makes note of which websites the user visited, which content he viewed, and where he clicked; it also records technical information regarding the browser and operating system, referring websites, the time of the visit, and other data related to the usage of the online services.
The user’s IP address is also captured; within the context of Google Analytics, the IP address is shortened within member states of the European Union or in other contracting member states of the European Economic Area and only in exceptional cases transmitted to a Google server in the USA and shortened there. The IP address is not connected to user data from other Google services. The above information can also be combined by Google with similar information from other sources. If the user subsequently visits other websites, he may be shown advertisements targeted to his interests.
Google Marketing Services processes user data pseudonymously. This means that Google does not save and process data such as the names or email addresses of the users but rather processes relevant data based on cookies within pseudonymous user profiles. From Google’s perspective, the advertisements are therefore not administered and shown with reference to a concretely-identified person but rather with reference to the holder of the cookie regardless of said holder’s identity. This does not apply if a user has expressly permitted Google to process his data with this pseudonymisation. The data captured by Google Marketing Services about the user are transmitted to Google and saved on Google servers in the USA.
We also employ the Google Optimize service on our Website. Google Optimize allows us to use so-called A/B tests to reconstruct how various changes can affect a website (e.g. changes to input fields, design changes etc.). Cookies are stored on your device for these purposes. All data processed in this context are pseudonymous. Furthermore, we use Google Tag Manager to incorporate Google’s analysis and marketing services into our Website and to administer the same.
If you would like to opt out of Google Marketing Services’ targeted advertisements, you can make use of Google's settings and opt-out options: http://www.google.com/ads/preferences.
10. Facebook, Custom Audiences, and Facebook Marketing Services
On the basis of and for the purposes of our legitimate interests of analysis, optimisation, and commercial operation regarding our online services, said services employ Facebook Pixel, a tool of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Facebook relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the European Economic Area and compliance with European data protection laws (Facebook: standard contract clause).
Using Facebook Pixel, Facebook can categorise the visitors of our online services as a target group for advertisements (“Facebook Ads”). As a result, we use Facebook Pixel to show our Facebook Ads to only such Facebook users as have demonstrated an interest in our online services or as possess certain characteristics (e.g. an interest in particular topics or products, determined using websites visited) which we communicate to Facebook (“Custom Audiences”).
We also use Facebook Pixel to ensure that our Facebook Ads correspond to the user’s potential interests and are not annoying. Using Facebook Pixel, we can also track the effectiveness of Facebook Ads for purposes of statistics and market research by seeing if users are redirected to our Website by clicking on a Facebook Ad (“Conversion”).
Facebook Pixel is immediately integrated by Facebook when our Website is accessed; it can store a cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online services is noted in your profile. The data collected about you are anonymous for us and therefore do not allow us to infer user identities. However, the data are saved and processed by Facebook, so a connection to the respective user profile may be made and used by Facebook for purposes of its own market research and advertisement.
Should we share any data with Facebook for purposes of reconciliation, they will be encrypted locally in the browser before being sent to Facebook via an encrypted https connection. This is only done to reconcile with Facebook's similarly-encrypted data.
You can opt out of data capture by Facebook Pixel and the use of your data to display Facebook Ads. In order to determine which kinds of advertisements can be shown to you on Facebook, you can open Facebook’s corresponding page and follow the instructions to adjust the settings for user-based advertisements: https://www.facebook.com/settings?tab=ads. These settings are platform-independent, i.e. they are synchronised for all devices such as desktop computers or mobile devices.
The following information explains the content of our newsletter; subscription, dispatch, and statistical assessment procedures; and your withdrawal rights. By subscribing to our newsletter, you consent to receiving the same and to said procedures.
Content of Newsletter: We send newsletters, emails, and other electronic messages with promotional material (hereinafter “Newsletter”) on the following legal basis: consent (Art. 6 sect. 1 lit. (a), GDPR) for active subscription, and legitimate interests (Art 6 sect.1 lit. (f), GDPR) when for example a donation took place. Our Newsletter contains information regarding our projects, campaigns, emergency aid efforts, actions, and our organisation.
Double Opt In and Logging: Subscribing to our Newsletter is done via a double opt in procedure. This means that, upon subscribing, you receive an email requesting confirmation of your subscription. This confirmation is necessary in order to prevent people from registering with an email address other than their own. Newsletter subscriptions are logged in order to document the subscription process in accordance with statutory requirements. This includes storing the times of subscription and confirmation as well as the IP address. Any changes to your data as stored by our dispatch service provider are also logged.
Subscription Data: In order to subscribe to our Newsletter, you only need to provide your email address. You may optionally also provide a name so that we can address you personally in our Newsletter.
Dispatch Service Provider: To dispatch the Newsletter, we employ the service provider Episerver GmbH, Wallstrasse 16, 10179 Berlin, which is under obligation to us to observe data protection laws and which ensures that your data are used exclusively to dispatch the WHH Newsletter. Your data are stored exclusively in European data centres.
