Privacy policy

The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.

 

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

 

We hereby expressly prohibit the use of contact data published within the scope of the imprint obligation by third parties for sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Privacy policy

This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as ‘data’) within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter collectively referred to as ‘online offering’). With regard to the terms used, such as ‘processing’ or ‘controller’, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Person responsible

Kultur- und Initiativenhaus e.V.
Stralsunder Straße 10
17489 Greifswald

e-Mail: info@straze.de
Website: straze.de

Types of data processed

– Inventory data (e.g., names, addresses).
– Contact data (e.g., e-mail, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of persons concerned

Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as ‘users’).

Purpose of the processing

– Provision of the online offering, its functions and content.
– Answering contact enquiries and communicating with users.
– Security measures.
– Reach measurement/marketing

Terminology used

‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures and respond to enquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Safety measures

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data. We have also set up procedures to ensure that data subjects’ rights are exercised, data is deleted and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is required to fulfil a contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called ‘order processing contract’, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).

Rights of the data subjects

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

You have the right, in accordance with Art. 16 GDPR, to request that the data concerning you be completed or that inaccurate data concerning you be corrected.

In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with Art. 18 GDPR.

You have the right to request that the data concerning you that you have made available to us be received in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

Right of withdrawal

You have the right to revoke any consent you have given in accordance with Art. 7 Para. 3 GDPR with effect for the future.

Right of objection

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.

Cookies and right to object to direct advertising

Cookies are small files that are stored on users’ computers. Different information can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie can store, for example, the contents of a shopping cart in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit it after several days. The interests of users can also be stored in such a cookie, which are used for range measurement or marketing purposes.

We can use temporary and permanent cookies and explain this in our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online service.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case, not all functions of this online service may be available.

Deleting the Data

The data we process is deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, the data is stored for 10 years in accordance with Sections 147 Para. 1 AO, 257 Para. 1 No. 1 and 4, Para. 4 HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with Section 257 Para. 1 No. 2 and 3, Para. 4 HGB (commercial letters).

According to legal requirements in Austria, the data is stored for 7 years in accordance with Section 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statements of income and expenditure, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services that are provided to non-entrepreneurs in EU member states and for which the Mini One Stop Shop (MOSS) is used.

Administration, financial accounting, office organization, contact management

We process data as part of administrative tasks and the organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services.


The processing bases are Art. 6 Para. 1 lit. c. GDPR, Art. 6 Para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided for these processing activities. We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers. Furthermore, we store information about suppliers, event organizers and other business partners based on our business interests, e.g. for the purpose of later contact. We generally store this data, which is mostly company-related, permanently.

Provision of our statutory and business-related services

We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 Para. 1 lit. b. GDPR, provided that we offer them contractual services or act within the framework of an existing business relationship, e.g. towards members, or are ourselves the recipient of services and donations. In addition, we process the data of data subjects in accordance with Art. 6 Para. 1 lit. f. GDPR on the basis of our legitimate interests, e.g. when it comes to administrative tasks or public relations work.

The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. This generally includes inventory and master data of people (e.g., name, address, etc.), as well as contact data (e.g., email address, telephone, etc.), contract data (e.g., services used, content and information communicated, names of contact persons) and, if we offer paid services or products, payment data (e.g., bank details, payment history, etc.).

We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of commercial processing, we keep the data for as long as it may be relevant for the business transaction and with regard to any warranty or liability obligations. The necessity of storing the data is reviewed every three years; otherwise, the statutory retention periods apply.

Contact

When you contact us (e.g. via contact form, email, telephone or via social media), the user’s details are processed to process the contact request and its processing in accordance with Art. 6 Paragraph 1 Letter b) GDPR. Users’ details can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.

We delete the inquiries if they are no longer required. We check the necessity every two years; statutory archiving obligations also apply.

Hosting and sending E-Mail

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email sending, security services and technical maintenance services that we use for the purpose of operating this online offering.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing contract).

Collection of access data and log files

We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 Paragraph 1 Letter f. GDPR. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Online presence in social media

We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services. When you access the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

Matamo

 

This website uses Matomo 64, an open source, self-hosted software to collect anonymous usage data for this website.

The data on visitor behavior is collected to identify potential problems such as pages not found, search engine problems or unpopular pages. Once the data (number of visitors seeing error pages or only one page, etc.) is processed, Matomo generates reports for website operators so that they can respond to them. (Layout changes, new content, etc.)

 

Matomo processes the following data:

  • Cookies
  • Anonymized IP addresses by removing the last 2 bytes (i.e. 198.51.0.0 instead of 198.51.100.54)
  • Pseudo-anonymized location (based on the anonymized IP address)
  • Date and time
  • Title of the page accessed
  • URL of the page accessed
  • URL of the previous page (if this allows it)
  • Screen resolution
  • Local time
  • Files that were clicked and downloaded
  • External links
  • Duration of page loading
  • Country, region, city (with low accuracy due to IP address)
  • Main language of the browser
  • User agent of the browser
    Interactions with forms (but not their content)

The data processing is based on the principle of legitimate interest. 


Processing the data helps us find out what works on our site and what doesn’t. For example, we use it to find out whether the content is well received or how we can improve the structure of the website. Our team benefits from this and can react to it. Thanks to the data processing, you benefit from a website that is constantly improving.


Without the data, we would not be able to offer the service. Your data is used exclusively to improve website usage.
The data on this website and Matomo is hosted in Germany. The data never leaves the EU.


Since Matomo collects data based on legitimate interest, you can exercise the following rights:


Right to information and data portability: You can request all your data at any time.

 

Right to erasure and rectification: You can request that we completely delete all your data at any time.

 

Right to object to and restrict processing: You can object to data collection at any time by activating DoNotTrack 46 in your browser or by objecting to the use of cookies when visiting our website.

Integration of third-party services and content

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use content or service offerings from third parties in order to integrate their content and services, such as videos or fonts (hereinafter referred to uniformly as “content”).

This always requires that the third-party providers of this content perceive the IP address of the users, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.