I. Who is responsible and how can I contact the Data Protection Representative?
The data controller within the meaning of the GDPR (General Data Protection Regulation) is the
NABU (Nature and Biodiversity Conservation Union Germany) e.V.
Tel. +49 (0) 30-28 49 84-0
Fax +49 (0) 30-28 49 84-20 00
Register court: Amtsgericht Stuttgart | Register number: VR 2303
VAT identification-No.: DE 155765809
President: Jörg-Andreas Krüger, Managing Director: Leif Miller
If you have any questions about the processing of your personal data by us or about data protection in general, please contact our data protection representative at the following e-mail address: Datenschutz@NABU.de.
The easiest way to exercise your rights of objection is to contact Widerspruch@NABU.de. If you would like to have a secure transmission, please contact us by post. For all other data protection concerns, especially confidential ones, you can contact our external data protection officer, Dr. Stefan Drewes, directly via the e-mail address DSB@NABU.de.
II. Your rights as person concerned
Each affected person has the following rights:
• Right of access by the data subject (Art. 15 GDPR),
• Right of rectification (Art. 16 GDPR),
• Right of erasure, or better, a „right to be forgotten“ (Art. 17 GDPR),
• Right to restriction of processing (Art. 18 GDPR),
• Right for data portability (Art. 20 GDPR).
• You can object to the processing of personal data for advertising purposes including an analysis of customer data for advertising purposes at any time without stating reasons.
In addition, the person concerned also has a general right to object (cf. Art. 21 (1) GDPR). In this case, the objection against data processing must be substantiated. If the data processing is based on consent, your consent can be revoked at any time with effect for the future.
The easiest way to exercise the rights of a person concerned is to contact Widerspruch@NABU.de. In addition, you have the right to lodge a complaint with the data protection supervisory authority responsible for you.
III. Processing of personal data by NABU
1. Processing of personal data when accessing our website – Logfiles
When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. In addition, the IP address is transmitted and used to provide the service you requested. This information is technically necessary in order to correctly deliver the contents of websites requested by you and is mandatory when using the Internet.
This log file data is anonymized or deleted by us immediately after the end of the usage process. The legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR.
According to our IT security concept, the log file data is stored for a period of two weeks in order to detect and analyse any attacks against our website. The legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR].
2. Processing of personal data when accessing our website – Your inquiries and use of online forms
If you send us an inquiry by e-mail or via the contact form, we will collect the data you provide for handling and answering your request. We store this information for a period of three to eleven years due to statutory retention periods for verification purposes. The legal basis for data processing is Art. 6 Para. 1 lit. b) in the case of pre-contractual/contractual relations and/or otherwise f) GDPR.
If you register for an event using an online form, the personal data you provide there will be processed for the registration procedure, the organisation, implementation and follow-up of the event. The legal basis for the data processing is Art. 6 para. 1 letter b) for the pre-contractual/contractual relationship and/or f) GDPR for processing going beyond this.
3. Subscription to an e-mail newsletter
We use the so-called double-opt-in procedure to subscribe to our newsletters. This means that after entering your e-mail address, we will send you a confirmation e-mail to the e-mail address provided, asking you to confirm that you wish to receive the newsletter. If you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe from the newsletter. The storage serves the purpose of sending you the newsletter. Furthermore, we store your IP address and the time of your registration at registration and confirmation in order to prevent misuse of your personal data and to be able to provide proof of correct sending. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR. In addition, a dispatch history of the newsletters sent to you is created in order to be able to provide you with information on this; your usage behaviour is generally not stored. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.
We use the service provider Episerver (Episerver GmbH, Wallstraße 16, 10179 Berlin) for the dispatch of the NABU federal association's newsletters as well as the service provider CleverReach (CleverReach CmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany), each as a processor according to Art. 28 GDPR for the dispatch of further newsletters, e.g. from some departments of the federal association and some state associations.
Further information on data protection at Episerver can be found at https://www.episerver.de/legal/privacy-statement/ and at CleverReach at https://www.cleverreach.com/de/datenschutz/.
4. Notes on ensuring data security
We take technical and operational security precautions on our pages to protect the personal data stored with us from access by third parties, loss or misuse and to enable secure data transfer.
Among other things, all online forms are accessed via an encrypted SSL connection and your data is transmitted via this connection. You can recognize this transmission by a closed lock in the status bar of your Internet browser. Your data is encrypted on the way from your computer to us and can only be read again on our server. A security certificate confirms the authenticity.
