DONATE NOW

Data protection information

The protection of your personal data is very important to us, which is why we would like to list all the information about the processing and storage of your data when you visit our website and in our company.

 

In order to use all the functions and services of our website, it is necessary to collect your personal data. However, the processing and storage only takes place in accordance with the legal guidelines and requirements such as the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

 

 

RESPONSIBLE BODY

UNDER Lea’s TRUST e.V.

c/o Lea Sophie Kabitzsch

Müggelseedamm 157, 12587 Berlin

Contact: info@under-leas-trust.de

 

Further information can be found in the imprint.

 

 

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption procedure on our website. Your data is transmitted over the internet from your computer to our computer and vice versa using what is known as TLS encryption. TLS stands for “Transport Layer Security” and is an encryption protocol for data transmission on the internet. You can usually recognise “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

 

COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser transmits to us.

These are
– anonymised IP address;
– Internet service provider of the user;
– Date and time of access;
– browser type;
– language and browser version;
– Content of the retrieval;
– Time zone;
– Access status/HTTP status code;
– data volume;
– Websites from which the request originates (so-called referrer)
– Operating system.

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of the website.

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website (e.g. defence against hacker attacks) and to ensure a smooth connection setup.

 

We have concluded an order processing contract with the provider of this website, raidboxes GmbH, based in Münster, Germany, in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that raidboxes GmbH processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

The data collected is stored in server log files that your browser automatically transmits to us in encrypted form. We only store the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.

 

ENQUIRIES VIA THE CONTACT FORM, E-MAIL AND TELEPHONE

We will of course treat any personal data that you provide to us on a voluntary basis as confidential. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.

 

All personal data that you send to us with your enquiry will be deleted or anonymised by us no later than 180 days after the final answer has been given to you, unless a contract is concluded. The retention period of 180 days is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 180 days there are no more queries following our replies.

 

USE OF WEB ANALYSIS TOOLS AND COOKIES

We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone (end device) via the browser when you visit a website. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website.

The data processed by necessary cookies are for the purposes listed below to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

 

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can use our “Cookie Consent Tool” to set which cookie categories you wish to consent to when you visit our website. You can also revoke or change your consent at any time.

 

Once cookies have been saved, you can also delete them at any time via your web browser settings. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available.

 

We use cookies for the following purposes:

  • Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use functions you have requested.

 

  • Convenience: With the help of these techniques, we can take into account your actual or presumed preferences for the convenient use of our website. For example, we can use your settings to display our website in a language that suits you.

 

  • Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This allows us to determine, for example, how we can customise our website even better to the habits of our users.

 

  • Marketing: This allows us to display advertising content tailored to you based on an analysis of your usage behaviour. Your usage behaviour can also be tracked across different websites, browsers or end devices using a user ID (unique identifier).

 

 

As part of data processing (with the help of cookies and similar techniques for processing usage data), we may use specialised service providers, particularly from the online marketing sector. These process your data on our behalf as processors, are carefully selected and contractually bound in accordance with Article 28 GDPR. All companies listed as providers in our cookie policy act as processors.

 

In the context of data processing (with the help of cookies and similar techniques for processing usage data), we may use specialised service providers, in particular from the online marketing sector. These process your data on our behalf as processors, are carefully selected and contractually bound in accordance with Article 28 GDPR. All companies listed as providers in our cookie information act as so-called processors.

 

Consent management via “Complianz”

To obtain consent under data protection law, I use the “Complianz” cookie consent technology from Complianz B.V., a company based in the Netherlands.

 

This is used to obtain the legally required consent for the use of cookies and other data processing requiring consent. The legal basis for this is my legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR. The legitimate interest lies in the legally compliant documentation and verifiability of consents in order to fulfil accountability obligations. No personal data is stored.

 

GOOGLE ADS

We use Google Ads with your consent in accordance with Art. 6 para. 1 lit. a) GDPR to show you adverts on websites of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and other third-party providers.

Our purpose is to show you adverts that are of interest to you and to make our website more interesting for you. Conversion tracking allows us to determine how successful the individual advertising measures are. To do this, we use cookies that can be used to measure certain parameters for measuring reach, such as the display of adverts or clicks by users. If users reach our website via a Google advert, Google Ads stores a cookie on the corresponding end device. We only receive aggregated evaluations of user behaviour, on the basis of which we can determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media.

