1. Responsibility for the Processing of Your Personal Data (Controller)
1.1. In this Privacy Policy, we would like to inform you which of your personal data we collect and process, and for what purposes. We only process your personal data insofar as you have given us your consent, or we are permitted to so according to law. The following article numbers refer to the European General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
1.2. We,
Foundation myclimate – The Climate Protection Partnership
Pfingstweidstrasse 10
8005 Zürich
Switzerland
info@myclimate.org
are the “controller” who is responsible for processing your personal data in the meaning of Art. 4 no. 7 GDPR. You can contact our data protection officer at beat.nussbaumer@myclimate.org or via our mail address, attention of “data protection officer”.
2. Personal Data
The term “personal data” includes your personal details (such as your name, date of birth, address, citizenship), your identification data (e.g. your passport details), your order data including your e-mail address, your technical connection data (e.g. your IP address), your account and payment data (depending on the payment type), advertising and sales data and other comparable data.
3. Collection of Your Personal Data
In connection with the processing of your personal data, we make a distinction between data we collect directly from you and data that we receive from other sources.
3.1. “You can calculate your emissions in the categories of Flight, Car, Cruise, Company, Events and Household, as well as your own personal carbon footprint, on the myclimate website. We can process the data provided by you when using these tools; specifically, we can collect it, store it on data carriers, and use it to maintain and further develop our offering. In particular, we can use the data to improve our tools for calculating emissions/carbon footprints.”
3.1.1. If you are our customer, we will process the personal data you share with us when you contact us (e.g. via contact form, by e-mail or via your customer account). For example, this includes your name and e-mail address. This is done for the performance of the contract concluded with you pursuant to point (b) of Art. 6 (1) GDPR.
We use Microsoft Forms, part of the Office 365 Family. MS Form is GDPR-compliant and the data for European-based tenants is stored on servers in Europe. Microsoft Data privacy is available here: https://privacy.microsoft.com/en-gb/privacy
3.1.2. When using our online zone via your customer account by means of a compensation or donation for a climate protection project and the associated contract conclusion, we process the personal data you share with us, which are required for the initiation of this contract via our online zone, for its performance and, if applicable, for the provision of a warranty or for the unwinding of the contract (point (b) of Art. 6 (1) GDPR). Among other things, the processed data include your address, your date of birth and your account/payment data. During the electronic order process, your technical connection data are collected as well. Erasure of your customer account is possible whenever you wish. This can be done by means of a message to info@myclimate.org or using a function for this purpose in the customer account.
We may also process the data you specify for the purpose of informing you by mail about other interesting products from our portfolio. The legal basis for this is point (f) of Art. 6 (1) GDPR.
3.1.3. When you use our online area via your customer account in the process of financing climate protection projects or making a donation and in the course of the associated contract conclusion, we process your personal data, which are required for the initiation and execution of this contract and, if applicable, for the provision of a warranty or for the unwinding of the contract (pursuant to point (b) of Art. 6 (1) GDPR).
3.1.4 In order to provide you with a self-service information channel, also independently of our business hours, there is a chatbot ("digital assistant") on the website. During the automated chat, various information is transferred to the dialog platform (Art. 6 para. 1 a DSGVO). This includes, for example, the questions and answers entered by you (chat history).
To optimize the artificial intelligence of the chat bot, log files and chat histories are stored. The retention period is the period during which the collected data is stored for processing. The data will be deleted as soon as it is no longer needed for the specified processing purposes. Please note that some chat histories require us to request certain personal data in order to process your request, such as your name, email address or phone number. There is the possibility that the chatbot, if necessary and after your explicit consent, transfers your questions to our myclimate team for further consultation. In doing so, the chat history and existing customer data are transferred to the myclimate specialist.
We process the collected data in the cloud-based dialog system of the order processor knowhere (knowhere GmbH, Steinhöft 9, 20459 Hamburg, Germany). Thereby, the data hosting takes place in their company-owned data center in Hamburg, Germany.
3.1.5 Shape Your Trip - Teacher Registration: On the website https://module.shapeyourtrip.myclimate.org/ and https://module.jobsforfuture.myclimate.org/ you have the possibility to register as a teacher. Within the framework of user registration using the SSO application "Keycloak", personal data is processed: Username, password, email address, first name, last name. We need this data to provide the service. For the websites https://module.shapeyourtrip.myclimate.org/ , https://module.jobsforfuture.myclimate.org/ and https://learn.myclimate.org/ we work together with the agency Lernetz AG, Pfingstweidstrasse 10, 8005 Zurich, to whom we transmit personal data. This personal data is stored on the server of the computer centre Begasoft, Bern in Switzerland (https://www.begasoft.ch/unternehmen/infrastruktur).
