By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled.
1. Name and Address of the controller
Controller for the purposes of the GDPR, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Centre for Feminist Foreign Policy gGmbH
2. Data Processing on our Website
2.1 Calling up our Website
The website of the Centre for Feminist Foreign Policy collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system reaches our website (so-called referrers), the sub-websites, the date and time of access to the Internet site, an Internet protocol address (IP address), the Internet service provider of the accessing system, and any other similar data and information that may be used in the event of attacks on our information technology systems.
The statutory basis of the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is to deliver the content of our website correctly, ensure the long-term viability of our information technology systems and website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The server log files are kept separately from all personal data provided by a data subject for seven days and then deleted.
2.2 Contact form
The website of the Centre for Feminist Foreign Policy contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general e-mail address and a phone number. If a data subject contacts the Centre for Feminist Foreign Policy by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis are stored for the purpose of processing or contacting the data subject. The statutory basis of the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is to be able to contact visitors of our website.
2.3 Job applications
If you would like to apply for a job with the Center for Feminist Foreign Policy, you can submit application documents by e-mail. The purpose of the data processing is the selection of suitable applicants for the possible establishment of an employment relationship. The legal bases for this processing are Art. 6 (1) lit. b and 88 (1) GDPR in conjunction with § 26 (1) of the German Federal Data Protection Act (BDSG). If no employment contract is concluded with the applicant by the Center for Feminist Foreign Policy, the application documents shall be automatically erased four months after notification of the refusal decision, provided that no other legitimate interests of the Center for Feminist Foreign Policy are opposed to the erasure, for instance, a procedure under the General Equal Treatment Act (AGG).
On our homepage we provide the opportunity to support our work with a donation. You can make a one-time donation or register as a recurring donor (member or visionary). All members of the Center for Feminist Foreign Policy are subscribed to a monthly behind-the-scenes newsletter with an inside scoop on how their support is shaping the Center for Feminist Foreign Policy. Being a member also entails the opportunity to participate in events with the leadership and Advisory Council of the Center for Feminist Foreign Policy. Visionary are invited to exclusive dinners, talks and events with leading trailblazers in the field of Feminist Foreign Policy.
For processing one-time donations, we work together with PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg (PayPal). Personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing and fraud prevention. The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
For managing our members (recurring donors) and sending out our monthly members newsletter, we work together with Steady Media GmbH, Schönhauser Allee 36, c/o bellicon Business GmbH, 10435 Berlin (Steady). Personal data transmitted to Steady are usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing and fraud prevention. The applicable data protection provisions of Steady can be found under https://steadyhq.com/en/privacy.
3. Use of tools on the website
- Cookies: Information stored on the end device, consisting in particular of a name, a value (ID), the storing domain and an expiration date. So-called session cookies (e.g., PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after a specified expiration date. Cookies can also be removed manually.
- Web Storage (Local Storage / Session Storage): Information stored on the end device, consisting of a name and a value. Information in Session Storage is deleted after the session, while information in Local Storage remains stored unless a mechanism for deletion has been set up (e.g., storage of a Local Storage with time entry). Information in Local and Session Storage can also be removed manually.
- Tracking pixel: Tiny graphic automatically loaded by a service that can make it possible to recognize users by automatically transmitting the usual connection data (in particular IP address, information about address, browser, operating system, language and time of call) and to determine, for example, whether an e-mail has been opened or a website visited. With the help of pixels, “passive fingerprinting” and the creation of usage profiles can thus be carried out. The use of pixels can be prevented, for example, by blocking images, for example in e-mails, although the display is then restricted.
To obtain and manage your consent, we use the consent management tool consentmanager by consentmanager AB, Håltegelvägen 1b, 72348 Västerås (consentmanager). consentmanager generates a banner informing you about data processing on our website and enables you to consent to the processing of personal data through optional tools. The statutory basis of the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is to provide you with the legally required consent management and to fulfill our documentation obligations. The banner will appear on your first visit to our website and on subsequent visits, if you have disabled the storage of cookies, the cookies have been deleted or have expired. You can also access the banner by clicking on the icon on the bottom left. Access to and storage of information in the terminal device is necessary in these cases and takes place in accordance with § 25 (2) Telecommunications-Telemedia Data Protection Act (TTDSG).
We have concluded a data processing agreement with the provider of consentmanager, which can be viewed here: https://www.consentmanager.net/tac.php. You can find their data protection policy here: https://www.consentmanager.net/datenschutz/.
3.2 Analytics Tools (Measurement)
With your consent, we use the analytics tools described in this section to improve the user experience when visiting our website and to carry out interest-based marketing. The statutory basis for the use of these tools is your consent pursuant to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future. The access to the information in the end device takes place according to § 25 (1) TTDSG.
3.2.1 Google Analytics
- Automatic deletion of visitor logs by limiting the retention period to 14 months;
- Disabling Ad Personalisation;
- Disabling cross-device and cross-page tracking (Google Signals);
- Disabling the collection of accurate device data;
- Disabling the collection of granular location;
- IP anonymization (shortening of the IP address before evaluation).
Furthermore, we have entered into an order processing agreement with the provider of Google Analytics.
For more information, please see Google’s information on Google Analytics:. https://support.google.com/analytics/answer/6004245
We have concluded an order processing agreement with the provider of Hotjar.
