(Status: 04/2020) 

The provisions of the EU’s General Data Protection Regulation (hereinafter GDPR) apply throughout Europe. We hereby notify you of the processing of personal data performed by our company in accordance with this Regulation (cf. Art. 13 and 14 GDPR). If you have any questions or comments regarding this privacy policy, please feel free to send them to the email address indicated in Section 2 or 3 at any time.

Table of contents:

I. Overview

1. Scope of application
2. Controller
3. Data Protection Officer
4. Data security

II. Data processing specifics

1. General information on data processing
2. Website/application views
3. Job applications
4. Registrations
5. Access control
6. Establishing contact by email
7. Tracking

III. Data subject’s rights

1. Right to object
2. Right of access
3. Right to rectification
4. Right to erasure (‘right to be forgotten’)
5. Right to restriction of processing
6. Right to data portability
7. Right to withdraw consent
8. Right to lodge a complaint

IV. Glossary




This section of the privacy policy provides details of its scope of application, the data processing controller, their Data Protection Officer and data security.


The data processing performed by WABE e.V. can essentially be divided into two categories:

  • For the purposes of contract processing, all the data required for executing a contract with WABE e.V. is processed. If external service providers are likewise involved in contract processing, your data shall be shared with these to the extent necessary in each case.
  • When you view WABE e.V.’s website/application, various information is shared between your terminal and our server. This may include personal data. The information gathered in this way is used among other things to optimise our website.

This privacy policy applies to the following offerings:

  • Our website, which can be found at www.wabe-hamburg.de
  • Whenever you are directed to this privacy policy by one of our offerings (e.g. websites, subdomains, mobile applications, web services or our incorporation into third-party websites), irrespective of how you view it or use it.

These offerings are hereinafter also jointly referred to as services.


The data processing controller, i.e. the party responsible for selecting the purposes and means of the processing of personal data in relation to these services, is:

WABE e.V. Poppenhusenstr. 12 
22305 Hamburg 
Tel: +49 40 30 39 09 - 6 
E-Mail: datenschutz@bitte nicht bespammenwabe-hamburg.de


You can contact our Data Protection Officer as follows:

Contact form:


Dipl.-Kfm. Marc Althaus 
Frapanweg 22
22589 Hamburg 


To develop the measures required in accordance with Art. 32 GDPR and thus to achieve a level of protection which is commensurate to the risks, our company operates on the basis of the VdS 3473 information security standard.

The VdS 3473 – Cyber-Security for Small and Medium-sized Enterprises (SMEs) standard established by VdS Schadenverhütung GmbH contains rules for and guides to implementing an information security management system as well as concrete measures for the organisational and technical security of IT infrastructures. It is designed to guarantee that an appropriate level of protection is achieved.


This section of the privacy policy provides detailed information on the processing of personal data in relation to our services. For reasons of clarity, this information is broken down according to the different functions of our services. Various functions and therefore also various types of processing may take effect either consecutively or simultaneously in the course of the normal use of our services.


Unless stated otherwise, the following shall apply to all the types of processing presented here:

a. No obligation of provision

You are nether contractually nor legally obliged to provide us with your personal data. There is no obligation for you to provide data.

b. Consequences of non-provision

The consequence of failure to provide data which is required (data marked as mandatory information when being entered) is that the service in question can then not be provided. Failure to provide data can otherwise result in it not being possible for our services to be provided in the usual form and at the usual quality.

c. Consent

In various cases, you have the option of granting us your consent to further processing in relation to the types of processing presented below (in some cases for parts of your data). In this case, upon your submitting a declaration of consent, we shall notify you separately of all the terms and the scope of your consent as well as of the purposes pursued by us with this data processing.

d. Transfer of personal data to third countries

When we transfer data to third countries, i.e. countries outside of the European Union, we do so while observing the statutory conditions at all times. These conditions are set out in Art. 44–49 GDPR.

e. Hosting with external service providers

We process data to a large extent with the involvement of so-called hosting service providers that provide us with storage space and processing capacities within their data centres and also process personal data on our behalf as instructed by us. These service providers process data either exclusively in the EU or we can guarantee an appropriate level of protection on the basis of the EU’s standard data protection clauses.

f. Transfers to state authorities

We transfer personal data to state authorities (including law enforcement authorities) if necessary in order to comply with a legal obligation (legal basis: point [c] of Art. 6 [1] GDPR) or if required for the assertion, exercising or defence of legal rights (legal basis: point [f] of Art. 6 [1] GDPR).

g. Data retention period

We retain your data for as long as is necessary for the respective processing purposes. If data is no longer required to comply with contractual or legal obligations, it is regularly erased insofar as its temporary retention is not necessary. This may be necessary for the following reasons, for example:

  • Compliance with commercial law or tax law record retention obligations
  • The preservation of evidence for legal disputes in accordance with the statute of limitations

We may also continue to retain your data if you have explicitly consented to our doing so.

h. Categories of recipients

In addition to the recipient categories listed below, personal data is also transferred to the following categories of recipients: dispatch service providers, telephone and fax service providers.

i. Data categories

  • Personal master data: Title, form of address/gender, first name, surname, date of birth
  • Address details: Street, building number, any additional address specifiers, postcode, town/city, country
  • Contact details: Telephone number(s), fax number(s), email address(es)
  • Access data: Date and time of the visit to our service; the website from which the accessing system arrived at our website; the web pages viewed during the visit; session ID information; also, the following information regarding the accessing computer system: the Internet protocol (IP) address used, the browser type and version, the device type, the operating system and similar technical information.
  • Application details: Curriculum vitae, references, supporting documents, work samples, certificates, pictures, feedback box for public relations
  • Data pursuant to Art. 9 GDPR: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
  • Care data: Starting date of care, care duration, comments
  • Picture data: Portrait photos


This section explains how we process your personal data when you view our services. Please note in particular that our sharing access data with external content providers (see b. below) is imperative due to the technical functioning of information transfer over the Internet.


