Data Protection Policy
1) Preamble
The following paragraphs establish what data will be processed, when, for what purpose, and on what legal basis. We explain how our offered services work and how we ensure the protection of your personal data.
All definitions refer to the General Data Protection Regulation (GDPR).
In accordance with Art. 4(1) of the GDPR, personal data mean any information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified, either directly or indirectly.
This data privacy statement can be accessed at https://www.rosalux.de/en/impressum/data-protection-policy/, as well as saved and printed anytime.
You have the right to object pursuant to Art. 21 of the GDPR, insofar as we state our legitimate right or a legitimate right of a third party (Art. 6(1) point (f) of the GDPR) to be the legal basis for the processing of personal data:
Pursuant to Art. 21 of the GDPR you are entitled to object to the processing of personal data at any time. We will then no longer use your personal data for purposes of direct marketing or the associated profiling.
Upon your objection we will no longer use your personal data for other purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests or for the establishment, exercise or defence of legal claims (see Art. 21(1) of the GDPR on your “restricted right to object”). In this case you must provide grounds for the objection that result from your special situation.
You can also object to the processing of your personal data on grounds relating to your special situation where those personal data are processed for scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest (see Art. 21(6) of the GDPR).
This data privacy statement aims to provide a complete overview of the data processing and therefore contains several links to information and privacy policies on external websites (see also section “Social Networks and External Links” of this data privacy statement). We attempt to keep the links in this data privacy statement up-to-date. However, we cannot guarantee that all links work properly due to continuous updates of those websites. If you notice an invalid link, please let us know so that we can insert the correct link.
2) Controller
Rosa-Luxemburg-Stiftung
Gesellschaftsanalyse und politische Bildung e.V.
Straße der Pariser Kommune 8A
10243 Berlin, Germany
Phone: (+49-30) 443-100
Fax: (+49-30) 4431-0230
E-mail: info@rosalux.org
Internet: www.rosalux.de
is the controller for the processing of personal data within the meaning of Art. 4(7) of the GDPR.
Authorized representative of the board of directors:
Daniela Trochowski (Executive Member of the Board of Directors of the Rosa Luxemburg Stiftung)
4) Data Subject Rights
You have the following rights:
- Right of access (Art. 15 of the GDPR)
- Right to rectification (Art. 16 of the GDPR)
- Right to erasure (Art. 17 of the GDPR)
- Right to restriction of processing (Art. 18 et seq. of the GDPR)
- Right to data portability (Art. 20 of the GDPR)
- Right to object (Art. 21 of the GDPR)
For related queries send an e-mail to datenschutz@rosalux.de . Please note that we have to ensure that you are indeed the data subject making the request.
Without prejudice to any other administrative or judicial redress, you are also entitled to appeal to the data protection supervisory authority.
There is no automated decision making on our website.
5) Data Security
We use technical and organisational measures in order to protect our website and other systems against loss, destruction, access, modification, or distribution of your data by unauthorised persons. However, despite regular checking, we cannot guarantee complete protection against all risks.
6) General Information: Provision of our Statutory and Contractual Services
We process the data of our members, supporters, interested parties, customers and other persons in accordance with Art. 6(1) point (b) of the GDPR, if we offer contractual services or act through our business relationships, such as with members, or if we receive services or benefits. In addition, we process data of data subjects in accordance with Art. 6(1) point (f) of the GDPR on the basis of our legitimate interests, e.g. for administrative tasks or public relations.
The data concerned, the nature, scope and purpose, and the requirement of the processing depend on the contractual relationship (e.g. event registration). This includes the persons’ inventory and master data (e.g. name, address etc.) and contact data (e.g. e-mail address, phone etc.), contractual data (e.g. services used, content and information provided, names of contacts) and – if we provide payable services or products – payment data (e.g. bank details, payment history etc.).
We delete data that are no longer required for the provision of statutory and contractual purposes. This is determined by the respective tasks and contractual relationships. In the case of business-related processing, we retain any relevant data for as long as it is necessary to process our business transactions or with regard to any warranty or liability obligations. The requirement to retain data will be reviewed every three years. In addition, the statutory data retention obligations apply.
