Data protection statement of KOLPING INTERNATIONAL
(Effective April 2019)
Your personal data such as your name or your contact details is always processed in accordance with the General Data Protection Regulation (GDPR) and in compliance with any country-specific data protection regulations that apply to KOLPING INTERNATIONAL. With this data protection statement we inform you about the type, the scope and the purpose of the personal data we collect, use and process. In addition, we inform you about your rights when using our website.
The controller within the meaning of the General Data Protection Regulation and of other national data protection acts and regulations is:
50667 Köln, Germany
For questions or queries regarding the personal data KOLPING INTERNATIONAL holds about you, please contact our external data protection officer (pursuant to Article 37 GDPR):
Dr. Burkhard Petin
Privacy consulting and management
For questions regarding data protection, please send an email to:
Dr. Burkhard Petin
Data protection officer of KOLPING INTERNATIONAL
50667 Köln, Germany
Collecting and processing your personal data
You can visit our website without entering any personal data. If you want to use our website to make a donation, to use our special services, e.g. to order materials, to register for our newsletter, or to request information, you will be asked to provide personal information for an adequate processing of your personal data.
We process your personal data exclusively for the provision of a functioning website, of our contents and services. Your personal data is processed regularly and only where we have your consent except if we were not able to obtain your consent and if we are authorized by legal regulations to process your data.
Any personal data we collected about you will be deleted as soon as your request has been handled and our obligation to preserve commercial and tax records has been met. You can revoke your consent, e.g. to receive a newsletter, at any time with effect for the future without giving reasons. The use of your personal data can be objected to at any time by notifying us via the contact form or via the head office of KOLPING INTERNATIONAL, Kolpingplatz 5-11, 50667 Köln, Germany.
Provision of our webpages and creation of log files
Each time you access our website, our system automatically records data and information from the device you use (computer, tablet, etc.). The following data is collected:
- the types and versions of browsers used,
- the operating system of the device you use,
- the website from which you accessed our website (so-called “referrer“),
- the subpages you access on our website,
- the date and time of access to the website,
- the Internet Protocol address (IP address),
- the Internet service provider you use to access our website and
- other similar data and information that serve to protect ourselves in the event of an attack on our information technology systems.
This data is stored in the log files of our system for 14 days and it is not linked to any other personal data.
The storage of data in log files is essential for the functionality of our webpages. In addition, the data is used to optimize our webpages and to ensure the security of our information technology systems. This results in safeguarding our legitimate interest in data proccessing pursuant to point (f) of Article 6 (1) GDPR as the legal basis.
The data in the log files is deleted after 14 days at the latest. Further data storage may occur. In this case the IP addresses of users are deleted or masked in such a way that they can no longer be allocated.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is therefore no entitlement to objection on the part of the user.
Contacting us via email / contact form
If you contact us e.g. via email or the contact form, we will use the data provided by you exclusively for the processing of your inquiry. This may require the storage of data in our internal systems.
The legal basis for processing the data you have entered when contacting us is point (b) of Article 6(1) GDPR (in terms of the performance of a contract or prior to entering into a contract such as the payment of a donation) and/or point (f) of Article 6 (1) GDPR (legitimate interest) for other inquiries.
Any data we collected about you will be deleted as soon as your request has been handled and our legal obligation to preserve records has been met.
You can subscribe to a free newsletter on our website. The data that you enter to register for the newsletter is transmitted from the input mask to us. We use the double opt-in procedure for the newsletter distribution, in other words we will send you a confirmation email and ask you to confirm your registration. This confirmation is necessary to make sure that only you as the owner of the specified email address can register. For the registration process to meet legal requirements, any subscription to our newsletter is recorded. This includes the storage of the time of the registration and the confirmation as well as your IP address.
We ask for your consent to the processing of your personal data during the registration process. The legal basis for the processing of personal data is the consent you have given pursuant to point (a) of Article 6(1) GDPR.