 

You can find more information on cookies in the cookie list above.

You can find more information on data protection for Google services at: https://policies.google.com/privacy?hl=de

 

USE OF GOOGLE ANALYTICS

This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) (“Google”).

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable the use of the website by the user to be analysed. The information obtained by the cookies about your usage behaviour of this website is usually transferred  to a Google server in the USA and stored there.  There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view Google’s certification here.

We have made the setting to anonymise your IP address. IP address anonymisation is carried out by Google, but within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

 

On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

The anonymised IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you.

 

You can view the cookies that are set in connection with Google Analytics in the list above. You can revoke your consent at any time by making the appropriate settings directly via the cookie banner. The user and event data will be deleted after 14 months. The “Reset user data on new activity” function is activated. This means that your data will not be deleted if you visit our website again before the retention period expires.

 

GOOGLE ADS (DOUBLECLICK)

We use Google Ads with your consent in accordance with Art. 6 para. 1 lit. a) GDPR to show you adverts on websites of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and other third-party providers.

Our purpose is to show you adverts that are of interest to you and to make our website more interesting for you. With conversion tracking, we can determine how successful the individual advertising measures are. To do this, we use cookies that can be used to measure certain parameters for measuring reach, such as the display of adverts or clicks by users. If users reach our website via a Google advert, Google Ads stores a cookie on the corresponding end device. We only receive aggregated evaluations of user behaviour, on the basis of which we can determine which of the advertising measures used are particularly effective. We do not receive any other data from the use of the advertising media.

 

You can find more information about cookies in the cookie list above. You can find more information on data protection for Google services at: https://policies.google.com/privacy?hl=de

 

GOOGLE TAG MANAGER

We use the Google Tag Manager of the provider Google Ireland Limited, Google Building Gordon House, Barrow St. Dublin 4, Ireland.

 

Google Tag Manager is used to manage website tags via an interface. This enables us as marketers to manage website tags via a single interface. Tags are small sections of code that record (track) your activities on our website, for example. The Google Tag Manager itself does not set cookies, but ensures that other tags, such as Google Analytics, are activated, which in turn may collect data under certain circumstances. Google Analytics itself sets cookies. You can find more information on this in the section “Web tracking measures”.

By implementing the Google Tag Manager, your IP address is transmitted to Google in anonymised form. This may also result in data being transferred to Google servers in the USA. We have concluded an order processing contract with Google in accordance with Art. 28 GDPR. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view Google’s certification here.

 

In the account settings of the Tag Manager, we have not allowed Google to receive anonymised data from us.

 

The storage duration of the integrated tracking tools, such as Google Analytics, depends on the tool used, which is loaded via the Google Tag Manager.

 

INTEGRATION OF external content

We embed videos on our websites that are not stored on our servers. To ensure that accessing our websites with embedded external content does not automatically result in the third-party provider’s content being loaded, we only display locally stored preview images of the maps in a first step. This means that the third-party provider does not receive any information.

Only after clicking on the preview image or granting consent via the cookie consent banner will content from the third-party provider be loaded. As a result, the third-party provider receives the information that you have accessed our site, as well as the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR, provided that you have previously given your consent by clicking on the preview image. If you have clicked on a preview image, the content of the third-party provider will be loaded immediately. If you do not want such reloading on other pages, please do not click on the preview images or revoke your consent for reloading via the cookie consent banner.

There is an adequacy decision for the USA, so that data can be transferred without further measures. You can view the certification of Google (YouTube) here.

 

Provider of the video service:

Google Ireland Limited/Google LLC (USA) (“YouTube”)

 

NEWSLETTER

You can subscribe to our newsletter via this website. The legal basis for data processing in the context of sending newsletters is your consent in accordance with Art. 6 para. 1 a) GDPR and Section 7 para. 2 no. 3 UWG. The purpose of data processing as part of the newsletter subscription is to inform our newsletter subscribers about offers, promotions, products and services.

