Privacy Policy WABE eV

(Status: 10/2020)

The provisions of the EU General Data Protection Regulation (hereinafter GDPR) apply throughout Europe. We would like to inform you about the processing of personal data carried out by our company in accordance with this regulation (compare Articles 13 and 14 GDPR). If you have any questions or comments about this data protection declaration, you can send them to the e-mail address given under point 2 or 3 at any time.

 

Table of Contents:

I. Overview

  1. scope
  2. Responsible
  3. Data Protection Officer
  4. data security

II. The data processing in detail

  1. General information on data processing
  2. Calling up the website/application
  3. application
  4. Registrations
  5. access control
  6. Contact via email

III. data subject rights

  1. Right to object
  2. right of providing information
  3. right of rectification
  4. Right to Erasure (“Right to be Forgotten”)
  5. Right to restriction of processing
  6. Right to data portability
  7. Right of withdrawal with consent
  8. right of appeal

IV. Glossary

I. Overview

In this section of the data protection declaration you will find information on the scope of application, the person responsible for data processing, their data protection officer and data security.

1. Scope

Data processing by WABE eV can essentially be divided into two categories :

  • For the purpose of contract processing, all data required for the execution of a contract with WABE eV will be processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent required.
  • When you access the WABE eV website/application , various information is exchanged between your end device and our server. This can also be personal data. The information collected in this way is used, among other things, to optimize our website.

This data protection declaration applies to the following offers:

  • our online offer available at www.wabe.de;
  • whenever reference is made to this data protection declaration from one of our offers (e.g. websites, subdomains, mobile applications, web services or integration into third-party websites), regardless of how you access or use it.

All of these offerings are collectively referred to as “Services”.

2. Controller

Responsible for data processing – i.e. the person who decides on the purposes and means of processing personal data – in connection with the services

WABE e.V.
Poppenhusenstr. 12
22305 Hamburg
Telephone: +49 40 30 39 09 – 6
Email: datenschutz@wabe.de

3. Data Protection Officer

You can contact our data protection officer as follows:
Contact form:
https://www.dsextern.de/anfragen

DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg

4. Data Security

In order to develop the measures required in Art. 32 GDPR and thus to achieve a level of protection appropriate to the risk, we proceed in our company according to the information security standard VdS 3473.

The guidelines of VdS 3473 – Cyber Security for small and medium-sized enterprises (SMEs) from VdS Schadenverhütung GmbH contain specifications and assistance for the implementation of an information security management system as well as concrete measures for the organizational and technical protection of IT infrastructures. They are designed with the aim of ensuring an adequate level of protection.

 

II. The data processing in detail

In this section of the data protection declaration, we inform you in detail about the processing of personal data within the scope of our services. For better clarity, we structure this information according to certain functionalities of our services. During normal use of the services, different functionalities and thus also different processing can come into play one after the other or simultaneously.

1. General information on data processing

Unless otherwise stated, the following applies to all processing operations described below:

a. No obligation to provide
There is neither a contractual nor a legal obligation to provide the personal data. You are not obliged to provide data.

b. Consequences of non-provision

In the case of required data (data that is marked as mandatory when entering it), failure to provide it means that the service in question cannot be provided. Otherwise, non-provision may result in our services not being able to be provided in the same form and quality.

c. consent
In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (possibly for part of the data). In this case, we will inform you separately about all modalities and the scope of the consent and about the purposes that we are pursuing with this processing in connection with the submission of the respective declaration of consent.

i.e. Transfer of personal data to third countries
If we transmit data to third countries, ie countries outside the European Union, then the transmission takes place exclusively in compliance with the legally regulated admissibility requirements. The admissibility requirements are regulated by Articles 44-49 GDPR.

e. Hosting by external service providers
Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of the EU standard data protection clauses.

f. Transmission to Government Authorities
We transmit personal data to state authorities (including law enforcement authorities) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 c) DSGVO) or if it is necessary to assert, exercise or defend legal claims (Legal basis Art. 6 Para. 1 f) GDPR).

G. storage duration
We do not store your data longer than we need it for the respective processing purposes. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted unless it is still necessary to store it for a limited period of time. Reasons for this can be, for example, the following:

  • The fulfillment of commercial and tax law storage obligations
  • Obtaining evidence for legal disputes within the framework of the statutory statute of limitations

It is also possible for us to continue to store your data with us if you have given your express consent to do so.