Statistical Surveys and Analyses: The Newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved when opening the Newsletter on the dispatch service provider's server. For purposes of this retrieval, technical information—such as browser and system information, your IP address, and the time of retrieval—will be collected. This information will be used for the technical improvement of the services on the basis of the technical data, of the target groups and their reading habits based on their access locations (determined by means of the IP address), or of the access times. Our statistical data collection methods also include determining whether the Newsletter is opened, when it is opened, and which links are clicked. These evaluations help us to recognise the reading habits of our users in order to adjust our content to them or to distribute different content to different users depending on individual interests.
Unsubscription/Withdrawal: You can unsubscribe from our Newsletter at any time. This will terminate both the dispatch service and the statistical analyses. It is unfortunately not possible to separately terminate either dispatch through the dispatch service provider or statistical evaluation. You can find a link to unsubscribe from the Newsletter at the end of each Newsletter. Should you have subscribed to or received the Newsletter and subsequently unsubscribed from receiving the Newsletter, your personal data associated to the Newsletter activity will be deleted.
12. Photographs, Video (Clips), ...
Pictures and video (clips),..., used on this Website were provided for publication by contracted photographers, photography agencies, or the depicted persons with their consent. Ownership of and credit for the photographs is provided in the copyright notice below the photograph or in the photograph’s metadata. The legal basis for this is § 6.1(f) GDPR.
13. Incorporating Third-Party Services and Content
We employ the contents and services of Third-Party Providers within our online services on the basis of our legitimate interests (i.e. interests of analysis, optimisation, and commercial operation of our online services within the meaning of § 6.1(f) GDPR) in order to incorporate their contents and services such as videos (hereinafter collectively referred to as “Contents”). This always requires the Third-Party Providers of these Contents to detect user IP addresses, since they cannot send the Contents to the users’ browsers without the IP address. The IP address is therefore required in order to display these Contents. We endeavour to use only the Contents of such Providers as use the IP address solely to deliver the Contents. Third-Party Providers may also use pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. Using the pixel tags, information such as visitor traffic on the respective pages can be evaluated. Furthermore, the pseudonymous information can be stored in cookies on the users’ devices and may contain data including technical information about the browser and operating system, referring websites, access times, and additional data regarding the use of our online services; said information can also be connected with other such information from other sources.
The following outline offers an overview of Third-Party Providers and their Contents. It also provides links to their privacy policies which contain other information regarding data processing and opt-out options, some of which have already been described:
14. Our Users’ Rights
Upon request and authentication, we are happy to inform you in writing and in accordance with the applicable law if personal data concerning yourself have been processed. If this is the case, you are entitled to the disclosure of these personal data and of the information listed in detail in § 15 GDPR.
Should the personal data concerning yourself be incorrect, you have the right to immediately demand the rectification of inaccurate personal data or the completion of incomplete personal data (§ 16 GDPR).
You have the right to demand that personal data concerning yourself be immediately deleted insofar as one of the particular reasons listed in § 17 GDPR applies, for example if the data are no longer required for their intended purpose (right to erasure).
You also have the right to demand the restriction of processing if one of the prerequisites listed in § 18 GDPR applies; for example, if you have objected to processing, this will apply for the duration of examination by the controller.
You have the right to object at any time to the processing of personal data concerning yourself for reasons arising from your particular situation. Our company will then cease to process said personal data unless we can prove compelling grounds for the processing or the processing serves to establish, exercise, or defend legal claims (§ 21 GDPR).
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with the supervisory authority if you believe that the processing of personal data concerning yourself infringes the GDPR (§ 77 GDPR). You may exercise this right through a supervisory authority in the member state of your place of residence, of your place of employment, or of the place in which the alleged infraction occurred. In North Rhine–Westphalia, the following person has jurisdiction:
The data protection officer for North Rhine–Westphalia (LDI)
Kavalleriestrasse 2 - 4
15. Deleting Data
The data that we store are deleted as soon as they are no longer required for their intended purpose and erasure does not violate any statutory retention periods. Insofar as user data are not deleted because they are required for other legal purposes, the processing of the same is restricted. This means that the data are segregated and not processed for other purposes. This applies, for example, to user data that need to be stored for commercial or tax purposes.
In accordance with statutory regulations, data pursuant to § 257.1 HGB (German Commercial Code) must be retained for six years (annual financial statements, vouchers etc.), and data pursuant to § 147.1 AO (German Revenue Code) must be retained for ten years (books, records, management reports, vouchers, documentation relevant to taxation etc.).
16. Right to Object
Users can object to the future processing of their personal data, including processing for purposes of direct advertising. We respect your right to object provided that we are not legally obligated to process the data in question.
17. Liability for Links
We hereby expressly declare that no illegal Contents were identifiable on the linked pages at the time of the respective link’s creation. Deutsche Welthungerhilfe e.V. has no influence on the current and future design, Contents, or ownership of linked pages. Such being the case, we hereby expressly distance ourselves from all Contents on the linked pages that were changed after the link was created; this applies to all links and referrals contained in our own online services. Only the provider of the page receiving the referral and not the entity issuing the referral by way of link to the respective publication is liable for illegal, inaccurate, or incomplete Contents and particularly for damages arising from the use or disuse of information so provided.
18. Notice to Parents and Legal Guardians
Parents and legal guardians are responsible for protecting their children’s privacy. We ask that you talk with your children about how to handle personal data online in a safe and responsible manner.
20. Your Questions or Comments