We must point out that due to the structure of the Internet, unwanted data access by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encrypting it or in any other way. Without appropriate protective measures, in particular data transmitted without encryption can be read by third parties, even if this is done by e-mail.
IV. Processing of personal data through the integration of external services
1. Integration of Social-Plugins
Our website uses social plug-ins ("plug-ins") from various social networks such as Facebook.com (Facebook Inc. ("Facebook"), 1601 South California Avenue, Palo Alto, CA 94304, USA), Twitter.com (Twitter International Company ("Twitter"), One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland) and Pinterest Europe Ltd (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Irland). The purpose of these plug-ins is to provide you with a way to interact with your contacts and easily distribute interesting information. These plug-ins can be recognised by the respective logo in the network.
In order to protect your privacy and be GDPR-compliant, we use the "c't Shariff" solution developed by heise. Without this solution, the buttons offered by social network operators directly via plug-ins illegally transmit personal data such as the IP address or entire cookies as soon as you visit a website on which they are integrated. The buttons thus provide the social services with precise information about your surfing behaviour without you being asked. You do not need to be logged in or a member of the respective network for this. A Shariff button, on the other hand, only establishes direct contact between the social network and the visitor when the latter actively clicks on the Share button. In this way, Shariff prevents you from leaving a digital trail on every page you visit and improves data protection. By using Shariff, we can protect your personal data and still integrate Butttons for social sharing. You can find further information about c't Shariff at https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
Only when you click on such a button does your browser establish a direct connection with the servers of the respective network. The content of the plug-in is transmitted through the network directly to your browser, which integrates it into the website. If these networks are located outside the EU/EEA, we cannot therefore exclude the possibility that your data may be transferred to a server outside the EU/EEA and processed there. We have no influence on the scope or the period of use of the data that the respective network collects with the help of this plug-in and therefore inform you according to our state of knowledge:
By integrating the plug-in, the respective network receives the information that you have called up the corresponding page of our website. If you are logged in to one of the networks, this network can assign this information to your profile. If you do not want the network to collect information about your visit to our website, you must therefore log out first. However, it is possible that the network may find out and save your IP address, even though you have not registered or logged in. We also do not have any information about the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles with the service providers.
The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. a) GDPR. For the purpose, duration and scope of data collection and the further processing and use of your data, as well as your rights in this regard and setting options to protect your privacy, please refer to the data protection information of the respective social networks:
• Facebook: https://www.facebook.com/policy.php
• Twitter: https://twitter.com/en/privacy
• Pinterest: https://policy.pinterest.com/en/privacy-policy
2. Integration of Google Tag Manager
For the delivery of online advertising and the integration of external partners we use the Google Tag Manager by Google (Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland). This enables us to control the delivery of online advertising. This tool works without cookies, but nevertheless requires a transfer of IP addresses to Google. Here a measurement of the use and usage of the Tag Manager is carried out. We have activated the anonymisation of the IP address before forwarding it to Google. The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR. The deletion of the accrued data takes place after two years.
3. Integration of Google Maps
On this website we use the offer of Google Maps, another offer of Google. This serves the purpose of showing you interactive maps directly on the website, making it easy to find the places we have indicated on the website and enabling you to use the map function comfortably.
This application is accessed directly from Google's servers, so that the company receives the IP address currently assigned to you. By visiting the website, Google receives the information that you have called up the corresponding sub page of our website. Whether and to what extent or for how long the IP address is stored and used internally by Google is beyond our knowledge. The legal basis for the integration of this service is Art. 6 para. 1 lit. f) GDPR.
If you are registered with one of Google's services, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that Google may use your IP address and save it for profiling purposes. Google stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the design of your website to meet your needs. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles at Google.
We point out that data processing by Google may take place outside the EU/EEA. Google processes your personal data using the standard contract clauses as a basis. You can find further information on data protection at Google at https://policies.google.com/privacy?hl=en&gl=en .
4. Integration of OpenStreetMap
On our website we use a map section of Umap (https://umap.openstreetmap.fr/de; Openstreetmap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands) to present to you the various locations and project areas with associated information.
Umap is an open source mapping tool that works on the basis of the French OpenStreetMap offer (https://openstreetmap.fr). Your IP address is forwarded to OpenStreetMap so that the map can be displayed. You can see how OpenStreetMap stores your data on the OpenStreetMap privacy page here.
5. Integration of YouTube
Our website uses plugins from the YouTube page operated by Google. The operator of the site is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The registered office in Europe is with Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
When you visit one of our sites equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an attractive presentation of our online offers and thus on the basis of Art. 6 para. 1 lit. f) GDPR. We only record the extent to which the YouTube videos integrated into our website are accessed and delete this data after two years.