H. Categories of Recipients
In addition to the recipient categories explicitly listed below, personal data is also transmitted to the following categories of recipients: shipping service providers, telephone and fax providers.

i. data categories

  • Personal master data: title, salutation/gender, first name, last name, date of birth
  • Address data : street, house number, address supplements if necessary, zip code, city, country
  • Contact details : telephone number(s), fax number(s), e-mail address(es)
  • Access data : date and time of visit to our service; the page from which the accessing system reached our site; pages accessed during use; Session identification data (Session ID); also the following information from the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
  • Application data : curriculum vitae, references, evidence, work samples, certificates, pictures, feedback field for public relations
  • Data pursuant to Art. 9 GDPR : data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of a natural person, health data or data on sex life or the sexual orientation of a natural person.
  • Care dates : start of care, time of care, comments
  • Image data: portrait photos

2. Calling up the website / application

This describes how we process your personal data when you access our services. We would like to point out in particular that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.

a. Information on processing
Datenkategorie Zweckbestimmung Rechtsgrundlage Ggfs. berechtigtes Interesse Speicherdauer
Zugriffsdaten Verbindungsaufbau, Darstellung der Inhalte des Service, Entdeckung von Angriffen auf unsere Seite anhand ungewöhnlicher Aktivitäten, Fehlerdiagnose Wahrung berechtigter Interessen (Art. 6 Abs. 1f DSGVO) ordnungsgemäße Funktion des Services, Sicherheit von Daten und Geschäftsprozessen, Verhinderung von Missbrauch, Verhütung von Schäden durch Eingriffe in Informationssysteme 7 Tage
b. Recipients of personal data
recipient category Affected Data Legal Basis for Transfer Ggfs. berechtigtes Interesse
map service Zugriffsdaten Consent (Art. 6 Para. 1a GDPR)
video services Zugriffsdaten Consent (Art. 6 Para. 1a GDPR)
hosting service provider Zugriffsdaten Order processing (Article 28 GDPR)
c. Content providers who transmit data to third countries
Designation of the service functionality Datenkategorie Adequacy decision (Article 45 GDPR) Appropriate guarantees (Article 46 GDPR) Exceptions (Article 49 GDPR)
Google Maps Integration of directions Zugriffsdaten Consent (Art. 49 Para. 1 a) GDPR)
vimeo offering films Zugriffsdaten Consent (Art. 49 Para. 1 a) GDPR)

3. Application

In an ongoing application process, we process your personal data in the following way:

a. Information on processing
Datenkategorie Zweckbestimmung Rechtsgrundlage Ggfs. berechtigtes Interesse Speicherdauer
Address data, contact details Identification, contact, communication for contract initiation Art. 6 para. 1 b) GDPR 6 months
personal master data identification, contact Art. 6 para. 1 b) GDPR 6 months
application data Applicant selection Art. 6 para. 1 b) GDPR 6 months
Address data, contact data, personal master data, application data applicant pool Art. 6 para. 1a) GDPR until further notice, max. 1 year
b. Recipients of personal data
recipient category Affected Data Legal Basis for Transfer Ggfs. berechtigtes Interesse
applicant management system all under a. mentioned Order processing (Article 28 GDPR)

4. Registrations

In an ongoing registration process, we process your personal data in the following way:

a. Information on processing
Datenkategorie Zweckbestimmung Rechtsgrundlage Ggfs. berechtigtes Interesse Speicherdauer
Address data, contact details Identification, contact, communication for contract initiation Art. 6 para. 1b) GDPR 6 months
personal master data identification, contact Art. 6 para. 1b) GDPR 6 months 6 months
care dates Recording time, duration, evaluations Art. 6 para. 1b) GDPR 6 months
b. Recipients of personal data
recipient category Affected Data Legal Basis for Transfer Ggfs. berechtigtes Interesse

During the registration process, WABE eV links the WABE day-care centers in Schleswig-Holstein to the KitaPortal Schleswig-Holstein, the state-wide day-care center database of the Ministry for Social Affairs, Health, Youth, Family and Senior Citizens in 24143 Kiel.
Please note the information on data protection there: https://www.kitaportal-sh.de/de/datenschutz.

