Data protection declaration

This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online service and the functions and content associated with it (hereinafter referred to as “online service”). With regard to the terms used, e.g., “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Pro Rauchfrei e. V.
legally represented by the Management Board
Dipl.-Kfm. Siegfried Ermer and Dipl.-Jur. (Univ.) Stephan Weinberger
Leopoldstrasse 104
80802 Munich, Germany
Mailing address: Postfach 100223, 93002 Regensburg, Germany
E-mail: vorstand@pro-rauchfrei.de
Link to publishing information: https://www.pro-rauchfrei.de/impress

Types of data processed

Categories of data subjects

Visitors to and users of our online service, such as those contacting us and using the mail generator (hereinafter referred to collectively as “users”).

Purpose of processing

Terms used 

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier (e.g., a cookie) or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations that is carried out with or without the aid of automated processes and that involves personal data. The term is far-reaching and covers practically every handling of data.

“Controller” means any natural or legal person, public authority, agency or body that alone or jointly with others determines the purposes and means of the processing of personal data.

Legal basis

In accordance with Art. 13 GDPR, we are informing you about the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: the legal basis for data processing on the basis of consent is Art. 6 Para. 1 Letter a and Art. 7 GDPR; the legal basis for processing for the fulfillment of our services and the implementation of contractual measures as well as the response to contractual inquiries is Art. 6 Para. 1 Letter b GDPR; the legal basis for processing for the fulfillment of our legal obligations is Art. 6 Para. 1 Letter c GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6 Para. 1 Letter f GDPR. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 Para. 1 Letter d GDPR serves as the legal basis.

Cooperation with processors and third parties

Insofar as we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this shall take place only on the basis of legal permission (e.g., if a transfer of the data to third parties is necessary for the performance of the contract pursuant to Art. 6 Para. 1 Letter b GDPR), if you have given your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of what is known as an “order processing agreement,” this is done on the basis of Art. 28 GDPR.

Transfer to third countries

Insofar as we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]) or if this is done in the context of the use of third-party services or of the disclosure or transfer of data to third parties, this will occur only if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, a legal obligation, or our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the US through the Privacy Shield) or the observance of officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of the data subject

You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR.

According to Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.

Pursuant to Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 DSGVO.

You have the right to demand to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to demand that it be transferred to other responsible parties.

Pursuant to Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to withdraw consents granted pursuant to Art. 7 Para. 3 GDPR with effect for the future.

Right of objection

You may object at any time to the future processing of the data concerning you pursuant to Art. 21 GDPR.

Cookies and right of objection

“Cookies” are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online service and closes their browser. The contents of a shopping basket in an online shop or a login status, for example, can be stored in this kind of cookie. “Permanent cookies” or “persistent cookies” are cookies that remain stored even after the browser has been closed. A user’s login status, for example, may be stored in this kind of cookie, so that the user can revisit after several days. A user’s interests can also be stored in such a cookie and then used to measure reach or for marketing purposes. “Third-party cookies” are cookies offered by providers other than the party responsible for operating the online service (cookies offered by the party responsible for the service are known as “first-party cookies”).

We use both temporary and permanent cookies; more details can be found in our privacy policy.

If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online service.

Users can state a general objection to the use of cookies for online marketing purposes for a large number of services, particularly in the case of tracking, via the US site http://www.aboutads.info/choices/or the EU sitehttp://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case, not all functions of the online service can necessarily be used.

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

In accordance with legal requirements in Germany, documents are stored in particular for 6 years in accordance with Art. 257 Para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with Art. 147 Para. 1 AO (German Tax Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).

Hosting

We use hosting services to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online service.

This involves us, or our hosting provider, processing usage data, contact data, and meta- and communication data of customers of, parties interested in, and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 Letter f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing agreement).

Collection of access data and log files

We, or our hosting provider, collect data on each access to the server on which this service is located (known as server log files) on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 Letter f GDPR. The access data includes the name of the webpage accessed, the file, date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud actions) for a maximum of 7 days and deleted afterwards. Data, the further storage of which is necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.

Contacting us

When contacting us (e.g., via contact form, e-mail, telephone or social media), the user’s details will be processed for the purpose of processing the contact inquiry and handling it in accordance with Art. 6 Para. 1 Letter f GDPR. This data processing is based on our legitimate interest in responding appropriately to contact requests and communicating effectively and efficiently with our users. The user data can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.

We will delete the requests once they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

Web analytics services through Google Analytics

On our website we use the software tool Google Analytics, a Google Inc. (“Google”) web analysis service, to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (for cookies, see above). The information generated by the cookie about users’ use of the online service is usually transferred to a Google server in the US and stored there.

We use Google Analytics only with IP anonymization enabled. This means that a user’s IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic

Area. Only in exceptional cases is the full IP address transferred to a Google server in the US and shortened there. The IP address provided by the user’s browser is not merged with other Google data.

If individual pages of our website are accessed, the following data is stored:

(1) Two bytes of the IP address of the user’s accessing system

(2) The webpage accessed

(3) The website from which the user accessed the accessed webpage (referrer)

(4) The subpages accessed from the accessed webpage

(5) The time spent on the webpage

(6) The frequency of visits to the webpage

Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is Art. 6 Para. 1 Letter f GDPR.

Google will use this information on our behalf to evaluate the use of our online service by users, to compile reports on activities within this online service, and to provide us with other services associated with the use of this online service and the internet. Pseudonymous user profiles of the users can be created from the processed data.

By evaluating the data collected, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its usability. These

purposes also represent our legitimate interest in the processing of the data in accordance with Art. 6 Para. 1 Letter f GDPR. Anonymizing the IP address takes the interest of users in the protection of their personal data sufficiently into account.

The data is deleted as soon as it is no longer needed for our recording purposes.

Opportunity to object and remove

Cookies are stored on the user’s computer and transferred to our site by the user. This means you as a user also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your web browser. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, it may be that some of the website functions can no longer be used to the full extent. Users can do this by downloading and installing the browser plugin available at the following link: browser add-on.

Further information on the use of data for advertising purposes by Google, settings, and opportunities to object can be found on Google’s webpages:

https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses information from sites or apps that use our services”)

https://policies.google.com/technologies/ads?hl=en (“Advertising”)

http://www.google.de/settings/ads (“Ad personalization”)

http://www.google.com/ads/preferences/ (“Ad personalization”)

Click here to set the opt-out cookie: Disable Google Analytics