Privacy Policy

We, urgewald e.V., operate the website www.urgewald.org and collect certain information from you to the extent necessary. In the following Privacy Policy, you will learn what we do with your information—known as personal data—and why we do so. We also explain how we protect your personal data, when your personal data will be deleted, and what rights you have under data protection laws.

Whom can I contact?

The entity responsible for this website is:

urgewald e.V.
Von-Galen-Straße 4
48336 Sassenberg
02583 30492-0

datenschutz [at] urgewald.org (datenschutz[at]urgewald[dot]org)

You can also use the above contact details to reach our Data Protection Officer or another contact person regarding data protection matters. Please feel free to contact us at any time if you have specific questions about your personal data, its deletion, or your rights.

If you would like to contact our data protection officer directly regarding a confidential matter, please use the following email address: dsb [at] freshcompliance.de (dsb[at]freshcompliance[dot]de) .

What are my rights?

You can contact us at any time if you have questions about your personal data protection or wish to exercise the following rights:

Right of withdrawal pursuant to Art. 7(3) GDPR (e.g., you can contact us if you wish to revoke previously given consent to receive a newsletter)
Right of access pursuant to Art. 15 GDPR (e.g., you can contact us if you would like to know what data we have stored about you)
Right to rectification pursuant to Art. 16 GDPR (e.g., you may contact us if your email address has changed and you would like us to update it)
Right to erasure pursuant to Art. 17 GDPR (e.g., you may contact us if you wish for us to delete certain data we have stored about you)
Right to restriction of processing pursuant to Art. 18 GDPR (e.g., you may contact us if you wish for us not to delete your email address, but to use it only for sending strictly necessary emails)
Right to data portability pursuant to Art. 20 GDPR (e.g., you may contact us to receive your data stored with us in a compressed format, e.g., because you wish to provide the data to another website)
Right to object pursuant to Art. 21 GDPR (e.g., you may contact us if you object to any of the advertising or analytics methods listed here)
Right to lodge a complaint with the appropriate supervisory authority pursuant to Art. 77(1) GDPR (e.g., you may contact the State Commissioner for Data Protection and Information Security of North Rhine-Westphalia, the authority responsible for us, directly with any complaints: Kavalleriestraße 2–4, 40213 Düsseldorf, poststelle [at] ldi.nrw.de (poststelle[at]ldi[dot]nrw[dot]de) .

Deletion of Data and Retention Period

Unless otherwise specified, we delete your data as soon as it is no longer needed, e.g., your email address after you unsubscribe from our newsletter. Your data will also be blocked from further use and deleted when a retention period expires. Certain data may need to be retained for longer periods for legal reasons. You may request information about your personal data we store at any time. Data protection inquiries and other legal matters may also be stored for a longer period within the framework of the legally relevant retention and statute of limitations periods.

Visiting the Website

If you simply want to browse our website, we do not collect any personal data, with the exception of the data your browser transmits to facilitate your visit to the website, primarily:

IP address (e.g., 81.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
Approximate location based on IP range (e.g., Berlin)
Internet service provider (e.g., Vodafone or Deutsche Telekom)
Internet speed (e.g., 120 Mbit)
Date and time (e.g., 11:55 AM on May 25, 2023)
Last visited website (e.g., google.de)
Browser (e.g., Chrome or Safari)
Operating system (e.g., Mac OS)
Hardware (e.g., Intel processor)

As a privacy protection measure, we delete or anonymize your IP address after you visit our website. This ensures that the other technical data can no longer be traced back to you and is used solely for statistical purposes to optimize our website. For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, the website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon in your browser bar. The purpose of temporarily storing the data is, on the one hand, the technical necessity for establishing a connection and, on the other hand, the correct, error-free display of our website. The IP address and the aforementioned technical data are necessary to display the website, prevent display issues, and resolve error messages. The legal basis is the so-called ‘legitimate interest’ which has been assessed within the framework of the aforementioned protective measures and in accordance with the European data protection requirements under Art. 6(1)(f) GDPR.

Payment Transactions/Payment Providers

If, following the conclusion of a paid contract, there is an obligation to provide us with your payment details (e.g., account number for direct debit authorization), this data is required for payment processing.

We engage service providers who assist us in processing online and email donations as well as credit card payments. These companies have access to donor information as part of the services they provide to us; we require these companies to protect such information and to process it only within the scope of the agreed-upon service.

Our German payment service provider, Fundraising Box, stores the donor’s name, account number, and email address. If the donor also requests a donation receipt, we also process the relevant mailing address. For our internal donation processing, the service provider sends some of this information to us. To process the donations, Fundraising Box also sends some donor information to the payment service provider Micropayment. PayPal donations are processed via the donor’s PayPal account. In this case, we receive some donor information from PayPal in order to log and process the donation.

If you select payment via PayPal, the payment details you enter will be transmitted to PayPal.

Payments made using standard payment methods (e.g., Visa/MasterCard, direct debit) are processed exclusively via an encrypted SSL or TLS connection.