Your personal data will be processed as follows in an ongoing recruitment process:



Your personal data will be processed as follows in an ongoing registration process:

As part of the registration process, WABE e.V. links the WABE day care centres in Schleswig-Holstein with KitaPortal Schleswig-Holstein, the state-wide day care centre database of Schleswig-Holstein’s Ministry of Social Affairs, Health, Youth, Family and Senior Citizens in 24143 Kiel.

Please refer to the database’s data privacy notice, which can be found at: https://www.kitaportal-sh.de/de/datenschutz.


The following information outlines how your personal data is processed if you use an access card as a person authorised to collect a child.




How we process your personal data if you contact us by email:


Below, we explain how we process your personal data with the help of tracking technologies to analyse and optimise our services and for advertising purposes.

The description of the tracking procedures also includes information about how you can prevent or object to data processing. Please note that such as opt-out from data processing is generally logged with the help of cookies. You will need to reinstate your opt-out if you use our services on a new terminal or in an alternative browser or if you have deleted the cookies stored by your browser.

The tracking procedures presented here process personal data in pseudonymised form only. No connection is established with a concrete, identifiable natural person, i.e. there is no merging of the data with information regarding the bearer of the pseudonym.

a. Tracking for the analysis and optimisation of our services and your usage of them and to gauge the success of advertising campaigns and optimise how advertisements are displayed

  1. Purposes of processing

    Using tracking to analyse user behaviour enables us to check the effectiveness of our services, optimise them, adapt them to the users’ needs and remedy errors. It also serves to determine key figures regarding the use of our services (reach, use intensity, users’ surfing behaviour) statistically on the basis of standard procedures and thus to generate comparable market figures.

    Tracking to gauge the success of advertising campaigns serves to optimise our advertisements in the future and to allow retailers and advertisers to likewise optimise their advertising. Tracking to optimise how advertisements are displayed serves the purpose of presenting users with advertising which is tailored to their interests and of boosting the success of the advertising and therefore also boosting advertising revenues. 

  2. Legal basis of processing

    In the case of services which make a data subject’s behaviour online trackable and in the case of user profiles being created, informed consent within the meaning of the GDPR is required.

  3. 3. The individual tracking procedures used




If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising with effect for the future.

You also have the right to object at any time to personal data concerning you being processed in accordance with point (e) or (f) of Art. 6 (1) GDPR on grounds relating to your particular situation with effect for the future.
You may exercise your right to object free of charge.
You can reach us at the contact details given in I. 2.


You have the right to know whether personal data concerning you is processed by us and, if so, what personal data this is, as well as other information pursuant to Art. 15 GDPR.


You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


You have the right to obtain from us the erasure of personal data concerning you without undue delay insofar as one of the grounds stipulated in Art. 17 (1) GDPR applies and data processing is not necessary for one of the purposes regulated by Art. 17 (3) GDPR.


You have the right to obtain restriction of the processing of your personal data where one of the requirements regulated in points (a) to (d) of Art. 18 (1) GDPR applies.


You have the right to receive the personal data concerning you and provided to us by you in a structured, commonly used and machine-readable format. Further, you have the right to transmit this data to another controller without hindrance from us or to have this data transmitted directly from us to another controller where technically feasible. This shall always apply if the processing of data is based on your consent or a contract and the data is processed by automated means. As such, this does not apply to data held in paper form only.


If data processing is based on your consent, you have the right to withdraw this consent at any time. This shall not affect the lawfulness of processing based on consent before its withdrawal.


You have the right to lodge a complaint with a supervisory authority.


Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Browser: A computer program used to display websites (e.g. Chrome, Firefox, Safari).

Cookies: In the context of the World Wide Web, a cookie is a small text file which is stored on the user’s computer when they visit a website. This file records the user’s surfing behaviour. When the user opens their browser and visits the website again, the cookie comes into play and shares information based on the stored data regarding the user’s surfing behaviour with the web server.

Cookies are therefore information which is stored by a website locally in a small text file on the website visitor’s computer. This information may be settings for a website previously selected by the user or information on the user collected entirely autonomously by the website. These locally stored text files can then later be retrieved by the web server that set them. Most browsers accept cookies automatically. You can manage cookies via your browser functions (generally under ‘Options’ or ‘Settings’). Here, you can deactivate cookies, make them subject to your consent or restrict them in other ways. You can also delete cookies at any time.

Third country: A country which is not bound by the statutory requirements of the EU’s data protection directive (a country outside of the EEA).

Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixels: Also known as tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet, which then registers the download. This allows the server operator to see if and when an email has been opened or a website has been visited. This function is usually implemented using a small program (JavaScript). This allows certain types of information on your computer system to be recognised and shared, such as the content of cookies, the time and date of page views and a description of the page on which the tracking pixel is located.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Services: Our offerings to which this privacy policy applies (see Scope of application).

Tracking: The collection of data and its evaluation with regard to the behaviour of visitors to our services.

Tracking technologies: Tracking is effected via the activity logs (log files) stored on our web servers and by means of data collection from your terminal via pixels, cookies and similar tracking technologies.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

SitemapData privacy policyLegal Notice