arche noVa takes the protection of your personal data seriously. We treat your personal data confidentially and according to the legal data privacy regulations. All the data collected here will be kept strictly confidential within our area of responsibility and in accordance with the EU General Data Protection Regulation (GDPR) and with the country – specific laws applicable to us, such as the new Federal Data Protection Act (BDSG) or the Telemedia Act (TMA).
The processing is carried out either according to Art. 6 para. 1 lit. a GDPR on the basis of your consent, in accordance with Art. 6 para.1 lit. b GDPR to the fulfilment or initiation of a contract with you according to Art. 6 para.1 lit. c GDPR for the fulfilment of a legal obligation from us or on the basis in accordance with Art. 6 para. 1 lit. f GDPR for the protection of our legitimate interests.
In the following we inform about the collection of personal data when using this website. Personal data includes all data related to you personally, such as name, address, e-mail addresses, user behaviour. The use of our website is generally possible without providing any personal data. If personal data is collected on our website, it happens, if possible, on a voluntary basis.
Name and address of the person responsible for the processing
The responsible party in terms of the General Data Protection Regulation, other data privacy acts effective in EU member states and regulations of a data protection nature is:
arche noVa – Initiative for people in Need e.V.
Tel.: +49 351 | 48 19 84 - 0
Fax: +49 351 | 48 19 84 - 70
E-Mail: info [at] arche-nova.org
Name and Adress of the the Data Protection Commissioner
For questions, suggestions or comments concerning data privacy please contact our data protection commissioner::
External Data Protection Commissioner
PRODATIS CONSULTING AG
Tel.: +49 351 266 23 30
E-Mail: dsb [at] prodatis.com
Processing of data for provision of statutory services
arche noVa processes data from supporters, interested parties, members or other persons according to Art. 6 para. 1 lit. b GDPR, if we offer them contractual services or are recipients of services or contributions ourselves. Apart from that, we process the data from the persons concerned in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests, for example if it concerns administration work or public relations. We process our donors personal data and payment details (such as bank details, payment history) to issue donation confirmations, provision of services and donor care. We do not lease nor sell our donors’ or supporters’ addresses to other companies or organizations. The processing of personal data can be carried out with or without the aid of data processing systems and includes the following activities: collection, recording, organisation, organizing, saving, adaptation or alteration, sorting, retrieval, use, disclosure by means of conveyance, dissemination or another form of provision, comparison or combination, limitation, deletion or elimination. We process your personal information which you communicate to us through this website, only for the correspondence with you and only for the purpose for which you provided us this data.
We delete the data that is no longer necessary for the provision of our statutory and business purposes. This is determined corresponding to the respective tasks and contractual relations. Your personal data which has been communicated to us through our website will only be saved until the purpose for which we have been entrusted with the data is met and storing is necessary. So far as commercial, fiscal or administrative retention periods are to be taken into account, the storage period for certain data can amount to 6 or 10 years.
By using the contact data below you may exercise the following rights at any time: information about the data saved about you and its treatment, right to data transfer in a machine-readable form, correction of inaccurate data, deletion of your data stored with us, restriction of data processing provided that we are not yet allowed to delete your data on the basis of legal obligations, opposition to the processing of your data and data availability, provided that you have agreed to the data processing or closed a contract with us.
Provided that you have granted us consent you can revoke it with future effect at any time. You can address a complaint to your local supervisory authority at all times.
Upon contacting, for example via contact form, e-mail or telephone the user’s details for processing handling the request are disseminated in accordance with Art. 6 para. 1 lit. b GDPR. Data can be stored in a donor administration system (donation – “CRM-system”). Edited or obsolete requests will be deleted.
A regular check is carried out as to what extent further storage is necessary.
We process the applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfill our pre-contractual obligations within the framework of the application procedure within the meaning of Art. 6 lit. (1) sentences b and f GDPR.
Encrypted Data Transmission
All data is transmitted by the so - called SSL-Technology through an encrypted connection. The SSL Certificate required for this which is installed on our server was issued by an independent organization.
Collection of Access Data and Server Log Files
With each access to our website we automatically collect and store the information your browser leaves during your use of our website and every time a file is opened temporarily in Server Log Files. Prior to storing each data record is made anonymous by changing the IP address. In detail, the following data is stored upon every access/retrieval:
• anonymised IP address
• date and time of retrieval
• accessed page/name of accessed page
• web browser and requesting domain
• amount of data transmitted
• message if access was successful
The processing is carried out according to Art. 6 para.1 lit. f GDPR on the basis of our legitimate interest in the stability and functionality of our website.
The personal data may not be passed on to third parties or used in any other way. But we do reserve the right to check the server log files afterwards should there be concrete indications for unlawful use.
Information about the newsletter
As a service feature we offer users our regular newsletter. We use the list provider MailChimp to mail the newsletters. To subscribe to the newsletter you only need your e-mail address, all other data can be given voluntarily.
MailChimp is an offer from The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318 (“Rocket”). We trust in MailChimp’s reliability as well as IT and data security. MailChimp is certified under the US-Eu Data Protection Agreement “Privacy Shield” and thus commits itself to adhere to the EU Data Protection requirements. MailChimp is used based on our legitimate interests according to Art. 6 para.1 lit. f GDPR and on a processing contract in accordance with Art. 28 para.3 lit. 1 GDPR.
