As a matter of principle, your data transmitted via our online forms will be transmitted securely and encrypted to us. As a result, access by unauthorized third parties can be excluded. We use the SSL process to which our website has been certified by Host Europe. Information about our customers is important to us and helps us to optimize our offerings. We guarantee that we do not sell or rent any customer information. We only share information with our affiliates to the extent described below.
Our data protection officer
The German Doctors e.V. is advised by an external data protection officer. If you have questions about data protection, please contact Mr. Ralf A. Lanz: firstname.lastname@example.org
Responsible body within the meaning of the Federal Data Protection Act is the
German Doctors e.V.
Provision and use of the website
When calling and using our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following information that is technically necessary for us to display our website and to ensure its stability and safety:
- IP address of the requesting computer
- Date and time of request or access
- Time Zone Difference to Greenwich Mean Time (GMT)
- Content of the request
- Name and URL of the retrieved file
- Access status / HTTP status code respectively transferred amount of data
- Website requesting or accessing (Referrer URL)
- used browser and, if applicable, the operating system of your computer and its interface as well as the name of your access provider
- Language and version of the browser software
For the mentioned data processing Art. 6 para. 1 lit. f GDPR serves as legal basis. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard the legitimate interests of our company. The mentioned data for the display of the website are usually stored for 14 days. The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user. Further storage may be made in individual cases if required by law.
Donation and order forms
We collect personal data in the form of your donation form in the form of your name, address and contact details, if necessary your wishes for donation use, donation amount and frequency, if you need a donation receipt and if you would like to receive regular information from us. Furthermore, we collect your information about the payment method and, if necessary, your account number, PayPal ID or credit card information. In addition, it may be possible to make the donation on behalf of another person as a gift donation, so that you can specify the name of the donor, the cause of the donation and a message to the recipient. This information is used to issue the gift donation certificate. With donation actions we raise the donation goal and duration of the donation action as well as a message to the supporters of the action.
In the contact or order form you can tell us your material requirements, if necessary with a message to us, as well as your agreement to the principles of the dispenser.
Cookies and Reach Measurement
If you do not want any cookies to be stored on your computer, you are requested to deactivate the corresponding option in your browser’s system settings. Stored cookies can be cleared in the browser’s system settings. Deactivating cookies may limit the Website’s functionality.
Internet Explorer: support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
Using Google Analytics
On the basis of our legitimate interests (i.e. interests of analysis and optimisation within the meaning of § 6.1(f) GDPR), we employ Google Analytics, a web analysis service provided by Google Inc. (“Google”).
1600 Amphitheatre Parkway
Mountain View, CA 94043
Google Analytics utilises cookies (see § 7) to facilitate analysis of your website use. Your user data for the Website is generated by the cookie and thereafter generally transmitted to a Google server in the USA and stored there. Google is certified by the Privacy Shield Framework, guaranteeing its compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=active).
Google will use these data in accordance with our instructions to evaluate how our online services are being used, to compile reports about activities within the online services, and to perform additional services connected to the use of these online services and the internet. Pseudonymous user profiles can then be generated from the processed data.
We employ Google Analytics to show advertisements via the advertisement services of Google and its partners to only such users as have demonstrated an interest in our online services or as possess particular characteristics (e.g. an interest in certain topics or products, which is determined using websites visited) which we share with Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). We would also like to use Remarketing Audiences to ensure that our advertisements correspond to the users’ potential interests and are not annoying.
Please note that the “anonymizeIp” code was added to Google Analytics on the Website in order to ensure the anonymised collection of IP data (IP masking). This means that Google shortens users’ IP addresses within European Union member states or in other contracting member states of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be shortened there. The IP address transmitted by the user’s browser will not be combined with other data in the possession of Google. You can prevent cookies from being stored through a corresponding setting of your browser software; however, please note that this may potentially prevent you from using each of the Website’s functions to its full extent.
In addition, you can prevent Google from collecting and processing the data that the cookie generated regarding your usage of our online services by downloading and installing the browser plugin accessible via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
You can prevent Google Analytics from capturing data by clicking the following link. This will put an opt-out cookie in place to prevent your data from being captured during future visits to this website: Deactivate Google Analytics
Remember to renew this opt-out cookie if you delete this or all cookies via your browser settings.
You can find additional information regarding data use by Google as well as setting and opt-out options on the following Google web pages: https://policies.google.com/technologies/partner-sites?hl=en-GB (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads?hl=en-GB (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).