Server log files
Every time you access our website your device’s system will automatically collect data and information that are stored in server log files. These data are information that refers to an identified or identifiable natural person (the website user in this case). Every time you access our website, your browser automatically transfers the data to our website. These data include the following information:
- The time you accessed our website (request to the host provider’s server),
- URL of the website from which you accessed our website,
- Your operating system,
- Type and version of the browser you use,
- Your computer’s IP address.
The purpose of this processing is to enable you to access our website with your device and to correctly display our website on your device or your browser. The data also serve to optimise our website and ensure system security. We will not evaluate those data for marketing purposes.
The legal basis for the processing is Art. 6(1) point (f) of the GDPR. We have a legitimate interest in optimising our website for your server and enabling communications between our server and your device. To ensure the latter, the processing of your IP address is required in particular.
The processed information will be stored only as long as it is necessary for the intended purpose or as legally required.
The data recipient is our server host, who carries out the data processing on our behalf.
The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. However, if you do not provide your personal data you will not be able to use our website, or at least not in its entirety, as a result.
Cookies
Our website uses cookies. A cookie is a text file that is stored on your device in order to make the use of a website more user-friendly. Cookies may store information and settings on a website so that you do not need to re-enter them every time you use the website. Cookies contain a cookie ID, which allows for the assignment of the device on which the cookie is stored. We use the following cookies:
- Cookies that contain a randomly generated, specific identification number that enables your identification or identification of your device whilst you visit our website. These cookies will be automatically deleted at the end of your visit.
- Cookies that contain a randomly generated, specific identification number that enables your identification or identification of your device on our website. These cookies will be automatically deleted after one year.
The purpose of the processing is to make your use of our website more user-friendly and allow you to store your settings.
The legal basis for the processing is Art. 6(1) point (f) of the GDPR. We have a legitimate interest in providing a website that saves your personal settings and facilitates your visit to our website.
Right to Object
You have the right to object. You can restrict the placement of cookies or completely disable them in your browser settings. You can also configure automatic deletion of cookies when you close the browser window.
Here you find more information on how to delete cookies in the most commonly used browsers and how to change cookie settings:
Google Chrome: Website
Mozilla Firefox: Website
Apple Safari: Website
Microsoft Internet Explorer: Website
Microsoft Edge: Website
The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. However, if you do not provide your personal data you may not be able to use our website, or at least not in its entirety, as a result.
Other services we use also use cookies. We expressly refer to the use of cookies in the individual services.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done when we use third-party services or for the disclosure or transfer of data to third parties, this is done only if required for the fulfilment of our (pre)contractual duties, on the basis of your approval, a legal duty or our legitimate interests. Subject to legal or contractual permissions, we process data or have data processed in a third country only if the special requirements of Art. 44 et seqq. of the GDPR are met. Accordingly the data are only processed on the basis of special guarantees, such as the officially recognised establishment of a data protection level that corresponds to EU requirements (e.g. the Privacy Shield for the US) or the observance of officially recognised contractual obligations (“standard contractual clauses”).
7) Privacy Policy for Applications
We only process applicant data in line with statutory requirements for the purpose and within the framework of the application procedure. Applicant data are processed to fulfil our (pre)contractual obligations within the framework of the application procedure within the meaning of Art. 6(1) points (b) and (f) if the data processing is required, for example, as part of legal procedures (Sec. 26 of the German Federal Data Protection Act applies in addition in Germany).
The application procedure requires applicants to provide us with applicant data. Mandatory applicant data are highlighted, provided that we use an online survey or are otherwise included in job postings. In general, they include personal details, mailing address and contact data as well as documents associated with the application such as the cover letter, curriculum vitae and certificates/letters of recommendation. Applicants can also send us additional information on a voluntary basis.
By sending us an application, applicants agree to the processing of their data for the purpose of the application procedure according to the manner and scope stipulated in this data privacy statement.
If during the application procedure, special categories of data personal data within the meaning of Art. 9(1) of the GDPR are provided voluntarily, they can be processed only in accordance with Art. 9(2) point (b) of the GDPR (e.g. health data, severe disability or ethnic background).
