Data Privacy

1) Introduction and contact details of the data controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally.

1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is LegalAid gUG (limited liability), Rheinsteinstr. 107, 10318 Berlin, Germany, Tel.: +49 (030) 577 133 310, Fax: +49 (030) 577 133 319, Email: info@legalaid.social. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when you visit our website

2.1 When you use our website purely for information purposes – i.e. if you do not register or otherwise provide us with information – we only collect data that your browser transmits to the website server (so-called ‘server log files’). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • The website you visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referrer from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (where applicable: in anonymised form)

Processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock symbol in your browser address bar.

3) Contacting us

Personal data is collected when you contact us (e.g. via the contact form or by email). The specific data collected when using a contact form is indicated on the form itself. This data is stored and used solely for the purpose of responding to your enquiry or for establishing contact and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted once your enquiry has been fully processed. This is the case when it is clear from the circumstances that the matter in question has been conclusively resolved and provided that there are no legal obligations to retain the data.

4) Data processing for the processing of donations
4.1 In order to process any donations you may send us, we generally process the following personal data: first name and surname, address, email address.

We store your data, together with details of the donation amount, frequency and purpose, and retain it for ten years.

Depending on the payment method selected, the above-mentioned data will also be forwarded to the payment service provider you have chosen for the donation and processed there exclusively and only to the extent necessary to process your donation.

The above-mentioned processing is carried out on the basis of Article 6(1)(b) of the GDPR and serves exclusively to ensure that your donation is processed correctly and recorded in our accounts. The storage of data for a period of 10 years is based on Article 6(1)(c) of the GDPR in conjunction with Section 147 of the German Fiscal Code (AO), under which we are subject to a corresponding retention obligation regarding the business transaction.

5) Rights of the data subject
5.1 Under current data protection law, you have the following rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data; please refer to the legal basis cited for the respective conditions for exercising these rights:

  • Right of access pursuant to Article 15 of the GDPR;
  • Right to rectification pursuant to Article 16 of the GDPR;
  • Right to erasure pursuant to Article 17 of the GDPR;
  • Right to restriction of processing pursuant to Article 18 of the GDPR;
  • Right to be informed pursuant to Article 19 of the GDPR;
  • Right to data portability pursuant to Article 20 of the GDPR;
  • Right to withdraw consent pursuant to Article 7(3) of the GDPR;
  • Right to lodge a complaint pursuant to Article 77 of the GDPR.

 

5.2 RIGHT TO OBJECT

IF, AS PART OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. FURTHER PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

6) Duration of storage of personal data

The duration of storage of personal data is determined by the relevant legal basis, the purpose of processing and – where applicable – additionally by the relevant statutory retention period (e.g. retention periods under commercial and tax law).

Where personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR, the data concerned will be stored until you withdraw your consent.

Where statutory retention periods apply to data processed in the context of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) of the GDPR, such data is routinely deleted upon expiry of the retention periods, provided that it is no longer required for the performance of a contract or for entering into a contract and/or we no longer have a legitimate interest in its continued storage.

When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

Where personal data is processed for the purposes of direct marketing on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.