3.1.6. If you are a legal representative or employee of one of our customers, your personal data may be collected if you act on behalf or by order of our customer in the business relationship with us. This is done for the purpose of initiating or performing the contract concluded with you pursuant to point (b) of Art. 6 (1) GDPR
3.1.7. We also collect and process personal data for the purpose of processing applications (legal basis: point (b) of Art. 6 (1) GDPR). The processing may also take place electronically if you as the applicant send us application documents by e-mail. In the event we conclude an employment contract with you upon completion of the application procedure, we will store the transmitted data for the purpose of handling the employment relationship under consideration of the statutory regulations. If no employment contract is concluded, the electronically submitted application documents will be deleted, unless the deletion would conflict with other legitimate interests. Moreover, we may retain them if the applicant agrees to the continued retention for possible later consideration.
3.2. Personal Data We Receive from External Sources
We may also use personal data lawfully collected by another controller and that are lawfully transmitted to us, e.g. publicly accessible information. This includes lists of debtors, public registers such as insolvency announcements or information from the commercial register as well as from the media and Internet.
4. SSL encryption
We use SSL encryption to ensure the best possible protection of your transferred data. Connections which are encrypted in this way display the prefix "https://" in your browser’s address bar. Unencrypted websites display "http://". Thanks to SSL encryption, the data you transmit to these websites, e.g. when sending enquiries or logging in, are protected against being viewed or accessed by third parties.
5. Transmission of Your Personal Information to Third Parties
We will transmit your personal data to commissioned service providers in Germany and abroad insofar as this is necessary for economic or technical reasons. We will carefully select the respective service provider to this end, conclude a processing contract pursuant to Art. 28 GDPR and check him carefully. For the purpose of outsourcing certain business process, we have a legitimate interest in concluding processing contracts with the respective service provider pursuant to point (f) of Art. 6 (1) GDPR.
5.1. Depending on the payment service provider you select during your donation process, we will forward your payment data (including your address) for processing payments to the bank or service provider responsible for handling payments (Datatrans Ltd, Kreuzbühlstraße 26, 8008 Zurich, Switzerland) and/or to the inspection body (SIX Payment Services Ltd, Hardturmstrasse 201, CH-8005 Zurich). For the purposes of payment implementation, we have also integrated components of SIX Payment Services Ltd on our website. This also is done for the performance of the contract concluded with you pursuant to point (b) of Art. 6 (1) GDPR. In some cases, the selected payment service providers will collect these data directly from you if you set up an account with them. In this case, you need to log in to your payment service provider with your login details during the order process. This is subject to the privacy policy of the respective payment service provider. Furthermore, if payment is made by credit card, we use the 3-D Secure 2.0 process, during which device and browser information is transmitted to the credit card institute. This is likewise based on Art. 6 (1) (b) GDPR.
5.2. We use the donation technology of RaiseNow Ltd, Hardturmstr. 101, 8005 Zurich, on our website, to whom we transmit your personal and payment data and communication preferences on the basis of a third-party data processing agreement concluded with RaiseNow Ltd in accordance with Art. 28 (3) GDPR, with regard to which we have a legitimate interest in accordance with Art. 6 (1) (f) GDPR. The security of data processing at RaiseNow Ltd is regularly inspected and certified by TÜV SÜD on the basis of the PCI-DSS SAQ D Level 2 security standard (https://developer.raisenow.com/docs/pci-dss/Certificate-of-Validation_en.pdf). RaiseNow Ltd may use the collected data in anonymised form, i.e. without any identification of donors, to optimise or improve its own services, but not in order to contact donors directly or forward the data to third parties. RaiseNow Ltd’s privacy policy is available here: https://www.raisenow.com/en-gb/privacy-policy
5.3. We may also transfer your personal data to affiliated companies, i.e. group companies. For the purpose of internal administration, we have a legitimate interest in the transfer of the data to our group companies in accordance with Art. 6 (1) (f) GDPR.
