Privacy Policy

In the following, we inform you about the handling of personal data.

Personal data is data that directly or indirectly allows conclusions to be drawn about your identity. We thus fulfil the duty to inform according to Art. 13 of the General Data Protection Regulation (GDPR).

In the creation of the privacy policy, we have also been guided by the policy of the Gesellschaft für Freiheitsrechte – thank you very much for the opportunity to use it.

The Privacy Policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "Online Offer").

Our website and most of our services are hosted on our own servers. Where this is not the case, we indicate this separately. 

Status: 10 May 2022

1. Responsible Persons

Equal Rights Beyond Borders e.V. (hereinafter: Equal Rights DE) is responsible for data processing within the meaning of Art. 13 (1) lit. a GDPR., Zimmerstraße 11, 10969 Berlin, Amtsgericht Berlin Charlottenburg VR35583 B and Equal Rights Beyond Borders 'AMKE', Emmanouil Mpenaki 69A, 10681 Athens, Αστική Μη

Κερδοσκοπική Εταιρεία, ΑΦΜ: 996887928, ΔΟΥ: Δ' ΑΘΗΝΩΝ, AΡ. ΓΕΜΗ: 151850501000 (hereinafter Equal Rights GR; hereinafter collectively Equal Rights), reachable by email at info@equal-rights.org. Equal Rights is represented by the Board of Directors and the Administrators: Catharina Ziebritzki (Board Member Equal Rights DE and Administrator Equal Rights GR) and Robert Nestler (Executive Director Equal Rights DE and Administrator Equal Rights GR).

2. Contact Data Protection Officer

Catharina Ziebritzki
Equal Rights Beyond Borders
Zimmerstrasse 11
10969 Berlin

3. Purposes and Legal Bases for Processing Data

a. Overview

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Equal Rights processes the following personal data:

  • For (sponsorship) member administration: name, first name, address, email address of the members. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. Equal Rights deletes the data ten years after termination of the association or sponsoring membership.
  • For contribution management: bank details incl. names, IBAN and BIC of the members. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. Equal Rights deletes the data ten years after the completion of the last transaction in the context of the association membership.
  • For donation management: name, first name, address, email address, bank details incl. IBAN and BIC. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. Equal Rights deletes the data ten years after the transaction.
  • For applicant administration: surname, first name, address and all other data submitted with the application. The legal basis for this is § 26 BDSG. Equal Rights deletes the data at the latest six months after receipt of the application, but in the case of employment only six months after the end of employment. Personnel records and references are retained for ten years in the event of employment. In order to document the diversity of the applications received, Equal Rights keeps an anonymised version of the applicant information in both cases.
  • For payroll accounting: name, first name, address, religious affiliation if applicable, tax number, social security number, health insurance number, bank details incl. IBAN and BIC. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR. Equal Rights deletes the data ten years after termination of the employment relationship.
  • For external presentation: Image and sound recordings of members and participants of Equal Rights events on the website and accompanying publication formats in social networks and online and offline to document our work. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR. Equal Rights deletes the data as soon as its use is no longer necessary. If you as a participant of an event do not wish to be recorded, please inform us in advance.
  • For the operation of the website www.equal-rights.org: Information that your browser automatically transmits to us in so-called server log files, including browser type/browser version, operating system used, referrer URL, host name of the accessing computer and time of the server request. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in the data processing follows from the guarantee of a smooth connection setup and the comfortable use of our website as well as from the evaluation of the system security and stability. We do not use the aforementioned data to draw conclusions about your person.
  • For event management: Information and personal data that you have given us in the context of registering for an event, usually name, first name, email address and event-related information such as selection of event blocks or meal requests are stored for the duration of the event organization and follow-up. The data will be deleted 24 months after the end of the event at the latest, unless there are legal reasons, e.g. accounting, which require a longer storage of the list of participants for documentation purposes. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.
  • For communication via the Internet (e-mail): All data voluntarily provided to us, such as surname, first name, e-mail address and any other personal data or special categories of personal data specified. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR. Equal Rights deletes the data 24 months after the end of the respective form of communication or, if the data is part of ongoing proceedings, 24 months after the conclusion of the proceedings.