Using Google Remarketing
On the basis of our legitimate interests (i.e. interests of analysis and optimisation within the meaning of § 6.1(f) GDPR), we employ the marketing and remarketing services (“Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google is certified by the Privacy Shield Framework, guaranteeing its compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allows us to better target our online advertisements for our website in order to show users only advertisements that potentially correspond to their interests. When a user is, for example, shown advertisements for products that he viewed on other websites, this is known as remarketing. For these purposes, a Google code is immediately executed by Google when a website on which Google Marketing Services is active is accessed, and (re)marketing tags—invisible graphics or code also known as “web beacons”—are affixed to the website. Using said remarketing tags, an individual cookie, i.e. a small file, is saved on the user’s device (comparable technologies can also be used instead of cookies). This file makes note of which websites the user visited, which content he viewed, and where he clicked; it also records technical information regarding the browser and operating system, referring websites, the time of the visit, and other data related to the usage of the online services.
The user’s IP address is also captured; within the context of Google Analytics, the IP address is shortened within member states of the European Union or in other contracting member states of the European Economic Area and only in exceptional cases transmitted to a Google server in the USA and shortened there. The IP address is not connected to user data from other Google services. The above information can also be combined by Google with similar information from other sources. If the user subsequently visits other websites, he may be shown advertisements targeted to his interests.
Google Marketing Services processes user data pseudonymously. This means that Google does not save and process data such as the names or email addresses of the users but rather processes relevant data based on cookies within pseudonymous user profiles. From Google’s perspective, the advertisements are therefore not administered and shown with reference to a concretely-identified person but rather with reference to the holder of the cookie regardless of said holder’s identity. This does not apply if a user has expressly permitted Google to process his data with this pseudonymisation. The data captured by Google Marketing Services about the user are transmitted to Google and saved on Google servers in the USA.
We also employ the Google Optimize service on our Website. Google Optimize allows us to use so-called A/B tests to reconstruct how various changes can affect a website (e.g. changes to input fields, design changes etc.). Cookies are stored on your device for these purposes. All data processed in this context are pseudonymous. Furthermore, we use Google Tag Manager to incorporate Google’s analysis and marketing services into our Website and to administer the same.
If you would like to opt out of Google Marketing Services’ targeted advertisements, you can make use of Google’s settings and opt-out options: http://www.google.com/ads/preferences.
Using Google Web Fonts
Our website for the unified representation of fonts called Web Fonts by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address.
Integration and use of social media plugins
On the website of the German Doctors e. V. Plugins are used by social networks. The purpose of the integration is to enable our users to redistribute the contents of this website, to publicize the German Doctors’ aid work in the digital world and to increase the number of visitors to our website in order to generate more donations for those in need in the long term. The necessary data processing constitutes a legitimate interest on the basis of Art. 6 (1) lit. In particular, this concerns the plugins of Facebook, Twitter, Instagram, Google+, YouTube and Wakelet:
Our website uses so-called social plugins (“plugins”) of the social network Facebook operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social Plug-in of Facebook” or “Facebook Social Plugin”. An overview of the Facebook plugins and their appearance can be found at https://developers.facebook.com/docs/plugins.
When you visit a page of our website that contains such a plugin, your browser connects directly to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) will be transmitted from your browser directly to a Facebook server in the US and stored there. If you are logged in to Facebook, Facebook can immediately assign the visit to our website to your Facebook profile. If you interact with the plugins, for example, click the “Like” button or leave a comment, this information is also transmitted directly to a Facebook server and stored there. The information will also be posted on your Facebook profile and displayed to your Facebook friends.
This site uses the YouTube Embedding feature to view and play videos from the YouTube publisher, which is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). The plugins are marked with a logo from YouTube. For an overview of the YouTube plug-ins and their look, visit https://developers.google.com/youtube/.
Our users’ rights
You have the following rights under the European General Data Protection Regulation as the person concerned:
Information: You have the right to require the person responsible to confirm whether your data is processed by him and, if necessary, the right to information about this personal data, the purpose of processing, the categories of personal data, the recipients or categories of recipients to whom your data have been or will be disclosed, if possible, the planned duration of the data storage, or the criteria for determining the duration of the processing. The right of access is restricted if the provisions of § 34 (1) of the Federal Data Protection Act n.F. are fulfilled.
If the data are not collected directly from you, there is a right to
information about their origin. If the data are transmitted to an
EEA-third country or an international organization, you have the right
to be informed about appropriate guarantees under Article 46 of the
GDPR. The controller will provide a copy of the data that is the subject
of the processing.
Correction: You have the right to demand from the person responsible immediate correction of incorrect personal data concerning you and to demand the completion of incomplete personal data, taking into account the processing purpose.
Cancellation: You have the right to ask the person responsible for your personal data to be deleted immediately, provided that
- the data has been processed for the purposes of the survey and is no longer necessary or
- You have revoked your consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR and that there is no other legal basis for the processing, or
- You object to the processing in accordance with Article 21 (1) of the GDPR and there are no legitimate reasons for the
- processing, or you object to the processing pursuant to Article 21 (2) of the GDPR, or
- if your data was processed unlawfully or
- the cancellation of the fulfillment of legal obligations is subject to or
- the data relating to an information society service offered were collected in accordance with Article 8 (1) GDP
If the controller has made the personal data publicly available and is required to delete it in accordance with Article 17 (1) of the GDPR, he shall take appropriate measures, including technical ones, to data controllers processing the personal data, taking into account available technology and implementation costs to inform you that the data subject has requested that you delete all links to such personal data or copies or replications.
