PRIVACY POLICY PURSUANT TO THE GDPR

  

I.          Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

Verein Programm Klasse2000 e.V.

Feldgasse 37

90489 Nuremberg

Germany

Tel.: +49 (0) 911 891210

E-Mail: info@klasse2000.de

Website: www.klasse2000.de

 

 

II.       Name and address of the Data Protection Officer

The Data Protection Officer of the controller is:

Frank A. Keller

Glöckner Keller Rechtsanwälte

Johannisstraße 5

90419 Nuremberg

Germany

Tel.: +49 (0)911 255099-0

E-Mail: datenschutz@klasse2000.de

Website: www.anwaelte-gkr.de

 

 

III.     General information about data processing

1.        Scope of the processing of personal data

We collect and use the personal data of our users only if this is required for the provision of a functional website as well as our content and services. Our users’ personal data are regularly collected and used only with the user’s consent. An exception only applies if it is not possible to obtain the consent beforehand for factual reasons and the processing of data is permitted by law.

2.        Legal basis for the processing of personal data

If we obtain the data subject’s consent to the processing procedures for personal data, art. 6 (1) point a of the EU General Data Protection Regulation (GDPR) serves as legal basis.

Art. 6 (1) point b GDPR serves as legal basis for the processing of personal data required for the fulfilment of a contract whose contracting party is the data subject. This also applies to processing procedures required for the implementation of pre-contractual measures.

If processing personal data is required to comply with a legal obligation to which our company is subject, art. 6 (1) point c GDPR servers as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 (1) point d GDPR serves as legal basis.

If the processing is required to safeguard a legitimate interest of our company or a third party and if the interests, basic rights and fundamental freedoms of the data subject do not override the aforementioned interest, art. 6 (1) point f GDPR serves as legal basis for the processing.

3.      Data erasure and storage period

The personal data of the data subject are erased or blocked once the storage purpose ceases to be relevant. Data may be stored beyond this period if this is provided for by European or national legislature in regulations, laws or other rules of the Union to which the controller is subject. Data are also blocked or deleted if a storage period stipulated by the mentioned laws expires, unless the continued storage of the data is required for the conclusion of a contract or the fulfilment of a contract.

 

IV.     Data processing for the fulfilment of a contract and the purpose of the association

1.        Description and scope of data processing

The following data are collected and stored to fulfil the contract:

  1. Name, contact details and contact person of the contracting partner, if they are provided by the respective contracting partner.
  2. Documents or contracts may be stored in our files as originals or photocopies or electronically in our electronic files.
  3. Email contacts are also stored electronically. Further details can be found in section X. Privacy policy regarding email contacts.

2.        Legal basis for data processing

The legal basis for the processing of data is art. 6 (1) point a GDPR if the user has given his/her consent.

If data are collected to fulfil a contract whose contracting party is the user or to implement pre-contractual measures, the additional legal basis for the processing of data is art. 6 (1) point b GDPR.

3.        Purpose of data processing

The collection of the above-mentioned data is necessary for fulfilling a contract with the user or implementing pre-contractual measures.

The data are required for the fulfilment of the contract since the contact details and contact persons of the client are required to establish contact and in particular to send documents.

4.        Duration of storage

The data are erased once they are no longer necessary in relation to achieving the purpose for which they were collected.

This applies to the period of the continuous obligation for the fulfilment of a contract or the implementation of pre-contractual measures if the data are no longer necessary in relation to the performance of the contract. It may still be necessary to store personal data of the contracting partner after the conclusion of the contract to comply with contractual or legal obligations.

We are obligated in the scope of our activities as an association to retain our business documents and therefore also the personal data contained therein for a period of ten years.

If there are no further contractual or legal obligations, the data are erased after the above-mentioned period has expired.

5.        Possibility to object and erase

As the client, you can object to your personal data being stored and / or obtain their erasure at any time. You can have the personal data we store about your person changed at any time.

If the data are needed to fulfil a contract or implement pre-contractual measures, the data can only be erased in advance if there are no contractual or legal obligations which pose an obstacle to the erasure.

