enes

Data protection

(information pursuant to Art. 13 GDPR)

 

Purpose Stiftung gemeinnützige GmbH (in the following also „we“ or „us“) is delighted about your visit to its internet pages and your interest in its work and organization.

The following information refers to our website steward-ownership.com and their subpages. 

We attach great importance to data protection and process your personal data confidentially and only in accordance with the statutory regulations. Below, we provide information about when we collect which data and how we use it.

 

1. Controller

Responsible controller for data protection is:

Purpose Stiftung gemeinnützige GmbH
Süderstraße 73
20073 Hamburg, Germany 

Managing Director: Armin Steuernagel und Adrian Hensen
Court of registration: Hamburg Local Court
Number of Registration: HRB 153854

Contact: hello@purpose.ag

 

2. Scope of personal data processing 

All information relating to an identified or identifiable natural person is personal data, such as name, identification number, email addresses or contract details. This may also include data that provides information about the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. We collect and use personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of users of our website only takes place if there is a legal basis for this or if you have given us your consent.

 

3. Categories of data processed

a) When visiting the website

When you visit our website, the following categories of personal data are processed:

  • Technical contact data that is essential for accessing our website and documents the connection established, such as IP address, date and time of website access, browser type and operating system used.

  • Tracking data on your usage behaviour.

b) When using the contact form

If you use our contact form, the following data categories will be processed:

  • Contact data (name and e-mail address)

  • Data relating to the information entered in the text box

c) When registering and using the registration function (user account)

If you create a user account, the following categories of data are processed:

  • Registration data

  • Usage data relating to websites and content visited

d) When registering for and subscribing to our newsletter

When you sign up to receive our newsletter, we process the following categories of data:

  • Contact data: first name, surname, email address

  • Data documenting your consent to data processing

e) When using the donation function

When you use the donation function via the ‘Donate’ button, we process the following categories of data:

  • Contact details

  • Payment details

4. Purposes and legal bases of data processing

We process your personal data for the following purposes:

  • Provision of the website (legal basis: legitimate interest of the in public relations within the framework of data protection regulations in accordance with Art. 6 (1) (f) GDPR)

  • An optimal user experience through optimised knowledge transfer, with voluntary registration to record knowledge transfer and reading progress (legal basis: consent pursuant to Art. 6 (1) (a) GDPR)

  • Communication by e-mail, post, telephone (legal basis: legitimate interest in responding to your inquiry in accordance with Art. 6 (1) (f) GDPR or, where applicable, the implementation of a contract or the initiation of a contract in accordance with Art. 6 (1) (b) GDPR)

  • Sending letters and information by post and/or e-mail to draw attention to tenders, for press communication, sending invitations, connecting project partners, sending greetings (legal basis: legitimate interest in sending in accordance with Art. 6 (1) (f) GDPR or, where applicable, consent given in accordance with Art. 6 (1) (a) GDPR)

  • Processing for archival and historiographical purposes (legal basis Art. 89 GDPR in conjunction with § 28 BDSG (Federal Data Protection Act))

  • Conducting business relationships (legal basis: legitimate interest in the use of, for example, contact details in accordance with Art. 6 (1) (f) GDPR)

  • Provision of video files from third-party providers (YouTube) (legal basis: consent pursuant to Art. 6(1)(a) GDPR)

  • To identify malfunctions and for security reasons (legal basis: fulfilment of our legal obligations in the area of data security and legitimate interest in eliminating malfunctions and ensuring the security of our services pursuant to Art. 6(1)(c) and (f) GDPR).

  • Fulfilment of usage contracts (legal basis: fulfilment of the agreement pursuant to Art. 6(1)(b) GDPR)

  • Fundraising (Legal basis: Legitimate interest in fundraising pursuant to Article 6(1)(f) of the GDPR or, where applicable, consent given pursuant to Article 6(1)(a) of the GDPR))

  • Sending the newsletter to recipients by email (legal basis: consent pursuant to Art. 6(1)(a) GDPR)

  • Sending book content electronically to the email address provided (legal basis: consent in accordance with Article 6(1)(a) of the GDPR)

  • Safeguarding and defending our rights (legal basis: legitimate interest of in asserting and defending its rights pursuant to Art. 6(1)(f) GDPR).

  • Documentation of declaration(s) of consent (legal basis: Art. 6(1)(c) in conjunction with Art. 7(1) GDPR).


5. Transfer of data

a) General Information

Your personal data will not be transferred to third parties for purposes other than those stated. We will only transfer your personal data to third parties if:

  • you have given your express consent,

  • the processing is necessary for the initiation or execution of a contract with you,

  • the processing is necessary to fulfil a legal obligation,

  • the processing is necessary to safeguard legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

b) Transfer to other controllers

We will only transfer your personal data to other controllers if this is necessary for the fulfilment of a contract, if we or the third party have a legitimate interest in the transfer, or if you have given your consent. In addition, data may be transferred to other controllers if we are obliged to do so by law or by an enforceable administrative or court order.


c) Transfer to service providers

We carefully select and regularly monitor the service providers we commission (e.g. programming or web hosting). All service providers are bound by us to maintain confidentiality and comply with the legal requirements regarding data protection.

d) Transfer to recipients outside the EEA

We may also transfer personal data to recipients located outside the EEA and thus in so-called third countries. In such a case, prior to the transfer, we ensure that the recipient either provides an appropriate level of data protection (e.g. due to a decision of adequacy by the EU Commission for the respective country or due to the agreement based on so-called EU standard contractual clauses of the European Union with the recipient) or that you have given your consent to the transfer.

