DATA PRIVACY STATEMENT
This data protection declaration has been translated from the german version, where inconsistencies occur, the german version will take precedence.
I. General information on personal data and contact information for the person responsible
The protection of your personal data is important to us. Below we would like to inform you about how we handle personal data. According to Section 4 No. 1 of the Law on Church Data Protection (hereinafter referred to as “KDG”), personal data is all information that relates to an identified or identifiable natural person. Your data will be stored and processed by us in compliance with the relevant regulations. The person responsible for data processing within the meaning of the aforementioned regulations is:
Bauverein Katholische Studentenheime e.V.
Board: Marion Hausmann, chairwoman
Christian Siek, deputy chairman
Pastor Joachim Braun, Björn Verlohner
Wilhelm-von-Steuben-Str. 90
D-60488 Frankfurt am Main, Germany
Telephone: + 49 (0)69 / 789 882 9-0
Fax: + 49 (0)69 / 789 882 9-21
E-Mail: anfrage@bauverein-frankfurt.de
Data security officer:
Herr Pascal Berger
ReBe Partner UG (haftungsbeschränkt)
Altenkesseler Str.17
Gebäude C1
66115 Saarbrücken
Germany
E-Mail: berger@rebe-partner.de
The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
II. Your rights
You have the following rights vis-à-vis the person responsible regarding your personal data. Regarding the requirements for exercising these rights, reference is made to the respective legal basis:
• Right to information in accordance with Section 17 KDG;
• Right to correction in accordance with Section 18 KDG;
• Right to deletion in accordance with Section 19 KDG;
• Right to restriction of processing in accordance with Section 20 KDG;
• Right to information in accordance with Section 21 KDG;
• Right to data portability in accordance with Section 22 KDG;
• Right to revoke consent given in accordance with Section 8 Paragraph 6 KDG;
• Right to complain in accordance with Section 49 KDG.
You also have the right to object:
Persons concerned have the right, for reasons arising from their particular situation, to object at any time to the processing of personal data concerning them, which is carried out on the basis of Section 6 (1) (f) or (g) of the KDG, in accordance with Section 23 of the KDG.
The person responsible will no longer process the personal data in question unless he can demonstrate compelling legitimate grounds for the processing that outweigh the interests of the data subjects, their rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerned are processed for the purpose of direct advertising, data subjects have the right to object at any time to the processing of the personal data concerning them for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
If persons concerned object to processing for direct marketing purposes, the personal data concerning them will no longer be processed for these purposes.
Data subjects/ concerned persons have the opportunity, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise their right to object by means of automated procedures using technical specifications.
III. Legal basis
If we obtain the consent of the data subject for the processing of personal data, Section 6 Paragraph 1 Letter b KDG serves as the legal basis.
If personal data is processed to fulfill the contracts concluded with us, Section 6 Paragraph 1 Letter c KDG serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Section 6 Paragraph 1 Letter d KDG serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Section 6 Paragraph 1 Letter e KDG serves as the legal basis.
If the processing is necessary to protect our legitimate interest or that of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Section 6 (1) (g) KDG serves as the legal basis for the processing.
If reference is made below to the fact that data is processed in the USA, we would like to point out that the European Court of Justice has assessed the level of data protection in the USA as inadequate. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes without any legal remedy. If you have consented to the use of the respective service, you agree, in accordance with Section 41 KDG, that your data will be processed in the USA.
If cookies or similar technologies are used, we obtain prior consent (§ 25 TTDSG), unless this is not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). The revocable consent is clearly communicated to the users and contains information on the respective cookie use.
IV. Duration of storage of personal data
The respective storage period for personal data depends on the legal basis, the purpose of processing and, if applicable, relevant legal retention obligations.
Basically:
If the data processing takes place based on consent within the meaning of Section 6 Paragraph 1 Letter b KDG, the data will be stored until the consent is revoked.
If the data is processed on the basis of Section 6 (1) (g) of the KDG, this data will be stored until the data subject exercises his or her right to object in accordance with Section 23 of the KDG, unless there are compelling legitimate reasons for the processing that are worthy of protection The interests, rights and freedoms of the data subject prevail, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Section 6 (1) (g) of the KDG, personal data will be stored until the person concerned exercises their right to object.
Unless otherwise stated in the following information in this declaration about specific processing situations, personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
V. Verarbeitungssituationen im Einzelnen
1. Processing of personal data when visiting the website
a. Description and scope of data processing
When you access our website (without registering or otherwise contacting us), the following data (so-called log files) are transmitted by your browser to our hosting service provider’s servers:
• IP address
• Date and time of the request
• Time zone difference to GMT
• Website content
• Access status (HTTP status)
• Amount of data transferred
• Request website
• Web browser
• Operating system
• Language and version of the browser
Our hosting service provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, telephone: 030-300 146 0, https://www.strato.de, email: impressum@strato.de
b. Legal basis for data processing
Storage in log files ensures that our website functions properly. It also serves to optimize and ensure the security of our systems. The data will not be evaluated for marketing purposes in this context.
d. Duration of storage
The data we store will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case after the end of the respective session.
Storage beyond this is possible. In this case, the users‘ IP addresses are deleted or altered so that it is no longer possible to assign the calling client.
e. Objection and possibility of elimination
The collection of the above-mentioned data is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object.
2. Processing of personal data through cookies
a. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on the visitor’s computer system when our websites are accessed. Cookies contain a string that allows the visitor’s browser to be identified when they visit our website again.
We use the following types of cookies:
• Transient cookies/session cookies: Are deleted after the session ends
• Persistent cookies: Are deleted after the specified storage period
• Technically necessary cookies
If cookies are also set on our websites for advertising and/or analysis purposes, we will provide information about this separately in this declaration.
