Data protection statement 

 

Section 1 Information on the collection of personal data

(1) The following information provides details on what personal data are collected when you access our website. The term ‘personal data’ refers to all data that relates to you personally, e.g. name, address, email addresses, user behaviour.

(2) Responsibility for the processing of personal data lies with

Central Council of German Sinti and Roma
Bremeneckgasse 2
Postal address: 69117 Heidelberg
Email: zentralrat@sintiundroma.de
Website: https://zentralrat.sintiundroma.de/
Tel.: +49 (0)6221 / 98 11 01

If you have any specific questions about the protection of your data at the Central Council of German Sinti and Roma, please contact the Data Protection Officer:

Beauftragter für den Datenschutz im Zentralrat Deutscher Sinti und Roma
Bremeneckgasse 2
69117 Heidelberg
Email: zentralrat@sintiundroma.de

 (3) If you contact us via email, we will save the data you provide (email address, in certain cases your name and telephone number) in order to answer your question/s. The data collected in such cases will be deleted once it no longer needs to be stored or, in the case that we have a legal obligation to retain it, processing of this data will be restricted.

(4) Regarding cases in which we use third-party providers to provide individual service functions or wish to use your data for advertising purposes, we inform you about the individual processes involved below. We also set out the criteria used to determine the period of time for which your data are stored.

Legal basis for the processing of personal data

The Central Council of German Sinti and Roma processes personal data as it carries out the tasks of public interest that are assigned to it. These public duties particularly include public relations work, which also involves providing information for the public on this website. The processing of personal data in this context is based on Art. 6 (1) (e) General Data Protection Regulation (GDPR) in conjunction with the relevant national or European standards, or in conjunction with Section 3 of the Federal Data Protection Act. The same applies to applications made to the Central Council of German Sinti and Roma, the processing of which requires the Central Council to process personal data (e.g. applications for funding or for access to information under the German Freedom of Information Act, the Environmental Information Act or press law). Insofar as the processing of personal data is, in individual cases, required in order to fulfil a legal obligation, this is based on Article 6 (1) (c ) GDPR in conjunction with the relevant legal provisions under which the legal obligation arises.

Insofar as we obtain the consent of the data subject to process his/her personal data, this is based on Art. 6 (1) (a) GDPR.

In individual cases, the processing of personal data required for the performance of a contract to which the data subject is a party is based on Art. 6 (1) (b) GDPR. This also applies to processing operations necessary for the implementation of pre-contractual measures.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, this is based on Art. 6 (1) (d) GDPR.


Section 2 Your rights

You have the following rights with regard to the personal data concerning your person:

  • Right of access, Art. 15 GDPR
    The right of access confers on the data subject a comprehensive right of access to the data concerning his/her person and to certain important information-related criteria, such as the purposes for which it is processed or the duration for which it will be stored. The exceptions to this right regulated in Section 34 Federal Data Protection Act apply.
  • Right to rectification, Art. 16 GDPR
    The right of rectification includes the possibility for the data subject to have inaccurate personal data corrected.
  • Right to erasure, Art. 17 GDPR
    The right to erasure includes the possibility for the data subject to have data deleted by the party responsible. However, this is only possible if the personal data concerning his/her person are no longer needed, are processed unlawfully or if the relevant consent has been revoked. The exceptions to this right regulated in Section 35 Federal Data Protection Act apply.
  • Right to restriction of processing, Art. 18 GDPR
    The right to restrict the processing includes the possibility for the data subject to prevent further processing of personal data concerning his/her person for the time being. A restriction particularly occurs pending verification of the exercise of other rights of the data subject.
  • Right to object to collection, processing and/or use, Art. 21 GDPR
    The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data, insofar as this is justified by the exercise of public functions or of public or private interests. The exceptions to this right regulated in Section 36 Federal Data Protection Act apply.
  • Right to data portability, Art. 20 GDPR
    The right to data portability includes the possibility for the data subject to obtain the personal data concerning his/her person from the person responsible in a standard, machine-readable format, in order to be able to forward them to another person responsible if necessary. According to Art. 20 (3) sentence 2 GDPR, however, this right does not apply if the data processing serves the performance of public tasks.
  • Right to revoke consent, Art. 13 and 14 GDPR
    If personal data is processed on the basis of consent, the data subject may revoke such consent at any time for the purpose for which it was given. The lawfulness of the processing undertaken on the basis of this consent remains unaffected until receipt of the revocation.