If during the application procedure, special categories of data personal data within the meaning of Art. 9(1) of the GDPR are provided voluntarily, they can be processed only in accordance with Art. 9(2) point (a) of the GDPR (e.g. health data if they are necessary for the job).
Applicants can send us their applications using the online form on our website. The data will be encrypted using the latest technology and transferred to us.
Applicants can also send us their applications by email. However, we note that e-mails are generally not encrypted and applicants must provide the encryption themselves. We are not responsible for the transfer of the application from the sender to our server and therefore recommend using the online form or regular mail. Applicants can still send us their application by mail, in addition to the application using the online form and e-mail.
We may further process the data provided by successful applicants for the purpose of the employment relationship. If an application is not successful we will delete the applicant data. We will also delete applicant data in case of the revocation of the application, to which applicants are entitled at any time.
Subject to a justified revocation received from the applicant, data will be deleted after the end of a period of six months so that we are able to respond to any follow-up questions of the application and fulfil our burden of proof under the German Equal Treatment Act (Gleichbehandlungsgesetz). Travel reimbursement receipts will be stored according to tax specifications.
8) Talent Pool
For the purpose of applications we offer applicants to be included in our talent pool for a period of 2 years on the basis of their consent within the meaning of Art. 6(1) point (b) and Art. 7 of the GDPR.
The application documents in the talent pool will only be processed during future job vacancies and the associated recruitment processes. They will be destroyed after expiry of the term at the latest. Applicants will be informed that their consent to the inclusion in the talent pool is voluntary and does not influence the current application procedure and that they can revoke this consent at any time for the future and have the right to object within the meaning of Art. 21 of the GDPR.
9) Use of YouTube
We use YouTube videos and YouTube plug-ins on our website. YouTube is a service of YouTube, LLC (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, US, and is provided by YouTube. YouTube, LLC is a subsidiary of Google, Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, US.
We have integrated YouTube by embedding the service on our website using iframe tags. If an iframe tag is loaded, YouTube or Google may collect and process information (including personal data). We cannot exclude that YouTube or Google will transfer the information to a server in a third country.
We do not collect any data when you view a YouTube video on our website.
We have integrated YouTube to present you several videos that you can view directly on our website.
The legal basis for this type of processing of personal data is Art. 6 (1) point (f) of the GDPR. The legitimate interest required for this lies in the great benefit that YouTube offers. By including external videos we decrease the load on our servers and can use those resources for other purposes. Among other things, this can increase the stability of our servers. YouTube or Google also has a legitimate interest in the (personal) data collected in order to improve their own services.
The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. However, if you do not provide your personal data you may not be able to use our website, or at least not in its entirety, as a result.
For more information, refer to YouTube’s or Google’s privacy policies at www.google.com/policies/privacy/.
To learn more about Google’s privacy settings, visit https://privacy.google.com/take-control.html?categories_activeEl=sign-in.
10) MyFonts Counter
Script code from MyFonts, Inc., 500 Unicorn Park Drive, Woburn, MA 01801, US (hereinafter “MyFonts”) is downloaded from our site because we use a font from this provider on rosalux.de (pay per view). Your browser may transfer personal data to MyFonts if you have JavaScript activated in your browser and no JavaScript blocker installed. We do not know what data MyFonts links to the data received and for what purposes MyFonts uses this data. To fully prevent the execution of JavaScript code by MyFonts you can install a JavaScript blocker (e.g. www.noscript.net). Further information on data protection at MyFonts can be found under the following link: https://www.myfonts.com/info/legal/#Privacy
11) Use of the Registration Function
You have the possibility to create a user account on our website.
We process the data entered in the input fields as part of registration.
The following data are mandatory:
- E-mail address
- Password
- Title
- First name
- Last name
- Street address
- Postal code
- City
- Country
You can also add further voluntary data such as:
- Phone number
- Organisation
- Additional address information
Mandatory and voluntary information is treated equally. The mandatory information is necessary to create a user account for you.
When sending the registration, the following data will also be processed:
- Your IP address
- Date and time of the sender
Registration is carried out according to the double opt-in procedure.
