Privacy Policy

1. Introduction

With the following information we would like to give you as "data subject" an overview of the processing of your personal data by us and your rights under data protection law. The use of our internet pages is basically possible without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, for example your name, address or e-mail address, always takes place in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "Animals Angels e.V.". By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the data controller, we have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as fully as possible. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or mail.

2. Responsible Organisation

The responsible organisation in accordance with General Data Protection Regulation (GDPR) is:

Animals Angels e.V.
Rossertstraße 8
60323 Frankfurt, Germany

Phone: +49 (0)69 – 707 981 70
Fax: +49 (0)69 – 707 981 729
E-Mail: kontakt(at)animals-angels.de

Head of responsible organisation: Julia Havenstein (Chairwoman)

3. Data Protection Officer

You can reach the data protection officer as follows:

Thorsten Dampf
c/o dampf.consulting GmbH
Eiserne Hand 11
35305 Grünberg
Fax: +49 (0)6645 – 999 901 9
datenschutz@animals-angels.de

You can contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.

4. Legal Basis for Data Processing

Art. 6 para. 1 lit. a GDPR serves our company as legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the fulfilment of a contract to which you are a party, as is the case, for example, with processing operations which are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations which are necessary for the execution of pre-contractual measures, e.g. in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our business were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 para. 1 lit. d GDPR.

Ultimately, processing operations could be based on Art. 6 para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, he was of the opinion that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).

5. Technology

5.1. SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that in the address line of the browser there is a "https://" instead of a "http://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5.2 Data Collection When Visiting the Website

If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (in so-called "server log files"). Our website collects a range of general data and information each time a page is called up by you or an automated system. This general data and information is stored in the log files of the server. The following can be recorded:

1. browser types and versions used,

2. the operating system used by the accessing system,

3. the website from which an accessing system accesses our website (so-called referrer),

4. the subwebsites which are accessed via an accessing system on our website,

5. the date and time of access to the website,

6. an Internet protocol address (IP address),

7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required to

1. deliver the contents of our website correctly,

2. optimize the content of our website and the advertising for it,

3. ensure the long-term operability of our IT systems and the technology of our website, and

4. to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack.

This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The data in the server log files are stored separately from all personal data provided by the person concerned.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for the collection of data.

6. Cookies

6.1. General Information About Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your terminal device and do not contain viruses, Trojans or other malware.

Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we will immediately become aware of your identity.

The use of cookies serves on the one hand to make the use of our offer more convenient for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a specific period of time. If you visit our site again to make use of our services, it is automatically recognized that you have already been with us and which inputs and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. Complete deactivation of cookies may, however, prevent you from using all the functions of our website.

7. Contents of our Website

7.1. Making Contact / Contact form

When contacting us (e.g. by contact form or E-Mail), personal data is collected. Which data is collected in the case of contact, is apparent from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and provided that there are no legal storage obligations to the contrary.

8. Newsletter

8.1. CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service with which the newsletter mailing can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on the CleverReach servers in Germany and Ireland.

Our newsletters sent with CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link was clicked in the newsletter. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis through the CleverReach newsletter can be found at: www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

If you do not wish CleverReach to carry out an analysis, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from our servers as well as from CleverReach's servers after you cancel the newsletter. This does not affect data stored by us for other purposes (e.g. e-mail addresses for the member area).

For further details, please refer to the CleverReach privacy policy at: www.cleverreach.com/de/datenschutz/.

9. Social Media Plugins

9.1. Shariff Solution

On our website we offer you the possibility of using so-called "social media buttons". To protect your data, we use the "Shariff" solution. This means that these buttons on the website are only integrated as graphic, which contains a link to the corresponding website of the button provider. By clicking on the graphic you will be forwarded to the services of the respective provider. Only then will your data be sent to the respective providers. If you do not click on the graphic, there will be no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the respective providers. More information about the Shariff solution can be found here: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

The use of social media buttons is based on Art. 6 Para. 1 S. 1 lit. f GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

10. Web Analysis

10.1. Matomo

On this website we have integrated the component Matomo. Matomo is an open source software tool for web analysis. Web analysis is the collection and evaluation of data about the behaviour of visitors to websites. A web analysis tool collects data on, among other things, from which website a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimise a website and to analyse the costs and benefits of Internet advertising.

The software is operated on the server of the data controller, the data protection sensitive log files are stored exclusively on this server.