The newsletter is sent to you on the basis of your consent pursuant to point (a) of Article 6(1), Article 7 GDPR in connection with Article 7(2) No. 3 UWG (German Act against unfair competition).
The recording of the registration process is based on our legitimate interests (proof of your registration) pursuant to point (f) of Article 6(1) GDPR.
You can unsubscribe from the newsletter at any time using the link for each copy you receive.
If you want to make an online donation, your payment will be processed by using secure and encrypted data transmission technology. To be able to process your donation, we will collect data such as your name and address. In addition, you will be asked to provide your bank data or credit card details. It is at your discretion whether or not you provide us with any data that is marked voluntary.
As soon as you have entered and confirmed your data in the donation form, they will be transmitted to us via a secure SSL connection. You will then receive an email to notify you of the realization of your donation. When applicable, this will also include a note concerning your donation receipt or a link to your donation certificate.
If you make a donation (online or via bank transfer), we will use your address data to send you some information about KOLPING INTERNATIONAL by mail, such as our donor magazine “Horizonte“.
To process your donation, we work with the external service provider Altruja GmbH, Augustenstraße 62, 80333 München, Germany.
Altruja GmbH is bound by contract with KOLPING INTERNATIONAL to ensure data security and privacy. They shall use personal data exclusively for the purpose of the correct processing of your donation. Besides using the obligatory SSL encryption method, Altruja GmbH secures all data of donors by applying the PCI/DSS standard. All data is stored on Altruja GmbH servers that are located exclusively in Germany.
The legal basis for the processing of your data to manage your donation is point (b) of Article 6(1) GDPR (contractual relationship).
The legal basis for sending you some information is our legitimate interest in informing our donors about our work pursuant to point (f) of Article 6(1) GDPR in connection with Article 7(3) UWG (German Act against unfair competition).
You can revoke your consent to us sending you further information about KOLPING INTERNATIONAL at any time with effect for the future.
Any personal data we collected about you in terms of your donations will be deleted as soon as our legal obligation to preserve records has been met.
We use so-called “cookies” on our website. Cookies are text files that are stored on your terminal device to provide us with various information. A cookie serves primarily to save information about a user (respectively the device on which the cookie has been stored) during or after the visit to our website to enable us to analyze the usage of the website or to automatically recognize you at your next visit.
Cookies that are used by providers other than KOLPING INTERNATIONAL are called “third-party cookies“. Please refer to the section on “Third-party cookies“ of this privacy poliy to learn more about cookies of third-party providers used on our website.
If you do not want cookies to be stored on your computer you must deactivate the relevant option in your browser settings. Your browser settings also allow you to delete cookies already stored in your browser. Please note that if you do this, you may not be able to use the full functionality of our website.
Cookies deployed by KOLPING INTERNATIONAL are deleted at the end of your browser session.
Based on our legitimate interests in the optimization and economic operation of our website, we use third-party services also for the purpose of marketing.
To this end, we use the following third-party cookies.
We use a so-called “Content Delivery Network” provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare has certified under the Privacy Shield framework and therefore guarantees to meet the requirements of the European data protection legislation. (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
Cloudflare is a service provider that helps us to deliver our online services, in particular large media data files such as images or graphics faster to the users of our website by using servers in various regions that are linked over the Internet. The data of the users is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of the service.
We use this service on the basis of our legitimate interests in a secure and efficient provision, analysis and optimization of our online services pursuant to point (f) of Article 6(1) GDPR.
We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The use of this service is based on our legitimate interests in an adequate and efficient provision of our online services pursuant to point (f) of Article 6(1) GDPR.
To visualize the location of our Kolping Hotels, this website uses Google Maps, which allows the display of maps and route planning. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These sites are marked appropriately.
We use this service on the basis of our legitimate interests in the provision of information about our projects pursuant to point (f) of Article 6(1) GDPR.
