The applicable data protection regulations, especially the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG], require us to handle data of users properly and for a specific purpose.
I. Who is the controller and how can I contact the data protection officer?
The controller in the sense of the GDPR is:
Umwelt und Naturschutz Deutschland e.V. (BUND) –
Friends of the Earth Germany
Tel. +49(0) 30 275 86-40
Fax +49(0) 30 275 86-440
Association Register: Berlin VR 21148Nz
VAT ID No.: DE 216308839
Prof. Dr. Hubert Weiger (Board Chairperson)
Jörg Nitsch and Ernst-Christoph Stolper (Deputy Chairpersons)
If you have any questions about our processing of your personal data or general inquiries about data protection, please contact our data protection officer at the above address or at the following email address: firstname.lastname@example.org.
II. Your rights as a data subject
Every data subject has the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification of inaccurate data (Art. 16 GDPR)
- Right to erasure or the “right to be forgotten” (Art. 17 GDPR)
- Right to restriction of processing of personal data (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR).
You may object to the processing of personal data for marketing purposes, including analyses of customer data for marketing purposes, at any time without stating reasons.
Furthermore, data subjects also have a general right to object (cf. Art. 21(1) GDPR). In this case, objections to data processing must be explained. If data is processed on the basis of consent, you may withdraw your consent at any time for the future.
To exercise your rights as a data subject, please contact us at the address in our Imprint. Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority.
III. Processing of personal data by BUND
The following sections provide an overview of how we ensure the protection of your personal data when accessing our website and what categories of personal data we process, for what purposes and to what extent—in addition to the processes described by the separate information about data processing in compliance with the GDPR.
1. Processing of data when our website is accessed – logfiles
When our website is accessed, general information is collected automatically. This information (server logfiles) includes the type of web browser, the operating system used, the domain name of your Internet Service Provider, etc. In addition, your IP address is transferred and used to provide the services you request. This information is required for the technically correct display of the website contents you request and must be collected when using the Internet.
According to our IT security concept, logfile data that is collected is saved for 3 months to recognize and analyze attacks on our website. IP addresses are removed from protocols after 7 days. The legal basis for data processing is Art. 6(1) Sentence 1 Letter f GDPR.
2. Data security precautions
Our pages feature technical and operational security measures to protect the personal data saved by us against third-party access, loss and misuse and to ensure secure data transfers.
Please note that, due to the structure of the Internet, unauthorized access to data by third parties may occur. You are therefore also responsible for protecting your data against misuse through encryption or other means. Without the appropriate protective measures, unencrypted data in particular, including data transferred by email, may be read by third parties.
IV. Embedded offers provided by external service providers
This website was prepared using the content management system WordPress. Through the use of plugins, themes, fonts, CSS, images, etc., in WordPress, data will be transferred to other firms/servers and may be saved/processed there. This means that these providers also collect information including IP addresses, browser (version), operating system (version) and the website that was initially visited. The privacy policies of the respective providers apply here.
The Garden Dormouse Sighting Site uses the following services:
1. Map services provided by OpenStreetMap
This website uses contents provided by OpenStreetMap to display geographic information and make it easier to determine reported locations.
For more information about data protection at OpenStreetMap, please click here. (link: https://wiki.osmfoundation.org/wiki/Privacy_Policy)
We do not know if, to what extent or for how long your IP address will be saved and used internally by OpenStreetMap. The legal basis for the inclusion of this service is Art. 6(1) Sentence 1 Letter f GDPR.
2. Map services provided by Bing Maps
Please note that Microsoft may process data outside of the EU/EEA. For more information about how Microsoft uses your data, please see the Microsoft Services Agreement (link: https://www.microsoft.com/en-us/servicesagreement) and click here. (link: https://privacy.microsoft.com/en-us/privacystatement)
We do not know if, to what extent or for how long your IP address will be saved and used internally by Bing Maps. The legal basis for the inclusion of this service is Art. 6(1) Sentence 1 Letter f GDPR.
3. Google Fonts
4. Google reCAPTCHA
Our contact form uses Google’s reCAPTCHA technology. This protects us against SPAM messages and against automated access overloading our Web pages. In principle, we ask you to confirm that you are not a (malicious) machine using a plausibility check. When Google reCAPTCHA is used, a Google server in the US will be contacted and your IP address will be transferred to Google. If you are logged in to your Google user account while visiting our Web pages, Google may assign your visit to our Web pages to your user behavior. We cannot influence this process and receive no information from Google about transferred contents.