5.4. Your personal data collected via the customer database will be stored on the server of Nine Internet Solutions AG, Albisriederstrasse 243a, 8047 Zurich, Switzerland and/or Swisscom (Schweiz) AG, Enterprise Customer, Müllerstrasse 16, 8005 Zurich, Switzerland and will be forwarded to them for this purpose. This is done on the basis of a contract for order processing concluded with Nine Internet Solutions AG and/or Swisscom (Schweiz) AG in accordance with Art. 28 GDPR, in which we have a legitimate interest within the meaning of Art. 6 (1) (f) DSGVO.
5.5. Your data, which are generated directly via our website, are sent to one of our hosting providers; b.net GmbH Dresden, Wiener Straße 146, D-01210 Dresden, Germany, and/or Forte Digital Germany GmbH, Köpenicker Str. 122, 10179 Berlin, Germany, which will store it on the servers of Hetzner Online GmbH in a data centre in Falkenstein. We have concluded a third-party data processing agreement in accordance with Art. 28 GDPR with b.net GmbH. We use the hosting services of a third-party provider on the basis of our legitimate interest in the correct display of our website contents and services, Art. 6 (1) (f) GDPR.
5.6. We also work with the content management service provider Forte Digital Germany GmbH, Köpenicker Str. 122, 10179 Berlin, Germany, to whom we transmit personal data via our website. We have concluded a third-party data processing agreement in accordance with Art. 28 GDPR with Forte Digital Germany GmbH.
5.7. If you additionally wish to receive a regular newsletter and have given your consent to the receipt of the newsletter pursuant to point (a) of Art. 6 (1) GDPR, we will forward your data to the newsletter delivery provider Newsletter2Go GmbH. We have concluded a processing contract with Newsletter2Go GmbH pursuant to Art. 28 GDPR. The data are forwarded on the basis of the processing contract as our legitimate interest pursuant to point (f) of Art. 6 (1) GDPR. For details concerning the newsletter delivery by Newsletter2Go GmbH, please refer to section 6.7. of this Privacy Policy.
5.8. For the purpose of performing the contract pursuant to point (b) of Art. 6 (1) GDPR, we may also transmit your personal data to any party to which we assign rights resulting from the contractual relationship with you.
5.9 Calculate
5.9.1 We use the web-based calculation platform Calculate to carry out individual CO2 emissions calculations, to generate a confirmation certificate and to create a label with a tracking number .The recorded data is stored on servers in Switzerland.
5.10 Smart3
5.10.1. We use Smart3, a web-based platform, for carbon footprinting as well as for managing more detailed sustainability data. The recorded data is stored on servers in Switzerland.
5.11 DUALOO
5.11.1 In addition, we gather and process personal data for the purpose of handling application procedures (the legal basis is Article 6(1b) of the GDPR). In order to process your application, we use the application management system Dualoo, a Software-as-a-Service (SaaS) solution from Dualoo AG, Rietbergstrasse 27, 9403 Goldach, Switzerland (“Dualoo”). The online application form is embedded in our website via a link or iframe, and the data recorded by you is stored on servers in Switzerland. We have also concluded a contract with Dualoo in accordance with GDPR Article 28 relating to order processing. This contract obliges Dualoo abide by the same technical and organisational measures for storing your application documents. Processing can also be carried out by electronic means, if you as an applicant send us the appropriate application documents via email.
If, at the conclusion of the application process, we conclude a contract of employment with you, we will store the data provided by you for the purpose of settling the contract of employment n compliance with statutory requirements. If no contract of employmentis concluded, we will delete the application documents three months after informing you of your rejection, unless this would run counter to other legitimate interests. In addition, we reserve the right to keep these documents for a longer period if the applicant gives their explicit consent to this for the purpose of considering said applicant for any future positions. Another example of a legitimate interest would be in order to meet burden of proof obligations in a procedure in accordance with the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG).
5.12 LIVESTORM
5.12.1 For our services, in particular for webinars, cloud talks and livestreams, we use the software of the third-party provider Livestorm, among others. The company is based at 60 rue François 1er, 75008 Paris, France and stores the data required for webinar registrations, such as first and last name, e-mail, etc., on servers within the EU in Ireland. If further processing is required, such as for the purpose of evaluation or forwarding to other tools, data is occasionally also shared with third-party providers in the USA.