The purpose of the data collected is to process payments so that donations can be logged. The legal basis is your consent in accordance with the European data protection requirements under Art. 6(1)(a) GDPR.

Social Media Plugins

In addition to manual registration, we offer you the option to log in directly using your existing social media account from selected providers. We use the platforms “Facebook” (Like & Share button) and “Instagram.” If you wish to use one of these features, you will be redirected to the respective provider’s page and guided through the login process.

As a security measure, the data you enter is transmitted via an encrypted connection provided by the respective platform. We do not use the login process to access personal data such as friend lists or contacts, nor do we store such data for our own purposes. No permanent link is established between your user account and your account on Facebook, Instagram. We do not know what data the social networks collect during the sign-up process or how data is linked. Further details can be found in the respective privacy policies of Facebook (https://facebook.com/policy.php), Instagram (https://instagram.com/about/legal/privacy/).

The purpose of the requested data is to log in via an existing user account to use advanced features on the website. Logging in via social networks is voluntary and can be revoked at any time, or the user account can be deactivated. The legal basis is your consent in accordance with the European data protection requirements under Art. 6(1)(a) GDPR.

Newsletters, Media Releases, and Mailings

If you are interested in our current campaigns and events, you can subscribe to our newsletter. You will then receive an email in which you must click a link to confirm your subscription to the newsletter. We will store your email address until you unsubscribe from the newsletter. For this purpose, each edition of our newsletter contains a corresponding unsubscribe link. The newsletter is delivered by the specialized service provider CleverReach GmbH & Co. KG. We use CleverReach to send newsletters, media releases, and other current information about our work, such as notices about events, protests, corporate shareholder meetings, and trade fairs. We also use this service provider for online registration and data management for our mailing lists.

You can also sign up for our postal mailing list (Infopost) by providing us with your mailing address. Once you have registered, we will send you regular updates about our work. For mailings, we use the agency GEISTREICH, Beelener Straße 37, 48231 Warendorf. You can also sign up for our email or postal updates through our website as part of protest actions. Furthermore, you can sign up for our media mailing list.

As a security measure, we use the so-called “double opt-in” process to ensure that the email address you provide actually belongs to you. Furthermore, we have entered into a data protection agreement (data processing) with the contracted service provider. You also have the option to unsubscribe from the newsletter via the following link https://www.urgewald.org/newsletter and from the media distribution list via this link https://www.urgewald.org/medienverteiler at any time, thereby deleting your email address from the service provider’s database. You may also contact us via the postal or email address provided in the legal notice. The purpose of data collection is to deliver the newsletter or media distribution list to your personal email address in order to fulfill your request for updates about our organization or our campaigns. The legal basis is your consent in accordance with the European data protection requirements under Art. 6(1)(a) GDPR.

Online Protests

If you would like to participate in a protest action on the website, we need your first and last name and your email address. If you would also like to be regularly informed about our current campaigns and events, you can sign up for this by checking the corresponding box in the online protest. Additional information by mail is also available. To receive this, please provide us with your mailing address by filling in the respective fields.

Unless you have opted in to receive regular updates from us, we will use the data you provide exclusively to submit the signatures in the form of printed signature lists to the person or institution specified in the protest or petition. To process this data, we use the provider CleverReach, as described above.

As a security measure, we use the so-called “double opt-in” process to ensure that the email address you provided actually belongs to you. We will only include your signature in the protest after you confirm your participation by clicking the link in the confirmation email. This allows us to verify that you are the owner of the provided email address. Furthermore, we have entered into a data protection agreement (data processing) with the contracted service provider. You also have the option at any time to [OS1]

The data you have provided to us for the purpose of participating in the online protest campaign will be deleted from both our servers and the servers of CleverReach following the campaign’s conclusion, or blocked from further use.

The legal basis is your consent in accordance with the European data protection requirements under Art. 6(1)(a) GDPR.

Job Applications

If you apply to work with us online or otherwise respond to one of our job postings, we collect and process your personal application data for the purpose of carrying out the application process. Processing is primarily carried out electronically. This is particularly the case when relevant application documents are submitted to us electronically, for example via email. If we enter into an employment contract, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal regulations. If we do not conclude an employment contract, the application documents will be (automatically) deleted six months after notification of the rejection decision—this retention period is justified by a potential burden of proof in proceedings under the General Act on Equal Treatment (German: Allgemeines Gleichbehandlungsgesetz – AGG). If consent has been given, applications may also be retained for longer than six months (applicant pool).

As a protective measure, the data you provide is transmitted via an encrypted connection. We also ensure that only those persons entrusted with the application process have access to your application documents. We also always ensure the deletion of the data, as described above. The purpose of the requested data is to carry out the application process and make the respective hiring decision. The legal basis for processing is the decision regarding the establishment and execution of an employment relationship pursuant to Art. 6(1)(b), Art. 88 GDPR in conjunction with § 26 BDSG.

