Data protection information

Privacy Policy of the Stiftung Jeder Mensch e.V. (Jeder Mensch Foundation e.V.)

In the following, we inform visitors to our website, our (supporting) members, participants in events, donors, applicants and employees about the handling of their personal data by the Stiftung Jeder Mensch e.V. (hereinafter: “Foundation”). Personal data is data that directly or indirectly allows conclusions to be drawn about your identity. In this manner we are meeting the information requirements of Art. 13 of the General Data Protection Regulation (GDPR).

  1. Responsible Body

Responsible for data processing in the sense of Art. 13 (1) (a) GDPR is the Stiftung Jeder Mensch e.V.,  Mühltalstraße 111, 69121 Heidelberg, Germany, which can be contacted by e-mail at info@stiftung-jeder-mensch.eu. The foundation is represented by its management board: Bijan Moini, Alexa von Salmuth.

 

  1. Purposes and legal bases of processing

 

The Foundation processes the following personal data:

  • For (supporting) membership administration: name, first name, address, e-mail address of members. The legal basis for this is Art. 6 (1) (b) GDPR. The Foundation deletes the data ten years after the ending of membership of the association or of sponsor membership.
  • For contributions management: bank details incl. names, IBAN and BIC of members. The legal basis for this is Art. 6 (1) (b) GDPR. The Foundation deletes the data ten years after the completion of the last transaction within the framework of the association membership.
  • For donations management: name, first name, address, e-mail address, if applicable bank details incl. IBAN and BIC. The legal basis for this is Art. 6 (1) (b) GDPR. The Foundation deletes the data ten years after the transaction.
  • For applicant management: name, first name, address and all other data submitted with the application. The legal basis for this is § 26 Federal Data Protection Act (BDSG). The Foundation deletes the data no later than six months after receipt of the application, but in the case of employment six months after the end of the employment relationship. Personnel documents and certificates are kept for ten years in the event of employment.
  • For payroll accounting: name, first name, address, religious affiliation if applicable, tax number, national insurance number, health insurance number, bank details incl. IBAN and BIC. The legal basis for this is Art. 6 (1) (c) GDPR. The Foundation deletes the data ten years after termination of the employment relationship.
  • For external communication: visual and sound recordings of members and participants in Foundation events on the Foundation’s websites, including jeder-mensch.eu and www.stiftung-jeder-mensch.de, as well as accompanying publication formats on social networks, and online and offline to document our work. The legal basis for this is Art. 6 (1) (f) GDPR. The legitimate interest is to provide public information about our activities. The Foundation deletes the data as soon as its use is no longer necessary.
  • For the operation of the websites jeder-mensch.eu, www.stiftung-jeder-mensch.de as well as versions of these sites in other languages: information that your browser automatically transmits to us in server log files, including browser type/browser version, operating system used, referrer URL, host name of the accessing computer and time of the server request. The legal basis for this is Art. 6 (1) (f) GDPR. Our legitimate interest in the data processing follows from the guarantee of a smooth connection setup and the evaluation of the data for system security and stability.
  • For event management: information and personal data that you have given us in the course of registering for an event, usually name, first name, e-mail address and event-related information such as selection of event blocks or meal requests are stored for the duration of the event and follow-up. The data will be deleted 24 months after the end of the event at the latest, unless there are legal reasons, e.g. accounting, which require a longer storage of the list of participants for documentation purposes. The legal basis for this is Art. 6 (1) (b) GDPR.
  • For communication via the internet (e-mail): if you send us an e-mail to contact us, the content of your e-mail, date, time and your IP address are stored on our mail server. The legal basis for this is the implementation of pre-contractual measures in response to your request in accordance with Art. 6 (1) (b) GDPR. If you contact us to exercise your rights as an involved person, the processing of the above-mentioned data is based on Art. 6 (1) (c) GDPR. The Foundation deletes the data 24 months after the end of the particular form of communication.
  • For sending our newsletter: if you have agreed to the transmission of your data to us on our consent page at www.wemove.eu, we may contact you via a newsletter. For this purpose, we process your name and e-mail address and whether you have opened the newsletter. The legal basis for this processing is Art. 6 (1) (a) GDPR.

You can withdraw your consent at any time with future effect. In the event of revocation, the Foundation will immediately delete the data concerned.

We would like to point out that data transmission on the internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against unauthorised access by third parties is not possible. However, our website uses the SSL/TLS encryption method with optimal security settings. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser address bar. If SSL/TLS encryption is activated, the data being transmitted is particularly protected while being transferred.

  1. Recipients of the data

We do not transmit any data to third parties without your express consent (Art. 6 (1) (a) GDPR), except for the purpose of the administration of memberships, contributions, payroll or donations. If this is required or necessary, this is done within the framework of order processing. Our legitimate interest (Art. 6 (1) (f) GDPR) in the processing of orders lies in the outsourcing of the resource-intensive processing of membership, contribution, payroll or donation administration.

  1. Cookies

The web pages use cookies toa certain degree. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure; this is our legitimate interest (Art. 6 (1) (f) GDPR) in their use.

The cookies we use are “session cookies”. They are automatically deleted at the end of your visit to our website.

You can configure your browser so that you are informed about the setting of cookies, and only allow cookies on a case-by-case basis, refuse cookies in certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of Internet pages may be limited.

  1. International Data Transfers

The Foundation does not transfer data outside the area where the General Data Protection Regulation (GDPR) applies.

An exception is communication via social media based in the USA, for example Twitter, where personal data is processed only by third parties who are themselves customers of these networks.

  1. Newsletter

It is possible that the Foundation will publish a newsletter. You register personally for this newsletter and give your consent by confirming the activation link sent to you, which we store as part of the registration and confirmation process. For the use of the newsletter, only the e-mail address you provide is processed. You can unsubscribe from the newsletter and your e-mail address will be deleted immediately. You can also send an e-mail revoking your consent to the use of your e-mail address for the newsletter to info@stiftung-jeder-mensch.de.

  1. Your rights

 

You have the right

  • in accordance with Art. 15 GDPR to request information about your personal data that is processed by us. In particular, you can demand information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about relevant details;
  • in accordance with Art. 16 GDPR to demand the immediate rectification of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to demand that it be transferred to another responsible person;
  • in accordance with Art. 7 (3) GDPR to revoke your consent at any time. This has the consequence that we may no longer in the future continue the data processing based on this consent and
  • in accordance with Art. 77 GDPR to complain to a regulatory authority. As a rule, you can contact for this purpose the regulatory authority of your usual place of residence or workplace, or of our association head office.

 

Responsible Regulatory Authority for a Complaint:

 

The Commissioner for Data Protection and Freedom of Information of Baden-Württemberg

 

Commissioner

Stefan Brink
Postfach 10 29 32

70025 Stuttgart
poststelle@lfdi.bwl.de

  1. Modifications to this Data Protection Declaration

We reserve the right to change this privacy policy at any time with future effect. The current version is available here. Please visit the website regularly and inform yourself about the applicable privacy policy.

As of: March 2021