The purpose of the Matomo component is to analyse the flow of visitors to our website. We use the data and information obtained, among other things, to evaluate the use of this website in order to compile reports showing the activities on our website.

Matomo places a cookie on your IT system. The use of cookies enables us to analyse the use of our website. Each time you access one of the individual pages of this website, the Internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for online analysis. As part of this technical process, we gain knowledge of personal data, such as the IP address of the person concerned, which we use, among other things, to track the origin of visitors and clicks.

Personal information such as access time, the location from which an access originated and the frequency of visits to our website are stored by means of cookies. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, is transferred to our server. This personal data is stored by us. We do not pass this personal data on to third parties.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on your IT system. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programs.

Furthermore, you have the possibility to object to the collection of data generated by Matomo and related to the use of this website and to prevent such collection. You must set an opt-out cookie for this purpose. If your IT system is deleted, formatted or newly installed at a later point in time, the person concerned must again set an opt-out cookie. With the setting of the opt-out cookie, however, there is the possibility that our Internet pages may no longer be fully usable for you.

You have given your consent to this via our opt-in cookie banner in accordance with Art. 6 Para. 1 lit. a GDPR.

Further information and the applicable data protection regulations of Matomo can be found at matomo.org/privacy/ .

11. Payment Provider

11.1 PayPal

We have integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of making virtual payments using credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you select "PayPal" as your payment option during the donation process in our online form, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, surname, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. For the completion of the sales contract such personal data are also necessary, which stand in connection with the respective order.

The transmission of the data is intended for payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transferred by PayPal to credit agencies. The purpose of this transfer is to check identity and creditworthiness.

PayPal may disclose the personal data to affiliated companies and service providers or subcontractors to the extent necessary to fulfill the contractual obligations or to process the data on behalf of PayPal.

You have the option to revoke your consent to PayPal handling your personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

The use of PayPal is in the interest of the proper and smooth payment processing. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

The valid data protection regulations of PayPal can be found at www.paypal.com/de/webapps/mpp/ua/privacy-full

11.2 Payment by Credit Card

When selecting the payment methods "direct debit via ipayment" or "credit card via ipayment", we pass on your personal data to 1&1 Ionos SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as "1&1") for payment processing purposes, insofar as this is necessary for payment processing.

You will find more detailed information on how 1&1 handles personal data in the data protection declaration of 1&1 at: hosting.1und1.de/terms-gtc/terms-privacy

Within the framework of transaction processing, we work together with Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn. All payment data as well as data on possible chargebacks will only be stored for as long as they are required for payment processing (including the processing of possible chargebacks and the collection of receivables) and for combating misuse.

As a rule, the data are deleted at the latest 13 months after their collection. In addition, further storage may take place if and as long as this is necessary to comply with a statutory retention period or to pursue a specific case of misuse. The legal basis for data processing is Art. 6 Para. 1 f) GDPR.

12. Your Rights as Data Subject

12.1. Right to Confirmation

You have the right to request confirmation from us as to whether your personal data is processed.

12.2. Right of Access Art. 15 GDPR

You have the right at any time to receive from us free information about the personal data stored about you and a copy of this data.

12.3. Right to Correction Art. 16 GDPR

You have the right to request the rectification of incorrect personal data concerning you. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

12.4. Cancellation Art. 17 GDPR

You have the right to demand that we delete your personal data immediately if one of the statutory reasons applies and if processing is not necessary.

12.5. Limitation of Processing Art. 18 GDPR

You have the right to demand that we restrict processing if one of the statutory requirements is met.

12.6. Data Transferability Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another data controller to whom the personal data have been provided, without any hindrance on our part, provided that the processing is based on consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and that the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority assigned to us.

Furthermore, when exercising your right to data transferability pursuant to Art. 20 (1) GDPR you have the right to obtain that the personal data be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

12.7. Objection Art. 21 GDPR

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing on the basis of a weighing of interests) GDRP.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

In individual cases, we process personal data in order to conduct direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling as far as it is connected with such direct advertising. If you object to our processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You also have the right to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR for reasons arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.

You are free to exercise your right of objection in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

12.8. Revocation of Consent Under Data Protection law

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

12.9. Complaints to a Supervisory Authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

This data protection declaration is currently valid and has the status [[April 2019]].

Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to amend this data protection declaration. You can call up and print out the current data protection declaration at any time on the website under the following link.