Below we inform you about the nature, extent and purpose of the processing of your personal data when using out website www.wechange.de (henceforth, ‘platform’). Personal data are all the information, which relate to an identified or identifiable individua
1. Responsible Person
The responsible person in accordance with the EU General Data Protection Regulation (GDPR) is the individual or legal entity, who, alone or together with others, makes decisions regarding the purposes and means of the processing of personal data. For the personal data processed whilst visiting our platform, the wechange e.G., c/o Thinkfarm, Oberlandstraße. 26-35, 12099 Berlin, Germany (henceforth, ‘provider’ or ‘we’) is the responsible party in accordance with GDPR.
We have named the lawyer Sven Gumbrecht (Puschkinstr. 15, 16225 Eberswalde, Germany, E-Mail: firstname.lastname@example.org) as the data protection officer.
2. When you visit our platform
When you visit our platform, our server gathers the following information from your terminal: browser type and version, operating system, the previously visited internet site (‘referrer’), IP address and time of the site view.
We gather and process this data, in order to ensure the smooth running of our platform and to recognise, to fend off and to pursue a misuse of our services. Furthermore, we use the gathered data for statistical purposes, in order to evaluate with which terminals and browser our platform is viewed, in order to continuously adapt and improve our offer on the basis of the users’ needs.
This data processing takes place on the basis of Article 6 Paragraph 1 Letter f of the GDPR. All of the technical data with personal reference mentioned in the first paragraph, we anonymise 30 days after collecting.
3. User Profile
When you create a user profile on our platform, we collect your e-mail address and a user name (pseudonym), freely chosen by you; without this data, we cannot create a user profile for you. Beyond that, you may voluntarily add further information to your user profile, for instance a profile photo.
When you have a user profile with us, we can, if requested, keep you informed about news from our platform. You can also change the settings in your user profile, to specify which notifications you wish to receive. You may revoke your consent at any time with future effect by adjusting the settings.
We retain the personal data associated with the user profile until the contractual relationship regarding the user profile has been ended with us. The legal basis for the processing of data in Article 6 Paragraph 1 Letter b of the GDPR.
4. Payment options
(1) Voluntary contribution
Depending on the offer, we can provide you with a variety of different payment methods. Depending on which method you choose, different data will be collected.
Your data will be stored on the basis of your consent (Art. 6 (1) lit. a GDPR). We will process this data solely for the purpose of processing payment and for the purpose of issuing and delivering invoices. You can revoke your consent at any time. To do so, an informal message sent to us via e-mail will be sufficient. The legality of data processing which has already occurred shall remain unaffected by this revocation.
Please note that we use the services of Better Payment Germany GmbH for the various payment options (listed below under (a) to (c)) (see below under Section 6 “Processors”).
(a) Direct debit (SEPA)
If you choose to pay by direct debit (SEPA), we will collect and process your name, first name, amount to be collected, e-mail address, postal address, name of account holder, IBAN and BIC.
(b) Credit card
If you choose to pay by credit card, we will collect and process your name, first name, amount to be collected, e-mail address, and postal address. Further payment data (credit card number, name of the cardholder, validity date and check number of the credit card) will be collected by Better Payment Germany GmbH (see below under item 6 “Processors”); this is not processed by us.
If you choose to pay by PayPal we will collect and process your name, first name, amount to be collected, e-mail address, and postal address. Further payment data (Papal log-in data) will be collected by Better Payment Germany GmbH (see below under Section 6 “Order processors”); this is not be processed by us.
Please note that the data processing that takes place when paying via PayPal is the sole responsibility of the operator of this service, PayPal (Europe) S.à r.l. et Cie, S.C.A. (see Section 6 “Processors” below). To make payment via PayPal, you will have to login with your access data in your user account at PayPal.
(2) Services against payment
If you wish to make use of services of our platform that are subject to a fee, we will collect your actual name or company name as well as your residential address or registered office in addition to the e-mail address and the user name. This data is indispensable for the conclusion of a contract with us; we will process this for the purpose of fulfilling the contract in accordance with Article 6 (1) lit. b GDPR. We will retain the stored data until all mutual claims arising from the contractual relationship have been finally settled and all commercial and tax retention periods have expired.
5. No automatized decision making, no profiling
When deciding on the conclusion of a contract, we forgo automatized decision making and profiling.
6. Data processor
For the operation of our platform, we make use of the following data processors in accordance with Article 28 of the GDPR:
- for web hosting: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany,
- for the processing of payments: Better Payment Germany GmbH, Rosenthaler Straße 34/35, 10178 Berlin, Germany,
- for the processing of payments: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg,
- to support our accounting in connection with paid services: Haufe-Lexware GmbH & Co. KG, Munzinger Str. 9, 79111 Freiburg, Germany.
When you write a post on our platform, for instance a discussion contribution or an event announcement, we save and publish your post in the corresponding place together with your username. You can determine in your user profile, which information from your user profile should be disclosed and to whom.