When you use these services, you confirm that you are in agreement with the recording, processing and use of the data entered by you and collected by Google.
Web analysis with Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The information generated by a placed cookie about the use of our websites is usually transmitted to and stored on a server operated by Google in the USA. Google has certified under the Privacy Shield framework and therefore guarantees to meet the requirements of the European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our websites by the users, to compile reports on activities within this online service, and to provide other services to us that are related to the use of this website and Internet usage. In doing so, pseudonymous usage profiles of users can be created from the processed data.
The use of this service is based on our legitimate interests in a secure and efficient provision, analysis and optimization of our online services pursuant to point (f) of Article 6(1) GDPR.
We use Google Analytics exclusively with activated IP anonymization. This means that your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
You can object to the use of your data by Google Analytics by installing a so-called Add-on in your browser. Please click on https://tools.google.com/dlpage/gaoptout?hl=de to access Google and install the browser add-on.
We use the online marketing service Google Doubleclick provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google“) to place ads across the Google network (e.g. in search results, in videos, on websites).
Google has certified under the Privacy Shield framework and therefore guarantees to meet the requirements of the European data protection legislation. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Doubleclick registers the IP address of users, which will be truncated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The above-mentioned information may be associated by Google with information from other sources. If the user visits other websites, the user profile may be utilized to show personalized ads that may fit the user’s interests.
The data of the users is processed under a pseudonym within Google’s advertising network. This means that Google does not store and process data such as the user’s name or email address but processes the relevant data cookie-related within pseudonymous profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about the users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the USA.
We use this service on the basis of our legitimate interests in the analysis, optimization and economic operation of our online services pursuant to point (f) of Article 6(1) GDPR.
Online presence in social media
We maintain online presences within social networks and platforms in order to communicate with interested parties who are active there and to inform them about our activities.
Please note that in doing so data of users may be processed outside the European Union. This may entail risks for the users because it might become more difficult for them to assert their rights. We point out that US providers certified under the Privacy Shield framework are obliged to comply with data protection standards of the European Union.
As a rule, the data of social media users is processd for market research and for advertising purposes. Data such as the user behaviour and any resulting interests users may have enable us to create profiles that platform providers can use to place e.g. ads on their and other platforms that may match the interests of users. As a rule, cookies are placed on the devices used for the purpose of storing your user behaviour and your interests. Furthermore, data can also be stored in user profiles regardless of the devices used by users (especially when users are members of the relevant platform and have logged on to the site).
The processing of personal data of users is based on our legitimate interests in an effective information and communication with our users pursuant to point (f) of Article 6(1) GDPR. If the users are asked by the relevant platform providers to consent to the processing of data as specified above, the legal basis for processing is point (a) of Article 6(1), Article 7 GDPR.
If you have any questions or wish to exercise your rights in the most effective way, please contact the providers concerned. They have access to the data of users and can take appropriate measures and provide information. If you still need any further help, do not hesitate to contact us.
- a) Facebook
Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of Vereinbarung über gemeinsame Verarbeitung personenbezogener Daten
b) Google/ YouTube
Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Opt out option: https://adssettings.google.com/authenticated
Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- d) Twitter
Operator: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Opt out option: https://twitter.com/personalization,
Use of Facebook Social Plugins
Contents from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA are shared on our website via interfaces.
Facebook has certified under the Privacy Shield framework and therefore guarantees to meet the requirements of the European data protection legislation. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When you access the respective page on our website, the device you use will establish a direct connection with the servers of Facebook. If you have logged in to your Facebook account, the provider can directly assign the visit of this website to your Facebook user account as soon as you use the plugin functions (e.g. when clicking the “Like“ button). Even if you do not have a Facebook account there may be an opportunity for Facebook to identify and store your IP address. According to Facebook, IP addresses in Germany are recorded anonymously only.