 

6. Duration of storage and deletion of data

We only store your personal data for as long as it is necessary to provide our online services or for as long as we have a legitimate interest in further processing. In all other cases, we delete the personal data unless we are obliged to continue storing it due to legal obligations (For example, we are obliged to retain certain documents for the period specified by law due to tax and commercial law deadlines).

 

7. Data processing when visiting our website

a) General Information

When you visit our website, certain personal data is collected. This serves to improve the content and functionality and thus the attractiveness of our website.

We use these server log files to store information that your browser automatically transmits to us for technical reasons. This data is not stored in a way that can be traced back to you. Nor is this data merged with other data sources. The log files are stored to ensure smooth connection establishment, convenient use of our website, evaluation of system security and stability, and for security reasons (e.g. to investigate attempted attacks).

In individual cases, log files may be passed on to investigating authorities. We generally store your IP address in anonymised form; no personal evaluation takes place. With the exception of storage for the purpose of logging consent, the pseudonymised IP address is deleted promptly after your visit to our website.

When you visit our website, we store the following server log files:

• Browser type/version including installed add-ons and language

• Pseudonymised IP address (so-called Internet Protocol address) of the end device from which our online service is accessed.

• Operating system used on the end device

• Referrer URL (the previously visited website)

• Date, time and duration of the server request

• Time zone difference from Greenwich Mean Time (GMT)

• Amount of data transferred

• Name of the files or information accessed(page visited)

• Access status/HTTP status code

These log files are deleted after a storage period of 6 months, unless longer storage is necessary for purposes of evidence or to clarify an incident.

b) Integration of YouTube (so-called embedding in privacy mode)

By activating the corresponding slider in the cookie banner or on the preview within the embedded video to play the content, you agree that we may allow Google, as the provider of the YouTube service, to collect data for its own purposes. The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider.

We then embed videos stored on YouTube on our website. It is also possible to embed Google Fonts content. When embedded, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only accessed by clicking on the video separately. YouTube content is embedded in what is known as ‘extended data protection mode’. This is provided by Google as the operator of YouTube and ensures that no data is transmitted to Google and no cookies are stored on your device before you activate your consent in the section of the browser window for playing the video.

As soon as you give your consent by clicking to load the video, the video will be loaded from YouTube. Technically, the same thing happens as if you were to switch to the YouTube website via a link: YouTube receives all the information that your browser automatically transmits (including your IP address). YouTube also sets its own cookies on your device. This also happens if you do not have a YouTube user account. If you are logged in to YouTube or Google, your data will be directly associated with your account. If you do not want your data to be associated with your YouTube or Google user account, you must log out of YouTube and Google before clicking on the corresponding slider in the cookie banner or the consent notice in the video frame of the browser window.

We have no knowledge of further details regarding the processing of personal data in this regard within Google's area of responsibility. Purpose Stiftung gemeinnützige GmbH has no influence on Google's data processing.

Information about Google's processing of personal data can be found in Google's privacy policy: https://policies.google.com/privacy

The integration of YouTube is based on your consent in accordance with Art. 6 (1) (a) GDPR, provided that you have previously given your consent by clicking on the preview image or in the cookie banner.

Withdrawal of consent: Once you have clicked on a preview image, the content from YouTube will be reloaded immediately. If you do not want this reloading to occur on other pages, please do not click on the preview images.

c) Newsletter Distribution with MailerLite

Our cost-free newsletter keeps you regularly updated by email on the latest developments, events and projects. On our website and for sending out newsletters, we use the MailerLite service provided by the US-based company MailerLite Inc., 548 Market St, PMB 98174, San Francisco, CA 94194-5401, USA. 

MailerLite also processes personal data in the USA. In the opinion of the Court of Justice of the European Union, there is currently no adequate level of protection for data transfers to the USA, which entails various risks to the lawfulness and security of the relevant data processing.

MailerLite uses standard contractual clauses approved by the European Commission for the transfer of personal data to the US. These clauses oblige MailerLite to maintain the same level of data protection as in the European Union when processing personal data outside the European Union. These clauses are based on an implementing decision of the European Commission.

Further information on these standard contractual clauses can be found at:

https://www.mailerlite.com/legal/data-processing-agreement  

Further information on MailerLite’s processing of personal data can be found in the privacy policy at: https://www.mailerlite.com/legal/privacy-policy 

We use the double opt-in procedure for registering for our newsletter. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you are the owner of the email address and that you wish to receive the newsletter. 

If you do not confirm your registration within 30 days, your information will be automatically deleted after the 30 days have expired. In addition, we store your IP addresses and the times of registration and confirmation. This serves the purpose of verifying your registration and, if necessary, investigating any possible misuse of your personal data.

The only mandatory information required for sending the newsletter is your email address. The provision of additional, separately marked data is voluntary and is used to address you personally.   The data you enter for this purpose will only be used to personalise the newsletter and will not be passed on to third parties.

After your confirmation, we will store your email address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 (1) sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time by clicking on the link provided in each newsletter email or revoke your consent at any time by sending an email or by sending a message to the contact details provided in the imprint.

d) Data security: SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

 

8. Your rights

You have the right to:

•    information about your data stored by us and its processing,

•    correction of incorrect personal data,

•    deletion of your data stored by us,

•    restriction of data processing if we are not yet permitted to delete your data due to legal obligations,

•    objection to the processing of your data by us if the requirements of Art. 21 GDPR are met,

•    data portability,

•    right to revoke consent: if you have given us your consent, you can revoke it at any time with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. This may be the data protection authority responsible for your place of residence or federal state, or the data protection authority responsible for us. The data protection authority responsible for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22
20459 Hamburg

E-Mail: mailbox(at)datenschutz.hamburg.de

 

9. Changes to our privacy policy

 We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.