If you register for the newsletter, we require your email address as mandatory information. You can provide your name voluntarily. After submitting the registration form, you will receive an e-mail from us with a confirmation link. If you click on the link contained therein, you are registered for the newsletter. You will be informed of this by another e-mail. By confirming your registration, you confirm your consent to the processing of your e-mail address and, if applicable, your first name. This ensures that no third party or unauthorised person subscribes to our newsletter (compliance with the double opt-in procedure). The legal basis for the confirmation email is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which lies in being able to prove that you have given your consent. The burden of proof for the controller is set out in Art. 5 (2) GDPR.

We generally exclude the transfer of data to third parties. We have commissioned the service provider sendinblue GmbH (Brevo), based in Germany, to send the newsletter and have concluded a contract for order processing in accordance with Art. 28 GDPR.

You can revoke your consent at any time with effect for the future by clicking the “Unsubscribe” button in the newsletters or you can also contact us at any time at our e-mail address. If you revoke your consent, your data will be deleted immediately; proof of revocation will be stored for a further three years so that we can fulfil our accountability obligation in accordance with Art. 5 Para. 2 GDPR. This storage is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

Success measurement: The success of newsletters is measured using a so-called “web beacon”, a small file that sends information to the server when the newsletter is opened. Technical data such as browser type, system information, IP address and retrieval time are recorded. This data helps to technically improve the service and to analyse the reading behaviour of the target group, for example based on the location (determined by the IP address) or access times. We also statistically record whether and when newsletters are opened and which links are clicked on. Although this information can technically be assigned to individual recipients, it is neither our aim nor that of the mailing service provider to observe individual users. Instead, these analyses are used to tailor the content to the reading habits of users and to send different content depending on their interests.

A separate revocation of the performance measurement is not possible; if you do not agree, the entire newsletter subscription must be cancelled.

 

ORDERS VIA THE ONLINE SHOP

Use of the shop system: We use the Spreadshirt shop system from sprd.net AG, based in Leipzig, Germany, to technically process the sale of our products.

Orders via the shop: When you place an order via our online shop, we only collect the data from you that is necessary to process the order. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. Your data is therefore processed for the purpose of fulfilling contractual obligations.

Commissioned shipment of goods: If the delivery address differs from the billing address, personal data of persons who do not order directly from our shop may also be processed. Experience has shown that these orders often serve as gifts. We have received your address from a person who gives you our products as a gift. Your address data therefore does not come from publicly accessible sources (Art. 14 para. 2 lit. f) GDPR). The legal basis for this data processing is the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR.

Payment options: You can pay by credit card or PayPal. To do so, you will be redirected to the website of the selected payment service provider. You can enter your payment details there and finalise the order. For this purpose, the specific payment amount is transmitted to the service provider used. Further information on the data processing carried out can be found in the information texts on the input screen/website of the service provider. You will also find further contact information there. Payment processing takes place directly via the selected payment service provider. The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.

You can also process your payments via the payment service provider “PayPal”. More information about PayPal: PayPal (PayPal (Europe) S.à.r.l. based in Luxembourg.  Data protection at PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Processing via the payment providers is neither legally nor contractually required. However, we cannot process a payment via the payment provider without the transmission of your personal data.

Storage period: We store your data for the fulfilment of the 10-year retention obligations.

Communication via the Zoom video conferencing system

We use the Zoom tool from Zoom Video Communications Inc. to hold telephone conferences, online meetings and video conferences. You can access the agreed appointments via a link provided by e-mail. You can enter my video room by clicking on the link. Before joining, you can decide for yourself whether you want to activate the transmission of your video. You are muted by default and you must manually enable your microphone if you wish. If you switch on your camera and/or microphone, this data will be processed during the meeting.

The following additional data may also be processed depending on the type and scope of the specific use:

  • Personal details (e.g. first and last name, email address, profile picture)
  • Meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address)
  • Device/hardware data (e.g. IP addresses, MAC addresses, client version)
  • Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)
  • Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

Your personal data may also be processed. This also depends specifically on your use, such as use of the chat or the whiteboard. We explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting.

The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external organisations the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the organisation of virtual communication.

The provider Zoom necessarily receives knowledge of the above-mentioned data, insofar as this is contractually regulated within the framework of our order processing contract in accordance with Art. 28 GDPR. There are no other recipients.