In the event that consent is revoked, Equal Rights will immediately delete the data in question.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of the data against unauthorized access by third parties is not possible. However, our website uses the SSL/TLS encryption method with optimal security settings. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser input line. If SSL/TLS encryption is activated, the data that is transmitted is particularly protected during transport. For a high standard of protection in e-mail communication, we also offer the option of secure communication with PGP/GPG.

b. Summary
Types of data processed
  • Inventory Data
  • Payment details
  • Contact information
  • Content data
  • Contract Data
  • Usage Data
  • Meta/communication data
Categories of persons concerned
  • Interested parties
  • Communication partners
  • Users
  • Donor
  • Members
  • Business and Contractual Partners
Relevant legal bases

Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the Privacy Policy.

  • Consent (Art. 6(1) p. 1 lit. a. GDPR) - The data subject has given his or her consent to the processing of personal data relating to him or her for a specific purpose or purposes.
  • Contract performance and pre-contractual enquiries (Art. 6(1) p. 1 lit. b. GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request.
  • Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1) p. 1 lit. f. GDPR) - Processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission as well as automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, performance or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

4. Recipients and Transmission of the Data

We do not transmit any data to third parties without your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR), except for the purpose of membership, contribution, salary or donation administration. If this is required or necessary, this is done within the framework of commissioned data processing. Our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in the processing of order data lies in the outsourcing of the resource-intensive processing of membership, contribution, salary or donation administration.

In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organisational units or persons or that it is disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Transfer of data within the organization: We may transfer or provide access to personal data to other entities within our organization. Where this transfer is for administrative purposes, the transfer of the data is based on our legitimate business and operational interests or is made where it is necessary for the performance of our contractual obligations or where there is consent from the data subjects or legal permission.

5. Security Measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, entry, disclosure, safeguarding of availability and separation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.

6. Data Processing in Third Countries

Equal Rights does not transfer data outside the scope of the General Data Protection Regulation (GDPR). The exception is communication via social media based in the USA, for example Facebook and Twitter and Mailchimp, whereby personal data is only processed by third parties who are themselves customers of these networks.

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with the legal requirements. We try to reduce this to a minimum and continue to work on it.

Subject to express consent or contractually or legally required transfer, we only process or allow data to be processed in third countries with a recognised level of data protection, contractual obligations through socalled standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

7. Deletion of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose).

If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may also contain further information on the retention and deletion of data, which will take precedence for the processing operations in question.

8. Use of Cookies

The internet pages partly use so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure; this is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in their use.

The cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit to our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of Internet pages may be limited.

9. Performance of Duties under the Articles of Association or the Rules of Procedure

We process the data of our members, supporters, interested parties, business partners or other persons (collectively "data subjects") if we have a membership or other contractual relationship with them and perform our tasks and are recipients of services and benefits. In addition, we process the data of data subjects on the basis of our legitimate interests, e.g., if it is a matter of administrative tasks or public relations work.

The data processed in this context, the type, scope and purpose of the data and the necessity of its processing are determined by the underlying membership or contractual relationship, which also determines the necessity of any data disclosures (in addition, we refer to required data).

We delete data that is no longer required to fulfil our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. We retain the data for as long as it may be relevant for the processing of the business, as well as with regard to any warranty or liability obligations on the basis of our legitimate interest in their regulation. The necessity of retaining the data is reviewed regularly; in all other respects, the statutory retention obligations apply.

  • Types of data processed: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. e-mail, telephone numbers); contract data (e.g. subject matter of contract, term, customer category).
  • Data subjects: Users (e.g. website visitors, users of online services); members; business and contractual partners.
  • Purposes of processing: provision of services; contact requests and communication; management and response to requests.
  • Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

10. Services in Detail

a. Web Analytics - Matomo

We use Matomo (formerly Piwik) for web analytics, a service provided by InnoCraft Ltd. The service is hosted on our own servers. Only we have access to your data. The protection of your data is important to us, which is why we have additionally configured Matomo in such a way that your IP address is only recorded in shortened form. We therefore process your personal usage data anonymously. A conclusion on your person is not possible for us. You can find further information on the Matomo terms of use and the data protection regulations at: https://matomo.org/privacy/.

b. Donor Management - Twingle 

On our website we offer users the possibility to donate online. For this purpose, we use the donation widget from twingle.