 

V.       Provision of the website and creation of log files

1.        Description and scope of data processing

When accessing our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data are thereby collected:

  1. The IP address of the user
  2. Date and time of access
  3. Websites that are accessed by the user’s system via our website

The data are also stored in the log files of our system. The IP address of the user or other data with which the data can be allocated to a user is automatically anonymised. These data are not stored together with other personal data of the user.

2.      Legal basis for data processing

The legal basis for the temporary storage of data is art. 6 (1) point f GDPR.

3.      Purpose of data processing

The system has to temporarily store the IP address so that the website can be sent to the computer of the user. To this end, the IP address of the user has to be stored for the duration of the session.

The anonymised data are stored in log files to ensure the functionality of the website. Furthermore, we use the data to optimise our website and to ensure the security of our IT systems. The data are not analysed for marketing purposes in this context.

Our legitimate interest in data processing pursuant to art. 6 (1) point f GDPR also lies in the above-mentioned purposes.

4.      Duration of storage 

The data are erased once they are no longer necessary in relation to achieving the purpose for which they were collected. This applies to the collection of data for the purpose of providing the website once the respective session has ended.

This is the case after 190 days at the latest for the storage of data in log files. The data may be stored beyond that period. The IP addresses of the users are distorted, making it impossible to allocate them to the accessing client.

5.  Possibility to object and erase

The collection of data for the provision of the website and the storage of data in log files is imperative for the operation of the website. Therefore, the user cannot object thereto.

 

VI.      Use of Cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files which are stored on the computer system of the user in and/or by the internet browser. If a user accesses a website, a cookie can be stored on the operating system of the user. This cookie contains a characteristic string of characters with which the browser can be clearly identified when the website is accessed again.

We use cookies on our website which enable us to analyse the surfing behaviour of the users.

The following data can be transmitted this way:

  1. Frequency of site visits
  2. Use of website functions

The data of the users collected this way are pseudonymised with technical measures. Therefore, the data can no longer be allocated to the accessing user. The data are not stored together with other personal data of the user.

When accessing our website, users are informed about the use of cookies for analytical purposes on an information banner and referred to this privacy policy. In this context, the user is also informed about how the storage of cookies can be disabled in the browser settings.

b) Legal basis for data processing 

The legal basis for the processing of personal data by use of cookies is art. 6 (1) point f GDPR.

c) Purpose of data processing 

Analytical cookies are used to improve the quality of our website and its contents. Analytical cookies tell us how the website is used, allowing us to continually optimise our services.

The analytics software Matomo (formerly PIWIK) needs these cookies to create statistics on site visits.

Our legitimate interest in processing personal data pursuant to art. 6 (1) point f GDPR also lies in the above-mentioned purposes.

e) Duration of storage, possibility to object and erase

 

Cookies are stored on the computer of the user and are then transferred to our website from there. This is why you have full control over the use of cookies as the user. By changing the settings of your internet browser, you can disable or restrict the transmission of cookies. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you may not be able to fully use all functions of the website. 

 

VII.  Newsletter

1.        Description and scope of data processing

You can subscribe to our free newsletter on our website. When registering for the newsletter, the data from the input screen are transmitted to us (your email address). These data are automatically entered in an email and forwarded to us.

With regard to data processing, this privacy policy is referred to during the registration process.

The data are not transferred to third parties in the scope of data processing for sending newsletters. The data are only used for sending newsletters.

2.      Legal basis for data processing

The legal basis for data processing after the user’s registration for the newsletter is art. 6 (1) point a GDPR if the user has given his/her consent.

3.      Purpose of data processing

The email address of the user is collected to send the newsletter.

Other personal data are collected during the registration process to prevent misuse of the services or the email address used.

4.      Duration of storage

The data are erased once they are no longer necessary in relation to achieving the purpose for which they were collected. Therefore, the email address of the user is stored for as long as the subscription of the newsletter is active. Since an email archive is used, automatically created emails cannot be erased. This software is used to comply with generally accepted principles of accounting and retention of accounts and therefore results from a legal obligation.

5.      Possibility to object and erase

The user concerned can terminate his/her subscription of the newsletter at any time. Each newsletter contains a respective link for this purpose.

Here, the user can also revoke his/her consent to the storage of the personal data collected during the registration process.

