Privacy Policy

This Privacy Policy clarifies the use, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online performance likewise on our websites, online features and content associated with them, as well as social media profiles (collectively referred to as "social media"). With regard to the terminology used, e.g. "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

AIDS Action Europe
c/o Deutsche AIDS-Hilfe e.V.
Wilhelmstr. 138
10963 Berlin, Germany
E-Mail: info@aidsactioneurope.org

Chief Executive Officer: Silke Klumb
Responsible concerning the Privacy Policy: Shabnam Abdullayeva shabnam.abdullayeva@aidsactioneurope.org

Types of processed data

  • Inventory data (e.g., names, addresses)
  • Contact information (e.g., e-mail)
  • Content data (e.g., text input, pictures)
  • Usage data (e.g., websites visited, interest in content, access times)
  • Communication data (e.g., device information, IP addresses).

Processing purpose

  • Provision of the online performance, its features and contents.
  • Replying on requests and communicating with users.
  • Safety measures.
  • Reach Measurement.

Used terms

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means associated with personal data. The term goes far and includes practically every handling of data.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases

According to Art. 13 GDPR we inform you about the legal basis of our data processing. Unless the legal basis is not stated in the privacy policy, following applies: The legal basis for collecting consents is Art. 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing and fulfilment our services and processing contractual measures, as same as reply on requests is Art. 6 (1) lit. b. GDPR, the legal basis for fulfilling our legal obligations is Art. 6 (1) lit. c. GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6 (1) lit. f. GDPR. In case essential interests of affected person or other natural person requires the processing of personal data, we refer to Art. 6 (1) lit. d. GDPR as legal basis.

Collaboration with processors and third parties

If we disclose, transmit or otherwise grant access to data to other persons and companies (contract processors or third parties) while processing, it happens only on the basis of a legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) lit. b. GDPR to fulfill the contract). Therefore you have consented to a legal obligation or based on our legitimate interests (e.g. the use of webhosts, etc.).

Third parties can only process data on the basis of a so-called "job-processing contract" on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, it will happen only for the reason to fulfill our (pre) contractual obligations, which is on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country, happen only in the presence of the special conditions of Art. 44 et seq. GDPR. The processing of data occur based on specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized contractual obligations (so-called "standard contractual clauses").

Rights of data subject

You have the right to obtain from the controller confirmation as to whether data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.

You have accordingly to Art. 16 GDPR the right to have the incomplete personal data completed or to obtain the rectification of inaccurate personal data.

In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted undue delay or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.

You have the right to receive data referring to you, which you have provided to us, in accordance with Art. 20 GDPR and to request their transmission to other responsible persons.

You have according to Art. 77 GDPR the right to lodge a complaint with the competent supervisory authority.

Withdrawal

You have the right to withdraw your consent in accordance with. Art. 7 (3) GDPR with effect for the future.

Right to object

You have the right to object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.

Cookies and right to object in direct mail

“Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after their visit to a website. Temporary cookies, like "session cookies" or "transient cookies", are cookies that are deleted after a user leaves the website and closes his browser. Such cookies store contents of a shopping cart in an online store or a log-in session. The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the log-in status will be still saved if users visit it after several days. Likewise, such a cookie can store the interests of a user, which are used for range measurement or marketing purposes. The "third-party cookie" is offered by providers other than the person responsible for the online offer (otherwise, if there are just the cookies of the person responsible they are called "first-party cookies").

We can use temporary and permanent cookies and clarify this in the context of our privacy policy.

If users do not want cookies stored on their computer, they can disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this website.

A general objection to the use of cookies used for online marketing purposes are explained in a variety of services, especially in the case of tracking, via US-based website http://www.aboutads.info/choices/ or the EU-based website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that not all features of this website may be used in such a case.

Right to erasure

The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us is deleted as soon as you it is no longer required for their purpose and the erasure does not conflict with any statutory storage requirements.

If the data is not deleted because it is required for other and legitimate purposes, its processing will be restricted. In this case, the data is blocked and will not be processed for other purposes. This applies, for example for data that must be kept for financial, commercial or tax reasons.

According to legal information in Germany, the retention ensue in particular for 6 years pursuant to § 257 paragraph 1 HGB (“Handelsgesetzbuch”: trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and § 10 paragraph 1 AO (books, records, management reports, and other), and 10 years pursuant to § 147 Abs. 1 AO (“Abgabenordnung”: books, records, management reports, accounting records, trade and business letters, tax documents, and others).

Hosting

We host our website to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services, which we use to operate on the website.

We, respectively our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our online service on the basis of our legitimate interests in an efficient and secure provision of our website according to Art. 6 (1) lit. f GDPR in connection to Art. 28 GDPR (in conclusion of a job-processing contract).

Collection of access data and log files

We, respectively our hosting provider, collects based on our legitimate interests, according to Art. 6 (1) lit. f GDPR, data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be excluded from the erasing until the final clarification of the incident.

Google analytics

As part of the Google analytics range analysis the following data is processed, based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online performance as defined in Art. 6 (1) lit. f GDPR): the type of browser you use and the browser version, the operating system you are using, your country of origin, the date and time of the server request, the number of visits, how long you have spent on the site, and the external links you have activated. The IP address of the users is anonymized before being saved.

Google analytics privacy policy: https://policies.google.com/privacy

Google analytics uses cookies that are stored on users' computers and that allow an analysis of how users use our website offer. In this case, pseudonymous usage profiles can be created from the processed data. The cookies have a retention period of one week. The information generated by the cookie about your use of this website will only be stored on our server and will not be passed on to third parties.

Social media

We maintain online performance within social media in order to communicate with members, partners and other active users active and to inform them about our work. When opening our profile at the social media platforms, the terms and conditions and data processing guidelines apply of the social media operators.

The users' data is processed as long as they communicate with us within social networks and platforms, e.g. writing posts on our social media profile or send us messages, unless otherwise stated in our privacy policy.

Google ReCaptcha

We use Google “ReCaptcha” to detect bots, e.g. when entering into online forms. "ReCaptcha" us provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Twitter

Within our website, feature content of Twitter services may be incorporated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These are content such as images, videos, or text and buttons that users use to promote their content, subscribe to content creators, or subscribe to our posts. If users are registered members of Twitter, Twitter may collect the performance content and features to this users’ profile. Privacy Policy of Twitter: https://twitter.com/en/privacy. Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Opt-Out: https://twitter.com/personalization.

Berlin, June 2023