You can assert the aforementioned rights in writing using the contact details set out in Section 1.

Pursuant to Art. 77 GDPR, you also have the right to appeal to the data protection supervisory authority: the Federal Commissioner for Data Protection and Freedom of Information.

You can also contact the Data Protection Officers under Section 1 if you have any questions or complaints
 

Section 3 Collection of personal data when you visit our website 

(1) If you use this website for purely informational purposes, i.e. you do not register or provide us with information in any other way, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you, to guarantee its stability and ensure it remains secure (based on Art. 6 (1) sentence 1 (f) GDPR):

– IP address

– Date and time of the request

– Time-zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status/HTTP status code

– Amount of data transferred in each case

– Website from which the request originates

– Browser

– Operating system and interface

– Language and version of the browser software

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard drive which are assigned to the browser you are using and through which certain information flows to the location that has set the cookie (in this case, to us). Cookies cannot launch and operate programmes or transmit viruses to your computer. They serve to make internet services more user-friendly and efficient.

(3) Use of cookies:

  1. a) This website uses the following types of cookies, the scope and functionality of which are explained below:

– Transient cookies (see b)

– Persistent cookies (see c).

  1. b) Transient cookies are automatically deleted when you close your browser. This particularly includes session cookies. These store a ‘session ID’, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised again when you return to our website. Session cookies are deleted when you log out or close your browser.
  2. c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies via the security settings for your browser at any time.
  3. d) You can configure your browser settings according to your wishes and, for example, refuse to accept all third-party cookies or all cookies in general. We draw your attention to the fact that depending on which settings you select, you may not be able to use all the functions of this website.
  4. e) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects store the required data regardless of the browser you are using, and do not have a date on which they automatically expire. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, such as Better Privacy for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in private mode. We also recommend that you delete your cookies and browser history manually on a regular basis.

Section 4 Other functions and services on our website

1) In addition to making our website available to you for purely informational purposes, we also offer various services that you can use should you be interested in doing so. In order to use these, you will generally have to provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by ourselves, are bound by the instructions we give them, and are checked regularly.

(3) We may also disclose your personal information to third parties when we offer promotions, competitions, contracts or similar services in conjunction with partners. You will receive further information on this when you enter your personal data or can find this in the description of the details of the specific service.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about any consequences of this in the description of the service provided.
 

Section 5 Filing an objection/revoking consent to our processing your data

(1) If you have given your consent to the processing of your data, you can revoke it at any time. Once you have revoked your consent, the permissibility of your personal data being processed is altered.

(2) Insofar as we base the processing of your personal data on a weighing up of interests, you may file an objection to us carrying out this processing. This is the case if the processing of this data is, in particular, not necessary in order to fulfil a contract with you, which is indicated by us in each case. In the event that you wish to file an objection, we ask you to explain the reasons why we should cease to process your personal data. If you then file an objection in which you state the relevant reasons, we will examine the facts and either discontinue or adapt the processing or will set out compelling reasons as to why we will continue to process the data concerned.

(3) You may, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to the processing of your personal data for advertising purposes by writing to us at the following: Central Council of German Sinti and Roma, email: zentralrat@sintiundroma.de. 
 

Section 6 Newsletter

(1) By providing the relevant consent, you can subscribe to our newsletter.

(2) Registration for our newsletter is based on a double opt-in procedure. This means that after you register, we will send an email to the email address provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to document your registration and, if necessary, to investigate any possible misuse of your personal data.

(3) Your email address is the only mandatory piece of information required for receiving the newsletter. Provision of further data, marked separately, is voluntary and enables us to address you personally. After receiving your confirmation, we save your email address for the purpose of sending you the newsletter. This is based on Art. 6 (1) sentence 1 (a) GDPR.

