Equal Rights Beyond Borders - Equal Rights Beyond Borders

Below, Equal Rights Beyond Borders ("we") informs you about the processing of your personal data in connection with the functions on our website, about your data protection rights and how you can contact us regarding these matters and any questions about data protection.

Last updated: 22.07.2022

1. Data Controller

Our German association is generally responsible for data processing on the website. You can reach us at the following contact details:

Equal Rights Beyond Borders e.V.

Zimmerstraße 11

10969 Berlin

(hereinafter: "Equal Rights")

info@equal-rights.org

You can reach our Data Protection Officer by email at dataprotection@equal-rights.org or by post: Equal Rights Beyond Borders e.V., Data Protection Officer, Zimmerstraße 11, 10969 Berlin. For contact inquiries (Section 2 c), either our German or our Greek organization will receive your personal data. Who receives your data depends on which address you use to contact us. Inquiries via info@equal-rights.org go to the German association. Messages to athens, chios or kos@equal-rights.org are received by the Greek organization. If you contact the Greek organization, it is exceptionally the data controller and can be reached at the following contact details:

Equal Rights Beyond Borders

Emmanouil Mpenaki 69A

10681 Athens, Greece

athens@equal-rights.org

Insofar as our Greek organization is the organizer, it also processes your data when conducting events (Section 2 d).

2. Data Processing and Legal Bases

a. Provision of our Website

Each time you visit our website, your browser automatically transmits information to us. This includes, for example, the IP address of your device, browser type, and your operating system. This data is processed to enable and facilitate the use of the website. Furthermore, we use the data in anonymized and aggregated form to ensure the security and stability of our systems. The data processing is carried out on the basis of our legitimate interests in the reliable and secure provision of our web offering pursuant to Art. 6 para. 1 lit. f GDPR.

b. Contact via Email

You are free to contact us with an inquiry via email. When you contact us, we process the data you transmit to us, such as the content of your email and your email address. If your contact is aimed at receiving advice from us, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. If you send us another type of inquiry, we process your data based on our legitimate interest in responding to inquiries and using information communicated to us pursuant to Art. 6 para. 1 lit. f GDPR.

c. Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter. Registration for our newsletter is generally done through a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address.

Data processing in the context of registration is based on our legitimate interest in sending you our newsletter at your explicit request (Art. 6 para. 1 lit. f GDPR).

You can unsubscribe from the newsletter at any time; there is a link to an "unsubscribe function" in every newsletter email. You can also object to the processing of your data for the newsletter by email to dataprotection@equal-rights.org.

We also measure the open rate of our newsletter based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interests consist in measuring the effectiveness of our newsletter and detecting whether emails with newsletters are opened by our subscribers.

d. Events and Public Relations

When you register for our events, we use your personal data for their planning and execution. The legal basis for this is our legitimate interest in conducting the respective event pursuant to Art. 6 para. 1 lit. f GDPR.

With your consent, we create image and sound recordings of participants at our events and publish them on our website and within the social networks we use. The legal basis for this is Art. 6 para. 1 lit. a GDPR. Equal Rights deletes the data as soon as their use is no longer necessary. If you as a participant do not wish to be recorded or no longer agree to the publication afterwards, please contact us.

e. Analysis and Use of our Website

We use Matomo (formerly Piwik) for web analytics, a service of InnoCraft Ltd. The service is hosted on our own servers, which means that only we have access to your data and no data is transmitted to InnoCraft Ltd. We have configured Matomo so that only the data collected when accessing our website (Section 2 a) is used for analysis. The evaluation of your data is also carried out exclusively within anonymized statistics. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in improving the user-friendliness and functionality of our website.

f. Donation, Membership and Contribution Management

We process your personal data in the context of donation, membership and contribution management. This applies especially when using the donation function provided via our website. Processing is based on Art. 6 para. 1 lit. b GDPR.

g. Social Networks

We maintain online presences within social networks and process user data in this context. Through our social media presence, we want to draw attention to our work and possibly attract new donors. This constitutes legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.

h. Postcard Submission Form and Spam Protection

On our website, we offer a form for postcard submissions. To protect this form from automated spam submissions and abuse, we use reCAPTCHA v3, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you use the postcard form, reCAPTCHA automatically analyzes your behavior on our website in the background (e.g., mouse movements, time spent on page, browser information) to determine whether you are a human or an automated bot. For this purpose, Google processes technical data including your IP address, browser type, operating system, referrer URL, and cookies. This analysis occurs without requiring any action from you.

The data processing is based on our legitimate interest in protecting our website from automated spam and abuse pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring the security and integrity of our postcard submission system and preventing misuse.

