Privacy policy
This privacy policy explains the type, scope and purpose of the processing of personal information (hereafter “data”) within our online service and the associated websites, functions and content, as well as external online presences, such as our social media profiles (hereafter jointly “online service”). With regard to the terminology used, e.g. “processing” or “data controller”, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Data controller
The Präventionsprojekt Glücksspiel is a project by pad gGmbH, and is conducted at the order of the Senate Administration for Health, Care and Equality.
pad gGmbH is an accredited beneficiary of the free youth welfare services and is a member of the Paritätischer Wohlfahrtsverband and the Fachverband Glücksspielsucht e.V.
The data controller, pursuant to the data protection regulations, in particular the General Data Protection Regulation (GDPR), is:
Sophie Schmid, Project Director
Charlottenburger Straße 2, 13086 Berlin
E-mail: praevention.gluecksspiel(at)pad-berlin.de
Andreas Wächter, Executive Director of pad gGmbH
www.faules-spiel.de/impressum
Your data subject rights
You may assert the following rights at any time via the aforementioned contact data of our data controller:
- Disclosure of your data stored by us and the processing thereof (Art. 15 GDPR),
- Correction of inaccurate personal data (Art. 16 GDPR),
- Deletion of your data stored by us (Art. 17 GDPR),
- Limitation of data processing if we cannot delete your data due to legal obligations (Art. 18 GDPR),
- Objection to the processing of your data by us (Art. 21 GDPR), and
- Data portability, if you have consented to data processing or have signed a contract with us (Art. 20 GDPR).
If you have granted us your consent, you may revoke it at any time with effect for the future.
You may always submit a complaint to a supervisory authority, e.g. the responsible supervisory authority of the state where you reside, or the authority responsible for us as the controlling entity.
A list of the supervisory authorities (for the non-public sector) with addresses can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Recording general information when visiting our website
Type and purpose of processing:
When you access our website, i.e. if you do not register or otherwise provide information, information of a general nature is automatically recorded. This information (server log files) contains the type of web browser, the domain names of your internet service provider, your IP address, and similar data. In particular, these data are processed for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring smooth usage of our website,
- Evaluation of system security and stability, and
- For other administrative purposes.
We do not use your data to infer your personal identity. We may statistically evaluate these data to optimise our internet appearance and underlying technology.
Legal basis:
The data are processed as per Art. 6 para. 1 lit. f GDPR on the basis of our justified interest in improving the stability and functionality of our website.
Recipient:
Data recipients may be technical service providers contracted for the operation and maintenance of our website.
Storage duration:
The data are deleted once they are no longer required for the purpose for which they were obtained. This is the case for data that serve to provide the website once the respective session has ended.
Provision stipulated or required:
The provision of the aforementioned personal data is neither legally nor contractually stipulated. However, without the IP address, the service and functionality of our website cannot be ensured. Specific services and services may also be unavailable or limited. For this reason, objection is not possible.
Contact
When contacting us (e.g. via the contact form, e-mail, telephone, Messenger or other social media), the user’s information will be processed to tend to and execute the contact request as per Art. 6 para. 1 lit. b) GDPR. The user’s information can be stored in a customer relationship management system (CRM system) or similar request organisation.
We delete the requests once they are no longer required. We assess the necessity thereof every two years; the legal archiving obligations also apply.
Contact form
Type and purpose of processing:
The data you provide are stored in order to communicate with you individually. This requires a valid e-mail address and your name. This serves to allocate the request and subsequently respond to it. The provision of further data is optional.
Legal basis:
The processing of the data entered in the contact form occurs on the basis of justified interest (Art. 6 para. 1 lit. f GDPR).
By providing the contact form we would like to make it possible for you to contact us without complications. The information that you provide will be stored in order to process the request, as well as for any potential follow-up questions.
If you contact us in order to request a quote, the data entered in the contact form are processed in order to conduct pre-contract measures (Art. 6 para. 1 lit. b GDPR).
Recipient:
The recipients of the data are the order processors, if applicable.
Storage duration:
Data are deleted no later than 6 months after the request has been processed.
In the event of a contract relationship, we are subject to the retention periods in accordance with the German Commercial Code, and delete your data after these periods have expired.
Provision stipulated or required:
The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the request.