The aforementioned rights do not apply insofar
- the processing is necessary to exercise the right to freedom of expression,
- it is necessary to fulfill a legal obligation of the person responsible for the processing or
- they are needed to assert, exercise or defend legal claims.
- The cancellation statutory or contractual retention periods in accordance with § 35 paragraph 3 Federal Data Protection Act n.F. conflict.
The right to erasure may be replaced in cases of § 35 Federal Data
Protection Act n.F., in which a deletion is not possible or with a
disproportionate effort, possibly by a restriction of processing. The
same applies if the person responsible has reason to believe that
deletion would adversely affect a legitimate interest of the data
subject. If possible, the person responsible informs the person
concerned about the restriction.
Restriction of processing: You have the right to demand that the person responsible for the processing be restricted under the following conditions:
- You deny the accuracy of the personal data, for the duration that allows the person responsible to verify the accuracy or,
- if the processing is unlawful and a cancellation is denied or
- the data controller no longer needs the data for the purpose of the processing but the data subjects need it for the purpose of
- asserting, exercising or defending legal claims; or
- if you objected to the processing pursuant to Article 21 (1) GDPR, as long as it is not certain that the responsible person’s
- legitimate reasons prevail over the data subject.
If processing has been restricted in accordance with Article 18 (1) GDPR, these data may not be stored except with the consent of the data subject or for the purposes of asserting, exercising or defending legal claims or for the protection of another natural or legal person or for important public reasons Interests are processed. The data subject who has obtained a restriction of processing will be informed by the controller before the restriction is lifted.
Objection to processing: You may object to the processing of your data at any time for reasons of your particular situation, provided that the processing is based on Article 6 (1) (e) or (f) of the GDPR. The controller only processes the personal data if he can demonstrate compelling legitimate reasons against processing that outweigh the interests, rights and freedoms of the data subject or if the processing of the assertion, exercise or defense of legal claims serves the purpose of processing.
If personal data are processed in order to operate direct mail, then
the data subject has the right to object at any time to the processing
of his personal data. This also applies to profiling, as far as it is
related to direct mail. The data will then no longer be processed for
the purpose of direct mail. The reference to this right must be made at
the latest at the time of the first communication. In relation to the
use of information society services, the data subject may exercise his
right of opposition through automated procedures using technical
Revocation of consent: If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time in accordance with Article 7 (3) GDPR.
Consequences of not providing the data: You are not obliged to provide us with the data of the inquiry form. However, a non-provisioning might have the consequence that your request can not be processed.
Right to Data Portability: You have the right to receive personal data relating to you, provided to the controller, in a structured, common and machine-readable format, and to communicate that information to another person without hindrance, provided that
- processing on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR, or
- is based on a contract pursuant to Article 6 (1) (b) GDPR; or
- the processing is carried out by means of automated methods.
In the exercise of this right, the data subject can obtain that the
data is transmitted directly from one person responsible to another
person responsible, insofar as this is technically feasible and no
rights and freedoms of other persons are impaired.
Automated Decisions or Profiling: If the controller performs automated decision making or profiling, you have the right not to be subjected solely to automated processing – including profiling – based decisions that have legal effects on you or similarly affect you in a similar manner. This does not apply if
- the decision is required for the conclusion or the fulfillment of a contract between you and the person responsible or
- legal provisions to which the controller is subject allow this, and these rules contain appropriate measures to safeguard the
- rights and freedoms and the legitimate interests of the data subject; or
- the processing takes place with your express consent.
Unless the processing is based on law, the controller will take reasonable steps to safeguard your rights and freedoms, as well as your legitimate interests.
Decisions according to the aforementioned exceptions may not be based on specific categories of personal data under Article 9 (1) GDPR except where Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to safeguard your rights and freedoms and legitimate interests.
Right to complain to a supervisory authority: You have the right to complain to a supervisory authority.
Explanation of terms
Personal data means any information relating to an identified or identifiable natural person (‘the data subject’); a natural person is considered as being identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
Processing means any process, performed with or without the aid of automated procedures, or any such process associated with personal data, such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any type of automated processing of personal data that involves the use of such personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict interests, reliability, behavior, whereabouts or location of this natural person.
The person responsible is the natural or legal person, public authority, body or other body that, alone or in concert with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
A processor shall mean a natural or legal person, public authority, body or body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, agency, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered to be recipients; the processing of such data by the said authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing.
Third is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
The data subject’s consent shall be deemed to be voluntary in a written, informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act by which the person concerned indicates that he is involved in the processing of his personal data Data agrees.
Supervisory authority is an independent government agency set up by a Member State that promotes and monitors compliance with data protection rules.