Further information on the data and its processing by Livestorm can be found here: https://livestorm.co/privacy-policy
5.13 MYCLIMATE ECOCLOUD
5.13.1. We use EcoCloud, a web-based sustainability platform for carbon management. To ensure the functioning of the tool, it may be necessary to pass on your data to our software developers and hosting providers located in Germany, Austria or SwitzerlandThe recorded data is stored on servers in Switzerland.
6. Forwarding of Your Personal Data to Third Countries
Where your data are transmitted to a third country, we make sure that the data are only transmitted to countries with an adequate level of protection in the meaning of Art. 45 (1) GDPR or that the controller domiciled in the respective third country has established suitable data protection safeguards. For example, these safeguards could be
6.1. binding corporate data protection rules pursuant to Art. 47 GDPR; or
6.2. standard contractual clauses issued by the European Commission in accordance with the examination procedure referred to in Art. 93 (2) GDPR.
7. Newsletter
7.1. With your consent, you can subscribe to our newsletter, in which we inform you about our current offers, climate protection and education projects, our partners and our company. The legal basis for this is point (a) of Art. 6 (1) sentence 1 GDPR.
7.2. For the subscription to our newsletter, we use the so-called double opt-in procedure. This means that following your subscription, we send an e-mail to the specified e-mail address, asking you for confirmation that you wish to receive the newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically erased after one month. Apart from this, we store your respective IP addresses as well as the times of subscription and confirmation. The purpose of this procedure is to be able to furnish evidence of your subscription and, if necessary, to clarify any abuse of your personal data.
7.3. For the delivery of the newsletter, the specification of your e-mail address, country and language is mandatory. The specification of further, separately marked data is voluntary; these data are used to address you personally. Following your confirmation, we will store your e-mail address for the purpose of sending you the newsletter.
7.4. You can withdraw your consent to the delivery of the newsletter and unsubscribe from the newsletter whenever you wish. You can do this by sending a message to newsmail@myclimate.org or by using the link provided for this purpose in the newsletter.
7.5. Please note that when delivering the newsletter, we analyse your user behaviour. For this analysis, the transmitted e-mails contain so-called web beacons or tracking pixels, i.e. one-pixel image files that are stored on our website. For the analysis, we map the data specified in section 3.1.3. (data when using the website for information) and the web beacons to your e-mail address and an individual ID. The links transmitted in the newsletter also contain this ID. Based on these data, we create a user profile in order to custom-tailor the newsletter to your individual interests. In this context, we ascertain when you read our newsletters and which links you click in it; on this basis, we derive conclusions regarding your personal interests. We combine these data with the actions you perform on our website.
7.6. You can object to this tracking at any time by clicking the separate link that is provided in every e-mail or by informing us via another contact method. The information will be stored for as long as your newsletter subscription continues. If you unsubscribe, we will only store the data statistically and anonymously.
7.7. The transmission of the newsletter takes place via Newsletter2Go, a newsletter delivery platform of the provider Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Your e-mail address and IP address, the time of subscription and confirmation and the times of access to our newsletters are stored on the servers of Newsletter2Go GmbH. Our newsletters contain a web beacon, i.e. a file that is accessed by the server of Newsletter2Go GmbH when the newsletter is opened. Within the scope of this access, information on your browser and your system as well as your IP address and the access time are collected. This information is used for the technical improvement of the services according to the technical data, the target audiences and their reading behaviour on the basis of their access locations or access times. Furthermore, the data serve the determination whether and when the newsletter is opened and which links are clicked. Moreover, Newsletter2Go GmbH uses this information for the delivery and analysis of the respective newsletter by our order pursuant to Art. 28 GDPR. Due to this processing relationship with Newsletter2Go GmbH, we have a legitimate interest in forwarding your data to Newsletter2Go GmbH pursuant to point (f) of Art. 6 (1) GDPR. As a German company, Newsletter2Go GmbH is also under the obligation to comply with EU data protection regulations. Under the processing contract concluded with Newsletter2Go GmbH, Newsletter2Go GmbH undertakes to process the personal data of our customers according to applicable data protection provisions and especially not to forward them to any third parties. You can view the privacy policy of Newsletter2Go GmbH here: https://www.newsletter2go.de/datenschutz/
8. Cookies
8.1. Additionally, cookies will be stored on your computer when you use our website. Cookies are little text files that are associated with the browser you use and stored on your hard disk, through which the party that sets the cookie (i.e. we) receives certain information. Cookies cannot run any programs or transfer viruses to your computer. They merely serve the purpose of making the website as a whole more user-friendly and effective.