After registration you will receive an activation link to the e-mail address you provided. Please confirm or activate this link. This ensures that the e-mail address entered on our website is in fact your e-mail address. If the confirmation or activation link is not used, you will not be registered and the confirmation or activation link becomes invalid. You will then have to register again, as the registration data is deleted when an e-mail address is not confirmed.
If you click the activation link, the following data is processed as part of the double opt-in:
- Your IP address
- Send date and time
The purpose of the processing of personal data is to provide users with their user account. The purpose of processing the double opt-in data is to prevent misuse of the registration process and to ensure you have read the privacy policy.
The legal basis for this type of processing of personal data is Art. 6(1) point (f) of the GDPR. We have a legitimate interest in providing you with a user account and thereby making your use of our website more user-friendly. We also have an interest in the processing of your double opt-in data in order to prevent misuse of our function. In addition, we have a legitimate interest in logging the registration in order to have documentation that you accept the data privacy statement.
Right to object
You have the right to object. You can deactivate or delete your user account at any time.
You can also send or inform us of your objection at any time (e.g. via e-mail to online-redaktion@rosalux.de).
The information processed is only stored for as long as it is necessary or as legally required for the intended purpose.
The data recipient is our server host, who carries out the data processing on our behalf.
The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. Without the necessary information, however, we cannot open a user account for you.
12) OpenStreetMap via leafletjs.com
We integrate maps of the OpenStreetMap service (https://www.openstreetmap.de), which is provided by the OpenStreetMap Foundation (OSMF) on the basis of Open Data Commons Open Database Licence (ODbL). Privacy policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
As far as we know, OpenStreetMap will only use user data for the purpose of displaying the map functions and temporarily storing the selected settings. These data may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually on the basis of their mobile device and browser settings).
The data may be processed in the US. For further information, refer to the privacy policy of OpenStreetMap: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
13) Audience metrics using Matomo
As part of the audience analysis by Matomo (formerly Piwik) the following data are processed on the basis of our legitimate interests (i.e. interest in analysing, optimising and operating our online offer within the meaning of Art. 6(1) point (f) of the GDPR): the browser type and version as well as the operating system you use, your country of origin, the date and time of the server request, the number of visits, your time spent on the website and the external links you clicked. The IP address of the users is anonymised before it is stored.
Matomo uses cookies that are stored on the user’s computer and enable us to analyse the users’ use of our online offer. The processed data serve to create pseudonymised user profiles. The cookies are stored for one week. The information generated by the cookie about your use of this website will only be stored on our server and will not be passed on to third parties.
Users can object to the anonymised data collection by the Matomo program at any time with effect for the future by clicking the link below. In this case, an opt-out cookie is stored in your browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, it means that the opt-out cookie is also deleted and must therefore be activated again.
The logs with user data will be deleted after 6 months at the latest.
14) Newsletter
We want to inform you about the contents of our newsletter as well as the registration, distribution and statistical evaluation procedure and your rights to object with the following information. By subscribing to our newsletter, you agree to receiving it and the described procedures.
Newsletter content: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletters”) only with the recipients’ consent or a legal permission. If the contents of a newsletter are specifically described within the scope of a registration, they are decisive for user consent. In addition, our newsletters contain information about our products and accompanying information (e.g. safety information), offers, promotions and our company.
Double opt-in and logging: You register to receive our newsletter by means of the double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent other persons from logging in with other e-mail addresses. Subscriptions to the newsletter are logged to fulfil our statutory burden of proof with regard to the registration process. This includes the storage of the login and confirmation time, as well as the IP address. Changes to your data stored with the service provider for newsletter distribution are also logged.
Registration data: You only need to enter your e-mail address to subscribe to our newsletter. Optionally we ask you to provide a name so we can address you in the newsletter.
Distribution of the newsletter and the performance measurement associated with it are based on the recipient’s consent in accordance with Art. 6(1) point (a) and Art. 7 of the GDPR in connection with Sect. 107(2) of the German Telecommunications Act or, if no consent is required, on the basis of our legitimate interests in direct marketing in accordance with Art. 6(1) point (f) of the GDPR in connection with Sect. 107(2) and (3) of the German Telecommunications Act.