(4) You can revoke your consent to our sending you the newsletter at any time and unsubscribe. You can notify us of your revocation by clicking on the link which is provided in every newsletter email, by sending an email to zentralrat@sintiundroma.de or by sending a message using contact details.

(5) To send out the newsletter and collect tracking data, we use services provided by Sendinblue. You can find further information on the third party provider’s data protection at https://de.sendinblue.com/legal/privacypolicy/


Section 8 Use of social media plug-ins

(1) We currently use the following social media plug-ins: Facebook, Twitter and email

We use a two-click solution for this. This means that when you visit our site, as a basic rule, no personal data is passed on to the providers of the plug-ins. You can see who the provider of the plug-in is by looking at the name given in the title line or by hovering the mouse over the logo or the button. We have made it possible for you to communicate directly with the provider of the plug-in by providing a button. The plug-in provider will only receive information that you have accessed the relevant page of our online service if you click on and thereby activate the marked field. In addition, the data mentioned under Section 3 of this declaration will also be transmitted.

According to information provided by the respective providers of Facebook and Xing in Germany, IP addresses are made anonymous immediately after they are collected. By activating the plug-in, your personal data are transferred to the respective plug-in provider and stored by them at their location (e.g. in the case of US providers, this information is stored in the USA). As the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.

(2) We have no influence on the data collected and the data processing operations used, nor are we aware of the full scope of data collection, the purposes of processing, or the periods of data retention. In addition, we do not have any information relating to deletion of the data collected by the plug-in provider.

(3) The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or needs-based website design. This data (including that of users who are not logged in) is evaluated in particular in order to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and can exercise this right by contacting the respective plug-in provider. The plug-ins make it possible for you to interact with social networks and other users and thereby enable us to improve the services we offer and make them more attractive and useful to you as a user. The use of plug-ins is based on Art. 6 sentence 1 (f) GDPR.

(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in with them. If you are logged in with the plug-in provider, the data that we collect about you will be directly assigned to your existing account with this provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, as this allows you to avoid data about you being assigned to your profile at the plug-in provider.

(5) Further information on the scope of data collection and processing by the plug-in provider and on the purposes for which it is used can be found in the following data protection statements published by these providers. These also contain further information on associated rights and on the different privacy protection settings that are available.

(6) The addresses of the respective plug-in providers and the URLs where their data protection information can be found are as follows:

  1. Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
  2. Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; google.com/policies/privacy/partners/. Google has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
  3. Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; com/privacy. Twitter has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.


Section 9 Embedding of YouTube videos

(1) We have embedded YouTube videos on our website which are stored at www.YouTube.com and can be played directly from our website. These are all embedded in the extended data protection mode, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. The data referred to in paragraph 2 are transmitted only if you play the videos. We have no influence on the transmission of this data.

(2) If you visit the website, YouTube receives the information that you have accessed the corresponding page of our website. In addition, the data mentioned under Section 3 of this declaration will also be transmitted. This occurs regardless of whether you have a YouTube user account that you are logged in to, or whether you do not have such an account. When you are logged in to Google, your information will be directly associated with your account. If you do not wish your profile to be associated with YouTube, you must log out before activating the button. YouTube stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or needs-based website design. This data (including that of users who are not logged in) is evaluated in particular in order to develop targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and can exercise this right by contacting YouTube.

(3) Further information on the scope of data collection and processing undertaken by YouTube and on the purposes for which it is used can be found in its data protection statement. This also contains further information on your rights and on the different privacy protection settings that are available: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA.


Section 10: Google Analytics

We use Google Analytics in our Internet presence. This is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.

Through the certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA. The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.

Usage and user-related information, such as IP address, place, time or frequency of the visit to our website, is transferred to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. With this function Google shortens the IP address already within the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.

Google states that it will not link your IP address to other data. Google also keeps a record of your IP address under

https://www.google.com/intl/de/policies/privacy/partners

will provide you with further information on data protection law, for example on the possibilities of preventing the use of data.

In addition, Google offers under

https://tools.google.com/dlpage/gaoptout?hl=de

a so-called deactivation add-on together with further information on this. This add-on can be installed with all common internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. Whether and which other web analysis services are used by us, you will of course also find out in this data protection declaration.

 

In partnership with