Upon registration the so-called double opt-in method is used, that means that after registration you receive an e-mail in which you reconfirm your registration. Only after that the newsletter will be activated for you. If you subscribe to our newsletter the data you provided upon registration will be transmitted to MailChimp and stored there. The data provided upon registration will not be forwarded to third parties. Apart from that, MailChimp offers different analytic options as to how the sent newsletters can be opened and used, for example to how many users an e-mail has been sent, if e-mails have been rejected and if users have unsubscribed from the list after receiving an e-mail. In addition to that MailChimp uses the analytic tool Google Analytics and includes it, where appropriate, in the newsletter.
These analyses are group-related and will not be used by us for individual evaluation.
They solely serve to improve the content of our newsletter.
Further information on data protection at MailChimp is available at: http://mailchimp.com/legal/privacy/
You can revoke your consent to the use of your e-mail address to send the newsletter at any time. The revocation can be carried out via a link in the newsletters or via message to info [at] arche-nova.org.
We measure the range of our online offer on the basis of the legitimate interests according to Art. 6 para.1 lit. f GDPR, that means interest in the analysis and optimization of the offer. The following data will be processed: browser type and browser version, the operating system in use, date and time of the server request, country from which the request is made, number of visits, length of stay as well as used external links. For the processing Piwik/Matomo uses so-called cookies. These will be stored on the users’ computers and enable an analysis of the use of our offer. The data will be collected anonymously. Cookies will be saved for a week, the information generated therefrom about the use of the website will be stored exclusively on our server and not be forwarded to others. In order to object to the data collection so-called Opt-Out cookies can be created, thus session data will not be collected via the browser used. If you clear the cookies from your browser this Opt-Out cookie will also be deleted and has to be regenerated.
Within this website cartographical material from Openstreetmap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, more precise: from the service OpenStreetMap (OSM), is included for the display of an interactive map. OSM is an open-source mapping tool. To our knowledge the users‘ data is used by OpenStreetMap solely for the purpose of displaying the map functions and intermediate storage of chosen settings. This data may include IP addresses and users’ location data in particular, which, however, cannot be collected without their consent (as a rule within the framework of the settings of your mobile devices). When including the map data we refer to Art. 6 para. 1 lit. f GDPR, that means as a website operator we have a legitimate interest in improving our website’s user friendliness. Information about data protection and legal conditions at Openstreetmap is available under the following links:
On our website we embed YouTube videos. The operator of the respective plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Normally your IP address will be sent to YouTube when opening a page with embedded videos and cookies will be installed on your computer. However, we have integrated our You Tube videos with the extended data protection mode (in this case You Tube still establishes contact with Google’s service Double Klick, yet according to Google’s data protection statement personal data will not be analysed). Thus information about the visitors will not be stored by You Tube unless they watch the video. If you click on the video your IP address will be forwarded to You Tube and You Tube finds out that you have watched the video. If you are logged into You Tube this information gets assigned to your user account (you can prevent this by logging out of You Tube before watching the videos). We have no knowledge of and no influence on the possible collection and use of your data by You Tube.
Generally the storing of cookies for the Google ad programme can be deactivated (this is possible via the following link: https://adssettings.google.com/authenticated?hl=de), however You Tube also places non-personal user information in other cookies. If you want to prevent this you must block the storing of cookies in your browser.
We offer you on our website the chance to use so-called “Social-Media-Buttons”.
For the implementation we rely on the solution “Shariff” in order to protect your data.
Hereby these buttons are integrated in the website only as a graphic which include a link to the button providers’ respective websites. Upon clicking on the graphic you will be forwarded to the services of the respective providers. Only then your data will be sent to the respective provider. Provided you do not click on the graphic there will be no exchange between you and the providers of the Social-Media buttons.
On our website we included the Social-Media buttons of the following companies: Facebook, Twitter, YouTube, Instagram
Information about donations
Upon using the donation form the data will be forwarded to this company. “Fundraisingbox” is used based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR and on a processing contract according to Art. 28 para. 3 lit. 1 GDPR. Depending on the chosen form of payment your data will be forwarded to the respective financial service provider: when using direct debit payment it will be forwarded to our principal bank, Bank für Sozialwirtschaft Aktiengesellschaft, Konrad-Adenauer-Ufer 85m 50668 Cologne, Germany when using payment via PayPal it will be forwarded to PayPal (Europe) S.à r.l. & Cie, S.C.A., 5th floor, 22-24 Boulevard Royal, L-2449 Luxembourg, when paying by credit card it is forwarded to Micropayment GmbH, Scharnweberstraße 69, 12587 Berlin, Germany when paying via instant transfer to SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. In any case your data will be stored and kept for ten years together with information on the donation amount, donation frequency and purpose/project.
All mentioned trademarks, used logos and registered brands belong to the respective owners and are hereby accredited.
Data Protection Commissioner
To ensure the quality of our data protection measures we employed Ms. Kerstin Herschel from Prodatis Consulting AG as an independent, external data protection commissioner. If you have any questions concerning data protection, please contact her at datenschutz [at] arche-nova.org.
The appointment of the data protection officers was made by the Management Board without the involvement of Management Board member Cornelia Trentzsch, as she is the Chairwoman of the Supervisory Board of Prodatis Consulting AG. The independence of the data protection officers is thus ensured.