The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
For more information about Google reCAPTCHA, please click here. (link: https://developers.google.com/recaptcha/)
For more information about data protection at Google Inc., please click here. (link: https://policies.google.com/privacy)
Our website uses so-called cookies. Cookies are small text files saved on your device by your browser. Cookies allow us to make our offer more user-friendly, effective and secure. We use both so-called temporary cookies that are automatically deleted when closing your browser (“session cookies”) and persistent cookies.
You may choose whether to enable cookies. You can make changes using your browser settings. You may choose whether to accept all cookies, to be informed when cookies are saved or to disable all cookies. Please note that, if you choose the latter, you may not be able to fully use our offer.
It is important to distinguish between necessary cookies and cookies for other purposes (for measuring access numbers or marketing purposes).
2. Necessary cookies for the use of our website
Our website uses session cookies that are absolutely necessary for its use. These include cookies that allow us to recognize you while you visit our website as part of a session. These session cookies contribute to the secure use of our offer by, e.g., enabling secure payment transactions.
An overview of the cookies used by us with your consent when you start using our website is provided in the following. Every notice of such cookie use includes an opt-out option. These cookies are used to assess usage behavior on our website.
The use of tracking cookies enables us to recognize users when they access our website again and to assign usage processes to an internally assigned code number (pseudonym). In this way, we can record repeated visits to our website and analyze them in context.
Specifically, the following tracking cookie is used:
Tracking by Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are saved on your computer and allow your use of our website to be analyzed. Cookie-generated information on your use of our website will normally be transferred to a Google server in the USA where it is saved. However, because this website has IP anonymization activated, Google will first shorten your IP address in a member state of the European Union or in another state party to the Agreement on the European Economic Area. Only in exceptions will your full IP address be transferred to a Google server in the USA and shortened there. Google will use this information to assess your use of our website, compile reports about website activities and to perform other services relating to the use of our website and the Internet on our behalf. The IP address transferred by your browser through Google Analytics will not be merged with other Google data.
You may prevent cookies from being saved through your browser settings; however, please note that this may prevent you from fully using every function of this website. Furthermore, you may prevent the transfer to and processing by Google of cookie-generated data on your use of our website (including your IP address) by downloading and installing this browser plugin.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained thereby allow us to optimize our offer and make it more user-friendly. For exceptions in which personal data is transferred to the USA, Google subjected itself to the EU-US Privacy Shield. The legal basis for saving cookies is your consent (Art. 6(1) Sentence 1 Letter a GDPR). The further evaluation of the collected data by Google Analytics takes place over a period of two years on the basis of Art. 6(1) Sentence 1 Letter f GDPR.
VI. Respecting “Do not track”
We respect “Do not track” (DNT). Depending on the browser, DNT is either a switch in the program settings or a module (add-on or plugin) to be installed subsequently. If this option is activated, your browser will signal to our web server that you do not wish tracking measures to be performed without your express consent. We will then automatically disable any tracking functions of our server.
This also means that our website will be provided without a Matomo code. This offers the best possible data protection without requiring you to take any further measures for our Internet presence.
The “Do no track” function may be activated in several ways, depending on the browser. Please see the following links:
- Mozilla Firefox – How to activate “Do Not Track” in your program settings
- Microsoft Internet Explorer – How to activate “Do Not Track” in your program settings
- Google Chrome – How to activate “Do Not Track” in your program settings
- Apple Safari – How to activate “Do Not Track” in your program settings
VII. Data collection and storage on meldestelle.gartenschlaefer.de
The technical service provider is IP SYSCON GmbH. (link: https://www.ipsyscon.de/impressum/) (German)
When using this website to report a sighting, the following personal data will be requested in addition to the sighting data:
• First and last name
• Email address
Your personal data will be saved by us, but not used for commercial purposes. Your personal data will not be transferred to third parties without your express consent, unless such transfers are necessary for service performance. Transfers to state institutions and authorities with a right to information will only be performed as part of legal disclosure obligations or if ordered by a court.
Personal data entered by users is not visible to other users.
We will only save your email address to respond to your sighting, unless you have consented to being contacted by email for the project “In search of the garden dormouse”. Please note that confidential information will be transferred in unencrypted form which may result in security vulnerabilities. Absolute protection of data against third-party access is not possible without encryption.
Once processing is complete, this information will be erased. Data will only be stored for up to 10 years as part of the legally required archiving of email exchanges.
We also use technical and organizational security measures to especially protect collected personal data against random or intentional manipulation, loss, destruction and against attacks by unauthorized persons. Our security measures are continuously updated in accordance with technical advances.