The registration procedure is logged on the basis of our legitimate interests in accordance with Art. 6(1) point (f) of the GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves both our business interests and complies with the expectations of users, and also allows us to prove consent.
Cancellation/revocation: You can unsubscribe from our newsletter at any time, i.e. revoke your consent. You will find a respective link at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of these data is limited to a possible defence against claims. An individual request for deletion is possible at any time, provided that at the same time the previously given consent is confirmed.
15) Newsletter Distribution Service Provider
The newsletter is distributed by the service provider COMDOK GmbH, Eifelstr. 14, 53757 Sankt Augustin, Germany. You can find the provider’s privacy policy at https://comdok.de/datenschutz. We have commissioned the provider on the basis of our legitimate interests in accordance with Art. 6(1) point (f) of the GDPR and an order processing agreement pursuant to Art. 28(3) sent. 1 of the GDPR.
The service provider can use the recipient’s data in pseudonymised form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the distribution and presentation of the newsletter or for statistical purposes. However, the service provider will not use the data of our newsletter recipients to write them or to pass the data on to third parties.
16) Use of Comment and Chat Functions
Our website offers various comment and chat functions that you can use to comment on our offers or to contact other users. If you use this function, we will process the data entered in the input fields.
If you are not registered and logged in with us, this applies to the following data:
Mandatory information:
- Name
- Information derived from the message body
You can also voluntarily add further data, which will potentially affect the following data:
We will process your profile data if you are registered and logged in with us. Only your profile name will be shown in your posts.
Mandatory and voluntary information is treated equally. The mandatory information is necessary to enable us to verify your posts and assign them to the specific author.
When you send a message, we will process the following data:
- Your IP address
- Send date and time
The purpose of processing the data is to allow you to share information with our community and make helpful comments on the respective offers and to enable us to offer a dynamic website in which the community is closely involved. The other personal data processed during the sending process serve to prevent misuse of our functions.
The legal base for this type of processing of personal data is Art. 6(1) point (f) of the GDPR. We have a legitimate interest in offering attractive and up-to-date information/offers to users. In addition, we have a legitimate interest in knowing what our users think and where they see opportunities for improvement.
The personal data is only processed for as long as it is necessary to provide the function.
Right to object
You can send or inform us of your objection at any time (e.g. via e-mail to online-redaktion@rosalux.de). In addition, you may independently remove any comments you have made on the website as a registered user.
The data recipient is our server host, who carries out the data processing on our behalf. The provision of personal data is not mandatory, neither legally nor contractually, and is also not required to conclude contracts. You are also not obliged to provide personal data. However, if you do not provide your personal data you may not be able to use all functions, or at least not in their entirety, as a result.
17) Social Share Function
The social media buttons of Twitter, Facebook, Google+ and Diaspora do not automatically transmit data to the service provider when you visit the website. No use-specific data are transmitted to the provider if you click the share button.
In addition to this website, we are also present in various social media networks, which you can access via corresponding buttons on our website. If you visit such a social media site, personal data may be transferred to the provider of the social network. In addition to storing the data you have entered in this social media network, the social media network provider may also process other information.
In addition, the social media network provider may process the most important data of the computer system from which you visit it such as your IP address, processor type and browser version used, including plug-ins.
This network can assign the visit to this account if you are logged in with your personal user account of the respective network while visiting such a website.
The purpose and scope of the data collection by the respective social media network as well as the further processing of your data there and your rights in this regard can be found in the respective regulations of the responsible party.
Facebook: https://www.facebook.com/about/privacy/
Twitter: https://twitter.com/en/privacy
Instagram: https://help.instagram.com/155833707900388
Google: https://policies.google.com/privacy?hl=en-GB
Flickr: https://policies.oath.com/ie/en/oath/privacy/index.html
Soundcloud: https://soundcloud.com/pages/privacy
Please note that our website contains further links to external third-party websites. We have no influence on the processing of data on these third-party websites.
18) Changes to the Data Privacy Statement
We may need to adapt this data privacy statement due to legal changes or changes to our internal processes..
Status: 28.12.2020