Data protection declaration
This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online service and the functions and content associated with it (hereinafter referred to as “online service”). With regard to the terms used, e.g., “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Pro Rauchfrei e. V.
legally represented by the Management Board
Dipl.-Kfm. Siegfried Ermer and Dipl.-Jur. (Univ.) Stephan Weinberger
80802 Munich, Germany
Mailing address: Postfach 100223, 93002 Regensburg, Germany
Link to publishing information: https://www.pro-rauchfrei.de/impress
Types of data processed
Categories of data subjects
Visitors to and users of our online service, such as those contacting us and using the mail generator (hereinafter referred to collectively as “users”).
Purpose of processing
“Personal data” means any information
relating to an identified or identifiable natural person (hereinafter “data
subject”); a natural person is regarded as identifiable if they can be
identified directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, online identifier
(e.g., a cookie) or to one or more specific characteristics that express the
physical, physiological, genetic, mental, economic, cultural or social identity
of that natural person.
“Processing” means any operation or set of operations that is carried out with or without the aid of automated processes and that involves personal data. The term is far-reaching and covers practically every handling of data.
“Controller” means any natural or legal person, public authority, agency or body that alone or jointly with others determines the purposes and means of the processing of personal data.
In accordance with Art. 13 GDPR, we are informing you about the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: the legal basis for data processing on the basis of consent is Art. 6 Para. 1 Letter a and Art. 7 GDPR; the legal basis for processing for the fulfillment of our services and the implementation of contractual measures as well as the response to contractual inquiries is Art. 6 Para. 1 Letter b GDPR; the legal basis for processing for the fulfillment of our legal obligations is Art. 6 Para. 1 Letter c GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6 Para. 1 Letter f GDPR. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 Para. 1 Letter d GDPR serves as the legal basis.
Cooperation with processors and third parties
Insofar as we disclose data to other
persons and companies (processors or third parties) within the scope of our
processing, transfer it to them or otherwise grant them access to the data,
this shall take place only on the basis of legal permission (e.g., if a
transfer of the data to third parties is necessary for the performance of the
contract pursuant to Art. 6 Para. 1
Letter b GDPR), if you have given your consent, if a legal obligation provides
for this, or on the basis of our legitimate interests (e.g., when using agents,
web hosts, etc.).
If we commission third parties with the processing of data on the basis of what is known as an “order processing agreement,” this is done on the basis of Art. 28 GDPR.
Transfer to third countries
Insofar as we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]) or if this is done in the context of the use of third-party services or of the disclosure or transfer of data to third parties, this will occur only if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, a legal obligation, or our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the US through the Privacy Shield) or the observance of officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of the data subject
You have the right to request confirmation
as to whether the data in question will be processed and to be informed of this
data and to receive further information and a copy of the data in accordance
with Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
Pursuant to Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 DSGVO.
You have the right to demand to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to demand that it be transferred to other responsible parties.
Pursuant to Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to withdraw consents granted pursuant to Art. 7 Para. 3 GDPR with effect for the future.
Right of objection
You may object at any time to the future processing of the data concerning you pursuant to Art. 21 GDPR.
Cookies and right of objection
“Cookies” are small files that are stored
on the user’s computer. Different data can be stored within the cookies. A
cookie is primarily used to store information about a user (or the device on
which the cookie is stored) during or after the user’s visit to an online
service. Temporary cookies, also known as “session cookies” or “transient
cookies,” are cookies that are deleted after a user leaves an online service
and closes their browser. The contents of a shopping basket in an online shop
or a login status, for example, can be stored in this kind of cookie.
“Permanent cookies” or “persistent cookies” are cookies that remain stored even
after the browser has been closed. A user’s login status, for example, may be
stored in this kind of cookie, so that the user can revisit after several days.
A user’s interests can also be stored in such a cookie and then used to measure
reach or for marketing purposes. “Third-party cookies” are cookies offered by
providers other than the party responsible for operating the online service
(cookies offered by the party responsible for the service are known as
If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online service.
Deletion of data
The data processed by us will be deleted or
its processing restricted in accordance with Art. 17 and 18 GDPR. The data
stored by us will be deleted as soon as it is no longer required for its
intended purpose and there are no legal obligations to retain it. If the data
is not deleted because it is required for other and legally permissible
purposes, its processing will be restricted. This means that the data will be
blocked and not processed for other purposes. This applies, for example, to
data that must be stored for commercial or tax reasons.
In accordance with legal requirements in Germany, documents are stored in particular for 6 years in accordance with Art. 257 Para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with Art. 147 Para. 1 AO (German Tax Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).
We use hosting services to provide the
following services: infrastructure and platform services, computing capacity,
storage space and database services, security services and technical
maintenance services, which we use for the purpose of operating this online
This involves us, or our hosting provider, processing usage data, contact data, and meta- and communication data of customers of, parties interested in, and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 Letter f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing agreement).
Collection of access data and log files
We, or our hosting provider, collect data
on each access to the server on which this service is located (known as server
log files) on the basis of our legitimate interests within the meaning of Art.
6 Para. 1 Letter f GDPR. The access data includes the name of the webpage
accessed, the file, date and time of access, the amount of data transferred,
notification of successful access, the browser type and version, the user’s
operating system, the referrer URL (the previously visited page), the IP
address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud actions) for a maximum of 7 days and deleted afterwards. Data, the further storage of which is necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.
When contacting us (e.g., via contact form,
e-mail, telephone or social media), the user’s details will be processed for
the purpose of processing the contact inquiry and handling it in accordance
with Art. 6 Para. 1 Letter f GDPR. This data processing is based on our
legitimate interest in responding appropriately to contact requests and
communicating effectively and efficiently with our users. The user data can be
stored in a customer relationship management system (“CRM system”) or
comparable inquiry organization.
We will delete the requests once they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
Web analytics services through Google Analytics
On our website we use the software tool Google Analytics, a Google Inc. (“Google”) web analysis service, to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (for cookies, see above). The information generated by the cookie about users’ use of the online service is usually transferred to a Google server in the US and stored there.
We use Google Analytics only with IP anonymization enabled. This means that a user’s IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic
Area. Only in exceptional cases is the full IP address transferred to a Google server in the US and shortened there. The IP address provided by the user’s browser is not merged with other Google data.
If individual pages of our website are accessed, the following data is stored:
(1) Two bytes of the IP address of the user’s accessing system
(2) The webpage accessed
(3) The website from which the user accessed the accessed webpage (referrer)
(4) The subpages accessed from the accessed webpage
(5) The time spent on the webpage
(6) The frequency of visits to the webpage
Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is Art. 6 Para. 1 Letter f GDPR.
Google will use this information on our behalf to evaluate the use of our online service by users, to compile reports on activities within this online service, and to provide us with other services associated with the use of this online service and the internet. Pseudonymous user profiles of the users can be created from the processed data.
By evaluating the data collected, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its usability. These
purposes also represent our legitimate interest in the processing of the data in accordance with Art. 6 Para. 1 Letter f GDPR. Anonymizing the IP address takes the interest of users in the protection of their personal data sufficiently into account.
The data is deleted as soon as it is no longer needed for our recording purposes.
Opportunity to object and remove
Further information on the use of data for advertising purposes by Google, settings, and opportunities to object can be found on Google’s webpages:
https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses information from sites or apps that use our services”)
http://www.google.de/settings/ads (“Ad personalization”)
http://www.google.com/ads/preferences/ (“Ad personalization”)
Click here to set the opt-out cookie: Disable Google Analytics