8.2. This website uses transient and persistent cookies, whose scope and functionality are explained below:
8.2.1. Transient cookies are deleted automatically when you close the browser. This especially includes session cookies. These cookies store a so-called session ID with which various requests of your browsers can be allocated to the joint session. In this way, your computer can be recognised when you return to our website. Session cookies are deleted upon logout or when you close the browser.
8.2.2. Persistent cookies are deleted automatically after a predefined period that may vary depending on the cookie. You can delete the cookies in your browser’s security settings whenever you wish.
8.3. You can configure your browser settings according to your preferences and e.g. refuse to accept third-party cookies or all cookies. Please note that if you do so, you might not be able to use all functions of this website.
8.4. If you have given your consent to the use of cookies based on a notification on our website (“cookie banner”), the legality of using cookies is based on Art. 6 (1) (a) GDPR. The cookie banner gives you the option of choosing which cookies you consent to. You may, for instance, allow cookies for preferences, statistical purposes, and/or marketing purposes. We always use necessary cookies which ensure the functionality of the website. We have a legitimate interest in maintaining the functionality of the website in accordance with Art. 6 (1) (f) GDPR.
9. Use of Web Analysis Tools
9.1 etracker
9.1.1. MYCLIMATE uses the services of etracker GmbH, based in Hamburg, Germany (www.etracker.com) for the analysis of usage data. It is our standard practice not to use cookies for web analysis. If we do use cookies for analysis and optimisation, we request your explicit permission separately in advance. If this is the case, and if you agree, we will use cookies that enable statistical reach analysis of this website, measure the success of our online marketing measures, and allow testing procedures, e.g. in order to test and optimise different versions of our online offering or its components. Cookies are small text files that are stored by the internet browser on the user’s terminal equipment. etracker cookies do not contain any information that could identify a user.
9.1.2. The data generated using etracker is processed and stored by etracker on behalf of myclimate exclusively in Germany and is therefore subject to the strict German and European data protection legislation and standards. To this end, etracker has been independently checked, certified and awarded the data protection seal ePrivacyseal.
9.1.3. The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties. You can object to the outlined data processing at any time by clicking on the slider. The objection has no disadvantageous consequences. If no slider is displayed, the data collection is already prevented by other blocking means.
X
Further information on data protection with etracker can be found here.
10. Internet Advertising
10.1. Google AdWords
10.1.1. We use the Google AdWords service in order to draw attention to our offers and effective climate protection by means of advertisements (so-called Google AdWords) on external websites. In this way, we pursue the legitimate interest pursuant to point (f) of Art. 6 (1) GDPR to show you ads that are of interest to you, to make our website more attractive for you and to achieve fair calculation of advertising costs. If you have given your consent to the use of cookies based on a notification on our website (“cookie banner”), the legality of use is based additionally on Art. 6 (1) (a) GDPR.
10.1.2. These advertisements are delivered by Google via ad servers. For this, we use ad server cookies, which can measure certain success measurement parameters such as the display of ads or user clicks. If you reach our website via a Google ad, Google AdWords will store a cookie on your PC. These cookies usually expire after 30 days and are not used to identify you personally. For this cookie, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) as well as opt-out information (indication that the user no longer wants to be addressed) are stored as analysis values.
10.1.3. These cookies enable Google to recognise your Internet browser. If a user visits certain pages of the website of an AdWords customer and the cookie stored on his computer has not yet expired, Google and the customer can see that the user has clicked the ad and has been redirected to the respective page. A different cookie is assigned to every AdWords customer. Thus, cookies cannot be tracked via the websites of AdWords customers. In the context of the said advertising measures, we do not collect and process any personal data. Google merely provides us with statistical analyses. Based on these analyses, we learn which of the advertising measures used are especially effective. We do not receive any further data from the use of the ads; in particular, we cannot identify users on the basis of this information.
10.1.4. Due to the marketing tools used, your browser will automatically establish a direct connection to the Google server. The scope and further use of the data collected by Google due to this tool is beyond our control and we are thus informing you about what we do know: Through the embedding of AdWords Conversion, Google is informed that you have accessed the respective part of our website or clicked one of our ads. If you are registered with a Google service, Google can map the visit to your account. Even if you are not registered with Google or not logged in, the provider may learn and store your IP address.