Our website uses the donation form of twingle GmbH, Prinzenallee 74, 13357 Berlin. twingle GmbH provides the technical platform for the donation process for this donation form. The data you enter when making a donation (e.g. address, bank details, etc.) is only stored by twingle on servers in Germany for the purpose of processing the donation.

We have concluded an order data processing contract with twingle and fully implement the strict requirements of the EU General Data Protection Regulation and the German data protection authorities when using the twingle donation form.

The transmission of your data is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. The revocation has no influence on the effectiveness of the previous data processing operations.

I. Use of Matomo Collection, processing and use of personal data for donations

For its part, the twingle donation form uses the web analysis service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, ("Matomo") on the basis of twingle's legitimate interest in the statistical evaluation of user behaviour for optimisation purposes pursuant to Art. 6 para. 1 lit. f GDPR data is collected and stored. Pseudonymised usage profiles can be created and evaluated from this data for the same purpose. Cookies may be used. Cookies are small text files that are stored locally in the cache of the site visitor's Internet browser. The cookies enable, among other things, the recognition of the Internet browser. The data collected by Matomo Technology (including your pseudonymised IP address) is processed on twingle servers.

The information generated by the cookie about the use of the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym.

If you do not agree with the storage and analysis of this data from your visit, you can object to the storage and use below at any time by clicking on the mouse. In this case, a so-called opt-out cookie is stored in your browser so that Matomo does not collect any session data. Please note that deleting your cookies completely will also delete the opt-out cookie and you may have to reactivate it.

II. Collection, processing and use of personal data in the case of donations

In the case of a donation, we collect and use your personal data only insofar as this is necessary for the fulfilment and processing of your donation and, if applicable, for the processing of your enquiries. The provision of the data is necessary for the processing of the donation process. Failure to provide it will result in your donation not being accepted. The processing is based on Art. 6 (1) lit. b GDPR and is necessary for the processing of the donation. Your data will not be passed on to third parties without your stated consent. The only exceptions to this are our service partners, whom we need to process the donation, or service providers whom we use in the context of order processing. In addition to the recipients named in the respective clauses of this Privacy Policy, these are, for example, recipients of the following categories: Payment service providers, service providers for sending donation receipts. In all cases, we strictly adhere to the legal requirements. The scope of the transmitted data is limited to a minimum. You have the possibility to revoke your consent to data processing at any time. The revocation does not affect the validity of the previous data processing operations.

III. Payment service providers used by Twingle 

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively "payment service providers"). We use these services exclusively in connection with the use of our donation form by Twingle.

The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, sum and recipient-related information. The information is required to complete the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. In this regard, we refer to the terms and conditions and the data protection information of the payment service providers.

For payment transactions, the terms and conditions and the data protection information of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.

•       Types of data processed: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); contact data (e.g. e-mail, telephone numbers).

  • Persons concerned: Customers; Interested parties.
  • Purposes of the processing: provision of services.
  • Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further guidance on processing operations, procedures and services:

  • Apple Pay: payment services (technical connection of online payment methods); service provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/de/apple-pay/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.
  • for Google Pay: payment services (technical connectivity of online payment methods); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://pay.google.com/intl/de_de/about/; privacy policy: https://policies.google.com/privacy.
  • Klarna / Sofortüberweisung: payment services (technical connection of online payment methods); service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; website: https://www.klarna.com/de; privacy policy: https://www.klarna.com/de/datenschutz.
  • PayPal: payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L2449 Luxembourg; website: https://www.paypal.com/de; privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
c. Newsletter - Mailchimp 

We send newsletters, e-mails and other electronic notifications (hereinafter referred to as "newsletter") only with the consent of the recipients or a legal permission. If the contents are specifically described in the context of a newsletter registration, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.

We use Mailchimp to send our newsletters (see below). We are in the process of moving to a less data needing software.

To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the purpose of a personal address in the newsletter, or further details if these are required for the purposes of the newsletter.

Double-Opt-In-Procedure: The registration for our newsletter is always carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with alien e-mail addresses. The registrations to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove consent formerly given. Processing of this data will be limited to the purpose of possible defence of claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list (so-called "block list") for this purpose alone.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Notes on legal basis: The newsletter is sent on the basis of the recipients' consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and insofar as this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in efficient and secure dispatch. The registration process is recorded on the basis of our legitimate interests to prove that it has been carried out in accordance with the law.

