Privacy Policy
Data protection statement of KOLPING INTERNATIONAL
(Effective August 2024)
General Informationt
Your personal data such as your name or your contact details is always processed in accordance with the General Data Protection Regulation (GDPR) and in compliance with any country-specific data protection regulations that apply to KOLPING INTERNATIONAL. With this data protection statement we inform you about the type, the scope and the purpose of the personal data we collect, use and process. In addition, we inform you about your rights when using our website.
Contact partner
The controller within the meaning of the General Data Protection Regulation and of other national data protection acts and regulations is:
KOLPING INTERNATIONAL
Kolpinglatz 5-11
50667 Köln, Germany
Email: info(at)kolping.net
For questions or queries regarding the personal data KOLPING INTERNATIONAL holds about you, please contact our external data protection officer (pursuant to Article 37 GDPR):
Simon Bernard
privacy/design GmbH
Privacy consulting and management
www.privacy-design.de
For questions regarding data protection, please send an email to:
Email: datenschutz(at)kolping.net
or to:
Simon Bernard
Data protection officer of KOLPING INTERNATIONAL
Kolpingplatz 5-11
50667 Köln, Germany
Collecting and processing your personal data
You can visit our website without entering any personal data. If you want to use our website to make a donation, to use our special services, e.g. to order materials, to register for our newsletter, or to request information, you will be asked to provide personal information for an adequate processing of your personal data.
We process your personal data exclusively for the provision of a functioning website, of our contents and services. Your personal data is processed regularly and only where we have your consent except if we were not able to obtain your consent and if we are authorized by legal regulations to process your data.
Any personal data we collected about you will be deleted as soon as your request has been handled and our obligation to preserve commercial and tax records has been met. You can revoke your consent, e.g. to receive a newsletter, at any time with effect for the future without giving reasons. The use of your personal data can be objected to at any time by notifying us via the contact form or via the head office of KOLPING INTERNATIONAL, Kolpingplatz 5-11, 50667 Köln, Germany.
Provision of our webpages and creation of log files
Each time you access our website, our system automatically records data and information from the device you use (computer, tablet, etc.). The following data is collected:
- the types and versions of browsers used,
- the operating system of the device you use,
- the website from which you accessed our website (so-called “referrer“),
- the subpages you access on our website,
- the date and time of access to the website,
- the Internet Protocol address (IP address),
- the Internet service provider you use to access our website and
- other similar data and information that serve to protect ourselves in the event of an attack on our information technology systems.
This data is stored in the log files of our system for 14 days and it is not linked to any other personal data.
The storage of data in log files is essential for the functionality of our webpages. In addition, the data is used to optimize our webpages and to ensure the security of our information technology systems. This results in safeguarding our legitimate interest in data proccessing pursuant to point (f) of Article 6 (1) GDPR as the legal basis.
The data in the log files is deleted after 14 days at the latest. Further data storage may occur. In this case the IP addresses of users are deleted or masked in such a way that they can no longer be allocated.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is therefore no entitlement to objection on the part of the user.
Contacting us via email / contact form
If you contact us e.g. via email or the contact form, we will use the data provided by you exclusively for the processing of your inquiry. This may require the storage of data in our internal systems.
The legal basis for processing the data you have entered when contacting us is point (b) of Article 6(1) GDPR (in terms of the performance of a contract or prior to entering into a contract such as the payment of a donation) and/or point (f) of Article 6 (1) GDPR (legitimate interest) for other inquiries.
Any data we collected about you will be deleted as soon as your request has been handled and our legal obligation to preserve records has been met.
Newsletter
On our website you have the option of signing up to a free newsletter. When you register for the newsletter, your data from the input mask will be transmitted to us.
To send our newsletter, we need an email address from you. The email address provided must be verified and consent must be given to receive the newsletter. Additional data is not collected or is optional. The data is used exclusively for sending the newsletter. Registration takes place in a so-called double opt-in process, i.e. after registration you will receive an email where you will be asked to confirm your registration. This confirmation is required to ensure that no one can register with other people’s email addresses. Subscriptions to the newsletter are recorded to be able to prove that the subscription process has complied with the legal requirements. This includes the storage of the time of registration and confirmation, as well as your IP address.
To send newsletters, we use the CleverReach service of the provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. This service allows us to organise the sending of newsletters. The data you enter to receive the newsletter, such as your email address, is stored on CleverReach’s servers. The servers are located in Germany and/or Ireland. To ensure full compliance with the statutory data protection requirements, we have concluded a data processing agreement with CleverReach. Click here for details of the privacy policy of CleverReach.