 

VIII.         Registration

1.        Description and scope of data processing

Users can register on our website by entering personal data. The data are entered into an input screen and transferred to us and stored. The data are not transferred to third parties. The following data are collected during the registration process:

  1. First name and surname of the contact person
  2. Street and house number
  3. Postcode
  4. City/Town
  5. Telephone number
  6. Email address

These data are automatically entered in an email and forwarded to us.

2.      Legal basis for data processing

The legal basis for the processing of data is art. 6 (1) point a GDPR if the user has given his/her consent.

If the registration serves the fulfilment of a contract whose contracting party is the user or the implementation of pre-contractual measures, the additional legal basis for the processing of data is art. 6 (1) point b GDPR.

3.      Purpose of data processing

The registration of the user is necessary for fulfilling the contract with the user or implementing pre-contractual measures.

The user registers to become a sponsor. To this end, personal data have to be stored for communication purposes, processing donations and issuing contribution confirmations.

4.      Duration of storage 

The data are erased once they are no longer necessary in relation to achieving the purpose for which they were collected. 

This applies to the duration of the registration procedure for the fulfilment of a contract or the implementation of pre-contractual measures if the data are no longer necessary in relation to the performance of the contract. It may still be necessary to store personal data of the contracting partner after the conclusion of the contract to comply with contractual or legal obligations.

5.      Possibility to object and erase

As the user, you can delete the registration at any time. You can have the personal data we store about your person changed at any time. 

To have data erased or changed, the users can use the contact information on our website under the “contact” tab.

If the data are needed to fulfil a contract or implement pre-contractual measures, the data can only be erased in advance if there are no contractual or legal obligations which pose an obstacle to the erasure.

 

IX.     Ordering information material 

1. Description and scope of data processing

Users can order information material on our website by providing personal data. The data are entered into an input screen and transferred to us and stored. The data are not transferred to third parties. The following data are collected during the registration process:

  1. First name and surname of the contact person
  2. Company/organisation
  3. Street and house number
  4. Postcode
  5. City/Town
  6. Telephone number
  7. Email address

These data are automatically entered in an email and forwarded to us.

2.      Legal basis for data processing

The legal basis for the processing of data is art. 6 (1) point a GDPR if the user has given his/her consent.

If the registration serves the fulfilment of a contract whose contracting party is the user or the implementation of pre-contractual measures, the additional legal basis for the processing of data is art. 6 (1) point b GDPR.

3.      Purpose of data processing

The registration of the user is necessary for fulfilling the contract with the user or implementing pre-contractual measures.

The purpose of the order is to receive information material. To this end, personal data have to be collected and stored to send the material and to establish contact in case of questions, if required.

4.      Duration of storage

The data are erased once they are no longer necessary in relation to achieving the purpose for which they were collected.

This applies to the order if the data are no longer necessary in relation to the performance of the order and the delivery. It may still be necessary to store personal data of the user after the information material has been sent to comply with contractual or legal obligations.

5.      Possibility to object and erase

As the user, you can delete the registration at any time. You can have the personal data we store about your person changed at any time.

To have data erased or changed, the users can use the contact information on our website under the “contact” tab.

If the data are needed to fulfil a contract or implement pre-contractual measures, the data can only be erased in advance if there are no contractual or legal obligations which pose an obstacle to the erasure.

 

X.       Contact form and email contact

1.             Description and scope of data processing

There is a contact form on our website, which can be used to contact us electronically. If a user contacts us this way, the data entered in the input screen are transferred to us and stored. These data comprise:

  1. First name and surname
  2. Street and house number
  3. Postcode and city/town
  4. Email address

With regard to data processing, this privacy policy is referred to during the sending process.

Alternatively, contact can also be established via the provided e-mail addresses. In this case, the personal data of the user which are transferred with the email are stored.

The data are not transferred to third parties in this context. The data are only used to process the conversation.

2.        Legal basis for data processing

The legal basis for the processing of data is art. 6 (1) point a GDPR if the user has given his/her consent. 

The legal basis for processing the data which are transferred by sending an email is art. 6 (1) point f GDPR. If email contact is established in order to conclude a contract, art. 6 (1) point b GDPR is an additional legal basis for processing.

