Who is responsible for data processing at our company
Responsible for data processing is:
Aktion Sodis e. V.
Lutherweg 31 52074 Aachen Germany
Contact details of our data protection officer
You can contact our data protection officer by e-mail at firstname.lastname@example.org or at our postal address with the addition "to the data protection officer".
Processing your data as part of the core activities of our organization
If you are a member or support us, have a business relationship with us or are interested in our activities, the type, scope and purpose of the processing of your data depends on the membership, contractual or pre-contractual relationship that exists between us. The data processed by us includes all data that we require to administer or process the existing membership or business relationship with you or to process your request or support service.
The processing of your data is limited to the data that is necessary and appropriate for the aforementioned purposes. We will inform you which data this is before or during data collection.
Your data will only be passed on to third parties if this is necessary for the purposes of the organization of our organization for the processing of financial accounting and compliance with legal obligations. Insofar as we use third-party providers to provide our services, the terms and conditions and data protection notices of the respective third-party providers apply.
Inventory data (e.g. names, addresses)
Payment data (e.g. bank details, invoices)
Contact data (e.g. e-mail address, telephone number, postal address)
Contract data (e.g. subject matter of the contract, duration of the contract)
Affected persons: Interested parties, members, business and contractual partners
Purpose of processing: Administration of members and support services, handling of contractual relationships, communication and responding to contact requests, office and organizational procedures
Legal basis: Fulfilment of contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR
Your rights under the GDPR
According to the GDPR, you are entitled to the rights listed below, which you can assert at any time with the controller named in section 1 of this data protection declaration:
Right to information: You have the right to request information from us as to whether and which of your data we process.
Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.
Right to erasure: You have the right to request the erasure of your data.
Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.
Right to data portability: You have the right to request that we transfer your data to you or another controller in a structured, commonly used and machine-readable format.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.
Right of withdrawal
You have the right to withdraw your consent to data processing at any time.
Right of objection
You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you make use of your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate grounds for data processing that outweigh your interests and rights.
Irrespective of the above, you have the right to object to the processing of your personal data for the purposes of advertising and data analysis at any time.
Please send your objection to the contact address of the controller given above.
When do we delete your data?
if the purpose of the data processing has ceased to exist and thus the respective legal basis stated in the individual data protection notices no longer exists, e.g. after termination of the contractual or membership relationship existing between us (Art. 6 para. 1 lit. a GDPR) or after our legitimate interest in the further processing or storage of your data has ceased to exist (Art. 6 para. 1 lit. f GDPR),
if you exercise your right to object and there is no other legal basis for the processing within the meaning of Art. 6 para. 1 lit. b-f GDPR,
if you exercise your right to object and there are no compelling legitimate grounds for erasure.
However, if we still need to retain (certain parts of) your data for other purposes, for example because tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents) or the assertion, exercise or defense of legal claims arising from contractual relationships (up to four years) make this necessary or the data is needed to protect the rights of another natural or legal person, we will only delete (the part of) your data after these periods have expired. Until the expiry of these periods, however, we restrict the processing of this data to these purposes (fulfillment of retention obligations).
We use cloud services in particular
to store and process documents,
to send documents by e-mail or to exchange files of any kind,
for our calendar appointment management,
for the preparation and execution of presentations and spreadsheets,
for publishing files of any kind,
for internal and external communication via chats, audio and video conferences.
If we make files of any kind publicly available via our internet presence using the cloud service we use, the respective third-party provider of the cloud service may store cookies on your computer system if you access these files. The service provider may process the data collected in this way in order to analyze your usage behavior or your browser settings. Please note that, depending on the country in which the service provider named below is based, the data specified below may be transferred to and processed on servers outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible. If the service provider we use offers data processing exclusively within the EU, we intend to process your data exclusively there, unless this has already been implemented.
Inventory data (e.g. names, addresses),
Contact data (e.g. e-mail addresses, telephone and cell phone numbers)
Content data (e.g. photos, videos, texts),
Usage data (e.g. times of access, websites visited, interest in content),
Metadata (e.g. IP address, computer system information)
Affected persons: Interested parties, communication partners, customers, employees (e.g. applicants, current and former employees)
Purpose of processing: Organization of office and administrative tasks
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract fulfillment and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR
Cloud service providers used:
Google cloud services
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Web page: https://cloud.google.com/