Contents: Information about us, our services, actions.

  • Types of data processed: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); meta/communication data (e.g. device information, IP addresses); usage data (e.g. websites visited, interest in content, access times).
  • Affected persons: Communication partners.
  • Purposes of the processing: direct marketing (e.g. by e-mail or post).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
  • Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the above contact options, preferably e-mail, for this purpose.

Further guidance on processing operations, procedures and services:

  • Measurement of opening and click rates: The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a dispatch service provider, from their server. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for the technical improvement of our newsletter on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened.
  • Mailchimp: email sending and email marketing platform; service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Website: https://mailchimp.com; Privacy policy: https://mailchimp.com/legal/; Order processing contract: https://mailchimp.com/legal/; Standard contractual clauses (ensuring level of data protection for processing in third countries): included in the order processing contract; Further information: Special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/.
d. Contact, Inquiry, Applicants Management - Podio, Mail, Phone

When contacting us (e.g. by contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

The answering of contact inquiries as well as the administration of contact and inquiry data within the scope of contractual or pre-contractual relations is carried out for the fulfilment of our contractual obligations or for the answering of (pre)contractual inquiries and, moreover, on the basis of the legitimate interests in answering the inquiries and maintaining user and/or business relations.

We process applications, both voluntary and permanent, and contact requests partly with Podio. We create web forms for this purpose. Podio is a project management service provided by Citrix Systems, Inc. Podio data is stored in two European data centers in Frankfurt am Main and Amsterdam. Input security is provided by encrypted internet connections. Further information can be found in the Podio Security Whitepaper which is published by CITRIX in English only.

  • Types of data processed: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms).
  • Affected persons: Communication partners.
  • Purposes of processing: contact requests and communication; provision of contractual services, reception and management of applicants.
  • Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR); Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR).
e. Presence in Social Media

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us. 

We would like to point out that user data may be processed outside the European Union. This can result in risks for the users, because, for example, the enforcement of the rights of the users could be made more difficult.

Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the Privacy Policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

  • Types of data processed: contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further guidance on processing operations, procedures and services:

  • Facebook pages: Profiles within the Facebook social network - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (known as a "Fan Page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating systems, browser types, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights," to Page operators to provide them with insights into how people interact with their Pages and with content associated with them. We have a special agreement with Facebook ("Page Insights Information", https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates the security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Standard contractual clauses (ensuring level of data protection in case of processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further information: Shared Responsibility Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data.
  • Twitter: social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).

11. Age Restriction

According to Greek law, you must be at least 16 years old to use our website. If you are under 16 you must either leave the website or view it with your parents.

12. Rights

You have the right
  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR to demand the immediate correction of incorrect or completion of your personal data stored by us;
  • in accordance with Art. 17 GDPR to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the correctness of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we are no longer allowed to continue the data processing based on this consent for the future, and
  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our association´s  headquarters.
  • To exercise your data protection rights, please contact us by e-mail at info@equal-rights.org or by post.

Competent supervisory authority for a complaint:

Berlin Commissioner for Data Protection and Freedom of Information
Maja Smoltczyk
An der Urania 4-10
10787  Berlin

In Greece, the competent authority is the Data Protection Authority (www.dpa.gr): Tel: 0030 210 6475600, Fax: 0030210 6475628, email: contact@dpa.gr

12. Changes to this Privacy Policy

We reserve the right to change this privacy policy at any time with effect for the future. A current version is available at this point. Please visit the website regularly and inform yourself about the applicable Privacy Policy.

13. Consent

By using the website you agree to the privacy policy.

Equal Rights Beyond Borders consists of two separately registered legal entities in Greece and Germany.

Greece
Civil Non-Profit Company (AMKE)
Emm. Mpenaki 69A, 10681 Athens
+30 210 3803067, athens@equal-rights.org

Tax No.: 996887928, Tax Office: D’ Athens
Registry No. (GEMI): 151850501000
NGO Registry No.: ID 3058

Germany
Gemeinnütziger Verein (e.V.)
Zimmerstraße 11, 10969 Berlin
info@equal-rights.org

Amtsgericht Berlin-Charlottenburg
VR 35583 B