3.        Purpose of data processing

We only process the personal data from the input screen to process communication. If contact is made by email, there is also the required legitimate interest in processing the data.

Other personal data processed during the sending process are used to prevent misuse of the contact form and ensure the security of our IT systems.

4.        Duration of storage

The data are erased once they are no longer necessary in relation to achieving the purpose for which they were collected. This applies to personal data from the input screen of the contact form and data transferred by email once the respective conversation with the user has ended. The conversation has ended if the circumstances suggest that the issue in question has been fully resolved.

5.        Possibility to object and erase

The user can revoke his/her consent to the processing of personal data at any time. If the user contacts us by email, he/she can object to his/her personal data being stored. In this case, the conversation cannot be continued.

To have data erased or changed, the users can use the contact information on our website under the “contact” tab.

In this case, any and all personal data stored during the establishment of contact are deleted.

 

XI.     Rights of the data subject

If personal data relating to your person are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:

1.        Right of access

You may obtain confirmation from the controller about whether your personal data are being processed by us.

If this is the case, you may obtain access to the following information from the controller:

  1. the purposes for which the personal data are processed;
  2. the categories of the personal data concerned;
  3. the recipients and/or the categories of recipients to whom your personal data is or was disclosed;
  4. the envisaged duration of storage of your personal data or, if no specific information can be provided hereto, the criteria used to determine that period;
  5. the existence of the right to rectification or erasure of your personal data, the right to restriction of the processing by the controller or the right to object against this processing;
  6. the existence of the right to lodge a complaint with a supervisory authority;
  7. any and all available information about the origin of the data if the personal data are not collected from the data subject;

You have the right to obtain information about whether your personal data are transferred to a third country or to an international organisation. In this context, you may obtain information about the appropriate guarantees pursuant to art. 46 GDPR in connection with the transmission.

2.        Right to rectification

You have the right to rectification and/or completion vis-à-vis the controller if your personal data processed are inaccurate or incomplete. The controller must effect the rectification without undue delay.

3.      Right to restriction of processing

You may obtain the restriction of processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal data for a period which enables the controller to review the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
  3. if the controller does no longer require the personal data for processing purposes; however, you require them for the establishment, exercise or defence of legal claims; or
  4. if you have lodged a complaint against the processing pursuant to art. 21 (1) GDPR and it is not yet decided whether the legitimate grounds of the controller override yours.

If the processing of your personal data was restricted, these data - besides their storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural person or legal entity or for reasons of important public interest of the Union or a Member State.

If the restriction of processing was restricted pursuant to the above-mentioned conditions, you will be notified by the controller before the restriction is lifted.

4.      Right to erasure

a)        Obligation to erasure

You may obtain from the controller the erasure of your personal data without undue delay and the controller is obligated to erase these data without undue delay if any of the following reasons apply:

  1. Your personal data are no longer required for the purposes for which they were collected or processed in any way.
  2. You revoke your consent on which the processing was based pursuant to art. 6 (1) point a or art. 9 (2) point a GDPR and there is no other legal basis for the processing.
  3. You lodge a complaint against the processing pursuant to art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing or you lodge a complaint against the processing pursuant to art. 21 (2) GDPR.
  4. Your personal data were unlawfully processed.
  5. The erasure of your personal data is necessary for the compliance with a legal obligation pursuant to the law of the Union or the law of the Member States to which the controller is subject.
  6. Your personal data were collected with regard to the information society services offered pursuant to art. 8 (1) GDPR.

b)        Disclosure to third parties

If the controller has made your personal data public and is obligated to erase them pursuant to art. 17 (1) GDPR, the controller shall take appropriate measures - also of a technological nature - under consideration of available technology and the costs of implementation to inform the data controllers who process personal data that you as the data subject have obtained the erasure of any and all links to these personal data or copies or replications of these personal data.

c)        Exceptions

The right to erasure does not apply if the processing is required

  1. for exercising the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by the Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to art. 9 (2) point h and i as well as art. 9 (3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to art. 89 (1) GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

5.      Right to information

If you have asserted the right to rectification, erasure or restriction of processing towards the controller, the controller is obliged to inform each recipient to whom your personal data have been disclosed about this rectification or erasure of the data or restriction of processing; unless this proves impossible or involves disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

6.        Right to data portability

You have the right to receive your personal data which you made available to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without being hindered to do so by the controller to whom the personal data were provided if

  1. the processing is based on a consent pursuant to art. 6 (1) point a GDPR or art. 9 (2) point a GDPR or on a contract pursuant to art. 6 (1) point b GDPR and
  2. the processing is carried out via automated procedures.