The processing is based on our legitimate interests in the analysis, optimization and economic operation of our website pursuant to point (f) of Article 6(1) GDPR.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of the users’ privacy can be found in Facebook’s data protecion information: https://www.facebook.com/about/privacy/.
If you have a Facebook account and do not want Facebook to use this website to collect data about you and link it to your membership data stored on Facebook, you must log out of Facebook before visiting and using our website and delete your cookies in the browser. For further information on the use of data for advertising purposes, about setting options and the right of objection, please refer to Facebook profile settings at: https://www.facebook.com/settings?tab=ads or visit the site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they apply to all devices such as desktop computers or mobile devices.
Liability for contents of this website
The contents of this website were created with the highest possible degree of accuracy. However, we do not warrant the correctness, completeness and up-to-dateness of the contents provided. As a service provider, we are responsible for the contents created by us on this website in accordance with general law.
Liability for external links (third-party contents)
Apart from the contents we created ourselves, this website contains links to contents provided by external providers. We have no influence on these contents. The external provider or operator of the respective websites is responsible for the contents of these linked sites.
When your personal data is processed, you are the data subject within the meaning of GDPR and you can exercise the following rights with the controller.
If you wish to exercise any of the rights listed below, you can contact our data protection officer or any other staff of KOLPING INTERNATIONAL at any time.
Right of access
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed by us.
Where that is the case, the data subject can request information from the controller about the following information:
- the purposes of processing personal data;
- the categories of personal data that are processed;
- the recipients or categories of recipient to whom the personal data concerning the data subject have been or will be disclosed;
- the envisaged period for which the personal data concerning the data subject will be stored or, if not possible, the criteria used to determine that period;
- the existence of the right to request rectification or erasure of personal data concerning the data subject or to request from the controller restriction of processing or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automatic decision-making, including profiling pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
Right to rectification
The data subject has the right to obtain from the controller the rectification and/or the supplementation of inaccurate or incomplete personal data concerning him or her. The controller shall rectify the data without undue delay.
Right to restriction of processing
The data subject has the right to request restriction of processing personal data concerning him or her where one of the following applies:
- If the data subject denies the correctness of the personal data concerning him or her, the data subject can request restriction of processing for a certain period of time that enables the controller to examine the correctness of the personal data;
- If processing is unlawful and the data subject refuses the erasure of personal data and instead requests restriction of use of personal data;
- If the controller no longer needs the data for the purpose of processing but the data subject needs the data in order to assert, establish or defend legal claims, or
- If the data subject files an objection to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing of personal data concerning the data subject has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing was restricted under the conditions listed above, the data subject shall be informed by the controller before the restriction of processing is lifted.
Right to erasure
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where KOLPING INTERNATIONAL has made the personal data public and is obliged as the controller to erase the personal data in accordance with Article 17 (1) GDPR, KOLPING INTERNATIONAL, taking account of available technology and the cost of implementation, shall take reasonable steps, including techncial measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by these other controllers, which are processing data of any links to, or copy or replication of, those personal data to the extent that the processing is not necessary. The data protection officer of KOLPING INTERNATIONAL or another staff will see to it that the necessary steps will be taken in the individual case.
- The right to erasure does not apply to the extent that processing is necessary.
- for compliance with a legal obligation which requires processing by Union or Member State law to which the data subject is subject or for the performance of a task carried out in the public interest
- for the establishment, exercise or defence of legal claims.
Right to object
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1) GDPR.
KOLPING INTERNATIONAL shall no longer process the personal data concerning the data subject unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data concerning the data subject are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to the processing for direct marketing purposes, the personal data concerning him or her shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Right to object to the declaration of consent regarding data protection law
The data subject has the right to object to his or her declaration of consent regarding data protection law at any time. By withdrawing consent, the lawfulness of processing based on consent before its withdrawal shall not be affected.
Automated individual decision-making, including profiling
As a responsible organization, we renounce automated individual decision-making or a profiling.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State or his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.