top of page
Icons Privacy policy 2.png

Privacy policy

With this privacy policy, we would like to inform you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as "data"). Personal data is all data that has a personal reference to you, e.g. name, address, e-mail address or your user behavior. The privacy policy applies to all data processing operations carried out by us, both in the context of our core activities and for the online media we provide.

Who is responsible for data processing at our company

Responsible for data processing is:

Aktion Sodis e. V.

Benedikt Schindele

Lutherweg 31 52074 Aachen Germany

info@aktion-sodis.org

https://www.aktion-sodis.org/impressum

Contact details of our data protection officer

You can contact our data protection officer by e-mail at c.netsch@aktion-sodis.org or at our postal address with the addition "to the data protection officer".

Processing your data as part of the core activities of our organization

If you are a member or support us, have a business relationship with us or are interested in our activities, the type, scope and purpose of the processing of your data depends on the membership, contractual or pre-contractual relationship that exists between us. The data processed by us includes all data that we require to administer or process the existing membership or business relationship with you or to process your request or support service.

The processing of your data is limited to the data that is necessary and appropriate for the aforementioned purposes. We will inform you which data this is before or during data collection.

Your data will only be passed on to third parties if this is necessary for the purposes of the organization of our organization for the processing of financial accounting and compliance with legal obligations. Insofar as we use third-party providers to provide our services, the terms and conditions and data protection notices of the respective third-party providers apply.

Data concerned:

  • Inventory data (e.g. names, addresses)

  • Payment data (e.g. bank details, invoices)

  • Contact data (e.g. e-mail address, telephone number, postal address)

  • Contract data (e.g. subject matter of the contract, duration of the contract)

Affected persons: Interested parties, members, business and contractual partners

Purpose of processing: Administration of members and support services, handling of contractual relationships, communication and responding to contact requests, office and organizational procedures

Legal basis: Fulfilment of contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR


Your rights under the GDPR

According to the GDPR, you are entitled to the rights listed below, which you can assert at any time with the controller named in section 1 of this data protection declaration:

  • Right to information: You have the right to request information from us as to whether and which of your data we process.

  • Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.

  • Right to erasure: You have the right to request the erasure of your data.

  • Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.

  • Right to data portability: You have the right to request that we transfer your data to you or another controller in a structured, commonly used and machine-readable format.

  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.

Right of withdrawal

You have the right to withdraw your consent to data processing at any time.

Right of objection

You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you make use of your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate grounds for data processing that outweigh your interests and rights.

Irrespective of the above, you have the right to object to the processing of your personal data for the purposes of advertising and data analysis at any time.

Please send your objection to the contact address of the controller given above.

When do we delete your data?

We delete your data when we no longer need it or when you instruct us to do so. This means that - unless otherwise stated in the individual data protection notices of this privacy policy - we delete your data

  • if the purpose of the data processing has ceased to exist and thus the respective legal basis stated in the individual data protection notices no longer exists, e.g. after termination of the contractual or membership relationship existing between us (Art. 6 para. 1 lit. a GDPR) or after our legitimate interest in the further processing or storage of your data has ceased to exist (Art. 6 para. 1 lit. f GDPR),

  • if you exercise your right to object and there is no other legal basis for the processing within the meaning of Art. 6 para. 1 lit. b-f GDPR,

  • if you exercise your right to object and there are no compelling legitimate grounds for erasure.

However, if we still need to retain (certain parts of) your data for other purposes, for example because tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents) or the assertion, exercise or defense of legal claims arising from contractual relationships (up to four years) make this necessary or the data is needed to protect the rights of another natural or legal person, we will only delete (the part of) your data after these periods have expired. Until the expiry of these periods, however, we restrict the processing of this data to these purposes (fulfillment of retention obligations).

Cloud services

We use cloud services in particular

  • to store and process documents,

  • to send documents by e-mail or to exchange files of any kind,

  • for our calendar appointment management,

  • for the preparation and execution of presentations and spreadsheets,

  • for publishing files of any kind,

  • for internal and external communication via chats, audio and video conferences.

The software applications that we use for these purposes are made available to us by the provider(s) named below on their servers. We access these servers via the Internet. If you transmit your data to us in the context of communication with us or in other processes explained by us in this privacy policy, we process this data in the cloud service we use. This means that your data is stored on the servers of the third-party cloud service provider. The third-party providers process usage and metadata to secure their servers and optimize their services. In particular, we process and store your contact, customer and contract data.

If we make files of any kind publicly available via our internet presence using the cloud service we use, the respective third-party provider of the cloud service may store cookies on your computer system if you access these files. The service provider may process the data collected in this way in order to analyze your usage behavior or your browser settings. Please note that, depending on the country in which the service provider named below is based, the data specified below may be transferred to and processed on servers outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible. If the service provider we use offers data processing exclusively within the EU, we intend to process your data exclusively there, unless this has already been implemented.

Data concerned:

  • Inventory data (e.g. names, addresses),

  • Contact data (e.g. e-mail addresses, telephone and cell phone numbers)

  • Content data (e.g. photos, videos, texts),

  • Usage data (e.g. times of access, websites visited, interest in content),

  • Metadata (e.g. IP address, computer system information)

Affected persons: Interested parties, communication partners, customers, employees (e.g. applicants, current and former employees)

Purpose of processing: Organization of office and administrative tasks

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract fulfillment and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Cloud service providers used:

Google cloud services

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Web page: https://cloud.google.com/

bottom of page