Thank you for your interest in our online services. We are committed to protecting your privacy. In this Data Protection Statement you will find information on how we process your personal data. This Data Protection Statement applies to all websites accessible at https://community.engagement-global.de, including its subpages (hereinafter generally referred to as the ‘Website’). The General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) form the legal bases for data protection.
The provider of the Website in the legal sense is
Engagement Global gGmbH - Service für Entwicklungsinitiativen (Service for Development Initiatives)
legally represented by the Managing Director Dr Jens Kreuter
(hereinafter referred to as ‘Engagement Global’, ‘we’, ‘us’)
The Data Protection Officer is
Rechtsanwalt Ziar Kabir (lawyer)
53604 Bad Honnef
This Data Protection Statement is based on the terminology used by the European legislator in the General Data Protection Regulation (GDPR). For your information, the terms are explained below:
a. Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b. Data subject
Data subject means an identified or identifiable natural person whose personal data are being processed by the Controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f. Controller (person responsible for data processing)
The Controller (person responsible for data processing) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
i. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
a. Purpose and scope of the processing of personal data
The personal data of users of our website are generally processed only if this is necessary to safeguard and provide a functional website, facilitate the presented services, optimise our range of services and to fulfil the intended purpose.
b. Legal bases for processing personal data
We process the personal data of data subjects based on these statutory authorisations:
c. Data erasure and duration of storage of personal data
The personal data of the data subject will be erased or blocked routinely or as soon as the purpose for storing the data becomes obsolete. Data may also be stored if the storage is provided for by the European or national legislator in EU regulations, legislation or other provisions governing the Controller. Data will also be blocked or erased when a storage period required by any of the aforementioned laws or regulations expires unless there is a need for continued storage of the data for the purpose of concluding or fulfilling a contract.
d. Recipients of personal data
Recipients of the personal data of data subjects are generally only the controllers and processers employed by them subject to compliance with data protection laws. In addition, data may be transferred to third parties if the Controller is so authorised or legally obliged by virtue of a statutory authorisation.
e. Transfer of personal data to third countries
The personal data of data subjects shall only be transmitted to countries outside the European Union (EU) and/or outside the European Economic Area (EEA) provided there is an adequate level of protection (Article 45 GDPR) or subject to appropriate safeguards (Article 46 GDPR) or subject to the conditions of Article 49 GDPR in the case of derogations for specific situations.
f. Automated decision-making
As a responsible enterprise, we refrain from employing an automated decision-making process or profiling.
As part of commissioned data processing, we employ external service providers to host the website. These service providers are obliged to comply with legal data protection provisions to the same extent as we are and to ensure that the data associated with the online services is handled reliably and securely. The personal data of the data subjects collected via the website are stored on the servers of HumHub GmbH & Co. KG in Nuremburg and Munich. The data are stored separately from other applications. The processor processes personal data only in accordance with the instructions of the Controllers and only to the extent necessary to fulfil their obligations.
Each time a user connects to our website, our system automatically records information about the computer system of the retrieving computer. In this connection, the following data are collected:
The connectivity data are processed based on our legitimate interest in the transmission of the content of the website and in accordance with point (f) of Article 6(1) GDPR. The temporary processing of the IP address by our system is necessary for our system to provide our website to the user’s computer. The data may be stored by us for analysis and maintenance purposes. However, in this case, the IP address of the retrieving system will be anonymised. As these data are indispensable for the operation of the website, users do not have the option to object to this processing.
You can configure your browser so as to disable the storing of cookies. However, in this case, you may not be able to fully use all the functions of our website. Information on the cookie settings of your browser are available in the Help section of your browser or at the following links:
In addition, data can be stored for the same purposes in the local storage or the local session storage of your browser. The following data may be stored on your device after a visit to our website:
When visiting our website, our system automatically stores a session cookie with an anonymous ID in your browser (‘session ID cookie’). This ID allows our system to track the websites visited during a browser session. This is necessary for us to provide our service and to keep the log-in of registered users active based on the stateless http protocol. The session ID cookie does not store personal data.
On our website, we provide a community platform (hereinafter: the ‘Community Platform’) for networking and cooperation as part of our programmes and services.
A user account must be created in order to use the platform. To this end, we first process the email address specified in your registration form to generate a confirmation email. The legal basis for doing so is point (f) of Article 6(1) GDPR. Our legitimate interest is the provision of a registration facility for the Community Platform. The confirmation email contains a link, which is used to transmit the information that the recipient wishes to confirm the registration. When you click on the link, the webpage for creating the account opens and the following data are collected:
b. User profile
A profile page is created for each registered user with the data from the form for the creation of the account, which can be viewed by other registered users. In addition, users can voluntarily add other particulars to their user profile, which they can also make visible to other registered users by default. The accessibility of information in your profile page can be adjusted in the user settings.
c. Activities on the platform
d. Space information
The platform offers users the opportunity to create spaces (groups) and to join spaces. Space owners (creators) and space administrators may select the criteria for joining the space (registered users may join / invitation required) and/or the users who can access the space (all registered users, space members only). By default, spaces are publicly accessible and registered users can join. In the case of public spaces, the space owner and the space members as well as the space activities are publicly visible.
e. Space content
Space members can create content such as posts, comments, files, time schedules and wiki pages. Depending on the selected accessibility settings, the contents and comments are either publicly visible to registered users or to space members only.
f. Email notifications
Various settings for email notifications about activities on the platform can be selected in the user settings. If you do not wish to receive email notifications, you can disable this function there.
g. Direct messaging
The Community Platform can be used to exchange direct messages between individual users. If you do not want to receive direct messages from other users, you can disable this function in the user settings.
h. Sending invitations via the Platform
Users are able to send invitations to register with the Platform. We will use the personal data we collect when you do so, such as the email address of the recipient, only for the purpose of sending an email with the content specified by the user. By using this function, users warrant to the Controller that they are authorised to process the email address of the recipient for the purpose of sending the message. By sending the invitation, the user name (nickname) and the email address of the inviting user are communicated to the recipient of the invitation.
i. Deleting a user account
Users can delete their user account. The user account is first deactivated and later deleted after expiry of a cool-off period for security reasons.
j. Withdrawal of your consent
If you withdraw your consent, you will no longer be able to use the Community and your profile will be deleted. You may withdraw your declaration of consent at any time without stating reasons by sending an email to firstname.lastname@example.org.
In accordance with statutory requirements, our website contains information that enable fast electronic contact with our company and direct communication with us. You can also contact us by email. When contacting us via the specified email addresses, the personal data of the sender which is transmitted with the email will be stored. This includes the text of the message and the email address. No data will be transmitted to third parties in this connection.
The legal basis for the processing of data transmitted in connection with sending an email is point (f) of Article 6(1) GDPR. If the email contact is established with the aim of concluding a contract, the legal basis for the processing is additionally point (b) of Article 6(1) GDPR. We only process personal data from the transmitted emails to allow us to manage the contact request. This is also our legitimate interest in the processing of the data. The data are erased routinely as soon as they are no longer necessary to achieve the purpose of the data collection unless there is a statutory obligation to the contrary. Data subjects have the right to object to the processing of their personal data. You can contact us in this regard using the contact details provided.
Data subjects have the following rights vis-à-vis the Controller:
We reserve the right to amend this Data Protection Statement so that it always complies with current legal requirements or in order to implement changes to our services in the Data Protection Statement. The next time you visit, the new data protection statement will then apply.