We cannot rule out the possibility that data may also be routed via Internet servers located outside the EU or the EEA. Zoom Voice Communications, Inc. is certified under the Data Privacy Act as an adequacy decision for the USA.

You are not obliged to communicate with us via Zoom. Alternatively, you can also communicate by e-mail or telephone.

We generally delete personal data when there is no need for further storage.

 

Data processing of donors

We also offer you the option of donating directly via our website. The legal basis for data processing is the donation contract pursuant to Art. 6 para. 1 lit. b) GDPR, which you enter into with us. The donations are collected by our service provider TWINGLE of the company Twingle GmbH based in Berlin, Germany. They are stored by us, whereby we only store them for as long as we reasonably deem necessary to achieve the purpose of fulfilling the contract and as permitted by applicable law. In any case, we store personal data for as long as statutory retention obligations exist, which is 10 years, or limitation periods for potential legal claims have not yet expired. If the storage of the data is no longer required for the purposes of the original collection (or in the context of a legally permissible change of purpose) and there are no legal provisions to the contrary, we will arrange for the data to be deleted.

 

Data processing of volunteer applicants and volunteers

You can send us your application documents by email to receive and manage your application and thus for the purpose of (possibly) establishing a volunteer position. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. As part of the application process, we only collect the data from you that is required to justify your voluntary work with us. Within our organisation, only those persons involved in the decision-making process will have access to your personal data.

If your application is successful, your personal data will be stored for the duration of your voluntary work. In addition, your tax-relevant data will be archived within the scope of the statutory retention periods after the end of your voluntary work. In the event of an unsuccessful application, your personal data will be deleted 7 months after the rejection.

 

Operation of social media presences

The following social media presences are operated by me

LinkedIn: https://www.linkedin.com/company/under-leas-trust/posts/?feedView=all

Instagram: https://www.instagram.com/underleastrust/

Facebook: https://www.facebook.com/underleastrust/

Instagram and Facebook are products of Meta Platforms Inc. (formerly Facebook Inc.): facebook.com/help/1561485474074139/?helpref=related

 

a) Maintaining the above-mentioned social media pages and placing ads (“adverts”)

The personal data entered on social media pages such as comments, videos, images, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place adverts via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

 

b) Page insights

The social media platforms provide anonymised statistics and insights that help us gain knowledge about the types of actions that people take on our site (so-called “page insights”). These Page Insights are created on the basis of certain information about people who have visited our site.

 

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our website.

 

This processing of personal data is carried out by the social media platform and us as joint controllers in accordance with Art. 26 GDPR. In the case of joint responsibility, a separate agreement must be concluded.

 

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

 

Instagram and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

 

If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please use the contact details above.

 

Note: The provision of your data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the email address provided above.

 

Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we only have limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterisation), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in compliance with data protection regulations. In many cases, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own privacy policy:

LinkedIn: https://de.linkedin.com/legal/privacy-policy?

Facebook: https://www.facebook.com/privacy/policy/?locale=de_DE

Instagram: help.instagram.com/519522125107875

When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries are certified by the European Commission with a so-called adequacy decision. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. Certifications in accordance with the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Instagram). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.

 

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we cannot switch it off. Please be aware of this: It cannot be ruled out that the provider of the social media platform may use your profile and behavioural data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

 

 

Rights of data subjects

In accordance with Art. 15 para. 1 GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject’s interest in objecting.

If the data processing is based on consent in accordance with Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) or Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

 

You also have the right to lodge a complaint with a data protection supervisory authority. The complaint can be lodged in particular with a supervisory authority in the EU Member State of your place of residence, your place of work or the place of the alleged infringement.

Contact details for the responsible data protection authority:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Phone: +49 30 13889-0
Fax: +49 30 215 50 50
E-mail: mailbox@datenschutz-berlin.de

 

 

No automated decision-making

We do not use automated decision-making or profiling.

 

Provision

Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract.  Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example.

 

This data protection information was created in cooperation with the consulting firm SCALELINE Datenschutz. The legal texts are subject to copyright.

en_USEnglish
de_DEDeutsch en_USEnglish