You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted.
b. Legal basis for data processing
The legal basis for the processing of personal data using necessary cookies is Section 6 Paragraph 1 Letter c KDG.
c. Purpose of data processing
Technically necessary cookies serve to simplify the use of websites. Some functions of the website or online shop cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.
The user data collected through technically necessary cookies is not used to create user profiles.
d. Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.
3. E-Mail
a. Description and scope of data processing
We publish an email address in our legal notice. If you contact us by email, you agree to email communication that is encrypted for transport but not for content. Please find out about the associated risks, e.g. here: https://www.bsi-fuer-buerger.de.
In this case, the user’s personal data transmitted with the email will be stored.
The data will only be used to process the request.
b. Legal basis for data processing
The legal basis for the processing of data transmitted when sending an email is Section 6 (1) (g) KDG. If the email contact is aimed at concluding a contract, the legal basis for the processing is Section 6 Paragraph 1 Letter c KDG.
c. Purpose of data processing
The processing of personal data serves solely to process the contact. This also includes the necessary legitimate interest in processing the data.
d. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified.
If the correspondence results in a business transaction, the statutory retention requirements apply.
e. Objection and possibility of elimination
If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.
If the storage of data results from a legal obligation, there is no right to object.
4. Facebook
a. Description and scope of data processing
We maintain a company profile on the social media platform Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you have a Facebook profile and are logged into your Facebook account when you visit our company profile, the provider can assign this to your profile. The provider collects and stores data from its users, such as the information entered or the IP address, and may also use this for business purposes.
Further information on data processing by the provider can be found at: https://de-de.facebook.com/policy.php.
We would like to point out that we have no influence on the provider’s data processing. Your data may be processed by the provider in the USA.
If you contact us via Facebook, for example via private message, we are the responsible party within the meaning of the KDG. The data that you send to us as well as data that is required for technical administration are collected and processed.
If the provider processes your data as the operator of the platform (insights data), then the provider is also responsible for data processing within the meaning of the KDG alongside us. The data processing is then carried out on the basis of an agreement between jointly responsible parties within the meaning of Section 28 KDG, which you can access at the following URL:
https://www.facebook.com/legal/terms/page_controller_addendum.
For the use of certain products from the provider, such as the “Facebook business tools” and associated data processing, an additional agreement applies as joint controllers in accordance with Section 28 KDG, which you can access at the following URL:
https://www.facebook.com/legal/controller_addendum
You can reach the provider’s data protection officer at: https://www.facebook.com/help/contact/540977946302970
b. Legal basis for data processing
If you contact us via your social media profile, the legal basis for processing the data is our legitimate interest in answering your request in accordance with Section 6 (1) (g) KDG. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Section 6 Paragraph 1 Letter c KDG
c. Purpose of data processing
The purpose of data processing is to answer your inquiries and, if necessary, to conclude or initiate contracts.
d. Duration of storage
Your data will be deleted after your request has been processed, provided there are no legal retention requirements. We assume final processing if the circumstances indicate that the matter in question has been conclusively clarified.
In addition to the rights set out in the “Your Rights” section, users have the following objection options (so-called opt-out):
https://www.facebook.com/ads/about
http://www.youronlinechoices.com
http://www.aboutads.info/choices/
5. Registration (creating a user account)
a. Description and scope of data processing
In order to apply for dormitory places with us, users must register on our homepage and create a user account.
When registering, the applicant’s email address is requested and the applicant sets a password. After creating the user account, the user receives an automated email asking them to confirm the user account they have created. Please note that this requires an email to be sent to you that is not content-encrypted.
The hosting service provider is netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, telephone: 0721-7540755 0, https://www.netcup.de E-mail: mail@netcup.de.
b. Legal basis for data processing
The legal basis for processing the data is Section 6 Paragraph 1 Letter c KDG.
c. Purpose of data processing
Registration and maintenance of the user account serve to carry out pre-contractual measures, fulfill the contract and communicate with the user.
d. Duration of storage
The registration data will be automatically deleted if the user account has not been used for twelve months.
The data will also be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and there are no legal or contractual retention obligations to the contrary.
e. Objection and possibility of elimination
If a user does not submit an application, the registration can be deleted at any time.
You can find out how the registration can be deleted from the person responsible.
If the data is required to fulfill a contract or to carry out pre-contractual measures (this is the case from the time the application is sent), early deletion of the data is only possible unless contractual or legal obligations prevent deletion.
6. Use of the application portal
a. Description and scope of data processing
Users can apply for dormitory places via the user account they have created. We collect and process the data you request in your user account. We also store so-called log files that document the processing status of the application form by the user. The email address provided during registration is also used to contact the user, for example to inform them about the processing status of the application or to contact them in connection with the application process. Please note that as part of the application process, emails will be sent to you that are not content-encrypted.
We only use your personal data to the extent that this is necessary to fulfill and process the contracts and to process your inquiries. To the extent necessary for the fulfillment of the contract, we also pass on data to service partners that we need to process the contractual relationship or service providers that we use as part of order processing.
In addition to the recipients named in the respective clauses of this data protection declaration, these include, for example, recipients in the following categories: IT service provider.
b. Legal basis for data processing
The processing described above serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures. The legal basis for processing the data is Section 6 Paragraph 1 Letter c KDG.
c. Purpose of data processing
The transmission serves to fulfill our contractual obligations or to carry out pre-contractual measures.
d. Duration of storage
Your data will be deleted when it is no longer required for the implementation of the contract or pre-contractual measures, unless contractual or legal retention obligations conflict with this.
e. Objection and possibility of elimination
If the data is necessary to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible unless contractual or legal obligations prevent deletion.