Datenschutz
México vía Berlín e.V. takes the protection of personal data very seriously and treats it with confidentiality. We do not disclose it to third parties, in accordance with the statutory data protection regulations and this Privacy Policy.
This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data within our “online communication”: website, newsletter and related features and external online presence (e.g. on our social media profiles).
With regard to the terminology used, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
If you use our website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmitted via the internet may be subject to security breaches and complete protection of your data from third-party access is not possible.
-
Responsible
México vía Berlín e. V.
Treptower Str. 100,
12043 Berlin
Email: mexico.via.berlin [at] gmail.com
Board of Directors (vorstand [at] mexicoviaberlin.org):
-
Iliusi D. Vega
-
Benjamin Seidel
-
Ximena Alba
Registered in the register of associations of the district court Berlin-Charlottenburg under registration number VR 33078 B.
Tax number: 27/640/60074
-
Types of processed data
– Inventory data (e.g., names)
– Contact information (e.g., e-mail)
– Content data (e.g., text input, photographs, videos)
– Usage data (e.g., websites visited, interest in content, access times)
– Meta / communication data (e.g., device information, operating system, IP addresses).
-
Purpose of processing
– Online communication, its functions and contents
– Answering contact requests and communicating with users
– Safety measures
– Reach Measurement.
-
User terms
The terms listed below are defined as in Article 4 of the General Data Protection Regulation (GDPR).
-
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular to reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
-
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
-
“Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
-
Relevant legal bases
In accordance with Art. 13 of the GDPR, we hereby inform you about the legal basis of our data processing.
Unless the legal basis in the data protection declaration is mentioned, the legal basis for obtaining consent are Article 6 (1.a) and Art. 7 of the GDPR; the legal basis for the processing necessary to assess the performance and execution of organizational measures, as well as the response to inquiries, is Art. 6 (1.b) of the GDPR; the legal basis for processing in order to comply with our legal obligations is Art. 6 (1.c) of the GDPR; and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1.f) of the GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1.d) of the GDPR is the legal basis.
-
Safety measures
Please inform yourself about the content of our privacy policy on a regular basis. We will adjust the privacy policy as soon as the changes to the data processing we make require it and we will users as soon as the changes require your consent or other individual notification.
-
Collaboration with processors and third parties
If we disclose, transmit or otherwise grant access to the data to other processors or third parties (persons and companies) in the context of our processing, this will only be done on the basis of a legal permission to which you have consented, to a legal obligation, or based on our legitimate interests (e.g. the use of agents or web hosters).
If we commission third parties to process data on the basis of a contract or other legal act under Union or Member State law, this will be done on the basis of Art. 28 of the GDPR.
-
Transfers to third countries
If we process data in a third country (outside the European Union (EU) or the European Economic Area (EEA)), if data is processed for the use of third party services, or if data is disclosed or transmitted to third parties, this will be done only if it is to fulfill our obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
If we process or have the data processed in a third country, it will be done only under the special conditions of Art. 44 et seq. of the GDPR, subject to legal or contractual permissions. This means that the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection or in compliance with officially recognized special contractual obligations (“standard contractual clauses”).
-
Rights of data subjects
In accordance with Art. 15 of the GDPR, you have the right to ask for confirmation as to whether or not personal data concerning you is being processed, and, were that the case, the right to ask for information about this data or any further information, and the right to ask for a copy of the data.
According to Art. 16 of the GDPR, you have the right to demand the rectification of inaccurate data concerning you or the completion of incomplete data concerning you.
In accordance with Art. 17 of the GDPR, you have the right to be forgotten. This means, you have the right to demand that data concerning you is deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 of the GDPR.
According to Art. 20 of the GDPR, you have the right to receive data concerning you which you have provided to us (in a structured, commonly used and machine-readable format), and request their transmission to another controller.
According to Art. 77 of the GDPR, you have the right to file a complaint with the competent supervisory authority.
-
Withdrawal
According to Art. 7 (3) of the GDPR, you have the right to withdraw your consent at any time. This shall not affect the lawfulness of processing based on consent before its withdrawal.
-
Right to object
In accordance with Art. 21 of the GDPR , you can object to the future processing of your data at any time. The objection may in particular be made against processing for direct marketing purposes.
-
Cookies and right to object in direct mail
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored), during or after his visit to an online offer.
Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes his browser. “Permanent” or “persistent” cookies remain stored even after the browser has been closed. Likewise, in such a cookie the interests of the users can be stored, which are used for range measurement or marketing purposes. A “third-party cookie” refers to cookies that are offered by providers other than the person who manages the online offer. Otherwise, if it is only their cookies, this is called “first-party cookies”.
Our hosting provider can use temporary and permanent cookies to identify and track visitors, their usage of the hosting service and their website access preferences.
If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general contradiction to the use of cookies used for online marketing purposes can be found in a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ be explained. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that not all features of this online offer may be used.
-
Deletion of data
The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose, and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for the data person or another legitimate purposes, its processing will be restricted. The data is blocked and not processed for other purposes. This applies, for example for data that must be kept for tax reasons.
According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, relevant for taxation Documents, etc.) and 6 years in accordance with § 257 (1) no. 2 and 3, para. 4 HGB (commercial letters).
-
Hosting
The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, storage and database services, and security and technical maintenance services that we use to operate the online service.
With these, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of visitors to this online offer, on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 (1.f) and Art. 28 of the GDPR (conclusion of the provision of services relating to processing).