Mailing the newsletter with CleverReach also allows us to measure the success of sending the newsletter. This measurement enables us to analyse how many recipients have opened the newsletter and how often links in the newsletter were clicked. If you do not wish such an analysis, you have the option to unsubscribe from the newsletter at any time. To unsubscribe, all you need to do is send us an informal message by email or unsubscribe via the “unsubscribe” link in the newsletter.
The legal basis for the processing of the data is the provision of your consent in accordance with Art. 6 para. 1 (a) GDPR. The newsletter is also sent on the basis of your consent in accordance with Art. 6 para. 1 (a) and Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG (German Act against Unfair Competition).
The recording of the registration process is based on our legitimate interests (proof of your registration) pursuant to Art. 6 para. 1 (f) GDPR.
You can withdraw your consent at any time. To cancel your subscription, all you need to do is send us an informal message by email or unsubscribe via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you have provided in this context will be deleted from our servers and from the servers of CleverReach after you unsubscribe from the newsletter.
Donations
If you want to make an online donation, your payment will be processed by using secure and encrypted data transmission technology. To be able to process your donation, we will collect data such as your name and address. In addition, you will be asked to provide your bank data or credit card details. It is at your discretion whether or not you provide us with any data that is marked voluntary.
As soon as you have entered and confirmed your data in the donation form, they will be transmitted to us via a secure SSL connection. You will then receive an email to notify you of the realization of your donation. When applicable, this will also include a note concerning your donation receipt or a link to your donation certificate.
If you make a donation (online or via bank transfer), we will use your address data to send you some information about KOLPING INTERNATIONAL by mail, such as our donor magazine “Horizonte“.
To process your donation, we work with the external service provider Altruja GmbH, Augustenstraße 62, 80333 München, Germany. Altruja cooperates with various payment service providers for this purpose.
Altruja GmbH is bound by contract with KOLPING INTERNATIONAL to ensure data security and privacy. They shall use personal data exclusively for the purpose of the correct processing of your donation. Besides using the obligatory SSL encryption method, Altruja GmbH secures all data of donors by applying the PCI/DSS standard. All data is stored on Altruja GmbH servers that are located exclusively in Germany.
The legal basis for the processing of your data to manage your donation is point (b) of Article 6(1) GDPR (contractual relationship).
The legal basis for sending you some information is our legitimate interest in informing our donors about our work pursuant to point (f) of Article 6(1) GDPR in connection with Article 7(3) UWG (German Act against unfair competition).
You can revoke your consent to us sending you further information about KOLPING INTERNATIONAL at any time with effect for the future.
Any personal data we collected about you in terms of your donations will be deleted as soon as our legal obligation to preserve records has been met.
Cookies
We use so-called “cookies” on our website. Cookies are text files that are stored on your terminal device to provide us with various information. A cookie serves primarily to save information about a user (respectively the device on which the cookie has been stored) during or after the visit to our website to enable us to analyze the usage of the website or to automatically recognize you at your next visit.
Cookies that are used by providers other than KOLPING INTERNATIONAL are called “third-party cookies“. Please refer to the section on “Third-party cookies“ of this privacy poliy to learn more about cookies of third-party providers used on our website.
The legal basis for the use of cookies are our legitimate interests in the optimization and economic operation of our website pursuant to point (f) of Article 6(1) GDPR.
If you do not want cookies to be stored on your computer you must deactivate the relevant option in your browser settings. Your browser settings also allow you to delete cookies already stored in your browser. Please note that if you do this, you may not be able to use the full functionality of our website.
Cookies deployed by KOLPING INTERNATIONAL are deleted at the end of your browser session.
To learn more about the framework conditions for cookies used by third-party providers, please refer to the relevant section of this privacy policy.
Third-party cookies
Based on our legitimate interests in the optimization and economic operation of our website, we use third-party services also for the purpose of marketing.
To this end, we use the following third-party cookies.
a) Cloudflare
We use a so-called “Content Delivery Network” provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.
Cloudflare is a service provider that helps us to deliver our online services, in particular large media data files such as images or graphics faster to the users of our website by using servers in various regions that are linked over the Internet. The data of the users is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of the service.
We use this service on the basis of our legitimate interests in a secure and efficient provision, analysis and optimization of our online services pursuant to point (f) of Article 6(1) GDPR.