Newsletter
Below we will inform you of the content of our newsletter, as well as the registration, delivery and statistical evaluation procedures, as well as your rights of objection. By subscribing to our newsletter, you declare your consent to receive the newsletter as well as to the procedures described.
Newsletter content:
We only send newsletters, e-mails and other electronic notifications with marketing information (hereafter “newsletter”) with the recipient’s consent or with legal authorisation. If, when registering for the newsletter, the content thereof is paraphrased, it is pertinent to the users’ consent. Otherwise our newsletters contain information on our services and about us.
Delivery service provider CleverReach
The newsletters are sent via delivery service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. The data protection terms can be found here: https://www.cleverreach.com/de/datenschutz/. The delivery service provider is used on the basis of our justified interests as per Art. 6 para. 1 lit. f GDPR as well as an order processing contract.
The delivery service provider can use the recipient data in a pseudonymised form, i.e. without allocation to a specific user, to optimise or improve its own services, e.g. technical optimisation of the delivery and presentation of the newsletter, or for statistical purposes. However, the delivery service provider does not use the data of our newsletter recipients to write to the recipients directly or to provide these data to third parties.
Double opt-in and recording:
Registration for our newsletter takes place as part of a double opt-in procedure. This means that after registering, you receive an e-mail that asks you to confirm your registration. This confirmation is required so that nobody can register with unknown e-mail addresses. Newsletter registrations are recorded in order to be able to verify the registration process in accordance with legal requirements. This includes storage of the registration and confirmation times, as well as the IP address. The changes to your data stored by the delivery service provider will also be recorded.
Registration data:
In order to register for the newsletter, you only need to provide your e-mail address. We ask that you also provide a name so that you may be personally addressed in the newsletter, although this is optional.
The recording of the registration process occurs on the basis of our justified interests as per Art. 6 para. 1 lit. f GDPR. Our interest is based on the usage of a user-friendly and secure newsletter system that both serves our business interests and meets users’ expectations, while also allowing us to verify consent.
Success measurement:
The delivery of the newsletter and the measurement of success associated with it occur on the basis of recipient consent as per Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, in the event that consent is not required, on the basis of our justified interests in direct marketing as per Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG. The reports contain anonymous data on the opening and clicking recipients. There is no retrieval and processing of full IP addresses and cookies.
Cancellation/revocation:
You can unsubscribe from the newsletter at any time, i.e. you may revoke your consent. You can find a link to unsubscribe at the end of each newsletter. We may store the e-mail addresses up to three years on the basis of our justified interests before we delete them in order to be able to provide past user consent. The processing of these data is limited to the purpose of being able to prevent any potential claims. An individual deletion request is possible at any time, provided the formerly provided consent is confirmed.
Hosting and e-mail delivery
The hosting services that we use serve to provide the following services: infrastructure and platform services, computing capacity, memory and database services, e-mail dispatch, security services and technical maintenance, which we use to operate this online presence.
To this end we, or our hosting provider, process existing data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online service on the basis of our justified interests in the efficient and secure provision of this online service as per Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (formation of order processing contract).
Google Analytics
On the basis of our justified interests (i.e. interest in the analysis, optimisation and economic operation of our online service as per Art. 6 para. 1 lit. f GDPR), we use Google Analytics. This is a web analysis service from Google LLC (“Google”). Google uses cookies. The information created by the cookie about usage of the online service by the user is transferred to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thereby offers a guarantee of adherence to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information at our behest to evaluate the usage of our online service by our users, to compile reports about activities within our online service, and to render further services associated with the usage of the online service and internet usage for us. The processed data may thus generate pseudonymous usage profiles of the users.
We only use Google Analytics with activated IP anonymisation. This means that the users’ IP address is truncated by Google within member states of the European Union or in other member states of the Agreement on the European Economic Area. Only in exceptional cases is the entire IP address sent to a Google server in the USA and stored there.
The IP address transferred from the user’s browser is not consolidated with other data by Google. The users can prevent the storage of cookies via a corresponding setting in their browser software; furthermore, users can prevent the recording of the cookie-generated data pertaining to their usage of the online service for Google, as well as the processing thereof by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively you can use the following link to activate or deactivate Google Analytics:
You can find further information on the usage of data by Google, and settings and objection options, in the Google Privacy Policy (https://policies.google.com/technologies/ads) as well as in the settings for the display of pop-ups by Google (https://adssettings.google.com/authenticated).