Cookies

Our website uses so-called cookies in some cases. Cookies are small text files that are usually stored in a folder on your browser. Cookies contain information about your current or last visit to the website:

Website name
Expiration date of the cookie
Arbitrary value

Unless cookies have a specific expiration date, they are only temporarily stored and are automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date remain stored even if you close your browser or restart your device. Such cookies are not removed until the specified date or until you delete them manually.

We use the following three types of cookies on our website:

Essential cookies (we need these, e.g., to display the website correctly for you and to temporarily store certain settings)
Functional and performance cookies (these help us, e.g., to analyze technical data from your visit and thus prevent error messages)
Advertising and analytics cookies (these ensure, e.g., that ads for shoes are displayed if you have previously searched for shoes)[OS2]

You can configure, block, and delete cookies in your browser settings. If you delete all cookies from our website, some website features may not display correctly. The Federal Office for Information Security provides helpful information and instructions for common browsers: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftwa…[OS3]

Recipients of Data

In accordance with the descriptions and purposes stated above, we share your data with the following recipients who are essential to the provision of our services and communication with you:

CleverReach, operated by CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede. This is a provider through which we send newsletters, media releases, and other current information about our work. The emails we send via CleverReach allow us to analyze recipient behavior. The data is processed within the European Union. For more information, please see CleverReach’s privacy policy at https://www.cleverreach.com/de-de/datenschutz/.
Agentur GEISTREICH, operated by Darpe Industriedruck GmbH & Co. KG, Beelener Str 37, 48231 Warendorf. This provider handles our mailings. The data is processed within the European Union. For more information, please see the privacy policy of Darpe Industriedruck GmbH & Co. KG.
Facebook, operated by Meta Platforms Ireland Ltd., headquartered at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This is a social network that, through the use of Facebook and the “Like” button, links the websites you visit to your Facebook account and shares this information with other users to deliver advertisements based on your user behavior. Data is also transferred to Facebook in this process. The data is processed within the European Union. For more information, please see Facebook’s Privacy Policy at: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.
Instagram, operated by Meta Platforms Ireland Limited, headquartered at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This is a social network that, when you click the Instagram button on our website, links the content of our pages to your Instagram profile if you are logged into your Instagram account. This allows Instagram to associate your visit on our pages with your user account. The data is processed within the European Union. For more information, please see Instagram’s privacy policy at: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
YouTube, operated by YouTube LLC (Google Ireland Limited) with headquarters at Gordon House, Barrow Street, Dublin 4, Ireland. This is a provider for the direct embedding of videos. When the embedded videos are played, a connection is established with the YouTube servers and, for technical reasons, at least your IP address is transmitted. The data is processed within the European Union. For more information, please see YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de.
Fundraising Box, operated by Wikando GmbH, Schießgrabenstraße 32, 86150 Augsburg. Our German payment service provider Fundraising Box stores the donor’s name, account number, and email address; if the donor requests a donation receipt, their mailing address is also stored. The data is processed within the European Union. For more information, please see PayPal’s privacy policy at https://en.fundraisingbox.com/datenschutz/.
Micropayment, operated by Micropayment GmbH, Scharnweberstraße 69d, 12587 Berlin. This is a service provider that handles payment transactions. The data is processed within the European Union. For more information, please see Micropayment’s privacy policy at https://www.micropayment.de/about/privacy/.
PayPal, operated by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select payment via PayPal, the payment details you enter will be transmitted to PayPal. The data is processed within the European Union. For more information, please see PayPal’s privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.
Matomo (formerly Piwik), operated by Innocraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. This is an open-source web analytics service that analyzes your user behavior on our website. Your IP address is anonymized immediately prior to evaluation. The data is processed within the European Union. For more information, please see Matomo’s privacy policy at: https://matomo.org/privacy-policy/.
Google Maps, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), is a map feature designed to help you find us more easily. For technical reasons, your IP address is transmitted to Google’s servers so that the map showing our location can be displayed in your browser. Depending on your location, the data is stored either in the European Union or the United States. For more information, please see Google’s Privacy Policy at https://policies.google.com/privacy?hl=de.

We only share data that is necessary to fulfill the mutual contract or if you have given us your consent, for example, in connection with our newsletter or the cookie pop-up. If no contract exists, we may still share the data in certain cases based on legitimate interests. This is the case, for example, if you simply visit our website or wish to contact us. When you visit our website, it is in both our interests to provide access to the service and to communicate with each other.

We have also entered into data processing agreements with all external recipients to comply with European legal requirements. Depending on your location, some of the service providers mentioned above—where indicated—may also transfer your data to the United States. The European Court of Justice has ruled that the United States does not have a level of data protection equivalent to that of the EU and that US government authorities may access data without due process. Additional safeguards are therefore necessary to ensure an adequate level of data protection. To meet this requirement, we have entered into additional data processing agreements, known as Standard Contractual Clauses. In addition, we review each service provider together with our Data Protection Officer and ensure that additional security measures are in place, such as strong data encryption.

Date of Privacy Policy: May 2, 2023