For more information, please refer to Google’s privacy notices that also apply to YouTube: https://policies.google.com/privacy.
4. Data processing in connection with our newsletter
4.1 Subscription to our newsletters
The Centre for Feminist Foreign Policy informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorised to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances.
Statutory basis of the processing is your consent according to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time by unsubscribing from the newsletter. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.
For sending out our newsletter, we work together with The Rocket Science Group LLC d/b/a Mailchimp (Mailchimp).
We have concluded a data processing contract with Mailchimp, which can be viewed here: https://mailchimp.com/en/legal/data-processing-addendum/. You can find their data protection policy here: https://mailchimp.com/legal/privacy/ .
The newsletter service can use the data of subscribers in pseudonymous form in order to optimise or improve their own service. However, the service does not use the data to address the users themselves and can not sell the data to a third party.
The newsletter of the Centre for Feminist Foreign Policy contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Centre for Feminist Foreign Policy may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimise the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. The statutory basis of the processing is your consent according to Art. 6 (1) lit. a GDPR. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. The Centre for Feminist Foreign Policy automatically regards a withdrawal from the receipt of the newsletter as a revocation.
5. Online presences in social networks
We are actively engaged on social networks to spread our message: twitter, Instagram, and LinkedIn. When you interact with us on social media, we may collect certain information such as your username, profile picture, and any content you post or share. We may also use social media to communicate with you. The statutory basis for this data processing is. 6 (1) lit. f GDPR; our legitimate interest is in effective information and communication with visitors to our online presence.
In some instances, we may have access to information about the use of our online presences (insights). These insights contain aggregated data and may include, in particular, demographic information (e.g., age, gender, region) and information about interactions with our online presences (e.g., likes and shares). This information is used to improve our services and provide you with a better user experience. The collection and use of these statistics is generally subject to joint responsibility with the platform provider:
- Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Page Insights Controller Addendum: https://www.facebook.com/legal/terms/page_controller_addendum
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Page Insights Joint Controller Addendum: https://legal.linkedin.com/pages-joint-controller-addendum
- Twitter (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
- Data Processing Addendum: https://privacy.twitter.com/en/for-our-partners/global-dpa
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the privacy notices of the respective social network. We encourage you to review the privacy policies of the social media platforms you use, as they may have their own data collection and sharing practices. If you have any questions or concerns about our use of social media, please do not hesitate to contact us.
6. Further recipients
7. Data transfer to third countries
For the provision of our offers, we partly cooperate with service providers, some of which are based in the United Kingdom or the United States of America. Both states are outside the scope of the GDPR. However, for the United Kingdom the European Commission has issued an adequacy decision pursuant to Article 45 (3) GDPR. No such decision exists for the United States. We expressly point out that, there is a risk that authorities in the US (e.g., intelligence services) may access the transferred data, that data subject rights may not be enforceable and / or that effective legal remedies may not be available.
8. Period for which the personal data will be stored
In principle, we store personal data for as long as it is required to fulfill the purposes for which we collected the data. However, we are subject to certain retention obligations. The criteria used to determine the period of storage of personal data is the respective statutory retention period, for example, from the German Fiscal Code or the German Commercial Code. According to Art. 6 (1) lit. c GDPR, we store personal data that is subject to this retention obligation even after the purpose of collection has been fulfilled. In this case, the storage period can be up to ten years.
Insofar as personal data is concerned that serves for the initiation or execution of a contract, we retain the data after the fulfillment of the contract for as long as it is necessary to safeguard our legitimate interests (Art. 6 (1) lit. f GDPR). Our legitimate interest in this case is to be able to fulfill claims that may only arise after fulfillment of the original contract, and to defend ourselves against unlawfully raised claims. The storage period is based on the statutory limitation periods and is usually up to three years (§ 195 BGB).
After expiration of that period, the corresponding data is routinely deleted.
9. Rights of the data subject
If the legal requirements are met, you are entitled to the data subject rights formulated in the GDPR:
- Right to withdraw your consent (Art. 7 (3) GDPR)
- Right to object to the processing of your personal data (Art. 21 GDPR)
- Right to information about your personal data processed by us (Art. 15 GDPR)
- Right to rectification of your personal data stored by us that is incorrect (Art. 16 DSGVO)
- Right to erasure of your personal data (Art. 17 DSGVO)
- Right to restrict the processing of your personal data (Art. 18 DSGVO)
- Right to data portability of your personal data (Art. 20 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO)
To exercise your rights, you can contact us at any time using our contact details above. This also applies if you would like to receive copies of guarantees demonstrating an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.
Requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for a longer period if there are grounds for asserting, exercising or defending legal claims. The legal basis is Art. 6 (1) lit. f GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5 (2) GDPR.
You have the right to revoke your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to exercise your right of revocation or objection, an informal message to the above-mentioned contact details is sufficient.
Finally, we would like to point out that you have the possibility to lodge a complaint with a supervisory authority or to seek a judicial remedy. You can exercise this right, for example, at a supervisory authority of your place of residence, your place of work or the place of an alleged violation. The competent supervisory authority in Berlin is the
Berliner Beauftragte für Datenschutz und Informationsfreiheit