The users’ personal data will be deleted or anonymised after 14 months.
Online presences in social media
We maintain online presences within social networks and platforms so that we can communicate with the customers, interested parties and users active therein, and inform them of our services. When visiting the respective networks and platforms, the terms of use and data processing guidelines of their respective operators apply.
Unless otherwise specified in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. write posts on our social media pages or send us messages.
Linking services and third-party content
We use third-party content or service offers within our online service on the basis of our justified interest (i.e. interest in the analysis, optimisation and economic operation of our online service as per Art. 6 para. 1 lit. f GDPR) so that we may integrate their content and services, such as videos or typefaces (hereafter generally referred to as “content”).
This always requires that the third-party providers obtain the IP address of the users, as they cannot send the content to the respective browsers without this IP address. The IP address is thus required to display this content. We strive to only use that content that the respective providers solely use the IP address to present said content. Furthermore, third-party providers can use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. The pixel tags can be used to evaluate information, such as visitor traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user device, and may include (among other things) technical information on the browser and operating system, referring websites, visit time and other information on the usage of our online service, and may also be associated with such content from other sources.
Usage of Google Maps
Type and purpose of the processing:
On this website we use the Google Maps service. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”). This allows us to display interactive maps directly on the website and makes it possible for you to use the map function in a convenient manner.
You can find further information on the processing of data by Google in the Google data protection information. Here you can also change your personal data protection settings in the data protection centre.
You can find extensive information on the usage of your own data in conjunction with Google products.
Legal basis:
The legal basis for the integration of Google Maps and the associated transfer of data to Google is your consent as per Art. 6 para. 1 lit. a GDPR.
Recipient:
When you visit the website, Google receives information that you have visited the corresponding sub-page of our website. This happens regardless of whether Google provides a user account that you are logged in to, or whether there is no user account at all. If you are logged in to Google, your data will be directly allocated to your account.
If you do not consent to the allocation to your profile with Google, you must log out of Google before clicking the button. Google stores your data as a user profile and uses them for marketing and market research purposes, and/or to configure its website if needed. Such an evaluation occurs in particular (even for users who are not logged in) to render needs-based marketing and to inform other users of the social network of your activities on our website. You have a right to object to the creation of these user profiles by submitting an objection to Google.
Storage duration:
We do not obtain any personal information through the integration of Google Maps.
Third-country transfer:
Google processes your data in the USA and is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
Revocation of consent:
If you do not want Google to obtain, process or use information about you obtained by visiting our web presence, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use our website or may only be able to do so to a limited extent.
Provision required or stipulated:
The provision of your personal data is solely voluntary, based on your consent. If you prevent access, this may result in functional restrictions on the website.
Embedded YouTube videos
Type and purpose of processing:
We embed YouTube videos on some of our pages. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereafter “YouTube”). When you visit a page with the YouTube plug-in, a connection if formed to YouTube servers. YouTube is informed of which pages you visit. If you are logged in to your YouTube account, YouTube can personally allocate your browsing behaviour to you. You can prevent this by logging out of YouTube in advance.
If a YouTube video begins playing, the provider uses cookies that collect information about the user behaviour.
You can learn more about the purpose and scope of the data retrieval and the processing of the data by YouTube in the provider’s privacy policies. There you will also find more information about your rights and settings options in this regard to protect your privacy (https://policies.google.com/privacy). Google processes your data in the USA and is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework
Legal basis:
The legal basis for the integration of YouTube and the associated transfer of data to Google is your consent as per Art. 6 para. 1 lit. a GDPR.
Recipient:
Visiting YouTube automatically forms a connection to Google.
Storage duration and revocation of consent:
If you have disabled cookies for the Google Ads program, you will not have to deal with such cookies when watching YouTube videos. However, YouTube does store non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in your browser.
You can learn more about data protection at YouTube in their privacy policy at: https://www.google.de/intl/de/policies/privacy/
Third-country transfer:
Google processes your data in the USA and is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
Provision stipulated or required:
The provision of your personal data is voluntary and solely based on your consent. If you prevent access, this may cause functional limitations on the website.