When exercising this right, you also have the right to obtain that your personal data are transferred directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be impacted by doing so.

The right to data portability does not apply to the processing of personal data required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.        Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on art. 6 (1) point e or f GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8.      Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing based on such consent before its revocation.

9.      Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.

 

XII. Online presence in social media

We maintain online presences in social networks (Facebook and YouTube) to communicate with interested parties and users who are active there and inform them about our services. If information is requested or user rights are established, we would like to point out that these may best be claimed with the provider. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. We would like to point out that we do not have any knowledge of the content of the transferred data or its use by Facebook or YouTube. You can find more information about this topic in the respective privacy policies:

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Privacy policy: www.facebook.com/about/privacy/, Opt out: www.facebook.com/settings, Privacy Shield: www.privacyshield.gov/participant.
  • YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) -  Privacy policy: www.google.com/policies/privacy/, Opt out: adssettings.google.com/authenticated.

 

XIII. Use of Google Maps

On our website we use Google Maps (API) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Maps is a web service that displays interactive (land) maps to visually represent geographic information. When the map of all certified schools in Germany is accessed, information about the use of the website (such as the user's IP address) is transmitted to and stored by Google on servers in the United States.

Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate the user's IP address with any other data held by Google. Nevertheless, it would be technically possible for Google to use the user data obtained through the use of Google Maps to identify users, to create personality profiles of users or to process and use these for third-party purposes, on which Klasse2000 has no control and cannot have any control.

The terms of use of Google can be viewed at policies.google.com/terms.

The additional terms of use for Google Maps can be viewed at www.google.com/intl/de_US/help/terms_maps.html.

Detailed information on data protection in connection with the use of Google Maps can be found on the Google website ("Google Privacy Policy"): www.google.com/policies/privacy/

 

XIV.   Web analysis with Matomo (formerly PIWIK)

1. Scope of processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software places a cookie on the computer of the user (for more information about cookies, see above). If individual sites of our website are accessed, the following data are stored:

  1. Two bytes of the IP address of the accessing system of the user
  2. The accessed web page
  3. The website from which the user visited the accessed web page (referrer)
  4. The sub-pages which are accessed from the accessed web page
  5. The time spent on the web page
  6. The frequency of accessing the web page

The software only runs on the servers of our website. The users’ personal data are only stored there. The data are not transferred to third parties.

The configurations of the software do not allow it to store complete IP addresses; 2 bytes of the IP address are masked (e.g.  192.168.xxx.xxx). In doing so, the shortened IP address cannot be allocated to the accessing computer.

2.        Legal basis for the processing of personal data

The legal basis for processing the users’ personal data is art. 6 (1) point f GDPR.

3.      Purpose of data processing

By processing the users’ personal data, we can analyse the surfing behaviour of our users. We are able to compile information about the use of the individual components of our website by analysing the collected data. This helps us to continually improve our website and its user-friendliness. Our legitimate interest in processing the data pursuant to art. 6 (1) point f GDPR also lies in the above-mentioned purposes. By anonymising IP addresses, the interest of the users in the protection of their personal data is duly taken into account.

4.      Duration of storage

The anonymised data are erased once they are no longer required for our recording purposes.

With us, this is the case after one year.

5.      Possibility to object and erase

Cookies are stored on the computer of the user and are then transferred to our website from there. This is why you have full control over the use of cookies as the user. By changing the settings of your internet browser, you can disable or restrict the transmission of cookies. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you may not be able to fully use all functions of the website.

On our website, we offer our users the possibility to opt out of the analysis procedure. You have to click on the corresponding link to do so. In doing so, another cookie is placed in your system which tells our system not to store the data of the user. If the user deletes this cookie from his/her system in the meantime, he/she has to place the opt-out cookie again.