8. Contact Form and Communication via E-mail
When you send us a message via the contact form on our platform or via e-mail, we save your message with the sender data contained in it (name, e-mail address and, if applicable, further information added by your e-mail programme). To receive and save your messages, as well as sending our e-mails to you, we use the services of our web host (see above), who works for us as a data processor in accordance with Article 28 of the GDPR.
Legal basis for this data processing is our legitimate interest to answer your message and to be able to react to potential follow-up questions (Article 6 Paragraph 1 Letter f GDPR). We delete the data gather with your message at the very latest by the end of the calendar year, which follows the last communication with you regarding your concern, subject to the regulation in the following paragraph.
If you provide us with a legally relevant communication regarding an existing contractual relationship with us, the legal basis for its processing, regardless of how it was sent, is also Article 6 Paragraph 1 Letter b GDPR. In such a case, we delete the data connected with your explanation, as soon as all reciprocal claims from our contractual relationship are definitively settled and all commercial and tax legal retention periods have expired.
The e-mail servers used by us work with TLS and SSL, so that the transmission between your and our mail server is encrypted, if your e-mail provider also supports at least one of these encryption technologies. Also the data, which you submit in our contact form, is transmitted encrypted with SSL to our server.
When you have logged into your user profile, we deposit ‘Cookies’ on your terminal. These are small text files, with which we can recognise your terminal again, if you visit our platform again at a later point. This includes a cookie that remembers your login status and remains stored for 60 days after every login, so that you do not need to login with your data again during this period (login cookie).
With the help of other cookies, we can also prevent improper use of our services (cross-site cookie), as well as analyse certain user behaviour (web analysis cookie), for instance, which parts of our platform you use, how long you stay on our platform and when and how often you return to our platform. We do not deposit a web analysis cookie if you have activated the ‘Do not track’ option in your browser settings.
This data processing takes place on the basis of Article 6 Paragraph 1 Letter f GDPR in order to enable you a safe and comfortable operation of our platform, in order to align our platform even better with the interests of our visitors and the technology they use (terminals and browser types), and to analyse and optimise the technical functions of our website and the efficiency of any possible advertising.
A deposited cookie expires at the latest twelve months after your last visit to the platform, which means, that your terminal automatically deletes it after the expiry of this time.
You can prevent the depositing of cookies by going to the cookie settings of your internet browser and object to the depositing of cookies for our platform or generally for all websites. There you can also delete previously deposited cookies.
10. Your Rights
Regarding the personal data, which we process about you, you have the following rights:
You have the right to demand a confirmation from us, as to whether we are processing your personal data. If this is the case, we will share with you the saved personal data about you and further information in accordance with Article 15 Paragraph 1 and 2 GDPR.
You have the right to correct any incorrect personal data concerning you without delay. In consideration of the purposes of processing, you also have the right to demand the completion of incomplete personal data – also via a supplementary communication.
You can demand the immediate deletion of personal data concerning you under the provisions of Article 17 Paragraph 1 GDPR, if their processing is not required by Article 17 Paragraph 3 GDPR.
You may require us to restrict the processing of your data, if one of the requirements from Article 18 Paragraph 1 GDPR exists. You can particularly request a restriction instead of a deletion.
We will share every amendment to or deletion of your personal data and a restriction of the processing with all recipients, with whom we have disclosed your personal data, unless this proves to be impossible or is associated with a disproportionate effort. We will also inform you about these recipients, if you demand it.
You have the right to receive the personal data which you have provided us in a structured, accessible and machine-readable format and you may request, that we transmit this data to another responsible person, in as far as this is technically possible.
In as far as data processing is based on your consent, you have the right to withdraw your consent at any time. By withdrawing your consent, the lawfulness of the data processing that has taken place until your withdrawal is not affected.
RIGHT TO OBJECT: FOR REASONS THAT RESULT FROM YOUR SPECIFIC SITUATION, YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME; this right to object exists with regards to the processing of data, which, on the basis of Article 6 Paragraph 1 letter f GDPR, protects legitimate interests on our part or a third party, so far as your interests or fundamental rights and freedoms, which the protection of personal data demands, do not outweigh it. If you exercise your right to object, we will no longer process the data in question, unless we can prove compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or that the processing serves the enforcement, exercise or defence of legal claims.
IN THE CASE THAT WE PROCESS PERSONAL DATA FOR DIRECT MAILING (FOR INSTANCE, NEWSLETTER), YOU CAN OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE CONSEQUENCE THAT WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.
When you are of the opinion, that the processing of your personal data violates the GDPR, you can lodge a complaint with a regulatory authority, particularly in the state of your place of residence, your workplace or the location of the alleged violation. This does not exclude other administrative or legal challenges.
For us, the locally responsible supervisory authority for data protection is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin.
Current as of: 16.12.2019