5. Access Control

The following information describes how your personal data is processed if you use an admission card as a person authorized to collect.

a. Information on processing
Datenkategorie Zweckbestimmung Rechtsgrundlage Ggfs. berechtigtes Interesse Speicherdauer
Personal master data of persons authorized to collect Access authorization to the building Art. 6 para. 1 a) GDPR Duration of the consent given and use of the admission card
Name and date of birth of the child/children Clear assignment of collector and child Art. 6 para. 1 a) GDPR Duration of the consent given and use of the admission card
image data Access authorization to the building Art. 6 para. 1 a) GDPR Duration of the consent given and use of the admission card
Contact details (optional) Contact if you lose your card Art. 6 para. 1 a) GDPR Duration of the consent given and use of the admission card
Zugriffsdaten Access authorization to the building and error analysis of the system Art. 6 para. 1 a) GDPR 5 days (temporarily 2 months for technical reasons at some locations)

b. Recipients of the personal data

recipient category Affected Data Legal Basis for Transfer Ggfs. berechtigtes Interesse
no

6. Contacting us via email

How we process your personal data when you contact us by email:

a. Information on processing
Datenkategorie Zweckbestimmung Rechtsgrundlage Ggfs. berechtigtes Interesse Speicherdauer
Address data, contact details Identification, contact, communication for contract initiation Art. 6 para. 1 b) GDPR 6 months
personal master data identification, contact Art. 6 para. 1 b) GDPR 6 months

b. Recipients of personal data

recipient category Affected Data Legal Basis for Transfer Ggfs. berechtigtes Interesse
Email Service Provider all under a. mentioned Order data processing (Article 28 GDPR)

III. data subject rights

1. Right to Object

If we process your personal data in order to operate direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time with effect for the future;

You also have the right, for reasons that arise from your particular situation, at any time with effect for the future against the processing of personal data concerning you, which pursuant to Art. 6 para. 1 letter e) or f) GDPR to file an objection;
You can exercise your right to object free of charge.
You can reach us using the contact details given under I.2.

2. Right to information

You have the right to find out whether personal data relating to you is being processed by us, which personal data this may be, and further information in accordance with Art. 15 GDPR.

3. Right to Rectification

You have the right to request us to correct any incorrect personal data concerning you without delay (Article 16 GDPR). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

4. Right to Erasure (“Right to be Forgotten”)

You have the right to request that we delete your personal data immediately if one of the reasons listed in Art. 17 Para. 1 GDPR applies and the processing is not for one of the reasons set out in Art. 17 para. 3 GDPR regulated purposes is required.

5. Right to restriction of processing

You are entitled to demand a restriction in the processing of your personal data if one of the reasons listed in Art. 18 Para. 1 lit. a) to d) GDPR are met.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another responsible person without hindrance from us or to have a direct transmission done by us, provided this is technically possible. This should always apply if the basis of data processing is consent or a contract and the data is processed automatically. This does not apply to data that is only available in paper form.

7. Right of Withdrawal upon Consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8. Right to Complain

You have a right of appeal to a supervisory authority.

IV. Glossary

Processor : A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: The term “cookie” actually comes from the English vocabulary and can be translated into German as “Keks” in its original meaning. In connection with the World Wide Web, on the other hand, a cookie describes a small text file that is saved locally on the user’s computer when a website is visited. This file stores data about the behavior of the user. If the browser is called up and the corresponding website is visited repeatedly, the cookie is used and, with the help of the stored data, gives the web server information about the surfing behavior of the user.

In this context, cookies are not about cookies, but about information that a website saves locally on the computer of the site visitor in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. These locally stored text files can later be read out again by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (usually under “Options” or “Settings”). This means that the storage of cookies can be deactivated, made dependent on your consent in individual cases or restricted in some other way. You can also delete cookies at any time.

Third countries: Country that is not bound by the legal requirements of the EU data protection directive (country outside the EEA)

Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Pixel: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML e-mails or on websites. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. In this way, the operator of the server can see whether and when an e-mail was opened or a website was visited. This function is usually implemented by calling a small program (Javascript). This allows certain types of information on your computer system to be recognized and passed on, such as the content of cookies, the time and date of the page view and a description of the page on which the tracking pixel is located.

Profiling: Any type of automated processing of personal data that consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects related to work performance, economic situation, health, personal preferences, interests analyze or predict the reliability, conduct, whereabouts or relocation of that natural person.

Services: Our offers to which this data protection declaration applies (see scope ).

Tracking: The collection of data and its evaluation regarding the behavior of visitors to our services.

Tracking technologies: Tracking can take place both via the activity logs (log files) stored on our web servers and by collecting data from your end device via pixels, cookies and similar tracking technologies.

Processing: Any process or series of processes carried out with or without the help of automated processes in connection with personal data such as collecting, recording, organizing, organizing, storing, adapting or changing, reading out, querying, using, disclosing by transmission, distribution or any other form of making available, matching or linking, restricting, deleting or destroying.