SSL encryption
In order to protect your data during the transfer, we use the latest encryption procedures (e.g. SSL) via HTTPS.
Order processors used
If we disclose data to other persons and companies (order processors or third parties) for purposes of our processing, or transmit said data to them or otherwise make it available to them, this occurs solely on the basis of legal authorisation (e.g. if a transmission of the data to third parties, such as a payment service provider, is required to fulfil the contract as per Art. 6 para. 1 lit. b GDPR), if you have provided your consent, we are legally obligated to do so, or for purposes of our justified interests (e.g. when using contractors, web hosts, etc.).
If we commission third parties to process data on the basis of an order processing contract, this occurs on the basis of Art. 28 GDPR.
Deletion of data
The data that we process are deleted in accordance with Art. 17 and 18 GDPR, or the processing thereof is limited. Unless explicitly specified in this privacy policy, the data that we store are deleted once they are no longer required for the original purpose and there are no legal retention periods that prevent their deletion. If the data are not deleted because they are required for other, legally permissible purposes, the processing thereof will be limited. This means the data will be blocked and not processed for other purposes. For example, this is the case with data that must be retained for reasons of commercial or fiscal law.
Pursuant to the legal requirements in Germany, the retention lasts 10 years as per §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, status reports, booking receipts, commercial logs, for managing relevant documentation, etc.) and 6 years as per § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial briefs).
Pursuant to the legal requirements in Austria, the retention lasts 7 years as per § 132 para. 1 BAO (accounting documents, receipts, accounts, statements, business papers, list of profits and expenses, etc.), 22 years in relation to property, and 10 years for documentation pertaining to electronically rendered services, telecommunication/radio/television services rendered for private persons in EU member states, and which are used for the mini one-stop shop (MOSS).
Administration, office organisation, contact management
We process data for purposes of administrative tasks as well as for the organisation of our company, accounting and to adhere to legal obligations, such as archiving. When doing so we process the same data that we process to render our contractual services. The legal basis of the processing is Art. 6 para. 1 lit. c GDPR, Art. 6 para. 1 lit. f GDPR. This processing concerns customers, interested parties, business partners and visitors to the website. The purpose and our interest in the processing lies in the administration, accounting, office organisation, and archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks, and render our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information specified for these processing activities.
In so doing we disclose or transfer data to the financial administration, consultants (e.g. tax consultants or auditors) and other fee offices and payment service providers.
Furthermore, on the basis of our economic interests we also store information on suppliers, event organisers and other business partners, e.g. for purposes of future contact. We permanently store these largely company-based data.
Rendering our bylaw- and business-related services
We process the data of our members, supporters, interested parties, customers or other individuals in accordance with Art. 6 para. 1 lit. b GDPR, provided we offer them contractual services or work with them as part of an existing business relationship (e.g. with members), or if we ourselves are recipients of services and benefits. Otherwise we process the data of affected persons as per Art. 6 para. 1 lit. f GDPR on the basis of our justified interests, e.g. when it comes to administrative tasks or public relations work.
The data processed for this purpose, and the type, scope, purpose and necessity of the processing thereof, are based on the underlying contract relationship. This includes existing and master data of the persons (e.g. name, address, etc.) as well as the contact information (e.g. e-mail address, telephone number, etc.), the contract data (e.g. services utilised, content and information disclosed, names of contacts) and, if we provide fee-based services or products, payment information (e.g. bank connection, payment history, etc.).
We delete data that are no longer required to render our bylaw- and business-related services. This is based on the respective tasks and contractual relationships. In the event of business processing, we store the data as long as they may be relevant to complete the business, as well as with regard to any retention or liability obligations. The necessity of retention of the data will be evaluated every three years; otherwise the legal retention periods apply.
Changing our data protection terms
We reserve the right to update this privacy policy so that it always complies with the current legal requirements, or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply when you revisit the site.
Questions for the data protection officer
If you have questions about data protection, please write us an e-mail or directly contact the person in charge of data protection at our organisation:
Dirk Timm
Kastanienallee 55, 12627 Berlin, Germany
dirk_timm(At)pad-berlin.de
The privacy policy was created with assistance from activeMind AG, the experts in external data protection officers (version #2019-04-10) as well as Datenschutz-Generator.de, by attorney Dr. Thomas Schwenke.