-
Collection of access data and log files
On the basis of our legitimate interests within the meaning of Art. 6 (1.f) of the GDPR , we or our hosting provider collect data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
-
Provision of our statutory services
We process the data of our members, supporters, donors or other persons in accordance with Art. 6 (1.b) of the GDPR, as long as we operate in the context of an existing membership relationship (e.g. members), or if they are themselves recipients of benefits. And we process the data of affected persons in accordance with Art. 6 (1.f) of the GDPR, based on our legitimate interests (e.g. when it comes to administrative tasks or public relations).
The data processed, and the nature, scope, purpose and necessity of their processing are determined by the underlying type of relationship. This includes in principle inventory data (e.g. name), contact data (eg, e-mail address), contract data (e.g. services used) and payment data (e.g. bank details, payment history).
We delete data that is no longer required to serve our statutory purposes, according to the respective tasks and type of relationships. The necessity of keeping the data is checked every three years; otherwise the statutory storage obligations apply.
-
Administration, financial accounting, office organization, contact management
We process data in the context of tasks that serve to maintain our organization, perform our duties and provide our services: administrative tasks and organization of our financial accounting and compliance with legal obligations, office organization and data archiving.
We follow the processing principles stated in Art. 6 (1.c) and Art. 6 (1.f) of the GDPR. The processing affects members, supporters, donors and other partners.
We disclose or transmit data to the financial administration, consultants, such as tax accountants or auditors, and other fee agents and payment service providers.
Based on our legitimate interests, we store information about members, supporters, donors and other partners. We generally store the majority of contact-related data permanently (e.g. for further collaboration or payment of services).
-
Privacy policy in the application process
The application process requires applicants to provide us with the application data via email or post: inventory data (name), signed form and contact information (email, phone number and address). In addition, applicants can voluntarily provide us with information that confirms their status as student, retired or unemployed, in order to request a discount in the membership fee.
By submitting the application to us, the applicants agree to the processing of their data for the purposes of the application process in accordance with the nature and scope set of this Privacy Policy.
Membership can correspond to an ordinary member (with right to vote in assemblies) or to a promotor (offering financial support). We process the applicant data (both types of memberships) only for the purpose and in the context of the application to membership process, in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfill our obligations in the context of the application process, within the scope of Art. 6 (1.b) and Art. 6 (1.f) of the GDPR, as long as the data processing is required for us (e.g. in the context of legal proceedings). Additionally, in Germany also applies the § 26 BDSG (Bundesdatenschutzgesetz).
Additional data belonging to the special categories of personal data stated in Art. 9 (1) of the GDPR can be voluntarily communicated within the framework of the application procedure, and its processing is carried out in accordance with Art. 9 (2) of the GDPR.
Applicants can send us their applications via e-mail. However, e-mails are generally not sent in encrypted form and applicants themselves should provide encryption. We can therefore take no responsibility for the transmission of the application between the sender and the receiver on our server or the postal delivery.
Applicants’ data will be deleted if an application is withdrawn, which the applicants are entitled to at any time.
The cancellation is subject to a legitimate cancellation of the applicant (in accordance with §4 of our Statues – http://mexicoviaberlin.org/wp-content/uploads/2014/03/Satzung-MvB-eV-bilingue.pdf).
Membership fees are due only after approval of membership. Invoices of application fees are archived in accordance with the tax regulations.
-
Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with members, supporters, donors or other persons active there, and to inform them about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
Unless otherwise stated in our Privacy Policy, we process users’ data as long as they communicate with us within social networks and platforms (e.g. write posts on our online presence or send us messages).
-
Integration of services and contents of third parties
Based on our legitimate interests (within the meaning of Art. 6 (1) of the GDPR), we make use of content or services offered by third-party providers in order to provide their content and services Services, such as Include videos or fonts (collectively referred to as “content”).
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offer.
-
WordPress
Our website operator is WordPress, a blogging platform that is owned and hosted online by Automattic, Inc.. The website operator’s contact details can be found in the website’s required legal notice.
The data collected on our website are processed by the website operator and are those that browsers and servers typically make available: non-personally-identifying (e.g. browser type, language preference, referring site, and the date and time of each visitor request) and some potentially personally-identifying (e.g. Internet Protocol (IP) addresses).
Further information about handling user data, can be found in the privacy policy of WordPress under: https://wordpress.org/about/privacy/ and the privacy policy of Automattic Inc. under: https://automattic.com/privacy/
-
Facebook
Within our online offering, we manage a Facebook account, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Among the features and content of the Facebook service may be: information in or about the content you provide (e.g. location of a photo or the date a file was created), information about how you use their Services (e.g. the types of content you view or engage with or the frequency and duration of your activities), content and information about you that other people provide (e.g. when they share a photo of you, send a message to you, or upload, sync or import your contact information), information about the people and groups you are connected to and how you interact with them (e.g. people you communicate with the most or the groups you like to share with; contact information you provide if you upload, sync or import this information from a device, such as an address book), information about payments, device information, information from websites and apps that use Facebook, information from Facebook’s third-party partners, and information about you from companies that are owned or operated by Facebook.
Further information about handling user data, can be found in the privacy policy of Facebook Inc. under: https://www.facebook.com/about/privacy
-
Twitter
Within our online offering, we manage a Twitter account, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Among the features and content of the Twitter service may be: images, videos, text and buttons that users use to promote their content, subscribe to content creators, or subscribe to our posts.
If the users are members of the platform Twitter, Twitter can call the o.g. Assign contents and functions to the profiles of the users there.
Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
Further information about handling user data, can be found in the data protection declaration of Twitter Inc. under: https://twitter.com/privacy, Opt-Out: https://twitter.com/personalization.
-
YouTube
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1.f) of the GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
-
Vimeo
Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.
If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.