10.1.6. The legal basis for the processing of your data is point (f) of Art. 6 (1) sentence 1 GDPR. Further information on the data protection at Google is available here: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of Network Advertising Initiative (NAI) at https://www.networkadvertising.org. Google participates in the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
10.1.7. In connection with our use of the Google AdWords offer, the Google Grants program is also used. Google Grants provides free advertising to eligible non-profit organisations worldwide. Google Grants thus helps non-profit organisations like us to use AdWords in order to reach persons who use the Google search engine to find information that is relevant to such organisations.
10.2. Google Remarketing
10.2.1. We use Google Remarketing. This is a procedure for addressing you anew. This application enables the display of our ads as you continue using the Internet after visiting our website. This is done with the help of cookies stored in your browser, by means of which Google collects and analyses your user behaviour when visiting various websites. In this way, Google can identify your previous visit to our website. According to Google, the data collected in the context of remarketing is not associated with your personal data that may be stored by Google. In particular, Google points out that pseudonymisation is used for remarketing. The legal basis for this is Article 6 (1) (a) GDPR.
10.2.2. For the exceptional cases in which personal data are transmitted to the USA, Google participates in the EU-US Privacy Shield. For information, see https://www.privacyshield.gov/EU-US-Framework.
10.3. Microsoft Bing Ads
10.3.1 We use the conversion tracking function of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, on our website. This entails Microsoft Bing Ads storing a cookie on your computer, provided you have reached our website via a Microsoft Bing ad. This enables Microsoft Bing and us to see that someone clicked on an ad, was forwarded to our website, and reached a pre-set target (conversion) site. We only find out about the total number of users who have clicked on a Bing ad and were forwarded to the conversion site. No personal information regarding the identity of the user is disclosed.
10.3.2 If you do not wish information regarding your user behaviour to be used as explained above, you may reject the setting of the cookie required for the process – for example, by deactivating the automatic setting of cookies in your browser settings. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website and processing of these data by Microsoft by objecting via the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-EN. Further information about data protection and the cookies used by Microsoft and Bing Ads is available at the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement
11. Google Maps
11.1. We use the services of Google Maps on this website. This allows us to show you interactive maps directly on the website and enables you to use the maps function conveniently.
11.2. When you visit the website, Google receives the information that you have accessed the respective subpage of our website. Moreover, the data specified in section 3.1.3 are transmitted. This happens regardless of whether Google provides you with a user account into which you are logged in, or you have no user account. If you are logged in to Google, your data will be allocated directly to your account. If you do not wish this information to be allocated to your Google profile you must log out prior to activating the button. Google stores your data in the form of user profiles and uses them for the purpose of advertising, market research and/or needs-oriented design of its website. This analysis is performed (even for users who are not logged in) especially in order to deliver needs-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right you will have to contact Google.
11.3. We use Google Maps to pursue our interest in an appropriate display of our online services and contents and to facilitate finding the locations specified on our website. This is a legitimate interest in terms of Art. 6 (1) (f) GDPR.
11.4. Further information on the purpose and scope of the collection of data and their processing by the plugin provider is available in the privacy policies of the provider. There, you can also see further information on your rights in this regard and on the configuration options to protect your privacy: http://www.google.com/intl/gb/policies/privacy. Google also processes your personal data in the USA and participates in the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US Framework.
12. Connection to Social Media
12.1. Use of Social Media Plugins
12.1.1. We currently use the following social media plugins: Facebook, Google+, Twitter, Instagram, LinkedIn. To increase the protection of your data when visiting our website, the plugins are not fully embedded on the page, but merely using an HTML link (so-called “Shariff” solution of c’t). This makes sure that when a page of our website that contains such plugins is accessed, no connection is immediately established to the servers of the respective social network provider. If you click one of the buttons, a new browser window will open up with the page of the respective service provider, on which you can click the “Like” or “Share” button (possibly after entering your login details).
12.1.2. By way of the plugins, we enable you to interact with the social networks and other users. This helps us to improve our offering and make it more interesting for you as the user. The legal basis for the use of plugins is point (f) of Art. 6 (1) sentence 1 GDPR.
12.1.3. If you do not want the respective social networks to generate data about you via our website, you can take the following measure: Simply log out from the social networks before visiting our website or other websites.