For more information, please see the privacy policy of Cloudflare:
https://www.cloudflare.com/privacypolicy/.
b) GoogleMaps
To visualize the location of our Kolping Hotels, this website uses Google Maps, which allows the display of maps and route planning. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These sites are marked appropriately.
We use this service on the basis of our legitimate interests in the provision of information about our projects pursuant to point (f) of Article 6(1) GDPR.
When you use these services, you confirm that you are in agreement with the recording, processing and use of the data entered by you and collected by Google.
For more information, please see the terms of use for Google Maps under https://www.google.com/intl/de_de/help/terms_maps/
and Google’s privacy policy: https://policies.google.com/privacy.
c) Web analysis with Google Analytics
Where you have consented to its use, this website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies, which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookies about your use of this website is usually transmitted to a Google server and stored there.
Google will use this information on our behalf for the purpose of evaluating the use of our website by users, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with IP Pseudonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. This shortening eliminates the direct personal reference of your IP address.
The data stored by Google is automatically deleted after 14 months.
For more information about Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy (https://policies.google.com/privacy) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
You can object to the use of your data by Google Analytics by installing a so-called add-on in your browser. To do this, you can follow the link below, which will take you to the Google page:
https://tools.google.com/dlpage/gaoptout?hl=de
We only use Google Analytics if you have explicitly consented to it in the info banner or in the “Cookie settings”. In this case, the legal basis is the existence of your consent pursuant to Art. 6 (1) lit. a GDPR (General Data Protection Regulation).
The consent will be withdrawn after the end of your browser session and the cookie will be deleted.
Further information on the terms of use and data protection at Google Analytics can be found at https://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/.
d) Google Doubleclick
We use the online marketing service Google Doubleclick provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google“) to place ads across the Google network (e.g. in search results, in videos, on websites).
Google Doubleclick registers the IP address of users, which will be truncated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The above-mentioned information may be associated by Google with information from other sources. If the user visits other websites, the user profile may be utilized to show personalized ads that may fit the user’s interests.
The data of the users is processed under a pseudonym within Google’s advertising network. This means that Google does not store and process data such as the user’s name or email address but processes the relevant data cookie-related within pseudonymous profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about the users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the USA.
We use this service on the basis of our legitimate interests in the analysis, optimization and economic operation of our online services pursuant to point (f) of Article 6(1) GDPR.
For further information on the use of data by Google, about setting options and the right of objection, please refer to Google’s privacy policy at https://policies.google.com/technologies/ads) and to the settings for the display of advertisements (https://adssettings.google.com/authenticated).
Online presence in social media
We maintain online presences within social networks and platforms in order to communicate with interested parties who are active there and to inform them about our activities.
Please note that in doing so data of users may be processed outside the European Union. This may entail risks for the users because it might become more difficult for them to assert their rights.
As a rule, the data of social media users is processd for market research and for advertising purposes. Data such as the user behaviour and any resulting interests users may have enable us to create profiles that platform providers can use to place e.g. ads on their and other platforms that may match the interests of users. As a rule, cookies are placed on the devices used for the purpose of storing your user behaviour and your interests. Furthermore, data can also be stored in user profiles regardless of the devices used by users (especially when users are members of the relevant platform and have logged on to the site).
The processing of personal data of users is based on our legitimate interests in an effective information and communication with our users pursuant to point (f) of Article 6(1) GDPR. If the users are asked by the relevant platform providers to consent to the processing of data as specified above, the legal basis for processing is point (a) of Article 6(1) and Article 7 GDPR.
For more information regarding the relevant processing of the certification, the privacy policy and the possiblity to opt out, please refer to the information provided on the linked websites below.
If you have any questions or wish to exercise your rights in the most effective way, please contact the providers concerned. They have access to the data of users and can take appropriate measures and provide information. If you still need any further help, do not hesitate to contact us.
a) Facebook
Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of Vereinbarung über gemeinsame Verarbeitung personenbezogener Daten
Privacy Policy: https://www.facebook.com/about/privacy/, specific information about page insights: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Opt out option: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
b) Google/ YouTube
Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy
Opt out option: https://adssettings.google.com/authenticated
c) Instagram
Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy and Opt out option: https://help.instagram.com/519522125107875
d) Twitter
Operator: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy Policy: https://twitter.com/de/privacy
Opt out option: https://twitter.com/personalization,
Use of Facebook Social Plugins
Contents from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA are shared on our website via interfaces.