For more information about Google reCAPTCHA and Google's privacy policy, please visit: https://policies.google.com/privacy

3. Recipients and Transfer of Data

To carry out the processing activities mentioned in Section 2, we also transfer your personal data in part to service providers and other entities. The following lists the transfers and the respective service providers:

a. Internal Transfers

We may transfer personal data to other entities within our organization or grant them access to this data, e.g., if an inquiry was mistakenly sent to the German association but actually concerns the activities of the Greek organization.

b. Newsletter Delivery

We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA ("Mailchimp") to send our newsletter. Mailchimp acts as a processor for us and receives access to your data.

c. Provision of the Donation Form

Our website uses the donation form of twingle GmbH ("twingle"), Prinzenallee 74, 13357 Berlin. Twingle provides the technical platform for the donation process for this donation form. As our processor, Twingle receives access to your data.

d. Payment Processing

Depending on the payment service provider you choose, your data may also be transferred to the following companies in addition to banks and credit institutions:

Apple Pay Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Privacy Policy: https://www.apple.com/legal/privacy/de-ww/

Google Pay Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy Policy: https://policies.google.com/privacy

Klarna Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Privacy Policy: https://www.klarna.com/de/datenschutz

PayPal PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

e. Management of Contact Inquiries

We manage contact inquiries received through our contact form (Webform) using Podio. Podio is a project management service offered by Citrix Systems, Inc. (51 West Cypress Creek Road, Fort Lauderdale, FL 33309 USA).

f. Social Media

We process your data jointly with social network providers. We currently have pages on the following networks:

Twitter Twitter is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, whose parent company is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. More information about data processing by Twitter can be found at the following link: https://twitter.com/privacy.

Facebook We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). We have concluded a special agreement with Facebook, which can be accessed here: https://www.facebook.com/legal/terms/page_controller_addendum. Further information on data processing by Facebook can be found at the following link: https://www.facebook.com/about/privacy.

g. Spam Protection (Google reCAPTCHA)

Our postcard submission form uses Google reCAPTCHA v3 to protect against spam and abuse. Google LLC processes technical data about your interaction with our website, including your IP address, cookies, and browser information. Google acts as an independent controller for this data processing.

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

4. Data Transfer to Third Countries

Equal Rights generally does not transfer data outside the scope of the GDPR. A transfer only takes place if there is an adequacy decision by the Commission or if Standard Contractual Clauses pursuant to Art. 46 GDPR have been concluded with the service provider. The data protection clauses used can be accessed on the pages of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de.

Google LLC (reCAPTCHA): Data is transferred to Google LLC (USA) in connection with the use of Google reCAPTCHA for spam protection on our postcard submission form. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection for data transferred to the United States.

5. Deletion of Data

The data we process is deleted as soon as we no longer need it and there is no legal obligation to retain it. Insofar as we process your data on the basis of your consent, we delete it when you declare your withdrawal.

If the data is not deleted because it is required for other legally permissible purposes, its processing is restricted to these purposes. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

As a rule, we delete your personal data at the following times:

a. Website Provision Data collected in connection with the provision of the website is deleted 14 days after collection.

b. Email Inquiries Data from communications that are not part of legal advice are deleted no later than 24 months after the last exchange regarding the respective inquiry.

We store advisory inquiries at least for the duration of the advisory relationship. Following the advice, we retain them for 6 years until the end of the calendar year.

c. Newsletter We store your email address for up to three years after unsubscription to ensure that you do not receive any further messages from us after an objection (as part of a so-called "blocklist"). In this case, we no longer use your email address for any other purposes.

d. Events The storage period for data is a maximum of 24 months from the day of participation in the event, unless you have given us your consent to receive information about future events. In the latter case, we store the data until you withdraw your consent with effect for the future or until the data is no longer required for the pursuit of a legitimate purpose.

e. Data on Donations and Association or Supporting Membership We delete this data ten years after the end of association or supporting membership or ten years after the last transaction. For one-time donations, the data is deleted ten years after the respective transaction.

In individual cases, we may store your personal data longer if this is necessary, e.g., for the possible defense of legal claims.

6. Your Rights

As data subjects, you are entitled to the following data protection rights if the respective applicable conditions are met:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)

Furthermore, you have a right to object (Art. 21 GDPR) insofar as we process data on the basis of Art. 6 para. 1 lit. f GDPR. Please note that for data processing for purposes other than direct marketing, you must provide reasons arising from your particular situation.

If we process data about you on the basis of consent you have given, you can withdraw your consent with effect for the future.

You can exercise your rights with the respective responsible entity using the contact details provided in Section 1.

7. Right to Lodge a Complaint with a Supervisory Authority

In the event of a suspected violation of the GDPR by us, you can also contact a supervisory authority at any time. The competent supervisory authority for the German association is:

Berlin Commissioner for Data Protection and Freedom of Information Friedrichstr. 219 10969 Berlin Tel.: +49 30 13889-0 Email: mailbox@datenschutz-berlin.de

The competent authority for the Greek organization is:

Hellenic Data Protection Authority (HDPA) Kifissias 1-3, 115 23, Athens, Greece Tel.: +30-210 6475600 Email: contact@dpa.gr

8. Updates

This privacy notice must be adapted from time to time to actual circumstances and to the legal situation. Please review the privacy notice before using our services to stay informed about any changes or updates.