12.1.4. Further information on the purpose and scope of the collection of data and their processing by the plugin providers is available in the privacy policies of these providers as shown below. There, you can also see further information on your rights in this regard and on the configuration options to protect your privacy.
12.1.5. Addresses of the plugin providers and URL of their privacy policies:
12.2. YouTube
12.2.1. We have embedded YouTube videos on our website, which are stored at https://www.YouTube.com and can be played directly from our website. All these videos are embedded in the “privacy-enhanced mode”, i.e. no data about you as a user will be transmitted to YouTube as long as you do not play the videos. The data specified in section 12.2.2. will only be transmitted if you play the videos. This data transmission is beyond our control.
12.2.2. When you visit the website, YouTube receives the information that you have accessed the respective subpage of our website. Moreover, the data specified in section 3.1. of this Privacy Policy are transmitted. This takes place regardless of whether YouTube provides a user account that you are logged into, or whether no user account exists. If you are logged in to Google, your data will be allocated directly to your account. If you do not wish the allocation to your profile in YouTube, you need to log out before you click the button. YouTube stores your data in the form of user profiles and uses them for the purpose of advertising, market research and/or needs-oriented design of its website. This analysis is performed (even for users who are not logged in) especially in order to deliver needs-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles. To exercise this right, please contact YouTube.
12.2.3. Further information on the purpose and scope of the collection of data and their processing by YouTube is available in the privacy policy. There, you can also see further information on your rights and configuration options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and participates in the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework.
12.3. SoundCloud
12.3.1. Plug-ins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, United Kingdom) are integrated on our websites. You can recognise the SoundCloud plug-ins by the SoundCloud logo on the affected sites.
12.3.2. When you visit our websites and after the plug-in is activated a direct connection will be established between your browser and the SoundCloud server. This will provide SoundCloud with information to the effect that you, with your IP address, have visited our site. If you click the “like” or the “share” button while you are logged in to your SoundCloud user account you may link and/or share the contents of our websites with your SoundCloud profile. By doing this SoundCloud will be able to attribute the visit to our websites to your user account. Please note that as the website provider we are not given any information on the contents of the transmitted data nor their use by SoundCloud. More information can be found in the privacy statement of SoundCloud: https://soundcloud.com/pages/privacy.
12.3.3. If you do not wish Soundcloud to attribute the visit to our websites to your SoundCloud user account, please log out of your SoundCloud user account before you activate the contents of the SoundCloud plug-in.
13. Retention Periods and Criteria for the Retention of Your Personal Data
All processed personal data will only be stored for as long as and to the extent necessary for the performance of our contractual and statutory obligations. For accounting reasons and due to statutory retention obligations, we usually retain collected personal data for 10 years. Longer statutory retention obligations or reasons may apply. For the delivery of our newsletter, we will store your e-mail address until you unsubscribe from the newsletter. All technical access data collected when visiting our website for information only are erased no later than seven days after the end of your visit to our site.
14. Security Measures
14.1. Pursuant to Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia appropriate measures to ensure the confidentiality, integrity and availability of data by controlling the physical and system access to the data as well as the input, forwarding, protection of the availability and separation of the data. Furthermore, we have established processes to ensure the exercise of the rights of the data subjects, erasure of data and reaction to threats to data. Moreover, we already consider the protection of personal data in the development and selection of hardware, software and processes in accordance with the data protection principle by design and by default (Art. 25 GDPR).
14.2. In particular, the security measures included the encrypted transmission of data between your browser and our server.
15. Your Rights
15.1. You have the following rights vis-à-vis us with respect to the personal data concerning you:
On grounds relating to your particular situation, you have the right to object to the processing of personal data concerning you on the basis of point (f) of Art. 6 (1) GDPR (data processing due to a legitimate interest). If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Moreover, you have the right to object at any time to the processing of data concerning you for direct advertising purposes (Art. 21 (2) GDPR). If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.
15.2. To exercise your rights specified in section 12.1., please send an e-mail to info@myclimate.org or contact the address specified in section 1.2.
15.3. You also have the right to lodge a complaint with the responsible data protection supervisory authority about the processing of your personal data by us.
16. Customize privacy settings
Here you can customize privacy settings.
17. Amendments to This Privacy Policy
We may amend, supplement or replace this Privacy Policy in full or in part at any time and without prior announcement. The respective Privacy Policy published on the website is valid.