When you access the respective page on our website, the device you use will establish a direct connection with the servers of Facebook. If you have logged in to your Facebook account, the provider can directly assign the visit of this website to your Facebook user account as soon as you use the plugin functions (e.g. when clicking the “Like“ button). Even if you do not have a Facebook account there may be an opportunity for Facebook to identify and store your IP address. According to Facebook, IP addresses in Germany are recorded anonymously only.
The processing is based on your consent in our cookie banner according to Art. 6 para. 1 lit. a DS-GVO.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of the users’ privacy can be found in Facebook’s data protecion information: https://www.facebook.com/about/privacy/.
If you have a Facebook account and do not want Facebook to use this website to collect data about you and link it to your membership data stored on Facebook, you must log out of Facebook before visiting and using our website and delete your cookies in the browser. For further information on the use of data for advertising purposes, about setting options and the right of objection, please refer to Facebook profile settings at: https://www.facebook.com/settings?tab=ads or visit the site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they apply to all devices such as desktop computers or mobile devices.
Liability for contents of this website
The contents of this website were created with the highest possible degree of accuracy. However, we do not warrant the correctness, completeness and up-to-dateness of the contents provided. As a service provider, we are responsible for the contents created by us on this website in accordance with general law.
Liability for external links (third-party contents)
Apart from the contents we created ourselves, this website contains links to contents provided by external providers. We have no influence on these contents. The external provider or operator of the respective websites is responsible for the contents of these linked sites.
Your rights
When your personal data is processed, you are the data subject within the meaning of GDPR and you can exercise the following rights with the controller.
If you wish to exercise any of the rights listed below, you can contact our data protection officer or any other staff of KOLPING INTERNATIONAL at any time.
Right of access
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed by us.
Where that is the case, the data subject can request information from the controller about the following information:
- the purposes of processing personal data;
- the categories of personal data that are processed;
- the recipients or categories of recipient to whom the personal data concerning the data subject have been or will be disclosed;
- the envisaged period for which the personal data concerning the data subject will be stored or, if not possible, the criteria used to determine that period;
- the existence of the right to request rectification or erasure of personal data concerning the data subject or to request from the controller restriction of processing or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automatic decision-making, including profiling pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
Right to rectification
The data subject has the right to obtain from the controller the rectification and/or the supplementation of inaccurate or incomplete personal data concerning him or her. The controller shall rectify the data without undue delay.
Right to restriction of processing
The data subject has the right to request restriction of processing personal data concerning him or her where one of the following applies:
- If the data subject denies the correctness of the personal data concerning him or her, the data subject can request restriction of processing for a certain period of time that enables the controller to examine the correctness of the personal data;
- If processing is unlawful and the data subject refuses the erasure of personal data and instead requests restriction of use of personal data;
- If the controller no longer needs the data for the purpose of processing but the data subject needs the data in order to assert, establish or defend legal claims, or
- If the data subject files an objection to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing of personal data concerning the data subject has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing was restricted under the conditions listed above, the data subject shall be informed by the controller before the restriction of processing is lifted.
Right to erasure
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where KOLPING INTERNATIONAL has made the personal data public and is obliged as the controller to erase the personal data in accordance with Article 17 (1) GDPR, KOLPING INTERNATIONAL, taking account of available technology and the cost of implementation, shall take reasonable steps, including techncial measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by these other controllers, which are processing data of any links to, or copy or replication of, those personal data to the extent that the processing is not necessary. The data protection officer of KOLPING INTERNATIONAL or another staff will see to it that the necessary steps will be taken in the individual case.
- The right to erasure does not apply to the extent that processing is necessary.
- for compliance with a legal obligation which requires processing by Union or Member State law to which the data subject is subject or for the performance of a task carried out in the public interest
- for the establishment, exercise or defence of legal claims.
Right to object
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1) GDPR.
KOLPING INTERNATIONAL shall no longer process the personal data concerning the data subject unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data concerning the data subject are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to the processing for direct marketing purposes, the personal data concerning him or her shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Right to object to the declaration of consent regarding data protection law
The data subject has the right to object to his or her declaration of consent regarding data protection law at any time. By withdrawing consent, the lawfulness of processing based on consent before its withdrawal shall not be affected.
Automated individual decision-making, including profiling
As a responsible organization, we renounce automated individual decision-making or a profiling.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State or his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.