6. Integration of Campaignion
Our website uses so-called cookies. Cookies are small text files that are stored on your end device and saved by your browser. They serve to make our offers more user-friendly, effective and secure. We use so-called temporary cookies, which are automatically deleted when you close your browser ("session cookies"), as well as persistent (permanent) cookies.
You have the choice whether you want to allow the setting of cookies. You can make changes with the cookie banner or in your browser settings. You can choose whether you want to accept all cookies, be informed when cookies are set, or reject all cookies. If you choose the last option, it is possible that you will not be able to use our services to their full extent.
When using cookies, a distinction must be made between the mandatory cookies and those for more extensive purposes (measurement of access numbers, advertising purposes).
2. Mandatory cookies when using the website
We use session cookies on our websites, which are mandatory for the use of our websites. These include cookies that enable us to recognize you while you are visiting the site in a single session. These session cookies contribute to the safe use of our offer by enabling the secure processing of the shopping cart function and the payment process.
The use of tracking cookies enables us to recognize users when they return to our website and thus to assign usage processes to an internally assigned code number (pseudonym). In this way we can record repeated access to our website and analyse it in a coherent manner.
Specifically, the following tracking cookies are used:
Tracking by Piwik Pro Analytics
This website uses Piwik PRO Analytics, a web analytics service provided by Piwik PRO (Piwik PRO GmbH, „Piwik PRO“, Lina-Bommer-Weg 6, 51149 Köln). Piwik PRO Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is only transmitted to a server within the EU. Piwik PRO will use this information exclusively on our behalf to evaluate your use of the website, to compile reports on website activities and to provide us with further services related to website and internet use.
We use Piwik PRO Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the storage of the cookie is the consent given (Art. 6 para. 1 lit. a) GDPR). The further evaluation of the collected data by means of Piwik PRO Analytics is carried out over a period of 26 months on the basis of Art. 6 para. 1 lit. a) GDPR.
For more information see https://piwikpro.de/analytics-web-mobile/.
Google Adwords Tracking
We use the offer of Google Adwords to draw attention to our attractive offers by means of advertising material (so-called Google Adwords) on external websites. These advertising media are delivered by Google via so-called "Ad Servers". Ad server cookies are used to evaluate performance parameters such as ad impressions, clicks and conversions. In relation to the data of the advertising campaigns, we can thus determine how successful the individual advertising measures are. If you reach our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The following analysis values are usually saved for this cookie:
• Unique Cookie ID
• Number of Ad Impressions per placement (Frequency)
• Last Impression (relevant for post-view conversions)
• OptOut information (marking that the user no longer wishes to be addressed)
These cookies enable Google to recognize your internet browser. If a user visits certain pages of an AdWords client's website and the cookie stored on their computer has not expired, Google and the client may recognize that the user clicked on the ad and was redirected to that page. Each Adwords client is assigned a different cookie. Cookies cannot be tracked through the websites of Adwords clients. We ourselves do not collect and process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information. The legal basis for the storage of the cookie by Google is the consent granted (Art. 6 para. 1 lit. a) GDPR).
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. Please note that data processing by Google may take place outside the European Union. Google processes personal data on the basis of standard contract clauses. We also have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge:
Through the integration of "tracking tools", Google receives the information that you have called up the corresponding website of our Internet presence, or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and save your IP address.
More specifically, the following cookies are set:
Use of Google Remarketing
In addition to AdWords tracking, we also use Google Remarketing. This is a retargeting, thus the delivery of interest-based advertising on other advertising spaces outside our offer to deliver. This application allows you to see advertisements for the services / products previously viewed on our website when you visit other websites after visiting our website. The cookie stored in your browser is used for recognition purposes. Google can thus record the interest in certain products on the basis of your previous visit to our website and use this information for the targeted display of advertising on other websites. According to Google, a combination of the data collected in the course of remarketing with your personal data, which may be stored by Google, does not take place. In particular, according to Google, pseudonymisation is used in remarketing.
The purpose of this application is to enable us to provide you with advertising that is in line with your interests and to advertise our products in a targeted manner. The legal basis for the storage of the cookie is the consent given (Art. 6 para. 1 lit. a) GDPR). Further evaluation of the data collected over a period of up to two years is based on Art. 6 Para. 1 lit. f) GDPR.
If you do not want ads tailored to your interests to be displayed, you can disable cookies in your browser or tell Google to do so in the future by following this link: https://www.google.com/settings/ads/onweb/.
We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.